[ISN] Security UPDATE, January 22, 2003

From: InfoSec News (isnat_private)
Date: Thu Jan 23 2003 - 03:26:07 PST

  • Next message: InfoSec News: "[ISN] Security Flaw Exposes 35 Million AOL Accounts"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows Server 2003, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Panda Antivirus: Want Truly Automatic Daily Updates?
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QG0Ai
    
    PacWest Security Road Show
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07Kz0AT
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: PANDA ANTIVIRUS: WANT TRULY AUTOMATIC DAILY UPDATES? ~~~~
       Most antivirus companies tell you they have daily automatic
    updates, but the truth is they only update their files twice a week at
    best. You can log on every day, but the files only update twice a
    week. How does this protect you? Panda Software truly automatically
    updates your antivirus every single day. And since you've probably
    been paying the other guys extra for tech support, you'll be happy to
    know that Panda's corporate tech support is FREE, 24 hours a day, 365
    days per year. For more information on our award-winning network
    antivirus solutions, click below and receive a FREE gift from Panda
    Software.
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QG0Ai
    ~~~~~~~~~~~~~~~~~~~~
    
    January 22, 2003--In this issue:
    
    1. IN FOCUS
         - Security Tools for Your Data-Gathering Efforts
    
    2. SECURITY RISKS
         - Buffer-Overflow Vulnerability in CuteFTP 5.0 for XP
    
    3. ANNOUNCEMENTS
         - Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT
           Challenges, March 31, 2003
         - Windows & .NET Magazine Connections Announces Spring 2003 Dates
    
    4. SECURITY ROUNDUP
         - News: Microsoft Opens Source Code to Governments
         - News: Group Espada Announces New Security Tools
         - Feature: Building a Secure VPN
    
    5. INSTANT POLL
         - Results of Previous Poll: ISA Server 2000
         - New Instant Poll: Security Administrative Duties
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Restore My Windows XP System Using an Automated
           System Recovery (ASR) Backup?
    
    7. NEW AND IMPROVED
         - Let the Pros Keep You Secure
         - Inspect and Report on Computers' Security
         - Submit Top Product Ideas
    
    8. HOT THREAD
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Trouble with Network Windows XP Shares and
               Logons
          - HowTo Mailing List:
             - Featured Thread: Microsoft Windows PKI and PEM Certificates
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * SECURITY TOOLS FOR YOUR DATA-GATHERING EFFORTS
    
    As part of your overall security efforts, you need to know which
    resources are available on your systems and how those resources are
    being used. It's important to monitor log files, and, in some cases,
    consolidate and generate log files--and some add-on tools can
    significantly simplify the task. In poking around the Internet
    recently, I found several tools that you might want to consider using
    in your Windows network environments. Most of the tools address log
    files, and one tool enumerates system characteristics on local and
    remote systems.
    
    First, consider Purdue University Engineering Computer Network's
    Eventlog to Syslog, a utility that runs on Windows and monitors event
    logs, reformats the log entries, and sends them to a UNIX-based syslog
    service for centralized collection. This utility helps administrators
    who use UNIX as their main desktop monitor events that take place on
    Windows-based systems.
       https://engineering.purdue.edu/ecn/resources/documents/unix/evtsys
    
    Second, consider SecurIT Informatique's LogAgent, another tool
    designed to centralize log files. LogAgent can gather text-based logs
    from just about any type of software and centralize those logs in one
    or more locations. For example, you can use the tool to gather and
    monitor text-based logs such as firewall logs, antivirus software
    logs, download managers, and content-screening software--without
    having to look at each one through that software's particular software
    interface.
       http://iquebec.ifrance.com/securit
    
    A third tool to consider--also available from SecurIT Informatique--is
    ComLog. This tool lets you introduce logging in a place in which
    logging might otherwise be impossible: in a Windows command shell.
    ComLog monitors everything that happens in a Windows command shell and
    logs it to a file. ComLog is written in Perl and compiled with
    Perl2Exe. The program replaces the cmd.exe file on your Windows
    systems and becomes a front end to that file. After ComLog is in
    place, the program captures all keystrokes and command output and
    writes the data to date-stamped log files for your review.
       http://iquebec.ifrance.com/securit
    
    Another tool, Foundstone's FileWatch, monitors files by detecting
    file-size changes and write operations. The tool can monitor log files
    for changes and produce a separate application when it detects
    changes. For example, you can use it to monitor firewall logs or logs
    from ComLog and LogAgent. You could also use Filewatch to send
    administrative alerts (through email or pager software) when file
    changes occur. Or you could use the tool to initiate other actions,
    such as shutting down services or network connections or starting data
    capture programs.
       http://www.foundstone.com/knowledge/proddesc/filewatch.html
    
    Foundstone's NTLast lets you monitor Windows event logs (including
    saved log files) for logon information. You can use it to perform
    date-driven searches, filter based on hosts, distinguish data logged
    by Web servers, and produce formatted output suitable for Microsoft
    Excel spreadsheets.
       http://www.foundstone.com/knowledge/proddesc/ntlast.html
    
    Finally, check into SourceForge's Winfingerprint. This tool determines
    OS type and can enumerate users, groups, shares, SIDs, network
    transports, disk drives, sessions, and services. Winfingerprint can
    also determine service pack and hotfix levels and discover any open
    TCP and UDP ports. It works with Windows NT domains and Active
    Directory (AD) network structures and can interrogate remote systems
    based on a range of IP addresses.
       http://sourceforge.net/projects/winfingerprint
    
    Be sure to consider these and other log-related and system-enumeration
    utilities. They could help you become aware of suspicious events and
    activities that might otherwise go completely unnoticed--or go
    unnoticed until damage has been done.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: PACWEST SECURITY ROAD SHOW ~~~~
       BACK BY POPULAR DEMAND - DON'T MISS OUR SECURITY ROAD SHOW EVENT!
       If you missed last year's popular security Road Show event, now's
    your chance to catch it again in Portland and Redmond. Learn from
    experts Mark Minasi and Paul Thurrott about how to shore up your
    system's security and what desktop security features are planned for
    .NET and beyond. Registration is free so sign up now!
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07Kz0AT
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * BUFFER-OVERFLOW VULNERABILITY IN CUTEFTP 5.0 FOR XP
       A buffer-overflow vulnerability in GlobalSCAPE's CuteFTP 5.0 XP for
    Windows could result in a potential attacker executing arbitrary code
    on the vulnerable system. When an FTP Server is responding to a "LIST"
    (directory listing) command, the response is sent over a data
    connection. Sending 257 bytes over this connection will cause a buffer
    to overflow, and the IP register can be overwritten completely by
    sending 260 bytes of data.
       http://www.secadministrator.com/articles/index.cfm?articleid=37731
     
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT
    CHALLENGES, MARCH 31, 2003
       Annual executive conference highlights the increased focus on IT
    security in global pharmaceutical enterprises. Networking, case
    studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and
    other top-decision-makers leverage pharmaceutical IT solutions
    successfully. Keynote presentations by executives from Aventis,
    Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of
    Health & Human Services.
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QH0Aj
    
    * WINDOWS & .NET MAGAZINE CONNECTIONS ANNOUNCES SPRING 2003 DATES
       Learn first hand from the magazine writers you know and trust.
    In-depth coverage by the world's top gurus regarding security insights
    about Windows Server 2003, Windows XP, Windows 2000 Server, IIS, SQL
    Server, and the Microsoft .NET platform. Benefit immediately from the
    latest real-world tips on Active Directory, Group Policy, and
    migration techniques. May 18-21, 2003. Register today.
       http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QI0Ak
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: MICROSOFT OPENS SOURCE CODE TO GOVERNMENTS
       Microsoft announced it has opened its source code to governments
    under a new Government Security Program (GSP). The GSP lets
    governments review code to address security and other concerns.
    Governments have long had access to UNIX platform source code,
    including Linux versions. However, ensuring the security of Microsoft
    products has been a stumbling block for government acceptance.
       http://www.wininformant.com/articles/index.cfm?articleid=37683
    
    * NEWS: GROUP ESPADA ANNOUNCES NEW SECURITY TOOLS
       Group Espada announced it would release a set of new security tools
    now undergoing beta testing. The new tools consist of KATANA,
    KATANA.NET, and KATANA for SQL Server 2000 and will be available as a
    suite or as individual components.
       http://www.wininformant.com/articles/index.cfm?articleid=37700
    
    * FEATURE: BUILDING A SECURE VPN
       The VPN concept has been around for almost 10 years. Technologies
    that use public data lines for private corporate traffic promise
    companies a cornucopia of benefits--from saving money on expensive
    leased lines to a workforce empowered to access the entire wealth of
    corporate IT resources from any kind of connection anywhere on the
    globe. But as with other overhyped and overmarketed technologies, the
    devil is in the details. Read all about it in this article by Tony
    Howlett.
       http://www.secadministrator.com/articles/index.cfm?articleid=37447
    
    5. ==== INSTANT POLL ====
     
    * RESULTS OF PREVIOUS POLL: ISA SERVER 2000
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Does your company use Microsoft Internet Security and Acceleration
    (ISA) Server 2000?" Here are the results from the 348 votes.
    (Deviations from 100 percent are due to rounding errors.)
       - 38% Yes
       - 55% No
       -  7% No, but we intend to implement it
     
    * NEW INSTANT POLL: SECURITY ADMINISTRATIVE DUTIES
       The next Instant Poll question is, "What is currently the main
    focus of your security-related administrative duties?" Go to the
    Security Administrator Channel home page and submit your vote for a)
    Tightening general security, b) Defending against network attacks, c)
    Defending against Web site attacks, d) Filtering junk email, or e)
    Controlling employee surfing habits.
       http://www.secadministrator.com
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I RESTORE MY WINDOWS XP SYSTEM USING AN AUTOMATED
    SYSTEM RECOVERY (ASR) BACKUP?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. If you experience a core-OS corruption in XP and you've created an
    ASR backup, you can use the ASR backup to restore your system by
    performing the following steps:
       1. Boot from your original XP media.
       2. If prompted, press a key to boot the system from the CD-ROM.
       3. During the text mode portion of setup, press F2 to initiate an
    ASR restore.
       4. When prompted, insert the ASR backup disk and follow the
    onscreen instructions.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * LET THE PROS KEEP YOU SECURE
       Dimension Data Holdings launched Surveyor for Security, a security
    assessment and risk management service. Dimension Data assesses your
    IT environment and determines the probability and impact associated
    with security risks. Dimension Data's security experts develop a
    remediation road map to ensure that the appropriate people, tools, and
    processes are in place to protect your company's assets. Dimension
    Data's security personnel then implement those safeguards and provide
    ongoing security management and monitoring services. Contact Dimension
    Data Holdings at 703-262 3200 or email the Director of North America
    Marketing at geary.campbellat_private
       http://www.didata.com
    
    * INSPECT AND REPORT ON COMPUTERS' SECURITY
       Shavlik Technologies announced EnterpriseInspector 2.1, software
    that remotely inspects and reports on the security of your servers and
    workstations. EnterpriseInspector 2.1 combines the security checklist
    of the Microsoft Baseline Security Analyzer (MBSA), which Shavlik
    Technologies developed, with the power of Microsoft SQL Server 2000
    and a custom reporting engine. New features include detection on
    Microsoft Exchange Server and Windows Media Player (WMP), scanning on
    all instances of SQL Server, support for Microsoft Software Update
    Services (SUS), and database statistics and maintenance. Contact
    Shavlik Technologies at 651-426-6624, 800-690-6911, and
    infoat_private
       http://www.shavlik.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREAD ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Trouble with Network Windows XP Shares and Logons
       (Two messages in this thread)
    
    A user says he's using Windows 2000 Server as a PDC and the only
    domain controller (DC) on his network. He uses XP, Win2K, and Windows
    NT clients.
    
    When he logs on to the domain with an XP client, all the network
    shares and printers work for a certain amount of time, but then they
    stop working. If he tries to connect to a network share, he receives
    the error message:
    
    "The system detected a possible compromise in security. Please ensure
    that you can contact the server that authenticated you."
    
    The event log shows the following error, with the source as NETLOGON:
    
    "No Domain Controller is available for domain [domain name] due to the
    following: There are currently no logon servers available to service
    the logon request. Make sure that the computer is connected to the
    network and try again. If the problem persists, please contact your
    domain administrator."
    
    If he logs off and logs on again, everything works again. He doesn't
    have any problems with Win2K and NT clients, and the domain server is
    available all the time. Also, it takes users more than a minute to log
    on after they enter their password. He wants to know why. Lend a hand
    or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=52550
    
    * HOWTO MAILING LIST
       http://63.88.172.96/listserv/page_listserv.asp?a0=howto
    
    Featured Thread: Microsoft Windows and PEM Certificates
       (One message in this thread)
    
    A user writes that he's attempting to implement Microsoft's
    Certificate Authority (CA) using Windows 2000. His company's
    development and engineering team wants to generate and send out
    certificates in certain applications using Privacy Enhanced Mail (PEM)
    formatting, which is the ASCII base-64 format of DER. How does the CA
    format its certificates--in binary or in text? Will this approach
    work? Read the responses or lend a hand at the following URL:
       http://63.88.172.96/listserv/page_listserv.asp?a2=ind0301c&l=howto&p=330
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 06:40:09 PST