******************** Windows 2000 Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows 2000 and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Top 10 Windows and AD Security Threats http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7 FREE Outbreak Prevention Service for SMTP Gateway http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~ Security vulnerabilities never die, they just become more embarrassing when exploited. Protect your organization from common security risks. To find out how, download a free white paper "Top Ten Security Threats for Windows 2000 and Active Directory." This white paper not only describes vulnerability threats such as IIS RDS, IIS Unicode, SQL Server with no system administrator (SA) password, and weak or no passwords, but also tells you how to protect your organization from these Windows 2000 and Active Directory security exposures. Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7 ******************** November 14, 2001--In this issue: 1. IN FOCUS - RADIUS Insecurity; Hotfix Reporter; New Security Services and Risks 2. SECURITY RISK - Script Injection Vulnerability in Microsoft Internet Explorer 3. ANNOUNCEMENTS - Windows Security 2002 Briefings and Training, February 5 Through 8, 2002 - Tell Us About Your Connected Home! 4. SECURITY ROUNDUP - News: Microsoft Ships Post-SP6a Security Rollup for NT 4.0 - News: Microsoft Adds Security to .Net My Services - News: Three Personal Firewalls Pass Stringent Security Testing - Feature: Have You Given Your Exchange Server a Security Checkup Lately? 5. HOT RELEASE - VeriSign--The Value of Trust 6. SECURITY TOOLKIT - Book Highlight: Cisco Secure Intrusion Detection Systems - Virus Center - FAQ: How Can I Prevent a User from Running or Stopping a Scheduled Process? 7. NEW AND IMPROVED - Protect Microsoft IIS - Protect Your System 8. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: Hackers? - HowTo Mailing List - Featured Thread: Detecting Packet Sniffers 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== COMMENTARY ==== Hello everyone, Do you run RADIUS for authentication in your network environment? If so, you might be interested in a new paper, "An Analysis of the RADIUS Authentication Protocol," which Joshua Hill posted on the BugTraq mailing list on November 12. Hill dissects the protocol to reveal half a dozen vulnerabilities that an attacker can use in various combinations to compromise a network. The vulnerabilities originate mostly from what Hill considers to be the misuse of MD5 (a hash function) as a cipher primitive. Hill also makes several suggestions for improving the protocol, and he points out that the Internet Engineering Task Force (IETF) is working on a new authentication protocol specification called DIAMETER. Stop by Hill's Web page to read the paper (URL below), which also includes information about DIAMETER. http://www.untruth.org/~josh/security/radius If you use the Microsoft HFNetChk tool, which checks systems for installed and missing hotfixes, you know that the output the tool presents could be improved. Maximized Software provides a freeware complement for HFNetChk called "Hotfix Reporter," which further automates hotfix checking and reporting. The tool consists of command (.cmd) files and an executable that converts the tabbed HFNetChk output into a formatted .html file for viewing with a Web browser. In the HTML report, Hotfix Reporter displays related Microsoft Security Bulletins and TechNet articles as clickable links, compares scans against the same system to determine whether new hotfixes are available, and lets you hide hotfixes that you want to ignore. In addition, the Hotfix Reporter Web site offers advice about how to perform actions such as automating HFNetChk scans, emailing subsequent reports to a given account, and automating the download of the Microsoft-related mssecure.xml file, which HFNetChk uses to determine the state of hotfixes on a given system. Hotfix Reporter seems to be a great tool you might want to add to your toolkit. You can find it at the URL below. http://www.maximized.com/freeware/hotfixreporter/cmdfiles.htm The Denver Post ran an interesting story on November 5 (URL below) about a new security firm called Fuzion Security, which offers a new vulnerability-assessment service called AsseZment. Customers already include firms such as Qwest and OppenheimerFunds. According to the news story, AsseZment produces a "report that shows what the company's security risks are, how much it will cost to address the risks and how much the company can expect to save by addressing the risks. The report also prioritizes the most significant security risks." http://www.denverpost.com/stories/0,1002,33%257E208826,00.html Since 1992, Fuzion Security founders have written 14 books on security- risk assessment, and they've spent the last 14 months developing their new services. You can learn more at the Fuzion Security Web site (see below). http://www.fuzionsecurity.com Did you hear about the college students who managed to break the security of bank ATMs? The Cambridge students published details of the findings last week, much to the dismay of banks and customers everywhere. Apparently, most ATMs run standard software in conjunction with an IBM 4758 cryptographic co-processor. The IBM device uses the Common Cryptographic Architecture (CCA) technology, which relies on Data Encryption Standard (DES) to protect sensitive information. Attackers have shown repeatedly that DES is vulnerable to attack. Now, using off-the-shelf software, the college students have proven that any unscrupulous bank employee can steal funds from unsuspecting banks and banking customers. Although Ross Anderson (also of Cambridge University) first exposed the vulnerability in February 2001, apparently no one took action to correct the matter. But now that the Cambridge students have revealed the exploit, banks might begin to better protect their assets and the assets of their customers. Be sure to stop by and read the report (URL below). Until next time, have a great week. http://www.cl.cam.ac.uk/~rnc1/descrack Sincerely, Mark Joseph Edwards, News Editor, markat_private ******************** ~~~~ SPONSOR: TREND MICRO INTERSCAN MESSAGING SECURITY SUITE ~~~~ InterScan(R) Messaging Security for SMTP is a high performance policy-based antivirus and content security for the SMTP gateway designed to protect your messaging system from virus outbreaks. Its Outbreak Prevention Policy is a fast defense against new email-borne virus. Automatically deployed policies give administrators peace of mind while offering an effective protection available against new viruses. Get your free Outbreak Prevention service today! For program details or to download your 30-day FREE InterScan evaluation copy: http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At ~~~~~~~~~~~~~~~~~~~~ 2. ===== SECURITY RISK ==== (contributed by Ken Pfeil, kenat_private) * SCRIPT INJECTION VULNERABILITY IN MICROSOFT INTERNET EXPLORER A vulnerability exists in Microsoft Internet Explorer (IE) that can result in information disclosure through locally stored cookies on the vulnerable system. The vulnerability stems from a problem in IE that lets a specially crafted URL read and modify this information. Microsoft has released Security Bulletin MS01-055 to address this vulnerability and recommends that affected users apply the patch that Microsoft will provide at the URL when the patch becomes available. As a workaround, users can disable active scripting in both the Internet and intranet zones. This vulnerability doesn't affect users who have applied the Outlook E-Mail Security Update or who have set Outlook Express to use the Restricted Sites zone. http://www.secadministrator.com/articles/index.cfm?articleid=23197 3. ==== ANNOUNCEMENTS ==== * WINDOWS SECURITY 2002 BRIEFINGS AND TRAINING, FEBRUARY 5 THROUGH 8, 2002 Registration and call for papers for the BlackHat's Windows Security 2002 conference is now open. This is the Windows XP/Windows 2000/.NET security event of the year, with intensive training sessions! Join 500 experts and "underground" security specialists for briefings, training, and Mardi Gras in New Orleans. http://www.blackhat.com * TELL US ABOUT YOUR CONNECTED HOME! Does your computer technology savvy come in handy at home? We want to know how you use home networking, computer technology, and home automation technology for work and play. Take a few minutes to answer our online survey today! http://www.zoomerang.com/survey.zgi?85ab2cl65159mdggmah9del6 4. ==== SECURITY ROUNDUP ==== * NEWS: MICROSOFT SHIPS POST-SP6A SECURITY ROLLUP FOR NT 4.0 Microsoft shipped the promised replacement for Windows NT 4.0 Service Pack 7 (SP7--see first URL below). The cleverly named Windows NT 4.0 Post-SP6a Security Rollup Package (SRP) is a handy 14.3MB package that provides all available post-NT 4.0 SP6a security updates. For more information about this free download, visit the second URL below. (For information about some specific post-NT 4.0 SP6a fixes, go to the third URL below and see Paula Sharick's, "Mailto Address List Truncated; Post-SP6a Fixes," InstantDoc ID 9755, and "NT 4.0 Post-SP6a Fixes; Preparing for SMS 2.0 SP2," InstantDoc ID 8969.) http://www.secadministrator.com/articles/index.cfm?articleid=22769 http://www.microsoft.com/ntserver/sp6asrp.asp http://www.win2000mag.com * NEWS: MICROSOFT ADDS SECURITY TO .NET MY SERVICES Microsoft has made a deal with Web-authentication infrastructure provider VeriSign to include digital certificate-authentication technology in Microsoft's upcoming .NET My Services (formerly code- named Hailstorm). .NET My Services represents the first wave of .NET- enabled services and utilizes Microsoft Passport, which stores user information such as passwords and credit card information for compatible Web sites. Microsoft has also contracted with antivirus vendor McAfee to add security software to Microsoft .NET server products. http://www.secadministrator.com/articles/index.cfm?articleid=22767 * NEWS: THREE PERSONAL FIREWALLS PASS STRINGENT SECURITY TESTING TruSecure announced that its Internet Computer Security Association (ICSA) Labs division has awarded certification to three products under its new PC firewall certification program. The newly certified products include ZoneAlarm Pro for Windows, Tiny Personal Firewall for Windows 2000, and Norton Personal Firewall for Win2K, Windows 2000 Professional, Windows Me, and Windows NT Workstation. http://www.secadministrator.com/articles/index.cfm?articleid=23173 * FEATURE: HAVE YOU GIVEN YOUR EXCHANGE SERVER A SECURITY CHECKUP LATELY? Recent discussions in the media and other forums show a heightened concern about Microsoft Windows 2000 and Exchange 2000 Server security. Typical Exchange security discussions focus on protecting Exchange servers from outside threats, but Jerry Cochran offers a twist and looks at protecting Exchange servers from internal threats--in other words, protecting ourselves from ourselves. http://www.secadministrator.com/articles/index.cfm?articleid=23052 5. ==== HOT RELEASE (ADVERTISEMENT) ==== * VERISIGN - THE VALUE OF TRUST Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and learn about using SSL to encrypt e-commerce transactions. Get it now! http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0Lo50AW 6. ==== SECURITY TOOLKIT ==== * BOOK HIGHLIGHT: CISCO SECURE INTRUSION DETECTION SYSTEMS By Earl Carter Fatbrain Online Price: $50.00 Hardcover; 912 pages Published by Cisco Press, October 2001 ISBN 158705034X For more information or to purchase this book, go to http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=158705034X and enter WIN2000MAG as the discount code when you order. * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I PREVENT A USER FROM RUNNING OR STOPPING A SCHEDULED PROCESS? ( contributed by John Savill, http://www.windows2000faq.com ) A. You can block user access to scheduled tasks in several ways. To block access at a Group Policy level, perform the following steps: 1. Start Group Policy Editor (GPE) for the container you want to modify. 2. Expand either User Configuration or Computer Configuration. 3. Expand Administrative Templates, Windows Components, Task Scheduler. 4. Double-click "Prevent Task Run or End." 5. Select Enabled and click OK. You can also edit the registry to block access on a per-computer or per-user basis: 1. Start regedit.exe on the machine where you want to block access. 2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0 or HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0 (you might need to create the key). 3. From the Edit menu, select New, DWORD Value, enter a name of Execution, and press Enter. 4. Double-click the new value, and set it to 1. Click OK. 5. Close regedit. 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * PROTECT MICROSOFT IIS Flicks Software released Titan, software that protects Microsoft IIS Web servers by analyzing and verifying incoming Web server data for any possible security breaches. The software lets network administrators set parameters and monitor all HTTP traffic over their networks for illicit behavior. You can prevent buffer overflows, scan for certain keywords common to intruders, and receive email notification of failed malicious intruder attempts. Titan costs $395 for a single-user license. Contact Flicks Software at 310-526-0325. http://www.flicks.com * PROTECT YOUR SYSTEM LuoSoft released Iparmor 5.17, security software that protects your system from Trojan horse, worm, and virus attacks. When you run the program, Iparmor 5.17 scans memory to ensure that no unauthorized programs are active. You can view each of your active network ports to see whether an attacker is using it to run a Trojan horse, or whether a Trojan horse is using the port to transmit your data to attackers. Iparmor 5.17 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x and costs $29.95. Contact LuoSoft at iparmorsalesat_private http://www.luosoft.com 8. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums Featured Thread: Hackers? (Six messages in this thread) Bobby is using Windows NT 4.0 at school, and other students are somehow accessing his files. He suspects they have his user password, and he wonders how they're able to gain such access. Can you help? Read more about the questions and responses or lend a hand at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=82656 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Detecting Packet Sniffers (Three messages in this thread) Andrew ran a packet sniffer on his network to determine what information he could gather. Within 5 minutes he had captured packets that included usernames, passwords, and other sensitive information. He's wondering how he can go about detecting other people running packet sniffers on his network to prevent them from gathering similar information. Can you help? Read the responses or lend a hand at the following URL: http://126.96.36.199/listserv/page_listserv.asp?a2=ind0111A&L=howto&p=190 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT THE COMMENTARY -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? -- emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.win2000mag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security_UPDATE_Subat_private _______________________________________________________________________ Copyright 2001, Penton Media, Inc. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 02:01:59 PST