[ISN] Security UPDATE, April 17, 2002

From: InfoSec News (isnat_private)
Date: Thu Apr 18 2002 - 00:16:18 PDT

  • Next message: InfoSec News: "[ISN] Q&A: Microsoft Senior VP Paul Flessner on Trustworthy Computing"

    ******************** 
    Windows & .NET Magazine Security UPDATE--brought to you by Security 
    Administrator, a print newsletter bringing you practical, how-to 
    articles about securing your Windows .NET Server, Windows 2000, and 
    Windows NT systems. 
       http://www.secadministrator.com 
    ******************** 
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    FREE Security White Paper from NetIQ!
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak
    
    VeriSign--The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: FREE SECURITY WHITE PAPER FROM NETIQ! ~~~~ 
       The 6 biggest security wastes . . . are you aware of them? Need to 
    maximize corporate security and minimize risks on a limited IT budget? 
    Learn which six network security measures you should invest in and six 
    money-wasting expenses to avoid. You can't afford to allocate your 
    limited resources to the wrong tools. Learn how to develop a sound 
    investment strategy for information security today. Download NetIQ's 
    free white paper, "Investing Wisely in Security" now.
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    April 17, 2002--In this issue: 
    
    1. IN FOCUS
         - Report Details Computer Crime and Security Concerns
    
    2. SECURITY RISKS
         - Multiple Vulnerabilities in Microsoft IIS
         - DoS in WatchGuard's Firewall
    
    3. ANNOUNCEMENTS
         -  Learn from (or Try to Stump) Top Windows Security Forum Pros
         -  If You Missed Out on TechEd 2002 US ...   
    
    4. SECURITY ROUNDUP
         - News: CERT Offers Overview of Attack Trends 
         - News: Microsoft Releases Baseline Security Analyzer
         - News: A Critical IE Security Rollup, VM Hotfix, and Post-Win2K 
           SP2 Fixes
    
    5. SECURITY TOOLKIT
         - Virus Center
         - FAQ: Download a CAB File Through a Proxy Server
    
    6. NEW AND IMPROVED
         - Prevent Recovery of Your Deleted Files
         - Protect Against Internal and External Attacks
    
    7. HOT THREADS 
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Wrong Settings on File Permissions
         - HowTo Mailing List
             - Featured Thread: Grant Permission to Reset Users' Passwords 
               Without Account Operator Privilege
    
    8. CONTACT US 
       See this section for a list of ways to contact us. 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor, 
    markat_private) 
    
    * REPORT DETAILS COMPUTER CRIME AND SECURITY
    
    The Computer Security Institute (CSI) recently released the findings of 
    its seventh annual Computer Crime and Security Survey, conducted in 
    conjunction with the Federal Bureau of Investigation's (FBI's) San 
    Francisco-based Computer Intrusion Squad. According to the survey, 
    computer crimes and their related costs continue to increase. 
    
    Survey results are based on responses from 503 security practitioners 
    who work in the business, government, finance, medical, and higher-
    education sectors. The survey reports that 90 percent of the 
    respondents detected security breaches in the past 12 months and 80 
    percent suffered measurable financial losses. Of the organizations that 
    suffered losses, 223 respondents quantified their losses, which totaled 
    $455,848,000. Respondents attributed most losses to theft of 
    proprietary information and financial fraud. Three-quarters of 
    respondents said that their Internet connections were the most frequent 
    points of attack.
    
    The types of intrusions varied. Forty percent detected penetration 
    attempts from the outside. Fifty-two percent of the respondents conduct 
    e-commerce. Twelve percent of respondents reported the theft of 
    transaction information. Seventy percent reported vandalism. Not 
    surprisingly, 85 percent detected computer viruses. 
    
    Notably, only 34 percent of the respondents reported intrusions to law-
    enforcement officials. Although that percent has risen from 16 percent 
    in 1996, most companies still don't reveal the true extent of security 
    threats to their investors, customers, business partners--or to law-
    enforcement officials. The FBI urged organizations to share such 
    information. CSI Executive Assistant Director Bruce J. Gebhardt, 
    formerly with the FBI, said, "The United States' increasing dependency 
    on information technology to manage and operate our nation's critical 
    infrastructures provides a prime target to would be cyber-terrorists. 
    Now, more than ever, the government and private sector need to work 
    together to share information and be more cognitive of information 
    security so that our nation's critical infrastructures are protected 
    from cyber-terrorists."
    
    You can read selected highlights and obtain CSI's new report through 
    the CSI Web site at the URL below. To request a copy of the full report 
    in PDF format, you complete a simple Web-based form. 
       http://www.gocsi.com
    
    The CSI Web site offers another helpful security resource: the CSI 
    Firewall Product Search Center. This firewall guide presents vendor-
    maintained information about 31 popular firewalls. The guide lets you 
    compare firewall features and prices. For example, you can select any 
    number of firewalls from the list of products and display a side-by-
    side feature comparison. The comparison includes details about features 
    such as local and remote administration interfaces, user authentication 
    subsystems, support costs, product updates, and whether a product is 
    proprietary or sits on top of an OS. If you're shopping for a firewall, 
    you'll find this guide invaluable. Be sure to take a look. 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ 
       Secure your servers with 128-bit SSL encryption! 
       Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for 
    Business," and you'll learn everything you need to know about using 
    128-bit SSL to encrypt your e-commerce transactions, secure your 
    corporate intranets and authenticate your Web sites. 128-bit SSL is 
    serious security for your online business. Get it now!
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay
       
    ~~~~~~~~~~~~~~~~~~~~ 
    
    2. ==== SECURITY RISKS ====
    
    * MULTIPLE VULNERABILITIES IN MICROSOFT IIS
       Microsoft released Security Bulletin MS02-018 (Cumulative Patch
    for Internet Information Services), which details 10 new 
    vulnerabilities in IIS. The vulnerabilities can lead to a complete 
    system compromise. Microsoft urges users to patch their systems 
    immediately. For complete details about these 10 problems, be sure to 
    read the article at the URL below.
       http://www.secadministrator.com/articles/index.cfm?articleid=24817
    
    * DoS IN WATCHGUARD'S SOHO FIREWALL
       A Denial of Service (DoS) condition exists in WatchGuard 
    Technology's small office/home office (SOHO) Firebox. Because the 
    product doesn't parse IP packets except when forwarding them, an 
    attacker can crash or reboot the server by sending packets with certain 
    malformed arguments. 
       http://www.secadministrator.com/articles/index.cfm?articleid=24816
    
    3. ==== ANNOUNCEMENTS ==== 
    
    * LEARN FROM (OR TRY TO STUMP) TOP WINDOWS SECURITY FORUM PROS
       The Windows & .NET Magazine LIVE! event brings together industry 
    gurus who take security seriously. Topic coverage includes Microsoft 
    IIS security, deploying public key infrastructure (PKI), designing 
    Group Policies to enhance security, tips for securing Windows 2000 
    networks, security pitfalls (and solutions) for your mobile workforce, 
    and more. Register today before this event sells out!
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0qQl0Ar
    
    * IF YOU MISSED OUT ON TECHED 2002 US ... 
       ... you still have a chance to dive deep into the latest Microsoft 
    products and future technologies at Microsoft TechEd 2002 Europe, July 
    1 through 5, 2002, in Barcelona. Sessions at TechEd Europe are similar 
    to those at TechEd US but will be updated to take advantage of the 
    latest technical information available. It is the largest event of its 
    kind in Europe. Register now!   
       http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFv0Az
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: CERT OFFERS OVERVIEW OF ATTACK TRENDS 
       The Computer Emergency Response Team (CERT) has issued a new report 
    that outlines the current trends in computer-related attacks. The 
    report, "Overview of Attack Trends," reveals six trends that network 
    operators need to be aware of. 
       http://www.secadministrator.com/articles/index.cfm?articleid=24809
    
    * NEWS: MICROSOFT RELEASES BASELINE SECURITY ANALYZER 
       Microsoft has released an important security tool that all users of 
    Windows XP, Windows 2000, and Windows NT 4.0 should download 
    immediately. Dubbed the Microsoft Baseline Security Analyzer (MBSA), 
    the tool looks for common security misconfigurations and presents a 
    security report card with pass/fail grades.
       http://www.secadministrator.com/articles/index.cfm?articleid=24773
    
    * NEWS: A CRITICAL IE SECURITY ROLLUP, VM HOTFIX, AND POST-WIN2K SP2 
    FIXES 
       Update your systems with a new Microsoft Internet Explorer (IE) 
    security rollup, determine whether you need the new Virtual Machine 
    (VM) hotfix, and see a list of recent hotfixes for your Windows 2000 
    systems.
       http://www.secadministrator.com/articles/index.cfm?articleid=24787
    
    5. ==== SECURITY TOOLKIT ==== 
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed to 
    bring you the Center for Virus Control. Visit the site often to remain 
    informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: DOWNLOAD A CAB FILE THROUGH A PROXY SERVER
       ( contributed by Thomas Eck, http://www.windowswebsolutions.com )
    
    A. At the time of writing, HFNetChk can't automatically download a 
    signed compressed cabinet format (CAB) file through a proxy server. To 
    work around this limitation, you can manually download a copy of the 
    current CAB file from the URL below.
       http://download.microsoft.com/download/xml/security/1.0/nt5/en-us/mssecure.cab 
    
       Use WinZip or a similar tool to extract the XML file from the CAB 
    file. Put the XML file in the Data folder. Hive.exe contains a sample 
    XML file in the Data folder to get you started.
       Alternatively, I've written a Visual Basic (VB) service that 
    leverages the Microsoft Internet Transfer Control (ITC) to download the 
    CAB file automatically through a proxy server. You can obtain the 
    compiled service (hivesvc.zip) and full source code for the tool from 
    the Code Library on the Windows Web Solutions Web site, at the URL 
    below.
       http://www.windowswebsolutions.com
    
       To use the service, unzip the hivesvc.zip file to a setup folder on 
    the Hotfix Identification and Verification Engine (HIVE) central 
    server. Then, navigate to the setup folder and edit the hive.reg file 
    with appropriate values for your environment. Next, copy the ntsvc.ocx 
    file from the setup folder to \%systemroot%\system32. Open a command 
    prompt and type
    
       regsvr32 ntsvc.ocx
       
    Then, to install the service, type 
    
       hive_svc.exe –install
    
       A dialog box appears stating that the service has been installed. 
    Ensure that the proxy credentials are correct for your environment and 
    that the target folder (which you specified in the hive.reg file) for 
    the CAB file exists. Finally, start the HIVE service. The CAB file 
    might take several minutes to appear in the target folder.
    
    6. ==== NEW AND IMPROVED ==== 
       (contributed by Judy Drennen, productsat_private) 
    
    * PREVENT RECOVERY OF YOUR DELETED FILES
       AKS-Labs released QuickWiper 7.3, software that provides file 
    deletion with a single pass and includes an option that uses an 
    extremely secure erasure algorithm. QuickWiper's Secure Folder option 
    prevents recovery of any temporary or swap files. QuickWiper 7.3 runs 
    on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x. 
    systems and costs $29.95 per license. For information, contact AKS-
    Labs. 
       http://www.aks-labs.com/products/quickwiper.htm
    
    * PROTECT AGAINST INTERNAL AND EXTERNAL ATTACKS
       SOFTWIN released BitDefender, antivirus software that protects the 
    files transferred within and between workgroups or teams using 
    Microsoft SharePoint Portal Server. BitDefender for Microsoft 
    SharePoint Portal Server leverages its unique features to support users 
    who want to share documents and search for information across the 
    organization and enterprise without the risk of losing or infecting 
    essential information. For pricing, contact SOFTWIN at 
    salesat_private or obtain a free 30-day trial version at the Web 
    site.
       http://www.bitdefender.com
    
    7. ==== HOT THREADS ==== 
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS 
       http://www.winnetmag.net/forums
    
    Featured Thread: Wrong Settings on File Permissions
       (One message in this thread)
    
    Greg writes that he mistakenly updated permissions on his Windows 2000 
    Server on the root and all subfolders to the following: 
    
       Everyone - Deny on all options 
       Administrator - Full Control 
    
    The machine will no longer boot. He thinks it might be because the 
    services that rely on accounts other than the Administrator account now 
    have the wrong permissions. Can you help? 
       http://www.secadministrator.com/forums/thread.cfm?thread_id=101599
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto 
    
    Featured Thread: Grant Permission to Reset Users' Passwords Without 
    Account Operator Privilege
       (One message in this thread)
    
    Andy wants to grant one user the right to reset the users' passwords, 
    without adding that user to the Account Operators group. (Andy prefers 
    that the user have only the right to reset passwords and not other 
    privileges associated with the Account Operators group.). Can you help?
    
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0204b&l=howto&p=81
    
    8. ==== CONTACT US ==== 
       Here's how to reach us with your comments and questions: 
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please 
    mention the newsletter name in the subject line) 
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 
    
    * PRODUCT NEWS -- productsat_private 
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
    Support -- securityupdateat_private 
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private 
    
    ******************** 
    
       This email newsletter is brought to you by Security Administrator, 
    the print newsletter with independent, impartial advice for IT 
    administrators securing a Windows 2000/Windows NT enterprise. Subscribe 
    today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of 
    your choice. Subscribe to our other FREE email newsletters. 
       http://www.winnetmag.net/email 
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Security UPDATE.
    
    SUBSCRIBE
    To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 03:58:29 PDT