[ISN] Windows & .NET Magazine Security UPDATE--October 1, 2003

From: InfoSec News (isn@private)
Date: Thu Oct 02 2003 - 02:41:34 PDT

  • Next message: InfoSec News: "[ISN] Hackers threaten power network"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Sybari Software
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCoh0AG
    
    NetIQ
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCud0AI
    
    ====================
    
    1. In Focus: Passive Vulnerability Scanning
    
    2. Security Risks
         - Denial of Service in SpeakFreely for Windows
         - Denial of Service in wzdftpd FTP Server for Windows
         - Mondosoft's MondoSearch File-Creation Vulnerability
    
    3. Announcements
         - Attend Windows & .NET Magazine Connections, Win a Free Vacation
         - Check Out Our 2 New Web Seminars!
    
    4. Security Roundup
         - News: Report: Microsoft Monoculture Is a National Security Risk
         - News: Sophos Acquires ActiveState
         - News: California Cracks Down Hard on Spammers
    
    5. Instant Poll
         - Results of Previous Poll: DRM Use
         - New Instant Poll: Firewall and IDS Use
    
    6. Security Toolkit
         - Virus Center
         - FAQ: How Can I Use Microsoft Internet Explorer (IE) to Pass a
           Username and Password to an FTP Site?
         - Featured Thread: Auditing Software for Windows 2000?
    
    7. Event
         - The Mobile & Wireless Road Show Is Coming to Tampa and Atlanta!
    
    8. New and Improved
         - Authenticate Using Steel-Belted Appliance
         - Secure Your Web Portal
         - Tell Us About a Hot Product and Get a T-Shirt
    
    9. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Sybari Software ====
       Sybari Delivers Enterprise Anti-Spam!
       We've led the market on innovative virus protection for Microsoft
    messaging and collaboration platforms! And now we've applied the same
    proven, comprehensive expert technology in Antigen to protecting your
    enterprise from anti-spam. Register today at
    http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCoh0AG
    to find out how Sybari can guarantee the 100% percent uptime of your
    messaging servers and keep your inbox Spam free! Register by October
    15th and you could win a $250.00 American Express Gift Card!
    
    ====================
    
    ==== 1. In Focus: Passive Vulnerability Scanning ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Last week, I wrote about Intrusion Detection Systems (IDSs) and about
    a couple of reports that evaluate some (but not all) of the more
    popular IDSs. IDSs are valuable tools for your network, as are
    firewalls, vulnerability scanners, packet sniffers and analyzers, port
    scanners, network mapping tools, and so on.
    
    I recently learned about a new tool called a Passive Vulnerability
    Scanner (PVS). A PVS is a hybrid tool that combines the sniffing
    capabilities of a packet sniffer and analyzer with the capabilities of
    an active vulnerability scanner and an IDS.
    
    As you know, a packet analyzer and sniffer promiscuously captures
    packets from the network so that you can analyze them; an active
    vulnerability scanner probes systems and devices to detect known
    vulnerabilities; and an IDS detects possible intrusion attempts as
    traffic moves over your network. A PVS can do all of those things,
    with a slight twist in the way it works. But a PVS isn't a replacement
    for those types of tools--instead, it's complementary.
    
    You place a PVS on the network in a position in which it can monitor
    the traffic coming from various network segments, just like a network
    sniffer. The PVS then sniffs the traffic in real time and analyzes it
    by comparing it with a set of rules, like a vulnerability scanner
    does. Broken rules trip triggers that alert the PVS administrator to
    possible security problems on the network.
    
    For example, you might have an environment in which none of the
    network systems should be running FTP servers and only certain systems
    should be running Web servers. If anyone from inside or outside your
    network initiates inbound FTP access to one of your systems, the PVS
    will alert you. Likewise, if the PVS detects Web traffic to a system
    that shouldn't be running Web services, the PVS will alert you. These
    sorts of detections are typical of IDSs, but the PVS can take the
    analysis further.
    
    When detecting Web traffic in this example, the PVS can analyze the
    packets to try to determine what type of Web server software is in
    use. If it's an outdated version of Microsoft IIS or Apache, the PVS
    will alert the administrator that the system is running a vulnerable
    software package. The administrator becomes aware of the problem
    immediately without having to run a periodic vulnerability scan on
    individual systems to detect problems.
    
    In one more example, someone could place a server in your
    demilitarized zone (DMZ) without your approval or knowledge. With a
    PVS in place, you might become aware of that action sooner than you
    would have otherwise because the PVS monitors traffic and doesn't
    depend on network device audits or on vulnerability scans or agent
    software running on individual systems. PVSs are independently
    deployed, centrally manageable, and scan for problems by looking at
    network traffic.
    
    I only know of one PVS system available at the moment: Tenable Network
    Security's NeVO, which runs on the Red Hat Linux and FreeBSD UNIX
    platforms. Although NeVO doesn't run on Windows platforms, it's
    compatible with Windows networks. It can detect anomalies on Windows
    and UNIX networks, and because its logs are generated in a
    Nessus-style format, you can use any Nessus client, such as the
    Windows-based Nessus client, to access them. (Nessus is an active
    vulnerability scanner; for more information, go to
    http://www.nessus.org .)
    
    You can learn more about NeVO at the first URL below. You'll also find
    a more detailed explanation of the PVS and NeVO, "Passive
    Vulnerability Scanning, Introduction to NeVO," in PDF format at the
    second URL below.
       http://www.tenablesecurity.com/nevo.html
       http://www.tenablesecurity.com/docs/passive_scanning_tenable.pdf
    
    Tenable offers a 30-day demo of the product. If you try a copy on your
    network, send me an email message to let me know what you think of the
    PVS concept and how well it works for you in your environment.
    
    ====================
    
    ==== Sponsor: NetIQ ====
       Security White Paper
       Tired of constantly firefighting? You need a more proactive and
    effective means of managing your vulnerable security systems for
    policy and compliance. Get the answers you need now! Download a free
    white paper from NetIQ on "Proactive Security Policy Enforcement: A
    Practical Approach for the Enterprise." You'll discover why policy
    enforcement is so important, how to manage the process and how to
    implement a practical approach to enterprise security policy
    compliance.
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCud0AI
    
    ====================
    
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, ken@private
    
    Denial of Service in SpeakFreely for Windows
       Luigi Auriemma discovered that a vulnerability in Speak Freely for
    Windows can result in a Denial of Service (DoS) condition. Sending
    multiple spoofed packets (more than 160 packets of 2 bytes or more
    each) results in the termination of the program, with an error message
    such as, "Cannot create transmit socket for host (x.x.x.x), error
    10055. No buffer space is available." SpeakFreely's developer has been
    notified.
       http://secadministrator.com/articles/index.cfm?articleid=40352
     
    Denial of Service in wzdftpd FTP Server for Windows
       Moran Zavdi discovered that a vulnerability in wzdftpd FTP server
    for Windows can result in a Denial of Service (DoS) condition. Sending
    a CRLF sequence at logon causes an unhandled exception at the server.
    The wzdftpd developer has released a patch for this vulnerability.
       http://secadministrator.com/articles/index.cfm?articleid=40351
     
    Mondosoft's MondoSearch File-Creation Vulnerability
       Jens H. Christensen discovered that a vulnerability in Mondosoft's
    MondoSearch can result in the execution of arbitrary code on the
    vulnerable computer. One of the default installation files,
    msmsetup.exe, contains a vulnerability that lets malicious users
    create files with user-specified content on the Web server or anywhere
    that the executing user (typically IUSR_xxx) has write access. For
    details about this vulnerability, see the discoverer's Web site.
    Mondosoft has released a patch for this vulnerability.
       http://secadministrator.com/articles/index.cfm?articleid=40350
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BBlT0Aq
    
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BBDp0Ae
    
    ====================
    
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Attend Windows & .NET Magazine Connections, Win a Free Vacation
       How secure is your network? Are Windows Server 2003's improved
    security features worth the migration effort? Want to stop spam? Learn
    the answers to these questions and more at Windows & .NET Magazine
    Connections. Register today and receive access to concurrently running
    Exchange Connections.
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0KXQ0AW
    
    Check Out Our 2 New Web Seminars!
       "Plan, Migrate, Manage: Shifting Seamlessly from NT4 to Windows
    2003" will help you discover tips and tricks to maximize planning,
    administration, and performance. "The Secret Costs of Spam ... What
    You Don't Know Can Hurt You" will show you how to quantify costs and
    find antispam solutions. Register today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw02lB0AC
    
    ==== 4. Security Roundup ====
    
    News: Report: Microsoft Monoculture Is a National Security Risk
       A damning report written by security experts and sponsored by
    Microsoft's competitors concludes that the "monoculture" created by
    the software giant's dominance is a national security risk. The report
    was released at a meeting of the Computer & Communications Industry
    Association (CCIA).
       http://secadministrator.com/articles/index.cfm?articleid=40340
    
    News: Sophos Acquires ActiveState
       Antivirus software maker Sophos announced that it has acquired
    ActiveState, a Canadian-based maker of spam-filtering and development
    tools. Sophos will acquire ActiveState and all of the company's stock
    for $23 million.
       http://secadministrator.com/articles/index.cfm?articleid=40344
    
    News: California Cracks Down Hard on Spammers
       California Governor Gray Davis signed legislation that prohibits
    advertisers from sending unsolicited email and said the law contains
    no loopholes that can be used to thwart it.
       http://secadministrator.com/articles/index.cfm?articleid=40345
    
    ====================
    
    ==== Hot Release: Thawte ====
       Get Thawte's New Step-by-Step SSL Guide for MSIIS
       In this guide you will find out how to test, purchase, install and
    use a Thawte Digital Certificate on your MSIIS web server. Throughout,
    best practices for set-up are highlighted to help you ensure efficient
    ongoing management of your encryption keys and digital certificates.
    Get your copy of this new guide now:
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCue0AJ
    
    ====================
    
    ==== 5. Instant Poll ====
    
    Results of Previous Poll: DRM Use
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question, "Is
    your company using or planning to use Digital Rights Management
    (DRM)?" Here are the results from the 88 votes.
       - 2% We have a DRM application in production
       - 5% We're experimenting with DRM
       - 18% We see some possible applications for DRM but aren't working
    with it yet
       - 75% We aren't interested in DRM
    
    New Instant Poll: Firewall and IDS Use
       The next Instant Poll question is, "Does your company use firewalls
    and Intrusion Detection Systems (IDSs) to protect the infrastructure?"
    Go to the Security Administrator Channel home page and submit your
    vote for
       - Yes, we use both firewalls and IDSs
       - No, we only use firewalls
       - Not sure
       http://www.secadministrator.com
    
    ==== 6. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    FAQ: How Can I Use Microsoft Internet Explorer (IE) to Pass a Username
    and Password to an FTP Site?
       contributed by John Savill, http://www.windows2000faq.com
       If you access an FTP site that doesn't allow anonymous access, you
    must provide a username and password. To access an FTP site
    anonymously from IE, use the syntax
    
       ftp://ftp.>
    
    To pass a username and password, the syntax is
    
       ftp://>:<password>@ftp.<sitename>
    
    For example, to access the Internet Software Consortium (ISC) FTP site
    with a username and password, you might type
    
       ftp://john:john@privateat_private
    
    where "john" is the username and "john@private" is the password.
    
    Similarly, to pass just a username, you can use the syntax
    
       ftp://>@ftp.<sitename>
    
    Featured Thread: Auditing Software for Windows 2000?
       (3 messages in this thread)
       Brycea writes that he has a small network of 25 users with five
    servers and Windows 2000 Server running Active Directory (AD) in
    native mode. He has one server available to the outside world that
    runs Microsoft IIS for FTP and the Web. The FTP server has been on the
    internal network with openings on the firewall for ports 21 and 80,
    but Brycea recently upgraded to a firewall that has an optional
    demilitarized zone (DMZ) port and he'd like to move the FTP server
    onto a DMZ. He'd like to know the best practices for using a DMZ for
    an AD network on its own subnet. Lend a hand or read the responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=63521
    
    ==== 7. Event ====
    
    The Mobile & Wireless Road Show Is Coming to Tampa and Atlanta!
       Learn more about the wireless and mobility solutions that are
    available today, plus discover how going wireless can offer low risk,
    proven performance, and compatibility with existing and emerging
    industry standards. Register now for this free, 12-city event!
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BA8Y0A3
    
    ==== 8. New and Improved ====
       by Sue Cooper, products@private
    
    Authenticate Using Steel-Belted Appliance
       Network Engines introduced Steel-Belted Radius Enterprise Edition
    Appliance 2.0 to deploy remote and wireless LAN (WLAN) access control
    and security on a network. The appliance combines Network Engines'
    rack-mountable hardware with Funk Software's Steel-Belted Radius
    Enterprise Edition 4.5 and an embedded, hardened version of Windows
    2000 Professional. The appliance now supports two-factor
    authentication products, which ensures that only authorized users have
    access to your network. Steel-Belted Radius Enterprise Edition
    Appliance 2.0 is available from TidalWire, a Network Engines company.
    For more information, contact TidalWire at 877-638-8277 or
    sales@private
       http://www.networkengines.com
    
    Secure Your Web Portal
       Entrust announced Entrust TruePass 7.0, a Web security solution
    that delivers bidirectional, end-to-end security for your
    organization's online information. Users can submit sensitive
    information as encrypted and digitally signed XML or HTML data, or as
    secure file attachments. The Web server can return secured real-time
    updates, approvals, and instructions to the users, eliminating the
    need for paper-based processes. The application provides centralized,
    role-based password policies, digital ID management in cross-certified
    environments, certificate revocation list (CRL) checking on
    third-party certificates, and diagnostic tools. Contact Entrust at
    888-690-2424 or entrust@private
       http://www.entrust.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    CrossTec
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BBnb0A7
    
    Microsoft
       Attend a Microsoft(R) Office System Launch Event - Get a FREE Eval
     Kit
       http://list.winnetmag.com/cgi-bin3/DM/y/eczY0CJgSH0CBw0BCqD0Ag
    
    ===================
    
    ==== 9. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    Thank you for reading Security UPDATE!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 05:44:21 PDT