******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ FREE Security Whitepaper from NetIQ! http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rrP0AH VeriSign--The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rYZ0A1 (Below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: FREE SECURITY WHITEPAPER FROM NETIQ! ~~~~ Want to spend your IT budget wisely to maximize Windows security and minimize risks? Learn six key information security investments you should make to ensure the best ROI, and find out six money-wasters to avoid. You can't afford to allocate your limited security budget and resources to the wrong tools. Get expert advice and avoid costly mistakes. Download NetIQ's FREE white paper, "Investing Wisely in Windows Security," today. http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rrP0AH ~~~~~~~~~~~~~~~~~~~~ March 20, 2002--In this issue: 1. IN FOCUS - Securing Your Wireless Networks 2. SECURITY RISKS - Session Authentication URL Exposed in Ipswitch IMail Server - Denial of Service in BitVise WinSSH 3. ANNOUNCEMENTS - Attend Our Free Webinar: Understanding PKI - The Connected Home Virtual Tour Is Back and Better Than Ever! 4. SECURITY ROUNDUP - News: Microsoft Gets Proactive: Exchange 2000 Configuration Update - Feature: The Microsoft STPP--An Overview and an Update - Feature: Web Services Security Sets Standard for Web Services Transactions 5. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Determine Whether My Antivirus Product Is Protecting My Email from All Threats? 6. NEW AND IMPROVED - Detect Viruses at Startup - Eliminate Trojan Horses 7. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: How Can I Remove a COM1 Folder? - HowTo Mailing List - Featured Thread: Clients Dropping Offline 8. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== * SECURING YOUR WIRELESS NETWORKS During the Windows XP beta phase, Microsoft Senior Vice President Brian Valentine told a humorous story about visiting various high-tech companies worldwide and hacking into their wireless networks by using XP-enabled laptops from his rental cars in the companies' parking lots. In one instance, something in this technology actually set off a car alarm in the Oracle parking lot, which Valentine found somewhat appropriate given the competition between the two companies. "I guess it was incompatible with XP," Valentine joked. Although Valentine warned those companies that had left their wireless networks open to attack, since that time, many more companies have implemented wireless networks and haven't taken the time to properly protect their assets from wireless-based attacks. The problems are twofold. First, protecting a wireless network requires a different set of configurations than does security for standard wired networks. Second, despite the fact that most IT departments are up-to- date on security concerns and can properly configure Windows-based networks, an alarming number of these companies are simply plugging in wireless Access Points (APs) and setting a few security options. These steps aren't enough. Wireless networks aren't secure and might never be secure until the invention of technologies that rethink the architecture of the current technology. But if you want to get on the wireless bandwagon now, take more than a cursory look at wireless security. Obviously, you need to apply all your hard-won security knowledge to wireless networks, but I've outlined some wireless-specific things you can do now to better secure your wireless networks. - Segregate Wireless Access Don't connect your wireless networks to the networks that contain your crucial data. Instead, segregate your wireless connection and make it available for Internet access only if possible. This setup will let employees access Internet services such as Web, email, VPN, Microsoft Outlook Web Access (OWA), and other similar corporate services. - Use WEP The primary security model that today's Wi-Fi, the 802.11b wireless standard, networks employ is called Wired Equivalent Privacy (WEP). Basically, WEP is a set of algorithms that provide authentication and data-encryption services in 40-bit and 128-bit variants. Unfortunately, attackers have already broken WEP, but if you turn off wireless network broadcasting and require specific media access control (MAC) addresses, you can augment WEP enough to make it suffice in many situations. - Turn Off Wireless Network Broadcasting By default, wireless APs broadcast their names, or Service Set Identifiers (SSIDs), so that wireless-enabled clients can more easily identify the names and access them seamlessly. Modern OSs such as XP rely on this feature to provide users with the simplest possible wireless functionality. Turn it off. A network broadcast is an easy way for intruders to discover a way in to your network or steal your precious bandwidth. You'll have to manually configure clients to access specific broadcasts, but the benefits outweigh the effort. - Require Specific MAC Addresses Rather than let any wireless client access your wireless network, set up your wireless APs to work only with specific wireless clients. Configure this limited access by hard-coding the MAC address of each wireless network adapter you provide to users into an access list in the AP's configuration console. Again, manually configuring this access could be painful in large enterprises, but you don't want outsiders accessing your network, right? Don't become a statistic. Only through a common-sense approach to security can you adequately protect your network from a wireless-based attack. Paul Thurrott, Guest UPDATE Editor, thurrottat_private ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ Get the strongest server security--128-bit SSL encryption! Download VeriSign's FREE guide, "Securing Your Web Site for Business," and learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rYZ0A1 ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * SESSION AUTHENTICATION URL EXPOSED IN IPSWITCH IMAIL SERVER Obscure discovered a vulnerability in Ipswitch IMail Server 7.05 and earlier. When a user logs on to his or her account through the IMail Server Web interface, the application uses a unique URL to maintain the session authentication. By sending an HTML email message that references an image on another server, an attacker can easily obtain the unique URL by using the referrer field in the HTTP header. Ipswitch has released version 7.06, which resolves this concern. http://www.secadministrator.com/articles/index.cfm?articleid=24469 * DENIAL OF SERVICE IN BITVISE WINSSH Peter Grundl discovered a vulnerability in BitVise's WinSSH that can result in a Denial of Service (DoS) condition. Because of differences in the Secure Shell (SSH) daemon and the underlying socket layer, an attacker can abruptly end sessions without SSH properly freeing these sessions. Each incomplete connection would use a few memory handles and allocate nonpaged kernel memory. BitVise has released a new build that doesn't affect this condition. The company recommends that affected users download this updated version from its Web site. http://www.secadministrator.com/articles/index.cfm?articleid=24525 3. ==== ANNOUNCEMENTS ==== * ATTEND OUR FREE WEBINAR: UNDERSTANDING PKI Implementing public key infrastructure (PKI) successfully requires an understanding of the technology with all its implications. Attend the latest Webinar from Windows & .NET Magazine and develop the knowledge you need to address this challenging technology and make informed purchasing decisions. We'll also look closely at three possible content- encryption solutions, including PKI. Register for FREE today! http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rcc0AL * THE CONNECTED HOME VIRTUAL TOUR IS BACK AND BETTER THAN EVER! If you think you've already seen the Connected Home Virtual Tour, think again. Browse through the latest home-entertainment, home- networking, and home-automation options and check out our special feature on wiring your home. Sign up for our prize drawings, too, and you might win a free wireless home network, courtesy of Linksys. Take the tour today! http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0LTe0AU 4. ==== SECURITY ROUNDUP ==== * NEWS: MICROSOFT GETS PROACTIVE: EXCHANGE 2000 CONFIGURATION UPDATE Microsoft has recently placed additional focus on security, and configuration management is a key part of this focus. A few weeks ago, Microsoft began a more proactive posture for securing your Exchange servers and posted "Configuration and Security Update Recommendations for Exchange 2000" on its Microsoft Exchange Server Web site. http://www.secadministrator.com/articles/index.cfm?articleid=24482 * FEATURE: THE MICROSOFT STPP--AN OVERVIEW AND AN UPDATE If you work with Microsoft OSs, you know that managing security hotfixes and bug fixes is an ongoing nightmare, complete with catalog errors, file-version problems, multiple installers, and inconsistent registry modifications. A preview of the company's Strategic Technology Protection Program (STPP) revealed a new six-pronged initiative that Microsoft hopes will simplify and expedite the arduous security-update process. Here's a progress report on each component of the STPP vision and a brief description of how each initiative will help keep systems current and secure. http://www.secadministrator.com/articles/index.cfm?articleid=24424 * FEATURE: WEB SERVICES SECURITY SETS STANDARD FOR WEB SERVICES TRANSACTIONS The three core pieces of Microsoft's XML Web services--Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description, Discovery, and Integration (UDDI)--form the foundation of Microsoft's approach to the Microsoft .NET platform, but they don't represent the whole picture. To add greater security and better routing and lookup abilities to Web services, Microsoft is developing five other XML-based specifications. Read this article to learn more. http://www.secadministrator.com/articles/index.cfm?articleid=24401 5. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I DETERMINE WHETHER MY ANTIVIRUS PRODUCT IS PROTECTING MY EMAIL FROM ALL THREATS? ( contributed by John Savill, http://www.windows2000faq.com ) A. Although it's almost impossible to completely secure your email, you can check for known threats. A free test zone is available online at the URL below. If your antivirus product catches all the test viruses, your systems are protecting you from all known viruses. http://www.gfi.com/emailsecuritytest 6. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * DETECT VIRUSES AT STARTUP Greatis Software released RegRun Security Suite 3.0, software that speeds up your Windows startup and detects unknown viruses and Trojan horses. Features include start control, secure start, clean boot, system file protection, infection detector, application database, process manager, system file editor, and antivirus coordinator. RegRun Security Suite 3.0 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x systems. Prices start at $19.95 for a single-user license for the standard edition. Contact Greatis Software at a-teamat_private http://www.greatis.com * ELIMINATE TROJAN HORSES Astonsoft released PC DoorGuard 2.15, Trojan horse and virus- intrusion software that identifies and deletes Trojan horses that reside on your PC. When the software deletes a Trojan horse, it also inspects the registry and system files and eliminates the Trojan horse and any associated malicious files. PC DoorGuard 2.15 runs on Windows XP, Windows 2000, Windows Me, and Windows 9x systems and costs $29.95. Contact Astonsoft at supportat_private http://www.astonsoft.com 7. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: How Can I Remove a COM1 Folder? (Five messages in this thread) Christer writes that he noticed a directory named COM1 in the root directory of his FTP server. The directory has 600GB of data and he'd like to delete it, but he can't view or delete the directory. Christer says that when he tries, Windows reports that it can't find the directory. Can you help? http://www.secadministrator.com/forums/thread.cfm?thread_id=99095 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Clients Dropping Offline (Three messages in this thread) This user has a student network running approximately 325 systems--175 Windows 2000 systems and 150 Macintosh systems. The PCs keep dropping offline intermittently, and sometimes entire classrooms drop offline (certain applications will close immediately without saving work when this happens). Can you help? Read the responses or lend a hand at the following URL: http://188.8.131.52/listserv/page_listserv.asp?a2=ind0203a&l=howto&p=868 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- thurrottat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 03:05:45 PST