|
[networknewsletters]
||
[Date Prev]
[01-2007 Date Index]
[Date Next]
||
[Thread Prev]
[01-2007 Thread Index]
[Thread Next]
[ECP] SSTP One Reason to Look Forward to Vista SP1
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 30 Jan 2007 05:00:00 -0500
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com
Add your K12 SCHOOL OR SCHOOL DISTRICT URL
http://www.edu-cyberpg.com/schools/
Please Share and Add Your Song
http://www.edu-cyberpg.com/ncfr/
Educational CyberPlayGround Network Newsletters Mailing List ©1994
¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤,¸¸,ø¤º
SSTP One Reason to Look Forward to Vista SP1
=== CONTENTS ===================================================
IN FOCUS: SSTP One Reason to Look Forward to Vista SP1
NEWS AND FEATURES
- Fortify Software Extends Its Reach
- TJX Reveals Big Data Breach
- What's Hot: Readers Recommend the Best Products
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: 51 Reasons to Patch Your Oracle
Applications
- FAQ: Find a User's DN
- From the Forum: TACACS Authentication
- IT Pro of the Month--December 2006 Winner
- Share Your Security Tips
PRODUCTS
- New Endpoint Safety Features
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: SSTP One Reason to Look Forward to Vista SP1 =====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Sometimes building a VPN can be tedious work, especially when firewalls
are involved. There are of course ways to build VPNs that can usually
traverse a firewall without the need to configure new rules. One of the
most common methods is to use a Secure Sockets Layer (SSL)-based VPN,
which can be made to operate over standard HTTP ports.
Microsoft's new VPN technology, Secure Socket Tunneling Protocol
(SSTP), does exactly that. SSTP is an SSL-based client-to-server VPN
tunneling protocol designed to make connectivity much easier.
The biggest benefit of SSTP is that because it works over standard HTTP
ports, SSTP traffic will be able to traverse a network to reach the
end-point server even when the client is behind a Network Address
Translation (NAT)-enabled network, Web proxy, or reasonably configured
firewall that at least allows Web traffic. This will be very helpful,
especially for mobile users who find themselves using networks at
hotels and conference centers, which sometimes lock down their networks
to the point of being unusable except for the most basic needs.
Microsoft has already released Windows Vista to businesses and is set
to release the new OS to consumers this week. As you might expect, the
company is busy working on Vista Service Pack 1 (SP1), and when that
update is released, it will include SSTP. The company also plans to
include SSTP in Windows Longhorn Server Beta 3, due sometime in the
first half of this year.
Samir Jain, lead programmer for Microsoft's RRAS technology, said that
SSTP integrates seamlessly into the OS so that it works through the
typical RRAS interfaces. The integration means that you'll get the same
types of functionality you're already accustomed to when using RRAS,
such as support for Network Access Protection (NAP), support for IPv6,
and support for various authentication mechanisms such as smart cards.
The way SSTP works is very similar to the way SSL works in a Web
browser, with some added intricacies of course. A client computer
connects to an SSTP-enabled server over TCP port 443--the standard SSL
port. After the SSL session is built, the two systems then negotiate a
Point-to-Point Protocol (PPP) session, including any required
authentication. That's basically all there is to it.
Jain said that you will be able to deploy SSTP on the same server on
which an existing L2TP VPN is deployed, and SSTP can share the same
server certificate as the L2TP VPN. Because SSTP integrates tightly
with RRAS, very little extra configuration will be necessary to
implement SSTP.
There are of course downsides to using SSTP. For example, it won't work
with Web proxies that require authentication. Another potential
downside is that SSTP won't work for establishing site-to-site
communication. This disadvantage is probably a minor one because site
operators typically have the ability to manage firewalls on their
networks, so they can use another method of connectivity. Microsoft
could however expand SSTP to work for site-to-site communication in the
future. Another downside might be that SSTP won't be supported on
Windows XP, but we'll have to wait and see about that. As far as I
know, the company hasn't said whether it will make SSTP available for
XP systems.
Nevertheless, SSTP will ease the burden faced by many mobile users, and
that's a plus. So there's your first reason to look forward to Vista
SP1. I'm sure other reasons to look forward to SP1 will come to light
as the year progresses.
=== SECURITY NEWS AND FEATURES =================================
Fortify Software Extends Its Reach
Fortify Software announced that it's reached an agreement to acquire
certain intellectual property, capital assets, and resources from
Secure Software. A spokesperson for Fortify said that the acquisition
brings the company an increased customer base, increases its market
exposure, and extends its ability to assist customers with the
requirements and design phases of the software development lifecycle.
http://list.windowsitpro.com/t?ctl=47A92:57B62BBB09A69279FD45A8336E9B675E
TJX Reveals Big Data Breach
In what is surely one of the many data breaches to come in 2007, The
TJX Companies revealed that their customers' private data had been
compromised in a security breach. Owner of several retail chains,
including T.J. Maxx and Marshalls, TJX said that the company network
that handles its credit card, debit card, check, and merchandise return
transactions had been broken into.
http://list.windowsitpro.com/t?ctl=47A97:57B62BBB09A69279FD45A8336E9B675E
What's Hot: Readers Recommend the Best Products
Readers write to tell us a bit about some of their favorite
products: Barracuda Spam Firewall 300, KeePass Password Safe, and
System Information for Windows.
http://list.windowsitpro.com/t?ctl=47A9C:57B62BBB09A69279FD45A8336E9B675E
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=47A93:57B62BBB09A69279FD45A8336E9B675E
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: 51 Reasons to Patch Your Oracle Applications
by Mark Joseph Edwards,
http://list.windowsitpro.com/t?ctl=47AA0:57B62BBB09A69279FD45A8336E9B675E
Oracle released its first quarterly round of patches for 2007 and it
contains a whopping 51 security fixes! Get a link to those fixes in
this blog article.
http://list.windowsitpro.com/t?ctl=47A9B:57B62BBB09A69279FD45A8336E9B675E
FAQ: Find a User's DN
by John Savill,
http://list.windowsitpro.com/t?ctl=47A9E:57B62BBB09A69279FD45A8336E9B675E
Q: How can I determine the logged-on user's distinguished name (DN)?
Find the answer at
http://list.windowsitpro.com/t?ctl=47A9A:57B62BBB09A69279FD45A8336E9B675E
FROM THE FORUM: TACACS Authentication
A forum participant writes that he receives an "Authentication
Failed" message when trying to log on to a Cisco router by using a
Terminal Access Controller Access Control System (TACACS) server. The
TACACS server log has the message "Authentication session aborted by
request from NAS," which is the router. What could be causing the
error? Join the discussion at
http://list.windowsitpro.com/t?ctl=47A8D:57B62BBB09A69279FD45A8336E9B675E
IT PRO OF THE MONTH--December 2006 Winner
Congratulations to Steven Fellwock, who was voted the December 2006
"IT Pro of the Month." Steven successfully improved a logon process by
creating a SQL Server database that maintains Active Directory (AD)
information. His new logon script never needs modification and is
portable--able to run in any AD environment that includes a SQL Server
database. To learn more about Steven's solution and to find out how you
can become the next "IT Pro of the Month," please visit:
http://list.windowsitpro.com/t?ctl=47AA1:57B62BBB09A69279FD45A8336E9B675E
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@xxxxxxxxxxxxxxxxxxx If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
New Endpoint Safety Features
Safend announced Safend Protector 3.1, which adds data encryption,
the blocking of network bridging, and protection from PS/2 hardware
keystroke-logging devices to the endpoint security product. The data
encryption feature lets administrators require automatic encryption
when data is transferred to USB drives and other portable storage
devices. The anti-network bridging feature lets you block use of Wi-Fi,
Bluetooth, and other protocols while a PC is connected to the wired
corporate network. Safend Protector 3.1 adds new protection against
PS/2 hardware key loggers to its previous protection against USB
hardware key loggers. For more information, go to
http://list.windowsitpro.com/t?ctl=47AA6:57B62BBB09A69279FD45A8336E9B675E
=== RESOURCES AND EVENTS =======================================
Prevent installation and execution of unauthorized software on the
computers on your network. Download this free white paper today for a
comparison of different techniques for detecting and preventing
unauthorized code. Protect against emerging risks today!
http://list.windowsitpro.com/t?ctl=47A8F:57B62BBB09A69279FD45A8336E9B675E
Learn the essentials about how you can use consolidation and selected
technology updates to build an infrastructure that handles change
effectively.
http://list.windowsitpro.com/t?ctl=47A91:57B62BBB09A69279FD45A8336E9B675E
You can't control what nature throws at your IT systems, such as
floods, hurricanes, and earthquakes. You can't always control what
people might do to your systems, either. Download this free eBook and
learn to protect your business in the face of both natural and human-
made disasters.
http://list.windowsitpro.com/t?ctl=47A90:57B62BBB09A69279FD45A8336E9B675E
=== FEATURED WHITE PAPER =======================================
Combat phishing and pharming: Implement complete protection against
complex Internet threats by filtering at multiple points on the gateway
and network and at endpoints.
http://list.windowsitpro.com/t?ctl=47A8E:57B62BBB09A69279FD45A8336E9B675E
=== ANNOUNCEMENTS ==============================================
Copyright 2007, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Educational CyberPlayGround Network Newsletters Mailing List
Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Copyright statements to be included when reproducing
annotations from the
Educational CyberPlayGround Network Newsletter
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
Email Prefrences - Subscribe - Unsubscribe - Digest
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
