******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET, 2000, and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ LANguard Security Event Log Monitor: FREE Offer! http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0p2F0Ab Lieberman & Associates http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0p2G0Ac (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: LANGUARD SECURITY EVENT LOG MONITOR: FREE OFFER! ~~~~ Catch hackers red-handed with GFI's LANguard S.E.L.M.! Performs intrusion detection through network-wide monitoring of the security event logs of all NT/2000 servers and workstations. Enables you to respond quickly to important security events, without spending hours examining logs. Notifies administrators of critical security events in real time and provides tips for interpreting events. Through its pre- built event viewer filters, LANguard S.E.L.M. allows you to check for high, medium or low security events as often as needed. You can use its report module for in-depth investigations and trends analysis. Get your FREE starter pack (1 server/5 workstations) and white papers today from: http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0p2F0Ab ~~~~~~~~~~~~~~~~~~~~ January 9, 2002--In this issue: 1. IN FOCUS - Security Audits Lead to Proactive Defense 2. SECURITY RISKS - Multiple Vulnerabilities in Microsoft SQL Server 2000 and 7.0 - Buffer Overflow in AOL AIM 3. ANNOUNCEMENTS - Don't Miss the Best Computer Security Event Around! - If You Like Reading This UPDATE, You'll Love... 4. SECURITY ROUNDUP - News: Antivirus Vendors Warn of Worm and ClickTillUWin Trojan Horse - News: GAO Releases Planning Guide for Security Audits - News: Counterpane Introduces New Managed Protection Service - News: Top Stories of 2001, #1: Security and Privacy Problems Dog Microsoft - News: GFI Updates Its Email Vulnerability Testing - News: SecureWave Announces Upgraded Buffer-Overflow Protection - News: Stiffer Penalties and New Technologies to Fight Cybercrime - News: Microsoft Releases Cumulative IE Patch - News: Tales of the Bizarre: Al Qaeda Allegedly Hacked Microsoft - News: FireProof Now Works with Microsoft ISA Server - News: A Quick Look at the First Office XP Service Pack 5. HOT RELEASE - Sponsored by VeriSign--The Value of Trust 6. SECURITY TOOLKIT - Virus Center Virus Alert: Maldal.G - FAQ: How Can I Move or Copy Scheduled Tasks Between Machines? 7. NEW AND IMPROVED - Content Security Software - Protect Corporate Networks 8. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: How to Restrict Terminal Server Users - HowTo Mailing List: - Featured Thread: If You Had to Do It Over 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== * SECURITY AUDITS LEAD TO PROACTIVE DEFENSE Hello everyone, When did you last conduct an audit of your business environment's security? You need to perform some level of audit about every 3 months to ensure a level of compliance that meets your business needs. Audits are sometimes complex to undertake, and you must go through a learning curve to arrive at a reasonable process. You can learn the audit process by trial and error, by following published guidelines, or by hiring a consulting firm to help you. The latter two methods are probably best because trial and error can lead to significant security breaches that are expensive to remedy. If you're interested in hiring a consulting firm to assist with an audit, you'll find numerous firms that can help. One company, Counterpane Internet Security, sent me an email recently that told how it helps companies audit and monitor ongoing security conditions involving their networks. You can read more about Counterpane's offerings by going to the URL listed in the related news story in the SECURITY ROUNDUP section of this newsletter. If you decide to use published guidelines to help develop a process for performing audits or for gauging a consulting firm's audit process, you'll be interested to know about an audit planning guide that the US Government Accounting Office (GAO) published recently. The 60-page guide offers advice about conducting reasonable audits and includes form templates to help expedite the process. You can read more about the document by going to the URL listed in our related news story in the SECURITY ROUNDUP section of this newsletter. If you don't conduct security audits of your business regularly, you leave your business vulnerable to unknown risks and lacking countermeasures. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor markat_private ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: LIEBERMAN & ASSSOCIATES ~~~~ THE HAMMER. FAST, SIMPLE AND EFFICIENT. And so are our tools, which slam down the changes you want to make across all machines at incredible speeds. With our User Manager Pro you can make the same changes to all your workstations in just a few mouse clicks. With our Service Account Manager you can report and change service settings on all your servers in seconds. Award winning. Microsoft Gold Certified. FREE TRIAL http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0p2G0Ac ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * MULTIPLE VULNERABILITIES IN MICROSOFT SQL SERVER 2000 AND 7.0 Multiple vulnerabilities exist in Microsoft SQL Server 2000 and 7.0. The first vulnerability is a result of several functions that let the SQL database generate text messages. By not adequately verifying that the text fits into the allocated buffer space, SQL Server can cause a buffer overrun using the service's security context. The second vulnerability results from a format string error in the C runtime functions that SQL Server calls when you install the software on Windows XP, Windows 2000, and Windows NT 4.0 systems. An attacker can use this vulnerability to cause a Denial of Service (DoS) condition. Users can learn details about these vulnerabilities on the discoverer's Web site. Microsoft has released Security Bulletin MS01-060 to address these vulnerabilities and recommends that affected users immediately apply the patches provided with the bulletin. Microsoft cautions users about the risk of applying the C runtime patch--if a regression error were to result from applying the patch, the results might be widespread and damaging. http://www.secadministrator.com/articles/index.cfm?articleid=23639 * BUFFER OVERFLOW IN AOL AIM A buffer overflow exists in AOL Instant Messenger (AIM) that an attacker can use to remotely execute commands on the vulnerable system. A buffer overrun condition in the parsing code used to parse game requests causes this vulnerability. Users can find details about this vulnerability on the discoverer's Web site. AOL has patched its servers to correct this vulnerability. AOL's servers now have an overly long game request parsed so that the vulnerability no longer triggers the overflow on the AIM client. http://www.secadministrator.com/articles/index.cfm?articleid=23701 3. ==== ANNOUNCEMENTS ==== * DON'T MISS THE BEST COMPUTER SECURITY EVENT AROUND! The Black Hat Briefings & Training: Windows Security 2002 event (running February 5 through 8, 2002) is filling up fast. Microsoft is on board as a new Platinum sponsor, joining PriceWaterhouseCoopers. All-star speakers are being added weekly. Join 500 colleagues in New Orleans during the peak of Mardi Gras. http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0pHV0AF * IF YOU LIKE READING THIS UPDATE, YOU'LL LOVE... Windows & .NET Magazine UPDATE. Every Tuesday, we deliver news, commentary, and tips so that, in about 5 minutes, you can catch up on the latest Windows industry happenings, learn a new skill, and face your day a little more informed. It's free, so subscribe today! http://www.winnetmag.com/email/index.cfm?id=1 4. ==== SECURITY ROUNDUP ==== * NEWS: ANTIVIRUS VENDORS WARN OF ZACKER WORM AND CLICKTILLUWIN TROJAN HORSE Antivirus software vendors warn about a new worm and Trojan horse. The worm attempts to delete security software, and the worm sends private information offsite. http://www.secadministrator.com/articles/index.cfm?articleid=23667 * NEWS: GAO RELEASES PLANNING GUIDE FOR SECURITY AUDITS The US General Accounting Office (GAO) has released a set of guidelines that help audit information systems to arrive at a more acceptable level of security. http://www.secadministrator.com/articles/index.cfm?articleid=23645 * NEWS: COUNTERPANE INTRODUCES NEW MANAGED PROTECTION SERVICE Counterpane Internet Security introduced Counterpane Protected Service, a new managed service that helps companies address evolving security risks. http://www.secadministrator.com/articles/index.cfm?articleid=23638 * NEWS: TOP STORIES OF 2001, #1: SECURITY AND PRIVACY PROBLEMS DOG MICROSOFT It was a tough year for the integrity of Microsoft's products. Integrity encompasses a number of things, including basic security, privacy, and reliability concerns, and also a general feeling of trust one has in a given product. http://www.secadministrator.com/articles/index.cfm?articleid=23631 * NEWS: GFI UPDATES ITS EMAIL VULNERABILITY TESTING GFI, makers of Mail essentials for Exchange/SMTP, has updated its email vulnerability testing to include tests for two known vulnerabilities in Outlook XP that Outlook's built-in security features don't completely protect. http://www.secadministrator.com/articles/index.cfm?articleid=23637 * NEWS: SECUREWAVE ANNOUNCES UPGRADED BUFFER-OVERFLOW PROTECTION SecureWave announced the release of SecureStack 2.0, an upgraded version of its buffer-overflow protection software. http://www.secadministrator.com/articles/index.cfm?articleid=23558 * NEWS: STIFFER PENALTIES AND NEW TECHNOLOGIES TO FIGHT CYBERCRIME If legislators pass H.R. 3482, criminals will face stiffer penalties when breaking the law while using the Internet. H.R. 3482 will let federal prosecutors impose stiffer penalties depending on a variety of factors. http://www.secadministrator.com/articles/index.cfm?articleid=23551 * NEWS: MICROSOFT RELEASES CUMULATIVE IE PATCH Microsoft released a new patch that fixes all known security vulnerabilities in Internet Explorer (IE) 6.0 and IE 5.5 Service Pack 2 (SP2). http://www.secadministrator.com/articles/index.cfm?articleid=23548 * NEWS: TALES OF THE BIZARRE: AL QAEDA ALLEGEDLY HACKED MICROSOFT According to a captured al Qaeda member, members of the group were able to pose as programmers and get jobs at Microsoft, where they attempted to plant "Trojans, trapdoors, and bugs in Windows XP." http://www.secadministrator.com/articles/index.cfm?articleid=23535 * NEWS: FIREPROOF NOW WORKS WITH MICROSOFT ISA SERVER Radware announced today that its FireProof product now works with Microsoft Internet Security and Acceleration (ISA) Server 2000. http://www.secadministrator.com/articles/index.cfm?articleid=23543 * NEWS: A QUICK LOOK AT THE FIRST OFFICE XP SERVICE PACK Microsoft expects last week's Office XP Service Pack 1 (SP1) release to usher in a new era of corporate adoptions of the product because many organizations wait for the first consolidated update package before upgrading http://www.secadministrator.com/articles/index.cfm?articleid=23525 5. ==== HOT RELEASE ==== SPONSORED BY VERISIGN--THE VALUE OF TRUST Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and learn about using SSL to encrypt e-commerce transactions. Get it now! http://list.winnetmag.com/cgi-bin3/flo?y=eKAC0CJgSH0CBw0Lo50Aj 6. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * VIRUS ALERT: MALDAL.G The Maldal.G worm, aka Zacker, is a worm compressed with the ASPack compressor. The worm infects systems running Microsoft Outlook by spreading itself to names listed in a user's address book and by looking for email addresses in Web pages cached on a user's system. Zacker comes as a message that might have any of a variety of subjects and contains a lengthy body of text. The worm attempts to delete numerous security-related directories on a system, including those that belong to ZoneAlarm, Antiviral Toolkit Pro, F-Protect, eSafe, PC- Cillin, Quick Heal, FindVirus, McAfee Antivirus, and Norton Antivirus. The worm also deletes several types of files on an affected system, including HTML; Microsoft Word, Excel, and PowerPoint documents; Microsoft Access databases; Zip files; JPG images; and MPEG audio and video. Affected file extensions include .htm, .pps, .php, .html, .com, .bat, .mdb, .xls, .doc, .lnk, .ppt, .jpg, .mpeg, .ini, .dat, .zip, and .txt. http://18.104.22.168/panda/index.cfm?fuseaction=virus&virusid=1132 * FAQ: HOW CAN I MOVE OR COPY SCHEDULED TASKS BETWEEN MACHINES? ( contributed by John Savill, http://www.windows2000faq.com ) A. You can move or copy tasks between machines thanks to a Scheduled Tasks feature that appears as a property of computers available under My Network Places. To move or copy a task between machines, follow these steps: 1. Open Scheduled Tasks on your local machine (go to Start, Settings, Control Panel, Scheduled Tasks). 2. Right-click the task you want to move or copy. 3. If you want to copy the task, select Copy; if you want to move the task, select Cut. 4. Open My Network Places in Windows Explorer, expand the domain or workgroup, and select the target machine to which you want to copy or move the task. 5. Right-click the target machine's Scheduled Tasks, and click Paste. The task will now appear on the target machine under Scheduled Tasks. Make sure that the task you copy or move will work on the remote machine (e.g., ensure that the target application exists on the machine and that parameters are valid). 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * CONTENT SECURITY SOFTWARE Authentica released PageRecall 3.0 and NetRecall 3.0, content security software for electronic documents and Web-based content. Both products feature automatic proxy detection, and NetRecall features audio file encryption and tight integration with Microsoft Office XP. Pricing is based on concurrent users and server configuration and starts at $17,500 for a 100-user environment. Contact Authentica at 781-487-2600. http://www.authentica.com * PROTECT CORPORATE NETWORKS InfoExpress announced an alliance with Alcatel to provide a secure, integrated VPN and firewall solution to safeguard corporate networks. InfoExpress' enterprise personal firewall, CyberArmor, was tested and certified interoperable with Alcatel's Secure VPN Client software on various hardware platforms. CyberArmor detects when the Alcatel Secure VPN Client is active and dynamically applies the appropriate customized security policy. Pricing for CyberArmor starts at $59 per seat. Contact InfoExpress at 650-623-0260. http://www.infoexpress.com 8. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: How to Restrict Terminal Server Users (Two messages in this thread) Prashant is using Windows NT Terminal Server 4.0 with Citrix Metaframe 1.8, and his users access more than two applications at a time using the Citrix client. He noticed that if a user leaves the application field blank in the Citrix client, the user gets the server's desktop instead of an application. Prashant wants to restrict users from being able to get a server desktop. Do you know how to make that restriction? If so, lend a hand at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=90417 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: If You Had to Do It Over (One message in this thread) Jack wants to know how to lay a solid foundation of knowledge in the Internet/network security field, especially areas such as intrusion detection, scanning, firewalls, forensics, incident response, and projects such as "The Honeynet Project." For example, if you had the ability to go back and learn everything again, how would you go about doing that? For someone who already works in the IT field, has a strong interest in security, and wants to seriously pursue this field, what are the steps he or she should take in order to get going on the right path--the solid path, the one with no shortcuts? Can you help? Read the responses or lend a hand at the following URL: http://22.214.171.124/listserv/page_listserv.asp?a2=ind0201a&l=howto&p=1790 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 09:57:34 PST