******************** Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET, 2000, and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ FREE--SANS Top Trends in Security Management http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rCF0AW Sponsored by VeriSign--The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0p5N0AO (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: FREE--SANS TOP TRENDS IN SECURITY MANAGEMENT ~~~~ What's the hottest trend shaping security this year? Read the FREE SANS report sponsored by NetIQ to find out. Learn what the top industry authorities had to say about security management in 2002. You'll gain valuable insights and expert advice on crucial topics including new threats, automated patching, and continuous monitoring. Don't get left behind--discover the top 8 security trends for 2002 now. Download the must-have report today! http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rCF0AW ~~~~~~~~~~~~~~~~~~~~ February 20, 2002--In this issue: 1. IN FOCUS - Serious Problems with SNMPv1 2. SECURITY RISKS - Buffer Overrun in Microsoft's SNMP Implementation - Multiple Vulnerabilities in Microsoft IE 3. ANNOUNCEMENTS - Get the CD-ROM That Has It All! - Want 24 x 7 Availability? 4. SECURITY ROUNDUP - News: Microsoft Responds to Visual C++ Vulnerability Charges - News: Microsoft Issues Critical IE Security Patch - News: WinInfo Short Takes: Week of February 11 - News: CrossTec Announces NetOP Remote Control for XP 5. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Access Shares on a Windows XP Machine from Windows Me and Windows 9x? 6. NEW AND IMPROVED - Firewall and VPN Appliance - Protect Data from Attacks 7. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: NT Server Firewall - HowTo Mailing List - Featured Thread: IIS Not Working After SSL Installation 8. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== * SERIOUS PROBLEMS WITH SNMPv1 Hello everyone, The Oulu University Secure Programming Group in Finland studied SNMPv1 and discovered that it contains several serious vulnerabilities. The group used its "PROTOS Test-Suite: c06-snmpv1" to perform the study. http://www.ee.oulu.fi/research/ouspg http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1 As you know, SNMP is a widely used tool that helps you manage and configure various network devices, including routers, firewalls, servers, and client systems. The vulnerabilities that the university group discovered include multiple problems with trap and request handling, which can lead to Denial of Service (DoS) attacks and service interruptions. In some cases, depending on the vendor hardware and software, an intruder can use the vulnerability to gain access to a given device. The Computer Emergency Response Team (CERT) has released an advisory regarding the problems, as have numerous vendors, including Cisco, Compaq, 3Com, Computer Associates (CA), Caldera, and Microsoft. You can read information related to the SNMP vulnerability in the article referenced in the SECURITY RISKS section of this newsletter, and you can find CERT's bulletin regarding the matter on its Web site. CERT also has an online FAQ that addresses 21 questions related to the risks the discovery presents. http://www.cert.org/advisories/CA-2002-03.html http://www.cert.org/tech_tips/snmp_faq.html The problems are serious, so if you use SNMP to help monitor and manage your network, be certain that you check with the appropriate vendors to be sure that you have the latest patches on all your SNMP-enabled devices. If you aren't sure which devices on your network are running SNMP, the SANS Institute has released a tool to help you discover SNMP daemons on your network (the daemons typically listen on port 161). The tool runs on Windows 2000 and Windows NT, and you don't need to have administrative access to run the tool. The tool scans for SNMP-enabled devices configured to use the community string of "Public" and also lets the user specify a particular community string. You can obtain a copy of the tool by sending email to snmptoolat_private SANS will send you a URL to a Web site from which you can download the tool, instructions, and related information. SNMP is one of the most common services that intruders exploit. If you don't need to use SNMP, or if you can use other methods of remote- device monitoring and management, consider disabling SNMP on all your network devices. Doing so will greatly reduce the risks to your network and reduce the chance of someone using your network devices to exploit other networks. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor markat_private ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ Is your e-business secure enough? Learn why it's vital to encrypt your business transactions, secure your intranets, and authenticate your Web site with the strongest encryption available--128-bit SSL. To learn more, get VeriSign's FREE Guide, "Securing Your Web Site for Business" now: http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0p5N0AO ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * BUFFER OVERRUN IN MICROSOFT'S SNMP IMPLEMENTATION A buffer overrun vulnerability in Microsoft's SNMP implementation can lead to a Denial of Service (DoS) attack or remote compromise of the system running SNMP. Microsoft has released Security Bulletin MS02- 006, which addresses this vulnerability. Microsoft is developing a patch, which the company will make available soon. http://www.secadministrator.com/articles/index.cfm?articleid=24140 * MULTIPLE VULNERABILITIES IN MICROSOFT IE Sandro Gauci, dH team, and SECURITY.NNOV discovered six new vulnerabilities in Microsoft Internet Explorer (IE). Microsoft has released Security Bulletin MS02-005, which addresses this vulnerability and recommends that affected users apply the appropriate patch listed in Microsoft article Q316059. http://www.secadministrator.com/articles/index.cfm?articleid=24141 3. ==== ANNOUNCEMENTS ==== * GET THE CD-ROM THAT HAS IT ALL! The Windows & .NET Magazine Network Super CD-ROM includes the entire article archives (including exclusive subscriber-only articles) for Windows & .NET Magazine, Exchange Administrator, Windows Scripting Solutions, Windows Web Solutions, Security Administrator, all of our Web-exclusive features, and the entire Windows 2000 FAQ. Subscribe today! http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rAb0Aw * WANT 24 x 7 AVAILABILITY? High-availability networks, systems, and applications are critical to every business. Sign up for our (free!) Webinar taking place on February 26 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today! http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0qQh0AJ 4. ==== SECURITY ROUNDUP ==== * NEWS: MICROSOFT RESPONDS TO VISUAL C++ VULNERABILITY CHARGES On February 15, Microsoft refuted charges that its recently released Visual C++ .NET product contained a vulnerability that could turn up in applications developed with the tool. The company explained that allegations of a vulnerability were "unfounded and incorrect." http://www.secadministrator.com/articles/index.cfm?articleid=24179 * NEWS: MICROSOFT ISSUES CRITICAL IE SECURITY PATCH Microsoft finally released a long-overdue cumulative security patch for various Internet Explorer (IE) versions February 18. The patch is for IE 6.0, IE 5.5, and IE 5.01. Microsoft recommends that all users of these IE versions download and install the patch. http://www.secadministrator.com/articles/index.cfm?articleid=24089 * NEWS: WININFO SHORT TAKES: WEEK OF FEBRUARY 11 An irreverent look at some of the week's other news, including Microsoft and security, the HP/Oracle merger, Linux, and record video- game sales. http://www.secadministrator.com/articles/index.cfm?articleid=24031 * NEWS: CROSSTEC ANNOUNCES NETOP REMOTE CONTROL FOR XP CrossTec announced that its new NetOP Remote Control 7.01 now provides support for Windows XP. The software is available as a Guest module, a Host module, a NetOP Gateway Server, a NetOP Name Server, and a NetOP Security Server. http://www.secadministrator.com/articles/index.cfm?articleid=24014 5. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I ACCESS SHARES ON A WINDOWS XP MACHINE FROM WINDOWS ME AND WINDOWS 9X? ( contributed by Paul Thurrott, http://www.windows2000faq.com ) A. If you upgrade from Windows Me or Win9x to XP in the coming days and want to network your new PC or new OS with other machines in your house, you need to remember a few key details. Unlike Windows Me and Win9x, XP has built-in networking security, so you'll need to log on to an XP box, and, if you're wise, you'll password-protect that account. But after you password-protect the account, you won't be able to access shares on your XP box from Windows Me and Win9x machines. Here's why: In a Windows workgroup based on XP, Windows 2000, or Windows NT, you must supply valid credentials (your logon/password) before you can access network resources. And you must configure these logons and associated passwords on any XP (or Win2K or NT) machine on the network. So, let's say you log on as "sally" to a Win98 machine. To access an XP machine on the same network, you'll have to set up a "sally" account on the XP box. The account must use the same password. After you set up your network this way, accessing shares will work the same as it worked in Windows Me and Win9x. 6. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone IV, productsat_private) * FIREWALL AND VPN APPLIANCE Secure Computing released Sidewinder, a firewall and VPN product with simple out-of-the-box installation. The appliance features refined Mail and DNS settings that let you seamlessly drop Sidewinder into any IP network at start-up. The unit doesn't require security patches for every new type of attack. Pricing for the Sidewinder appliance starts at $5900. Contact Secure Computing at 408-979-6572 or 800-379-4944. http://www.securecomputing.com * PROTECT DATA FROM ATTACKS Gianus Technologies released Phantom Total Security, software that protects laptop or PC data by making the data invisible to intruders, unauthorized users, and viruses. The software splits the hard disk into two parts, and when you click an icon, the software makes one of the parts invisible. You can drag files and documents between the two parts of the hard disk. Phantom Total Security runs on Windows 2000, Windows NT, Windows Me, and Windows 9x systems. For pricing, contact Gianus Technologies at 212-838-7070. http://www.phantomts.com 7. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: NT Server Firewall (Five messages in this thread) M. Burns says that after many hours of searching for a firewall solution for the company's Windows NT networks, he's thoroughly confused. He just installed a DSL connection, the NT server is the gateway for the network, and he uses a 10-port hub with a DSL modem plugged into one port on the hub. He has multiple static IP addresses, and each PC has its own address. He would like to protect the server and all client systems, which are running Windows Me and Windows 98. He wants to know whether he should be thinking of a hardware solution or software solution? Can you help? Read more about the problem at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=95554 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: IIS Not Working After SSL Installation (Six messages in this thread) Nitin installed VeriSign's trial Secure Sockets Layer (SSL) on his test server running Windows 2000 and Microsoft Internet Information Services (IIS) 5.0. He checked it by typing http:// and it shows a message saying SSL is required to connect. He thinks this means that the certificate is installed properly, but that the site isn't coming up on the browser screen. He's using Microsoft Internet Explorer (IE) 5.0. Can you help? Read the responses or lend a hand at the following URL: http://126.96.36.199/listserv/page_listserv.asp?a2=ind0202b&l=howto&p=1126 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 05:05:25 PST