******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ FREE Security White Paper from NetIQ! http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak VeriSign--The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: FREE SECURITY WHITE PAPER FROM NETIQ! ~~~~ The 6 biggest security wastes . . . are you aware of them? Need to maximize corporate security and minimize risks on a limited IT budget? Learn which six network security measures you should invest in and six money-wasting expenses to avoid. You can't afford to allocate your limited resources to the wrong tools. Learn how to develop a sound investment strategy for information security today. Download NetIQ's free white paper, "Investing Wisely in Security" now. http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak ~~~~~~~~~~~~~~~~~~~~ April 17, 2002--In this issue: 1. IN FOCUS - Report Details Computer Crime and Security Concerns 2. SECURITY RISKS - Multiple Vulnerabilities in Microsoft IIS - DoS in WatchGuard's Firewall 3. ANNOUNCEMENTS - Learn from (or Try to Stump) Top Windows Security Forum Pros - If You Missed Out on TechEd 2002 US ... 4. SECURITY ROUNDUP - News: CERT Offers Overview of Attack Trends - News: Microsoft Releases Baseline Security Analyzer - News: A Critical IE Security Rollup, VM Hotfix, and Post-Win2K SP2 Fixes 5. SECURITY TOOLKIT - Virus Center - FAQ: Download a CAB File Through a Proxy Server 6. NEW AND IMPROVED - Prevent Recovery of Your Deleted Files - Protect Against Internal and External Attacks 7. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: Wrong Settings on File Permissions - HowTo Mailing List - Featured Thread: Grant Permission to Reset Users' Passwords Without Account Operator Privilege 8. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== (contributed by Mark Joseph Edwards, News Editor, markat_private) * REPORT DETAILS COMPUTER CRIME AND SECURITY The Computer Security Institute (CSI) recently released the findings of its seventh annual Computer Crime and Security Survey, conducted in conjunction with the Federal Bureau of Investigation's (FBI's) San Francisco-based Computer Intrusion Squad. According to the survey, computer crimes and their related costs continue to increase. Survey results are based on responses from 503 security practitioners who work in the business, government, finance, medical, and higher- education sectors. The survey reports that 90 percent of the respondents detected security breaches in the past 12 months and 80 percent suffered measurable financial losses. Of the organizations that suffered losses, 223 respondents quantified their losses, which totaled $455,848,000. Respondents attributed most losses to theft of proprietary information and financial fraud. Three-quarters of respondents said that their Internet connections were the most frequent points of attack. The types of intrusions varied. Forty percent detected penetration attempts from the outside. Fifty-two percent of the respondents conduct e-commerce. Twelve percent of respondents reported the theft of transaction information. Seventy percent reported vandalism. Not surprisingly, 85 percent detected computer viruses. Notably, only 34 percent of the respondents reported intrusions to law- enforcement officials. Although that percent has risen from 16 percent in 1996, most companies still don't reveal the true extent of security threats to their investors, customers, business partners--or to law- enforcement officials. The FBI urged organizations to share such information. CSI Executive Assistant Director Bruce J. Gebhardt, formerly with the FBI, said, "The United States' increasing dependency on information technology to manage and operate our nation's critical infrastructures provides a prime target to would be cyber-terrorists. Now, more than ever, the government and private sector need to work together to share information and be more cognitive of information security so that our nation's critical infrastructures are protected from cyber-terrorists." You can read selected highlights and obtain CSI's new report through the CSI Web site at the URL below. To request a copy of the full report in PDF format, you complete a simple Web-based form. http://www.gocsi.com The CSI Web site offers another helpful security resource: the CSI Firewall Product Search Center. This firewall guide presents vendor- maintained information about 31 popular firewalls. The guide lets you compare firewall features and prices. For example, you can select any number of firewalls from the list of products and display a side-by- side feature comparison. The comparison includes details about features such as local and remote administration interfaces, user authentication subsystems, support costs, product updates, and whether a product is proprietary or sits on top of an OS. If you're shopping for a firewall, you'll find this guide invaluable. Be sure to take a look. ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and you'll learn everything you need to know about using 128-bit SSL to encrypt your e-commerce transactions, secure your corporate intranets and authenticate your Web sites. 128-bit SSL is serious security for your online business. Get it now! http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== * MULTIPLE VULNERABILITIES IN MICROSOFT IIS Microsoft released Security Bulletin MS02-018 (Cumulative Patch for Internet Information Services), which details 10 new vulnerabilities in IIS. The vulnerabilities can lead to a complete system compromise. Microsoft urges users to patch their systems immediately. For complete details about these 10 problems, be sure to read the article at the URL below. http://www.secadministrator.com/articles/index.cfm?articleid=24817 * DoS IN WATCHGUARD'S SOHO FIREWALL A Denial of Service (DoS) condition exists in WatchGuard Technology's small office/home office (SOHO) Firebox. Because the product doesn't parse IP packets except when forwarding them, an attacker can crash or reboot the server by sending packets with certain malformed arguments. http://www.secadministrator.com/articles/index.cfm?articleid=24816 3. ==== ANNOUNCEMENTS ==== * LEARN FROM (OR TRY TO STUMP) TOP WINDOWS SECURITY FORUM PROS The Windows & .NET Magazine LIVE! event brings together industry gurus who take security seriously. Topic coverage includes Microsoft IIS security, deploying public key infrastructure (PKI), designing Group Policies to enhance security, tips for securing Windows 2000 networks, security pitfalls (and solutions) for your mobile workforce, and more. Register today before this event sells out! http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0qQl0Ar * IF YOU MISSED OUT ON TECHED 2002 US ... ... you still have a chance to dive deep into the latest Microsoft products and future technologies at Microsoft TechEd 2002 Europe, July 1 through 5, 2002, in Barcelona. Sessions at TechEd Europe are similar to those at TechEd US but will be updated to take advantage of the latest technical information available. It is the largest event of its kind in Europe. Register now! http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFv0Az 4. ==== SECURITY ROUNDUP ==== * NEWS: CERT OFFERS OVERVIEW OF ATTACK TRENDS The Computer Emergency Response Team (CERT) has issued a new report that outlines the current trends in computer-related attacks. The report, "Overview of Attack Trends," reveals six trends that network operators need to be aware of. http://www.secadministrator.com/articles/index.cfm?articleid=24809 * NEWS: MICROSOFT RELEASES BASELINE SECURITY ANALYZER Microsoft has released an important security tool that all users of Windows XP, Windows 2000, and Windows NT 4.0 should download immediately. Dubbed the Microsoft Baseline Security Analyzer (MBSA), the tool looks for common security misconfigurations and presents a security report card with pass/fail grades. http://www.secadministrator.com/articles/index.cfm?articleid=24773 * NEWS: A CRITICAL IE SECURITY ROLLUP, VM HOTFIX, AND POST-WIN2K SP2 FIXES Update your systems with a new Microsoft Internet Explorer (IE) security rollup, determine whether you need the new Virtual Machine (VM) hotfix, and see a list of recent hotfixes for your Windows 2000 systems. http://www.secadministrator.com/articles/index.cfm?articleid=24787 5. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: DOWNLOAD A CAB FILE THROUGH A PROXY SERVER ( contributed by Thomas Eck, http://www.windowswebsolutions.com ) A. At the time of writing, HFNetChk can't automatically download a signed compressed cabinet format (CAB) file through a proxy server. To work around this limitation, you can manually download a copy of the current CAB file from the URL below. http://download.microsoft.com/download/xml/security/1.0/nt5/en-us/mssecure.cab Use WinZip or a similar tool to extract the XML file from the CAB file. Put the XML file in the Data folder. Hive.exe contains a sample XML file in the Data folder to get you started. Alternatively, I've written a Visual Basic (VB) service that leverages the Microsoft Internet Transfer Control (ITC) to download the CAB file automatically through a proxy server. You can obtain the compiled service (hivesvc.zip) and full source code for the tool from the Code Library on the Windows Web Solutions Web site, at the URL below. http://www.windowswebsolutions.com To use the service, unzip the hivesvc.zip file to a setup folder on the Hotfix Identification and Verification Engine (HIVE) central server. Then, navigate to the setup folder and edit the hive.reg file with appropriate values for your environment. Next, copy the ntsvc.ocx file from the setup folder to \%systemroot%\system32. Open a command prompt and type regsvr32 ntsvc.ocx Then, to install the service, type hive_svc.exe –install A dialog box appears stating that the service has been installed. Ensure that the proxy credentials are correct for your environment and that the target folder (which you specified in the hive.reg file) for the CAB file exists. Finally, start the HIVE service. The CAB file might take several minutes to appear in the target folder. 6. ==== NEW AND IMPROVED ==== (contributed by Judy Drennen, productsat_private) * PREVENT RECOVERY OF YOUR DELETED FILES AKS-Labs released QuickWiper 7.3, software that provides file deletion with a single pass and includes an option that uses an extremely secure erasure algorithm. QuickWiper's Secure Folder option prevents recovery of any temporary or swap files. QuickWiper 7.3 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x. systems and costs $29.95 per license. For information, contact AKS- Labs. http://www.aks-labs.com/products/quickwiper.htm * PROTECT AGAINST INTERNAL AND EXTERNAL ATTACKS SOFTWIN released BitDefender, antivirus software that protects the files transferred within and between workgroups or teams using Microsoft SharePoint Portal Server. BitDefender for Microsoft SharePoint Portal Server leverages its unique features to support users who want to share documents and search for information across the organization and enterprise without the risk of losing or infecting essential information. For pricing, contact SOFTWIN at salesat_private or obtain a free 30-day trial version at the Web site. http://www.bitdefender.com 7. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: Wrong Settings on File Permissions (One message in this thread) Greg writes that he mistakenly updated permissions on his Windows 2000 Server on the root and all subfolders to the following: Everyone - Deny on all options Administrator - Full Control The machine will no longer boot. He thinks it might be because the services that rely on accounts other than the Administrator account now have the wrong permissions. Can you help? http://www.secadministrator.com/forums/thread.cfm?thread_id=101599 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Grant Permission to Reset Users' Passwords Without Account Operator Privilege (One message in this thread) Andy wants to grant one user the right to reset the users' passwords, without adding that user to the Account Operators group. (Andy prefers that the user have only the right to reset passwords and not other privileges associated with the Account Operators group.). Can you help? http://63.88.172.96/listserv/page_listserv.asp?a2=ind0204b&l=howto&p=81 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 03:58:29 PDT