[ISN] Windows & .NET Magazine Security UPDATE--June 18, 2003

From: InfoSec News (isnat_private)
Date: Thu Jun 19 2003 - 03:02:14 PDT

  • Next message: InfoSec News: "RE: [ISN] When to Shed Light"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Hewlett-Packard
    http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw08fJ0Av
    
    Windows & .NET Magazine
    http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw06cX0A5
    
    ====================
    
    1. In Focus: Are IDSs Overrated?
    
    2. Security Risks
         - Multiple Buffer-Overflow Vulnerabilities in FlashFXP FTP Client
           for Windows
         - Multiple Buffer-Overflow Vulnerabilities in SmartFTP FTP Client
           for Windows
    
    3. Announcements
         - New--Test-Drive Our Performance Portal!
         - Fight Spam and Viruses, and Secure Exchange 2003!
    
    4. Security Roundup
         - News: News: Microsoft Gears Up for Antivirus Efforts
         - News: Win2K SP4 Is Coming Soon; The Newest IIS Security Rollup
         - Feature: Where to Place Your Antivirus Defenses
    
    5. Security Toolkit
         - Virus Center
         - FAQ: What's the purpose of the SELF Subject I See in Windows
           2000 Active Directory (AD)?
    
    6. Event
         - Security 2003 Road Show
     
    7. New and Improved
         - Leave the Monitoring to Professionals
         - Use Plant DNA Codes to Authenticate Users
         - Submit Top Product Ideas
    
    8. Hot Thread
         - Windows & .NET Magazine Online Forums
             - Featured Thread: How to Issue Certificates with an Offline
    CA
    
    9. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Hewlett-Packard ====
    
       HP OpenView for Windows Test Drive
       Monitor the availability and performance of your corporate website
    -- FREE for 30 days, using powerful HP OpenView management software
    for Windows. Simulate activity. Monitor complex transactions. Meet
    business demands. Manage web services. Click here.
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw08fJ0Av
    
    ====================
    
    ==== 1. In Focus: Are IDSs Overrated? ====
       by Mark Joseph Edwards, News Editor, markat_private
    
    Microsoft recently announced plans to acquire the technological and
    intellectual assets of GeCAD Software, a Romanian antivirus software
    vendor. The acquisition lets Microsoft add another layer to its
    existing set of security protection mechanisms across the majority of
    its product lines. You can read about the acquisition in the related
    news story, "Microsoft Gears Up for Antivirus Efforts," in this
    edition of Security UPDATE.
    
    Microsoft is adding a layer of security that will eventually become
    available to customers. At the same time, Gartner recommends that
    enterprises remove a layer of security from their protection schemes.
    
    In a press release issued last week, Gartner declared that Intrusion
    Detection Systems (IDSs) are a market failure because they fail to add
    value relative to their costs. Gartner recommends that instead of
    spending money on an IDS, companies spend their money on firewall
    solutions that offer both network-level and application-level
    protection.
    
    Gartner's comments about IDSs appeared in a press release that
    promotes the company's recently released report, "Hype Cycles"
    (interested parties can purchase the report from Gartner). The report
    considers what the future technology will be, including whether IDSs'
    current popularity results more from hype than from their lasting
    value and cost-effectiveness. Gartner's prognosis leads me to pose a
    couple of questions to you. Do you believe that the cost of an IDS
    outweighs its benefits? Do you believe that removing your standalone
    IDS would benefit your enterprise?
    
    As Gartner notes, firewalls, whether they reside in the network layer,
    the application layer, or the desktop layer, serve well to defend
    against attack. Even so, I believe IDSs have a place among the layers.
    
    IDS technology lets you view the type of traffic traveling into your
    networks. Proactive IDSs sometimes reveal attack types about which
    firewalls "know" nothing. If IDSs are positioned behind a firewall,
    they can reveal and shut down attacks that bypass the firewall. If
    proactive IDSs are positioned in front of a firewall, they can shut
    down suspicious traffic before it reaches the firewall.
    
    Gartner also notes that IDS technology often provides false positives
    and false negatives, that it places an increased burden on staff
    (requiring round-the-clock monitoring every day of the year), that it
    requires a tedious incident-response process, and that it can't
    monitor traffic at speeds exceeding 600Mbps. One could make the first
    three complaints about firewalls too. Firewall users deal with false
    detections (all shops that are serious about security must monitor
    many matters around the clock), and most security incidents (and even
    nonsecurity incidents, such as a failed server or desktop
    installation) are time-consuming and tedious to handle--not to mention
    frustrating.
    
    As for IDSs being unable to monitor traffic that exceeds 600Mbps: That
    concern is addressable--because it depends in large part on the
    underlying hardware and OS. The fastest platforms seem to be
    standalone units designed for specific purposes (e.g., Internet
    Security Systems'--ISS's--new Proventia security appliances).
    Proventia appliances combine firewall, intrusion detection, VPN, and
    virus-scanning capabilities in standalone units that can operate at
    speeds that far exceed 1Gbps.
    
    However, using a standalone all-in-one unit can sometimes create a
    single point of failure--a notable risk. If intruders somehow break
    the appliance unit, they might break all the included security
    features, including the firewall, IDS, and the antivirus protection.
    Even if you use multiple standalone units, the same holds true--an
    exploitable flaw in one unit might be an exploitable flaw in all
    identical units, depending on configuration and circumstances. In such
    a potential event, a multivendor and multifunction security solution
    might hold up better.
    
    I think IDSs do have a place in the security market and that they're
    not simply overhyped solutions. But if today's firewall vendors intend
    to diversify their security-related offerings, they'll need to provide
    proven fail-safe solutions that don't create a single point of
    failure. And that's not an easy task, especially when it comes to the
    "proving" part.
    
    ====================
    
    ==== Sponsor: Windows & .NET Magazine ====
    
    Insider's Guide to IT Certification eBook
       Get the eBook that will help you get certified!  The "Insider's
    Guide to IT Certification," from the Windows & .NET Magazine Network,
    has one goal: to help you save time and money on your quest for
    certification. Find out how to choose the best study guides, save
    hundreds of dollars, and be successful as an IT professional. The
    amount of time you spend reading this book will be more than made up
    by the time you save preparing for your certification exams. Order
    your copy today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw06cX0A5
    
    ====================
    
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, kenat_private
    
    Multiple Buffer-Overflow Vulnerabilities in FlashFXP FTP Client for
    Windows
       Two buffer-overflow vulnerabilities in FlashFXP FTP Client for
    Windows can result in the execution of arbitrary code on the
    vulnerable computer. These two vulnerabilities consist of a buffer
    overflow that occurs if a server replies to a PASV command request
    with a long string and a buffer overflow that occurs if a long host
    name is specified as the destination server. FlashFXP has released
    version 2.1, which doesn't contain these vulnerabilities.
       http://www.secadministrator.com/articles/index.cfm?articleid=39271
    
    Multiple Buffer-Overflow Vulnerabilities in SmartFTP FTP Client for
    Windows
       Two buffer-overflow vulnerabilities in SmartFTP FTP Client for
    Windows can result in the execution of arbitrary code on the
    vulnerable computer. If a server responds to a PWD command request
    with a reply that contains a long address, a buffer overflow can
    occur. If a server returns a File List that contains a long string, a
    buffer overflow can also occur. SmartFTP has released version 1.0.976,
    which doesn't contain these vulnerabilities.
       http://www.secadministrator.com/articles/index.cfm?articleid=39272
    
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    New--Test-Drive Our Performance Portal!
       The Windows & .NET Magazine Performance Portal site is an online
    service that lets IT professionals test client/server scalability and
    application performance of client/server database, workflow, streaming
    media, and office productivity applications. Check out this innovative
    service at
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw0BAW70Ac
    
    Fight Spam and Viruses, and Secure Exchange 2003!
       Check out our June Web events, and get expert advice that will help
    you fight spam and viruses and also help you assess the security risks
    of Exchange 2003. There's no charge for any of these eye-opening,
    educational events, but space is limited so sign up now!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw02lB0An
    
    ==== 4. Security Roundup ====
    
    News: Microsoft Gears Up for Antivirus Efforts
       Microsoft announced its intention to acquire the intellectual
    property and technology assets of Romanian-based antivirus software
    maker GeCAD Software. Viruses, worms, and Trojan horses constantly
    plague Microsoft products, so we'll probably see the company release
    an antivirus solution based on GeCAD technology in the near future.
       http://www.secadministrator.com/articles/index.cfm?articleid=39277
    
    News: Win2K SP4 Is Coming Soon; The Newest IIS Security Rollup
       According to Windows & .NET Magazine columnist Paula Sharick,
    Windows 2000 bug reports and hotfixes have slowed to a trickle during
    the past few months. This slowdown always presages the release of a
    new service pack. As of June 8, the Microsoft Knowledge Base contained
    23 Win2K pre-Service Pack 5 (SP5) articles, including the recommended
    Layer Two Tunneling Protocol (L2TP), IP Security (IPSec), and Network
    Address Translation (NAT) update. These pre-SP5 articles indicate that
    SP4 won't include fixes for several USB problems or problems with
    terminal servers that fail in high-stress environments. So ramp up
    your software distribution scripts, and put SP4 on the schedule for a
    late summer or early fall deployment.
       http://www.winnetmag.com/articles/index.cfm?articleid=39259
    
    Feature: Where to Place Your Antivirus Defenses
       Deciding whether to run a virus scanner is a "no-brainer." The key
    decision is where to place it. You must place antivirus products where
    attackers might introduce malicious code into your environment.
    Because you probably don't have an unlimited security budget, you must
    make good cost/benefit decisions about antivirus products. Your
    decisions involve your entire environment--including those assets you
    choose not to protect with virus scanners. However, by carefully
    reviewing your networked environment, knowing which antivirus
    resources you can afford to implement, and placing the virus
    protection strategically, you can develop the most effective overall
    protection for your organization. Learn more about this crucial aspect
    of network security in Roger A. Grimes's article on our Web site.
      
     http://www.secadministrator.com/articles/index.cfm?articleid=24050&pg=1&show=799
    
    ==== 5. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    FAQ: What's the Purpose of the SELF Subject I See in Windows 2000
    Active Directory (AD)?
       ( contributed by Randy Franklin Smith, rsmithat_private )
    
    A. The SELF subject is specific to AD--you won't find this subject in
    ACLs for objects outside AD (e.g., files, folders). SELF lets you
    control what users can do to their accounts. SELF comes in handy
    because you can use it to define--at the organizational unit (OU)
    level--which operations your users can perform on themselves; you
    don't need to edit each user object's ACL.
    
    Child objects (e.g., user accounts) in an OU inherit the permissions
    that you set on the OU. Therefore, if you want to let all users in an
    OU perform certain operations on their accounts, you can create an
    OU-level access control entry (ACE) for which the subject is SELF and
    the "Apply onto" field is User objects. For example, if you want users
    in the SalesReps OU to be responsible for keeping their phone numbers
    and email addresses up-to-date, you can add an ACE to the SalesReps OU
    that grants all its members SELF Write access to Phone and Mail
    options.
    
    ==== 6. Event ====
    
    Security 2003 Road Show
       Join Mark Minasi and Paul Thurrott as they deliver sound security
    advice at our popular Security 2003 Road Show event.
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw07Kz0AH
    
    ==== 7. New and Improved ====
       by Sue Cooper, productsat_private
    
    Leave the Monitoring to Professionals
       I-Trap announced the I-Trap Internet security service, which
    combines an onsite appliance with offsite monitoring to provide
    intrusion detection and an external-to-the-firewall attack detection
    system. The solution sniffs the packets of incoming data for
    signatures of software code that intruders use. I-Trap routes the
    network activity data to the servers at I-Trap's 24-hour Network
    Operation Center (NOC), which filters and makes data available to you
    in real time, through detailed online reports. I-Trap's security
    professionals review your network activity for threats and, when
    indicated, alert you and remotely reconfigure the network or firewall
    to block the threat. Contact I-Trap at 888-658-8727, 330-658-1040, or
    service@i-trap.net.
       http://www.i-trap.net
    
    Use Plant DNA Code to Authenticate Users
       Applied DNA Sciences announced Applied DNA Security Access System,
    which employs biotechnology to identify users and authenticate their
    credit card-type media. The technology integrates unique nonhuman DNA
    code into a nonsilicon-based microchip, creating a DNA security access
    microchip. Only the proprietary DNA Chip Reader can read the security
    access microchip. Without authentication, the product into which the
    microchip is embedded won't let the user proceed. Possible uses of the
    System include ID verification, card counterfeit protection, and
    personnel access control. Contact Applied DNA Sciences at 310-860-1362
    or infoat_private
       http://www.adnas.com
    
    Submit Top Product Ideas
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    ==== 8. Hot Thread ====
    
    Windows & .NET Magazine Online Forums
       http://www.winnetmag.com/forums
    
    Featured Thread: How to Issue Certificates with an Offline CA
       (Five messages in this thread)
    
    A user wants to know whether the Certificate Authority (CA)
    administrator can create and issue browser certificates on behalf of
    clients, thereby keeping the client off the CA. He needs to be able to
    issue certificates from an offline standalone CA, so he would like to
    create browser certificates for clients and issue them through email.
    Lend a hand or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=60021
    
    ==== Sponsored Link ====
    
    FaxBack
       Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)
       http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw0BAoJ0AL
    
    ===================
    
    ==== 9. Contact Us ====
    
    About the newsletter -- lettersat_private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- productsat_private
    About your subscription -- securityupdateat_private
    About sponsoring Security UPDATE -- emedia_oppsat_private
    
    ====================
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
     today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jun 19 2003 - 05:29:13 PDT