Security UPDATE, November 27, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw05qj0A6

Microsoft Mobility Tour
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06Kw0Ah
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   Secure all your Web servers now - with a proven 5-part strategy.
The FREE Server Security Guide shows you how:
   * DEPLOY THE LATEST ENCRYPTION and authentication techniques
   * DELIVER TRANSPARENT PROTECTION with the strongest security
without disrupting users. And more. Get your FREE Guide now:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw05qj0A6
~~~~~~~~~~~~~~~~~~~~

November 27, 2002--In this issue:

1. IN FOCUS
     - Security Conferences in 2003

2. SECURITY RISKS
    - Buffer-Overrun Vulnerability in Microsoft Data Access Components
    - Multiple Vulnerabilities in Microsoft IE

3. ANNOUNCEMENTS
     - Happy 10th Anniversary SQL Server!
     - Give Us Your Feedback and Be Entered to Win an Xbox

4. SECURITY ROUNDUP
     - News: Butterfly Security Releases CodeSeeker as Open Source
     - News: RSA Security's Crypto-J Receives FIPS 140-1 Certification

5. INSTANT POLL
     - Results of Previous Poll: Using SAML
     - New Instant Poll: Using Open-Source Products

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Check a System's Availability?

7. NEW AND IMPROVED
     - Reduce Network Threats
     - Secure Your IT Perimeter
     - Submit Top Product Ideas
 
8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: ISA Server 2000 Routing Problem
     - HowTo Mailing List
         - Featured Thread: User Account Creation Is Slow
 
9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* SECURITY CONFERENCES IN 2003

Are you planning to attend any security conferences in 2003? Many are
already scheduled, and now is the time to put them on your calendar. 
This week, I present six conferences that you might want to consider
attending. They're listed below in chronological order.

* BlackHat Windows Security 2003 Briefings and Training, February 24
through 27 at the Sheraton Seattle Hotel & Towers in Seattle.
   The briefings will cover six tracks over 2 days. Subjects include
policies, deep knowledge, networking and integration, and application
development, as well as Microsoft .NET, Microsoft IIS, Microsoft SQL
Server, and Microsoft Internet Security and Acceleration (ISA) Server
2000. Training sessions include exposing Cisco Systems network
vulnerabilities, analyzing software for security vulnerabilities,
uncovering Web application vulnerabilities, using forensics tools and
processes for Windows XP platforms, and securely deploying Microsoft
technologies, as well as a National Security Agency (NSA) information
security assessment methodology course.
   http://www.blackhat.com/html/win-usa-03/win-usa-03-index.html
   http://www.blackhat.com/html/win-usa-03/train-bh-win-03-index.html

* SANS 2003, March 5 through 12 at the Sheraton San Diego Hotel and
Marina in San Diego.
   The SysAdmin, Audit, Network, Security (SANS) Institute's Stephen
Northcutt describes the conference as "our largest conference and
vendor exhibition of the year." According to Northcutt, "The defensive
information community enters 2003 with a wealth of great initiatives:
the Gold Standards, the Cyber Defense Initiatives, more hands-on
pragmatic advanced technical training and the wide array of new
tools." At SANS 2003, many special activities will emphasize ways to
fight back against cyber crime and how to use these initiatives to
help you secure your organization.
   http://www.sans.org/SANS2003

* RSA Conference 2003, April 13 through 17 at Moscone Center in San
Francisco.
   The RSA conference has four main components: General Sessions,
Expo, Tutorials, and Class Tracks. "The General Sessions bring
everyone together for special keynote addresses, expert panels and
discussions of general interest. This year's Expo will feature more
than 138,000 square feet of exhibit space with more than 200 vendors
demonstrating the very latest e-security products. Optional Sunday
tutorials and immersion training sessions will provide the basics of
e-security technology, enterprise security and security development
techniques." The conference's 13 Class Tracks will feature many
workshops, seminars, and talks. The 2003 conference offers a catalog
of more than 200 classes.
   http://www.rsaconference.net/rsa2003
   http://www.rsasecurity.com/conference

* 2003 Techno-Security Conference, April 27 through 30 at the Wyndham
Myrtle Beach Resort in Myrtle Beach, South Carolina.
   The conference features a "blend of physical and cyber security
forums ... the latest in computer forensics and related legal issues
affecting federal, state and local law enforcement, as well as the
Fortune 500 [companies]."
   Guidance Software hosts the conference. According to Robert
Shields, senior director of marketing at Guidance Software, "Combining
both physical and cyber security issues - Techno-Security addresses a
common linkage surrounding the use of computer forensics software.
With numerous sessions covering issues such as homeland defense,
intrusion detection, and evidence management," the conference will
serve many computer security experts and investigators.
   http://www.thetrainingco.com/html/Techno2003.html
   http://www.thetrainingco.com/html/Conferences.html

* 15th Annual Computer Security Incident Handling Conference, June 22
through 27 at the Westin Hotel in Ottawa.
   First.Org sponsors the FIRST Conference, which "focuses on the
field of computer security incident handling and response. The
presentations are international in scope and include the latest in
incident response and prevention, vulnerability analysis, and computer
security."
   http://www.first.org/conference/2003

* NetSec 2003, June 23 through 25 at the Hyatt Regency New Orleans in
New Orleans.
   Computer Security Institute's (CSI's) NetSec network security
conference is "devoted exclusively to network security." NetSec 2003
will offer more than 85 sessions about subjects such as
Internet/intranet, secure ecommerce, VPNs, computer crime, Denial of
Service (DoS) attacks, forensic investigation, response teams,
cryptography/public key infrastructure (PKI), intrusion detection,
Windows NT, privacy, policies, awareness, and remote access. The
exhibition will feature more than 70 network security product
exhibitors.
   http://www.gocsi.com

Many security conferences will be held throughout the year. To find
others that you might be interested in, go to your favorite search
engine and search for "Security +conference +2003." Here are a few
links to get you started.
   http://search.dogpile.com/texis/search?q=security%20%2bconference%20%2b2003
   http://search.yahoo.com/bin/search?p=security+%2bconference+%2b2003
   http://www.altavista.com/web/results?q=security+%2bconference+%2b2003
   http://www.google.com/search?q=security+%2bconference+%2b2003
 
~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: MICROSOFT MOBILITY TOUR ~~~~
   THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
   Brought to you by Windows & .NET Magazine, this outstanding
seven-city event will help support your growing mobile workforce!
Industry guru Paul Thurrott discusses the coolest mobility hardware
solutions around, demonstrates how to increase the productivity of
your "road warriors" with the unique features of Windows XP and Office
XP, and much more. There is no charge for these live events, but space
is limited so register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06Kw0Ah
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* BUFFER-OVERRUN VULNERABILITY IN MICROSOFT DATA ACCESS COMPONENTS
   Foundstone discovered that a Microsoft Data Access Components
(MDAC) vulnerability might let a potential attacker execute arbitrary
code on the vulnerable system. The vulnerability stems from an
unchecked buffer in the Remote Data Services (RDS) Data Stub. By
sending a specially malformed HTTP request to the Data Stub, a
potential attacker can cause targeted data to overrun onto the heap.
Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in
Microsoft Data Access Components Could Lead to Code Execution) to
address this vulnerability and recommends that affected users
immediately apply the appropriate patch that the bulletin mentions.
   http://www.secadministrator.com/articles/index.cfm?articleid=27357

* MULTIPLE VULNERABILITIES IN MICROSOFT IE
   eEye Digital Security discovered that Microsoft Internet Explorer
(IE) contains six newly discovered vulnerabilities, the most serious
of which might let a potential attacker execute commands on the
vulnerable system. Microsoft has released Security Bulletin MS02-066
(Cumulative Patch for Internet Explorer) to address these
vulnerabilities and recommends that affected users immediately apply
the appropriate patch that the bulletin mentions. This cumulative
patch also addresses all previously discovered IE vulnerabilities.
   http://www.secadministrator.com/articles/index.cfm?articleid=27364

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* HAPPY 10TH ANNIVERSARY SQL SERVER!
   Microsoft and SQL Server Magazine want to thank you for your
support over the past 10 years. To show our appreciation, we're
running a 20-week contest that will test your SQL Server knowledge.
Answer our quiz, and you'll be entered in a biweekly drawing for cool
prizes such as Microsoft Press books and MCDBA exam vouchers, plus a
grand prize: a Microsoft Xbox! Enter today at
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06ST0AG
 
* GIVE US YOUR FEEDBACK AND BE ENTERED TO WIN AN XBOX
   Tell us how well your enterprise is prepared for when disaster
strikes. Complete our brief survey about backup and recovery, and you
could win an Xbox. Click here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06MJ0Ay

4. ==== SECURITY ROUNDUP ====

* NEWS: BUTTERFLY SECURITY RELEASES CODESEEKER AS OPEN SOURCE
   Butterfly Security released CodeSeeker as open source through the
Open Web Application Security Project (OWASP). CodeSeeker is a Web
application firewall and Intrusion Detection System (IDS) tool that
runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
   http://www.secadministrator.com/articles/index.cfm?articleid=27358

* NEWS: RSA SECURITY'S CRYPTO-J RECEIVES FIPS 140-1 CERTIFICATION
   RSA Security announced that its Crypto-J software has attained
Federal Information Processing Standards (FIPS) 140-1 certification.
Crypto-J is part of RSA Security's BSAFE product line. BSAFE also
includes implementations of Secure Sockets Layer (SSL), Secure MIME
(S/MIME), Wireless Transport Layer Security (WTLS), IP Security
(IPSec) and Public Key Cryptography Standards (PKCS).
   http://www.secadministrator.com/articles/index.cfm?articleid=27359

5. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: USING SAML
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you use Security Assertion Markup Language (SAML) for security in your
Web applications?" Here are the results (+/- 2 percent) from the 101
votes:
   -  4% Yes
   - 77% No
   -  8% Not yet, but we will
   -  1% No--We use Extensible Rights Markup Language (XrML)
   - 10% No--We use other security technology
 
* NEW INSTANT POLL: USING OPEN-SOURCE PRODUCTS
   The next Instant Poll question is, "Do you use open-source products
on your network?" Go to the Security Administrator Channel home page
and submit your vote for a) Yes, b) No, c) Not sure, or d) We plan to.
   http://www.secadministrator.com

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I CHECK A SYSTEM'S AVAILABILITY?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Microsoft's Uptime tool (available at the second URL below)
displays basic system-uptime information. This tool can also list all
startup and shutdown events, and you can use the /s switch to show the
total percent time that your machine has been available. For an
example of Uptime commands and associated output, visit this FAQ on
our Web site.
   http://www.windows2000faq.com/articles/index.cfm?articleid=27249
  
 http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* REDUCE NETWORK THREATS
   eEye Digital Security announced Enterprise Vulnerability Assessment
and Remediation Management Solution for large and distributed networks
to proactively control and manage network security. The software
consists of four fully integrated applications: Retina Network
Security Scanner, Retina Remote Manager, REM Events Server, and REM
Events Manager. It gathers security vulnerability events from Retina
scanners, as well as other third-party vendor solutions, and reports
to a centralized management system. The events can then be analyzed
and delegated to your IT staff for remediation. For pricing or more
information, contact eEye Digital Security at 949-349-9062,
866-339-3732, and sales () eeye com.
   http://www.eeye.com

* SECURE YOUR IT PERIMETER
   eSoft announced the InstaGate xSP Business, a scalable VPN/firewall
appliance for midsize enterprises wanting to integrate a simplified
Internet security solution. Features include an IP Security
(IPSec)/PPTP VPN, a firewall policy manager, Web proxy capabilities,
mail relaying, and a demilitarized zone (DMZ)/failover network
interface. Also included is a comprehensive catalog of SoftPak
applications that includes antivirus, URL filtering, and centralized
VPN management tools. InstaGate xSP Business, which costs $1999,
supports up to 100 users and 100 VPN tunnels, as well as all OS
environments. Contact eSoft at 303-444-1600, 888-903-7638, and sales
@esoft.com.
   http://www.esoft.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: ISA Server 2000 Routing Problem
   (Two messages in this thread)

A user writes that he has a problem with Microsoft Internet Security
and Acceleration (ISA) Server 2000 routing. He installed ISA Server on
a computer with two NICs. One NIC is connected to an external router,
and the other NIC is connected to an internal network. His router uses
Network Address Translation (NAT). He created all the required
policies for the internal network to access the Internet through the
external router. However, users can't access systems outside the
internal network. He wonders why. Lend a hand or read the responses.
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50285

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: User Account Is Slow
   (One message in this thread)

A user writes that he uses Windows 2000 as a standalone system. Any
time he creates user accounts or makes changes to those account, it
seems to take 1 minute or more for the system to process those
changes. He wonders why this happens. Read the responses or lend a
hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?a2=ind0211c&l=howto&p=2670

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.