******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ VeriSign - The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX Exchange & Outlook Administrator Web Site http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7 (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~ FREE E-COMMERCE SECURITY GUIDE Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here: http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX ~~~~~~~~~~~~~~~~~~~~ September 4, 2002--In this issue: 1. IN FOCUS - Can Others Stumble into Your Wireless Network? 2. SECURITY RISKS - Digital Certificate Deletion Vulnerability in Windows 3. ANNOUNCEMENTS - Mark Minasi and Paul Thurrott Are Bringing Their Security Expertise to You! - The Security Solutions You've Been Searching For! 4. SECURITY ROUNDUP - News: Microsoft Settles with the FTC over .NET Passport - Feature: Introducing UDDI 3.0: Support for Digital Signatures 5. HOT RELEASES (ADVERTISEMENTS) - FREE Security Assessment Tool - Prevent the 7 Deadly Classes of Network Attack 6. INSTANT POLL - Results of Previous Poll: Biometric Scanners - New Instant Poll: Warchalking 7. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Easily View Which Cookies Are Stored on My Machine? - Event Highlight: Security Strategy Workshop 8. NEW AND IMPROVED - End-to-End Security Solution for WLANs - Freeware Antipiracy Software Program - Submit Top Product Ideas 9. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: Interpreting an Attack - HowTo Mailing List - Featured Thread: VIGILANTe's SecureScan NX Experience? 10. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== (contributed by Mark Joseph Edwards, News Editor, markat_private) * CAN OTHERS STUMBLE INTO YOUR WIRELESS NETWORK? In the August 7, 2002, edition of Security UPDATE, I wrote about a new trend called warchalking. As you know, warchalking is the act of marking buildings in the vicinity of wireless networks. The idea is to provide a visual clue indicating the presence of wireless networks so that people can obtain a free Internet connection. Warchalkers use distinctive markings and include information about bandwidth and various connection perimeters. http://www.secadministrator.com/articles/index.cfm?articleid=26207 The trend is catching on, so much so that, according to VNU Business Publications, the Federal Bureau of Investigation (FBI) recently issued an unofficial warning that businesses should check the security of their wireless LAN (WLAN) equipment to ensure that adequate security is in place. http://www.vnunet.com/news/1134451 Recently, I learned about a new Internet site, NetStumbler.com, that aids users in identifying and locating WLANs around the country. Among other features, the site hosts a national map that shows cities that have open WLANs and a searchable database that helps users query for information about specific locations. http://www.netstumbler.com NetStumbler.com also hosts a downloadable program called NetStumbler that lets users investigate a given WLAN's security. Security administrators can use it to test their sites. Anyone can download a copy (291KB) at the first URL below. According to the Web site, "NetStumbler is a Windows tool that allows you to [scan for] 802.11b (and 802.11a, if using Windows XP) wireless LANs. It includes [global positioning satellite (GPS)] integration and a simple, intuitive user interface. Though primarily targeted at owners of wireless LANs, it has been the de facto tool for casual users such as war drivers for over a year." The tool apparently even won a "PC Magazine" award earlier this year (see the second URL below), which named the tool its favorite innovative networking technology in the wireless software category. http://www.netstumbler.com/download.php?op=getit&lid=22 http://www.pcmag.com/article2/0,4149,3666,00.asp NetStumbler runs on Windows 2000, Windows 98, and Win95 but doesn't work yet on Windows XP, Windows NT 4.0, or Windows Me. To see what it was like, I downloaded a copy and installed the tool. NetStumbler has a typical GUI, lets you choose a wireless NIC to use for scanning, and has scripting capabilities. After you've scanned an area and discovered WLANs, you can save the NetStumbler output and upload it to the NetStumbler.com Web site, where an application on the Web site converts it to Microsoft MapPoint 2002-compatible output. The process helps you plot WLAN points on a graphical map. http://www.microsoft.com/mappoint/overview.htm With resources such as NetStumbler and NetStumbler.com freely available, you should definitely take time to ensure that your WLAN security is adjusted to permit only authorized users access--unless you want to intentionally leave it open and available to anyone. The bottom line is that if you run a wireless network, you must keep it secure. If you don't, expect that someone will identify your network, chalk it up, and possibly submit it to the NetStumbler.com Web site--where everyone can find it quickly. For information about securing your WLANs, read Allen Jones' article, "Securing 802.11 Wireless Networks" (see the first URL below) and Paul Thurrott's article "Securing Your Wireless Networks" (see the second URL below). http://www.secadministrator.com/articles/index.cfm?articleid=24873 http://www.secadministrator.com/articles/index.cfm?articleid=24521 ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE ~~~~ GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX? Visit our Exchange & Outlook Administrator Web site for news, articles, discussion forums, FAQs, and technical solutions in one, easy-to-navigate Web site. While you're there, check out the helpful article "Common .pst File Questions" at http://www.exchangeadmin.com/articles/index.cfm?articleid=24017 http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7 ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * DIGITAL CERTIFICATE DELETION VULNERABILITY IN WINDOWS A vulnerability exists in all versions of Windows that could let a potential attacker delete digital certificates located on a vulnerable system. This vulnerability results from a flaw in the Certificate Enrollment Control ActiveX control that Windows uses to submit and store Public-Key Cryptography Standards (PKCS) #10-compliant certificate requests in the user's local certificate store. An attacker who successfully exploits the vulnerability could corrupt trusted root certificates, Encrypting File System (EFS) encryption certificates, email-signing certificates, and any other certificates on the vulnerable system. Microsoft has released Security Bulletin MS02-048 (Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates) to address this vulnerability and recommends that affected users immediately download and apply the patch that the bulletin mentions. http://www.secadministrator.com/articles/index.cfm?articleid=26481 3. ==== ANNOUNCEMENTS ==== (brought to you by Windows & .NET Magazine and its partners) * MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE TO YOU! Windows & .NET Magazine Network Road Show 2002 is coming this October to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and Trend Micro. Registration is free, but space is limited so sign up now! http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw03lK0AT * THE SECURITY SOLUTIONS YOU'VE BEEN SEARCHING FOR! Our popular Interactive Product Guides (IPGs) are online catalogs of the hottest vendor solutions around. Our latest IPG highlights the security solutions and services that will help you protect your data and your network before disaster strikes. Check it out at: http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04VJ0A6 4. ==== SECURITY ROUNDUP ==== * NEWS: MICROSOFT SETTLES WITH THE FTC OVER .NET PASSPORT Within the scope of Microsoft's wider antitrust problems, the company's recent settlement with the Federal Trade Commission (FTC) regarding privacy concerns with the Microsoft .NET Passport service might not rate as dramatic news. But by admitting that it hasn't done enough to respect and protect users' privacy, Microsoft ultimately will better serve its customers and engender trust in a service that so far hasn't been a success. http://www.secadministrator.com/articles/index.cfm?articleid=26425 * FEATURE: INTRODUCING UDDI 3.0: SUPPORT FOR DIGITAL SIGNATURES In the August 8 issue of .NET UPDATE, Christa Anderson started looking at the new features in Universal Description, Discovery, and Integration (UDDI) 3.0. In this column, Christa discusses UDDI's new support for digital signatures. Digital signature use has a twofold purpose. First, by signing data in a UDDI registry, publishers of the data can be sure that they can't be impersonated. Second, users of digitally signed data in a registry can be sure that the identified publisher of the data is genuine and that the data hasn't changed since it was published. Support for digital signatures lets anyone who queries a UDDI registry view only entities that have been digitally signed. http://www.secadministrator.com/articles/index.cfm?articleid=26427 5. ==== HOT RELEASES (ADVERTISEMENTS) ==== * FREE SECURITY ASSESSMENT TOOL Aelita InTrust(TM) closes the gap between policy and IT infrastructure, simplifying your regulatory compliance efforts. HIPAA? Gramm-Leach-Bliley? BS7799/ISO17799? Let Aelita provide your compliance solution. Start with our FREE security assessment tool: Aelita InTrust Audit Advisor! http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wd0AY * PREVENT THE 7 DEADLY CLASSES OF NETWORK ATTACK Taking down a webserver for patching is never convenient. A new offering by eEye Digital Security enables you to prevent attacks by known and unknown IIS vulnerabilities -- even when you don't have time to patch. Free whitepaper & free trial downloads at: http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04We0AZ 6. ==== INSTANT POLL ==== * RESULTS OF PREVIOUS POLL: BIOMETRIC SCANNERS The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Which of the following types of biometric scanners are currently in use on your network?" Here are the results (+/- 2 percent) from the 279 votes: - 10% Fingerprint - 3% Retina - 1% Facial - 3% Two or more of the above - 84% None of the above * NEW INSTANT POLL: WARCHALKING The next Instant Poll question is, "Has your wireless network been warchalked?" Go to the Security Administrator Channel home page and submit your vote for a) Yes, b) No, or c) I'm not sure. http://www.secadministrator.com 7. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I EASILY VIEW WHICH COOKIES ARE STORED ON MY MACHINE? ( contributed by John Savill, http://www.windows2000faq.com ) A. NirSoft has released IECookiesView, a free utility you can download from Simtel.net that lets you easily view cookies on your machine, check the values within the cookies, and delete those values. To view the contents of a cookie, you simply select the cookie in the GUI, and to delete a cookie, you press Delete and click Yes to confirm. http://www.simtel.net/pub/pd/59299.html * EVENT HIGHLIGHT: SECURITY STRATEGY WORKSHOP September 16 through 20, 2002 Redmond, Washington September 30 through October 4, 2002 Boston, Massachusetts NetIQ offers hands-on 1-day workshops in which you can learn to identify threats, assess security problems, outline a security strategy, and then strengthen a network in a controlled lab setting. You can attend the Digital Crime Prevention Labs workshops for $499 per person. For more information, go to http://www.netiq.com/events/seminars/digitalcrimeprevention/default.asp 8. ==== NEW AND IMPROVED ==== (contributed by Judy Drennen, productsat_private) * END-TO-END SECURITY SOLUTION FOR WLANS Funk Software announced Odyssey, an end-to-end 802.1x security solution that lets users securely access wireless LANs (WLANs) and can be widely deployed and managed across an enterprise network. Odyssey includes client and server software and a protocol that a single user can deploy from any machine that's compatible with existing authentication databases and infrastructure. The solution runs on Windows XP, Windows 2000, Windows Me, and Windows 98 and supports all wireless adapter cards. Odyssey costs $2500, which includes the Odyssey Server and 25 Odyssey Client licenses. Standalone licenses are available for $50 each; quantity discounts are available. Contact Funk Software at 1-617-497-6339 or 1-800-828-4146. http://www.funk.com * FREEWARE ANTIPIRACY SOFTWARE PROGRAM The Trialware Professional Association (TPA) has released Crack Killer, a freeware Windows program that lets software authors track and report Web sites hosting cracks, serials, and pirated versions of their software. Crack Killer uses a solid database engine that tracks active and inactive pirated-software sites. Software vendors can use this software to track sites that contain links to pirated versions of their software. Crack Killer runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x. Contact TPA at infoat_private or go to the Web site. http://www.trialware.org/crackkiller.html * SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshotat_private 9. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.com/forums Featured Thread: Interpreting an Attack (One message in this thread) A reader writes that he works at a client company that refuses to put its Windows network behind a firewall. As a result, the company is the target of many attacks. Below is an audit record from the Security log of a Windows 2000 Server, which is a member server of a Windows NT 4.0 domain. PLS-HQ is the NT domain name and Monitor is the name of the server. The reader said it looks to him as if the attacker has taken the server name and added a dollar sign (Monitor$) and is using that to gain access. He wants to know the nature of the exploit and how to foil it. Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 627 Date: 8/29/2002 Time: 9:02:40 AM User: NT AUTHORITY\SYSTEM Computer: MONITOR Description: Change Password Attempt: Target Account Name: TsInternetUser Target Domain: MONITOR Target Account ID: MONITOR\TsInternetUser Caller User Name: MONITOR$ Caller Domain: PLS-HQ Caller Logon ID: (0x0,0x3E7) Read the responses or lend a hand: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=45273 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: VIGILANTe's SecureScan NX Experience? (One message in this thread) A reader wants to know whether anyone has hands-on experience with VIGILANTe's SecureScan NX vulnerability-assessment tool. Read the responses or lend a hand at the following URL: http://63.88.172.96/listserv/page_listserv.asp?a2=ind0208e&l=howto&p=195 10. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-| Thank you for reading Security UPDATE. MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email Thank you! - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 01:03:53 PDT