Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> === CONTENTS =================================================== IN FOCUS: Tighten Up Your Citrix and RDP Security NEWS AND FEATURES - Microsoft Will Fix Windows URI Flaw - NAC Will Act as Emergency Broadcast System for University - Third Brigade Looks to Service Providers to Expand Market Share - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Blue Monster Business Card - FAQ: Remotely Run Commands on Vista and Windows 2008 - From the Forum: Security Audit Tools - Share Your Security Tips PRODUCTS - Monitor Endpoints on a Distributed Network - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Storage Guardian ================================== Keys to Backing Up & Securing Data at Remote Business Sites Keeping data at remote office sites backed up and secure is a critical component of business success. Register now to get the knowledge you need to make smart decisions regarding data backup at remote business sites. http://list.windowsitpro.com/t?ctl=6A59B:57B62BBB09A6927903AAF5C900D37188 === IN FOCUS: Tighten Up Your Citrix and RDP Security ========== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Both Citrix and Microsoft's RDP have been in widespread use for quite a long time. The technologies allow people to connect to remote systems to use desktop applications and administration tools. If you use these technologies every day, it might be a good idea to ask yourself whether your remote computing environment is as secure as it could be. A couple weeks ago, Petko Petkov posted some very interesting information at his GNUCITIZEN Web site. Using Google, Petkov discovered numerous Citrix configuration (.ica) files that are located on .gov, .mil, and other domains. If you're familiar with Citrix configuration files, you know that they contain information that clients use to connect to servers. Along with server IP addresses, the information sometimes includes usernames and passwords. Having .ica files indexed by Google and other search engines is obviously problematic, to say the least. Monday, I did a quick search on Google and found more than 600 .ica files, some of which did contain complete connection information. RDP connection files are also being exposed to the Internet and thus picked up by search engines. A quick search at Google revealed more than 300 RDP connection files. Searching Yahoo! for the same two file types revealed more exposed connection files. In the blog post "CITRIX: Owning the Legitimate Backdoor," (at the URL below), Petkov outlines how easy it is to modify Citrix connection files to launch various programs, including command shells, after connecting to a remote server. It's also possible to enumerate available server farms, servers, and applications by using scripts. That sort of information can give an intruder a big head start in finding chinks in network armor. http://list.windowsitpro.com/t?ctl=6A59D:57B62BBB09A6927903AAF5C900D37188 Citrix and RDP connection files should not be listed in search engines, which means that you need to protect access to those types of files. Furthermore, you need to make sure your Citrix and Windows Terminal Services installations are locked down tight. Otherwise an intruder will eventually come along and try to break in. You also need to defend against email- and Web-based attacks that deliver specially modified Citrix and RDP connection files that could trick people into exposing sensitive data, trick them into uploading and downloading files, and so on. For more information about the Citrix and RDP risks, be sure to read Petkov's blog post "Remote Desktop Command Fixation Attacks," at the first URL below, and his "Clear" post at the second URL below. In these posts, he elaborates on some of his concerns and provides links to lots of other related material. http://list.windowsitpro.com/t?ctl=6A59C:57B62BBB09A6927903AAF5C900D37188 http://list.windowsitpro.com/t?ctl=6A5B1:57B62BBB09A6927903AAF5C900D37188 Whenever someone brings to light risks such as these, related intruder activity increases. To get a rough idea of how such information stimulates activity, head over to The SANS Institute's Internet Storm Center and take a look at the traffic patterns for Citrix port 1484 (at the first URL below) and RDP port 3389 (at the second URL below). You'll notice spikes in traffic that coincide with Petkov's blog posts. http://list.windowsitpro.com/t?ctl=6A5AF:57B62BBB09A6927903AAF5C900D37188 http://list.windowsitpro.com/t?ctl=6A5B0:57B62BBB09A6927903AAF5C900D37188 === SPONSOR: Symantec ========================================== Messaging Management Guarding against the growing threats to the corporate email and IM environment has become an ever-consuming task of the IT professional. Now is the turning point for IT security professionals to look at their mainstays in their defense strategy and make sure they are pulling their weight. In scrutinizing your messaging management solutions, this valuable guide shows that securing a mail and messaging infrastructure should not be an afterthought. A secure mail and messaging infrastructure is fundamental to your business and any organization should plan for the appropriate message hygiene, availability, and control services from the start. http://list.windowsitpro.com/t?ctl=6A598:57B62BBB09A6927903AAF5C900D37188 === SECURITY NEWS AND FEATURES ================================= Microsoft Will Fix Windows URI Flaw After claiming that a recently discovered flaw in Windows was a problem with third-party software, Microsoft reversed course and will now fix the problem. The flaw is found in a component of the OS called Uniform Resource Identifier (URI) handling, which allows Web browsers to launch applications via hyperlinks in Web pages. http://list.windowsitpro.com/t?ctl=6A5A7:57B62BBB09A6927903AAF5C900D37188 NAC Will Act as Emergency Broadcast System for University The University of the Pacific in Stockton, California, will use the Web broadcasting capability of Impulse Point's Safe Connect Network Access Control (NAC) solution as one of its methods for notifying students and faculty about an emergency situation. The university will also use text messages and email announcements. http://list.windowsitpro.com/t?ctl=6A5A4:57B62BBB09A6927903AAF5C900D37188 Third Brigade Looks to Service Providers to Expand Market Share Third Brigade, maker of intrusion detection and prevention systems (IDS/IPS), announced a newly expanded partner program aimed at helping service providers better secure their customers' applications and data. http://list.windowsitpro.com/t?ctl=6A5A8:57B62BBB09A6927903AAF5C900D37188 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=6A59E:57B62BBB09A6927903AAF5C900D37188 === SPONSOR: Sophos ============================================ Trends in Malware: 2007 Security Threat Report A sharp rise in web threats is the latest twist in cyber criminals' continually evolving efforts to steal information for financial gain. We review the year so far and predict the threat landscape for the second half of 2007. http://list.windowsitpro.com/t?ctl=6A5AC:57B62BBB09A6927903AAF5C900D37188 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Blue Monster Business Card by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6A5AE:57B62BBB09A6927903AAF5C900D37188 This is sort of funny. Check out Hugh MacLeod's "Blue Monster," which spoofs Microsoft with a business card of sorts. http://list.windowsitpro.com/t?ctl=6A599:57B62BBB09A6927903AAF5C900D37188 FAQ: Remotely Run Commands on Vista and Windows 2008 by John Savill, http://list.windowsitpro.com/t?ctl=6A5AB:57B62BBB09A6927903AAF5C900D37188 Q: How can I remotely run commands on a Windows Vista or Windows Server 2008 box? Find the answer at http://list.windowsitpro.com/t?ctl=6A5A9:57B62BBB09A6927903AAF5C900D37188 FROM THE FORUM: Security Audit Tools A forum participant is looking for a good tool to audit a Windows Server 2003 domain environment, including passwords. Any suggestions? http://list.windowsitpro.com/t?ctl=6A597:57B62BBB09A6927903AAF5C900D37188 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Monitor Endpoints on a Distributed Network Promisec announced InnerSpace, a centralized endpoint compliance and governance solution. InnerSpace works without agents, monitoring all endpoints and servers for deviations from corporate policy. It's designed for large, distributed enterprise networks and offers one interface for monitoring and reporting on all the computers on the network. InnerSpace establishes a baseline for each group of computers, noting the devices, applications, services, toolbars, and so on on those computers, and then monitors for deviations from the baseline. For more information, go to http://list.windowsitpro.com/t?ctl=6A5B2:57B62BBB09A6927903AAF5C900D37188 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=6A5AA:57B62BBB09A6927903AAF5C900D37188 Learn how to protect yourself from data theft, Web site hacking/vandalism, and general security issues. With increasing concerns about host-based intrusion, IT professionals need to be equipped with effective security solutions. Attend this October 30 (12 p.m. EDT) Web seminar to learn how Symantec Critical System Protection provides intrusion protection and detection capabilities to better equip you in a landscape of ever emerging threats. http://list.windowsitpro.com/t?ctl=6A59A:57B62BBB09A6927903AAF5C900D37188 Learn from other people's mistakes, not your own! This free Web seminar features an interactive discussion that reveals today's common mistakes and misconceptions about messaging, archiving, regulations, and e- discovery. You'll learn why these misconceptions came about, how to avoid the common mistakes, and what to do to meet today's email archiving and e-discovery needs. http://list.windowsitpro.com/t?ctl=6A59F:57B62BBB09A6927903AAF5C900D37188 Interop New York See all of the latest technologies in action at Interop New York, October 22-26. Visit 200+ exhibitors, attend 100+ sessions, and check out live demos of practical business solutions. Interop is the gathering place for business and IT leaders who want to find out what's next in business technology. Register today. http://list.windowsitpro.com/t?ctl=6A5A6:57B62BBB09A6927903AAF5C900D37188 === FEATURED WHITE PAPER ======================================= Employees installing and using unauthorized applications such as IM, VoIP, games, and peer-to-peer file-sharing cause many businesses legal concerns, IT support burdens, network and system overhead, as well as employee productivity issues. This white paper discusses the various approaches to control applications and highlights a simple solution that removes cost and management overhead. http://list.windowsitpro.com/t?ctl=6A5A0:57B62BBB09A6927903AAF5C900D37188 === ANNOUNCEMENTS ============================================== Discover the New SQL Server Magazine Don't miss the relaunched SQL Server Magazine, coming this month! Besides a new look, we have even more coverage of administration and performance, development and Web apps, BI and Reporting Services, and SQL Server fundamentals. Subscribe now and save 58% off the cover price. http://list.windowsitpro.com/t?ctl=6A5A1:57B62BBB09A6927903AAF5C900D37188 Got a Tough Exchange or Outlook Question? Rely on Exchange & Outlook Pro VIP, the new online resource with in- depth articles on administration, migration, security, and performance. Subscribers get direct access to our top-flight editors, so subscribe and receive personalized solutions to your toughest technical questions. It beats a support call to Microsoft! http://list.windowsitpro.com/t?ctl=6A5A2:57B62BBB09A6927903AAF5C900D37188 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=6A5AD:57B62BBB09A6927903AAF5C900D37188 http://list.windowsitpro.com/t?ctl=6A5B4:57B62BBB09A6927903AAF5C900D37188 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=6A5A5:57B62BBB09A6927903AAF5C900D37188 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=6A5B3:57B62BBB09A6927903AAF5C900D37188 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=6A5A3:57B62BBB09A6927903AAF5C900D37188 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Thu Oct 18 2007 - 00:20:17 PDT