Today I wanted to show just how easy it is to add AuthAnvil's strong authentication to Outlook Web Access (OWA). If your office is using Exchange and you use OWA for webmail, you might want to check out the short 5 minute video I created that demonstrates just how quickly and easily you can add protection on your own Exchange server. You can watch it here.

And of course with something like www.AuthAnvil.com, you can make that even LONGER of a period to change passphrases.

What she is eluding to is the fact that with the use of strong authentication as a requirement for all your login entry points you no longer need to change it every month (or 42 days if you are using strong Windows password policies). You can easily get away with doing it quarterly, or even longer. Its an interesting byproduct of using strong authentication... you can extend the password expiry so your users don't have to always be changing it.

We changed our own policy from 42 days to quarterly. And its working really well.

YMMV of course. Great post Susan!

Today we are releasing a whitepaper that explores the guidance of the PCI standard and demonstrates how AuthAnvil can help to reach compliance objectives.

Of course, if you have any questions about PCI DSS compliance and how AuthAnvil fits in, feel free to contact us.

If you wish to make the self service enrollment site for your AuthAnvil server be available on the Internet, check out her post on the subject.

Thanks Amy!

Today we are releasing a whitepaper that explores the total cost of ownership (TCO) associated with the use of password security to allow small and medium sized businesses to make an informed decision about the value of strong authentication systems such as AuthAnvil. We will show that the hidden costs of "free" password security actually outweigh the costs of implementing strong authentication, and offer far less protection.

This whitepaper, along with the accompanying TCO worksheet provided in Appendix A, will help you to understand the actual costs involved in password security. You can substitute your own numbers to determine if strong authentication costs and benefits outweigh those provided with password security for your business. Of course, we encourage you to contact us at any time to get a more comprehensive cost analysis based on your own unique needs.

Today I put up a HOWTO video on "Adding two-factor auth support into your own apps with AuthAnvil". Within the first 4 minutes of the 9 minute video you will see just how easy it is to wire up your apps to consume the AuthAnvil Web Service in just a few lines of code. That's right. You don't need to be an expert in strong authentication security to add the power to your own apps.

I hope you find it useful. Enjoy.

Most people use the FWDB to get their graphical daily reports, and never open the FWDB Console. But good administration of the firewall reports goes beyond pretty graphs. The goal of the FWDB is to sift through thousands upon thousands of firewall events and point you in the direction of areas you should look deeper into. Human heurisitics will always trump static analysis by a computer, and there are some interesting tools in the FWDB Console that can really help in accomplishing that.

Today I put up a HOWTO video on "Filtering firewall events in the FWDB Console". If you use the FWDB you owe it to yourself to spend 5 minutes checking out the video and seeing how you can use the powers of the filtering of the "View Firewall Events" to add in this type of analysis.

Feel free to send me feedback if you would like to discuss this feature further, or have suggestions on how you would like to see the tool updated to make your analysis easier.

Well, with the release of v1.1 came a new command line tool to do just that. Called FWDBSettings.exe, it can export existing settings directly to XML, which you can then import on any target FWDB machine (or itself of course). Want to learn more? Then check our our Video HOWTO on how to do just that.

I frequently get asked how to add the Firewall Dashboard to the SBS Server Manager. Some people don't even know, but you can ALSO add it to the ISA Management Console. WHAT?? That's right... the Firewall Dashboard can be installed ANYWHERE where MMC 2.0 snapins are allowed.

Not yet convinced? Well, check out the quick HOWTO screencast I did showing just that!

I would love some feedback on the screencast. If its something people find useful, I will do a bunch more. With Camtasia, it takes no time at all to produce these things. I think it was less than an hour to get that 4 minute piece done, and I would have to say the first 45 minutes was all about learning how to use the software. After that... it took no time to make the recording.

So drop me a line at dana@scorpionsoft.com, or log into Typekey and leave me a comment here! I look forward to hearing what you guys think!

For our Carina customers that ran a full profile on their Windows 2000 servers and included a full profile of the WINNT directory and system files, you are already protected against this vulnerability even before applying the patch (which you should do anyways). The impact is significantly reduced to a point that the worm cannot successfully install the backdoor trojan, rendering this attack useless for the following reasons:

• On exploitation Zotob tries to WRITE botzor.exe to the %systemroot% directory which is DENIED by the enforcement policy for the Windows core system.
  
• On Exploitation Zotob tries to WRITE(append) to the %systemroot%\system32\drivers\etc\hosts file, which is DENIED by the enforcement policy for the Windows core system.

On exploitation the malicious code will install a few registry keys which can be safely removed. The easiest way to do this is by using the Microsoft Windows Malicious Software Removal Tool to search for and remove the Zotob worm and its variants from your hard drive.

You can read more information about the Zotob worm from Microsoft here.

How do you do that? It's quite easy.

1. Start the Administrative Console and log on
   
2. Select the "Carina Maintenance" group
   
3. Select the "Back up your data" task
   
4. When prompted at the dialog, select:
   • Active Policy Rulesets
   • Preferences
   
   
5. Browse to store the backup on the other server (assuming a free share is available). If a share isn't available, send the file to diskette, or some other transportable media such as a USB flashkey.
   
6. Press the "Backup" button
   
7. Do a default installation of Carina on the new server
   
8. Start the Administrative Console and log on
   
9. Select the "Carina Maintenance" group
   
10. Select the "Restore an old backup" task
    
11. When prompted click "Browse" and select the backup file created earlier
    
12. Click the "Select All" button to select all data to restore
    
13. Press the "Restore" button
    
14. In the menu at the top, select Tools->Preferences->License Key
    
15. Enter in the license key for the new server
    
16. Save the key and exit.
    
17. Select the "Set Protection Mode" task
    
18. Select "IPS" Mode
    

At this point, you will have replicated the last known configuration on the previous server and activated the rules. Now in IPS mode, it is running the same protection profile as the previous server.

Only cavet is that the pathing have to be the same. Outside of that, the same protection profile will immediately be locked into the kernel, giving you immediate protection.

The System Profiler has been updated to correctly output XML to support this through the use of a CDATA member, and this fix will be available in our next release. Until then, to work around this problem you can manually edit the carinaprofiler.log file and wrap the offending data with a CDATA tag.

Example (Original Data): <src>c:\foo\fu & bar\app.exe</src>
Example (Work around): <src><![CDATA[c:\foo\fu & bar\app.exe]]></src>

Thanks to Wim Kerkhoff for reporting this bug, and providing the details to diagnose the problem.