Security UPDATE, October 23, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

FREE Security Assessment Tool
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iM0AH

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iN0AI
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE SECURITY ASSESSMENT TOOL ~~~~
   Aelita InTrust(tm) 7.0 bridges the gap between industry regulations
& policies and your IT infrastructure.  InTrust consolidates,
archives, and analyzes heterogeneous IT audit data and offers reports
to assist in documenting compliance. And InTrust's data repositories
enable efficient, permanent storage of all event data. Get started
with the FREE security assessment tool: Aelita InTrust Audit Advisor!
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iM0AH

~~~~~~~~~~~~~~~~~~~~

October 23, 2002--In this issue:

1. IN FOCUS
     - Increasing Wireless Security with TKIP

2. SECURITY RISKS
     - Information Disclosure Vulnerability in Word and Excel
     - Unchecked Buffer in Outlook Express S/MIME Parser

3. ANNOUNCEMENTS
     - Subscribe to Windows & .NET Magazine and Receive an eBook Gift!
     - Real-World Tips and Solutions Here for You

4. SECURITY ROUNDUP
     - News: Microsoft Licenses RSA Security Technology
     - News: Foundstone Files Suit Against NT OBJECTives
     - Feature: Limited-Function Server Roles

5. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Stop Windows 2000 from Using an Encrypted Format
       When I Copy Encrypted Files to a Server?

6. NEW AND IMPROVED
     - Security Software Package Released
     - Fight Back Against Unauthorized PC Monitoring
     - Submit Top Product Ideas
 
7. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Administrator Accounts

8. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* INCREASING WIRELESS SECURITY WITH TKIP

The current wireless networking standards use security technology
that's far less secure than it could be. For example, most wireless
network administrators are familiar with the Wired Equivalent Privacy
(WEP) protocol, which uses RC4 encryption to help protect data as it
travels over the airwaves.

However, researchers have proven that intruders can easily crack WEP.
Last year, a team of researchers published "Weakness in the Key
Scheduling Algorithm of RC4," a paper that describes a series of
vulnerabilities that make WEP vulnerable. In roughly the same time
frame that the paper was published, someone posted Perl scripts on the
Internet that helped demonstrate how vulnerabilities in WEP could be
verified. You can read about the paper and the scripts in an editorial
I wrote in August 2001 (see the URL below).
   http://www.secadministrator.com/articles/index.cfm?articleid=22147

Because of the weaknesses in WEP security, several entities are
developing stronger security technology, such as the 802.11a and
802.11b specifications, for use with wireless network technologies. If
you aren't familiar with the various 802.11x network specifications,
you can learn more about them by reading Mark Weitz's article at the
URL below.
   http://www.winnetmag.com/articles/index.cfm?articleid=23322

One up-and-coming 802.11x specification, 802.11i, is still involved in
development and approval processes. The specification might be
officially released by early 2003. After it's available, 802.11i will
provide replacement technology for WEP security. Initially, 802.11i
will provide Temporal Key Integrity Protocol (TKIP) security that you
can add to existing hardware with a firmware upgrade. Upgraded units
should be backward-compatible with hardware that still uses WEP.
Sometime later, new chip-based security that uses the stronger
Advanced Encryption Standard (AES) protocol will replace TKIP, and the
new chips will probably be backward-compatible with TKIP. In effect,
TKIP is a temporary protocol for use until manufacturers implement AES
at the hardware level.

TKIP is a quick-fix method to quickly overcome the inherent weaknesses
in WEP security, especially the reuse of encryption keys. According to
"802.11 Planet," "The TKIP [security] process begins with a 128-bit
'temporal key,' [which is] shared among clients and access points.
TKIP combines the temporal key with the [client machine's] MAC address
and then adds a relatively large 16-octet initialization vector to
produce the key that will encrypt the data. This procedure ensures
that each station uses different key streams to encrypt the data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. A major
difference from WEP, however, is that TKIP changes temporal keys every
10,000 packets. This provides a dynamic distribution method that
significantly enhances the security of the network."
   http://www.80211-planet.com/tutorials/article.php/1377171

In relation to TKIP, some companies have implemented TKIP-like
solutions called Simple Secure Networks (SSNs), which also use an
encryption key that changes periodically. One company, Symbol
Technologies, currently has SSN-based products on the market. In
addition, vendors such as Atheros Communications and Resonext
Communications are producing chips that support WEP, TKIP, and AES
security technologies, and wireless network gear vendors, such as
Nokia, are already shipping hardware that's ready for TKIP security,
waiting for the standard to be finalized.
   http://www.symbol.com
   http://www.atheros.com
   http://www.resonext.com
   http://www.nokia.com

For a more in-depth look at wireless encryption technology, especially
WEP and TKIP, be sure to read the two articles from Intel listed
below. The first article discusses encryption key management in both
WEP and TKIP protocols, and the second article discusses TKIP in
considerable detail.
   http://cedar.intel.com/media/pdf/wireless/80211_1.pdf
   http://cedar.intel.com/media/pdf/security/80211_part2.pdf

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   Get the strongest server security -- 128-bit SSL encryption!
Download VeriSign's FREE guide, "Securing Your Web Site for Business"
and learn everything you need to know about using SSL to encrypt your
e-commerce transactions for serious online security. Click here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iN0AI

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* INFORMATION DISCLOSURE VULNERABILITY IN WORD AND EXCEL
   An information-disclosure vulnerability in Microsoft Word and
Microsoft Excel lets an attacker create a document that, when opened,
updates itself to include the contents of any file from the vulnerable
computer. Microsoft has released Security Bulletin MS02-059 (Flaw in
Word Fields and Excel External Updates Could Lead to Information
Disclosure) to address this vulnerability and recommends that affected
users apply the appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=27018

* UNCHECKED BUFFER IN OUTLOOK EXPRESS S/MIME PARSER
   Noam Rathaus of Beyond Security discovered a buffer-overrun
vulnerability in Microsoft Outlook Express's Secure MIME (S/MIME)
parser that can lead to the execution of arbitrary code on the
vulnerable system. This vulnerability stems from a problem in the code
that generates a warning message when a particular error condition
associated with digital signatures occurs. By creating a digitally
signed email message, editing it to introduce specific data, and
sending it to another user, an attacker can cause the vulnerable mail
client to fail or execute arbitrary code. Microsoft has released
Security Bulletin MS02-058 (Unchecked Buffer in Outlook Express S/MIME
Parsing Could Enable System Compromise) to address this vulnerability
and recommends that affected users immediately apply the patch
mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=27017

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* SUBSCRIBE TO WINDOWS & .NET MAGAZINE AND RECEIVE AN EBOOK GIFT!
   Windows & .NET Magazine is a problem-solving manual designed to
help systems administrators better manage their Windows 2000 and
Windows NT enterprise. Subscribe today and, with your paid
subscription, you can choose from one of three eBooks about Active
Directory, public key infrastructure, or automating tasks with
VBScript. Subscribe now!
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05dS0AI

* REAL-WORLD TIPS AND SOLUTIONS HERE FOR YOU
   Last Chance to register for Windows & .NET Magazine LIVE!--sign up
today and you'll also receive access to sessions of concurrently run
XML and Web Services Connections. Access more than 70 sessions and
save $1395. Discover why more than half of our attendees choose only
our conferences to attend each year. This conference is chock-full of
"been there, done that" knowledge from people who use Microsoft
technologies in the real world. Register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw03lH0AD

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT LICENSES RSA SECURITY TECHNOLOGY
   RSA Security announced that Microsoft has licensed RSA technology
for use in Microsoft's products. The first initiative that stems from
this agreement is the use of RSA Security's RSA SecurID two-factor
authentication software.
   http://www.secadministrator.com/articles/index.cfm?articleid=26977

* FOUNDSTONE FILES SUIT AGAINST NT OBJECTIVES
   Foundstone has filed a temporary restraining order and accompanying
lawsuit against NT OBJECTives (NTO), claiming that NTO has violated
Foundstone's trade secrets and harmed the company's business in the
process. Foundstone is seeking to block the release of NTO's impending
Fire and Water toolkit, which is slated for release in early November.
   http://www.secadministrator.com/articles/index.cfm?articleid=27041

* FEATURE: LIMITED-FUNCTION SERVER ROLES
   Server roles debuted in Microsoft SQL Server 7.0. These helpful
security tools assign a predefined set of permissions to one or more
database logins. The sysadmin role is the most powerful fixed server
role because its members can perform any function on the server. Learn
to use the remaining limited-function fixed server roles, listed in
this article, to grant limited permissions to specific types of users
and revoke or reassign permissions as users' job duties change.
   http://www.secadministrator.com/articles/index.cfm?articleid=26247

5. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: * HOW CAN I STOP WINDOWS 2000 FROM USING AN ENCRYPTED FORMAT
WHEN I COPY ENCRYPTED FILES TO A SERVER?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. By default, when you copy locally encrypted files to a server,
Win2K retains the encryption format. However, you might not want
server-based files to be encrypted. For example, a laptop user might
want to encrypt files locally for security reasons but want the
server-based files to be unencrypted so that other users can view the
files. To stop Win2K from copying files to a server in an encrypted
format, perform the following steps on the destination server:
   1. Start a registry editor (e.g., regedit.exe).
   2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
registry subkey.
   3. Select the NtfsEncryptionService value, then select Edit, Delete
from the menu bar.
   4. Close the registry editor.
   5. Reboot the server for the change to take effect.

After you make this change, you'll no longer be able to encrypt files
on the server and Win2K will decrypt any encrypted files that users
copy to the server.

6. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* SECURITY SOFTWARE PACKAGE RELEASED
   Butterfly Security announced CodeSeeker EX, a Web application
security software package. CodeSeeker EX provides realtime blocking of
malicious attacks that get past firewalls. The software also provides
comprehensive reporting capabilities that reveal not only that an
intruder has made an attack but also specific details about the attack
and its origin. CodeSeeker EX runs on any combination of
platforms--Windows XP, Windows 2000, Windows NT, Linux, and
Solaris--from a single console. Policies and servers can be grouped
and organized in the user interface any way you choose. Contact
Butterfly at 408-333-9948 for pricing information.
   http://www.butterflysecurity.com

* FIGHT BACK AGAINST UNAUTHORIZED PC MONITORING
   Raytown released Anti-keylogger, a software application that can
provide computers with protection against most types of unauthorized
activity monitoring. Unlike the typical antivirus pattern-matching
product, Anti-keylogger works on new or unknown types of
activity-monitoring programs to detect and eliminate threats to the
integrity and security of your computer network. Anti-keylogger runs
on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x
and costs $59.95 for a single license. Contact Raytown at
press () anti-keyloggers com or go to the Web site.
   http://www.anti-keyloggers.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

7. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Administrator Accounts
   (Two messages in this thread)

A user writes that several users in his IT department require Windows
NT administrator access. He's considering the following options. He
could have everyone use the same administrator account; he could
provide each user with regular user account and a separate
administrative account; or he could give each user limited
administrator rights on his or her regular user accounts. Is there a
best practice for handling this particular need? Read the responses or
lend a hand:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=48142
 
8. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2002, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.