********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET, 2000, and NT systems.
http://www.secadministrator.com
********************
~~~~ THIS ISSUE SPONSORED BY ~~~~
VeriSign--The Value of Trust
http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0p5N0AQ
~~~~~~~~~~~~~~~~~~~~
~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~
Is your e-business secure enough? Learn why it's vital to encrypt your
business transactions, secure your intranets, and authenticate your Web site
with the strongest encryption available--128-bit SSL. To learn more, get
VeriSign's FREE Guide, "Securing Your Web Site for Business" now:
http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0p5N0AQ
~~~~~~~~~~~~~~~~~~~~
January 30, 2002--In this issue:
1. IN FOCUS
- Active Directory Security: Forests and Domains
2. SECURITY RISKS
- FTP Bounce Vulnerability in SpoonFTP
- Arbitrary Execution Vulnerability in PHP 4.0
3. ANNOUNCEMENTS
- Microsoft TechEd 2002: The Definitive Microsoft Conference for Building
Integrated Solutions
- New! ADO.NET Webinar Series!
4. SECURITY ROUNDUP
- News: KaVaDo Offers Web Application Security Scanner and Protection
- News: Central Command Offers Discount Antivirus Software to Schools
- News: Second Annual BNA Security Summit, February 27-28, in Washington,
D.C.
- News: RapidStream Announces High-Performance Security Appliances
- News: Halifax Provides Security to Veteran's Affairs and IRS
- News: Top Stories of 2001, #8: .NET and Open Alternatives Fight for the
Future
- Feature: Exchange Server Antivirus Software Buyer's Guide
- News Correction: Reflex Magnetics ScreenMail for Outlook
5. INSTANT POLL
- Results of Previous Poll: Performing Full Security Audits
- Instant Poll: Single or Multiple Forests?
6. SECURITY TOOLKIT
- Virus Center
- FAQ: How Can I Execute Microsoft Snap-in Console Files Without Typing the
.msc Extension?
7. NEW AND IMPROVED
- Test Email Vulnerabilities
- Understand Internet Security Concepts
8. HOT THREADS
- Windows & .NET Magazine Online Forums
- Featured Thread: WFV Folders in the System Root Folder
- HowTo Mailing List
- Featured Thread: VPN Clients Not Connecting
9. CONTACT US
See this section for a list of ways to contact us.
~~~~~~~~~~~~~~~~~~~~
1. ==== IN FOCUS ====
* ACTIVE DIRECTORY SECURITY: FORESTS AND DOMAINS
Hello everyone,
Have you seen Microsoft's white paper, "Design Considerations for Delegation of
Administration in Active Directory"? Microsoft published the paper in November
2001, and you can download it at the company's Web site (see URL below). The
paper discusses design concerns regarding the trust of service owners. Gartner
Group's John Enck--former Lab Manager for Windows NT Magazine--brought the paper
to my attention recently because of its recommendations.
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/addeladmi
n.asp
In the paper's conclusion, Microsoft says companies "can deploy a single forest
design with a single IT organization owning all forest and domain service
management, and delegate data autonomy or isolation to other organizations by
using [organizational units] OUs." The paper goes on to say, "Some organizations
have specific autonomy or isolation requirements that make trusting a central
service owner impractical or unwise. These organizations can deploy multiple
forest designs, and enable inter-forest collaboration through additional
management systems such as Microsoft Metadirectory Services (MMS)."
So you need to build your Active Directory (AD) infrastructure carefully
because, as the paper also points out, "Domain owners cannot prevent forest
owners from controlling their services and accessing their data," and anyone
joining a forest must trust service owners. In addition, the paper outlines
several potentially exploitable circumstances that exist when you trust service
owners in a single-forest model. Therefore, for maximum security with AD, you
need to use multiple forests. Be sure to read the white paper for more details
about the risks of a single-forest model.
We're conducting a new poll this week to learn about your AD structure. "Do you
use a single-forest or multiple-forest design with Active Directory, and if you
use a single-forest design, will you change to multiple?" Visit our home page
and give us your answer.
Until next time, have a great week.
Sincerely,
Mark Joseph Edwards, News Editor
mark@ntsecurity.net
2. ==== SECURITY RISKS ====
(contributed by Ken Pfeil, ken@winnetmag.com)
* FTP BOUNCE VULNERABLITY IN SPOONFTP
Arne Vidstrom discovered a vulnerability in Pi-Soft's SpoonFTP that can
result in an attacker being able to bounce a connection through the vulnerable
server and attack a third-party host. An intruder can also launch this FTP
bounce attack from ports lower than 1024, to which the attacker typically
doesn't have user access. The vendor, Pi-Soft Consulting, has released version
1.2, which fixes this vulnerability.
http://www.secadministrator.com/articles/index.cfm?articleid=23886
* ARBITRARY EXECUTION VULNERABILITY IN PHP 4.0
Paul Brereton discovered a vulnerability in PHP 4.0 for Windows using Apache
Web Server 2.0. By exploiting PHP's ability to view files residing outside the
normal HTML root directory, an attacker can execute arbitrary code by inserting
a malicious PHP-based command into the Apache log file. PHP has been notified,
but no fix is currently available.
http://www.secadministrator.com/articles/index.cfm?articleid=23887
3. ==== ANNOUNCEMENTS ====
* MICROSOFT TECHED 2002: THE DEFINITIVE MICROSOFT CONFERENCE FOR BUILDING
INTEGRATED SOLUTIONS
Come to New Orleans April 9 through 13 for the 10th anniversary of TechEd.
Immerse yourself in .NET Enterprise Server, Windows .NET Server, and Visual
Studio .NET. Register by February 8, 2002, and you'll also save $400. For
details, go to the following URL:
http://msdn.microsoft.com/events/teched/go/2002learn
* NEW! ADO.NET WEBINAR SERIES!
Don't miss "ADO.NET for the Developer," a new series of three separate
Webinars brought to you by SQL Server Magazine. Each information-packed session
is taught by noted SQL Server expert William Vaughn. Don't delay--the first
session, "Introduction to ADO.NET for ADO Classic Developers" is February 5! For
more information or to register, go to the following URL:
http://list.winnetmag.com/cgi-bin3/flo?y=eKWS0CJgSH0CBw0qX50Ab
4. ==== SECURITY ROUNDUP ====
* NEWS: KAVADO OFFERS WEB APPLICATION SECURITY SCANNER AND PROTECTION
KaVaDo announced a new Web application security scanner, ScanDo, that mimics
the actions of an attacker to help identify security weaknesses. ScanDo analyzes
Web site content for potential vulnerabilities in forms, Web code, and scripts.
http://www.secadministrator.com/articles/index.cfm?articleid=23869
* NEWS: CENTRAL COMMAND OFFERS DISCOUNT ANTIVIRUS SOFTWARE TO SCHOOLS
Central Command is offering its Vexira Antivirus software to accredited
colleges, high schools, junior high schools, and grade schools for $1.79 per 1-
year license.
http://www.secadministrator.com/articles/index.cfm?articleid=23874
* NEWS: SECOND ANNUAL BNA SECURITY SUMMIT, FEBRUARY 27-28, IN WASHINGTON, D.C.
Pike & Fischer and parent company BNA announced the second annual BNA Summit
to be held February 27 and 28 at the Omni Shoreham in Washington, D.C.
http://www.secadministrator.com/articles/index.cfm?articleid=23876
* NEWS: RAPIDSTREAM ANNOUNCES HIGH-PERFORMANCE SECURITY APPLIANCES
RapidStream announced a new line of high-performance security appliances that
it has built around Check Point Software Technologies' Check Point VPN-1 and
Check Point Firewall software.
http://www.secadministrator.com/articles/index.cfm?articleid=23866
* NEWS: HALIFAX PROVIDES SECURITY TO VETERAN'S AFFAIRS AND IRS
Halifax announced that the US Department of Veteran's Affairs and the
Internal Revenue Service (IRS) have selected the company to provide their
network security.
http://www.secadministrator.com/articles/index.cfm?articleid=23871
* NEWS: TOP STORIES OF 2001, #8: .NET AND OPEN ALTERNATIVES FIGHT FOR THE FUTURE
After Microsoft made it clear throughout 2000 that it was moving toward a
future of Web services originally called Next Generation Windows Services
(NGWS), Microsoft revamped its strategy, renamed it .NET, and entered 2001 ready
to deliver on some of its promises
http://www.secadministrator.com/articles/index.cfm?articleid=23824
* FEATURE: EXCHANGE SERVER ANTIVIRUS SOFTWARE BUYER'S GUIDE
Gauging how serious a threat email viruses pose is difficult because of the
many hoaxes and relatively benign viruses that exist. But a viral infection is
never a good thing, and email viruses are especially nefarious because they
usually spread infection as soon as you open the attachment. Although your end
users should maintain an antivirus solution on their desktops, ensuring that
users' virus scanners are regularly updated--or are even running--is difficult.
The most seamless and transparent way to maintain a virus-free Microsoft
Exchange Server environment is to use a server-side virus scanner. This buyer's
guide helps you learn about several great server-side scanners.
http://www.secadministrator.com/articles/index.cfm?articleid=23564
* NEWS CORRECTION: REFLEX MAGNETICS SCREENMAIL FOR OUTLOOK
Last week SECURITY ROUNDUP announced that UK-based Reflex Magnetics is
offering its new ScreenMail plugin for Outlook free of charge. It should have
been "free of charge to charitable organizations." We regret any inconvenience
this might have caused you.
5. ==== INSTANT POLL ====
* RESULTS OF PREVIOUS POLL: PERFORMING FULL SECURITY AUDITS
The voting has closed in Windows & .NET Magazine's Security Administrator
Channel nonscientific Instant Poll for the question, "How often does your
organization perform full security audits?" Here are the results (+/-2percent)
from the 177 votes:
10% 1) Every 3 months or more often
10% 2) Every 3 to 6 months
18% 3) Every 6 months to a year
63% 4) Rarely or after a significant breach
* INSTANT POLL: SINGLE OR MULTIPLE FORESTS?
The current Instant Poll question is, "Do you use a single-forest or
multiple-forest design with Active Directory, and if you use a single-forest
design, will you change to multiple?" The choices are 1) Single forest and won't
change, 2) Single forest but changing to multiple, or 3) Multiple forests. Go to
the Security Administrator Channel home page and submit your vote.
http://www.secadministrator.com
6. ==== SECURITY TOOLKIT ====
* VIRUS CENTER
Panda Software and the Windows & .NET Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
http://www.secadministrator.com/panda
VIRUS ALERT: MYPARTY
The MyParty worm (also known as W32/Myparty@MM) is written in Visual C++ and
compressed with Ultimate Packer for Executables (UPX). The worm spreads in email
by sending copies of itself to everyone listed in a user's address book. The
worm propagates as a file attachment called www.myparty.yahoo.com.
The worm arrives with a message subject of "New photos from my party!" with a
message body that reads, "Hello, My party... It was absolutely amazing! I have
attached my Web page with new photos! If you can please make color prints of my
photos. Thanks!"
When the recipient opens the attachment, the worm executes and copies itself
to the C:\Recycled folder with a filename of regctrl.exe. The worm also copies a
file called msstask.exe to the Startup directory and uses this file to spread
itself.
http://www.secadministrator.com/panda/index.cfm?fuseaction=virus&virusid=1137
* FAQ: HOW CAN I EXECUTE MICROSOFT SNAP-IN CONSOLE FILES WITHOUT TYPING THE .MSC
EXTENSION?
( contributed by John Savill, http://www.windows2000faq.com )
A. By default, you don't have to type the extension to run certain file types
(e.g., .exe, .bat). To add the Microsoft Snap-in Console to this list, you need
to add .msc to your PATHEXT variable. To change this setting for one command
session, type
set pathext=%pathext%;.msc
To change this setting for all of Windows, you need to modify the system
environment variable by performing the following steps (click OK when prompted
to close each dialog box):
1. Start the Control Panel System applet (go to Start, Settings, Control Panel,
System).
2. Select the Advanced tab.
3. Click Environment Variables.
4. Under "System variables," double-click PATHEXT.
5. Click Edit and add ;.msc to the end of the string, then click OK.
You can now start the Microsoft Snap-in Console without typing the .msc file
extension after the snap-in filename (e.g., devmgmt).
8. ==== NEW AND IMPROVED ====
(contributed by Scott Firestone, IV, products@winnetmag.com)
* TEST EMAIL VULNERABILITIES
GFI's Email Security Testing Zone launched two email tests that let Outlook
XP users check whether their system is vulnerable to email threats. Both tests
consist of an email message carrying an executable attachment in disguise. One
test contains a Class ID (CLSID) file extension; the other test has a malformed
HTML Application (HTA) file extension as its basis. You can sign up for the
tests by submitting your name and email address at GFI's Email Security Testing
Zone. You will then receive harmless tests by email that let you check for
vulnerabilities. Contact GFI at 919-388-3373 or 888-243-4329.
http://www.gfi.com
* UNDERSTAND INTERNET SECURITY CONCEPTS
Apress released "Developing Trust: Online Privacy and Security," a book by
Matt Curtin that provides an analysis of Internet security concepts. The book
also teaches you how to catch, identify, and repair flawed security design
techniques before you incorporate the design into the final product. The three
sections of the book are Understanding Security and Privacy, Prevention, and The
Cure. The 282-page book costs $39.95. Contact Apress at 510-549-5930.
http://www.apress.com
8. ==== HOT THREADS ====
* WINDOWS & .NET MAGAZINE ONLINE FORUMS
http://www.winnetmag.net/forums
Featured Thread: WFV Folders in the System Root Folder
(Ten messages in this thread)
A user writes that his system has numerous folders with the prefix WFV in the
system root folder, and the folders seem to be modified daily. He isn't sure
what the folders are and wonders whether anyone can help him determine what
creates and modifies them. Can you help?
http://www.secadministrator.com/forums/thread.cfm?thread_id=83610
* HOWTO MAILING LIST
http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
Featured Thread: VPN Clients Not Connecting
(Eight messages in this thread)
Jorgen has a Windows NT and RAS-based VPN established for remote workers. His
VPN in Sweden works fine, but his VPNs established in remote offices in other
countries don't work. He receives error messages that indicate the remote
computer isn't responding, or that the remote port isn't negotiating. Read the
responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0201d&l=howto&p=2233
9. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT IN FOCUS -- mark@ntsecurity.net
* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey@winnetmag.com (please
mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
* PRODUCT NEWS -- products@winnetmag.com
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate@winnetmag.com
* WANT TO SPONSOR SECURITY UPDATE? emedia_opps@winnetmag.com
********************
Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
|-+-+-+-+-+-+-+-+-+-|
Thank you for reading Security UPDATE.
SUBSCRIBE
To subscribe, send a blank email to mailto:Security-UPDATE_Sub@list.winnetmag.com.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 06:46:29 PST