******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET, 2000, and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ VeriSign--The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0p5N0AQ ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ Is your e-business secure enough? Learn why it's vital to encrypt your business transactions, secure your intranets, and authenticate your Web site with the strongest encryption available--128-bit SSL. To learn more, get VeriSign's FREE Guide, "Securing Your Web Site for Business" now: http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0p5N0AQ ~~~~~~~~~~~~~~~~~~~~ January 30, 2002--In this issue: 1. IN FOCUS - Active Directory Security: Forests and Domains 2. SECURITY RISKS - FTP Bounce Vulnerability in SpoonFTP - Arbitrary Execution Vulnerability in PHP 4.0 3. ANNOUNCEMENTS - Microsoft TechEd 2002: The Definitive Microsoft Conference for Building Integrated Solutions - New! ADO.NET Webinar Series! 4. SECURITY ROUNDUP - News: KaVaDo Offers Web Application Security Scanner and Protection - News: Central Command Offers Discount Antivirus Software to Schools - News: Second Annual BNA Security Summit, February 27-28, in Washington, D.C. - News: RapidStream Announces High-Performance Security Appliances - News: Halifax Provides Security to Veteran's Affairs and IRS - News: Top Stories of 2001, #8: .NET and Open Alternatives Fight for the Future - Feature: Exchange Server Antivirus Software Buyer's Guide - News Correction: Reflex Magnetics ScreenMail for Outlook 5. INSTANT POLL - Results of Previous Poll: Performing Full Security Audits - Instant Poll: Single or Multiple Forests? 6. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Execute Microsoft Snap-in Console Files Without Typing the .msc Extension? 7. NEW AND IMPROVED - Test Email Vulnerabilities - Understand Internet Security Concepts 8. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: WFV Folders in the System Root Folder - HowTo Mailing List - Featured Thread: VPN Clients Not Connecting 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== * ACTIVE DIRECTORY SECURITY: FORESTS AND DOMAINS Hello everyone, Have you seen Microsoft's white paper, "Design Considerations for Delegation of Administration in Active Directory"? Microsoft published the paper in November 2001, and you can download it at the company's Web site (see URL below). The paper discusses design concerns regarding the trust of service owners. Gartner Group's John Enck--former Lab Manager for Windows NT Magazine--brought the paper to my attention recently because of its recommendations. http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/addeladmi n.asp In the paper's conclusion, Microsoft says companies "can deploy a single forest design with a single IT organization owning all forest and domain service management, and delegate data autonomy or isolation to other organizations by using [organizational units] OUs." The paper goes on to say, "Some organizations have specific autonomy or isolation requirements that make trusting a central service owner impractical or unwise. These organizations can deploy multiple forest designs, and enable inter-forest collaboration through additional management systems such as Microsoft Metadirectory Services (MMS)." So you need to build your Active Directory (AD) infrastructure carefully because, as the paper also points out, "Domain owners cannot prevent forest owners from controlling their services and accessing their data," and anyone joining a forest must trust service owners. In addition, the paper outlines several potentially exploitable circumstances that exist when you trust service owners in a single-forest model. Therefore, for maximum security with AD, you need to use multiple forests. Be sure to read the white paper for more details about the risks of a single-forest model. We're conducting a new poll this week to learn about your AD structure. "Do you use a single-forest or multiple-forest design with Active Directory, and if you use a single-forest design, will you change to multiple?" Visit our home page and give us your answer. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor markat_private 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * FTP BOUNCE VULNERABLITY IN SPOONFTP Arne Vidstrom discovered a vulnerability in Pi-Soft's SpoonFTP that can result in an attacker being able to bounce a connection through the vulnerable server and attack a third-party host. An intruder can also launch this FTP bounce attack from ports lower than 1024, to which the attacker typically doesn't have user access. The vendor, Pi-Soft Consulting, has released version 1.2, which fixes this vulnerability. http://www.secadministrator.com/articles/index.cfm?articleid=23886 * ARBITRARY EXECUTION VULNERABILITY IN PHP 4.0 Paul Brereton discovered a vulnerability in PHP 4.0 for Windows using Apache Web Server 2.0. By exploiting PHP's ability to view files residing outside the normal HTML root directory, an attacker can execute arbitrary code by inserting a malicious PHP-based command into the Apache log file. PHP has been notified, but no fix is currently available. http://www.secadministrator.com/articles/index.cfm?articleid=23887 3. ==== ANNOUNCEMENTS ==== * MICROSOFT TECHED 2002: THE DEFINITIVE MICROSOFT CONFERENCE FOR BUILDING INTEGRATED SOLUTIONS Come to New Orleans April 9 through 13 for the 10th anniversary of TechEd. Immerse yourself in .NET Enterprise Server, Windows .NET Server, and Visual Studio .NET. Register by February 8, 2002, and you'll also save $400. For details, go to the following URL: http://msdn.microsoft.com/events/teched/go/2002learn * NEW! ADO.NET WEBINAR SERIES! Don't miss "ADO.NET for the Developer," a new series of three separate Webinars brought to you by SQL Server Magazine. Each information-packed session is taught by noted SQL Server expert William Vaughn. Don't delay--the first session, "Introduction to ADO.NET for ADO Classic Developers" is February 5! For more information or to register, go to the following URL: http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0qX50Ab 4. ==== SECURITY ROUNDUP ==== * NEWS: KAVADO OFFERS WEB APPLICATION SECURITY SCANNER AND PROTECTION KaVaDo announced a new Web application security scanner, ScanDo, that mimics the actions of an attacker to help identify security weaknesses. ScanDo analyzes Web site content for potential vulnerabilities in forms, Web code, and scripts. http://www.secadministrator.com/articles/index.cfm?articleid=23869 * NEWS: CENTRAL COMMAND OFFERS DISCOUNT ANTIVIRUS SOFTWARE TO SCHOOLS Central Command is offering its Vexira Antivirus software to accredited colleges, high schools, junior high schools, and grade schools for $1.79 per 1- year license. http://www.secadministrator.com/articles/index.cfm?articleid=23874 * NEWS: SECOND ANNUAL BNA SECURITY SUMMIT, FEBRUARY 27-28, IN WASHINGTON, D.C. Pike & Fischer and parent company BNA announced the second annual BNA Summit to be held February 27 and 28 at the Omni Shoreham in Washington, D.C. http://www.secadministrator.com/articles/index.cfm?articleid=23876 * NEWS: RAPIDSTREAM ANNOUNCES HIGH-PERFORMANCE SECURITY APPLIANCES RapidStream announced a new line of high-performance security appliances that it has built around Check Point Software Technologies' Check Point VPN-1 and Check Point Firewall software. http://www.secadministrator.com/articles/index.cfm?articleid=23866 * NEWS: HALIFAX PROVIDES SECURITY TO VETERAN'S AFFAIRS AND IRS Halifax announced that the US Department of Veteran's Affairs and the Internal Revenue Service (IRS) have selected the company to provide their network security. http://www.secadministrator.com/articles/index.cfm?articleid=23871 * NEWS: TOP STORIES OF 2001, #8: .NET AND OPEN ALTERNATIVES FIGHT FOR THE FUTURE After Microsoft made it clear throughout 2000 that it was moving toward a future of Web services originally called Next Generation Windows Services (NGWS), Microsoft revamped its strategy, renamed it .NET, and entered 2001 ready to deliver on some of its promises http://www.secadministrator.com/articles/index.cfm?articleid=23824 * FEATURE: EXCHANGE SERVER ANTIVIRUS SOFTWARE BUYER'S GUIDE Gauging how serious a threat email viruses pose is difficult because of the many hoaxes and relatively benign viruses that exist. But a viral infection is never a good thing, and email viruses are especially nefarious because they usually spread infection as soon as you open the attachment. Although your end users should maintain an antivirus solution on their desktops, ensuring that users' virus scanners are regularly updated--or are even running--is difficult. The most seamless and transparent way to maintain a virus-free Microsoft Exchange Server environment is to use a server-side virus scanner. This buyer's guide helps you learn about several great server-side scanners. http://www.secadministrator.com/articles/index.cfm?articleid=23564 * NEWS CORRECTION: REFLEX MAGNETICS SCREENMAIL FOR OUTLOOK Last week SECURITY ROUNDUP announced that UK-based Reflex Magnetics is offering its new ScreenMail plugin for Outlook free of charge. It should have been "free of charge to charitable organizations." We regret any inconvenience this might have caused you. 5. ==== INSTANT POLL ==== * RESULTS OF PREVIOUS POLL: PERFORMING FULL SECURITY AUDITS The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "How often does your organization perform full security audits?" Here are the results (+/-2percent) from the 177 votes: 10% 1) Every 3 months or more often 10% 2) Every 3 to 6 months 18% 3) Every 6 months to a year 63% 4) Rarely or after a significant breach * INSTANT POLL: SINGLE OR MULTIPLE FORESTS? The current Instant Poll question is, "Do you use a single-forest or multiple-forest design with Active Directory, and if you use a single-forest design, will you change to multiple?" The choices are 1) Single forest and won't change, 2) Single forest but changing to multiple, or 3) Multiple forests. Go to the Security Administrator Channel home page and submit your vote. http://www.secadministrator.com 6. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda VIRUS ALERT: MYPARTY The MyParty worm (also known as W32/Myparty@MM) is written in Visual C++ and compressed with Ultimate Packer for Executables (UPX). The worm spreads in email by sending copies of itself to everyone listed in a user's address book. The worm propagates as a file attachment called www.myparty.yahoo.com. The worm arrives with a message subject of "New photos from my party!" with a message body that reads, "Hello, My party... It was absolutely amazing! I have attached my Web page with new photos! If you can please make color prints of my photos. Thanks!" When the recipient opens the attachment, the worm executes and copies itself to the C:\Recycled folder with a filename of regctrl.exe. The worm also copies a file called msstask.exe to the Startup directory and uses this file to spread itself. http://www.secadministrator.com/panda/index.cfm?fuseaction=virus&virusid=1137 * FAQ: HOW CAN I EXECUTE MICROSOFT SNAP-IN CONSOLE FILES WITHOUT TYPING THE .MSC EXTENSION? ( contributed by John Savill, http://www.windows2000faq.com ) A. By default, you don't have to type the extension to run certain file types (e.g., .exe, .bat). To add the Microsoft Snap-in Console to this list, you need to add .msc to your PATHEXT variable. To change this setting for one command session, type set pathext=%pathext%;.msc To change this setting for all of Windows, you need to modify the system environment variable by performing the following steps (click OK when prompted to close each dialog box): 1. Start the Control Panel System applet (go to Start, Settings, Control Panel, System). 2. Select the Advanced tab. 3. Click Environment Variables. 4. Under "System variables," double-click PATHEXT. 5. Click Edit and add ;.msc to the end of the string, then click OK. You can now start the Microsoft Snap-in Console without typing the .msc file extension after the snap-in filename (e.g., devmgmt). 8. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * TEST EMAIL VULNERABILITIES GFI's Email Security Testing Zone launched two email tests that let Outlook XP users check whether their system is vulnerable to email threats. Both tests consist of an email message carrying an executable attachment in disguise. One test contains a Class ID (CLSID) file extension; the other test has a malformed HTML Application (HTA) file extension as its basis. You can sign up for the tests by submitting your name and email address at GFI's Email Security Testing Zone. You will then receive harmless tests by email that let you check for vulnerabilities. Contact GFI at 919-388-3373 or 888-243-4329. http://www.gfi.com * UNDERSTAND INTERNET SECURITY CONCEPTS Apress released "Developing Trust: Online Privacy and Security," a book by Matt Curtin that provides an analysis of Internet security concepts. The book also teaches you how to catch, identify, and repair flawed security design techniques before you incorporate the design into the final product. The three sections of the book are Understanding Security and Privacy, Prevention, and The Cure. The 282-page book costs $39.95. Contact Apress at 510-549-5930. http://www.apress.com 8. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: WFV Folders in the System Root Folder (Ten messages in this thread) A user writes that his system has numerous folders with the prefix WFV in the system root folder, and the folders seem to be modified daily. He isn't sure what the folders are and wonders whether anyone can help him determine what creates and modifies them. Can you help? http://www.secadministrator.com/forums/thread.cfm?thread_id=83610 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: VPN Clients Not Connecting (Eight messages in this thread) Jorgen has a Windows NT and RAS-based VPN established for remote workers. His VPN in Sweden works fine, but his VPNs established in remote offices in other countries don't work. He receives error messages that indicate the remote computer isn't responding, or that the remote port isn't negotiating. Read the responses or lend a hand at the following URL: http://126.96.36.199/listserv/page_listserv.asp?a2=ind0201d&l=howto&p=2233 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 06:46:29 PST