[ISN] Security UPDATE, March 12, 2003

From: InfoSec News (isnat_private)
Date: Thu Mar 13 2003 - 00:50:30 PST

  • Next message: InfoSec News: "[ISN] Thousands 'trojaned' through net shares: CERT"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows Server 2003, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    More e-Security - Less Money
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DU0Az
    
    CipherTrust
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DV0A1
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: MORE e-SECURITY - LESS MONEY ~~~~
       Pay 2/3 less than the industry leader for Strong (two-factor)
    Authentication for VPN and Web using the Authenex A-Key(tm) USB token.
    Plus with the same A-Key USB Token, you can leverage an entire suite
    of strong e-Security applications, including: Web Access Control,
    Endpoint Encryption to protect either files or the entire hard drive,
    Secure File Exchange, and Storage for Digital Certificates. Click now
    for a FREE A-Key USB Token.
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DU0Az
    ~~~~~~~~~~~~~~~~~~~~
    
    March 12, 2003--In this issue:
    
    1. IN FOCUS
         - Concise Security Knowledge Available Online
    
    2. SECURITY RISKS
         - Multiple Vulnerabilities in Minihttp's Forum Web Server
         - Content Bypass Vulnerability in Clearswift's MAILsweeper
    
    3. ANNOUNCEMENTS
         - Networld+Interop Las Vegas 2003--Conference: April 27-May 2,
           Exhibition: April 29-May 1
         - Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT
           Challenges, March 31, 2003
    
    4. SECURITY ROUNDUP
         - News: Survey Says: Viruses and System Intrusion Among Top
           Concerns
         - Feature: Nmap Your Network
    
    5. HOT RELEASES (ADVERTISEMENTS)
         - eToken USB-based 2-Factor Authentication
         - Next-Generation Firewall Appliances Keep Pace
         - Increase Security Today with RippleTech's PatchWorks!
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: When I Right-Click an NTFS Volume, Why Can't I See the
           Quota Tab?
    
    7. NEW AND IMPROVED
         - Automate Your Patch Management
         - Install Antivirus Defense at the Gateway
         - Submit Top Product Ideas
    
    8. HOT THREAD
         - Windows & .NET Magazine Online Forums
             - Featured Thread: User Continually Locked Out After Browsing
               Network
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * CONCISE SECURITY KNOWLEDGE AVAILABLE ONLINE
    
    If you're looking for help securing Windows Server 2003, Windows 2000
    Server, Microsoft SQL Server, Microsoft Exchange Server, and other
    related technologies, several online sources of information can assist
    you. Some of the resources I discuss are chapters excerpted from
    books, and others are entire books available online for free.
    
    Last week, Erik Birkholz announced that a discussion among colleagues
    at the recent Black Hat Windows Security 2003 conference convinced him
    to release a chapter from the upcoming book "Special Ops: Host and
    Network Security for Microsoft, UNIX, and Oracle," a book that he
    developed with the help of several knowledgeable authors. Birkholz
    released Chip Andrews' Chapter 12, "Attacking and Defending the
    Microsoft SQL Server." The chapter offers 38 pages of highly useful
    information.
    
    As the chapter title implies, the material covers a wealth of tactics
    you can use to attack and defend SQL Server. The discussion delves
    into information such as server instances, authentication, network
    libraries, security principles for SQL Server, server discovery and
    related tools, acquiring accounts for security contexts, escalating
    privileges, exploiting unpatched vulnerabilities, configuring a secure
    installation, monitoring, and maintenance. You can find the chapter in
    PDF format at the Special Ops Internal Network Security Web site.
       http://www.specialopssecurity.com
    
    Also last week, Paul Robichaux released three chapters of his new
    book, "Secure Messaging with Microsoft Exchange Server 2000." He calls
    the book a "broad guide to securing Exchange-based systems, beginning
    with risk and vulnerability assessment and continuing through applying
    communications security, patch management, and service-specific
    approaches to make Exchange systems more secure." He also said, "I had
    a lot of help from the Exchange development and support team while
    writing the book, and there's a great deal of material there that
    isn't widely available elsewhere."
    
    The three sample chapters are "Windows & Exchange Security
    Architecture," "Threat & Risk Assessment," and "SMTP, Relaying, and
    Spam Control." The security-architecture chapter covers built-in
    accounts and groups, what happens during the logon process, how
    Exchange modifies the Windows discretionary ACL (DACL) evaluation
    process, Exchange-specific permissions, roles, mailboxes, public
    folders, and more.
    
    The threat-assessment chapter discussion includes identifying threats,
    threat classification, possible courses of action, and risk
    assessment. The SMTP chapter covers mail relaying--explaining why mail
    relaying might be necessary, how it can lead to trouble, and how to
    control it. The chapter also discusses how to deal with unwanted
    email, including how to use Exchange's built-in email filters. The
    chapters are available in PDF format at the E2K Security Web site.
       http://www.e2ksecurity.com
    
    Realtimepublishers.com is another excellent resource for online
    security information. Sean Daily, president and CEO of the company,
    has published many guidebooks related to enterprise computing--and
    several of them pertain directly to security. You can read them in
    their entirety online by simply registering for access. At the
    company's Web site, you'll find security-related titles such as "The
    Definitive Guide To Windows 2000 Security," "The Definitive Guide To
    Windows 2000 Group Policy," "The Definitive Guide To Identity
    Management," "The Tips and Tricks Guide To Securing .NET Server," and
    "The Tips and Tricks Guide To Windows 2000 Group Policy."
    Realtimepublishers.com has about 2 dozen eBooks online, and more are
    in the works.
       http://www.realtimepublishers.com
    
    Overall, you can find a lot of information online about securing your
    particular platform--from white papers and checklists to chapters and
    entire books. Check out the publications I mention; they're among the
    most timely resources available. And if you know about other new
    publications I didn't mention, send me an email with the details.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: CIPHERTRUST ~~~~
       Top 10 Techniques To Control Spam
       Stop spam! There are ways to secure and reclaim your mail server(s)
    before spam and other email threats become security issues. Don't
    leave your email systems vulnerable. This whitepaper provides the TOP
    10 TECHNIQUES to Control Spam in the enterprise. Request your copy
    today!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DV0A1
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * MULTIPLE VULNERABILITIES IN MINIHTTP'S FORUM WEB SERVER
       Dennis Rand discovered that three vulnerabilities exist in
    Minihttp's Forum Web Server 1.60. The first lets a potential attacker
    access files that reside outside the restricted area of the server.
    The second permits insertion of malicious HTML and JavaScript into
    existing Web pages (Cross Site Scripting). The third makes it possible
    to steal other users' username and password. The vendor, Minihttp has
    released Forum Web Server 1.61, which isn't vulnerable to this
    condition.
       http://www.secadministrator.com/articles/index.cfm?articleid=38333
    
    * CONTENT BYPASS VULNERABILITY IN CLEARSWIFT'S MAILSWEEPER
       Martin O'Neal discovered that a vulnerability exists in
    Clearswift's MAILsweeper 4.x that could result in the bypass of the
    attachment-blocking feature on the vulnerable server. If an attacker
    uses a deliberately malformed MIME encapsulation technique, the
    MAILsweeper product won't recognize the attachment and lets it pass.
    The vendor has made an updated script utility available that can
    detect the malformed MIME header used in this vulnerability. You
    should implement this utility as a workaround until a fix or patch is
    available.
       http://www.secadministrator.com/articles/index.cfm?articleid=38334
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * NETWORLD+INTEROP LAS VEGAS 2003--CONFERENCE: APRIL 27-MAY 2,
    EXHIBITION: APRIL 29-MAY 1
       Networld+Interop, the definitive networking event of the year,
    brings together high-level buyers in networking, security, wireless,
    VoIP, and network storage technologies with industry leading companies
    and their products and services. Call 888.886.4057 or register now at:
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08Bg0AH
    
    * PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT
    CHALLENGES, MARCH 31, 2003
       Annual executive conference highlights the increased focus on IT
    security in global pharmaceutical enterprises. Networking, case
    studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and
    other top-decision-makers leverage pharmaceutical IT solutions
    successfully. Keynote presentations by executives from Aventis,
    Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of
    Health & Human Services.
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw07QH0Ay
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: SURVEY SAYS: VIRUSES AND SYSTEM INTRUSION AMONG TOP CONCERNS
       VanDyke Software announced the results of a security-related survey
    commissioned through Saurage Research. Saurage contacted 710 small and
    midsized businesses in fourth quarter 2002 to learn about their
    priorities in protecting their enterprises.
       http://www.secadministrator.com/articles/index.cfm?articleid=38256
    
    * FEATURE: NMAP YOUR NETWORK
       Port scanning offers security professionals and systems
    administrators a fast and effective way to identify which services or
    applications their servers have open to the Internet or another
    network. Jeff Fellinge's article on our Web site teaches you how to
    use Nmap to scan your network.
       http://www.secadministrator.com/articles/index.cfm?articleid=23655
    
    5. ==== HOT RELEASES (ADVERTISEMENTS) ====
    
    * eTOKEN USB-BASED 2-FACTOR AUTHENTICATION
       eToken from Aladdin offers simple, reliable and affordable 2-factor
    authentication for secure network logon, VPN access, web access,
    e-mail, and PC security. No reader or server required to securely
    store users' passwords, keys, and certificates.
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw076g0A3
    
    * NEXT-GENERATION FIREWALL APPLIANCES KEEP PACE
       Want faster network throughput without the security bottleneck?
    This new WatchGuard(R) white paper includes criteria for evaluating
    next-generation firewall appliances that keep pace with the fastest
    networks and provide the security required by large, distributed
     enterprises.
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DW0A2
    
    * INCREASE SECURITY TODAY WITH RIPPLETECH'S PATCHWORKS!
       Struggling to find time for patch management? PatchWorks makes it
    easy to remotely manage and deploy security updates, hotfixes and
    service packs. For research, software inventory, policy enforcement
    and more, try PatchWorks FREE today!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw076f0A2
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: WHEN I RIGHT-CLICK AN NTFS VOLUME, WHY CAN'T I SEE THE QUOTA
    TAB?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. If the Quota tab isn't visible, your user account or group doesn't
    have the Traverse Folder/Execute File right on that NTFS volume. To
    resolve this problem, perform the following steps:
       1. Right-click the NTFS volume in Windows Explorer or My Computer,
    then select Properties from the displayed context menu.
       2. Select the Security tab.
       3. Click the Advanced button.
       4. Select the Permissions tab.
       5. Select the entry that applies to your user account or group,
    then click Edit.
       6. Under the "Apply onto" section, make sure that the "This folder,
    subfolders and files" check box is selected.
       7. Select the Allow check box for Traverse Folder/Execute File
    permissions, then click OK.
       8. Click OK to close all dialog boxes.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * AUTOMATE YOUR PATCH MANAGEMENT
       Shavlik Technologies released HFNetChkPro 4.0, an automated patch
    management solution that Shavlik originally developed for Microsoft.
    HFNetChkPro scans your entire network for vulnerabilities and pushes
    patches as soon as an update is issued, protecting systems in
    realtime. HFNetChkPro patches offline machines automatically when they
    come back online. The software's third-party threat-rating system lets
    you customize patch criticality and receive threat analyses and
    comments about patches from security industry leaders. The Automated
    PatchPush Tracker lets you view the status of the patches being pushed
    as well as information about who deployed the most recent patch and
    when it was deployed. HFNetChkPro 4.0 is now integrated with Active
    Directory (AD). Contact Shavlik Technologies at 651-426-6624,
    800-690-6911, or infoat_private
       http://www.shavlik.com
    
    * INSTALL ANTIVIRUS DEFENSE AT THE GATEWAY
       Panda Software announced the Panda Antivirus Appliance, offering
    perimeter protection against inbound and outbound viruses for your
    mail servers, workstations, and server hardware. Features include load
    balancing and scalability, secure remote administration, automatic
    daily updates, content filtering, status reports on the virus scan and
    content filter, and realtime system monitoring. Protected protocols
    include SMTP, HTTP, POP3, FTP, Network News Transfer Protocol (NNTP),
    IMAP4, and SOCKS. Contact Panda Software at 818-543-6901, 800-603-4922
    or info.usaat_private
       http://www.pandasoftware.us
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREAD ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: User Continually Locked Out After Browsing Network
       (Two messages in this thread)
    
    A user writes that when one user on his network attempts to browse a
    mapped network drive, the user receives the following message in
    Microsoft Word:
    
    "The system detected a possible attempt to compromise security. Please
    ensure that you can contact the server that authenticated you"
    
    The user can't access the server after logging on and is somehow
    locked out of his workstation. After the administrator unlocks the
    user account and the user logs on again, the user is locked out again
    when he tries to browse the network for server access. Do you know why
    this occurs? Lend a hand or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=55214
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 03:18:08 PST