Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, March 20, 2002

From: InfoSec News <isn () c4i org>
Date: Thu, 21 Mar 2002 01:49:13 -0600 (CST)
******************** 
Windows & .NET Magazine Security UPDATE--brought to you by Security 
Administrator, a print newsletter bringing you practical, how-to 
articles about securing your Windows .NET Server, Windows 2000, and 
Windows NT systems. 
   http://www.secadministrator.com 
******************** 

~~~~ THIS ISSUE SPONSORED BY ~~~~

FREE Security Whitepaper from NetIQ!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rrP0AH

VeriSign--The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rYZ0A1
   (Below IN FOCUS) 

~~~~~~~~~~~~~~~~~~~~ 

~~~~ SPONSOR: FREE SECURITY WHITEPAPER FROM NETIQ! ~~~~ 
   Want to spend your IT budget wisely to maximize Windows security and 
minimize risks? Learn six key information security investments you 
should make to ensure the best ROI, and find out six money-wasters to 
avoid. You can't afford to allocate your limited security budget and 
resources to the wrong tools. Get expert advice and avoid costly 
mistakes. Download NetIQ's FREE white paper, "Investing Wisely in 
Windows Security," today.
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rrP0AH

~~~~~~~~~~~~~~~~~~~~ 

March 20, 2002--In this issue: 

1. IN FOCUS 
     - Securing Your Wireless Networks

2. SECURITY RISKS 
     - Session Authentication URL Exposed in Ipswitch IMail Server
     - Denial of Service in BitVise WinSSH

3. ANNOUNCEMENTS 
     - Attend Our Free Webinar: Understanding PKI
     - The Connected Home Virtual Tour Is Back and Better Than Ever!

4. SECURITY ROUNDUP 
     - News: Microsoft Gets Proactive: Exchange 2000 Configuration 
       Update
     - Feature: The Microsoft STPP--An Overview and an Update
     - Feature: Web Services Security Sets Standard for Web Services 
       Transactions

5. SECURITY TOOLKIT 
     - Virus Center 
     - FAQ: How Can I Determine Whether My Antivirus Product Is 
       Protecting My Email from All Threats?

6. NEW AND IMPROVED 
     - Detect Viruses at Startup
     - Eliminate Trojan Horses

7. HOT THREADS 
     - Windows & .NET Magazine Online Forums
         - Featured Thread: How Can I Remove a COM1 Folder?
     - HowTo Mailing List
         - Featured Thread: Clients Dropping Offline

8. CONTACT US 
   See this section for a list of ways to contact us. 
~~~~~~~~~~~~~~~~~~~~ 

1. ==== IN FOCUS ==== 

* SECURING YOUR WIRELESS NETWORKS
   During the Windows XP beta phase, Microsoft Senior Vice President 
Brian Valentine told a humorous story about visiting various high-tech 
companies worldwide and hacking into their wireless networks by using 
XP-enabled laptops from his rental cars in the companies' parking lots. 
In one instance, something in this technology actually set off a car 
alarm in the Oracle parking lot, which Valentine found somewhat 
appropriate given the competition between the two companies. "I guess it 
was incompatible with XP," Valentine joked.

Although Valentine warned those companies that had left their wireless 
networks open to attack, since that time, many more companies have 
implemented wireless networks and haven't taken the time to properly 
protect their assets from wireless-based attacks. 

The problems are twofold. First, protecting a wireless network requires 
a different set of configurations than does security for standard wired 
networks. Second, despite the fact that most IT departments are up-to-
date on security concerns and can properly configure Windows-based 
networks, an alarming number of these companies are simply plugging in 
wireless Access Points (APs) and setting a few security options. 

These steps aren't enough. Wireless networks aren't secure and might 
never be secure until the invention of technologies that rethink the 
architecture of the current technology. But if you want to get on the 
wireless bandwagon now, take more than a cursory look at wireless 
security. Obviously, you need to apply all your hard-won security 
knowledge to wireless networks, but I've outlined some wireless-specific 
things you can do now to better secure your wireless networks.

- Segregate Wireless Access
   Don't connect your wireless networks to the networks that contain 
your crucial data. Instead, segregate your wireless connection and make 
it available for Internet access only if possible. This setup will let 
employees access Internet services such as Web, email, VPN, Microsoft 
Outlook Web Access (OWA), and other similar corporate services.

- Use WEP
   The primary security model that today's Wi-Fi, the 802.11b wireless 
standard, networks employ is called Wired Equivalent Privacy (WEP). 
Basically, WEP is a set of algorithms that provide authentication and 
data-encryption services in 40-bit and 128-bit variants. Unfortunately, 
attackers have already broken WEP, but if you turn off wireless network 
broadcasting and require specific media access control (MAC) addresses, 
you can augment WEP enough to make it suffice in many situations.

- Turn Off Wireless Network Broadcasting
   By default, wireless APs broadcast their names, or Service Set 
Identifiers (SSIDs), so that wireless-enabled clients can more easily 
identify the names and access them seamlessly. Modern OSs such as XP 
rely on this feature to provide users with the simplest possible 
wireless functionality. Turn it off. A network broadcast is an easy way 
for intruders to discover a way in to your network or steal your 
precious bandwidth. You'll have to manually configure clients to access 
specific broadcasts, but the benefits outweigh the effort.

- Require Specific MAC Addresses 
   Rather than let any wireless client access your wireless network, set 
up your wireless APs to work only with specific wireless clients. 
Configure this limited access by hard-coding the MAC address of each 
wireless network adapter you provide to users into an access list in the 
AP's configuration console. Again, manually configuring this access 
could be painful in large enterprises, but you don't want outsiders 
accessing your network, right?

Don't become a statistic. Only through a common-sense approach to 
security can you adequately protect your network from a wireless-based 
attack. 

Paul Thurrott, Guest UPDATE Editor, thurrott () winnetmag com

~~~~~~~~~~~~~~~~~~~~ 

~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ 
   Get the strongest server security--128-bit SSL encryption! Download 
VeriSign's FREE guide, "Securing Your Web Site for Business," and learn 
everything you need to know about using SSL to encrypt your e-commerce 
transactions for serious online security. Click here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rYZ0A1

~~~~~~~~~~~~~~~~~~~~ 

2. ==== SECURITY RISKS ==== 
   (contributed by Ken Pfeil, ken () winnetmag com) 

* SESSION AUTHENTICATION URL EXPOSED IN IPSWITCH IMAIL SERVER 
   Obscure discovered a vulnerability in Ipswitch IMail Server 7.05 and 
earlier. When a user logs on to his or her account through the IMail 
Server Web interface, the application uses a unique URL to maintain the 
session authentication. By sending an HTML email message that references 
an image on another server, an attacker can easily obtain the unique URL 
by using the referrer field in the HTTP header. Ipswitch has released 
version 7.06, which resolves this concern.
   http://www.secadministrator.com/articles/index.cfm?articleid=24469

* DENIAL OF SERVICE IN BITVISE WINSSH 
   Peter Grundl discovered a vulnerability in BitVise's WinSSH that can 
result in a Denial of Service (DoS) condition. Because of differences in 
the Secure Shell (SSH) daemon and the underlying socket layer, an 
attacker can abruptly end sessions without SSH properly freeing these 
sessions. Each incomplete connection would use a few memory handles and 
allocate nonpaged kernel memory. BitVise has released a new build that 
doesn't affect this condition. The company recommends that affected 
users download this updated version from its Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=24525

3. ==== ANNOUNCEMENTS ==== 

* ATTEND OUR FREE WEBINAR: UNDERSTANDING PKI
   Implementing public key infrastructure (PKI) successfully requires an 
understanding of the technology with all its implications. Attend the 
latest Webinar from Windows & .NET Magazine and develop the knowledge 
you need to address this challenging technology and make informed 
purchasing decisions. We'll also look closely at three possible content-
encryption solutions, including PKI. Register for FREE today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0rcc0AL

* THE CONNECTED HOME VIRTUAL TOUR IS BACK AND BETTER THAN EVER!
   If you think you've already seen the Connected Home Virtual Tour, 
think again. Browse through the latest home-entertainment, home-
networking, and home-automation options and check out our special 
feature on wiring your home. Sign up for our prize drawings, too, and 
you might win a free wireless home network, courtesy of Linksys. Take 
the tour today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLEV0CJgSH0CBw0LTe0AU

4. ==== SECURITY ROUNDUP ==== 

* NEWS: MICROSOFT GETS PROACTIVE: EXCHANGE 2000 CONFIGURATION UPDATE
   Microsoft has recently placed additional focus on security, and 
configuration management is a key part of this focus. A few weeks ago, 
Microsoft began a more proactive posture for securing your Exchange 
servers and posted "Configuration and Security Update Recommendations 
for Exchange 2000" on its Microsoft Exchange Server Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=24482

* FEATURE: THE MICROSOFT STPP--AN OVERVIEW AND AN UPDATE
   If you work with Microsoft OSs, you know that managing security 
hotfixes and bug fixes is an ongoing nightmare, complete with catalog 
errors, file-version problems, multiple installers, and inconsistent 
registry modifications. A preview of the company's Strategic Technology 
Protection Program (STPP) revealed a new six-pronged initiative that 
Microsoft hopes will simplify and expedite the arduous security-update 
process. Here's a progress report on each component of the STPP vision 
and a brief description of how each initiative will help keep systems 
current and secure.
   http://www.secadministrator.com/articles/index.cfm?articleid=24424

* FEATURE: WEB SERVICES SECURITY SETS STANDARD FOR WEB SERVICES 
TRANSACTIONS
   The three core pieces of Microsoft's XML Web services--Simple Object 
Access Protocol (SOAP), Web Services Description Language (WSDL), and 
Universal Description, Discovery, and Integration (UDDI)--form the 
foundation of Microsoft's approach to the Microsoft .NET platform, but 
they don't represent the whole picture. To add greater security and 
better routing and lookup abilities to Web services, Microsoft is 
developing five other XML-based specifications. Read this article to 
learn more. 
   http://www.secadministrator.com/articles/index.cfm?articleid=24401

5. ==== SECURITY TOOLKIT ==== 

* VIRUS CENTER 
   Panda Software and the Windows & .NET Magazine Network have teamed to 
bring you the Center for Virus Control. Visit the site often to remain 
informed about the latest threats to your system security.
   http://www.secadministrator.com/panda 

* FAQ: HOW CAN I DETERMINE WHETHER MY ANTIVIRUS PRODUCT IS PROTECTING MY 
EMAIL FROM ALL THREATS?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Although it's almost impossible to completely secure your email, you 
can check for known threats. A free test zone is available online at the 
URL below. If your antivirus product catches all the test viruses, your 
systems are protecting you from all known viruses. 
   http://www.gfi.com/emailsecuritytest

6. ==== NEW AND IMPROVED ==== 
   (contributed by Scott Firestone, IV, products () winnetmag com) 

* DETECT VIRUSES AT STARTUP
   Greatis Software released RegRun Security Suite 3.0, software that 
speeds up your Windows startup and detects unknown viruses and Trojan 
horses. Features include start control, secure start, clean boot, system 
file protection, infection detector, application database, process 
manager, system file editor, and antivirus coordinator. RegRun Security 
Suite 3.0 runs on Windows XP, Windows 2000, Windows NT, Windows Me, and 
Windows 9x systems. Prices start at $19.95 for a single-user license for 
the standard edition. Contact Greatis Software at a-team () greatis com.
   http://www.greatis.com

* ELIMINATE TROJAN HORSES
   Astonsoft released PC DoorGuard 2.15, Trojan horse and virus-
intrusion software that identifies and deletes Trojan horses that reside 
on your PC. When the software deletes a Trojan horse, it also inspects 
the registry and system files and eliminates the Trojan horse and any 
associated malicious files. PC DoorGuard 2.15 runs on Windows XP, 
Windows 2000, Windows Me, and Windows 9x systems and costs $29.95. 
Contact Astonsoft at support () astonsoft com.
   http://www.astonsoft.com

7. ==== HOT THREADS ==== 

* WINDOWS & .NET MAGAZINE ONLINE FORUMS 
   http://www.winnetmag.net/forums 

Featured Thread: How Can I Remove a COM1 Folder?
   (Five messages in this thread)

Christer writes that he noticed a directory named COM1 in the root 
directory of his FTP server. The directory has 600GB of data and he'd 
like to delete it, but he can't view or delete the directory. Christer 
says that when he tries, Windows reports that it can't find the 
directory. Can you help? 
   http://www.secadministrator.com/forums/thread.cfm?thread_id=99095

* HOWTO MAILING LIST 
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto 

Featured Thread: Clients Dropping Offline
   (Three messages in this thread)

This user has a student network running approximately 325 systems--175 
Windows 2000 systems and 150 Macintosh systems. The PCs keep dropping 
offline intermittently, and sometimes entire classrooms drop offline 
(certain applications will close immediately without saving work when 
this happens). Can you help? Read the responses or lend a hand 
at the following URL:
   
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0203a&l=howto&p=868

8. ==== CONTACT US ==== 
   Here's how to reach us with your comments and questions: 

* ABOUT IN FOCUS -- thurrott () winnetmag com

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () winnetmag com (please 
mention the newsletter name in the subject line) 

* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 

* PRODUCT NEWS -- products () winnetmag com 

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
Support -- securityupdate () winnetmag com 

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com 

******************** 

   This email newsletter is brought to you by Security Administrator, 
the print newsletter with independent, impartial advice for IT 
administrators securing a Windows 2000/NT enterprise. Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of 
your choice. Subscribe to our other FREE email newsletters. 
   http://www.winnetmag.net/email 

|-+-+-+-+-+-+-+-+-+-| 

Thank you for reading Security UPDATE.

SUBSCRIBE
To subscribe, send a blank email to mailto:Security-UPDATE_Sub () list winnetmag com.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: