Security UPDATE, February 20, 2002

[InfoSec News <isn () c4i org>]

********************
Security UPDATE--brought to you by Security Administrator, a print 
newsletter bringing you practical, how-to articles about securing 
your Windows .NET, 2000, and NT systems. 
   http://www.secadministrator.com 
******************** 

~~~~ THIS ISSUE SPONSORED BY ~~~~ 

FREE--SANS Top Trends in Security Management
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rCF0AW 

Sponsored by VeriSign--The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0p5N0AO 
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~ 

~~~~ SPONSOR: FREE--SANS TOP TRENDS IN SECURITY MANAGEMENT ~~~~
   What's the hottest trend shaping security this year? Read the FREE 
SANS report sponsored by NetIQ to find out. Learn what the top industry 
authorities had to say about security management in 2002. You'll gain 
valuable insights and expert advice on crucial topics including new 
threats, automated patching, and continuous monitoring. Don't get left 
behind--discover the top 8 security trends for 2002 now. Download the 
must-have report today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rCF0AW


~~~~~~~~~~~~~~~~~~~~ 

February 20, 2002--In this issue: 

1. IN FOCUS
     - Serious Problems with SNMPv1

2. SECURITY RISKS
     - Buffer Overrun in Microsoft's SNMP Implementation
     - Multiple Vulnerabilities in Microsoft IE

3. ANNOUNCEMENTS
     - Get the CD-ROM That Has It All!
     - Want 24 x 7 Availability?

4. SECURITY ROUNDUP
     - News: Microsoft Responds to Visual C++ Vulnerability Charges
     - News: Microsoft Issues Critical IE Security Patch
     - News: WinInfo Short Takes: Week of February 11
     - News: CrossTec Announces NetOP Remote Control for XP

5. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Access Shares on a Windows XP Machine from 
       Windows Me and Windows 9x?

6. NEW AND IMPROVED
     - Firewall and VPN Appliance
     - Protect Data from Attacks

7. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: NT Server Firewall
     - HowTo Mailing List
         - Featured Thread: IIS Not Working After SSL Installation

8. CONTACT US 
   See this section for a list of ways to contact us.
 
~~~~~~~~~~~~~~~~~~~~ 

1. ==== IN FOCUS ==== 

* SERIOUS PROBLEMS WITH SNMPv1

Hello everyone, 

The Oulu University Secure Programming Group in Finland studied SNMPv1 
and discovered that it contains several serious vulnerabilities. 
The group used its "PROTOS Test-Suite: c06-snmpv1" to perform the 
study. 
   http://www.ee.oulu.fi/research/ouspg
   http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1

As you know, SNMP is a widely used tool that helps you manage and 
configure various network devices, including routers, firewalls, 
servers, and client systems. The vulnerabilities that the university 
group discovered include multiple problems with trap and request 
handling, which can lead to Denial of Service (DoS) attacks and service 
interruptions. In some cases, depending on the vendor hardware and 
software, an intruder can use the vulnerability to gain access to a 
given device. The Computer Emergency Response Team (CERT) has released 
an advisory regarding the problems, as have numerous vendors, including 
Cisco, Compaq, 3Com, Computer Associates (CA), Caldera, and Microsoft. 
You can read information related to the SNMP vulnerability in the 
article referenced in the SECURITY RISKS section of this newsletter, 
and you can find CERT's bulletin regarding the matter on its Web site. 
CERT also has an online FAQ that addresses 21 questions related to the 
risks the discovery presents. 
   http://www.cert.org/advisories/CA-2002-03.html
   http://www.cert.org/tech_tips/snmp_faq.html

The problems are serious, so if you use SNMP to help monitor and manage 
your network, be certain that you check with the appropriate vendors to 
be sure that you have the latest patches on all your SNMP-enabled 
devices. If you aren't sure which devices on your network are running 
SNMP, the SANS Institute has released a tool to help you discover SNMP 
daemons on your network (the daemons typically listen on port 161). The 
tool runs on Windows 2000 and Windows NT, and you don't need to have 
administrative access to run the tool. The tool scans for SNMP-enabled 
devices configured to use the community string of "Public" and also 
lets the user specify a particular community string. You can obtain a 
copy of the tool by sending email to snmptool () sans org. SANS will send 
you a URL to a Web site from which you can download the tool, 
instructions, and related information. 

SNMP is one of the most common services that intruders exploit. If you 
don't need to use SNMP, or if you can use other methods of remote-
device monitoring and management, consider disabling SNMP on all your 
network devices. Doing so will greatly reduce the risks to your network 
and reduce the chance of someone using your network devices to exploit 
other networks.

Until next time, have a great week. 

Sincerely, 
Mark Joseph Edwards, News Editor 
mark () ntsecurity net 

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~
   Is your e-business secure enough? Learn why it's vital to encrypt 
your business transactions, secure your intranets, and authenticate 
your Web site with the strongest encryption available--128-bit SSL. To 
learn more, get VeriSign's FREE Guide, "Securing Your Web Site for 
Business" now: 
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0p5N0AO

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ==== 
   (contributed by Ken Pfeil, ken () winnetmag com) 

* BUFFER OVERRUN IN MICROSOFT'S SNMP IMPLEMENTATION
   A buffer overrun vulnerability in Microsoft's SNMP implementation 
can lead to a Denial of Service (DoS) attack or remote compromise of 
the system running SNMP. Microsoft has released Security Bulletin MS02-
006, which addresses this vulnerability. Microsoft is developing a 
patch, which the company will make available soon.
   http://www.secadministrator.com/articles/index.cfm?articleid=24140

* MULTIPLE VULNERABILITIES IN MICROSOFT IE
   Sandro Gauci, dH team, and SECURITY.NNOV discovered six new 
vulnerabilities in Microsoft Internet Explorer (IE). Microsoft has 
released Security Bulletin MS02-005, which addresses this vulnerability 
and recommends that affected users apply the appropriate patch listed 
in Microsoft article Q316059.
   http://www.secadministrator.com/articles/index.cfm?articleid=24141

3. ==== ANNOUNCEMENTS ==== 

* GET THE CD-ROM THAT HAS IT ALL!
   The Windows & .NET Magazine Network Super CD-ROM includes the entire 
article archives (including exclusive subscriber-only articles) for 
Windows & .NET Magazine, Exchange Administrator, Windows Scripting 
Solutions, Windows Web Solutions, Security Administrator, all of our 
Web-exclusive features, and the entire Windows 2000 FAQ. Subscribe 
today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0rAb0Aw

* WANT 24 x 7 AVAILABILITY?
   High-availability networks, systems, and applications are critical 
to every business. Sign up for our (free!) Webinar taking place on 
February 26 (sponsored by MKS), and find out how to achieve 24 x 7 
availability on Windows 2000. Windows & .NET Magazine author Tim 
Huckaby shares his expertise on load balancing, monitoring, and more. 
Register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eKnv0CJgSH0CBw0qQh0AJ 

4. ==== SECURITY ROUNDUP ==== 

* NEWS: MICROSOFT RESPONDS TO VISUAL C++ VULNERABILITY CHARGES 
   On February 15, Microsoft refuted charges that its recently released 
Visual C++ .NET product contained a vulnerability that could turn up in 
applications developed with the tool. The company explained that 
allegations of a vulnerability were "unfounded and incorrect."
   http://www.secadministrator.com/articles/index.cfm?articleid=24179

* NEWS: MICROSOFT ISSUES CRITICAL IE SECURITY PATCH 
   Microsoft finally released a long-overdue cumulative security patch 
for various Internet Explorer (IE) versions February 18. The patch is 
for IE 6.0, IE 5.5, and IE 5.01. Microsoft recommends that all users of 
these IE versions download and install the patch.
   http://www.secadministrator.com/articles/index.cfm?articleid=24089

* NEWS: WININFO SHORT TAKES: WEEK OF FEBRUARY 11 
   An irreverent look at some of the week's other news, including 
Microsoft and security, the HP/Oracle merger, Linux, and record video-
game sales.
   http://www.secadministrator.com/articles/index.cfm?articleid=24031

* NEWS: CROSSTEC ANNOUNCES NETOP REMOTE CONTROL FOR XP 
   CrossTec announced that its new NetOP Remote Control 7.01 now 
provides support for Windows XP. The software is available as a Guest 
module, a Host module, a NetOP Gateway Server, a NetOP Name Server, and 
a NetOP Security Server.
   http://www.secadministrator.com/articles/index.cfm?articleid=24014

5. ==== SECURITY TOOLKIT ==== 

* VIRUS CENTER 
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to 
remain informed about the latest threats to your system security. 
   http://www.secadministrator.com/panda 

* FAQ: HOW CAN I ACCESS SHARES ON A WINDOWS XP MACHINE FROM WINDOWS ME 
AND WINDOWS 9X?
   ( contributed by Paul Thurrott, http://www.windows2000faq.com )

A. If you upgrade from Windows Me or Win9x to XP in the coming days and 
want to network your new PC or new OS with other machines in your 
house, you need to remember a few key details. Unlike Windows Me and 
Win9x, XP has built-in networking security, so you'll need to log on to 
an XP box, and, if you're wise, you'll password-protect that account. 
But after you password-protect the account, you won't be able to access 
shares on your XP box from Windows Me and Win9x machines. Here's why: 
In a Windows workgroup based on XP, Windows 2000, or Windows NT, you 
must supply valid credentials (your logon/password) before you can 
access network resources. And you must configure these logons and 
associated passwords on any XP (or Win2K or NT) machine on the network. 
So, let's say you log on as "sally" to a Win98 machine. To access an XP 
machine on the same network, you'll have to set up a "sally" account on 
the XP box. The account must use the same password. After you set up 
your network this way, accessing shares will work the same as it worked 
in Windows Me and Win9x.

6. ==== NEW AND IMPROVED ==== 
   (contributed by Scott Firestone IV, products () winnetmag com) 

* FIREWALL AND VPN APPLIANCE
   Secure Computing released Sidewinder, a firewall and VPN product 
with simple out-of-the-box installation. The appliance features refined 
Mail and DNS settings that let you seamlessly drop Sidewinder into any 
IP network at start-up. The unit doesn't require security patches for 
every new type of attack. Pricing for the Sidewinder appliance starts 
at $5900. Contact Secure Computing at 408-979-6572 or 800-379-4944.
   http://www.securecomputing.com

* PROTECT DATA FROM ATTACKS
   Gianus Technologies released Phantom Total Security, software that 
protects laptop or PC data by making the data invisible to intruders, 
unauthorized users, and viruses. The software splits the hard disk into 
two parts, and when you click an icon, the software makes one of the 
parts invisible. You can drag files and documents between the two parts 
of the hard disk. Phantom Total Security runs on Windows 2000, Windows 
NT, Windows Me, and Windows 9x systems. For pricing, contact Gianus 
Technologies at 212-838-7070.
   http://www.phantomts.com

7. ==== HOT THREADS ==== 

* WINDOWS & .NET MAGAZINE ONLINE FORUMS 
   http://www.winnetmag.net/forums

Featured Thread: NT Server Firewall
   (Five messages in this thread)

M. Burns says that after many hours of searching for a firewall 
solution for the company's Windows NT networks, he's thoroughly 
confused. He just installed a DSL connection, the NT server is the 
gateway for the network, and he uses a 10-port hub with a DSL modem 
plugged into one port on the hub. He has multiple static IP addresses, 
and each PC has its own address. He would like to protect the server 
and all client systems, which are running Windows Me and Windows 98. He 
wants to know whether he should be thinking of a hardware solution or 
software solution? Can you help? Read more about the problem at the 
following URL: 
   http://www.secadministrator.com/forums/thread.cfm?thread_id=95554

* HOWTO MAILING LIST 
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto 

Featured Thread: IIS Not Working After SSL Installation
   (Six messages in this thread)

Nitin installed VeriSign's trial Secure Sockets Layer (SSL) on his test 
server running Windows 2000 and Microsoft Internet Information Services 
(IIS) 5.0. He checked it by typing http:// and it shows a message 
saying SSL is required to connect. He thinks this means that the 
certificate is installed properly, but that the site isn't coming up on 
the browser screen. He's using Microsoft Internet Explorer (IE) 5.0. 
Can you help? Read the responses or lend a hand at the following URL:
   
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0202b&l=howto&p=1126

8. ==== CONTACT US ==== 
   Here's how to reach us with your comments and questions: 

* ABOUT IN FOCUS -- mark () ntsecurity net 

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () winnetmag com (please 
mention the newsletter name in the subject line) 

* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 

* PRODUCT NEWS -- products () winnetmag com 

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com 

******************** 

   Receive the latest information about the Windows and .NET topics of 
your choice. Subscribe to our other FREE email newsletters. 
   http://www.winnetmag.net/email

|-+-+-+-+-+-+-+-+-+-| 

Thank you for reading Security UPDATE.


SUBSCRIBE
To subscribe, send a blank email to mailto:Security-UPDATE_Sub () list winnetmag com.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.