|
|
In Focus
Strengthen Your
Firewall Defenses Against Bots, Spam, and DoS
Attacks
by Mark Joseph Edwards, News Editor, mark at ntsecurity /
net
Valentine's Day is just around the corner, and you might
guess that there will be an onslaught of social engineering attacks,
each designed to get some sort of malware onto unsuspecting people's
systems. In fact, at least one such attack has already started. Email
messages are floating around whose purpose is to try to bring more
computers into Storm-based botnets.
Last week, I blogged about the attack and mentioned that SANS Internet
Storm Center team member Bojan Zdrnja found that, at the time of his
testing, "only 4 antivirus programs out of 32 on VirusTotal properly
detected [the current variation of the worm, and there is ] virtually no
[detection in] the most popular anti-virus programs." That's a
startlingly low detection rate, even though it's to be expected when new
variants of any type of malware emerge onto the Internet.
Obviously, antivirus software isn't enough protection. We've known that
for that some time, and of course other types of tools can be used to
help protect systems. For example, anti-malware, antispyware, and
antispam tools, and strong firewalls all help.
I recently learned about another tool that can help, which many of you
might not be aware of yet. The tool, ThreatSTOP, is actually an online
service based on DNS that can be added to some types of firewalls to
help block not only bots, but also Denial of Service (DoS) attacks and
spam. The service provides your firewall a set of data that can be used
to build firewall rules automatically. The data includes block lists,
allow lists, and custom combinations of those lists.
ThreatSTOP aggregates its data from three sources: SANS Internet Storm
Center DShield (for malicious sources), TQMcube (for spam-related data),
and Complete Whois (for lists of hijacked IP addresses and IP addresses
not allocated by IANA and RIRs to ISPs). ThreatSTOP then populates its
DNS servers with the data. You configure your firewall (and possibly
supporting systems) to gather IP address data from ThreatSTOP's DNS
servers by using simple TCP-based queries. (UDP won't work because the
DNS answers are too big.) Then you use those IP addresses to generate
rules that work in your preferred manner.
To use the service, you need a somewhat flexible firewall, such as Cisco
PIX, Juniper Networks' NetScreen, Check Point's ZoneAlarm, iptables
running on a Linux system, or Packet Filter (PF) running on BSD UNIX.
You sign up for an account, define the devices that will contact
ThreatSTOP to receive the data (only authorized devices can query
ThreatSTOP DNS servers), add ThreatSTOP DNS servers to your device's
list of name servers, and then configure your firewall to query for data
and build rules. Actual firewall configuration depends on your
particular firewall. For some types of firewalls, you'll need to install
scripts to help download and convert the data properly. For others you
might be able to make simple changes in a GUI.
Right now the service is free to "early adopters." You can find out more
about how the service works by visiting the Web site at the URL below,
where you'll also find useful information about supported firewalls, the
limitations of some types of firewalls (such as Microsoft ISA Server),
and helper scripts for various firewalls.
www.threatstop.com
Sponsor
Symantec
Messaging Management
Fundamentals eBook - Best Practices & Service Comparison
Email and messaging infrastructures are the backbone of today's business
operations, they are so essential that if they go down, an
organization's business stops. With this level of importance put on
these systems, protecting your email and messaging infrastructures is
the primary goal of email and messaging management solutions. Email and
management solutions can mitigate the risks related to information loss,
leakage, or unauthorized data access. Read this eBook to learn about the
best practices of designing an email and messaging management
infrastructure in Exchange-centric environments.
www.windowsitpro.com/go/ebook/symantec/messagingmanagement/?code=sectop0123
|
Security News and Features
Novell Extends ZenWorks Endpoint Security with
New Features
Novell took its ZenWorks Endpoint Security solution a
big step forward with new encryption capabilities and new password
capabilities that help protect laptops.
To view the rest of this article, click here
Perimeter eSecurity to Offer Outsourced
Messaging Compliance Solutions
Perimeter eSecurity announced that it has acquired
Secure Electronic Communication Compliance Archival System (SECCAS),
maker of outsourced messaging compliance solutions. The acquisition
brings ePerimeter the ability to offer companies tools that can help
archive email, instant messages, faxes, and other communications.
To view the rest of this article, click here
$20,000 for Zero-Day Windows
Vulnerability
Digital Armaments temporarily upped the ante for paid
exploits. Through the end of February, the company will pay an extra
$20,000 for each report and exploit.
To view the rest of this article, click here
Recent
Security Vulnerabilities
If you subscribe to this newsletter, you also receive
Security Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
Sponsor
Lucid8
The Essential Guide to E-Discovery & Recovery for Microsoft Exchange
E-Discovery & Recovery for Microsoft Exchange
With more than 75 percent of business-critical information residing in
e-mail today, you are more likely to find evidence sitting in someone's
inbox than in their filing cabinet or on a file share. The growing
importance of e-mail has not been lost on the lawyers, courts, or
government regulators. In fact, e-mail is being placed at the center of
legal discovery requests and is increasingly used in a variety of legal
and regulatory proceedings, from e-discovery for civil lawsuits to
providing the grounds for prosecuting criminal cases. Download this
guide to find out how you can be better prepared.
www.windowsitpro.com/go/eg/lucid8/ediscovery/?code=secmid0123
|
Give and Take
SECURITY
MATTERS BLOG: Storm Worm Loves You; Google Needs a Good Security
Guru
by Mark Joseph Edwards
Attackers have unleashed a new round of Storm worm
infections just in time for Valentine's Day. And Google is looking for
an Investigator / Threat Analyst. Read all about it in the Security
Matters blog.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
FAQ: Adding
Roles and Features at the Command Line
by John Savill
Q: How do I use the command line to install Windows
Server 2008 Roles and Features?
Find the answer at
www.windowsitpro.com/Article/ArticleID/98051
SHARE YOUR
SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems
and solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we
print your submission, you'll get $100. We edit submissions for style,
grammar, and length.
Products
Packet-Capture
Engine Gains Speed
by Renee Munshi
MicroOLAP Technologies announced Packet Sniffer SDK 4.0,
a library of objects for capturing traffic in Windows environments.
Embedded into an application, Packet Sniffer provides low-level network
access to capture and transmit network packets bypassing the protocol
stack. New features in Packet Sniffer SDK 4.0 intended to improve
performance are an adjustable packet pool that maps packets from
application mode space to the Packet Sniffer SDK internal driver kernel
mode space and back, a 32-/64-bit BSD Packet Filter (BPF) just-in-time
(JIT) compiler, and asynchronous queues for packet sending and
receiving. Packet Sniffer SDK 4.0 runs on Windows 98 and later and is
compatible with Microsoft Visual C++, Microsoft Visual Basic .NET, Intel
C++, Borland C++ Builder, and Borland Delphi. For more information, go
to
www.microolap.com
Resources and Events
Attend Black Hat DC on February 18-21. This Washington,
DC, version of the world's premier technical event for ICT security
experts features lots of new content, including a focus on wireless
security.
www.blackhat.com
How to Archive Effectively, Be Compliant, and Save Money
Compliance is a hot topic in the IT world, but it's a broad topic, too.
Focusing on individual parts of the compliance elephant can be a good
way to start. Archiving email is often desirable or necessary, even for
companies that don't have explicit compliance requirements. In this Web
seminar, Paul Robichaux describes how archiving strategies can help your
business work more effectively and keep IT operating costs under control
while preserving quick access to needed data.
www.windowsitpro.com/go/GFI/Compliance/?partnerref=011608er
Three Easy Steps to Disaster-Recovery Planning
Everyone is talking about disaster-recovery planning and how important
it is to be prepared for any emergency that could impact
business-critical operations. But how do you develop a sound disaster
recovery plan? Where do you actually begin? Attend this January 29th
(1:00 PM EST) Web seminar to get practical guidance on developing,
implementing, and testing your disaster recovery plan. Outline the steps
you should follow to ensure that your disaster recovery plan works as
you expect it to and scales as your business and IT needs evolve.
www.windowsitpro.com/go/seminars/XOsoft/DisasterRecovery/?partnerref=011608er
Featured White Paper
How to Add Significant Capabilities to All Your Major
Application Development Environments
Organizations seeking to gain competitive advantage in the marketplace
can be derailed when faced with the daunting task of managing and
integrating a large collection of competing application development
technologies. The solution can be the implementation of a single
integrated platform that offers high performance and scalability for the
most popular technologies used by application developers today. This
white paper discusses how certain developmental tools can simplify your
development tasks and enable your organization to reduce application
development time.
www.windowsitpro.com/go/wp/oracle/development/?code=011608er
Announcements
Exchange 2007 Mastery Series: January 28, 2008
LAST CHANCE TO REGISTER!
Get three info-packed eLearning seminars hosted by Windows IT Pro for
only $99!
Mark Arnold--MCSE+M and Microsoft MVP--will coach you through
Exchange 2007 storage solutions: planning for archiving and compliance,
optimizing your iSCSI network storage, and finding the sweet spot
between memory and spindles.
www.windowsitpro.com/go/elearning/masteringexchange2007
|
|
If you use a product that has made a tremendous impact in your
organization and is a product that you can't live without, tell us about
it at whatshot@windowsitpro.com
and we'll feature your review in a future issue of the magazine, under
the "What's Hot" section.
|
|
