[ISN] Security UPDATE, August 15, 2001

From: InfoSec News (isnat_private)
Date: Wed Aug 15 2001 - 23:04:56 PDT

  • Next message: InfoSec News: "[ISN] Vulnerability found in HDCP, but scientist cannot publish vulnerability."

    ********************
    Windows 2000 Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows 2000 and NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    BindView Corporation
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.1.532985
    
    Ultimate Hacking: Hands On - NT/2000 Security
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.3.532985
       (below SECURITY RISKS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ BINDVIEW CORPORATION ~~~~
       Security is the key issue in today's interconnected world and
    BindView is right on top of it with a new, highly informative eBook, The
    Definitive Guide to Windows 2000 Security. This eBook covers all the
    bases of a comprehensive security methodology for your Microsoft Windows
    2000 environment. It's heavy into the detail of what goes into a great
    IT security system, and is specifically geared for Windows 2000
    platforms. Written by Paul Cooke, an Information Security professional
    with more than 10 years' experience developing and deploying security
    solutions, the tips, tricks, and info packed into this volume are
    priceless! Get it FREE at
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.1.532985
    
    ********************
    
    August 15, 2001--In this issue:
    
    1. COMMENTARY
         - 802.11 Wireless Networks: Is Yours Really Safe?
    
    2. SECURITY RISKS
         - Internal IP Address Disclosure in IIS SSL
    
    3. ANNOUNCEMENTS
         - What Key Weapon Is Missing from Your Security Arsenal?
         - Visit the New Connected Home Web Site!
    
    4. SECURITY ROUNDUP
         - News: Code Red Reveals New Security Hole in IIS
         - News: Microsoft Releases Post-SP6a Security Rollup Package
         - News: Vigilinx Joins RSA Secured Partner Program
         - News: Riptech Expands Operations
         - Feature: Exchange 2000 SP1 Adds New Functionality to the
    Migration Wizard
    
    5. HOT RELEASES (ADVERTISEMENTS)
         - CyberwallPLUS Server Resident Security
         - Sponsored by Thawte
    
    6. SECURITY TOOLKIT
         - Book Highlight: Surviving Security: How to Integrate People,
    Process and Technology
         - Virus Center 
             - Virus Alert: Win2K/Stream
         - FAQ: How Do I Enable and Disable Windows XP's System Restore
    Feature? 
    
    7. NEW AND IMPROVED
         - Security System
         - Close Security Holes
    
    8. HOT THREADS
         - Windows 2000 Magazine Online Forums
             - Featured Thread: Installing IIS for a Standalone Certificate
    Server
         - HowTo Mailing List 
             - Featured Thread: Trouble with Network Authentication on
    Laptops
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    1. ==== COMMENTARY ====
    
    Hello everyone,
    
    Do you use an 802.11-based wireless LAN? If so, are you aware of several
    security problems in the Wired Equivalent Privacy (WEP) protocol (used
    in 802.11-based wireless LANs) that can compromise your network? WEP is
    part of the IEEE 802.11 standard and uses the RC4 encryption algorithm
    with a 40-bit key to encrypt network traffic. During the past several
    months, we've published two stories about vendor support for WEP and two
    stories about several WEP protocol security risks--see the URL below to
    locate the stories. Recently, researchers have discovered two more
    security problems that let attackers easily crack WEP's RC4 encryption
    keys.
       http://63.88.172.128/security/query.html?col=security&qt=wep
    
    Three researchers (Scott Fluhrer, Istak Mantin, and Adi Shamir)
    published "Weakness in the Key Scheduling Algorithm of RC4" (linked
    below), a paper which the three men say proves that "RC4 is completely
    insecure in a common mode of operation which is used in the widely
    deployed [WEP] protocol." The document outlines two vulnerabilities. The
    first vulnerability stems from the fact that a small number of secret
    encryption key bits determine a large number of subsequent key
    permutation bits. An intruder can use the second weakness to determine
    the secret part of a key by analyzing particular aspects of encryption
    key streams. 
       http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
    
    Although the paper is very technical--people without a significant
    understanding of cryptography and mathematics might find the paper
    difficult to comprehend--it reminds us not to depend on only one
    security method. If you rely on WEP to protect sensitive
    wireless-network traffic, you're a sitting duck. Until the IEEE adopts
    revamped encryption specifications for the 802.11 standard (which it's
    in the process of doing), we can't depend on the standard to offer any
    significant information security.
    
    Exploits exist already for some of the WEP vulnerabilities--don't think
    that cracking your wireless LAN takes a rocket scientist. For example,
    over the weekend, Anton Rager posted Perl scripts (available at the URL
    below) to the BugTraq mailing list that help demonstrate and validate
    the claims the three researchers make in the paper. The code base
    functionality is limited but clearly proves that penetrating WEP-based
    network security doesn't take much effort.
       http://sourceforge.net/projects/wepcrack
    
    Although protecting your WEP-enabled network against intrusion isn't
    difficult, it does take some effort. One of the most effective security
    measures you can take is to implement a VPN between all systems that
    communicate over the wireless network. This setup means that if you have
    WEP enabled on your wireless LAN and an intruder subsequently cracks WEP
    on your LAN, then any underlying VPN protocols will still probably
    protect your network. It's also a good idea use a media access control
    (MAC) address to restrict access to your wireless network hubs. This
    configuration ensures that only authorized network cards can communicate
    on your wireless network. 
    
    If you need another reason to better protect your wireless LANs,
    remember that wireless LANs operate based on radio technology, and radio
    signals often stray well beyond their intended boundaries. For example,
    take a laptop computer with an 802.11-based wireless network card,
    configure the machine to run a DHCP client, and take the laptop with you
    as you drive around heavily populated business districts or walk around
    inside large office buildings. You might be surprised to find a few
    wireless LANs are wide open to the public. If you don't guard against
    unknown wireless connections, someone will use your wireless network
    without your knowledge--and who knows what kind of trouble that can lead
    to? 
    
    Before I sign off this week, I want to remind you to patch all your
    systems--especially laptops--to protect them from the Code Red worms. Be
    sure to review our article related to Microsoft security bulletin
    MS01-033 (see the URL below for details). I mention this warning again
    because many companies have overlooked patching their laptops. Some
    laptops have Microsoft Internet Information Services (IIS) 5.0 running
    on top of Windows 2000 Professional, and as you know, IIS 5.0 is
    vulnerable to Code Red. When these unpatched laptops connect to the
    Internet using a connection outside the company's protected internal
    LAN, they become vulnerable to Code Red infection. A Code Red-infected
    system can spread the worm back into a company's internal LAN when a
    user reconnects the system to the LAN. So be sure to patch your
    Win2K-based laptop systems.
       http://www.WindowsITsecurity.com/articles/index.cfm?articleid=21503
    
    Until next time, have a great week.
    
    Sincerely,
    
    Mark Joseph Edwards, News Editor, markat_private
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * INTERNAL IP ADDRESS DISCLOSURE IN IIS SSL
       By connecting manually to Secure Sockets Layer (SSL) TCP port 443
    using OpenSSL or a similar tool, an attacker can obtain the internal IP
    address or NetBIOS name of the Web server. The attacker can exploit the
    vulnerability by using an HTTP/1.1 GET request instead of an HTTP/1.0
    GET request. Microsoft has not released a fix or workaround for this
    problem.
       http://www.WindowsITsecurity.com/articles/index.cfm?articleid=22095
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ ULTIMATE HACKING: HANDS ON  NT/2000 SECURITY ~~~~
       If you're running a Windows network, then this is the intensive 3-day
    course with everything a hacker knows...that you'll need to know! Our
    hands-on class, based on real world consultant experience and
    Foundstone's best-seller "Hacking Exposed," provides a dynamic
    environment to learn this security knowledge. As a Specialist in
    Microsoft's Security Services Partner Program, Foundstone knows hacking,
    security and Microsoft. Register now for the class in New York City,
    September 25-27, and Irvine, California, December 11-13. 
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.3.532985
    
    ~~~~~~~~~~~~~~~~~~~~
    
    3. ==== ANNOUNCEMENTS ====
    
    * WHAT KEY WEAPON IS MISSING FROM YOUR SECURITY ARSENAL?
       The best IT security defense starts with a subscription to Security
    Administrator. Each month, this print newsletter delivers detailed
    instructions to help make your Windows 2000/NT environment more tamper
    resistant. Get in-depth information on configuring a secure firewall,
    setting up group policies, and much more. Subscribe today--before it's
    too late! 
       http://www.secadministrator.com/sub.cfm?code=saei251gsa
    
    * VISIT THE NEW CONNECTED HOME WEB SITE!
       The people who bring you Connected Home EXPRESS have launched a new
    Web site! Get how-to tips and tricks to help you with home networking,
    home theater, audio, and much more. While you're there, sign up (for
    free!) for the first issue of Connected Home Magazine, coming in late
    October. Check it out! 
       http://www.connectedhomemag.com
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: CODE RED REVEALS NEW SECURITY HOLE IN IIS
       As the Code Red II worm spread across the Internet last week, users
    reported that their Web systems were suffering Denial of Service (DoS)
    attacks--even after they had installed the Microsoft IIS patch
    recommended in bulletin MS01-033. Users notified Microsoft about the
    problem, and the company is now working on a patch.
       http://www.WindowsITsecurity.com/articles/index.cfm?articleid=22120
    
    * NEWS: MICROSOFT RELEASES POST-SP6A SECURITY ROLLUP PACKAGE
       Although Microsoft decided to cancel the development and release of
    Windows NT 4.0 Service Pack 7 (SP7), the company is releasing
    security-related hotfixes for that OS. To make applying those security
    hotfixes easier, Microsoft recently released the Post-SP6a Security
    Rollup Package.
       http://www.WindowsITsecurity.com/articles/index.cfm?articleid=22121
    
    * NEWS: VIGILINX JOINS RSA SECURED PARTNER PROGRAM
       Vigilinx today announced a strategic partnership with RSA Security.
    Under the partnership agreement, Vigilinx joins the RSA Secure Partner
    Program as a consultant and system integrator. RSA awarded Vigilinx its
    "RSA Secured Keon Ready" certificate, which signifies that Vigilinx
    products are compatible with RSA Security's products. RSA Security will
    help train Vigilinx consultants to integrate RSA Keon software into
    customer solutions. 
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=22133
    
    * NEWS: RIPTECH EXPANDS OPERATIONS
       Riptech, a managed security-services provider, has opened a new
    office in New York and expanded its facilities in San Jose, California.
    Riptech also named Ken Legge as vice president of business development
    for the company's eastern region.
       http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=22134
    
    * FEATURE: EXCHANGE 2000 SP1 ADDS NEW FUNCTIONALITY TO THE MIGRATION
    WIZARD
       Exchange 2000 Server Service Pack 1 (SP1) included many bug fixes and
    patches that Exchange administrators have been waiting for. Exchange
    2000 SP1 also added a great new feature to the Exchange Migration
    Wizard--something that many of you might not be aware of.
       http://www.exchangeadmin.com/articles/index.cfm?articleid=22100
    
    5. ==== HOT RELEASES (ADVERTISEMENTS) ====
    
    * CYBERWALLPLUS SERVER RESIDENT SECURITY
       Were your Windows NT/2000 web servers hit by the Code Red Worm? Are
    there other important servers still at risk? Use CyberwallPLUS
    server-class firewall and intrusion prevention software as your last
    line of defense when perimeter security is no longer enough.
       Free 30-day evaluation -
    http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.5.532985
    
    * SPONSORED BY THAWTE 
       FREE Apache SSL Guide from Thawte Certification. Do your online
    customers demand the best available protection of their personal
    information? Click here for your FREE certification guide:
       http://go.win2000mag.net/UM/T.asp?A2153.23115.1316.6.532985
    
    6. ==== SECURITY TOOLKIT ====
    
    * BOOK HIGHLIGHT: SURVIVING SECURITY: HOW TO INTEGRATE PEOPLE, PROCESS
    AND TECHNOLOGY
       By Mandy Andress
       List Price: $39.99
       Fatbrain Online Price: $31.99
       Softcover; 525 pages
       Published by Sams, July 2001
       ISBN 0672321297
    
    For more information or to purchase this book, go to
    http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0672321297
    and enter WIN2000MAG as the discount code when you order the book.
    
    * VIRUS CENTER
       Panda Software and the Windows 2000 Magazine Network have teamed to
    bring you the Center for Virus Control. Visit the site often to remain
    informed about the latest threats to your system security.
       http://www.WindowsITsecurity.com/panda
    
    Virus Alert: Win2K/Stream
       Win2K/Stream is the first virus to exploit Windows 2000's ability to
    divide a file into streams, where there can be various streams in one
    single file, where each stream is identified as a "file." Once the virus
    is active, it infects all .exe files in the current directory, and the
    infected files lose their respective icons. For complete details on this
    virus be sure to visit our Web site.
       http://63.88.172.96/panda/index.cfm?fuseaction=virus&virusid=559
    
    * FAQ: HOW DO I ENABLE AND DISABLE WINDOWS XP'S SYSTEM RESTORE
    FEATURE?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
       System Restore (i.e., restorept.api) is a new Windows XP feature
    that's similar to Last Known Good Configuration. However, System Restore
    maintains multiple restore points instead of one last-restore point. The
    user can manually create restore points, or System Restore can keep
    restore points during the following operations:
       - Installing new software, if the application uses a current
    installer that is System-Restore compliant 
       - Using AutoUpdate 
       - During a restore operation 
       - During a Microsoft backup or recovery operation 
       - Installing an unsigned driver 
       - Automatically following 24 hours of inactivity 
       By default, System Restore monitors all partitions. So, for example,
    if you delete an executable file, you can have the system state revert
    to a specific restore point to recreate or repair the executable file.
    When you revert to a restore point, however, you lose all changes since
    that point, except for changes to files in the My Documents folder and
    documents you've created with applications such as Microsoft Word and
    Microsoft Excel.
       If you use System Restore and don't like the new system state, you
    can undo the process and restore the machine to the system state it had
    before you ran System Restore. Alternatively, you can run System Restore
    to change the system state to a different restore point. To enable or
    disable System Restore, follow the steps in our FAQ.
       http://www.windows2000faq.com/articles/index.cfm?articleid=22059
    
    6. ========== NEW AND IMPROVED ==========
       (contributed by Scott Firestone, IV, productsat_private)
    
    * SECURITY SYSTEM
       NFR Security released NFR Network Intrusion Detection-200 (NID-200),
    a system that monitors networks and responds to suspicious activity
    (e.g., too many attempts to match a password, port scans, debilitating
    ping floods, and back-entry device planting). The system provides a set
    of customizable default alerts, including an annotation describing the
    alert, common industry responses, and a field for your company's policy
    explaining what action you should take. For pricing, contact NFR
    Security at 240-632-9000.
       http://www.nfr.com
    
    * CLOSE SECURITY HOLES
       ElcomSoft released Advanced NT Security Explorer (ANTExp), security
    software that lets you use passwords to identify and close security
    holes in your networks. The software executes a comprehensive audit of
    account passwords and exposes insecure account passwords. You can also
    use ANTExp to recover lost passwords and access a user's Windows
    account. The software runs on Windows 2000, Windows NT, Windows Me, and
    Windows 9x systems. ANTExp costs $49 for a personal license, $149 for a
    business license, and $399 for a universal license. Contact ElcomSoft at
    supportat_private
       http://www.elcomsoft.com/antexp.html
    
    7. ==== HOT THREADS ====
    
    * WINDOWS 2000 MAGAZINE ONLINE FORUMS
       http://www.win2000mag.net/forums 
    
    Featured Thread: Installing IIS for a Standalone Certificate Server
       (Four messages in this thread)
    
    A user wants to set up a standalone root Certificate Authority (CA)
    server. However, he doesn't want to install IIS because of all the
    security issues and wonders whether this CA setup is available without
    IIS installed. Read more about the problem and the responses, or lend a
    hand at the following URL:
       http://www.win2000mag.net/forums/rd.cfm?app=64&id=73867
    
    * HOWTO MAILING LIST
       http://www.WindowsITsecurity.com/go/page_listserv.asp?s=howto
    
    Featured Thread: Trouble with Network Authentication on Laptops
       (Two messages in this thread)
    
       An administrator has configured his network so that a user must
    authenticate to a domain controller (DC) to log on to a machine.
    However, this presents a problem for mobile users (e.g., those with
    laptops) who can't log on to their systems when they aren't connected to
    the local LAN. Do you know to remedy this type of problem? Read the
    responses or lend a hand at the following URL:
       http://63.88.172.96/go/page_listserv.asp?a2=ind0108b&l=howto&p=777
    
    8. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT THE COMMENTARY -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private; please
    mention the newsletter name in the subject line.
    
    * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
    Support at securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       Receive the latest information about the Windows 2000 and Windows NT
    topics of your choice. Subscribe to our other FREE email newsletters.
       http://www.win2000mag.net/email
    
    |-+-+-+-+-+-+-+-+-+-|
    
    Thank you for reading Security UPDATE.
    
    SUBSCRIBE
    To subscribe send a blank email to
    subscribe-Security_UPDATEat_private
    
    ___________________________________________________________
    Copyright 2001, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 02:26:57 PDT