[Editor's Note: Due to unforeseen circumstances, Security UPDATE only mailed to a very small percentage of subscribers yesterday, so some readers might receive a duplicate copy. We apologize for any inconvenience this delay and duplication might have caused.] ******************** Windows 2000 Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows 2000 and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Top 10 Windows and AD Security Threats http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwR0AS Is Your System Prepared For The Next Code Red? http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwS0AT (below SECURITY RISK) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~ Security vulnerabilities never die; they just become more embarrassing when exploited. Protect your organization from common security risks. To find out how, download a free white paper "Top Ten Security Threats for Windows 2000 and Active Directory." This white paper not only describes vulnerability threats such as IIS RDS, IIS Unicode, SQL Server with no system administrator (SA) password, and weak or no passwords, but also tells you how to protect your organization from these Windows 2000 and Active Directory security exposures. Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwR0AS ******************** September 20, 2001--In this issue: 1. IN FOCUS - Attack on Privacy 2. SECURITY RISK - DoS Condition in Microsoft Windows NT 4.0 Endpoint Mapper Service 3. ANNOUNCEMENTS - Tired of the Same Old Sales Pitch? - Visit the New Connected Home Web Site! 4. SECURITY ROUNDUP - News: Nimda Worm Boring into Computers Worldwide - Feature: ACL-Based Security Tips for IIS - Feature: Inside the Exchange Server Antivirus API 5. HOT RELEASE (ADVERTISEMENT) - Sponsored by CyberwallPLUS Server Resident Security 6. SECURITY TOOLKIT - Book Highlight: Hackers Beware: Defending Your Network from the Wiley Hacker - Virus Center - FAQ: Why Can't I Create a Kerberos-Based Trust Between Two Domains in Different Forests? 7. NEW AND IMPROVED - Detect and Repair Viruses - Secure Email Messages, Files, and Documents 8. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: Saving Log Files Automatically - HowTo Mailing List: - How to Improve Microsoft's Security Site 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== COMMENTARY ==== Hello everyone, The recent attacks against the United States have raised many concerns in the information security industry because of the changes these events might bring. For example, the Federal Bureau of Investigation (FBI) said that terrorists use strong encryption and related technologies, such as steganography, to hide and disseminate their communications--once again raising the problem of key escrow and encryption export restrictions. Some people who had already accused pretty good privacy (PGP) of contributing to crime are now making those claims even more loudly. According to Wired News (see URL below), the FBI has installed its DCS1000 software (formerly Carnivore) in the core networks of all consenting tier-1 ISPs across the nation. The FBI can now scan most communications that travel across American-based computer networks for potentially incriminating content. http://www.wired.com/news/politics/0,1283,46747,00.html In addition, corporations are considering monitoring email and Internet traffic even more closely, and federal attention is focusing on free email and mailing list services (e.g., Hotmail and Yahoo) as possible vantage points for terrorist communications. Furthermore, the Bush administration intends to ask Congress for expanded wiretap powers. The expanded powers would make wiretap orders applicable to individuals instead of specific devices owned by an individual. Instead of tapping a specific device, law enforcement might be able to tap any device that a suspect might use--including all of our private telephone and computer networks. Meanwhile, attackers have defaced or denied service to various governmental Web sites in both Israel and Afghanistan. I've received reports this week that attackers defaced the Israeli Prime Ministry's Web site, and the Afghanistan presidential palace Web site suffered Denial of Service (DoS) attacks and had to take the site offline. We stand a good chance of losing some of our civil liberties, especially rights to privacy, and I can't fathom how that's necessary to fight terrorism. Microsoft has released a beta version of HFNetChk 3.2, which lets you check which hotfixes are installed on any machine on the network. You can learn about the beta, including how to download a copy, by reading the message Microsoft posted to our HowTo Mailing List at the URL below. In addition, Microsoft says that it's redesigning its security site, and the company is soliciting suggestions about how to improve the site's content and functionality. Be sure to read the Microsoft message listed in the HowTo Mailing List section of this newsletter under HOT THREADS. http://www.secadministrator.com/ListServ/win2ks-l.asp?A2=IND0109C&L=WIN2KSECADVICE&P=270 Sincerely, Mark Joseph Edwards, News Editor, markat_private 2. ==== SECURITY RISK ==== (contributed by Ken Pfeil, kenat_private) * DOS CONDITION IN MICROSOFT WINDOWS NT 4.0 ENDPOINT MAPPER SERVICE A vulnerability exists in the NT 4.0 remote procedure call (RPC) endpoint mapper service that an attacker can use to cause a Denial of Service (DoS) condition. A problem in the service causes it to fail when an attacker sends a request that contains a particular type of malformed data. Microsoft has released security bulletin MS01-048 to address this vulnerability and recommends that affected users apply the patch provided at its Web site. Microsoft will provide a patch for NT Server 4.0, Terminal Server Edition at bulletin MS01-048 when the patch becomes available. http://www.secadministrator.com/articles/index.cfm?articleid=22481 ******************** ~~~~ SPONSOR: IS YOUR SYSTEM PREPARED FOR THE NEXT CODE RED? ~~~~ The Code Red worm and other intrusions are easily avoided if the latest security updates are identified and deployed with UpdateEXPERT(tm). UpdateEXPERT is a solution that helps you secure your systems by remotely managing service packs and hotfixes. UpdateEXPERT supports Windows NT and 2000, and a long list of mission critical applications. Quickly conduct research, take inventory, deploy updates and validate installations of networked machines with UpdateEXPERT. Free Trial: http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwS0AT ~~~~~~~~~~~~~~~~~~~~ 3. ==== ANNOUNCEMENTS ==== * TIRED OF THE SAME OLD SALES PITCH? Now there's a better way to find the perfect IT vendor or solution-- absolutely free! The IT Buyer's Network (ITBN) lets you search through thousands of vendor solutions. You'll love the ITBN's one-stop shopping approach for hardware, network and systems software, IT services, and much more! Visit the ITBN today! http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KXr0AT * VISIT THE NEW CONNECTED HOME WEB SITE! The people who bring you Connected Home EXPRESS have launched a new Web site! Get how-to tips and tricks to help you with home networking, home theater, audio, and much more. While you're there, sign up (for free!) for the first issue of Connected Home Magazine, coming in late October. Check it out! http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KA30A2 4. ==== SECURITY ROUNDUP ==== * NEWS: NIMDA WORM BORING INTO COMPUTERS WORLDWIDE A new worm, dubbed Nimda, is spreading rapidly across the Internet affecting both businesses and home computer users. The worm spreads in a variety of fashions using various unpatched software programs, including Microsoft Outlook, Internet Explorer (IE), and IIS. http://www.secadministrator.com/articles/index.cfm?articleid=22523 http://www.secadministrator.com/articles/index.cfm?articleid=22520 * FEATURE: ACL-BASED SECURITY TIPS FOR IIS Every system object in Windows 2000 and Windows NT has a unique security descriptor that includes an ACL. In his article for "IIS Tips and Tricks Newsletter," Tim Huckaby teaches you how to tweak ACL settings to better protect your Microsoft IIS systems. http://www.secadministrator.com/articles/index.cfm?articleid=22444 * FEATURE: INSIDE THE EXCHANGE SERVER ANTIVIRUS API Many readers have asked about the new antivirus API (AVAPI 2.0) that Microsoft has included in Microsoft Exchange 2000 Server Service Pack 1 (SP1) and what AVAPI 2.0 means to Exchange administrators. Jerry Cochran offers a brief review to bring everyone up to date. http://www.secadministrator.com/articles/index.cfm?articleid=22416 5. ==== HOT RELEASE (ADVERTISEMENT) ==== * SPONSORED BY CYBERWALLPLUS SERVER RESIDENT SECURITY Were your Windows NT/2000 Web servers hit by the Code Red Worm? Are there other important servers still at risk? Use CyberwallPLUS server- class firewall and intrusion prevention software as your last line of defense when perimeter security is no longer enough. Free 30-day evaluation - http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwV0AW 6. ==== SECURITY TOOLKIT ==== * BOOK HIGHLIGHT: HACKERS BEWARE: DEFENDING YOUR NETWORK FROM THE WILEY HACKER By Eric Cole List Price: $45.00 Fatbrain Online Price: $36.00 Softcover; 778 pages Published by New Riders Publishing, August 2001 ISBN 0735710090 For more information or to purchase this book, go to http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0735710090 and enter WIN2000MAG as the discount code when you order the book. * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: WHY CAN'T I CREATE A KERBEROS-BASED TRUST BETWEEN TWO DOMAINS IN DIFFERENT FORESTS? ( contributed by John Savill, http://www.windows2000faq.com ) A. When you manually create trusts, you can select one of two authentication protocols: - Kerberos -- The Kerberos V5 authentication protocol is the default authentication service for Windows 2000. You use the protocol to verify that a user or host is who it says it is. Trusts between domains in a tree and between the root domains in a forest use this protocol. - NT LAN Manager (NTLM) -- The NTLM authentication protocol is the default for network authentication in Windows NT 4.0 and earlier, but Win2K still supports it (although not as the default). NTLM is a challenge-and-response authentication protocol. A transitive Kerberos-based trust links domains within a forest. When you create a trust between two domains in different forests, you can select only NTLM because Kerberos isn't available for cross-forest trust relationships. This isn't a Kerberos limitation, but a Microsoft implementation limitation. If you use a third-party Kerberos implementation (e.g., MIT), you can use Kerberos for cross-forest trusts. 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * DETECT AND REPAIR VIRUSES Symantec released Norton AntiVirus 2002--software that detects and repairs a virus automatically, provides automated Internet updates, and integrates with Windows Explorer. Norton AntiVirus 2002 also scans incoming and outgoing email to stop viruses, and proactively uses script blocking to constantly monitor scripts and alert users to virus- like malicious behavior. The software prevents email programs from sending or forwarding virus-infected email messages. Norton AntiVirus 2002 costs $49.95. Contact Symantec at 408-517-8000. http://www.symantec.com * SECURE EMAIL MESSAGES, FILES, AND DOCUMENTS Citrix Systems and Entrust, a provider of Internet security and managed services, announced interoperability of Citrix MetaFrame XP and Citrix Extranet software with Entrust Entelligence 6.0 and Entrust Authority 6.0 software. Entrust Entelligence 6.0 and Entrust Authority 6.0 feature enhanced identification, verification, privacy, and security management to ensure online security and privacy for email, files, and documents. For pricing, contact Citrix Systems at 954-267- 3000 or Entrust at 972-943-7300 or 888-690-2424. http://www.citrix.com http://www.entrust.com 8. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums Featured Thread: Saving Log Files Automatically (Two messages in this thread) Craig knows how to save security log files manually using Event Viewer, but he wants to save his log files automatically to keep a running archive. Read more about the question and the responses, or lend a hand at the following URL: http://www.win2000mag.net/forums/rd.cfm?app=64&id=78714 * HOWTO MAILING LIST http://www.secadministrator.com/ListServ/page_listserv.asp?s=HowTo Featured Thread: How to Improve Microsoft's Security Site (One message in this thread) Microsoft will soon redesign its security Web pages. The company is now soliciting suggestions from users about how to improve the site's design. If you have content needs or suggestions for content and functionality not already present, be sure to read Microsoft's message and respond with your concerns! http://63.88.172.96/ListServ/page_listserv.asp?A2=IND0109B&L=HOWTO&P=85 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT THE COMMENTARY -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private; please mention the newsletter name in the subject line. * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer Support at securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows 2000 and Windows NT topics of your choice. Subscribe to our other FREE email newsletters. http://www.win2000mag.net/email |-+-+-+-+-+-+-+-+-+-| - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 07:40:40 PDT