******************** Windows 2000 Magazine Security UPDATE--brought to you by the Windows 2000 Magazine Network **Watching the Watchers** http://www.win2000mag.net/Channels/Security ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ McAfee ePolicy Orchestrator http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985 ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: MCAFEE EPOLICY ORCHESTRATOR ~~~~ Managing anti-virus protection through policy can save any business money. A policy gives you a framework that allows you to more effectively update your protection - critical in the fight against viruses. Up-to-date protection prevents infections. And fewer infections means less downtime and less time spent cleaning up. A policy also gives you a benchmark against which to measure performance - in terms of both protection and infection rates. By establishing and enforcing an anti-virus policy, you save money where it counts the most: in the ongoing management of anti-virus protection. ePolicy Orchestrator is the best anti-virus management tool in independent tests. http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985 ~~~~~~~~~~~~~~~~~~~~ June 6, 2001--In this issue: 1. IN FOCUS - When Employees Leave the Firm 2. SECURITY RISKS - Cisco WebNS Management Software Allows Unauthenticated Access - Scanning Software Vulnerability Can Trigger Reload of Cisco IOS Configuration - FTP Vulnerability in Cisco Arrowpoint Switches - Denial of Service in Pi-Soft SpoonFTP Server 3. ANNOUNCEMENTS - Tired of the Same Old Sales Pitch? - Security Community for Technology Professionals 4. SECURITY ROUNDUP - Editorial: Microsoft 'Gets' Security - Review: Disk Imaging Solutions - Buyer's Guide: Smart Card Devices - Feature: Wireless Security Considerations, Part 1 5. SECURITY TOOLKIT - Book Highlight: Hack Attacks Denied: A Complete Guide to Network Lockdown - Virus Center: VBS/LoveLetter.CM - FAQ: Can I Automatically Schedule Shared Resources? - SOHO Security: Spyware 6. NEW AND IMPROVED - Protect Against Vulnerable Passwords - Mac Internet Security Utilities Move to Windows 7. HOT THREADS - Windows 2000 Magazine Online Forums Antivirus on Terminal Server - HowTo Mailing List Scheduled Task Won't Run unless Logged In 8. CONTACT US See this section for a list of ways to contact us. 1. ==== COMMENTARY ==== Hello everyone, Last week, I discussed how some people feel that open-source-based networks are more secure than Windows-based networks, largely because of higher employee retention at companies with open-source platforms. I also discussed some factors involved in employee retention, as well as how poor employee retention can adversely affect a company's best practices. I received numerous responses to that editorial, many claiming that I had identified the primary reason they change jobs: lack of creative freedom. In response to the claim that open-source-based networks remain more secure than Windows-based networks, Microsoft said in a roundabout way that the answer to a more secure Windows-based network is through best practices. When you visit Microsoft's security site at the URL below, you'll find several links to best practices that teach how to form strategies and how to monitor and secure your networks. But you won't find any information about how to secure your employees' participation in your company for any great length of time so that those practices can become more effective. http://www.microsoft.com/technet/security/bestprac.asp All companies are interested in finding and keeping good employees, and how they accomplish that is relative to the company's philosophies, budgets, and management structure, so I can't offer a lot of specific advice. In general, competitive pay and relative creative freedom are two factors that significantly affect employee retention. If keeping good employees helps reduce a company's overall security risks, what happens when employees do leave the company? Have you considered the additional security risks involved when an employee departs? Many employees leave a company disgruntled to some degree, and therein resides an often-overlooked risk: the potential for retaliation. Most companies develop a number of processes for bringing an employee into the company, but fewer companies develop adequate processes for exiting an employee from the company. In my opinion, these tasks are equally important. Does your company have employee exit procedures? Do you conduct exit interviews with employees as part of those procedures? Do you clearly state (perhaps in writing) in the exit interview when any or all of an employee's rights are officially terminated? If you don't tie up such loose ends quickly, the risk associated with employee departure increases dramatically. A recent news story quoted the FBI in San Francisco as saying that at any given moment, it is actively working on 40 to 50 cases where disgruntled ex-employees have retaliated by hacking into the company network. Adequate exit procedures that include immediate removal of all credentials, exit interviews, and employee rights termination notices might help curb retaliation in many instances. If nothing else, exit interviews help to determine an ex-employee's attitude about leaving. And specifically informing employees that they no longer have the right to access company resources might cause them to think twice before giving in to any retaliation impulses. If your company doesn't have exit procedures that include an exit interview, consider the need to adopt such policies. This precaution might save you a lot of headaches down the road. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor, markat_private 2. ========== SECURITY RISKS ========= (contributed by Mark Joseph Edwards, markat_private) * CISCO WEBNS MANAGEMENT SOFTWARE ALLOWS UNAUTHENTICATED ACCESS If users bookmark the URL that the Web management interface directs users to after first authentication, users can access that URL anytime in the future without having to reauthenticate. Cisco has issued an advisory regarding this vulnerability. Cisco recommends that users running WebNS management software upgrade to versions 4.01B29s or 4.10B17s, available through regular support channels. As a workaround, Cisco recommends either disabling the Web management interface on the switch or applying access control as specified in the documents linked in the Web article below. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21332 * SCANNING SOFTWARE VULNERABILITY CAN TRIGGER RELOAD OF CISCO IOS CONFIGURATION A vulnerability exists in Cisco's Internetwork Operating System (IOS) that can cause a configuration reload. Security scanning software making a TCP connection to ports 3100-3999, 5100-5999, 7100-7999, and 10100-10999 causes the router to unexpectedly reload at the next issuance of the commands "show running-config" or "write memory" or during the next access of the configuration file. An attacker can't configure Cisco IOS software to support any services that might listen at these port addresses or accept connections on those ports. However, connection attempts to these ports in the affected version can cause memory corruption, leading to an unexpected reload. Cisco has issued a notice regarding this vulnerability. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21333 * FTP VULNERABILITY IN CISCO ARROWPOINT SWITCHES A user account that doesn't have administrative privileges can open an FTP connection to a Cisco CSS 11000 series switch and use the GET and PUT FTP commands with no user-level restrictions enforced. Cisco recommends that users running the WebNS software versions listed in the article at the URL (below) upgrade to versions 4.01B29s or 4.10B17s, available through regular support channels. As a workaround, Cisco recommends that users don't configure nonprivileged users on the switch, as the software doesn't create any by default. Cisco also recommends using the RESTRICT command to disable FTP access to the switch and applying access control to FTP users as specified in the documents linked in the Web article below. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21335 * DENIAL OF SERVICE IN PI-SOFT SPOONFTP SERVER A Denial of Service (DoS) condition in Pi-Soft SpoonFTP 1.0.0.12 can let an attacker execute arbitrary code on the server. By establishing an FTP connection to a vulnerable server and issuing the LIST or CWD command, followed by 531 bytes of data or more, an attacker can cause the server process to crash. In most cases, the computer kills the process before passing any data to the stack, but the possibility still exists for an attacker to overwrite the code's execution instruction point (EIP) and execute the code. The vendor, Pi-Soft Consulting, has released version 1.0.0.13 to fix this vulnerability. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21336 3. ==== ANNOUNCEMENTS ==== * TIRED OF THE SAME OLD SALES PITCH? Now there's a better way to find the perfect IT vendor or solution--absolutely free! The IT Buyers Network (ITBN) lets you search through thousands of vendor solutions. You'll love the ITBN's one-stop shopping approach for hardware, network and systems software, IT services, and much more! Visit the ITBN today! http://www.itbuynet.com * SECURITY COMMUNITY FOR TECHNOLOGY PROFESSIONALS Looking for a free, online resource for research and support? ITtoolbox Security provides information on Internet Security Protocols, firewalls, encryption and many other facets of security technology. With portals for essential technologies such as Networking, Wireless, and Storage, ITtoolbox is your gateway to IT knowledge. Visit soon to work smarter. http://www.ittoolbox.com/welcome.asp?site=security&sndr=win2000sec 4. ========== SECURITY ROUNDUP ========== * NEWS: MICROSOFT 'GETS' SECURITY If the spate of recent virus scares, Web-site break-ins, and other security violations have taught us anything, it's that the interconnected future will require a more open and responsible attitude toward security and privacy. Although naysayers (e.g., Sun Microsystems CEO Scott McNealy, who last year uttered, "You gave up your privacy a long time ago. Get over it.") abound, securing our personal and corporate data is of paramount importance as we move into a .NET environment, and we need to plan accordingly. Find out what Microsoft is doing to secure its customers' information and what you can do to make sure you 'get' security too in Paul Thurrott's editorial on our Web site. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20938 * REVIEW: DISK-IMAGING SOLUTIONS Disk-imaging programs are a boon to administrators deploying PCs in their organization. You configure a system the way you want it, then copy the hard disk's contents (i.e., the image) to another system's hard disk so that the second system is configured the same as the first. Although the basics haven't changed since cloning software's inception, the mechanisms for copying and deploying images have become sophisticated. Read all about disk imaging in Ed Roth's comparative review on our Web site. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20876 * BUYER'S GUIDE: SMART CARD DEVICES Europeans use smart cards as prepaid phone cards, public-transit fare cards, and health insurance ID cards. Smart cards aren't as widely accepted in North America, but some organizations use them for security applications. Mark Weitz explains that smart cards are available in two forms: memory cards and microprocessor cards. Memory cards are a relatively inexpensive way to improve PC and network security because the user must present a card, a username, and a password to gain access. You generally use memory cards to access personal computers and networks, but some vendors offer cards that also let you access your employer's entry doors so that you don't have to carry more than one card. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20946 * FEATURE: WIRELESS SECURITY CONSIDERATIONS, PART 1 This look at wireless security focuses on wide area wireless systems. Contrary to popular belief, you can secure wireless systems at levels that approach the security levels of Web systems. As Steve Milroy informs us, the four main areas that form the foundation of both wired and wireless secure systems are authentication, encryption, authorization, and nonrepudiation. Be sure to read the rest of the story on our Web site. http://www.win2000mag.com/Articles/Index.cfm?ArticleID=21226 5. ==== SECURITY TOOLKIT ==== * BOOK HIGHLIGHT: HACK ATTACKS DENIED: A COMPLETE GUIDE TO NETWORK LOCKDOWN By John Chirillo List Price: $54.99 Fatbrain Online Price: $43.99 Softcover; 512 pages Published by John Wiley & Sons, April 2001 ISBN 0471416258 For more information or to purchase this book, go to http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471416258 and enter WIN2000MAG as the discount code. * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.windowsitsecurity.com/panda VIRUS ALERT: VBS/LOVELETTER.CM VBS/LoveLetter.CM is a worm that uses email to carry out its infections. The worm arrives in email with the subject line "Where are you?" The message line reads "This is my pic in the beach" and contains an attached file called JENNIFERLOPEZ_NAKED.JPG.VBS. It appears to be a picture file, but in fact it's simply a VBS worm. http://63.88.172.96/Panda/Index.cfm?FuseAction=Virus&VirusID=1099 * FAQ: CAN I AUTOMATICALLY SCHEDULE SHARED RESOURCES? ( contributed by Paul Robichaux, http://www.windows2000faq.com ) Microsoft Exchange Server lets you set up objects that can automatically accept or decline meeting requests. You can also set up objects for such things as scheduling meeting rooms or audio/visual (A/V) equipment so that everyone in your Global Address List (GAL) can easily check for times to reserve the object. However, Exchange's built-in shared resource functions are pretty anemic. One solution is to install Robert Strong's excellent AutoAccept script from the Exchangecode.com Web site. The script includes a lot of the functionality missing from standard Microsoft capabilities, letting you set up, manage, and automatically schedule resources without a major investment in time or money. (Exchangecode.com is a noncommercial Web site that provides free code samples and applications focusing on Exchange Server and Outlook.) * SOHO SECURITY: SPYWARE In previous articles, Jonathan Hassel described some of the security threats and solutions that a small office/home office (SOHO) user needs to consider regarding firewalls, routers, email, and backdoor programs. One security threat that Jonathan hasn't examined is spyware. Spyware is a threat to your data, and its use violates programming ethics. Loosely defined, spyware is software that covertly sends and receives information about a person or an organization without that party's express consent. Most frequently, spyware comes in the form of software that you install on your system--a component that quietly gathers information (e.g., usage statistics, browsing patterns, and marketing data) to send to the software's manufacturer or to third parties. If you install such software, and you're aware of the program's intended purpose, that software isn't spyware. http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21272 6. ==== NEW AND IMPROVED ==== (contributed by Judy Drennen, productsat_private) * PROTECT AGAINST VULNERABLE PASSWORDS MDD announced Password Bouncer Standard Edition for Windows 2000/NT4, software that prevents users from selecting vulnerable passwords that hackers can easily guess. The program screens passwords through advanced rules and validates them against a list of more than 300,000 commonly compromised words and proper nouns. Password Bouncer Standard Edition supports Win2K and NT systems and is licensed on an annual, nonperpetual subscription at $995. Contact MDD at 925-831-4746. http://www.passwordbouncer.com * MAC INTERNET SECURITY UTILITIES MOVE TO WINDOWS Intego, a developer of Macintosh Internet security utilities, announced that its entire product line of security programs will be ported to Windows. The first Windows versions will be NetBarrier personal firewall and the ContentBarrier parental control software in fourth quarter 2001. NetBarrier provides three modules: Firewall, Antivandal, and Internet Filter to make NetBarrier a complete personal security solution. ContentBarrier helps parents protect their children by monitoring Internet usage to avoid contact with dangerous Web sites, chat rooms, email, newsgroups, and downloads. The program also contains key features to help businesses optimize their employees' productivity by limiting Internet access. Contact Intego at 305-868-7920. http://www.intego.com 7. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums Featured Thread: Antivirus on Terminal Server (Two messages in this thread) Jason wants to know about antivirus software for a Terminal Server/CITRIX environment. Read the responses of others or lend a helping hand at the following URL: http://www.win2000mag.net/forums/rd.cfm?app=64&id=68947 * HOWTO MAILING LIST http://www.windowsitsecurity.com/go/page_listserv.asp?s=HowTo Featured Thread: Scheduled Task Won't Run unless Logged In (Four messages in this thread) This reader is having trouble running a batch file that runs some Java code. As long as the person running the scheduled task is logged on to the server with the batch file and Java, it runs just fine, but when no one is logged on the task runs and the batch file executes, but the Java commands don't do anything. Read other responses or lend a hand at the following URL. http://63.88.172.96/go/page_listserv.asp?A2=IND0106A&L=HOWTO&P=468 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT THE COMMENTARY -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- tfaubionat_private; please mention the newsletter name in the subject line. * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer Support at securityupdateat_private * WANT TO SPONSOR Security UPDATE? emedia_oppsat_private ******************** This weekly email newsletter is brought to you by Windows 2000 Magazine, the leading publication for Windows 2000/NT professionals who want to learn more and perform better. Subscribe today. http://www.win2000mag.com/sub.cfm?code=wswi201x1z Receive the latest information about the Windows 2000 and Windows NT topics of your choice. Subscribe to our other FREE email newsletters. http://www.win2000mag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985You are subscribed as isnat_private SUBSCRIBE To subscribe send a blank email to subscribe-Security_UPDATEat_private If you have questions or problems with your UPDATE subscription, please contact securityupdateat_private ___________________________________________________________ Copyright 2001, Penton Media, Inc. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 04:15:16 PDT