******************** Windows 2000 Magazine Security UPDATE--brought to you by the Windows 2000 Magazine Network **Watching the Watchers** http://www.win2000mag.net/Channels/Security ******************** >>>> THIS ISSUE SPONSORED BY <<<< Your Mail is Safe with UltraBac http://www.ultrabac.com/default.asp?src=SecUpdateMay2301&tgt=./ ~~~~~~~~~~~~~~~~~~~~ >>>> SPONSOR: YOUR MAIL IS SAFE WITH ULTRABAC <<<< "In a perfect world we never worry about backups because computers never have problems. As we all know that is not the case. Backups are very important to keep operational. DCS Netlink is an Internet and Network service provider offering many services and using backup software such as UltraBac is a very essential part of our operation", says Netlink's Backup Administrator Steven Gibbons. "Just recently our mail server, which provides hundreds of mail accounts, went down. We were able to completely rebuild and get the mail server up and running within two hours without losing any mail." Download New v6.3, Visit http://www.ultrabac.com/default.asp?src=SecUpdateMay2301&tgt=./ ~~~~~~~~~~~~~~~~~~~~ May 23, 2001--In this issue: 1. IN FOCUS - Who Are You? 2. SECURITY RISKS - IE Allows Spoofing of Trusted Web Sites - Netscape Enterprise Server Allows Remote Command Execution - IIS Might Allow Remote Command Execution - Carello E-Commerce Server Allows Remote Command Execution 3. ANNOUNCEMENTS - We're Watching Out for You! - Need Help with Your Storage Investment? 4. SECURITY ROUNDUP - News: New Worm Purports to be Email from Symantec - News: Visa Makes E-Commerce Safer with Passwords and Smart Cards - Review: Sygate Enterprise Network - Editorial: Where the Real Monopoly Is 5. HOT RELEASE (ADVERTISEMENT) - Microsoft ISA Server 2000 6. SECURITY TOOLKIT - Book Highlight: IPSec: Securing VPNs - Virus Center - FAQ: Why Can't I Create a Kerberos-based Trust Between Two Domains in Different Forests? - SOHO Security: Good Things Come in Small Packages 7. NEW AND IMPROVED - Fingerprint Recognition for Computer Systems - Interoperable and Scalable Security Solutions 8. FEATURED THREAD - Windows 2000 Magazine Online Forums Disable Access Depending on the IP Address 9. CONTACT US See this section for a list of ways to contact us. 1. ==== IN FOCUS ==== Hello everyone, Now and then we evaluate the Security UPDATE audience to determine who you are and what your informational needs might be. Your input toward these ends has been invaluable in the past, and it's time again for us to reassess. So this week, I'd like to request that you visit our Web site and send us your comments. http://www.windowsitsecurity.com/Articles/Index.cfm?Action=Comments&ArticleID=21213 In particular, we're interested in the following information: 1. What size is the organization you work in? 2. What are your job responsibilities? 3. What type of network do you have, and what OSs do you support? 4. Do you support telecommuters or perhaps numerous small offices? 5. What type of information do you need or want: news, features, product reviews, how-to articles, or editorial commentary? And what specific topics would you like to see us cover? 6. Would you prefer to see Security UPDATE in HTML or text format (or a choice of either)? 7. Do you prefer to have all the content in the e-newsletter or a summary-and-link approach? The information you provide will help us better tailor the material we present in this newsletter and on our Windows IT Security Web site. Our publications are reader-driven, so your input is vital and very much appreciated--you can even respond anonymously if you prefer. So please take a few minutes to tell us about yourself and your information needs. If you have comments about other ways we can improve our newsletter or Web site, or perhaps just comments in general, send those thoughts as well. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor (markat_private) 2. ========== SECURITY RISKS ========= (contributed by Mark Joseph Edwards, markat_private) * IE ALLOWS SPOOFING OF TRUSTED WEB SITES Two newly discovered vulnerabilities in Microsoft Internet Explorer (IE) 5.01 and 5.5 let an attacker spoof trusted Web sites. The first vulnerability involves how IE validates digital certificates sent from Web servers. The second vulnerability can let a Web page display the URL from a different Web site in the IE address bar. Microsoft has released a patch and FAQ and will make article Q295106 available online soon. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21178 * NETSCAPE ENTERPRISE SERVER ALLOWS REMOTE COMMAND EXECUTION A vulnerability in the Netscape Enterprise Server 4.1 for Windows NT Web Publisher can give an attacker system-level shell access on the server. By sending a large buffer containing executable code and a new instruction pointer, an attacker can gain remote system-level shell access to the vulnerable server. The vendor, iPlanet, acknowledges this vulnerability and has released a patch. iPlanet further recommends that users apply Service Pack 8 (SP8) when iPlanet makes it available. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21179 * IIS MIGHT ALLOW REMOTE COMMAND EXECUTION Nsfocus discovered three vulnerabilities in Microsoft's IIS 4.0 and 5.0 that can lead to a Denial of Service (DoS) attack, remote code execution, and information disclosure. Microsoft has released an FAQ, patch, and articles Q293826, Q295534, Q294370, and Q288855 to address these matters. http://www.windowsitsecurity.com/articles/index.cfm?articleID=21101 * CARELLO E-COMMERCE SERVER ALLOWS REMOTE COMMAND EXECUTION Peter Grundl discovered that a vulnerability in Carello E-Commerce Server 1.2.1 for Windows NT lets an attacker use the System Security context to run programs located on the server. The carello.dll uses full physical paths to execute its scripts instead of paths relative to the Web root. Then vendor has released version 1.3, which corrects this problem. http://www.windowsitsecurity.com/articles/index.cfm?articleID=21102 3. ==== ANNOUNCEMENTS ==== * WE'RE WATCHING OUT FOR YOU! While you're busy doing your job, someone is out there preparing to unleash a nasty virus. That's why Panda Software and the Windows 2000 Magazine Network have launched the Center for Virus Control. Find out which viruses could threaten your systems when you're not looking. Check it out! http://www.windowsitsecurity.com/Panda/Index.cfm * NEED HELP WITH YOUR STORAGE INVESTMENT? Planning and managing your storage deployment can be costly and complex. Check out our new online Storage Administration Channel for the latest advice, news, and tips to help you make the most of your storage investment. You'll find eye-opening articles, white papers, a technical forum, and much more! http://www.win2000mag.net/channels/storage 4. ==== SECURITY ROUNDUP ==== * NEWS: NEW WORM PURPORTS TO BE EMAIL FROM SYMANTEC A new worm, called Hard.A, has been discovered that arrives in a spoofed email and appears to be a message from Symantec, a leading antivirus software vendor. The message subject reads "Symantec Anti-Virus Warning," and the message itself contains a file attachment (www.symantec.com.vbs) that, among other things, triggers the worm each November 24. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21081 * NEWS: VISA MAKES E-COMMERCE SAFER WITH PASSWORDS AND SMART CARDS Visa International is offering its new Payer Authentication Service (PAS) to banks as a way to curb e-commerce-related fraud. By using a realtime password authentication mechanism, PAS helps banks verify a card user's identity more effectively. Arcot Systems announced its support for PAS, which is based on Arcot's TransFort product. TransFort authenticates and digitally signs transactions in realtime to provide nonrepudiation of online transactions. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21122 * REVIEW: SYGATE ENTERPRISE NETWORK Personal firewalls are becoming more commonplace in enterprise networks. However, ensuring quality centralized management for these firewalls is a challenge when you roll out such technology. Sygate Technologies' Sygate Enterprise Network is an admirable solution: a centrally managed distributed personal firewall product that you can integrate with and scale to a network of almost any size. Read all about it in the review on our Web site. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20391 * EDITORIAL: WHERE THE REAL MONOPOLY IS Microsoft Office XP aptly demonstrates what we knew all along: The Department of Justice (DOJ) was wrong in prosecuting Microsoft over its browser; the company's real monopoly is in Office. Office XP embraces two of the most user-unfriendly concepts the industry has seen since Lotus attempted to add copy protection to Lotus 1-2-3: a subscription-based licensing option and forced registration. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20711 5. ==== HOT RELEASE (ADVERTISEMENT) ===== * MICROSOFT ISA SERVER 2000 ICSA Labs-certified, ISA Server provides packet/circuit/ application-layer filtering, integrated intrusion detection, stateful inspection, and granular, policy-based access control. Integration with Windows 2000 VPN, QoS, and Active Directory makes secure, enterprise-class Internet connectivity easy-to-manage. Free 120-day evaluation. http://www.win2000mag.com/jump.cfm?ID=157 6. ==== SECURITY TOOLKIT ==== * BOOK HIGHLIGHT: IPSEC: SECURING VPNS By Carlton R. Davis List Price: $49.99 Fatbrain Online Price: $39.99 Softcover; 404 pages Published by McGraw-Hill Professional Book Group, April 2001 ISBN 0072127570 For more information or to purchase this book, go to http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0072127570 and enter WIN2000MAG as the discount code when you order the book. * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.windowsitsecurity.com/panda * FAQ: WHY CAN'T I CREATE A KERBEROS-BASED TRUST BETWEEN TWO DOMAINS IN DIFFERENT FORESTS? ( contributed by http://www.windows2000faq.com ) When you manually create trusts, you can select one of two authentication protocols. Kerberos V5 authentication protocol is the default authentication service for Windows 2000. You use Kerberos V5 to verify the identity of a user or host. This protocol is used for trusts between domains in a tree and between the root domains in a forest. The NT LAN Manager (NTLM) authentication protocol is the default for network authentication in Windows NT 4.0 and earlier; Win2K supports NTLM, but not as the default. NTLM is a challenge/response authentication protocol. A transitive Kerberos-based trust links domains within a forest. Thus, when you create a trust between two domains in different forests, you can select only NTLM because Kerberos isn't available for cross-forest trust relationships. This limitation isn't a Kerberos one, but a limitation of the Microsoft implementation. If you use a third-party Kerberos implementation (e.g., MIT), you can use Kerberos for cross-forest trusts. * SOHO SECURITY: GOOD THINGS COME IN SMALL PACKAGES After reviewing and testing a computer product, Jonathan Hassel often can't say that he would use the product in his own small office/home office (SOHO). Not many products show clear innovation, are designed with the end-user in mind, or offer seamless compatibility with other products. However, the Linksys Instant Broadband Cable/DSL Router series is one of the few exceptions. Learn all about it in Jonathan's latest column on our Web site. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21053 7. ==== NEW AND IMPROVED ==== (contributed by Judy Drennen, productsat_private) * FINGERPRINT RECOGNITION FOR COMPUTER SYSTEMS Guardware Systems released a biosensor that has been patented for use in the United States. Biosensor recognizes and rejects finger surrogates with which intruders might try to compromise a system. Fingerprint recognition is an effective and secure alternative to passwords for access to computer systems and data because each fingerprint is unique. Reliable living finger detection is a crucial feature of a high-end fingerprint recognition system. For more information, go to Guardware Systems' Web site. http://www.guardwaresystems.com * INTEROPERABLE AND SCALABLE SECURITY SOLUTIONS Aladdin Knowledge Systems announced eSafe Gateway 3.02 and eSafe Mail solutions. eSafe Gateway 3.02 offers OPSEC compatibility with the addition of built-in CVP interface. eSafe Mail is a scalable content security application that provides a clean flow of email, safe from vandals, viruses, Trojans, worms, scripts, and other malicious content. eSafe Mail can operate as a standalone SMTP mail relay, or you can install it on Exchange 2000 and 5.5 mail servers. Information about these solutions is available on Aladdin's Web site. http://www.ealaddin.com/esafe/ 8. ==== FEATURED THREAD ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums * FEATURED THREAD: DISABLE ACCESS DEPENDING ON THE IP ADDRESS Hubert Ming wants to know how to deny access to his Windows 2000 domain controller (DC) to all IP addresses outside the subnet of his DC. Read the responses of others or lend a helping hand at the following URL: http://www.win2000mag.net/forums/rd.cfm?app=64&id=67207 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT THE COMMENTARY -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- tfaubionat_private; please mention the newsletter name in the subject line. * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer Support at securityupdateat_private * WANT TO SPONSOR Security UPDATE? emedia_oppsat_private ******************** This weekly email newsletter is brought to you by Windows 2000 Magazine, the leading publication for Windows 2000/NT professionals who want to learn more and perform better. Subscribe today. http://www.win2000mag.com/sub.cfm?code=wswi201x1z Receive the latest information about the Windows 2000 and Windows NT topics of your choice. Subscribe to our other FREE email newsletters. http://www.win2000mag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe send a blank email to subscribe-Security_UPDATEat_private If you have questions or problems with your UPDATE subscription, please contact securityupdateat_private ___________________________________________________________ Copyright 2001, Penton Media, Inc. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 00:30:59 PDT