Archive for the 'News' Category
VML Vulnerability - official patch released
Tuesday, September 26th, 2006Microsoft has quietly released a patch for the VML exploit today. Get it via their update service at http://windowsupdate.microsoft.com/ or wait for your automatic updates to notice it . . . personally I would not wait.
If you previously used any of the mitigating workarounds for this exploitable bug, make sure you reverse or rollback that workaround before applying the official patch.
So what do you do with old machines?
Sunday, July 16th, 2006After reading my previous post about Microsoft dropping support for Windows 98, Windows ME etc, some of you have asked me privately what they might do with old hardware?
There is an answer - sort of . . .
If your company has an active Microsoft Software Assurance subscription you can get a stripped down version of Windows XP Service Pack 2 called “Windows Fundamentals for Legacy PCs” that runs nicely on most legacy hardware.
The bad news is, unless you have that subscription through Microsoft, you may be out of luck.
End of an Era for Windows 98, ME and XP-SP1
Tuesday, July 11th, 2006Microsoft announced two important deadlines within the same press release. Here is the breakdown:
Tuesday July 11, 2006 - Critical updates and public technical support is discontinued for Windows 98 (any edition) and Windows ME. These operating systems are considered too outdated to continue supporting them against modern exploits.
Tuesday October 10, 2006 - Microsoft will stop producing critical updates and will discontinue public technical support for Windows XP Service Pack 1.
To continue to receive updates and support after that date, all users of Windows XP must upgrade to Windows XP Service Pack 2 as soon as possible. Hopefully you have already done this . . . but if not then now is the time.
Certain corporations with current Premier Support Agreements (contracts) with Microsoft may continue to receive private updates for the discontinued operating systems in special circumstances - for a “while.” I have heard that those special exemptions in the agreements will be faded out as soon as possible - which likely means when the contract is renewed - the above legacy OS’s will be dropped from them.
Also, all currently released documentation and fixes for these older operating systems will continue to be kept available online on Microsoft’s web site for an undefined future period - perhaps many years.
What does this mean if you still use one of these legacy systems? It means that satisfactory mitigation for future security problems on Windows 98, ME or XP-SP1 is severely limited, perhaps impossible. It’s time to replace any systems you own with a modern computer and OS. Even with the Microsoft Vista release on the horizon in January, support for Windows XP SP2 and Windows Server 2003 is expected to continue for several more years.
Keeping work data at work while working from home
Wednesday, May 31st, 2006By now I am sure you have all heard about the latest data theft fiasco with the Veterans Administration. Some 26 million records were on a laptop that was stolen from an employees home. There have been many other thefts from various financial and records warehousing organizations in the last two years, some made public, most not.
Without going into the argument about working beyond normal work hours, there IS a better way. Don’t take the data home. If you must work remotely, one solution is to use VPN combined with remote desktop. It’s safer, typically much faster (you don’t need to transfer large amounts of data over a home broadband connection) and it keeps the data on the work computers where it belongs.
My clients will recognize this method - since it’s the one that Network Defend has been implementing for all remote workers on networks we deploy.
For those unfamiliar with the process, here is a very high level overview:
Install a VPN Gateway at the business firewall layer. Install and configure a VPN client on your remote workstation/laptop. This grants you access via secure VPN to your companies LAN. Turn on Remote Desktop in Windows XP Professional or Windows 2003. If required, have your network admin tweak domain policies to allow this feature. Use strong passwords on your work domain account. Turn off hibernation on the workstation. When you leave work, log off your work computer but leave it running.
From your remote site, log into your work LAN via VPN on your laptop or remote terminal. Then open a Remote Desktop session over that connection.
There are very few modern applications that will not work this way, and since all data is kept at the work site, your tasks will run faster - and your data stays at work. All you see at the remote site is a view of the data.
New Critical Vulnerabilities in Windows
Tuesday, April 18th, 2006You may have heard about several new security exploits on the Internet during the last month. If not, you need to be aware that many of these new problems have begun to be exploited by various hacking groups across the web. They are rated at Microsoft’s highest alert level and can enable someone to take over your entire network, access your confidential data, or disrupt the stability of your system if you open certain email attachments or browse to certain web sites. The patches that mitigate these security holes in Microsoft Windows (2000, XP and 2003) have finally been released. If you do not have Automatic Updates turned on, you can get the patches manually by visiting Microsoft’s Update site at http://windowsupdate.microsoft.com/ and selecting the Express button.
Be sure to reboot after the patches are installed. Then repeat the process immediately at least once to be sure that no additional patches are available. If there are, install the next set of patches, reboot, then check the Update site again. Repeat as needed until no additional available patches are shown. Some patches will not appear on the site until previous patches are first installed.
Remember that Microsoft releases critical patches on the second Tuesday of each month, so mark your calendars.
A word about Automatic Updates on Microsoft Windows.
If you run a very small office with less than 5 machines, and do not have any commercial level enterprise software running in a server environment, I highly recommend you enable Automatic Updates on all your workstations. You can do this from the Update site by clicking the reminder link on the right hand side. (Note: you will not see that reminder if Automatic Updates is already working.) Occasionally you will see a reminder in your task tray to reboot your machine - do so at your earliest convenience. Other than that the process is fairly painless and may help prevent most major security problems related to the operating system. This practice, when combined with safe Internet usage, a good firewall, AntiSpyware and AntiVirus protection, will mostly protect your small office.
If you run a larger office, or you have servers that provide advanced functionality to your office, or you run custom software, then it is generally better to turn off Automatic Updates on the clients and use a server based updating service such as SMS or WSUS so you can control which updates get applied to your computers. Control is important, as some patches have been known to cause problems with these larger systems. The process includes testing the patch before rolling it out to the entire organization to ensure your business critical systems are not “broken” by the patch. This is one of the services Network Defend can provide for you, feel free to contact us for additional information.
If you use Firefox or Opera, be aware that several critical security patches were released this week for both. We highly recommend that you get them patched before the exploits begin showing up on the Internet.
Finally, there have been some reports that these latest Microsoft patches are causing problems on a few computers. While some may feel that the cure could be worse than the disease, I still recommend that you keep current with all security patches. If you are concerned, see http://support.microsoft.com/default.aspx/kb/912812 for more information and suggested workarounds.
Welcome to Network Defend’s security blog
Monday, February 27th, 2006The articles featured here will primarily highlight current security issues and solutions that may impact small business owners with office networks. The target audience is the successful business leader with limited or no access to their own in-house IT support. We hope that our suggestions here will enable you to prevent many problems before they strike.
This is “mostly” a Windows shop. Most of the information we present will be centered around securing Microsoft Windows products.
I would like to draw your attention to the Related links in the side bar on your right. They are a great place to start your education. I urge you to take a few minutes to learn about the types of threats you and your employees may face daily when interacting with the Internet. Topics include Phishing, SpyWare or MalWare, Virus protection and more. Becoming Internet “street-wise” and learning to be just paranoid enough to suspect that odd email is a good thing nowadays.
The Internet really is a jungle, and knowledge is the best defense.
