PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

If Your Internet Access is Vulnerable, So are You!

http://www.stbernard.com/forms/policyhandbook/ph_ip_sp.asp?oc=576

PatchLink and SMS: Now You Need Both. Free Report.

http://findtechinfo.com/penton/nl/212

PC on a Stick: A Portable Endpoint Security Nightmare

http://www.windowsitpro.com/go/whitepapers/securewave/rogueapps/?code=SECHot1108

CONTENTS

===========================================

IN FOCUS: Managed Services on the Rise

NEWS AND FEATURES

- Image-Based Spam Increasing

- Vulnerabilities in Firefox 2.0, IE 7.0, Drupal, and Yahoo! Messenger

- Security Log Collection

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: Long Week in the Linux Trenches

- Share Your Security Tips

- FAQ: Circular Logging in Exchange Server

- Know Your IT Security Contest

- Microsoft Learning Paths for Security: Unifying Malware Protection for Better Desktop Defense

PRODUCTS

- Do You Know Where Your Data Is?

- Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: St. Bernard Software

====================

If Your Internet Access is Vulnerable, So are You!

If you're not filtering Web access, you could be inviting lawsuits. Employees who download pornographic, hostile or racist material can leave you wide open to costly litigation. iPrism, the Web filtering appliance from St. Bernard, helps you enforce your Acceptable Usage Policy and avoid trouble. Download your free e-Policy Guide with AUP templates today!

http://www.stbernard.com/forms/policyhandbook/ph_ip_sp.asp?oc=576

=== IN FOCUS: Managed Services on the Rise

===========

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Managed services are growing in popularity, with the support of many network administrators. The value of managed services is clear: They offload a lot of burden from a company, saving it time and money and reducing learning curves to a nearly flat line in some cases. Plus, managed services provide the advantage of knowing someone is there watching a service 24 hours a day, even on holidays.

Because managed services are such a red hot market, consolidation is occurring at a blistering pace. The most recent movement comes from BT Group, global provider of communications solutions and managed services, which announced that it acquired Counterpane Internet Security, a provider of managed network security services. Counterpane, servicing some 550 companies, is now part of BT Global Services, a division of BT Group.

This latest acquisition comes on the heels of other recent major acquisitions and mergers. In late September 2006, SecureWorks and LURHQ merged under the SecureWorks name. Together the companies provide managed security services to an estimated 1500 clients. In late August, IBM announced that it had reached a deal to acquire Internet Security Systems (ISS) for $1.3 billion in cash. ISS, a definitive leader in software-based and hardware-based solutions, also provides managed security services.

Another managed services provider, Perimeter Internetworking, has acquired seven companies during the past several years: ANE Technologies, Red Cliff Solutions, Internet Threat Management, IRW Services, US Networks, Guarded Networks, and Breakwater Security Associates. If Perimeter wants to be acquired, its own recent acquisitions make it ripe for that possibility. Earlier this year, SurfControl acquired BlackSpider Technologies, and late last month, SurfControl announced two new managed security services offerings for Web and email protection.

The merger and acquisition trends fit with industry analyst projections for increasing interest in the overall managed services sector. In February, a spokesperson for Insight Research said, "The US managed services market will grow at a compounded rate of 22 percent over the next five years due to growth in all segments of the managed services value chain." The company also said that revenues in the market sector will grow from $34 billion in 2006 to nearly $94 billion in 2011.

"Because they can offer around-the-clock monitoring of network performance, improved application performance, and predictable service levels, managed service providers are in a unique position to expand their business in an effort to address the growth of this market," said Insight President Robert Rosenberg.

In a study commissioned by Cisco Systems, research firm Ovum said that it expects the global managed services market to reach $41.5 billion per year by 2009. The study results include predictions that by 2009, managed VPNs will account for 53 percent of the managed services market and that managed VoIP will account for the fastest growth with a 65 percent compound annual growth rate. The study also indicates that Europe, the Middle East, and Africa are adopting managed services faster than any other region, with North America being the second fastest adopter.

"More and more business customers want service providers to deploy and manage their network solutions to reduce costs and improve reliability," said Peter Hall, research director at Ovum. "Significant opportunities exist for service providers developing and delivering managed services, especially in the areas of multi-service IP VPN, IP communications, security and Metro Ethernet."

If you aren't using managed services, you might consider looking into how they could benefit your company. And if you're looking to head out on your own into the world of business start-ups, the managed services market space is a good one to look into.

=== SPONSOR: PatchLink

===============================

PatchLink and SMS: Now You Need Both. Free Report.

New Free White Paper reveals why organizations can no longer afford to choose to have one versus the other. To truly counter emerging vulnerabilities and new threats, companies now need to embrace a tandem PatchLink-SMS complementary solution. Learn why this can be a low risk, high ROI solution.

http://findtechinfo.com/penton/nl/212

=== SECURITY NEWS AND FEATURES

=======================

Image-Based Spam Increasing

Finding spam in text- and HTML-based messages is possible thanks to a variety of detection and filtering mechanisms. However, when spammers embed their message text into images, detection takes on a new level of difficulty. Secure Computing said that it sees a growing trend towards this type of message delivery.

http://www.windowsitpro.com/Article/ArticleID/94080

Vulnerabilities in Firefox 2.0, IE 7.0, Drupal, and Yahoo! Messenger

Learn about recently discovered security exposures in these popular software products.

http://www.windowsitpro.com/Article/ArticleID/94081

Security Log Collection

The growing requirement for statutory and regulatory compliance has many systems administrators scrambling for a way to manage their security logs more effectively. John Howie looks at some criteria you can use to help choose a security log management tool.

http://www.windowsitpro.com/Article/ArticleID/93330

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: Securewave

==============================

PC on a Stick: A Portable Endpoint Security Nightmare

Threats to your data don't just come from the outside - they can come from internally as well, whether a result of malicious intent or unintentional negligence. Download this free whitepaper today to learn to effectively establish and enforce security policies for all applications and devices in use on your network.

http://www.windowsitpro.com/go/whitepapers/securewave/rogueapps/?code=SECHot1108

=== GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: Long Week in the Linux Trenches

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Last week, I spent nearly every waking moment working on new Linux servers. Being predominantly a Windows guy, I'm rather pleased at my success so far, painful as it might have come.

http://www.windowsitpro.com/Article/ArticleID/94129

FAQ: Circular Logging in Exchange Server

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How do I enable circular logging for a Microsoft Exchange Server storage group?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/94059

KNOW YOUR IT SECURITY Contest

Share your security-related tips, comments, or solutions in 1000 words or less, and you could be one of 13 lucky winners of a Zune media player. Tell us how you do patch management, share a security script, or write about a security article you've read or a Webcast you've viewed. Submit your entry between now and December 13. We'll select the 13 best entries, and the winners will receive a Zune media player--plus, we'll publish the winning entries in the Windows IT Security newsletter. Email your contributions to tipswinitsec@windowsitpro.com.

Prizes are courtesy of Microsoft Learning Paths for Security:

http://www.microsoft.com/technet/security/learning

MICROSOFT LEARNING PATHS FOR SECURITY: Unifying Malware Protection for Better Desktop Defense

Ensuring end-user security can be an administrator's biggest challenge. Use these resources to find malware protection solutions to help guard against emerging threats like spyware and rootkits, as well as traditional threats such as viruses, worms, and Trojan horses. Plus, learn how Microsoft Forefront Client Security can help centralize management and provide critical visibility into threats and vulnerabilities.

http://www.microsoft.com/technet/security/learning

=== PRODUCTS

=========================================

by Renee Munshi, products@windowsitpro.com

Do You Know Where Your Data Is?

GTB Technologies introduced GTB Data at Rest Manager (GTB DARM), software that scans computers on an enterprise network and detects sensitive data that's stored outside of appropriate locations. GTB DARM uses the same detection technology as the company's GTB Inspector hardware appliance to find sensitive data even if it's heavily modified, converted to another format, extracted, compressed, or changed in other ways. GTB DARM pricing starts at $20,000, and the product is available now. For more information, go to

http://www.gttb.com

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@windowsitpro.com and get a Best Buy gift certificate.

=== RESOURCES AND EVENTS

=============================

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

No IT pro today works in a completely homogeneous environment, and with virtualization, your chances of dealing with multiple OSs is increasing. Attend TechX World--available online December 14--and find out about virtualization, OS interoperability, directory and security integration, and data interoperability. Register today for free!

http://events.unisfair.com/rt/techx?code=1108emailannc

Did you know that 75% of corporate intellectual property resides in email? The challenges facing this vital business application range from spam to the costly impact of downtime and the need for effective, centralized email storage systems. Join us for a free Web seminar and learn the key features of a holistic approach to managing email security, availability, and control. Live Event: Thursday, November 16.

http://www.windowsitpro.com/go/seminars/symantec/messagingsecurity/?partnerref=1109emailannc

BONUS: Register for any Web seminar--live or on-demand--during the month of November, and you could win a PS3! View a full list of eligible seminars at

http://www.windowsitpro.com/events/Index.cfm?Filter=webSeminars&fID=1

Information is the "I" in "IT." Do you know where your information is? Is it protected? Backed up? Download this free podcast today to find out the top 5 reasons that you should be considering storage consolidation.

http://www.windowsitpro.com/go/podcast/hp/consolidation/?code=1109emailannc

When disaster strikes your Windows, SQL Server, or Exchange servers, you need answers. Make sure that if an emergency occurs, you're prepared. Get the full eBook and get started on your recovery plan today!

http://www.windowsitpro.com/go/ebooks/neverfail/hasolutions/?code=1109emailannc

Your business, like most today, relies upon its computing systems to store financial information, house proprietary data, and maintain communications channels. This increasing reliance also increases the dangers to your systems from security breaches, including viruses, spyware, spam, and hackers. Visit the Windows Protection Site at http://www.windowsitpro.com/go/protection for the latest tips on safeguarding your system.

When disaster strikes, do you feel like you're digging for buried treasure to recover your data? Test your disaster recovery skills, and you could win! Each week we'll give away a USB flash drive to one lucky treasure hunter. You'll also be entered to win the full treasure chest, including Bose headphones! Test your skills now!

http://popquiz.windowsitpro.com/symantectreasurehunt/default.aspx

=== FEATURED WHITE PAPER

=============================

Does your business require collaboration to get projects done? If so, you're at risk for having your valuable business data accidentally transferred to outside parties. Using enterprise rights management can help mitigate this risk and allow your users to work with confidence. Learn to extend Windows Rights Management Services to protect your digital information today!

http://www.windowsitpro.com/go/whitepapers/liquidmachines/rightsmgmt/?code=1109featwp

=== ANNOUNCEMENTS

====================================

Save $40 off Windows IT Pro

Subscribe to Windows IT Pro today and SAVE $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This offer expires on November 30, 2006, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu206buw

Special Invitation for VIP Access

Become a VIP subscriber and get continuous, inside access to ALL the content published in Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters. Subscribe now and SAVE $100:

https://store.pentontech.com/index.cfm?s=1&promocode=eu276buv

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

http://www.windowsitpro.com/windowssecurity

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add Security_UPDATE@list.windowsitpro.com to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- letters@windowsitpro.com

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- products@windowsitpro.com

About your subscription -- windowsitproupdate@windowsitpro.com

About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.