Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, April 3, 2002

From: InfoSec News <isn () c4i org>
Date: Thu, 4 Apr 2002 01:26:29 -0600 (CST)
******************** 
Windows & .NET Magazine Security UPDATE--brought to you by Security 
Administrator, a print newsletter bringing you practical, how-to 
articles about securing your Windows .NET Server, Windows 2000, and 
Windows NT systems. 
   http://www.secadministrator.com 
******************** 

~~~~ THIS ISSUE SPONSORED BY ~~~~

"Tee-Off" at Tech·Ed with Sybari Software 
   http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0r830Aw

Windows & .NET Magazine Network UPDATE Newsletters
   http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0rvS0AW
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~ 

~~~~ SPONSOR: "TEE-OFF" AT TECH·ED WITH SYBARI SOFTWARE ~~~~ 
   Don't get caught waiting for signature file updates from your single 
engine provider when the next email virus hits! Visit Sybari's booth 
(#619) at Tech Ed and learn how Antigen lets you deploy up to six of 
the leading virus scan engine technologies for the most comprehensive 
virus scanning on the market today. Antigen also delivers advanced 
content management capabilities including subject line, sender, and 
domain filtering. Don't forget to play Sybari's "Putt and Win" game at 
Tech Ed and enter to win a Ping Putter. Not going to Tech Ed? Attend an 
Antigen web demo by May 1st and get a free Sybari t-shirt. 
   Register at http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0r830Aw

~~~~~~~~~~~~~~~~~~~~ 

April 3, 2002--In this issue: 

1. IN FOCUS 
     - Abundant Resources for Security Best Practices
 
2. SECURITY RISKS
     - Memory Leak Vulnerability in Cisco Systems' CallManager 3.1
     - Script Execution Vulnerabilities in Microsoft IE

3. ANNOUNCEMENTS
     - Sign Up for Free UPDATEs and Enter to Win a Palm Handheld!
     - Find the Right Training Tool for You! 

4. SECURITY ROUNDUP
     - News: Survey Says Web Sites Are Now Less Intrusive
     - News: More Outlook Security Problems
     - Feature: WS-Security Sets Standard for Web Services Transactions

5. SECURITY TOOLKIT
     - Virus Center
           Virus Alert: W32/MyLife.B
     - FAQ: What Advantages Do Offline Backups and Image Backups Have 
       over Online Backups?

6. NEW AND IMPROVED
     - Learn About Web Security, Privacy, and Commerce
     - Restrict File and Folder Access

7. HOT THREADS 
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Anonymous Access
     - HowTo Mailing List
         - Featured Thread: How to Hide Dial-up Properties

8. CONTACT US 
   See this section for a list of ways to contact us. 

~~~~~~~~~~~~~~~~~~~~ 

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, mark () ntsecurity net) 

* ABUNDANT RESOURCES FOR SECURITY BEST PRACTICES

Have you visited Microsoft TechNet's Security Best Practices Web site 
recently? In January, just two documents were posted to the site. 
However, when I revisited the site (see the URL below), I found that 
since mid-March, Microsoft has assembled more than two dozen additional 
items from both inhouse and outside sources. Currently, the site offers 
29 links that lead to individual resources that include white papers, 
interviews, articles, checklists, and links to other useful sites. 
   http://www.microsoft.com/technet/security/bestprac

Let me give you a brief overview of what the site offers. You'll find 
information about topics such as preventing Denial of Service (DoS) 
attacks, effective security monitoring, TCP/IP security, and security 
strategies. For example, "Best Practices for Preventing DoS/Denial of 
Service Attacks," by Michael Cretzman and Todd Weeks, lists 10 best 
practices for preventing such attacks based on information drawn from 
actual attacks that several companies experienced. The article includes 
advice about system configuration and suggests several registry 
adjustments that can help minimize the effects of DoS attacks. Another 
article available through the site, "Distributed Denial-of-Service 
Attacks and You," by Paul Robichaux, describes the nature of 
distributed attacks and lists various ways you can protect your network 
from them. The latter article includes links to other Web sites that 
have additional related information.

Both the TCP/IP article and the security strategy article are chapters 
from popular and respected books. "TCP/IP from a Security Viewpoint," 
Chapter 3 of "Firewalls, 24 seven" (Sybex), by Matthew Strebe and 
Charles Perkins, offers an in-depth discussion about how TCP/IP packets 
are structured and how various protocols move traffic in and out of 
your network. "For Strategists," Chapter 11 of "Intrusion Detection" 
(MacMillan Technical Publishing), by Rebecca Gurley Bace, provides a 
roadmap for people charged with improving security in their 
organizations. It offers good advice about developing your security 
strategies and suggests specific questions to ask solution vendors. 
This Web site draws information from other books as well. 

The Best Security Practices Web site resources also include information 
about managing Microsoft IIS Web services, an interview with Dr. 
William Stallings (a popular engineer and consultant) about 
cryptography, and best practices for managing service packs and 
hotfixes. "Manage Security of Your Windows IIS Web Services," from 
Microsoft Consulting Services Web Server Best Practices, offers advice 
about how to bring rogue systems under management to help prevent 
security problems such as virus infections. The Stallings interview 
covers topics such as assessing security needs, open-standard 
encryption algorithms, the inner workings of firewalls, what intruders 
look for, and intrusion detection. 

As you know, managing service packs and hotfixes is a hot topic. During 
the last month and a half, Microsoft has released more than a dozen 
security bulletins. Keeping up with all the patches (and service pack 
releases, which are less frequent) is a tough job indeed, especially 
for those who administer large networks. The Microsoft article "Best 
Practices for Applying Service Packs, Hotfixes, and Security Patches," 
by Rick Rosato, outlines various steps to take before, during, and 
after installation. The article recommends that you apply all changes 
in a test environment and be prepared to uninstall in case the systems 
in your environment behave unexpectedly. The document also stresses the 
need for revision consistency, especially with domain controllers 
(DCs), and recommends that noncritical systems be updated first. 

Overall, the Web site offers abundant resources that you might not be 
aware of. Be sure to stop by the site and take a look. The site can 
help raise your awareness about various aspects of security and help 
you increase the overall security of your entire enterprise. 

Until next time, have a great week.

Sincerely,
Mark Joseph Edwards, News Editor
mark () ntsecurity net

~~~~~~~~~~~~~~~~~~~~ 

~~~~ SPONSOR: WINDOWS & .NET MAGAZINE NETWORK UPDATE NEWSLETTERS ~~~~ 
   * SIGN UP FOR FREE UPDATES AND ENTER TO WIN A PALM HANDHELD!
   UPDATE email newsletters are designed to help busy IT professionals 
just like you stay on top of the latest Windows enterprise news and 
developments. We distill what's really important in the world of IT in 
a concise and independent voice. Sign up for FREE today and you'll be 
entered to win a Palm handheld!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0rvS0AW
   
~~~~~~~~~~~~~~~~~~~~ 

2. ==== SECURITY RISKS ==== 

* MEMORY LEAK VULNERABILITY IN CISCO SYSTEMS' CALLMANAGER 3.1
   When a user logs on to his or her account through the IMail Server 
Web interface, the application uses a unique URL to maintain the 
session authentication. A vulnerability in Cisco Systems' CallManager 
3.1 can cause a memory leak in the computer telephony integration (CTI) 
framework authentication. This memory leak can cause the server to 
crash and reload. An attacker can exploit this vulnerability to create 
a Denial of Service (DoS) condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=24641

* SCRIPT EXECUTION VULNERABILITIES IN MICROSOFT IE
   Andreas Sandblad discovered two vulnerabilities in Microsoft 
Internet Explorer (IE), one of which can lead to script execution in 
the Local Computer Zone. The first vulnerability involves a flaw in the 
way IE handles object tags that lets an attacker invoke an executable 
already present on the vulnerable system. The second vulnerability 
targets IE's zone-determination function. By embedding an HTML script 
within a cookie, an attacker can execute a script on the vulnerable 
computer.
   http://www.secadministrator.com/articles/index.cfm?articleid=24651

3. ==== ANNOUNCEMENTS ==== 

* SIGN UP FOR FREE UPDATES AND ENTER TO WIN A PALM HANDHELD!
   UPDATE email newsletters are designed to help busy IT professionals 
just like you stay on top of the latest Windows enterprise news and 
developments. We distill what's really important in the world of IT in 
a concise and independent voice. Sign up for FREE today and you'll be 
entered to win a Palm handheld! 
   http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0rvS0AW

* FIND THE RIGHT TRAINING TOOL FOR YOU!
   The Windows & .NET Magazine Training and Certification Interactive 
Product Guide is an online resource where you'll discover boot camps, 
test simulators, and other resources to help you get certified. Whether 
you're studying for your MCSE exams, trying to strengthen your resume, 
or just learning a new skill set, you'll definitely want to check this 
guide out!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLPS0CJgSH0CBw0r5p0Au

4. ==== SECURITY ROUNDUP ====

* NEWS: SURVEY SAYS WEB SITES ARE NOW LESS INTRUSIVE
   The Progress & Freedom Foundation (PFF) published a new survey that 
shows that fewer Web sites are collecting users' personal information. 
The study indicates that only 84 percent of the 100 most popular Web 
sites collect personal information; in 2000, 96 percent collected 
personal information. In addition, only 48 percent of the 100 most 
popular Web sites use cookies to track users' surfing habits, compared 
with 78 percent that used cookies in 2000. Read more about the new 
survey results at the URL below. 
   http://www.secadministrator.com/articles/index.cfm?articleid=24642

* NEWS: MORE OUTLOOK SECURITY PROBLEMS
   As we approach the 2-year anniversary of the VBS.LoveLetter virus 
outbreak, which catapulted Microsoft Outlook into the headlines, 
security problems continue to surface. Internet security and privacy 
expert Richard M. Smith posted a note to the Windows NTBugtraq mailing 
list that cited four problems with Outlook 2002--two security problems, 
one privacy problem, and one case of mixed messages from Microsoft--
that Smith says probably affect earlier Outlook versions as well.
   http://www.secadministrator.com/articles/index.cfm?articleid=24618

* FEATURE: WS-SECURITY SETS STANDARD FOR WEB SERVICES TRANSACTIONS
   The three core pieces of Microsoft's XML Web services--Simple Object 
Access Protocol (SOAP), Web Services Description Language (WSDL), and 
Universal Description, Discovery, and Integration (UDDI)--form the 
foundation of Microsoft's approach to the .NET platform, but they don't 
represent the whole picture. To add greater security and better routing 
and lookup abilities to Web services, Microsoft is developing five 
other XML-based specifications. Read this article to learn more. 
   http://www.secadministrator.com/articles/index.cfm?articleid=24401

5. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed 
to bring you the Center for Virus Control. Visit the site often to 
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* VIRUS ALERT: W32/MYLIFE.B
   W32/MyLife.B is a mass-mailing worm that arrives in a compressed 
format in a user's inbox as an email message with another email message 
attached. In reality, the attachment is a compressed program that 
executes when the user attempts to open the attachment. Once it 
executes, the worm attempts to delete all files on the user's C, D, E, 
and F drives and all files in the C:\windows\system folder that have a 
.sys, .vxd, .ocx, or .nls extension. The worm spreads by sending a copy 
of itself to everyone in the user's address book.
   http://63.88.172.127/panda/index.cfm?fuseaction=virus&virusid=1149

* FAQ: WHAT ADVANTAGES DO OFFLINE BACKUPS AND IMAGE BACKUPS HAVE OVER 
ONLINE BACKUPS?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. You can use any backup program--or even the Copy command--to 
reliably back up files that aren't in use. However, backing up files 
that are in use, such as system files, when your OS is in an online 
state can be complicated. Read what John Savill has to say about 
offline, image, and online backups!
   http://www.windows2000faq.com/articles/index.cfm?articleid=24414

6. ==== NEW AND IMPROVED ==== 
   (contributed by Carolyn Mascarenas, products () winnetmag com) 

* LEARN ABOUT WEB SECURITY, PRIVACY, AND COMMERCE
   O'Reilly & Associates released "Web Security, Privacy & Commerce," 
by Simson Garfinkel and Gene Spafford, a reference book that covers Web 
security risks and the techniques and technologies that you can use to 
protect yourself against these risks. Topics include cryptography, 
passwords, digital signatures, biometrics, cookies, log files, spam, 
Web logs, the Secure Sockets Layer (SSL), digital payments, client-side 
signatures, pornography filtering, intellectual property, and legal 
concerns. The 756-page book costs $44.95. Contact O'Reilly at 800-998-
9938.
   http://www.oreilly.com

* RESTRICT FILE AND FOLDER ACCESS
   CenturionSoft and SoftClan released SoftClan Security Suite, a 
security and auditing program that can provide Windows Me and Windows 
9x systems with protection levels similar to those of Windows NT on 
NTFS. You can administer the software by using a transparent monitoring 
process that doesn't alter the system's operation or speed. The 
software restricts file and folder access to protect a system from 
intruders, accidents, and viruses. The software controls and audits 
each user's PC use, which is important for PCs that have multiple 
users. SoftClan Security Suite costs $39.95. Contact CenturionSoft or 
SoftClan at 202-293-5151.
   http://www.centurionsoft.com

7. ==== HOT THREADS ==== 

* WINDOWS & .NET MAGAZINE ONLINE FORUMS 
   http://www.winnetmag.net/forums 

Featured Thread: Anonymous Access
   (One message in this thread)

Richard writes that every 2 hours, his PDC records hundreds of 
anonymous accesses in a 2- to 4-second period in the Security log. He 
reports that he has disabled anonymous access, but the log entries 
still appear. He's worried about the security implications. Can you 
help?
   http://www.secadministrator.com/forums/thread.cfm?thread_id=100630

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto 

Featured Thread: How to Hide Dial-up Properties
   (One message in this thread)

Tricia wants to know how to hide dial-up properties when users dial 
into a Windows NT server. She wants to hide all settings including the 
number dialed yet still let the user enter a username and password for 
authentication. Can you help?

http://www.secadministrator.com/listserv/page_listserv.asp?a2=ind0204a&l=howto&p=81

8. ==== CONTACT US ==== 
   Here's how to reach us with your comments and questions: 

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- vpatterson () winnetmag com (please 
mention the newsletter name in the subject line) 

* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 

* PRODUCT NEWS -- products () winnetmag com 

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
Support -- securityupdate () winnetmag com 

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com 

******************** 

   This email newsletter is brought to you by Security Administrator, 
the print newsletter with independent, impartial advice for IT 
administrators securing a Windows 2000/Windows NT enterprise. Subscribe 
today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of 
your choice. Subscribe to our other FREE email newsletters. 
   http://www.winnetmag.net/email 

|-+-+-+-+-+-+-+-+-+-| 

Thank you for reading Security UPDATE.

SUBSCRIBE
To subscribe, send a blank email to mailto:Security-UPDATE_Sub () list winnetmag com.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: