Power User: It's all security, all the time
- By John McCormick
- Oct 08, 2003
Want to get a six- to 12-hour jump on new network security threats? Monitor Microsoft Corp.'s security bulletins directly.
Threats appear at register.microsoft.com/regsys/pic.asp
considerably faster than the notifications get e-mailed to subscribers. The security bulletins often appear late on Wednesday or early Thursday. View the full list of bulletins by going to www.gcn.com
and entering 164 in the GCN.com/box. Often the actual bulletin goes online before the list of new bulletins is updated.
Off and on for about 12 hours on Wednesdays, I try to load the next bulletin in sequence. I keep the uniform resource locator in my Internet Explorer Links list and edit the end to the next number in sequence after that of the latest posted bulletin.
Did you know you can edit addresses this way in Links, which appears under Favorites in Explorer? It's easy. Right-click on the link name, then on Properties to display the URL, and edit it in the Web Document tab that pops up.
Sometimes I see strange IP addresses trying to access my Web system. I need to know where the attempts originated to decide whether they represent an attack or just normal Web traffic. Usually I turn to a National Oceanic and Atmospheric Administration site, at www.ncdc.noaa.gov/servlets/whoami
, which will try to resolve the IP addresses to host names.
For a quick peek at the latest security threats, visit www.windowsforensics.com
, a site I'm building in my spare time. To see all current security threats, check out www.securitynewsportal.com/index.shtml
, where you'll find threat summaries from a vast array of sources with commentary and a discussion forum. This portal saves wading through dozens of subscription
e-mails each day.
IT professionals should also maintain a browser link to the SANS Institute's Internet Storm Center, at isc.incidents.org/top10.html. The site has up-to-the-minute data about port scans plus a list of the top current attack sources, broken down by IP address. Click on a port number to bring up details.
The SANS incident site also summarizes trends and incidents by continent. There are analytical links along the right-hand side. You can even configure a custom security page at portal.sans.org.
High-level managers should subscribe to the SANS e-mail bulletin summarizing the week's threats. I subscribe in case I've missed anything, but by the time the weekly bulletin arrives, its contents are pretty old.
To get a laugh out of our security woes, join the daily update mailing list from www.theregister.co.uk
. Though humorous, it's dead serious about threats. Here I first learned, for example, that Russian hackers had broken a new Symantec Corp. product activation scheme.
Dartmouth College also has a daily security summary mailing list, and instead of subscribing you can just check the day's news, at news.ists.dartmouth.edu
In this hurricane of security information, you must pick and choose your sources to avoid drowning. Maintain links to these useful sites, but check others occasionally to see whether they fit your needs better.John McCormick is a free-lance writer and computer consultant. E-mail him at [email protected].