Security UPDATE, December 11, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

FREE eBook on W2K and AD Administration
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw06u60Ag

FREE DOWNLOAD - Control PCs over the Internet
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw0pVP0AZ
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE EBOOK ON W2K AND AD ADMINISTRATION ~~~~
   Experience greater administrative control and security of Active
Directory and Exchange with Aelita Enterprise Directory Manager. EDM's
secure "Rules & Roles" enhances Exchange and Active Directory
management allowing integration of Active Directory, Exchange 5.5 &
2000, and HR applications. The result is secure, integrated workflow
for employee identity management and provisioning. Start with your
FREE eBook today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw06u60Ag
~~~~~~~~~~~~~~~~~~~~

December 11, 2002--In this issue:

1. IN FOCUS
     - New Certification Standards for Firewalls

2. SECURITY RISKS
     - DoS in Microsoft Outlook 2002
     - Cross-Domain Security Vulnerability in Microsoft IE

3. ANNOUNCEMENTS
     - The Microsoft Mobility Tour Is Coming Soon to a City Near You!
     - Get the New Windows & .NET Magazine Network Super CD/VIP!

4. SECURITY ROUNDUP
     - News: IMlogic and CypherGuard Team to Better Secure IM
     - News: GFI Offers WebMonitor for ISA Server 2000 as Freeware
     - Feature: Microsoft Addresses Inherent Security of Windows

5. HOT RELEASE (ADVERTISEMENT)
     - ALERT: "Outsmart the Top 14 Web Application Hacks"

6. INSTANT POLL
     - Results of Previous Poll: Using Open-Source Products
     - New Instant Poll: ICSA Firewall Certification

7. SECURITY TOOLKIT
     - Virus Center
         - Virus Alert: W32/CIH.1106
     - FAQ: How Can I Hide Core Icons from the Windows XP Desktop?

8. NEW AND IMPROVED
     - Control Spam with Firewall Appliance
     - Locate and Remove Infestations
     - Submit Top Product Ideas
 
9. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Netstat Output

10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* NEW CERTIFICATION STANDARDS FOR FIREWALLS

ICSA Labs (see the URL below), a division of TruSecure, offers
firewall certification by testing firewalls against a defined set of
criteria. Firewall products that meet the criteria can claim ISCA Labs
Certification. In the past, ICSA Labs has used one set of criteria to
certify all firewall products, whether those firewalls were designed
for large corporations, small businesses, or residential users.
   http://www.icsalabs.org

ICSA Labs has now developed "Modular Firewall Certification Criteria
4.0." The criteria include a base set of requirements--plus three
other sets of requirements that differ based on the firewall's target
market. According to ICSA Labs, "Version 4.0 is the culmination of
over a year and half of work with industry experts, end users and the
Firewall Product Developers Consortium - an international forum of
competing developers of firewall products that works toward common
goals to benefit both members and end users. Version 4.0 reflects the
different functional requirements in today's multi-segmented firewall
market."

The base criteria module--applicable to all firewalls--requires that
firewalls adhere to specific logging requirements, provide certain
administrative capabilities, and maintain security policy persistence.
The firewalls must also pass functional tests to prove that their
policies and administration features work as intended, that they
prevent unauthorized access to administrative functions, that they
aren't vulnerable to evolving sets of attacks, and that they don't
introduce vulnerabilities through their integration into a network.
The firewalls must also pass tests that demonstrate their resistance
to trivial Denial of Service (DoS) attacks and their ability, if they
fail, to fail in a way that stops all network traffic to protect the
networks they guard. And, of course, the firewalls must also have
thorough, accurate documentation in such areas as installation,
administration, and maintenance.

The other three criteria sets (corporate, business, and residential)
have a few overlapping requirements, such as the default policy's
allowed inbound and outbound protocols and remote administration
capabilities. However, beyond those overlapping elements, the
requirements differ significantly according to target market. As you
might expect, the corporate firewall requirements are more stringent
than those for business firewalls, and those for business firewalls
more stringent that those for residential firewalls. The differences
among the three modules lie mostly in the areas of logging,
administration, and time/date persistence. Overall, the requirements
for any type of firewall are stricter than the previous requirements
ICSA Labs used. You can read about the exact criteria for each
firewall type at the URL below.
   http://www.icsalabs.org/html/communities/firewalls/certification/criteria/criteria_4.0.shtml

So far, the following companies and products have achieved ICSA Labs'
4.0 certification for corporate firewalls: Nortel Networks' Alteon
Switched Firewall, Novell's BorderManager, Check Point Software
Technologies' Check Point FireWall-1 Next Generation Linux FP-3, Cisco
Systems' PIX Firewall Family, CyberGuard Premium Firewall Appliance,
Global Technology Associates' (GTA's) GTA Firewall Family, Intoto's
iGateway, Fortinet's FortiGate-300, and NetScreen Technologies'
NetScreen Family. Other companies are in the process of certifying
their corporate firewalls under the new criteria.

To date, ICSA Labs hasn't certified any level 4.0 business products
and has certified only two level 4.0 residential products (both
hardware-based)--Jungo's OpenRG and RIAS's GreatSpeed GS-1540G. For a
list of all ICSA Labs certified firewalls, visit the URL below.
   http://www.icsalabs.org/html/communities/firewalls/newsite/cert.shtml

In general, the new multilevel certification criteria make sense.
Usually, a residential user's firewall doesn't need to meet the same
overall requirements as a firewall that protects a large corporate
network. For example, a residential firewall often doesn't need the
same remote administration capabilities that a business or corporate
firewall needs. ICSA Labs' new approach to certification should give
developers more flexibility by providing a way to certify products
that serve different target users.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE DOWNLOAD - CONTROL PCS OVER THE INTERNET ~~~~
   Control, access and support PCs over the Internet, LANs, WANs, or
modems - just as if you were in front of them. NetOp Remote Control,
winner of PC Magazine's Editors' Choice, now offers professionals even
more options like support for Linux, Solaris and Symbian as well as
all Windows platforms; a new inventory feature; additional security
options; and better integration with management suites such as SMS and
HP Openview. Click for a fully-functional NetOp evaluation copy:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw0pVP0AZ
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* DoS IN MICROSOFT OUTLOOK 2002
   Richard Lawley discovered a Denial of Service (DoS) vulnerability
in Microsoft Outlook 2002. This vulnerability stems from a fault in
the way Outlook 2002 processes email header information. To crash a
vulnerable client, an attacker can send a message that contains
specific header information. The client will remain affected until you
delete the message from the server. Microsoft has released Security
Bulletin MS02-067 (E-mail Header Processing Flaw Could Cause Outlook
2002 to Fail) to address this vulnerability and recommends that
affected users apply the appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=27503
 
* CROSS-DOMAIN SECURITY VULNERABILITY IN MICROSOFT IE
   GreyMagic Software and Thor Larholm discovered that a new Microsoft
Internet Explorer (IE) vulnerability can permit an attacker to perform
any action on the vulnerable computer that the user can perform. The
cause of this vulnerability is a flaw in the way IE handles
cross-domain security checks. Microsoft has released Security Bulletin
MS02-068 (Cumulative Patch for Internet Explorer) to address this
vulnerability and recommends that affected users immediately apply the
appropriate patch mentioned in the bulletin. This cumulative patch
also addresses all previously discovered vulnerabilities in IE.
   http://www.secadministrator.com/articles/index.cfm?articleid=27504

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
   Brought to you by Windows & .NET Magazine, this outstanding
seven-city event will help support your growing mobile workforce.
Industry guru Paul Thurrott discusses the coolest mobility hardware
solutions around, demonstrates how to increase the productivity of
your "road warriors" with the unique features of Windows XP and Office
XP, and much more. There is no charge for these live events, but space
is limited so register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw06Kw0A4

* GET THE NEW WINDOWS & .NET MAGAZINE NETWORK SUPER CD/VIP!
   Everyone can appreciate a bargain in today's economy. That's why
we've introduced the Windows & .NET Magazine Super CD/VIP Web site.
You get exclusive subscriber-only access to all our publications
through our new VIP Web site. Plus, you get Super CDs delivered twice
a year, and we'll even throw in a 1-year print subscription to the
magazine! The Super CD/VIP is a $545 value for just $279. Subscribe
today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw06oc0AL

4. ==== SECURITY ROUNDUP ====

* NEWS: IMLOGIC AND CYPHERGUARD TEAM TO BETTER SECURE IM
   IMlogic and CypherGuard announced that they've teamed to help
secure Instant Messaging (IM) software. The companies will release a
business suite that includes IMlogic's IM Manager and CypherGuard's
encryption tools. The suite will provide auditing, archiving, and
compliance capabilities along with strong encryption capabilities to
secure messages and files that IM clients transmit. The new suite will
work with MSN Messenger, Yahoo Messenger, ICQ, and AOL Instant
Messenger.
   http://www.secadministrator.com/articles/index.cfm?articleid=27474

* NEWS: GFI OFFERS WEBMONITOR FOR ISA SERVER 2000 AS FREEWARE
   GFI announced that it has released its WebMonitor product (formerly
known as GFI Real Time Monitor for ISA Server) as freeware. WebMonitor
works with Microsoft Internet Security and Acceleration (ISA) Server
2000 to monitor all current and recent HTTP and FTP connections that
are active through the server. Administrators can use WebMonitor to
monitor users' Internet activities and bandwidth usage.
   http://www.secadministrator.com/articles/index.cfm?articleid=27475

* FEATURE: MICROSOFT ADDRESSES INHERENT SECURITY OF WINDOWS
   At COMDEX Fall 2002, Paul Thurrott sat down with Mike Nash, vice
president of Microsoft's Security Business Unit, to discuss various
security concerns. Nash comments on the overall security of what he
calls the Microsoft environment, which includes not just Windows, but
all of Microsoft's core products, such as Visual Studio.NET and
Microsoft Office. Read the article to learn what Nash had to say about
Windows security.
   http://www.secadministrator.com/articles/index.cfm?articleid=27472

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* ALERT: "OUTSMART THE TOP 14 WEB APPLICATION HACKS"
   Learn why 70% of today's successful hacks involve Web Application
attacks such as: SQL Injection, XSS and Session Hijacking. All
undetectable by Firewalls and IDS! FREE 15 Day Product Trial and
Comprehensive Vulnerability Report
   http://list.winnetmag.com/cgi-bin3/flo?y=eOtT0CJgSH0CBw06u70Ah

6. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: USING OPEN-SOURCE PRODUCTS
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you use open-source products on your network?" Here are the results
(+/- 2 percent) from the 393 votes:
   - 74% Yes
   - 22% No
   -  2% Not sure
   -  2% We plan to
 
* NEW INSTANT POLL: ICSA FIREWALL CERTIFICATION
   The next Instant Poll question is, "Do you consider ICSA Labs
Certification as a factor when you select a firewall?" Go to the
Security Administrator Channel home page and submit your vote for a)
Yes, b) No, c) No, but we will.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

- Virus Alert: W32/CIH.1106
   W32/CIH.1106 is a virus that activates on the second day of any
given month. The virus deletes BIOS information and contents of a
system's installed hard drives. On Windows Me, Windows 98, and Win95
systems, the virus infects executable files with an .exe extension.
For complete details about the virus, visit our Web site at the URL
below.
   http://63.88.172.127/panda/index.cfm?fuseaction=virus&virusid=1307

* FAQ: HOW CAN I HIDE CORE ICONS FROM THE WINDOWS XP DESKTOP?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. In earlier Windows versions, you could use a variety of registry
changes or Microsoft's Tweak UI utility to hide core icons such as My
Computer and Network Places from the desktop. With XP, Microsoft
provides an interface in the core product that lets you accomplish the
same task. To hide core icons from the desktop, perform the following
steps:
   1. Start the Control Panel Display applet (go to Start, Control
Panel, Display).
   2. Select the Desktop tab.
   3. Click Customize Desktop.
   4. Select the General tab.
   5. Under the "Desktop icons" section, clear the check boxes next to
any icons that you don't want to appear on the desktop.

8. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* CONTROL SPAM WITH FIREWALL APPLIANCE
   BorderWare Technologies announced MXtreme Mail Firewall, a line of
three rack-mount devices (for small-, medium-, or large-volume sites)
designed for deployment between your internal mail server and the
Internet. MXtreme Mail Firewalls now offer spam filtering based on
five layers of defense, including Statistical Token Analysis (STA),
which derives common indicators of spam and incorporates adaptive
local learning. Radius support lets Windows 2000 Active Directory (AD)
and Windows NT domain controllers (DCs) authenticate remote users. For
pricing or more information, contact BorderWare at 905-853-5550,
877-814-7900, and sales () mxtreme com.
   http://www.borderware.com

* LOCATE AND REMOVE INFESTATIONS
   PestPatrol released PestPatrol 4.0, nonviral malicious code
scanning software that protects your local and remote client systems
without the need to install and manage software on every workstation.
New features include intelligent reporting, generic keylogger
detection and removal, automated spyware cookie detection and removal,
diagnostic tools, and an expanded detection database of more than
60,000 pests. PestPatrol 4.0 supports Windows XP, Windows 2000,
Windows NT, Windows Me, and Windows 98. Contact vendor for pricing at
717-243-6588 and info () pestpatrol com.
   http://www.pestpatrol.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Netstat Output
   (Fourteen messages in this thread)

A user writes that when he views the TCP and UDP ports by using the
"netstat -a" command, he always finds an entry for a TCP port 1638
with a foreign address for a Web site called "Ultimate Search." He
wants to know why his computer is communicating with that site and how
to close ports so that unwanted communications don't take place. Lend
a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=49906

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!

__________________________________________________________
Copyright 2002, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.