[ISN] Windows & .NET Magazine Security UPDATE--December 3, 2003

From: InfoSec News (isn@private)
Date: Thu Dec 04 2003 - 03:12:29 PST

  • Next message: InfoSec News: "[ISN] File and email encryption with GnuPG (PGP) part one"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Shavlik: Free Security Patch Management Software
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDoF0Av
    
    Automate Patch Management with Ecora
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BD3L0A2
    
    ====================
    
    1. In Focus: How Microsoft Manages Its Security
    
    2. Announcements
         - Attend Black Hat Briefings 2004
         - Order Windows & .NET Magazine and the Article Archive CD at One
           Low Rate!
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: Congress Passes Antispam Bill
         - Feature: Enterprise Patch Management for Windows
    
    4. Security Toolkit
         - Virus Center
             - Virus Alerts: Sysbug.A, Randex.BF
         - FAQ: How can I back up the Microsoft IIS Metabase in Windows
           2000 and later?
         - Featured Thread: Security+ Certification
    
    5. Event
         - Receive a Free Identity Management White Paper!
    
    6. New and Improved
         - Keep Passwords Secure
         - Scan and Audit Your Network Security
         - Tell Us About a Hot Product and Get a T-Shirt
    
    7. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Shavlik: Free Security Patch Management Software ====
       Install the latest critical Microsoft security patches MS03-048
    through MS03-051 today with HFNetChkPro. A free, fully functional, no
    time-out version of HFNetChkPro is available to help you automate the
    delivery and testing of these critical patches. HFNetChkPro offers
    unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush
    capabilities. Save time on patch deployment, ensure systems are fully
    protected and safeguard your systems from remote code execution,
    identity spoofing, arbitrary code execution and other attacks. It's
    free, and it simplifies patch management without agents. Learn more
    and download the free version of HFNetChkPro at
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDoF0Av
    
    ====================
    
    ==== 1. In Focus: How Microsoft Manages Its Security ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    I'm sure most of you regularly look for ways to improve the security
    of your networks. Sometimes learning how other organizations manage
    their security lends insight into ways you could tweak your own
    methods. Last week, Microsoft released the document "Security at
    Microsoft," which explains how the company manages its IT security.
    
    The entire document is interesting; however, you might find some
    sections more interesting than others. For example, Microsoft explains
    that to secure its perimeter, it uses smart cards for remote access,
    customized profiles, and scripts to check the configuration of remote
    computers for security policy compliance.
    
    The company has more than 4000 wireless Access Points (APs) around the
    world that let approximately 31,000 employees connect to the network.
    Each wireless client must be authenticated using 802.1x protocols,
    Extensible Authentication Protocol (EAP), Transport Layer Security
    (TLS), and certificates. All wireless connections are encrypted, and
    wireless clients are periodically reauthenticated during connectivity
    sessions. Rogue APs are prohibited, and the security group scans for
    such devices.
    
    As a software manufacturer, Microsoft maintains several specialized
    networks, including development networks, test networks, and of course
    support networks. These networks have different requirements for
    security policies and controls, so the company doesn't have a simple
    blanket policy for all its networks. Security is more stringent in
    some network areas than in others.
    
    Some other interesting tidbits you'll learn when you read the document
    are that each month, Microsoft experiences some 100,000 intrusion
    attempts and quarantines more than 125,000 email messages that contain
    viruses and the like. I'm not sure how much junk mail the company
    filters out each month, but I'd guess the figure is well into the
    millions of messages.
    
    You can find "Security at Microsoft" at the URL below. Be sure to
    check it out. You might find some ideas that you can use to better
    protect your own networks.
       http://www.microsoft.com/technet/itsolutions/msit/security/mssecbp.asp
    
    ====================
    
    ==== Sponsor: Automate Patch Management with Ecora ====
       How confident are you that all critical security patches are
    deployed and up-to-date on every single system in your infrastructure?
    Need some help figuring it all out before the next big worm attack?
    Try a free copy of Ecora Patch Manager. Designed for IT professionals
    short on time, Patch Manager completely automates and simplifies the
    entire patch management cycle in just minutes. See for yourself how
    automation can save time, reduce costs, and keep your IT
    infrastructure stable and secure. Download a free, fully-functional
    trial of Ecora Patch Manager now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BD3L0A2
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Attend Black Hat Briefings 2004
       Black Hat Windows Security 2004 Briefings & Training is January
    27-30, 2004, in Seattle. This is the world's premier Windows IT
    security event. Discover solutions to all of the current worm, virus,
    and attack threats. Come for six tracks and eight 2-day training
    sessions. Register today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0pHV0AC
    
    Order Windows & .NET Magazine and the Article Archive CD at One Low
    Rate!
       What's better than Windows & .NET Magazine? Try Windows & .NET
    Magazine and the Windows & .NET Magazine Article Archive CD at one
    super low rate. Read Windows & .NET Magazine in the office. Take the
    Article Archive CD with you on the road. Subscribe now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDQB0AN
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BBlT0A5
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BBDp0As
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Congress Passes Antispam Bill
       The US House of Representatives has passed the first bill designed
    to protect US consumers from spam, paving the way for President George
    W. Bush to sign the bill into law by the end of the year. The bill,
    which passed by a 392 to 5 vote, is similar to the CAN-SPAM
    legislation that the US Senate approved last month by a vote of 97 to
    0. If accepted as law, the bills will prohibit senders of unsolicited
    email from disguising their identities and harvesting email addresses
    from the Web and require them to let recipients opt out of future mass
    mailings.
       http://www.winnetmag.com/article/articleid/40955/40955.html
    
    Feature: Enterprise Patch Management for Windows
       Given the ever-increasing threats from hackers, viruses, and
    Internet-based worms, patch management has become a crucial component
    of enterprise security. Mark Burnett and his associates tested seven
    patch-management products to determine their suitability for managing
    a Windows-based enterprise network. The products tested aren't the
    only patch-management programs available, but they provide a good
    overview of the field. Read our lab report to see how well each
    product performed.
       http://www.winnetmag.com/article/articleid/40710/40710.html
    
    ==== 4. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Sysbug.A
       Sysbug.A is a Trojan horse that's sent in an email message with the
    subject "Re[2]:Mary" and an attachment called PRIVATE.ZIP. The
    attachment contains a file called WENDYNAKED.JPG.EXE. Sysbug.A steals
    passwords from the recipient's system and logs this information in a
    file that can then be sent to the perpetrator. Sysbug.A also installs
    a backdoor that opens the TCP port 5555 and waits for control
    commands.
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=42200
    
    Virus Alert: Randex.BF
       Randex.BF is a Trojan horse that attempts to connect to systems at
    randomly generated IP addresses by using passwords that are typical or
    easy to guess. If it connects to a remote system successfully, it
    copies itself to that system. Once running, Randex.BF joins the
    Internet Relay Chat (IRC) channel #goep on the IRC server
    opqleure.qopmafia.net and waits for control commands.
    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=42158
    
    FAQ: How can I back up the Microsoft IIS Metabase in Windows 2000 and
    later?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. Microsoft IIS configuration information resides in a metabase that
    consists of an XML document. If you're hosting several Web sites that
    have separate configurations, backing up the metabase is vital. To
    back up the IIS metabase, perform the following steps:
    
       1. Start the Microsoft Management Console (MMC) Internet
    Information Services (IIS) Manager snap-in (go to Start, Programs,
    Administrative Tools, then click Internet Information Services
     Manager).
       2. Right-click the name of the machine that hosts the IIS services,
    then select Backup/Restore Configuration from the All Tasks menu.
       3. Click Create Backup.
       4. Enter a name for the backup.
       5. Optionally select the "Encrypt backup using password" check box
    and enter a password to protect the backup.
       6. Click OK.
       7. Click Close on the main Backup/Restore Configuration window.
    
    The OS will create a metabase backup in the
    \%windir%\system32\inetsrv\metaback folder. You should ensure that you
    back up this folder as part of your routine system backups. The folder
    contains two files: .mdx and .scx. The .mdx file contains the actual
    metabase information, and the .scx file contains the schema. In both
    cases, "x" is the version of the backup.
    
    Featured Thread: Security+ Certification
       (One message in this thread)
       A forum reader is considering taking the Security+ Certification
    exam from CompTIA. He wonders whether anyone has any opinions on this
    certification. Also, he's having trouble understanding the difference
    between the Discretionary Access Control (DAC), Mandatory Access
    Control (MAC), and Role Based Access Control (RBAC) policies. He
    wonders whether anyone can give him a brief explanation of each and
    maybe an example. Lend a hand or read the responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65474
    
    ==== 5. Event ====
    
    Receive a Free Identity Management White Paper!
       Are your existing identity-management and access-control solutions
    fragmented, duplicated, and inefficient? Attend this free Web seminar
    and discover how to automate and simplify identity creation,
    administration, and access control. Leverage your investment in
    Microsoft technologies and benefit from greater security, improved
    productivity, and better manageability. Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDya0AY
    
    ==== 6. New and Improved ====
       by Jason Bovberg, products@private
    
    Keep Passwords Secure
       CEZEO software released SecureWord 1.3, password-management
    software that uses the Advanced Encryption Standard (AES) to keep your
    passwords secure. You can use SecureWord to store passwords and other
    important information, import and export the data, and back up or
    synchronize the data. Multiple users can use SecureWord without
    risking security compromise. A built-in password generator lets you
    instantly create new passwords. The software's easy-to-use UI and
    search system simplify browsing and searching for secure information.
    A single-user copy of SecureWord costs $19.95 (an unlimited Site
    License costs $499), and you can obtain a free 30-day trial version
    from the company's Web site. For more information about SecureWord,
    contact CEZEO software on the Web.
       http://www.cezeo.com
    
    Scan and Audit Your Network Security
       Infiltration Systems released Infiltrator, a security scanner and
    auditing tool for your Windows XP/2000/NT 4.0 network. Infiltrator
    quickly audits computers for vulnerabilities, security holes and
    exploits, and information enumerations. Infiltrator can reveal
    information such as installed software, shares, users, drives,
    hotfixes, NetBIOS and SNMP information, and open ports. The software
    audits each computer's registry, services, and password and security
    policies and alerts you if security is insufficient. Pricing for
    Infiltrator starts at $195.95 for as many as 25 IP addresses. For more
    information about Infiltrator, contact Infiltration Systems on the
    Web.
       http://www.infiltration-systems.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Sybari Software
       Free! "Admins Shortcut Guide to Email Protection" from Sybari
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDkY0AC
    
    Microsoft(R) Security Readiness Kit
       Get your free kit for creating an enhanced risk-management plan.
       http://list.winnetmag.com/cgi-bin3/DM/y/edoq0CJgSH0CBw0BDkc0AM
    
    ===================
    
    ==== 7. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
       https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup
    
    
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 04 2003 - 05:55:12 PST