******************** Windows 2000 Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows 2000 and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Windows 2000 Magazine 70-270 Question of the Day http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: WINDOWS 2000 MAGAZINE 70-270 QUESTION OF THE DAY ~~~~ Test Your Windows XP Knowledge - Free! Our MCSE Exam 70-270 Question-of-the-Day email dives into the new Windows XP topics such as installing and configuring handheld devices and managing mobile users, while also measuring your skills in networking basics, TCP/IP fundamentals, user accounts, protocol features, and much more. Sign up (for FREE) today! http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah ******************** October 3, 2001--In this issue: 1. IN FOCUS - The Patriot Act and Great Security Tools 2. SECURITY RISKS - Cisco PIX Firewalls Vulnerable to SMTP Filtering Bypass - Exchange 2000 OWA Vulnerable to DoS Attack 3. ANNOUNCEMENT - What Does the Home of the Not-Too-Distant Future Look Like? 4. SECURITY ROUNDUP - News: Attorney General Ashcroft Tells Hackers: You're an Enemy of the State - News: Gartner: Enterprises Should Consider IIS Alternatives - Feature: Lock Down Your PDA - Expediting the Arduous Security Update Process 5. SECURITY TOOLKIT - Book Highlight: Hack Attacks Encyclopedia: A Complete History of Hacks, Phreaks, and Spies Over Time - Virus Center - FAQ: How Can I View the Contents of the Netlogon.chg File? 6. NEW AND IMPROVED - Protect Your System from Viruses - Detect and Respond to Flood Attacks 7. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: Clients Can't View SSL Web Sites - HowTo Mailing List: - Featured Thread: Blue Screen of Death 8. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== COMMENTARY ==== Hello everyone, Have you heard about the Anti-Terrorism Act (ATA) of 2001, which is before the US House Judiciary Committee? If the present form of the proposed bill becomes law, hacking a computer system becomes a terrorist act punishable by up to life in prison. You can read about the ATA in our related news story in the SECURITY ROUNDUP section of this newsletter. As a result of seeing the ATA in conjunction with public reaction, two committee members presented an alternative bill--another set of proposed changes to existing US Code. That subsequent proposal, dubbed the Patriot Act, addresses concerns about classifying hacking as a terrorism act. As you'll learn by reading the proposed Patriot Act (see the URL below next paragraph), Section 309 makes it clear that computer-related crimes would only become an act of terrorism if those crimes "[are] calculated to influence or affect the conduct of government by intimidation or coercion; or to retaliate against government conduct." The House Judiciary Committee staff has prepared an interpretation of the Patriot Act that further clarifies the lawmakers' intent to reclassify computer crimes (see URL below). In the document, the staff interprets Section 309 of the Patriot Act to mean, "a crime is only considered to be [a] Federal terrorism offense if it can be proven to be calculated to influence or affect the conduct of government by intimidation or coercion; or to retaliate against government conduct." http://www.epic.org/privacy/terrorism/patriot_sec.pdf Even with such clarifications, however, many privacy groups are raising concerns about what they interpret to be considerable privacy and civil liberties issues that the Patriot Act presents. For viewpoints about these concerns, visit the Electronic Privacy Information Center (EPIC) at the following URL: http://www.epic.org On another note, I want to tell you about two security tools that you might find useful in your daily routines. The first tool is a freeware package called Eraser. The tool helps remove disk data when you delete files from your system. Eraser deletes the files by overwriting the disk data numerous times. Such a process helps ensure that any residual magnetic flux on the disk won't be sufficient for any nonauthorized data-recovery operation attempts. Eraser runs on all Windows platforms from Windows 95 through Windows 2000. Eraser installs as a Windows Explorer shell extension, which adds a new menu item to Explorer-related popup menus. For example, if you right-click the Recycle Bin, in addition to the standard menu selection "Empty Recycle Bin," you'll find a new menu selection called "Erase Recycle Bin." The same holds true for the Explorer shell itself: When you right-click any file or folder within Explorer, you'll find a new menu item entitled "Erase" in addition to the standard "Delete" menu selection. Sami Tolvanen, a computer science major in Finland, developed Eraser. You can download a copy at the URL below. You can also obtain the source code for Eraser at the site--it's freely available under the GNU's Not UNIX (GNU) General Public License (GPL). http://www.tolvanen.com/eraser/download.shtml The other tool I want to remind you about is our online Web-based security forum. On our Security Administrator Web site, you'll find four Web forums that cover security problems with Win2K, Windows NT, Microsoft IIS, and Microsoft Proxy Server. These forums are a great resource--a way to get help from or offer help to people who prefer not to use mailing list-based discussion forums. Several of our forum pros moderate the forums and also help answer questions. Be sure to stop by the forums at the following URL: http://www.secadministrator.com/forums/Index.cfm And if you haven't heard the news, Gartner Group recommends that Windows users not run IIS--that they immediately switch to another Web server platform. Read Gartner's comments and what prompted such advice in Paul Thurrott's related news story in the SECURITY ROUNDUP section of this newsletter. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor, markat_private 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * CISCO PIX FIREWALLS VULNERABLE TO SMTP FILTERING BYPASS Cisco Systems Secure PIX Firewalls that provide access to SMTP mail servers might let users bypass the firewall's SMTP command filtering. In such events, intruders can gather information about email accounts or perform exploits against the mail server if that server has any vulnerabilities. To remedy the problem, Cisco is offering free software upgrades to all affected customers. http://www.secadministrator.com/articles/index.cfm?articleid=22698 * EXCHANGE 2000 OWA VULNERABLE TO DOS ATTACK Joao Gouveia reported a vulnerability in Microsoft Exchange 2000 Outlook Web Access (OWA) due to unchecked directory paths. Because Exchange attempts to process requests without checking for the existence of a directory, a user can instigate a Denial of Service (DoS) attack against the server by repeatedly making requests that include a deeply nested, nonexistent folder. Only users who can authenticate to the server can launch attacks. Microsoft has released Bulletin MS01-049 and a patch to fix this vulnerability. http://www.secadministrator.com/articles/index.cfm?articleid=22697 3. ==== ANNOUNCEMENT ==== * WHAT DOES THE HOME OF THE NOT-TOO-DISTANT FUTURE LOOK LIKE? You've never seen anything like the Connected Home Magazine Virtual Tour. Experience (room by room) the latest home entertainment, home networking, and home automation options that will change the way you work and play. While you're there, enter to win a free copy of Windows XP! http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0LTe0Al 4. ==== SECURITY ROUNDUP ==== * NEWS: ATTORNEY GENERAL ASHCROFT TELLS HACKERS: YOU'RE AN ENEMY OF THE STATE A new bill before the US House of Representatives--the Anti- Terrorism Act of 2001 (ATA)--would make any computer intrusion an act of terrorism punishable by as much as life in prison. The authors designed the bill to help America defend itself against terrorism, but the bill includes several proposed changes to existing US Code that have caused an outcry in the computer security community. Learn more about the changes by reading the article on our Web site. http://www.secadministrator.com/articles/index.cfm?articleid=22704 * NEWS: GARTNER: ENTERPRISES SHOULD CONSIDER IIS ALTERNATIVES Market Analysis firm Gartner has issued a stunning recommendation regarding Microsoft IIS Web server: If you're currently deploying the software, Gartner recommends that you look for an alternative, and if you're not already running IIS, don't. Gartner blames the number of recent hacker attacks on IIS, and the company says that Microsoft doesn't respond quickly enough to keep its customers secure. See the following URL for more details: http://www.secadministrator.com/articles/index.cfm?articleid=22587 * FEATURE: LOCK DOWN YOUR PDA Randy Franklin Smith meets people everywhere who believe that password protection is sufficient to protect their personal information on computers and PDAs. This belief is dangerously naive. Microsoft Word and Palm OS password protection is trivial: A thief who steals your computer or PDA can easily figure out your passwords. Learn what Smith has to say about locking down your PDA in this article in Connected Home Magazine. http://www.connectedhomemag.com/mobile/articles/index.cfm?articleid=22456 * FEATURE: EXPEDITING THE ARDUOUS SECURITY UPDATE PROCESS Along with many of you, Paula Sharick has been cleaning up her computer systems in the wake of the Code Red worm and the W32.Nimda virus. Paula has endured almost 2 months of nonstop troubleshooting and updating system software. She can't believe the hoops that Microsoft users must jump through to cross-reference a Microsoft security bulletin number with a Microsoft article number, locate and download individual hotfix updates, install the updates (either manually or with a script), and perform a final audit to verify that all updates installed properly. Paula has some suggestions for Microsoft regarding ways to improve how users perform security updates. Be sure to read her article on our Web site. http://www.secadministrator.com/articles/index.cfm?articleid=22667 5. ==== SECURITY TOOLKIT ==== * BOOK HIGHLIGHT: HACK ATTACKS ENCYCLOPEDIA: A COMPLETE HISTORY OF HACKS, PHREAKS, AND SPIES OVER TIME By John Chirillo List Price: $64.99 Fatbrain Online Price: $51.99 Softcover; 960 pages Published by John Wiley & Sons, September 2001 ISBN 0471055891 For more information or to purchase this book, go to http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471055891 and enter WIN2000MAG as the discount code when you order the book. * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring to you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I VIEW THE CONTENTS OF THE NETLOGON.CHG FILE? ( contributed by John Savill, http://www.windows2000faq.com ) A. You can't use a standard text editor to read netlogon.chg, but Windows 2000 Support Tools supplies the nltest.exe utility that you can use to view the contents of netlogon.chg. Execute the following command: C:\> nltest /list_deltas:netlogon.chg The system displays a lot of information, listing all changes made to the domain. The trust entry that appears in the Local Security Authority (LSA) Database section consists of entries similar to the following: Order: 1 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bb Immediately Name: 'G$$SAVTECHLON' Order: 2 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bc 6. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * PROTECT YOUR SYSTEM FROM VIRUSES Central Command Software released AntiVirus eXpert Professional 6.0, an antivirus defense and Internet application firewall. The system features behavior-blocking to stop suspicious access to the Internet, system registry, or file system; Internet filtering to block specific Web sites, IP addresses, and TCP/IP port numbers; Internet application control to intercept and block all unauthorized outbound Internet connections; and privacy control to monitor incoming and outgoing cookies. Prices start at $49.95. Contact Central Command Software at 330-723-2062 or 877-943-8287. http://www.centralcommand.com * DETECT AND RESPOND TO FLOOD ATTACKS Reactive Network Solutions released FloodGuard, software that manages other network infrastructure devices deployed within the corporate or service-provider network to detect and mitigate flood attacks launched over the Internet. The system confirms the presence of the attack and manages filters in upstream routers and switches to mitigate the attack's effects. For pricing, contact Reactive Network Solutions at 650-365-4000. http://www.reactivenetworks.com 7. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums Featured Thread: Clients Can't View SSL Web Sites (Two messages in this thread) Fran used Secure Sockets Layer (SSL) to put the Microsoft Nimda patches on her server. Now her users can't access the secured Web sites, and she can't access sites with accounts that have domain administrative permissions. Another user set up an SSL Web site for Microsoft Exchange 2000 Outlook Web Access (OWA) and received and installed the server certificates, but now can't access the Web site. Read more about the questions and responses, or lend a hand at the following URL: http://www.win2000mag.net/forums/rd.cfm?app=64&id=79866 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Blue Screen of Death (Five messages in this thread) This user is experiencing system crashes under Windows 2000 while running NetMeeting 3.01. When the system crashes and presents the standard blue screen, the error message is MULTIPLE_IRP_COMPLETE_REQUESTS. The user wonders what the message means and whether NetMeeting is causing the crashes. Can you help? Read the responses or lend a hand at the following URL: http://188.8.131.52/listserv/page_listserv.asp?a2=ind0109d&l=howto&p=459 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT THE COMMENTARY -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private; please mention the newsletter name in the subject line. * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer Support at securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? -- emedia_oppsat_private ******************** Receive the latest information about the Windows 2000 and Windows NT topics of your choice. Subscribe to our other FREE email newsletters. http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah |-+-+-+-+-+-+-+-+-+-| Thank you for reading Storage UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security_UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 04:47:21 PDT