[ISN] Security UPDATE -- Auditing Your Systems Can Improve Security -- October 19, 2005

From: InfoSec News (isn@private)
Date: Wed Oct 19 2005 - 23:07:15 PDT


====================
This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Control access, change and availability of IT
   http://list.windowsitpro.com/t?ctl=16E6F:4FB69

Software Packaging Workflow Best Practices
   http://list.windowsitpro.com/t?ctl=16E5B:4FB69

====================

1. In Focus: Auditing Your Systems Can Improve Security 

2. Security News and Features
   - Recent Security Vulnerabilities
   - Overlooked Security Patches Bring Down Spread Firefox Site
   - Check Point Snaps Up Sourcefire
   - Curious Stirrings in the World of Open Source

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - VPN Firewalls Add Malware Protection

====================

==== Sponsor: Quest Software ====

Control access, change and availability of IT
   This paper provides an overview of the techniques for implementing 
internal controls and how these techniques are utilized to mitigate an 
organization's IT applications and infrastructure risk. This paper also 
discusses the importance of IT control standards and frameworks, such 
as COSO and CobiT, and examines specific examples of IT controls. Get 
your paper today.
   http://list.windowsitpro.com/t?ctl=16E6F:4FB69

====================

==== 1. In Focus: Auditing Your Systems Can Improve Security 
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

As you hopefully know by now, Microsoft released nine security 
bulletins this month as part of its regular patch release schedule. One 
of the bulletins includes a vulnerability in Microsoft Distributed 
Transaction Coordinator (MSDTC). The vulnerability is serious, and an 
exploit has already been created. Although the exploit was created by 
Immunity Security strictly for release to its business customers, by 
the time you read this newsletter, someone else will likely have 
already released another exploit onto the Internet--possibly in the 
form of a worm or Trojan horse, either of which could lead to a 
complete compromise of your entire network. 

Protecting your systems in advance is of paramount concern. The obvious 
approach is to load the patch as soon as you can, and if you can't, for 
whatever reason, then take other defensive measures. MSDTC listens on 
TCP port 3372. Minimally, scan your network to determine which systems 
listen on TCP port 3372. You can disable MSDTC on individual systems or 
by using Group Policy. But doing so might break various types of 
functionality. Review Microsoft Security Bulletin MS05-051--
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution 
(902400) for details.
   http://list.windowsitpro.com/t?ctl=16E62:4FB69

The fact that someone created an exploit for the MSDTC vulnerability in 
fewer than 24 hours points out the need to stay on top of vulnerability 
reports and patching. It also points out the need to know precisely 
what software runs on your systems. A fantastic case in point is 
Mozilla Foundation, which I wrote about in a news story on our Web site 
that's also included in this newsletter. 
   http://list.windowsitpro.com/t?ctl=16E67:4FB69

In summary, the Spread Firefox Web site was compromised back in July. 
After that intrusion, Mozilla Foundation rebuilt the entire server. 
But, when doing so, the company failed to properly record what software 
runs on that server. Apparently between July and October, no 
significant audit was performed on the server either. As a result, 
Mozilla Foundation overlooked the fact that TWiki runs on the server, 
although not as a prominent service. (For more information about TWiki, 
go to http://list.windowsitpro.com/t?ctl=16E74:4FB69 )

You can probably guess what happened next: A vulnerability was 
discovered in TWiki, and soon an intruder began attempts to break into 
the Spread Firefox Web site. So Mozilla Foundation once again spent 
considerable time rebuilding a server that was rebuilt only a few 
months prior. The Spread Firefox site was taken offline by October 4, 
and didn't come back online until yesterday. I have no idea what the 
combined incidents cost the company in terms of time and money, but in 
addition to those costs, the incidents cost the organization in terms 
of reputation. 

These sorts of incidents can happen to anybody who doesn't know exactly 
what software runs on their systems and doesn't stay up to date on new 
vulnerabilities. The bottom line is that you're responsible to 
determine what software runs on your systems, and you can't rely on 
your software vendors to consistently provide you the latest 
vulnerability information. The reason for the latter is simple: When 
vulnerabilities are announced to the public (sometimes with only scant 
details), potential intruders can use that information to begin looking 
for a way to breach security. In some cases, all a discoverer needs to 
say is, "I found a problem in XYZ application," and someone else can 
use logic to figure out where the vulnerability might be, find it, and 
develop a way to exploit it. 

The lessons here are clear. In order to maintain optimum network 
security, you must audit your system regularly, keep precise and up-to-
date records, and monitor the Internet for new vulnerability 
developments. Doing so can make even the biggest networks a much 
smaller target. 

====================

==== Sponsor: Macrovision ====

Software Packaging Workflow Best Practices 
   Managing desktop software configurations doesn't have to be a manual 
process, resulting in unplanned costs, deployment delays, and client 
confusion. In this free whitepaper you'll learn how to manage the 
software package preparation process and increase your desktop 
reliability, user satisfaction, and IT cost effectiveness. Download 
your copy now and discover the value of standardizing the software 
packaging process.
   http://list.windowsitpro.com/t?ctl=16E5B:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=16E61:4FB69

Overlooked Security Patches Bring Down Spread Firefox Site
   Mozilla Foundation overlooked critical patches on its Spread Firefox 
site. As a result, the site was temporarily taken offline and site 
visitors were redirected to the Firefox area of the main Mozilla Web 
site.
   http://list.windowsitpro.com/t?ctl=16E67:4FB69

Check Point Snaps Up Sourcefire
   Check Point Technologies announced a deal to acquire Sourcefire, 
makers of the ever-popular open-source Snort Intrusion Detection System 
(IDS). Check Point will add the Sourcefire line of commercial security 
products to its suite of offerings. 
   http://list.windowsitpro.com/t?ctl=16E6A:4FB69

Curious Stirrings in the World of Open Source
   Several events in the open-source world have piqued my curiousity. 
What's going on? To see what I mean, read this news item on our Web 
site. 
   http://list.windowsitpro.com/t?ctl=16E69:4FB69

====================

==== Resources and Events ====

Recovery vs. Continuity--Do You Know the Difference?
   Attend this free Web seminar and learn the difference between the 
ability to quickly recover lost or damaged data and the ability to keep 
your messaging operations running normally before, during, and after an 
outage. You'll discover what the real technical differences between 
recovery and continuity are, when each is important, and what you can 
do to make sure that you're hitting the right balance between them.
   http://list.windowsitpro.com/t?ctl=16E5D:4FB69

Discover SQL Server 2005 for the enterprise. Are you prepared--In New 
York!
   In this free half-day event, you'll learn how the top new features 
of SQL Server 2005 will help you create and manage large-scale, 
mission-critical enterprise database applications, making your job 
easier. Find out how to leverage SQL Server 2005's new capabilities to 
best support your business initiatives. Register today for the new show 
added in New York!
   http://list.windowsitpro.com/t?ctl=16E5F:4FB69

Do You Know What "High Availability" Really Means?
   In this free Essential Guide learn what high availability really 
means and the different strategies that you can use to improve your 
email systems' availability and resiliency.
   http://list.windowsitpro.com/t?ctl=16E60:4FB69

Get the Maximum Return on Software Investments by Optimizing Every 
Dollar Spent on Software
   Often software applications are over-licensed by one department and 
under-licensed by another, resulting in denial of some end users the 
access to software they need or overspending on additional licenses 
that go unused. In this free Web seminar get the 5-step plan for 
quickly implementing a license management program today!
   http://list.windowsitpro.com/t?ctl=16E5E:4FB69

Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?
   In this free, on-demand Web seminar, discover the issues involved 
with integrating your compliance system with backup and recovery, 
including backup schedules, the pros and cons of outsourcing your 
backup media storage and management, the DR implications of having to 
back up all that compliance data, and the possibility of using 
alternative backup methods to provide backup and compliance in a single 
system. You'll learn what to watch out for when combining the two 
functions and how to assess whether your backup/restore mechanisms are 
equal to the challenge.
   http://list.windowsitpro.com/t?ctl=16E5C:4FB69 

====================

==== 3. Instant Poll ====

Results of Previous Poll: Have you, your company, or someone you know 
been a victim of online fraud?
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 30 votes:
   - 57% Yes
   - 37% No
   -  7% Not sure
(Deviations from 100% are due to rounding.)

New Instant Poll: Which of the following devices and/or software do you 
monitor?
   Go to the Security Hot Topic and submit your vote for 
   - Windows 
   - Network devices such as firewalls, gateways, VPN appliances, and 
wireless Access Points 
   - Important applications such as Exchange Server and IIS
   - Two or more of the above
   - None of the above
   http://list.windowsitpro.com/t?ctl=16E6C:4FB69

====================

==== Featured White Paper ====

Can you afford to have anything less than 100% uptime for your mission 
critical email?
   Email has become mission critical to the functioning of business, 
and every hour of downtime can cost thousands of dollars in lost 
productivity and revenue. In this free white paper, learn how to 
address challenges such as: making email truly available 24x7x365, 
securing against viruses, comprehensively backing up email data and 
more. Download your copy now!
   http://list.windowsitpro.com/t?ctl=16E59:4FB69

====================

==== Hot Release ====

Free Network Security Test from Qualys 
   Testing and improving your network security has never been easier. 
Requiring NO software, QualysGuard will safely and accurately test 
your network for security threats and provide you with the necessary 
fixes to proactively guard your network. Try QualysGuard Risk Free.
   http://list.windowsitpro.com/t?ctl=16E70:4FB69

====================

==== 4. Security Toolkit ==== 

Security Matters Blog: Network Security Toolkit 1.2.3
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=16E6E:4FB69

Version 1.2.3 of the Network Security Toolkit was recently released. 
This is an excellent toolkit, and if you haven't looked at it, consider 
doing so. This blog entry links to my review of version 1.0.6. 
   http://list.windowsitpro.com/t?ctl=16E68:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=16E6D:4FB69 

Q: How can I enable access-based share enumeration so that users see 
only files and folders to which they have access? 

Find the answer at
   http://list.windowsitpro.com/t?ctl=16E6B:4FB69

Security Forum Featured Thread: Stop IE from Downloading .exe Files
   A forum participant asks whether there's any way to prevent 
Microsoft Internet Explorer (IE) users from downloading and saving 
.exe, .mp3, and other files to their network drives in a Windows 2000 
environment. Join the discussion at:
   http://list.windowsitpro.com/t?ctl=16E5A:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Get Access to Every Windows IT Pro Article on CD
   Get the Windows IT Pro Master CD and get portable, high-speed access 
to the entire Windows IT Pro article database--more than 9,000 articles 
on CD! The newest issue includes BONUS Windows Tips, and if you sign up 
now, you'll SAVE 25%. Offer ends 10/31/05, so subscribe now:
   http://list.windowsitpro.com/t?ctl=16E63:4FB69

The Windows Scripting Solutions Newsletter
   The Windows Scripting Solutions Newsletter is a "must have." 
Subscribe today and get a 12-issue resource loaded with expert-reviewed 
downloadable code and scripting techniques, as well as hundreds of tips 
on automating repetitive tasks. You will also get online access to the 
entire newsletter archive (over 500 scripting articles), including 
access to our popular "Shell Scripting 101" series. This resource will 
help to save you time and money. Order now:
   http://list.windowsitpro.com/t?ctl=16E64:4FB69 

====================

==== 5. New and Improved ====
   by Renee Munshi, products@private

VPN Firewalls Add Malware Protection
   NETGEAR announced the incorporation of Trend Micro's Client/Server 
(CS) and Client/Server/Messaging (CSM) Suite for Small and Medium 
Business (SMB) into the NETGEAR ProSafe VPN Firewall 200 (FVX538) and 
ProSafe VPN Firewall 50 (FVS338). Both firewalls now enforce security 
policies established by the network administrator by allowing Internet 
access for only those computers that have the latest antivirus and 
antispam signatures. Computers that aren't compliant will be redirected 
to a server to obtain updates. The ProSafe VPN firewalls with Trend 
Micro software are designed to be all-in-one security appliances for 
SMBs. They're list priced at $557 for the ProSafe 200 (200 simultaneous 
IPsec tunnels) and $278 for the ProSafe 50 (50 tunnels). For more 
information, go to
   http://list.windowsitpro.com/t?ctl=16E73:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot@private

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec@private If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

====================

==== Sponsored Links ====

Admins rush to install BLOG servers
   How to run your own blog server. Free 5 user license.
   http://list.windowsitpro.com/t?ctl=16E72:4FB69

====================

==== Contact Us ==== 

About the newsletter -- letters@private
About technical questions -- http://list.windowsitpro.com/t?ctl=16E71:4FB69
About product news -- products@private
About your subscription -- windowsitproupdate@private
About sponsoring Security UPDATE -- salesopps@private

====================

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=16E66:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Wed Oct 19 2005 - 23:25:43 PDT