[ISN] Windows & .NET Magazine Security UPDATE--September 24, 2003

From: InfoSec News (isn@private)
Date: Thu Sep 25 2003 - 02:01:46 PDT

  • Next message: InfoSec News: "[ISN] Dallascon Wireless Security Conference 2004"

    ==== This Issue Sponsored By ====
    NETIQ...The Anti-Spam
    1. In Focus: Evaluating Intrusion Detection Systems
    2. Security Risks
         - Buffer-Overflow Vulnerability in WideChapter Internet Browser
           for Windows
         - Directory Traversal Vulnerability in Plug & Play Web Server for
    3. Announcements
         - Get Problem-Solving Scripts That Will Simplify Your Life
         - New Web Seminars on Exchange, Active Directory, and More!
    4. Security Roundup
         - Feature: RPC Security Round 2: Cleaning Up After the Latest RPC
         - Feature: Group Policy Changes in Windows Server 2003
    5. Security Toolkit
         - Virus Center
         - FAQ: How Can I Work Around LDAP Administration Limits?
    6. Event
         - New--Mobile & Wireless Road Show!
    7. New and Improved
         - Secure Access to Your Applications
         - Reveal Your Enterprise's Security State
         - Tell Us About a Hot Product and Get a T-Shirt
    8. Hot Threads
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Exchange 2003 SMTP Server Authentication
          - HowTo Mailing List
             - Featured Thread: Seeking Free Auditing Software
    9. Contact Us
       See this section for a list of ways to contact us.
    ==== Sponsor: Avatier ====
       Guarantee Dormant Account Termination For $995
       When someone leaves your organization, how do you guarantee their
    access is removed from all systems?
       Can you ensure access to your network is compliant with regulations
    stemming from HIPAA, Homeland Security, and the Sarbanes-Oxley Act?
       Account Terminator is a web-based Identity Management application
    that allows your staff to securely disable or delete user accounts
    across all platforms in real time. These platforms include the most
    popular operating systems, directories, applications, and databases.
       For only $995.00 per platform, Account Terminator can be securely
    delegated to your IT or HR staff or even automated. Other core
    features include auditing, alerting, scheduled reporting, parallel
    processing, "Delayed" deletes, account enable, and guaranteed
    transaction queuing when a destination host is unreachable.
       Experience a live demo preview of Account Terminator now:
    ==== 1. In Focus: Evaluating Intrusion Detection Systems ====
       by Mark Joseph Edwards, News Editor, mark@private
    Certainly, you all have at least one firewall in place on your
    network, and most of you probably have several. However, you might not
    use an Intrusion Detection System (IDS) on your network in addition to
    your firewall. I think an IDS is a good idea because it offers more
    information about events on your network than a firewall alone does.
    I recently learned about a couple of great reports on IDSs, and you
    might want to read them to gain some technical insight into a few
    popular IDSs. The reports, published by NSS Group (a network and
    security testing organization), cover IDSs for 10Mbps/100Mbps Ethernet
    and Gigabit Ethernet networks. For each IDS, NSS Group looked at the
    architecture, installation process, configuration routine,
    manageability, event handling, event analysis, and alert reporting.
    To test the IDSs, NSS Group established a test environment comprising
    several products specifically designed for testing and analysis:
    Network Critical Solutions' Critical TAPs to tap into the ports on a
    network switch; Spirent Communications' (formerly Caw Networks')
    WebAvalanche and WebReflector to generate high traffic loads that
    simulate a variety of network traffic and conditions including browser
    use, differing traffic speeds, packet loss, user input delay, and
    aborted transactions; and Spirent's SmartBits to measure network
    performance. The products and how NSS Group used them are described in
    more detail in the reports' appendices.
    The 10Mbps/100Mbps Ethernet IDS report is NSS Group's fourth report on
    these products. The products tested were Cisco Systems' IDS 4235
    Sensor 4.0, Internet Security Systems' (ISS's) Proventia A201, NFR
    Security's NID-310 3.2.1, and Snort 2.0.
    The Gigabit Ethernet IDS report is NSS Group's second report on these
    products and covers ISS's RealSecure Gigabit Network 7.0, NetScreen
    Technologies' NetScreen-IDP 500 2.1; NFR's NID-320 3.2.1; and Symantec
    ManHunt 3.0.
    NSS Group's reports review each product in detail, revealing precisely
    how the IDS faired in the test environment and showing the product's
    strong points and weak points under various attack conditions during
    various load conditions. The reports also provide the testers'
    opinions of the various products.
    The reports are great resources if you're weighing various products
    for use on your network. The benchmarking is revealing. Even if you
    already have an IDS, the reports are a great way to see how your
    product stacks up against others. And the reports contain tidbits of
    general security-related information that you might not be aware of.
    In addition to the IDS reports, NSS Group offers a new report on eight
    public key infrastructure (PKI) solutions as well as December 2002
    reports on six firewalls and five vulnerability-assessment products.
    You can find all the reports at the NSS Group Web site and read them
    online after filling out and submitting a simple form or purchase
    copies of the reports in PDF format or on CD-ROM.
    ==== Sponsor: NETIQ...The Anti-Spam ====
       Remember When Spam Just Bugged You? Now it's sucking you dry. Fight
    back. MailMarshal from NetIQ zaps spam. Dead. The most comprehensive
    spam-busting software on the planet, NetIQ MailMarshal has proprietary
    detection and analysis tools, plus robust reporting and management
    functions. It's more than just anti-spam--it's a total e-mail content
    filtering system. Download a free copy of our white paper,
    "Controlling Spam" at
       And tell those pesky spammers to bug off.
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, ken@private
    Buffer-Overflow Vulnerability in WideChapter Internet Browser for
       Bahaa Naamneh discovered that a vulnerability in Wintel's
    WideChapter for Windows Internet browser can result in the execution
    of arbitrary code on the vulnerable system. By initiating a long HTTP
    request, an attacker can cause a buffer overflow in WideChapter. This
    overflow permits modification of the Execution Instruction Point,
    which lets the attacker execute arbitrary code. Wintel has been
    Directory Traversal Vulnerability in Plug & Play Web Server
       Bahaa Naamneh discovered that a vulnerability in Plug & Play
    Software's Plug & Play Web Server can result in unauthorized read
    access to any file located on the vulnerable server. By using the
    "../" or "..\" string in a URL, an attacker can gain read access to
    any file that resides outside the intended Web-published file system
    directory. Plug & Play Software has been notified.
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    Get Problem-Solving Scripts That Will Simplify Your Life
       OK, so you're not a programmer. But if you read Windows Scripting
    Solutions every month, you don't need to be. Tackle common problems
    and automate everyday, time-consuming tasks with our simple tools,
    tricks, and scripts. Try a no-charge sample issue today!
    New Web Seminars on Exchange, Active Directory, and More!
       Check out the latest lineup of Web seminars from Windows & .NET
    Magazine. Prepare your enterprise for Exchange Server 2003, discover
    the legal ramifications of deterring email abuse, and find out how
    Active Directory can help you create and maintain a rock-solid
    infrastructure. There is no charge for these events, but space is
    limited, so register today!
    ==== 4. Security Roundup ====
    Feature: RPC Security Round 2: Cleaning Up After the Latest RPC
       The MSBlaster (LoveSan) saga prompted a thorough analysis of
    Microsoft's implementation of remote procedure call (RPC) processing.
    During the analysis, several security firms uncovered three
    additional, and potentially nasty, vulnerabilities in how the RPC
    service processes malformed RPC requests. Learn how to clean your
    systems to defend against RPC-based attacks in this article by Paula
    Feature: Group Policy Changes in Windows Server 2003
       Group Policy introduced the ability to control a wealth of computer
    and user-environment settings by Active Directory (AD) group (i.e., by
    site, domain, or organizational unit--OU) rather than by computer or
    user. For example, you can configure Group Policy Objects (GPOs) to
    standardize security policies for an entire OU and restrict users'
    ability to reconfigure their desktop computers. Unfortunately,
    Microsoft's implementation of all that power was imperfect. For
    example, Windows 2000 Server's Group Policy management tools don't
    provide a comprehensive view of GPO deployment and its effects.
    Windows Server 2003 tries to remedy Group Policy's shortcomings
    through several new GPO options and two GPO administration tools.
    Learn more about them in this article by Joe Rudich.
    ==== 5. Security Toolkit ====
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
    FAQ: How Can I Work Around LDAP Administration Limits?
       contributed by Steve Seguis, scriptmaster@private
    You can use the ntdsutil.exe command (which is in the Support tools
    folder on the Windows 2000 Server installation CD-ROM) to set the
    MaxPageSize Lightweight Directory Access Protocol (LDAP) policy to a
    higher number so that userstatusrpt.vbs returns all your users. For
    more details, refer to the Microsoft article "HOW TO: View and Set
    Lightweight Directory Access Protocol Policies by Using Ntdsutil.exe
    in Windows 2000" ( http://support.microsoft.com/?kbid=315071 ).
    If your users are divided among organizational units (OUs) that each
    contain no more users than the maximum number that an LDAP query can
    return, you can simply run the script for each OU. For example, if you
    have a top-level OU called Department and three OUs beneath it called
    IT, Engineering, and Sales, and all your users are divided among these
    OUs, you can run the script three times in succession, once for each
    OU. Each time, you would specify a different baseDN and output file
    appropriate for that particular OU. Here are three sample commands
    that you would run one after the other to generate a complete report:
    userstatusrpt.vbs "OU=IT,OU=Department,OU=DOMAIN,OU=COM" it.csv
    userstatusrpt.vbs "OU=Engineering,OU=Department,OU=DOMAIN,OU=COM"
    userstatusrpt.vbs "OU=Sales,OU=Department,OU=DOMAIN,OU=COM" sales.csv
    ==== 6. Event ====
    New--Mobile & Wireless Road Show!
       Learn more about the wireless and mobility solutions that are
    available today! Register now for this free event!
    ==== 7. New and Improved ====
       by Sue Cooper, products@private
    Secure Access to Your Applications
       Citrix Systems announced Citrix MetaFrame Password Manager, which
    will provide password security and single sign-on (SSO) access to
    heterogeneous environments that include Windows, Web, proprietary, and
    host-based applications. The software lets users log on to any
    password-protected information system, enforces password policies,
    monitors password-related events, manages password changes, and
    generates complex and random passwords for users without complex
    scripting or application-level integration. Availability is scheduled
    for this month. Contact Citrix Systems at 800-424-8749 or
    Reveal Your Enterprise's Security State
       NetVision released NVAssess, a vulnerability-assessment tool for
    Microsoft and Novell environments. The software lets you scan, audit,
    and receive reports regarding the security status of your directories,
    servers, and applications. NVAssess's NetVision Policy Enforcement
    Engine can automatically discover and fix any deviations from your
    defined policies and threshold levels. You can implement NVAssess as a
    standalone tool or as part of NetVision's Integrated Security Policy
    Management system. Pricing starts at $9 per user. Contact NetVision at
    877-828-9180, 801-764-0400, or info@private
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    ==== 8. Hot Threads ====
    Windows & .NET Magazine Online Forums
    Featured Thread: Exchange 2003 SMTP Server Authentication Problem
       (1 message in this thread)
    Reader jandrake writes that he has an environment that includes
    Microsoft Exchange Server 2003, Active Directory (AD), and Microsoft
    IIS with Microsoft Outlook Web Access (OWA). The services are all
    installed on one system that has two IP addresses. The reader wants to
    configure the system so that it has two SMTP servers, one on each of
    the assigned IP addresses. He wants DNS to publish one SMTP server for
    inbound SMTP traffic only. The server would allow only anonymous
    connections and disallow relaying for everybody. He wants to use the
    second SMTP server for email from employees outside the firewall. He
    also wants the traffic to that server encrypted and authentication
    required and the server to allow relaying for authenticated users.
    Jandrake's problem is that he can't get the second virtual server to
    require authentication. When he enables anonymous access on the
    server, all mail routes through and relaying is enabled for everyone.
    However, when he locks down the SMTP server in any way, he sees errors
    regarding a failure to authenticate. These problems occur when he's
    testing the server with a correctly configured Outlook 2002 client.
    Lend a hand or read the responses:
    HowTo Mailing List
    Featured Thread: Seeking Free Auditing Software
       (7 messages in this thread)
    Jeffery Jacob wonders whether anyone knows of a freeware security
    audit tool besides Microsoft Baseline Security Analyzer (MBSA). He
    needs a tool that will check system configurations, event logs,
    network settings, and so on. He prefers that the tool be able to scan
    remote machines and store data in a central repository so that he
    doesn't have to install auditing software locally on each system. Lend
    a hand or read the responses. The message thread starts at
    The thread continues at
    ==== Sponsored Links ====
    Aelita Software
       Free message-level Exchange recovery web seminar October 9th
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
    ==== 9. Contact Us ====
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    Thank you for reading Security UPDATE!
    Copyright 2003, Penton Media, Inc.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 25 2003 - 04:42:34 PDT