[ISN] Security UPDATE--Honeywall CD-ROM--May 19, 2004

From: InfoSec News (isn@private)
Date: Fri May 21 2004 - 07:54:14 PDT

  • Next message: InfoSec News: "[ISN] ITL Bulletin for May 2004"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Postini Preemptive Email Protection
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BHea0A2
    
    Sybari Software
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BIQk0As
    
    ====================
    
    1. In Focus: Honeywall CD-ROM: A Honeynet on a Bootable Disk
    
    2. Security News and Features
       - Recent Security Vulnerabilities
       - News: Serious Vulnerability in 802.11b and 802.11g Networks
       - News: You've Been Hacked, Now Rebuild Your System
    
    3. Instant Poll
    
    4. Security Toolkit
       - FAQ
       - Featured Thread
    
    5. New and Improved
       - Extranet, Intranet, and Remote Access Policy Enforcement
    
    ====================
    
    ==== Sponsor: Postini Preemptive Email Protection ====
    
       Free Whitepaper: Top 10 Reports for Email Admins
       This paper will show you the top ten reports every email
    administrator really shouldn't live without including, dashboard views
    of inbound email activity, SMTP connection, and delivery monitoring,
    as well as outbound email and content. Assuring comprehensive email
    security and management for your enterprise requires real-time
    monitoring and detailed, flexible reporting. Postini provides an
    award-winning web console "dashboard" that helps email administrators
    manage their email protection more effectively and efficiently with a
    host of monitoring and trending reports. Reports show inbound spam by
    domain and recipient, as well as viruses by name and overall traffic
    by domain and recipient.
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BHea0A2
    
    ====================
    
    ==== 1. In Focus: Honeywall CD-ROM: A Honeynet on a Bootable Disk ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    In the April 28 edition of this newsletter, I mentioned the new
    version of Network Security Toolkit (NST), which is the creation of
    Paul Blankenbaker and Ron Henderson. NST is loaded with security tools
    and is available as a bootable CD-ROM. The toolkit is based on Red Hat
    Linux 9.0, and you can download it as an International Organization
    for Standardization (ISO) image and make the CD-ROM yourself.
       http://www.networksecuritytoolkit.org/nst/index.html
    
    This week, I learned about another free security-related tool that you
    might want to try. The Honeynet Project has released a new beta
    version of Honeywall CD-ROM, which as you might suspect, lets you
    create a bootable disk that offers the tools necessary to run a
    honeypot network.
    
    Honeywall CD-ROM is based on a trimmed-down version of Linux and is
    configurable both before and after bootup. You can add items you might
    need or make configuration changes that suit your environment. For
    example, you could add Secure Shell (SSH) keys, set your IP address
    preferences, and so on, then burn a CD-ROM so that when you boot to
    the CD-ROM your system is already configured and ready for use.
    
    To use Honeywall CD-ROM, you need a system with 256MB of RAM or more,
    an IDE hard drive, at least two network cards, and of course a CD-ROM
    drive to boot from. A Pentium III processor (or equivalent) is also
    recommended. The Honeywall CD-ROM ISO image is a little over 50MB, and
    you can download a copy by visiting the Honeynet Project's Honeywall
    CD-ROM Web site.
       http://www.honeynet.org/tools/cdrom/
    
    If you're wondering what honeypots and honeynets are all about, we've
    published numerous articles about them--most recently, "Honeypots for
    Windows" by Roger Grimes in March. Grimes explains some basics about
    honeypots and offers an inside peek into four commercial products that
    let you build honeypots on Windows platforms.
       http://www.winnetmag.com/article/articleid/41976/41976.html
    
    We have many other articles related to honeypots available online,
    including news and commentary. You can locate them quickly by using
    our search engine. I've included a couple of shortcuts below that list
    the most recent articles first.
       http://search.winnetmag.com/query.html?qt=honeypot&st=1&rf=1
       http://search.winnetmag.com/query.html?qt=honeynet&st=1&rf=1
    
    ====================
    
    ==== Sponsor: Sybari Software ====
    
       Get on the Road to Secure Computing with Sybari and you could find
    yourself in the driver's seat of a new 2004 MINI Cooper!
       Get your key to enter our giveaway by looking inside your TechEd
    attendee bag or visit Sybari booth #417 and register to win! Not
    attending TechEd, enter to win a MINI Cooper remote control car. Click
    here to enter:
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BIQk0As
    
    ====================
    
    ==== 2. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Serious Vulnerability in 802.11b and 802.11g Networks
       The Australian Computer Emergency Response Team (AusCERT) released
    an advisory about a newly discovered Denial of Service (DoS)
    vulnerability in 802.11 wireless networks. As you know, Access Points
    (APs) broadcast on a given channel and frequency. An attacker can
    exploit the Clear Channel Assessment (CCA) procedure used by 802.11
    equipment, making the channel appear to be busy. Under such
    conditions, all APs and client stations defer their transmissions
    while they wait for the channel to become idle. However, an idle
    condition won't ensue until the DoS attack ceases.
       http://www.winnetmag.com/article/articleid/42673/42673.html
    
    News: You've Been Hacked, Now Rebuild Your System
       Microsoft Security Program Manager Jesper Johannson has published
    another article, "Help: I Got Hacked. Now What Do I Do?" The article
    raises that question, outlines more than half a dozen things that you
    can't do to correct the problem, and concludes that you must rebuild
    your system.
       http://www.winnetmag.com/article/articleid/42678/42678.html
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Windows Connections October 24-27, Orlando, Florida.
       Save these dates for the Fall 2004 Windows Connections conference,
    which will run concurrently with Microsoft Exchange Connections.
    Register early and receive admission to both conferences for one low
    price. Learn firsthand from Microsoft product architects and the best
    third-party experts. Go online or call 800-505-1201 for more
    information.
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0KXQ0AV
    
    New Web Seminar: Preemptive Email Security Works for Chick-fil-A--It
    Can Work for You
       Become the company hero! Save your company time and money by
    preventing unwanted and lost email. In this free Web seminar, hear
    from an email expert--and learn from a real-world Chick-fil-A case
    study--about how you can reduce spam and viruses and improve email
    security and employee productivity. Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BILr0Au
    
    Windows & .NET Magazine Announces Best of Show Finalists
       Windows & .NET Magazine and SQL Server Magazine announced the
    finalists for the Best of TechEd 2004 Awards. The field included more
    than 260 entries in 10 categories. Winners will be announced at a
    private awards ceremony on Wednesday, May 26. The winners will also be
    announced at TechEd on Thursday, May 27 at 12:30 p.m. at the Windows &
    .NET Magazine booth #625. Click here to find out this year's
    finalists:
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BIPH0AI
    
    ====================
    
    ==== Hot Release Access the expert's white paper library ====
    
       Get expert advice on Active Directory and Exchange from Quest, now
    including the people and products of Aelita Software. Quest's library
    of white papers details topics that simplify, automate, and secure
    your Microsoft infrastructure. The authoritative leader on Active
    Directory and Exchange, Quest Software is your single source for
    Windows management solutions and expert industry information. Access
    the white paper library today.
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BIBB0Aw
    
    ====================
    
    ==== 3. Instant Poll ====
    
    Results of Previous Poll
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "Has
    your company become infected by the Sasser or Gaobot worm?" Here are
    the results from the 138 votes.
       - 31% Yes
       - 57% No
       - 12% I'm not sure
    
    New Instant Poll
       The next Instant Poll question is, "Which wireless intrusion
    prevention system do you use?" Go to the Security Web page and submit
    your vote for
       - AirDefense products
       - AirMagnet products
       - Red-M products
       - Aruba Wireless Networks products
       - Other products
       http://www.winnetmag.com/windowssecurity
    
    ==== 4. Security Toolkit ====
    
    FAQ: What's acctinfo.dll?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. Acctinfo.dll is a DLL that extends the functionality of the
    Microsoft Management Console (MMC) Active Directory Users and
    Computers snap-in. Acctinfo.dll is included in the Windows Server 2003
    Resource Kit tools. Installing acctinfo.dll adds the Additional
    Account Info tab to the user object's Properties page. This tab
    contains a variety of information, including
       * the last time the password was set
       * domain password policies
       * password expiration date
       * lockout status
       * last good and bad logons
    
    To install acctinfo.dll, run the command:
    
       regsvr32 acctinfo.dll
    
    If the command doesn't work (i.e., if Regsvr32 can't locate
    acctinfo.dll), specify the full path to acctinfo.dll on the command.
    Acctinfo.dll is typically located in C:\program files\windows resource
    kits\tools.
    
    Featured Thread: Risk Assessment--Lack of Physical Protection Over
    Client Machines
       (Two messages in this thread)
       Paul writes that his server rooms have a high level of physical
    protection; however, client machines could easily be accessed by a
    member of the public. He can't do anything about the exposure because
    of the nature of his organization. He's trying to assess the risks to
    files stored locally and to overall network security. He's made some
    relevant observations about how people might gain control over a
    machine if they have physical access and he's come up with some
    solutions to help guard client machines, but he wonders if anyone has
    any other recommendations about how to protect machines against
    physical access. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=120760
    
    ====================
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    The Exchange Server Seminar Series--Coming to Your City Soon!
       Simplify your life and others' lives with Windows Server 2003 and
    Exchange Server 2003. Learn the advantages of migrating to an
    integrated communications environment, consolidating and simplifying
    implementation of technology, and accelerating worker productivity.
    Register now for this free event!
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BG6C0Aj
    
    ====================
    
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    
    Extranet, Intranet, and Remote Access Policy Enforcement
       NetScreen Technologies announced the next-generation release of its
    Secure Access product family, built on the new Neoteris Instant
    Virtual Extranet (IVE) 4.0 platform, which includes sophisticated
    enterprise-class access-management capabilities. NetScreen Secure
    Access appliances running on the IVE 4.0 platform address the advanced
    security needs of customers deploying partner extranets and intranets
    with dynamic access privilege management, rich user self-service,
    granular role-based delegation, and centralized management. Available
    IVE 4.0 functionality and feature sets vary based on purchase and
    deployment options. For more information about IVE 4.0, contact
    NetScreen Technologies at 800-638-8296 or on the Web.
       http://www.netscreen.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ====================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BDWV0AY
    
    Microsoft(R) TechNet
       Microsoft(R) TechNet Webcasts: essential guidance, industry experts
       http://list.winnetmag.com/cgi-bin3/DM/y/efxW0CJgSH0CBw0BG360AT
    
    ====================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    ==== Contact Our Sponsors ====
    
    Primary Sponsor:
       Postini -- http://www.postini.com --1-888-584-3150
    
    Secondary Sponsor:
       Sybari Software -- http://www.sybari.com -- 1-631-630-8500
    
    Hot Release Sponsor:
       Quest Software -- http://www.quest.com -- 1-949-754-8000
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri May 21 2004 - 09:54:35 PDT