Evaluating Intrusion Prevention Systems
* Security News and Features
- News: XP SP2 Training for Developers
- News: Sober.D Poses as Microsoft Patch
- News: Ethereal 0.10.2 Released
- News: Certified Ethical Hacking
* New and Improved
- Protect Your Online Privacy
Focusing on Evaluating Intrusion Prevention Systems ...
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
Last September, I wrote about an evaluation of Intrusion Detection
Systems (IDSs) conducted by the UK-based NSS Group.
Recently, Bob Walder (director of The NSS Group) wrote to let me know
that his organization has recently published a set of test results for
Intrusion Prevention Systems (IPSs). The NSS Group defines an IPS as a
proactive defense mechanism that detects attacks and stops them before
they can do any damage.
You might recall that last year, Gartner claimed that IDSs/IPSs were
no longer useful and that "deep inspection firewalls" were the wave of
the future. Walder said that The NSS Group's test results show that
Gartner is wrong, and that "deep inspection firewalls may well be
where the industry ends up, [however] those devices are a long way
from being ready for prime time right now. Our report shows that IPS
[is] ready for prime time deployments and as the technology develops
it will be interesting to see whether those 'deep inspection
firewalls' actually evolve from present day firewalls ... or whether
they evolve from current IPS products!"
The NSS Group decided to test IPS products to determine their
effectiveness, viability, and validity as security solutions. The NSS
Group invited all major IPS vendors to participate, and five companies
responded: Internet Security Systems (ISS), NetScreen Technologies,
Network Associates, TippingPoint Technologies, and Top Layer Networks.
All told, The NSS Group performed more than 750 tests against each of
the products to determine the performance and reliability, security
accuracy, and usability of each one. When the tests were complete, the
group wrote its detailed results and analysis into a 277-page report.
If you use one of the tested products or are considering acquiring an
IPS to protect your network, you'll probably find this report
invaluable. Be sure to check it out. It's available online in HTML
format, or you can purchase a PDF version at The NSS Group's Web site.
==== Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities.
News: XP SP2 Training for Developers
Microsoft said that Windows XP Service Pack 2 (SP2) might break
functionality of existing applications. In an effort to help
developers understand the implications of SP2, the company is now
offering an XP SP2 training course that covers the changes slated for
the new service pack.
News: Sober.D Poses as Microsoft Patch
A new worm, Sober.D, is traveling the Internet posing as a patch
from Microsoft. However, users should be aware that Microsoft doesn't
issue patches through email messages. The worm targets users who speak
German and specifically tries to propagate itself to the .nl, .be,
.at, .ch, .de, and .li top-level domains. The worm arrives with a file
attachment that might have either an .exe or .zip file extension. If
you run the attachment, the worm installs a backdoor on your system
that listens on port 13468. Be sure to update your antivirus software
to guard against the new worm.
News: Ethereal 0.10.2 Released
A new version of Ethereal, 0.10.2, is available. The popular
shareware packet sniffer--often used for security purposes--runs on
BSD, Linux, Windows, Mac OS, Sun Microsystems' Solaris, and numerous
other platforms. The latest version includes new support for Cisco
Systems' Cisco Cast Client Control Protocol as well as updates to a
long list of other protocols including AppleTalk, ASN.1, HTTP,
Kerberos, MSN Messenger, PostgreSQL, and more. You can download the
new version, including the source code, at the Ethereal Web site.
News: Certified Ethical Hacking
The UK branch of The Training Camp is now offering a Certified
Ethical Hacker course to qualified individuals. The 5-day course,
which has been offered in the United States for several months,
teaches students how to scan and penetrate a network and, once inside,
how to elevate privileges. The course also teaches social engineering,
how to defend against intrusion, how to create policies, and more.
Prerequisites include 2 years' experience with information security, a
working knowledge of TCP/IP, and a basic familiarity with Linux.
(from Windows & .NET Magazine and its partners)
Infosecurity Europe 2004 - London, England
Now in its 9th year, Infosecurity Europe is Europe's number one IT
Security Exhibition. The event brings together professionals
interested in IT Security from around the globe with suppliers of
security hardware, software and consultancy services. Grand Hall at
Olympia from 27th to the 29th April 2004. Visitors not registered by
22nd April will be charged a 20 [pounds sterling] entrance fee.
Sign Up for 2 New Web Seminars--Business Workflow Process and
Authenticating Email to Stop Spam and Phishing
Unmanaged companywide Access reports and spam issues can lead to
security and performance problems, not to mention use up valuable
resources. Learn how to consolidate your reports with a reporting
service and find out how to stop spam and phishing to solve these
important organizational issues.
Does your company use third-party management tools to manage your
Microsoft Windows network? If you do, Windows & .NET Magazine would
like to hear from you about your preferences. Please respond to our
short survey regarding Windows management tools and we'll enter you in
a drawing to win one of two $50 Amazon.com gift certificates.
Security Toolkit...
Virus Center
Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
FAQ: Why can't I search for files in the System32 or SysWow64 folders
in the 64-bit version of Windows XP?
A. By default, the 64-bit version of XP excludes system folders from
searches. To search within these folders, open Windows Explorer, click
Search, select "All files and folders," "More advanced options," and
the "Search system folders" check box. Also, from the Tools menu in
Windows Explorer, select Folder Options, go to the View tab, and
enable "Show hidden files and folders." Then, do your search.
Featured Thread: Discovering Installed Hotfixes
(One message in this thread)
Mark is having trouble obtaining an exact list of installed hotfixes
in Windows XP, Windows 2000, and Windows NT. He's been using VBScript
scripts and Microsoft Baseline Security Analyzer (MBSA) to examine the
systems, but each one returns different, noncomprehensive results.
Mark wants to know how to obtain a complete and comprehensive list so
that he can plan for appropriate updates to the systems.
New Web Seminar--Realizing the Return on Active Directory
Join Mark Minasi and Indy Chakrabarti for a free Web seminar and
discover how to maximize the return on your Active Directory
investments and cut the cost of security exposures with secure task
delegation, centralized auditing, and Group Policy management.
Register now and receive NetIQ's free "Securing Access to Active
Directory-A Layered Security Approach" white paper.
Protect Your Online Privacy
SpiDer Software announced MyProxy 6.40, Internet software that
combines the features of a proxy server, a pop-up/banner-ad filter, a
dialer, and a DNS cache. MyProxy blocks cookies and referrers, which
marketers use to track your online behavior. Also, by blocking
unwanted online ads and caching graphics, the program can increase
page-loading speeds by as much as five times. To help you calculate
your expenses, the product's built-in dialer tracks time spent on the
Internet and bandwidth consumed. And the program comes with password
protection to prevent unauthorized access. MyProxy 6.40 costs $29.95
and is available for download at SpiDer Software's Web site.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.