Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 01, 2008

Security Pro VIP--May 1, 2008


A Web Exclusive from Windows IT Pro
Renee Munshi
Features
InstantDoc #99021
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
View this exclusive article with VIP access -- click here to join | See More Security Articles Here | Reprints | Or sign up for our VIP Monthly Pass!

In this Issue

  • Perspective: Data on the Move
  • Coming this Month
  • April 2008 Articles in Print-Friendly Format
  • Security Horror Story Contest
  • Share Your Security Tips and Get $100
  • The Security Pro VIP Forum

    • Perspective: Data on the Move

    How do you share data with your business partners? Email attachments? Microsoft SharePoint sites? FTP? Purchased solution over leased lines? Many methods are available, but it's increasingly important to ensure that the method you use is a secure one. Regulations such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act (HIPAA) stipulate proper handling of customer data, and your company might have other types of sensitive data that it wants to protect when sending the information to a partner organization or a branch location.

    The following articles present some options for secure file transfer:

    Access Denied: Exchanging Files Securely, October 2005, describes how you can safely exchange files by using the encryption features in Microsoft Office Word 2003, Microsoft Office Excel 2003 or WinZip Computing's WinZip.

    Secure File Exchange Over the Internet, February 2006, provides an overview of solutions for securing files for transport and then focuses on three encryption methods that work with email attachments: file compression utilities that also offer encryption, Pretty Good Privacy (PGP), and Public Key Infrastructure (PKI).

    Copying Files Securely Between Systems, October 12, 2005, introduces three common methods for securing file transfer: employing the RRAS component that comes with Windows Server 2003 and Windows 2000 Server to establish a VPN that uses PPTP, using Microsoft IIS and Secure Sockets Layer (SSL) connections along with a custom Web interface, or using Secure Shell (SSH). The article also points to resources for more information about implementing the three methods.

    Access Denied: Safeguarding FTP Files, June 2004, explains how to set permissions on an FTP account such that if the account's username and password are intercepted, the account will have only limited access to files on the FTP server.

    As an alternative to implementing your own file-transfer solution, you can purchase a file-transfer product. Sterling Commerce's Connect family of managed file transfer solutions has until recently been strictly for exchanging files with a business partner over a leased line. But a few weeks ago, the company released Sterling Secure Proxy, which extends managed file transfer to the Internet. Many of Sterling's customers are financial institutions with strict requirements for transferring data in an encrypted, uninterrupted, and auditable fashion. That was tough to do over the Internet. But now Secure Proxy gives these customers a way to expand the number of partners with which they can exchange data without adding a lot of costly leased connections. Secure Proxy sits in the demilitarized zone (DMZ) to protect the Sterling managed file transfer server that's behind the firewall on the corporate network.

    Sterling is just one of many "secure file transfer products," which you'll discover if you type in that phrase at Google.com.

    This is the last Perspective column I'll be writing for Security Pro VIP. Next month, you'll have a fresh perspective from Lavon Peters, the new Security Pro VIP editor.

    —Renee Munshi, Security Pro VIP Editor

    Coming this Month

    "Securing the Windows Search Path" by Alex K. Angelopoulos
    Learn how to lock down the Windows search path as well as modify and lock down the pathext variable to prevent an attacker from using command search to escalate privileges.
    This article is now live on the Web.

    "The Event Log Query Utility" by Jim Turner
    This HTML Application lets you query a variety of machines for a variety of event types.
    This bonus article, first published in the Windows Scripting Solutions newsletter and available online only to Scripting Pro VIP subscribers, will now be available on Security Pro VIP.
    Coming tomorrow, May 2.

    "Tips for Securing WordPress" by Mark Burnett
    A hacked blog can be a PR nightmare. Stop it from happening to you by taking some precautions: Use SSL for administration, and set correct permissions.
    Coming May 8.

    Toolbox: "Safety Scanner" by Jeff Fellinge
    Microsoft's free service, Safety Scanner, part of the Windows Live OneCare product group, can scan, defrag, and clean files.
    Coming May 15.

    Windows Gatekeeper by Jan De Clercq
    Answers to your Windows security questions.
    Coming May 22.

    April 2008 Articles in Print-Friendly Format

    Get all the April articles in .pdf format by clicking here. Print the .pdf and enjoy!

    Security Horror Story Contest

    Tell us about a security hole that you found, a virus that shut down your network, an embarrassing or scary near-miss or direct hit. (Be sure to describe how you solved the problem too.) We’ll print the best tales in a Windows IT Pro cover story (anonymously, if you like), and you’ll win a 1-year Windows IT Pro VIP subscription. Send your security horror stories (no more than 500 words) to lpeters@windowsitpro.com by May 9.

    Share Your Security Tips and Get $100

    Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@securityprovip.com. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

    The Security Pro VIP Forum

    The Security Pro VIP forum is your place to ask questions about security topics and about articles posted on the Security Pro VIP Web site and to get answers from other forum members, including Orin Thomas, forum moderator, and article authors. Let's talk!

    End of Article

    Reader Comments

    You must log on before posting a comment.

    If you don't have a username & password, please register now.




    Top Viewed ArticlesView all articles
    Microsoft Misses Windows Mobile Sales Target

    The warning signs were there. After boldly proclaiming that it would sell "more than" 20 million licenses to its Windows Mobile operating system by the end of its fiscal year on June 30, Microsoft later scaled that prediction back to "nearly" 20 million ...

    The Memory-Optimization Hoax

    Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

    Microsoft: Midori is Not a Future Windows

    As I've written previously here and mentioned in the "Windows Weekly" podcast, the oft-hyped-of-late "Midori" project that Microsoft is currently working on is not designed as an update to its current family of Windows operating systems. Midori has been ...
    Security Whitepapers Anti-Virus Is Dead: The Advent of the Graylist Approach to Computer Protection

    Getting the Job Done: Comparing Approaches for Desktop Software Lockdown

    Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control
    Related Events Check out our list of Free Email Newsletters!
    Security eBooks Spam Fighting and Email Security for the 21st Century

    Understanding and Leveraging Code Signing Technologies

    A Guide to Windows Certification and Public Keys
    Related Security Resources Become a VIP member of the Windows IT Pro community!
    Get it all with the VIP CD and VIP access. A $500+ value for only $279!

    Subscribe to Windows IT Pro!
    Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

    Monthly Online Pass - Only $5.95!
    Get instant access to 10,000+ articles from Windows IT Pro Magazine!

    TechNet Virtual Labs
    Evaluate and test Microsoft's newest products.

    Job Openings in IT

    ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

    WinConnections Conference Fall 2008
    Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

    Deploying SharePoint! In-Person Event Series – 8 Cities
    Discover best practices and tips for deploying the perfect SharePoint infrastructure. Early Bird Price of $99 through Aug 29th.

    Find a new job now on the all new IT Job Hound!
    Search jobs, post your resume, and set up job e-mail alerts!

    Master SharePoint with 3 eLearning Seminars
    Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!

    Top Tools for Virtualization Disaster Recovery & Replication
    View this web seminar on August 14th to learn about two tools that will result in faster backup and restore with P2V disaster recovery.

    SharePointConnections Conference Fall 2008
    Don’t miss the premier event for Microsoft IT Professionals in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

    VMworld 2008 - Sign Up Today!
    Join your peers on September 15-18 at The Venetian Hotel in Las Vegas as VMware hosts VMworld 2008, the leading Virtualization event.



    Microsoft® Tech•Ed EMEA 2008 IT Professionals
    Advance your thinking with new ideas and practical real-world solutions at Microsoft’s FIVE day technical infrastructure conference 3-7 Nov., 2008. Register before 26 September 2008 to save €300.

    What’s up with your network? Find out with ipMonitor
    Availability monitoring for servers, applications and networks – FREE trial

    Agent-less Remote Backup Service, Free 30 Day Trial
    Award winning remote backup service at a competitive price with no min GB/month. Sign up Now!

    Order Your Fundamentals CD Today!
    Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.

    Are You Really Compliant with Software Regulations?
    View this web seminar that will help you with compliance best practices and check out a management solution to assure that you won’t be in jeopardy of an audit.
    Windows IT Pro Home Register FAQ for Windows WinInfo News
    Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
    SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound
    IT Library Technical Resources Directory Connected Home Windows Excavator SuperSite 
     
     Windows IT Pro is a Division of Penton Media Inc.
     Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing