| This Month:
The High Cost of Efficiency
"Computers are tremendous labor-saving devices.
They give us power to accomplish extraordinary
amounts of work in extraordinarily short intervals
of time: financial analysis, data mining, design
automation. But they also give us the capability to
do things like play solitaire. Or send instant
messages. Fiddle with fonts. Futz with PowerPoint.
Twiddle with images. Reconfigure link rollovers. In
the spring of 1994, I wiped the game
Civilization off my office computer. I wiped
it off my home PC. I wiped it off my laptop. I
threw away the original disks on which it had come.
It was clear to me that I had a choice: I could
either have Civilization on my
computers, or I could be a deputy assistant
secretary of the US Treasury. I could not do both.
It wasn't that my boss ordered me to - she herself
played a mean game of computer solitaire. In this,
I was the boss, and I had decided that with
Civilization on DeLong's hard disk, DeLong's
productivity would be unacceptably low." Source:
Wired (July 2003)
IM Security Primer
The
seemingly overnight appearance of Instant Messaging
(IM) software in the corporate environment took
most IT departments by surprise. Before IT could
put formalized policies and security procedures in
place, IM clients were popping up everywhere. To
make the best use of IM, you need to know which
types of IM networks are the most popular, how they
work, what their vulnerabilities are, and how to
minimize the risk to your end users and network. As
you'll learn, the world of IM is full of malicious
activity, automated bots, channel wars, and Denial
of Service (DoS) attacks. Source:NTsecurity.net
Windows 2000 SP4 released
Windows
2000 Service Pack 4 (SP4) provides the latest updates to the
Windows 2000 operating systems. This service pack includes 669
public fixes and 6 partner only fixes in the following areas:
security, application compatibility, operating system
reliability, and setup. Windows 2000 SP4 is a recommended update
that includes the updates contained in previous Windows 2000
service packs. To determine whether to install Windows 2000 SP4,
Microsoft recommends that you review the Windows 2000 SP4
documentation.
Configuring Application Isolation on Windows Server
2003 and Internet Information Services (IIS) 6.0
This paper discusses the general topic of
application isolation as it relates to Web
applications run on Windows Server 2003 servers
with IIS 6.0 running in worker process isolation
mode. Isolation refers to the degree of separation
between two Web applications running on a server.
In this paper, the notion of a ©Web application? is
meant in a very broad sense; it includes the
processes, files, and even users, serviced by the
application. Applications are isolated from each
other to the degree that one application is
prevented from accessing resources used by another
application. Source: Microsoft TechNet
Landing a Job Can Be Puzzling
Microsoft is legendary
for running job applicants through grueling
interviews full of brain teasers and bizarre
questions. Now, other companies are following suit.
Some of the more commonly used brain teasers
include questions like, "If you are on a boat, and
you throw your suitcase overboard, will the water
level rise or fall?" and "How many piano tuners are
there in the world?" "We use these types of
questions not necessarily to see if the candidate
gets the right answer but to observe the
candidate's thought process," said one vice
president of a business software firm, who asked
not to be named. "How does the candidate think on
their feet? Do they work through the problem in a
logical manner? Do they have the drive and
determination to work through the problem no matter
how difficult the question?" Source: Wired
Tracking Down the Phantom Host
This article explains
techniques on how to locate a problem host when you
are not sure where it is physically located.
Source: SecurityFocus.com
E-mail scam makes Best Buy scramble
Best Buy has become
the target of an e-mail scam that links to a
look-alike Web site to try and convince consumers
to give up their credit-card information.
The e-mail tells a
recipient that an order made on BestBuy.com used
the person's credit-card information, and it asks
the recipient to follow a link to the company's
page for its fraud department. The link actually
goes to a different Web site, which masquerades as
Best Buy's site
and requests personal information. Source: CNET
(June 19, 2003)
Balancing Your Career: Certification, Education
and Experience
Making yourself marketable in today©s economy is
©priority one? when it comes to you and your
career. Many times we become stagnant in our
positions and skills, or on the other side of the
spectrum, we never had the skills and are trying
either to break into or to advance in the
Information Technology (IT) field. Either way, you
have to focus on marketability, and that is the
focus of this article©how to make yourself
marketable. Source: CertMag.com
WLANs scale, just not easily
If you're
thinking about rolling out a big WLAN, network
professionals who have built them say, be prepared
for a project that will rival, if not surpass, in
complexity and detail any LAN you've built. This
article chronicles lessons learned from some of the
world's largest WLAN deployments including
Microsoft, Cisco, and McGill University in
Montreal.
Source: NetworkWorldFusion
Account Passwords and Policies
Password and account lockout settings are designed
to protect accounts and data in your organization
by mitigating the threat of brute force guessing of
account passwords. Settings in the Account Lockout
and Password Policy nodes of the Default Domain
policy settings enable account lockout and control
how account lockout operates. This white paper
describes how these settings affect account lockout
and makes some general recommendations for
configuring and troubleshooting account lockout
issues. Source: Microsoft Technet
Microsoft Exams Retiring at End of June
Nine Microsoft exams
whose retirements were announced in June 2002 will
be discontinued at the end of this month. According
to an ongoing policy, Microsoft makes impending
exam retirement announcements in June each year,
with retirements taking place one year after the
announcements are made. Because of another policy
implemented in October 2001 (see the FAQ at
http://www.microsoft.com/traincert/
highlights/announcement.asp for details),
Microsoft also requires no recertification in order
to retain currently valid certifications. This
means that anyone holding a certification that uses
any of these soon-to-retire exams will remain
certified. Source: MCPMag
Defending your DNS: Best practices for reliable DNS
and DHCP
Well-publicized attacks
against Domain Name System (DNS) root servers and
top-level domains highlight the vulnerability of
the DNS infrastructure. Many CIOs are looking for
ways to ensure secure, reliable network services.
In this article,
Paul V. Mockapetris,
the inventor of the domain name system and chief
scientist at Nominum, gives advice on ways to
ensure your networks are secure and reliable.
Ten common management mistakes
Your job is to keep the network up and running, so
employees can work without interruption and so that
you can get home. The problem is that things don't
always go the way you want them to go. Some days
just plain stink. There are many reasons, but we'll
just stick to the 10 most commonly encountered network
management potholes. Source:
NetworkWorldFusion
Slammed!
In this controversial article, Wired magazine
takes an inside look at the Slammer worm which
wrecked havoc on the internet last January. The
worm infected about 75,000 systems in less than 15
minutes and by some estimates caused $1
billion in damages. The magazine's editors have
received strong
criticism from security experts for not only
revealing step by step how Slammer works, but also
for publishing Slammer's source code in the
magazine.
SAN Security Reaches Critical Mass
In insecure
times, security threats seem to be everywhere, and
heightened security awareness is rampant. While SAN
technology's rudimentary security managed to avoid
scrutiny in its early days, it too is now coming
under the security spotlight. What security threats
exist today for storage area networks, and how can
you protect your SANs from them? Source:
EnterprizeStorageForum.com
Microsoft Baseline Security Analyzer v1.1.1 (for
Professionals)
Microsoft has released an updated version of their
BaseLine Security Analyzer, which is available as a
free download. Version 1.1.1 of MBSA includes a
graphical and command line interface that can
perform local or remote scans of Windows systems.
MBSA runs on Windows Server 2003, Windows 2000, and
Windows XP systems and will scan for common
security misconfigurations in the following
products: Windows NT 4.0, Windows 2000, Windows XP,
Windows Server 2003, Internet Information Server
(IIS) 4.0 and 5.0, SQL Server 7.0 and 2000,
Internet Explorer (IE) 5.01 and later, and Office
2000 and 2002. MBSA also scans for missing security
updates for Windows NT 4.0, Windows 2000, Windows
XP, Windows Server 2003, IIS, SQL, Exchange, IE,
and Windows Media Player.
W32/BugBear.B@MM
The big task for many
administrators today is to batten down the hatches
for a new variant of the BugBear mass mailing worm
that is spreading rapidly. Oddly enough, this virus
exploits a vulnerability in older versions of IE
(5.1 and 5.5) that was
patched by Microsoft over 2 years ago, but is
still spreading like wildfire prompting a number of
antivirus companies to upgrade their threat
assessments several times in the last twelve hours.
Microsoft Wireless LAN
Deployment and Best Practices
This paper
describes the history of the deployment of the
wireless local area network (WLAN) of the Microsoft
Corporation, the technologies used to provide
secure wireless access, and its current
configuration and infrastructure. This paper
concludes with a list of WLAN deployment best
practices.
Idiocy Imperils the Web
Twice in the last few
weeks, I've had the same experience. I receive a
security notice on a new virus, first Fizzer and
then Palyh. I then find out that they infect
Windows-based systems when a user opens an
attachment from an unsolicited e-mail message. I
then think to myself, "This won't be big; everyone
knows you don't open attachments in unexpected
e-mails." Then the virus spreads across tens of
thousands of systems. What's up with these people?
Over the last few years, there have been hundreds
of new viruses that spread in this manner. Most
people figure out that if they keep grabbing the
electric fence, they'll get a shock every time. So
why do they continue to stupidly open attachments
they aren't expecting? It's time for us to stop
admiring virus writers and start dishing out
heaping spoonfuls of shame to stupid users. Source:
eWeek
Microsoft to introduce security certifications
Microsoft Corp. is
expected to announce its first set of certification
credentials for IT administrators and engineers who
specialize in security in a Windows environment.
The requirements are essentially the same as for an
ordinary MCSE certification, except the security
candidate has to take the core security design exam
and a security implementation exam that Microsoft
introduced in January, along with the ISA Server or
CompTIA exam. Source: ComputerWorld
Why Centrino and VPNs Don't Mix
Intel's Centrino chipset is not
compatible with most Virtual Private Networks, an
Intel spokesman admits. Unless laptop users disable
a key feature of the chip when it runs with a VPN,
they get nothing but a blue screen. Source:
Wired
Past Archives
|
