[ISN] Windows & .NET Magazine Security UPDATE--Patch and Configuration Change Control--January 7, 2004

From: InfoSec News (isn@private)
Date: Thu Jan 08 2004 - 05:49:18 PST

  • Next message: InfoSec News: "[ISN] Password protection in Microsoft Word criticized"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Microsoft Security Solutions
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae
    
    Exchange & Outlook Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7
    
    ====================
    
    1. In Focus: Patch and Configuration Change Control
    
    2. Announcements
         - Register for Windows & .NET Magazine Connections!
         - The Windows & .NET Magazine Network VIP Web Site/Super CD Has
           It All!
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - Feature: Change and Configuration Management for AD
         - Feature: Change and Configuration Management Tools
         - Feature: Microsoft's New Security Update Procedure; Improved
           Office Update Inventory Tool
    
    4. Security Toolkit
         - Virus Center
             - Virus Alert: Bookmark.B
         - FAQ: What does the infrastructure Flexible Single-Master
           Operation (FSMO) role do?
         - Featured Thread: Blocking Specific IP Addresses in ISA Server
    
    5. Event
         - New--Microsoft Security Strategies Roadshow!
    
    6. New and Improved
         - Stop Known and Unknown Attacks
         - VPN Firewall Routers
         - Tell Us About a Hot Product and Get a T-Shirt
    
    7. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Microsoft Security Solutions ====
       Invest in the best network protection: Readiness.
       Introducing the Microsoft(R) Security Readiness Kit: This is your
    source for creating an enhanced risk-management plan. Visit
    http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae
    to order your free kit
    
    ====================
    
    ==== 1. In Focus: Patch and Configuration Change Control ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Unless you were away from your email last week, you're probably aware
    that we posted a new Instant Poll question on the Windows & .NET
    Magazine Security Web page that asks which of the following issues you
    think will have the greatest effect on security in 2004: viruses and
    worms, junk email, patch management, or managed security services. The
    poll is still open for votes, but at the time of this writing, it
    looks like the majority of you think that patch management will be the
    biggest issue in the security realm this year (with viruses and worms
    running a close second).
     
    Patch management has been in the forefront of security concerns for
    quite some time and probably will remain so for quite a long time in
    the future. Managing security isn't always a process of simply loading
    patches. As you know, Microsoft's and other vendors' security
    bulletins sometimes include not only patches but also configuration
    settings that might help better protect your systems. So patch
    management goes hand in hand with systems change control.
    
    To help you with these processes, three recent feature articles
    related to keeping your systems up-to-date with the latest patches and
    configuration settings are available on the Windows & .NET Magazine
    Web site. Jeremy Moskowitz has written two informative articles that
    cover Change and Configuration Management (CCM) and that have
    associated Buyer's Guides that help you find third-party CCM
    solutions. Paula Sharick has written a great article covering two
    topics: Microsoft's new security update procedure and the improved
    Office Update Inventory Tool You'll find links to these articles in
    the "Security News and Features" section below.
    
    You're aware by now that Microsoft's new policy regarding security
    bulletins is to release them only once a month, usually on the second
    Tuesday of the month. You might be wondering whether Microsoft will be
    releasing any new security bulletins this month. The answer is
    definitely yes.
    
    On January 13, the company is slated to release its first security
    bulletins of 2004. Although Microsoft hasn't said precisely what the
    bulletins pertain to, the company has already scheduled a Webcast to
    discuss them. On January 14 at 10:00 A.M. Pacific time, the company
    will give a 1-hour presentation about the technical details involved
    in the bulletins and outline steps users can take to protect their
    systems and networks. Mark Miller, Security Incident Response manager
    for Microsoft Product Support Services (PSS), and Jeff Jones, senior
    director of Trustworthy Computing, will make the presentation. If
    you're interested in viewing the Webcast, be sure to visit Microsoft's
    Web site to register for the event.
    http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032241586&culture=en-us
    
    ====================
    
    ==== Sponsor: Exchange & Outlook Administrator ====
       Try a Sample Issue of Exchange & Outlook Administrator!
       If you haven't seen Exchange & Outlook Administrator, you're
    missing out on key information that will go a long way towards
    preventing serious messaging problems and down time. Request a sample
    issue today, and discover tools you won't find anywhere else to help
    you migrate, optimize, administer, and secure Exchange and Outlook.
    Order now!
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Register for Windows & .NET Magazine Connections!
       Windows & .NET Magazine Connections will be held April 4-7, 2004,
    in Las Vegas, Nevada. Complete details about workshops, breakout
    sessions, and speakers are now online. Save $200 if you hurry and
    register before the early bird discount expires. Register now on the
    Web or by calling 203-268-3204 or 800-505-1201.
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0KXQ0AQ
    
    The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
       With a VIP Web site/Super CD subscription, you'll get online access
    to all of our publications, a print subscription to Windows & .NET
    Magazine, and a subscription to our VIP Web site, a banner-free
    resource loaded with articles you can't find anywhere else. Click here
    to find out how you can get it all at 25% off!
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEMw0Ar
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Are your traditional antivirus solutions really protecting your
    network? Panda Antivirus GateDefender is a dedicated hardware device
    installed at the Internet gateway to block viruses before they
    contaminate your network. It scans 7 different communication
    protocols, achieving optimum protection against external attacks.
    Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
    GateDefender 7200 (500 seats+) provide the highest scalability with
    native load balancing that transparently adapts to traffic volume.
       Visit "Panda's GateDefender Stands Guard!" at
    http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEGa0AP
    for more information.
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    Feature: Change and Configuration Management for AD
       Out of the box, Windows Server 2003 and Windows 2000 Server let you
    perform basic auditing of Active Directory (AD) machines. For example,
    you can determine who logged on to AD and who manipulated a file on a
    server. You can even determine when someone created a new Group Policy
    Object (GPO) or granted AD privileges to a new user. AD's
    out-of-the-box auditing capabilities come up short, however. The
    ability to determine when AD changes occur and--more importantly--who
    made them can help you quickly and easily restore the system should
    you need to. That's where Change and Configuration Management (CCM)
    products come in. Read more about them in Jeremy Moskowitz's article
    and the associated Buyer's Guide on our Web site.
       http://www.winnetmag.com/article/articleid/41099/41099.html
    
    Feature: Change and Configuration Management Tools
       If you administer a large environment, you need to be able to
    control your systems centrally without having to visit each desktop.
    You need a way to report on the current state of affairs and know what
    happens when someone changes a configuration. Change and Configuration
    Management (CCM) software gives you those capabilities and helps you
    get a grip on your sprawling system. If you want to find a third-party
    CCM solution, start your search with our Buyer's Guide.
       http://www.winnetmag.com/article/articleid/41097/41097.html
    
    Feature: Microsoft's New Security Update Procedure; Improved Office
    Update Inventory Tool
       According to the Microsoft Security Bulletin Search site, in 2003,
    Microsoft published 51 security updates across all product lines, or
    an average of 4 per month. Of the 51 updates, 25 were for the Windows
    2000 Server platform and 15 were for Windows Server 2003 during the 6
    months after the product hit the street. During 2003, Microsoft also
    released 6 cumulative updates for the supported versions of Microsoft
    Internet Explorer (IE). In case you missed it, Microsoft released the
    latest security rollup for IE on November 11, 2003.
       Also in November, Microsoft released an improved version of the
    Office Update Inventory Tool that audits the hotfix status of
    Microsoft Office 2003, Office XP, and Office 2000. Office Update
    Inventory Tool 2.0, which incorporates many of the Microsoft Baseline
    Security Analyzer (MBSA) self-updating features, automatically
    downloads new inventory tool components when the existing files are
    out-of-date, downloads the most current catalog of published hotfixes
    for each version of Office, and produces an XML report that contains a
    description of and links to missing hotfixes or hotfixes that have
    been superceded by more recent updates. Read more about Microsoft's
    software update tools and procedures in Paula Sharick's article on our
    Web site.
       http://www.winnetmag.com/article/articleid/41296/41296.html
    
    ==== 4. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Bookmark.B
       Bookmark.B is a Trojan horse program that changes the home page of
    Microsoft Internet Explorer (IE), deletes links in the Favorites
    folder, and adds links to pornographic Web sites. It also overwrites
    the HOSTS file to redirect the default search page to a specific IP
    address. For more information about the Trojan horse, be sure to visit
    Panda Software's Web site.
    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=43110
    
    FAQ: What does the infrastructure Flexible Single-Master Operation
    (FSMO) role do?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. The infrastructure FSMO role is one of the three "per domain"
    Operations Masters. The infrastructure FSMO keeps its domain's
    references to other domains' objects up-to-date by comparing its data
    with information in the Global Catalog (GC). As a result, the
    infrastructure FSMO doesn't usually work if it's a GC because the
    FSMO's information is always the same as the GC's information. If the
    infrastructure FSMO's data becomes out-of-date, the FSMO will request
    updated information from the GC, then replicate the update to all
    domain controllers (DCs) in its domain. Where possible in the same
    site, the infrastructure FSMO needs to have a good connection to the
    GC. The infrastructure FSMO can reside on a GC server only when every
    DC in a domain is a GC (because every DC would have up-to-date
    information) or when only one domain exists in the forest.
    
    The primary purpose of the infrastructure FSMO is to update group
    memberships for users who reside in domains other than the group's
    domain. If you rename a user or move a user who belongs to a different
    domain, the group might exhibit some strange behavior. For example,
    the group might temporarily appear to not contain the user or the user
    icon might appear with gray hair because the group contains the user's
    SID and globally unique identifier (GUID), not just the distinguished
    name (DN). This collection of attributes is known as a "phantom
    record" in the group's domain. When you view the group's members, the
    Microsoft Management Console (MMC) Active Directory Users and
    Computers snap-in verifies the DN with the user's domain. Because the
    DN has changed as the result of a rename or move operation, the
    snap-in doesn't find a match and gives the user's icon gray hair.
    
    After the infrastructure FSMO runs and detects the user rename or move
    (i.e., checks all phantom entries), it updates the group with the
    correct name and location by querying the GC for the new DN of the
    stored GUID. Then, the user will again appear as a regular member of
    the group.
    
    Featured Thread: Blocking Specific IP Addresses in ISA Server
       (Two messages in this thread)
       A user writes that he has a Microsoft Internet Security and
    Acceleration (ISA) Server 2000 system as his default network gateway.
    He wants to know whether he can block specific destination IP
    addresses by using access lists on the ISA Server 2000 system. He
    knows how to block TCP ports, but he's not sure how to block
    destination IP addresses. Lend a hand or read the responses at the
    following URL:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66204
    
    ==== 5. Event ====
    
    New--Microsoft Security Strategies Roadshow!
       We've teamed with Microsoft, Avanade, and Network Associates to
    bring you a full day of training to help you get your organization
    secure and keep it secure. You'll learn how to implement a
    patch-management strategy; lock down servers, workstations, and
    network infrastructure; and implement security policy management.
    Register now for this free, 20-city tour.
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BELe0AY
    
    ==== 6. New and Improved ====
       by Jason Bovberg, products@private
    
    Stop Known and Unknown Attacks
       DeepNines Technologies announced the Sleuth9 Security System,
    software that stops known viruses and worms and mitigates the effects
    of zero-day attacks. Sleuth9 sits invisible, in front of the router,
    to protect corporate networks from known and unknown attacks. For
    pricing information, contact DeepNines Technologies at 214-273-6996 or
    on the Web.
       http://www.deepnines.com
    
    VPN Firewall Routers
       TRENDware announced the expansion of its router family with the
    addition of two VPN firewall products: the TW100-BRV204 and the
    TW100-BRV304. These routers let remote PCs and small LANs share a
    broadband Internet connection with advanced security to protect
    against intruders. TRENDware's new routers offer Stateful Packet
    Inspection (SPI) and let you set firewall rules to block or permit
    specific traffic. The entry-level TW100-BRV204 supports as many as
    five simultaneous VPN tunnels and costs $79.99. The TW100-BRV304
    supports as many as 70 simultaneous VPN tunnels and costs $149.99. For
    more information about these routers, contact TRENDware on the Web.
       http://www.trendnet.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Link ====
    
    Microsoft(R) Security Readiness Kit
       Get your free kit for creating an enhanced risk-management plan.
       http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDkc0A1
    
    ===================
    
    ==== 7. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    To make other changes to your email account such as change your email
    address, update your profile, and subscribe or unsubscribe to any of
    our email newsletters, simply log on to our Email Preference Center.
       http://www.winnetmag.com/email
    
    Copyright 2004, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 08 2004 - 08:07:21 PST