==================== ==== This Issue Sponsored By ==== Windows & .NET Magazine Network http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0owX0AH ==================== 1. In Focus: Service Pack Maintenance with Scripts 2. Security Risks - Buffer Overflow in Avant Browser for Windows - Buffer Overflow in Tullerian TftpdNT 3. Announcements - For Security-Minded IT Pros: Windows & .NET Magazine Connections - Special Offer from SQL Server Magazine 4. Security Roundup - News: SoBig.F Slows, but SoBig.G Is Coming Soon - Feature: SOAP/XML Firewalls 5. Instant Poll - Results of Previous Poll: The RPC/DCOM Worms - New Instant Poll: Rolling Out Service Packs 6. Security Toolkit - Virus Center - FAQ: How Do I Determine Which Programs Access Files? 7. Event - New--Mobile & Wireless Road Show! 8. New and Improved - Lock Down Your Systems - Control Internet Access - Tell Us About a Hot Product and Get a T-Shirt! 9. Hot Threads - Windows & .NET Magazine Online Forums - Featured Thread: Security Patch Installation for MSBlaster Worm - HowTo Mailing List - Featured Thread: Network Security? 10. Contact Us See this section for a list of ways to contact us. ==================== ==== Sponsor: Windows & .NET Magazine Network ==== If You Like This Email Newsletter... Then be sure to check out the Windows & .NET Magazine Network. You'll find page after page of problem-solving, time-saving articles plus other fantastic resources like our forums, Windows IT library, Download Central, and much, much more. Click here now! http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0owX0AH ==================== ==== 1. In Focus: Service Pack Maintenance with Scripts ==== by Mark Joseph Edwards, News Editor, markat_private As you know, maintaining service pack levels and hotfixes on your systems is important. Many factors affect how and when you patch your systems. If you've tested your particular architecture and know that a given service pack or hotfix won't adversely affect operations, you still face the problem of how to roll out the service pack to all your systems, especially if some of your systems are mobile and connect only periodically. You can roll out patches various ways. You might use Microsoft Systems Management Server (SMS) with Software Update Services (SUS), SUS by itself, or any of several third-party service pack and hotfix-management tools. Also, you can ask users to patch their systems, or you might patch systems manually. Clearly, however, automation is the most effective rollout approach. One efficient way to handle patch management is by using Group Policy and scripts. You can use scripts to check a system's patch levels, then use Group Policy to cause systems to load patches--for example, if a system doesn't have a given patch installed. To use this approach, you need some level of proficiency in writing script code, which isn't hard to achieve but does require some time and focus. Patrick Goodwin, who reads the HowTo Mailing List(see the URL below), recently offered readers a startup boot script that he uses to help automate service pack installation. (Goodwin's employee, Chi Kin To wrote the script.) The script checks the OS type and service pack level against presets written into the script code. If the system doesn't meet conditions (e.g., Windows 2000 Service Pack 4--SP4--isn't installed), the script places that computer in a service pack installation group (a Group Policy Object--GPO). The original script creates a second script on the system that schedules a system reboot at a predetermined time (e.g., in the middle of the night when no one uses the system). When the system reboots, the system downloads and installs a copy of the service pack. When the same script runs again and determines that the system has the specified service pack installed, the script moves that system out of the service pack installation group. http://63.88.172.96/listserv/page_listserv.asp?s=howto Depending on your particular situation, you might find this script handy. You might also consider modifying the code to fit another task or purpose. Also, if you want to learn scripting techniques, the script serves as a good example of how to perform various actions, such as determining an OS type, service pack level, and GPO membership. You can access the script to examine or use in the HowTo for Security mailing list archives (see the first URL below). At the second URL below, you'll find another version of the script (Chi Kin To also wrote this version), which has additional code that checks a machine's IP address to make sure it's connected to the local subnets before any actions are performed. This check might be helpful for systems connected over slow WAN links. The IP address check can ensure that the script doesn't cause that system to try to download a huge service pack file over a slow link. http://www.secadministrator.com/listserv/page_listserv.asp?a2=ind0308c&l=howto&p=3253 http://www.secadministrator.com/listserv/page_listserv.asp?a2=ind0308d&l=howto&p=2351 You can get a head start on script writing by searching for ready-made scripts on the Internet, by learning about scripting techniques in various forums, and of course by reading the Windows Scripting Solutions newsletter. (You can learn more about our scripting forum and newsletter at the URLs below.) http://www.winscriptingsolutions.com http://www.winnetmag.com/forums/categories.cfm?catid=43 ==================== ==== 2. Security Risks ==== contributed by Ken Pfeil, kenat_private Buffer Overflow in Avant Browser for Windows "Nimber" discovered a buffer-overflow condition in Avant Browser 8.02 for Microsoft Internet Explorer (IE). By causing a user to click on a URL that's longer than 780 characters, an attacker can cause the Web browser to crash. Avant Browser has been notified. http://www.secadministrator.com/articles/index.cfm?articleid=39966 Buffer Overflow in Tullerian TftpdNT A buffer-overflow condition in Tellurian TftpdNT Server 1.8 for Windows NT and Windows 9x can result in the execution of arbitrary code on the vulnerable system. This overflow occurs in the product's parsing of a filename. Tellurian has released version 2.0, which isn't vulnerable to this condition. http://www.secadministrator.com/articles/index.cfm?articleid=40030 ==== Sponsor: Virus Update from Panda Software ==== Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control. http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBlT0AN Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today! http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBDp0AB ==================== ==== 3. Announcements ==== (from Windows & .NET Magazine and its partners) For Security-Minded IT Pros: Windows & .NET Magazine Connections Have you ever been hacked? Are Windows Server 2003's improved security features worth the migration effort? Want to stop spam? Learn the answers to these questions and more at Windows & .NET Magazine Connections. Stay competitive by investing your time in the latest technologies, tips, and tricks. Register today, save money, and receive access to concurrently running Exchange Connections. http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0KXQ0A2 Special Offer from SQL Server Magazine SQL Server Magazine presents the SQL Server Technical Education Package, including a 1-year print subscription to SQL Server Magazine, full SQL Server Magazine Web site access, and a 1-year subscription to the SQL Server Magazine Master CD (2 CDs), for only $39.95! Click here for this incredible limited-time offer! http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKs0AM ==== 4. Security Roundup ==== News: SoBig.F Slows, but SoBig.G Is Coming Soon SoBig.F, the fastest-spreading email virus in history, has slowed down somewhat, but security experts warn that replicated viruses could launch a new wave of attacks soon. SoBig.F's creator designed the virus to unleash two broad attacks, either of which could have temporarily crippled the Internet, but security experts were able to protect against the assaults, rendering them ineffective. Before the virus expires on September 10, it will try one more broad attack, according to people who have examined its source code. http://www.secadministrator.com/articles/index.cfm?articleid=39943 Feature: SOAP/XML Firewalls Web services are already a reality for many organizations and are just around the corner for most of the rest of us. Web services rely heavily on Simple Object Access Protocol (SOAP) and XML technologies to tie heterogeneous business systems together. However, SOAP and XML expose a new attack surface in your organization that could potentially let intruders penetrate to the core of your crucial business systems. Packet-level firewalls can't help you secure Web services traffic because they can't detect SOAP and XML traffic. For example, because SOAP typically uses HTTP or SMTP, it easily passes through traditional firewalls--a phenomenon known as the port 80 problem. So, just when you thought firewalls had matured and you could move on to other security concerns, a new kind of firewall has appeared: the SOAP/XML firewall. Randy Franklin Smith explores this new segment of the firewall market and its key players. http://www.secadministrator.com/articles/index.cfm?articleid=39755 ==== Hot Release ==== Thawte Get Thawte's New Step-by-Step SSL Guide for MSIIS In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on your MSIIS web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get your copy of this new guide now: http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKt0AN ==== 5. Instant Poll ==== Results of Previous Poll: The RPC/DCOM Worms The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Now that remote procedure call (RPC)/Distributed COM (DCOM) worm variants have appeared, have they affected your network or systems?" Here are the results from the 295 votes. - 29% Yes - 14% No--We patched against it - 47% No--We patched and used other defenses - 10% No--We used other defenses, but not the patch New Instant Poll: Rolling Out Service Packs The next Instant Poll question is, "What is your primary method of rolling out service packs?" Go to the Security Administrator Channel home page and submit your vote for a) Software Update Services (SUS) by itself, b) Systems Management Server (SMS), or SMS with SUS, c) Scripts and/or Group Policy, d) Windows automatic updates, or e) Third-party tools. http://www.secadministrator.com ==== 6. Security Toolkit ==== Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda FAQ: How Do I Determine Which Programs Access Files? contributed by Randy Franklin Smith, rsmithat_private Your security setup provides enough information to determine which program accesses a file, but the client/server nature of file sharing reduces the value of the information. When someone accesses a file on your server, Windows 2000 logs event ID 560 (success audit: object open) to the Security log. Event ID 560 informs you that EXAMPLE\tom opened C:\junk\junk.txt for Read access at 4:22:20 p.m. on June 10. Event ID 560 also identifies the executable that Tom used to open the file and the logon session in which the access occurred. You just need to do a little translation. For complete details about interpreting Security log information, including screen shots that help you understand, read the rest of this FAQ on our Web site. http://www.secadministrator.com/articles/index.cfm?articleid=26107 ==== 7. Event ==== New--Mobile & Wireless Road Show! Learn more about the wireless and mobility solutions that are available today! Register now for this free event! http://www.winnetmag.com/roadshows/wireless ==== 8. New and Improved ==== by Sue Cooper, productsat_private Lock Down Your Systems CE-Infosys released CompuSec 4.15, system security freeware. CompuSec protects your desktops and notebooks from unauthorized access with two-part authentication; encrypts your hard drive and the files and folders on your local, network, and floppy drives; and provides secure storage for your access keys. New features include single sign-on (SSO), advanced handling of removable media and drives, and the ability to boot from alternate drives. CompuSec 4.15 supports Windows XP/2000 and will support Windows Me/98 in the near future. Contact CE-Infosys on the company Web site. http://www.ce-infosys.com Control Internet Access Codework announced Browse Control 1.4, Internet access control software that helps you restrict inappropriate surfing and enforce usage policies. The application can restrict access to sites that you specify, completely block Internet access, or restrict access to specific times of the day. Application blocking is a new feature that lets you create a blacklist of applications that users aren't permitted to launch. Browse Control 1.4 traps applications by using the internal Windows name for each package, so users can't circumvent this feature by renaming .exe files. You can locate local Codework offices at http://www.codework.com/contact.html. http://www.codework.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshotat_private ==== 9. Hot Threads ==== Windows & .NET Magazine Online Forums http://www.winnetmag.com/forums Featured Thread: Security Patch Installation for MSBlaster Worm (Three messages in this thread) A user writes that he runs three Novell NetWare servers (NetWare 5.1 with Service Pack 6--SP6) with about 900 Windows NT 4.0 SP6 and Windows 2000 SP2 clients. The MSBlaster worm has hit his network, and he has since downloaded Microsoft security patches. However, because of the size of his network, he wants to know an easy way to deploy the patches--without having to physically visit each machine. Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=62508 HowTo Mailing List http://63.88.172.96/listserv/page_listserv.asp?s=howto Featured Thread: Network Security? (Seven messages in this thread) A user writes that he's looking for a product that will control who can access his network--and will alert him if someone plugs a laptop or other device into the network. He wonders whether anyone can recommend such a product. Lend a hand or read the responses: http://63.88.172.127/ListServ/page_listserv.asp?A2=IND0308D&L=HOWTO&F=&S=&P=860 ==== Sponsored Links ==== Aelita Software Free message-level Exchange recovery web seminar October 9th http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKG0Ac CrossTec Free Download - NEW NetOp 7.6 - faster, more secure, remote support http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBnb0Ad MailFrontier Eliminate spam once and for all. MailFrontier Anti-Spam Gateway. http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCEC0AS =================== ==== 10. Contact Us ==== About the newsletter -- lettersat_private About technical questions -- http://www.winnetmag.com/forums About product news -- productsat_private About your subscription -- securityupdateat_private About sponsoring Security UPDATE -- emedia_oppsat_private ==================== This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today. http://www.secadministrator.com/sub.cfm?code=saei25xxup Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 04 2003 - 01:25:58 PDT