******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET, 2000, and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Free WebTrends Firewall Suite Trial from NetIQ http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3 Lieberman & Associates--Shore Up Your Back Doors http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4 (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: FREE WEBTRENDS FIREWALL SUITE TRIAL FROM NETIQ ~~~~ Do you need to capture every move, incoming and outgoing, across your company's firewall? Then leave nothing to chance--download a FREE trial of WebTrends' award-winning Firewall Suite from NetIQ. Firewall Suite provides immediate alerts, identifies and reports on critical security events and generates more than 200 reports for IT managers and security professionals. It also provides support for more than 35 leading firewall and proxy servers, including Check Point and Cisco. Download your free trial today at: http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3 ******************** December 19, 2001--In this issue: 1. IN FOCUS - Office XP SP1: No More HTML Messages 2. SECURITY RISK - DoS in Win2K Internet Key Exchange 3. ANNOUNCEMENTS - Check Out the New WebSphere Professional Site! - What Does a Connected Home Look Like? 4. SECURITY ROUNDUP - News: A Quick Look at the First Office XP Service Pack - News: BlackICE Now Offers VPN Protection - News: Specially Formed Script in HTML Mail Can Execute in Exchange 5.5 OWA - Feature: Securing Exchange 2000 Servers 5. HOT RELEASE (ADVERTISEMENT) - Sponsored by VeriSign--The Value of Trust 6. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Enable Users to Set the Administrator Password During a Remote Installation Services Installation? 7. NEW AND IMPROVED - Security Partnership - Protect Your Password 8. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: To Whom Do I Report an Ongoing Attack? - HowTo Mailing List: - Featured Thread: How Can I Monitor Third-Party Email? 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== [Editor's note: Windows 2000 Magazine has a new name: Windows & .NET Magazine. But, our mission hasn't changed: We're still providing technical, how-to content to help you do your job now--and help you make smart decisions about new technology for the future. We think the new name better conveys the scope of our coverage--we hope you think so too.] * OFFICE XP SP1: NO MORE HTML MESSAGES Hello everyone, Are you using Microsoft Office XP 2002? If so, you'll want to read Paul Thurrott's article about Office XP Service Pack 1 (SP1). Thurrott spoke with Office XP Product Manager Nicole von Kaenel about some of the changes and improvements SP1 offers, including use of the suite's error- feedback tool. You can find the story at the URL below. http://www.secadministrator.com/articles/index.cfm?articleid=23525 SP1 also includes all of the previous Office suite security fixes, and future suite updates will depend on this service pack already being installed, so be sure to consider loading it (first URL below). You can read Paul's original story about the service pack on our WinInfo Web site (second URL below). http://support.microsoft.com/default.aspx?scid=kb;en-us;q307841 http://www.wininformant.com/articles/index.cfm?articleid=23492 One slick feature of SP1 is its ability to read nonsecure email as plain text. As you'll learn in Microsoft article Q307594, by adjusting an Outlook-related registry key, all nondigitally-signed email and nonencrypted email will appear in plain text whether the message is opened separately or displayed in the preview pane. Individual users can use the feature, and administrators can set policies for Outlook 2002 that apply across the enterprise. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307594 On December 4, I wrote a news story about Russ Cooper's NoHTML tool (first URL below) for Outlook 2002 and Outlook 2000 clients. The new functionality in SP1 goes beyond the capability Cooper introduced; however, SP1 contains no such feature for Outlook 2000 clients, so Cooper's tool is a great way to introduce more security into those products. You can find the tool by going to the second URL below. http://www.secadministrator.com/articles/index.cfm?articleid=23391 http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38 This week, I learned about a new Java-based packet sniffer and analyzer called Mognet, which is free and comes complete with source code. It runs on handheld devices or on desktops and is available under the GNU General Public License (GPL). http://chocobospore.org/mognet Until the next issue, on January 2, have a great holiday. Mark Joseph Edwards, News Editor, markat_private ******************** ~~~~ SPONSOR: LIEBERMAN & ASSOCIATES--SHORE UP YOUR BACK DOORS ~~~~ THE NEW YEAR IS KNOCKING! Use your year-end budget dollars for management tools you have always wanted. With Service Account Manager you can report and change service settings on all your servers in seconds. With User Manager Pro you can make the same changes to all your workstations in a few mouse clicks. Get the award winning tools you've been waiting for all year. Year-end discounts through December 31. Microsoft Gold Certified FREE TRIAL at http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4 2. ==== SECURITY RISK ==== * DOS IN WIN2K INTERNET KEY EXCHANGE A Denial of Service (DoS) condition exists in Microsoft Windows 2000 Internet Key (IKE) Exchange Service. If an attacker connects to a Win2K system on port 500 and floods the service with UDP packets of 800 bytes or greater, the system stops responding. Microsoft has not released a fix or workaround for this problem. As a temporary workaround, affected users who aren't using IP Security (IPSec) in their Win2K firewall can turn off port 500. http://www.secadministrator.com/articles/index.cfm?articleid=23515 3. ==== ANNOUNCEMENTS ==== * CHECK OUT THE NEW WEBSPHERE PROFESSIONAL SITE! Look to this great new site for invaluable resources, such as our V4 Portal, which brings you fast, in-depth information about V4, the WebSphere Road Map that will help you get started, DocFinder for help finding IBM WebSphere reference materials, and forums for your questions and comments. While you're there, sign up for FREE email newsletters with news you can use! http://www.webspherepro.com * WHAT DOES A CONNECTED HOME LOOK LIKE? You've never seen anything like the Connected Home Magazine Virtual Tour. Experience (room by room) the latest home entertainment, home networking, and home automation options that are going to change how you work and play. While you're there, enter to win a free copy of Windows XP! http://www.connectedhomemag.com/virtualtour 4. ==== SECURITY ROUNDUP ==== * NEWS: A QUICK LOOK AT THE FIRST OFFICE XP SERVICE PACK Microsoft expects last week's Office XP Service Pack 1 (SP1) release to usher in a new era of corporate adoptions of the product because many organizations wait for the first consolidated update package before upgrading. In this case, that expectation is probably warranted: In addition to focusing on the three general areas of security, stability, and performance, Office XP SP1 includes a number of Windows XP-specific performance improvements that let the two systems work more efficiently together. Paul Thurrott spoke with Office XP product manager Nicole von Kaenel about the release (see URL below). http://www.secadministrator.com/articles/index.cfm?articleid=23525 * NEWS: BLACKICE NOW OFFERS VPN PROTECTION Internet Security Systems (ISS) announced BlackICE Agent for Workstations 3.1, a combination firewall and Intrusion Detection System (IDS) that analyzes network activity on servers, workstations, and network segments that VPN connections use. The product can protect mobile users, remote users, and systems inside a network perimeter. Learn more about the new version at the following URL. http://www.secadministrator.com/articles/index.cfm?articleid=23466 * NEWS: SPECIALLY FORMED SCRIPT IN HTML MAIL CAN EXECUTE IN EXCHANGE 5.5 OWA Microsoft released a patch for Exchange Server 5.5 to fix an Outlook Web Access (OWA) problem in which special script in an HTML-format message could execute and perform operations on the user's Exchange mailbox when the user opens the message. This patch is suitable only for OWA servers running Internet Explorer (IE) 5.0 or later. Because no full set of security patches exists for IE 5.0, Microsoft recommends that companies with earlier versions of IE upgrade their OWA servers to either IE 5.5 Service Pack 2 (SP2) or IE 6.0. http://www.microsoft.com/technet/security/bulletin/ms01-057.asp * FEATURE: SECURING EXCHANGE 2000 SERVERS In this feature article for Exchange and Outlook UPDATE, Tony Redmond discusses techniques that can help you better secure your Microsoft Exchange Servers. Be sure to stop by our Web site and check it out! http://www.secadministrator.com/articles/index.cfm?articleid=23516 5. ==== HOT RELEASE (ADVERTISEMENT) ==== * SPONSORED BY VERISIGN -- THE VALUE OF TRUST Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn about using SSL to encrypt e-commerce transactions. Get it now! http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0Lo50AP 6. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I ENABLE USERS TO SET THE ADMINISTRATOR PASSWORD DURING A REMOTE INSTALLATION SERVICES INSTALLATION? ( contributed by John Savill, http://www.windows2000faq.com ) A. When you use the Microsoft Remote Installation Services (RIS), by default the Administrator password is set to null (blank) during the installation. You can, however, let the user set a password during the final GUI portion of installation by following these steps: On the RIS server, open the .sif file of the installation you want to modify. By default, this file is in the RemoteInstall\Setup\[language]\Images\[folder name]\I386\Templates folder with a name of ristndrd.sif. Go to the [GuiUnattended] section of the .sif file, and find the following line: AdminPassword = * Change this line to read as follows: AdminPassword = "" Save the change. During installation, the system will prompt the user to type an Administrator password. You should test this change to ensure that it works correctly. As a side note, instead of "" you could type a password (e.g., AdminPassword = "fred"), which sets the Administrator password to the password you specify and doesn't prompt the user. However, this password travels as clear text, so I don't recommend this approach. The Microsoft Windows 2000 Server Resource Kit describes another option: You can use a Custom Installation Wizard and let the user type in a password. However, this approach is quite complex. 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * SECURITY PARTNERSHIP Symantec and TruSecure announced a partnership that lets Symantec Security Services use the TruSecure Service Provider 2001 service to certify the security position of its Security Operations Centers. Symantec Security Services will offer its customers the TruSecure 2001 service, which provides a process for managing information security risks. TruSecure will also utilize NetRecon, Symantec's vulnerability assessment tool, as part of its security assurance services. Contact Symantec at 408-517-8000. http://www.symantec.com * PROTECT YOUR PASSWORD SSH Communications Security released SSH Secure Shell 3.1, software that protects you from people who try to steal passwords from the Internet. The software supports Online Certificate Status Protocol for improved security through realtime verification of a certificate's validity. The new version also supports Secure File Transfer Protocol event logging at the server end, enabling recording of user actions for improved security. Pricing starts at $99 per workstation license, $475 per UNIX server license, and $565 per Windows server license. Contact SSH Communications Security at 650-251-2700. http://www.ssh.com 8. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: To Whom Do I Report an Ongoing Attack? (Four messages in this thread) Our server was hit earlier this year with the Code Red worm. I applied all the recommended security fixes. However, our server continues to log ongoing probes from changing IP addresses in the Web service log. Every day we get hits searching for root.exe and cmd.exe in different directories. Currently, I manually enter all originating IP addresses in the "Excluded Computer" property sheet in the Directory Security tab. However, I want to track down the perpetrators and stop the probes. The machine is running an intranet site and needs to be connected so employees in different states can access it. Is there any law enforcement entity or other agency that can help? Can you help? Read the responses or lend a hand at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=87730 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: How Can I Monitor Third-Party Email? (Six messages in this thread) Sebastian wonders how a business can monitor the email messages that users send using third-party mail servers such as Hotmail and Yahoo. Can you help? Read the responses or lend a hand at the following URL: http://184.108.40.206/listserv/page_listserv.asp?a2=ind0112b&L=howto&F=&S=&P=84 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security_UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 16:34:47 PST