[ISN] Security UPDATE, June 6, 2001

From: InfoSec News (isnat_private)
Date: Wed Jun 06 2001 - 20:11:13 PDT

  • Next message: security curmudgeon: "Re: [ISN] Is Military Hiding Hacks?"

    ********************
    Windows 2000 Magazine Security UPDATE--brought to you by the Windows
    2000 Magazine Network
       **Watching the Watchers**
       http://www.win2000mag.net/Channels/Security
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    McAfee ePolicy Orchestrator
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: MCAFEE EPOLICY ORCHESTRATOR ~~~~
       Managing anti-virus protection through policy can save any business
    money. A policy gives you a framework that allows you to more
    effectively update your protection - critical in the fight against
    viruses. Up-to-date protection prevents infections. And fewer infections
    means less downtime and less time spent cleaning up. A policy also gives
    you a benchmark against which to measure performance - in terms of both
    protection and infection rates. By establishing and enforcing an
    anti-virus policy, you save money where it counts the most: in the
    ongoing management of anti-virus protection. ePolicy Orchestrator is the
    best anti-virus management tool in independent tests. 
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985
    ~~~~~~~~~~~~~~~~~~~~
    
    June 6, 2001--In this issue:
    
    1. IN FOCUS
         - When Employees Leave the Firm
    
    2. SECURITY RISKS
         - Cisco WebNS Management Software Allows Unauthenticated Access 
         - Scanning Software Vulnerability Can Trigger Reload of Cisco IOS
    Configuration 
         - FTP Vulnerability in Cisco Arrowpoint Switches 
         - Denial of Service in Pi-Soft SpoonFTP Server  
    
    3. ANNOUNCEMENTS
         - Tired of the Same Old Sales Pitch?
         - Security Community for Technology Professionals
    
    4. SECURITY ROUNDUP
         - Editorial: Microsoft 'Gets' Security 
         - Review: Disk Imaging Solutions
         - Buyer's Guide: Smart Card Devices
         - Feature: Wireless Security Considerations, Part 1
    
    5. SECURITY TOOLKIT
         - Book Highlight: Hack Attacks Denied: A Complete Guide to Network
    Lockdown
         - Virus Center: VBS/LoveLetter.CM
         - FAQ: Can I Automatically Schedule Shared Resources?
         - SOHO Security: Spyware
    
    6. NEW AND IMPROVED
         - Protect Against Vulnerable Passwords
         - Mac Internet Security Utilities Move to Windows
    
    7. HOT THREADS 
         - Windows 2000 Magazine Online Forums
              Antivirus on Terminal Server
         - HowTo Mailing List
              Scheduled Task Won't Run unless Logged In
    
    8. CONTACT US
       See this section for a list of ways to contact us.
    
    1. ==== COMMENTARY ====
    
    Hello everyone,
    
    Last week, I discussed how some people feel that open-source-based
    networks are more secure than Windows-based networks, largely because of
    higher employee retention at companies with open-source platforms. I
    also discussed some factors involved in employee retention, as well as
    how poor employee retention can adversely affect a company's best
    practices. I received numerous responses to that editorial, many
    claiming that I had identified the primary reason they change jobs: lack
    of creative freedom. 
    
    In response to the claim that open-source-based networks remain more
    secure than Windows-based networks, Microsoft said in a roundabout way
    that the answer to a more secure Windows-based network is through best
    practices. When you visit Microsoft's security site at the URL below,
    you'll find several links to best practices that teach how to form
    strategies and how to monitor and secure your networks. But you won't
    find any information about how to secure your employees' participation
    in your company for any great length of time so that those practices can
    become more effective.
       http://www.microsoft.com/technet/security/bestprac.asp
    
    All companies are interested in finding and keeping good employees, and
    how they accomplish that is relative to the company's philosophies,
    budgets, and management structure, so I can't offer a lot of specific
    advice. In general, competitive pay and relative creative freedom are
    two factors that significantly affect employee retention.
    
    If keeping good employees helps reduce a company's overall security
    risks, what happens when employees do leave the company? Have you
    considered the additional security risks involved when an employee
    departs? Many employees leave a company disgruntled to some degree, and
    therein resides an often-overlooked risk: the potential for retaliation.
    
    
    Most companies develop a number of processes for bringing an employee
    into the company, but fewer companies develop adequate processes for
    exiting an employee from the company. In my opinion, these tasks are
    equally important. Does your company have employee exit procedures? Do
    you conduct exit interviews with employees as part of those procedures?
    Do you clearly state (perhaps in writing) in the exit interview when any
    or all of an employee's rights are officially terminated? 
    
    If you don't tie up such loose ends quickly, the risk associated with
    employee departure increases dramatically. A recent news story quoted
    the FBI in San Francisco as saying that at any given moment, it is
    actively working on 40 to 50 cases where disgruntled ex-employees have
    retaliated by hacking into the company network. Adequate exit procedures
    that include immediate removal of all credentials, exit interviews, and
    employee rights termination notices might help curb retaliation in many
    instances.
    
    If nothing else, exit interviews help to determine an ex-employee's
    attitude about leaving. And specifically informing employees that they
    no longer have the right to access company resources might cause them to
    think twice before giving in to any retaliation impulses. 
    
    If your company doesn't have exit procedures that include an exit
    interview, consider the need to adopt such policies. This precaution
    might save you a lot of headaches down the road. Until next time, have a
    great week.
    
    Sincerely,
    
    Mark Joseph Edwards, News Editor, markat_private
    
    2. ========== SECURITY RISKS =========
    (contributed by Mark Joseph Edwards, markat_private)
    
    * CISCO WEBNS MANAGEMENT SOFTWARE ALLOWS UNAUTHENTICATED ACCESS 
       If users bookmark the URL that the Web management interface directs
    users to after first authentication, users can access that URL anytime
    in the future without having to reauthenticate. Cisco has issued an
    advisory regarding this vulnerability. Cisco recommends that users
    running WebNS management software upgrade to versions 4.01B29s or
    4.10B17s, available through regular support channels. As a workaround,
    Cisco recommends either disabling the Web management interface on the
    switch or applying access control as specified in the documents linked
    in the Web article below.
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21332
    
    * SCANNING SOFTWARE VULNERABILITY CAN TRIGGER RELOAD OF CISCO IOS
    CONFIGURATION 
       A vulnerability exists in Cisco's Internetwork Operating System (IOS)
    that can cause a configuration reload. Security scanning software making
    a TCP connection to ports 3100-3999, 5100-5999, 7100-7999, and
    10100-10999 causes the router to unexpectedly reload at the next
    issuance of the commands "show running-config" or "write memory" or
    during the next access of the configuration file. An attacker can't
    configure Cisco IOS software to support any services that might listen
    at these port addresses or accept connections on those ports. However,
    connection attempts to these ports in the affected version can cause
    memory corruption, leading to an unexpected reload. Cisco has issued a
    notice regarding this vulnerability.
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21333
    
    * FTP VULNERABILITY IN CISCO ARROWPOINT SWITCHES 
       A user account that doesn't have administrative privileges can open
    an FTP connection to a Cisco CSS 11000 series switch and use the GET and
    PUT FTP commands with no user-level restrictions enforced. Cisco
    recommends that users running the WebNS software versions listed in the
    article at the URL (below) upgrade to versions 4.01B29s or 4.10B17s,
    available through regular support channels. As a workaround, Cisco
    recommends that users don't configure nonprivileged users on the switch,
    as the software doesn't create any by default. Cisco also recommends
    using the RESTRICT command to disable FTP access to the switch and
    applying access control to FTP users as specified in the documents
    linked in the Web article below.
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21335
    
    * DENIAL OF SERVICE IN PI-SOFT SPOONFTP SERVER  
       A Denial of Service (DoS) condition in Pi-Soft SpoonFTP 1.0.0.12 can
    let an attacker execute arbitrary code on the server. By establishing an
    FTP connection to a vulnerable server and issuing the LIST or CWD
    command, followed by 531 bytes of data or more, an attacker can cause
    the server process to crash. In most cases, the computer kills the
    process before passing any data to the stack, but the possibility still
    exists for an attacker to overwrite the code's execution instruction
    point (EIP) and execute the code. The vendor, Pi-Soft Consulting, has
    released version 1.0.0.13 to fix this vulnerability.
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21336
    
    3. ==== ANNOUNCEMENTS ====
    
    * TIRED OF THE SAME OLD SALES PITCH?     
       Now there's a better way to find the perfect IT vendor or
    solution--absolutely free! The IT Buyers Network (ITBN) lets you search
    through thousands of vendor solutions. You'll love the ITBN's one-stop
    shopping approach for hardware, network and systems software, IT
    services, and much more! Visit the ITBN today! 
       http://www.itbuynet.com
    
    * SECURITY COMMUNITY FOR TECHNOLOGY PROFESSIONALS
       Looking for a free, online resource for research and support?
    ITtoolbox Security provides information on Internet Security Protocols,
    firewalls, encryption and many other facets of security technology. With
    portals for essential technologies such as Networking, Wireless, and
    Storage, ITtoolbox is your gateway to IT knowledge. Visit soon to work
    smarter.
       http://www.ittoolbox.com/welcome.asp?site=security&sndr=win2000sec
    
    4. ========== SECURITY ROUNDUP ==========
    
    * NEWS: MICROSOFT 'GETS' SECURITY
       If the spate of recent virus scares, Web-site break-ins, and other
    security violations have taught us anything, it's that the
    interconnected future will require a more open and responsible attitude
    toward security and privacy. Although naysayers (e.g., Sun Microsystems
    CEO Scott McNealy, who last year uttered, "You gave up your privacy a
    long time ago. Get over it.") abound, securing our personal and
    corporate data is of paramount importance as we move into a .NET
    environment, and we need to plan accordingly. Find out what Microsoft is
    doing to secure its customers' information and what you can do to make
    sure you 'get' security too in Paul Thurrott's editorial on our Web
    site.
       http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20938
    
    * REVIEW: DISK-IMAGING SOLUTIONS
       Disk-imaging programs are a boon to administrators deploying PCs in
    their organization. You configure a system the way you want it, then
    copy the hard disk's contents (i.e., the image) to another system's hard
    disk so that the second system is configured the same as the first.
    Although the basics haven't changed since cloning software's inception,
    the mechanisms for copying and deploying images have become
    sophisticated. Read all about disk imaging in Ed Roth's comparative
    review on our Web site.
       http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20876
    
    * BUYER'S GUIDE: SMART CARD DEVICES
       Europeans use smart cards as prepaid phone cards, public-transit fare
    cards, and health insurance ID cards. Smart cards aren't as widely
    accepted in North America, but some organizations use them for security
    applications. Mark Weitz explains that smart cards are available in two
    forms: memory cards and microprocessor cards. Memory cards are a
    relatively inexpensive way to improve PC and network security because
    the user must present a card, a username, and a password to gain access.
    You generally use memory cards to access personal computers and
    networks, but some vendors offer cards that also let you access your
    employer's entry doors so that you don't have to carry more than one
    card.
       http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20946
    
    * FEATURE: WIRELESS SECURITY CONSIDERATIONS, PART 1
       This look at wireless security focuses on wide area wireless systems.
    Contrary to popular belief, you can secure wireless systems at levels
    that approach the security levels of Web systems. As Steve Milroy
    informs us, the four main areas that form the foundation of both wired
    and wireless secure systems are authentication, encryption,
    authorization, and nonrepudiation. Be sure to read the rest of the story
    on our Web site.
       http://www.win2000mag.com/Articles/Index.cfm?ArticleID=21226 
    
    5. ==== SECURITY TOOLKIT ====
    
    * BOOK HIGHLIGHT: HACK ATTACKS DENIED: A COMPLETE GUIDE TO NETWORK
    LOCKDOWN
       By John Chirillo
       List Price: $54.99
       Fatbrain Online Price: $43.99
       Softcover; 512 pages
       Published by John Wiley & Sons, April 2001
       ISBN 0471416258
    
    For more information or to purchase this book, go to
    http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471416258
    and enter WIN2000MAG as the discount code.
    
    * VIRUS CENTER
       Panda Software and the Windows 2000 Magazine Network have teamed to
    bring you the Center for Virus Control. Visit the site often to remain
    informed about the latest threats to your system security.
       http://www.windowsitsecurity.com/panda
    
    VIRUS ALERT: VBS/LOVELETTER.CM 
       VBS/LoveLetter.CM is a worm that uses email to carry out its
    infections. The worm arrives in email with the subject line "Where are
    you?" The message line reads "This is my pic in the beach" and contains
    an attached file called JENNIFERLOPEZ_NAKED.JPG.VBS. It appears to be a
    picture file, but in fact it's simply a VBS worm. 
       http://63.88.172.96/Panda/Index.cfm?FuseAction=Virus&VirusID=1099
    
    * FAQ: CAN I AUTOMATICALLY SCHEDULE SHARED RESOURCES?
       ( contributed by Paul Robichaux, http://www.windows2000faq.com )
       Microsoft Exchange Server lets you set up objects that can
    automatically accept or decline meeting requests. You can also set up
    objects for such things as scheduling meeting rooms or audio/visual
    (A/V) equipment so that everyone in your Global Address List (GAL) can
    easily check for times to reserve the object. However, Exchange's
    built-in shared resource functions are pretty anemic. One solution is to
    install Robert Strong's excellent AutoAccept script from the
    Exchangecode.com Web site. The script includes a lot of the
    functionality missing from standard Microsoft capabilities, letting you
    set up, manage, and automatically schedule resources without a major
    investment in time or money. (Exchangecode.com is a noncommercial Web
    site that provides free code samples and applications focusing on
    Exchange Server and Outlook.)
    
    * SOHO SECURITY: SPYWARE
       In previous articles, Jonathan Hassel described some of the security
    threats and solutions that a small office/home office (SOHO) user needs
    to consider regarding firewalls, routers, email, and backdoor programs.
    One security threat that Jonathan hasn't examined is spyware. Spyware is
    a threat to your data, and its use violates programming ethics. Loosely
    defined, spyware is software that covertly sends and receives
    information about a person or an organization without that party's
    express consent. Most frequently, spyware comes in the form of software
    that you install on your system--a component that quietly gathers
    information (e.g., usage statistics, browsing patterns, and marketing
    data) to send to the software's manufacturer or to third parties. If you
    install such software, and you're aware of the program's intended
    purpose, that software isn't spyware. 
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21272
    
    6. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * PROTECT AGAINST VULNERABLE PASSWORDS
       MDD announced Password Bouncer Standard Edition for Windows 2000/NT4,
    software that prevents users from selecting vulnerable passwords that
    hackers can easily guess. The program screens passwords through advanced
    rules and validates them against a list of more than 300,000 commonly
    compromised words and proper nouns. Password Bouncer Standard Edition
    supports Win2K and NT systems and is licensed on an annual, nonperpetual
    subscription at $995. Contact MDD at 925-831-4746.
       http://www.passwordbouncer.com
    
    * MAC INTERNET SECURITY UTILITIES MOVE TO WINDOWS
       Intego, a developer of Macintosh Internet security utilities,
    announced that its entire product line of security programs will be
    ported to Windows. The first Windows versions will be NetBarrier
    personal firewall and the ContentBarrier parental control software in
    fourth quarter 2001. NetBarrier provides three modules: Firewall,
    Antivandal, and Internet Filter to make NetBarrier a complete personal
    security solution. ContentBarrier helps parents protect their children
    by monitoring Internet usage to avoid contact with dangerous Web sites,
    chat rooms, email, newsgroups, and downloads. The program also contains
    key features to help businesses optimize their employees' productivity
    by limiting Internet access. Contact Intego at 305-868-7920.
       http://www.intego.com  
    
    7. ==== HOT THREADS ====
    
    * WINDOWS 2000 MAGAZINE ONLINE FORUMS
       http://www.win2000mag.net/forums 
    
    Featured Thread: Antivirus on Terminal Server
       (Two messages in this thread)
    
    Jason wants to know about antivirus software for a Terminal
    Server/CITRIX environment. Read the responses of others or lend a
    helping hand at the following URL:
       http://www.win2000mag.net/forums/rd.cfm?app=64&id=68947
    
    * HOWTO MAILING LIST
       http://www.windowsitsecurity.com/go/page_listserv.asp?s=HowTo
    
    Featured Thread: Scheduled Task Won't Run unless Logged In
       (Four messages in this thread)
    
    This reader is having trouble running a batch file that runs some Java
    code. As long as the person running the scheduled task is logged on to
    the server with the batch file and Java, it runs just fine, but when no
    one is logged on the task runs and the batch file executes, but the Java
    commands don't do anything. Read other responses or lend a hand at the
    following URL.
       http://63.88.172.96/go/page_listserv.asp?A2=IND0106A&L=HOWTO&P=468
    
    8. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT THE COMMENTARY -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- tfaubionat_private; please
    mention the newsletter name in the subject line.
    
    * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
    Support at securityupdateat_private
    
    * WANT TO SPONSOR Security UPDATE? emedia_oppsat_private
    
    ********************
       This weekly email newsletter is brought to you by Windows 2000
    Magazine, the leading publication for Windows 2000/NT professionals who
    want to learn more and perform better. Subscribe today.
       http://www.win2000mag.com/sub.cfm?code=wswi201x1z
    
       Receive the latest information about the Windows 2000 and Windows NT
    topics of your choice. Subscribe to our other FREE email newsletters.
       http://www.win2000mag.net/email
    
    |-+-+-+-+-+-+-+-+-+-|
    
    Thank you for reading Security UPDATE.
    
    
    http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985You are
    subscribed as isnat_private
    
    SUBSCRIBE
    To subscribe send a blank email to
    subscribe-Security_UPDATEat_private
    
    If you have questions or problems with your UPDATE subscription, please
    contact securityupdateat_private 
    ___________________________________________________________
    Copyright 2001, Penton Media, Inc.
    
    
    
    
    
    
    
    
    
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 04:15:16 PDT