In-Depth
Briefs: Intrusion detection, dynamic threat protection, and Windows Media Services patch
Enforcer flags breaches in real time; Dynamic Threat Protection 7.0 defends networks, servers, and desktops; WMS vulnerable to specially formed communications
Vanguard launches Enforcer mainframe intrusion detectionVanguard Integrity Professionals, launched its Enforcer product line—mainframe intrusion detection (IDS) and management software. Enforcer provides real-time notification of security breaches and enforces security standards, policies, and operating system settings. Any policy exceptions get flagged with a security administrator, or the software can automatically take immediate, corrective action, such as returning the machine to approved, baseline settings.
Gartner Group, notes Las Vegas-based Vanguard, estimates that 70 to 80 percent of the world's mission-critical data resides on mainframe computers, that 90 percent of the mainframes in the U.S. are connected to the Internet and 50 percent are engaged in some form of e-business—hence the business requirement for a mainframe IDS. Enforcer runs on mainframe systems and the IBM Security Server.
For more information, see http://www.go2vanguard.com.
ISS Dynamic Threat Protection Version 7.0
Internet Security Systems released version 7.0 of its Dynamic Threat Protection platform for defending networks, servers, and desktops against known and unknown threats. The new version includes improved vulnerability detection for the network with Internet Scanner 7.0 and enhanced host protection with RealSecure Server 7.0 and RealSecure Desktop 7.0.
By stopping threats in advance, of course, organizations can better prevent data damage or interrupted business operations. By collecting data from the scanner and correlating it with threat data—the protocol analysis-based protection engine relies on a security knowledge base with more than 1,700 pattern-matching algorithms—the platform helps reduce false alarms and guards against attacks. Customers also have a real-time view of their security risks, any patterns of bad behavior, as well as attack-blocking capabilities.
Product information is available at http://www.iss.net.
Vulnerability: Microsoft Windows Media Services
Microsoft Windows Media Services is a feature of Microsoft Windows 2000 Server, Advanced Server, and Datacenter Server and is also available as a downloadable version for Windows NT 4.0 Server. It contains support for delivering media content via multicast streaming. The extension that handles client logging information and processes incoming requests, nsiislog.dll, is vulnerable to specially formed communications. Ultimately, the server could stop responding after a successful attack. Windows Media Services, however, is not installed by default on Windows 2000.
Find the patch at http://www.microsoft.com/technet/security/bulletin/ms03-019.asp.
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.