Information Security News mailing list archives
Security UPDATE, April 16, 2003
From: InfoSec News <isn () c4i org>
Date: Thu, 17 Apr 2003 02:38:37 -0500 (CDT)
******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows Server 2003, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Register & Win an American Express Gift Card! http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw08pN0A4 HP & Microsoft Network Storage Solutions Road Show http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw07cD0Af (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: REGISTER & WIN AN AMERICAN EXPRESS GIFT CARD! ~~~~ Sybari is committed to securing your enterprise -- protection of your messaging and collaboration servers can't be achieved with the traditional "throw in the mail server" security suite. If your responsibility is the 100% uptime of your networks then evaluate Antigen. See for yourself how we are redefining the messaging security suite by delivering a true multi-level approach to protecting your most vulnerable and critical servers through our proven, comprehensive expert technology. Click Here ( http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw08pN0A4 ) to register for the next Antigen web demo! Attend a demo by June 1st and you could win an American Express Gift Card! ~~~~~~~~~~~~~~~~~~~~ April 16, 2003--In this issue: 1. IN FOCUS - Security Industry Trends: Consolidation and Integration 2. SECURITY RISKS - DoS in Microsoft ISA Server 2000 and Microsoft Proxy Server 2.0 - System Compromise Vulnerability in Microsoft VM - Authentication Bypass Vulnerability in Oracle E-Business Suite 3. ANNOUNCEMENTS - Couldn't Make the Microsoft Mobility Tour Event? - Microsoft Tech-Ed 2003 Europe, June 30 - July 4, Barcelona 4. SECURITY ROUNDUP - News: VeriSign and nCipher Offer Hardware-Protected SSL Certificates - News: ISS Releases Internet Risk Impact Summary for First Quarter 2003 - Feature: OWA 2003's New Security Features 5. HOT RELEASE (ADVERTISEMENT) - Evaluating Next-Generation High-Performance Firewall Appliances 6. INSTANT POLL - Results of Previous Poll: WEP and WPA - New Instant Poll: Windows Server 2003 7. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Parse Log Files with SQL-Style Queries? 8. NEW AND IMPROVED - Inoculate Your Windows Systems Against Malware - Submit Top Product Ideas 9. HOT THREAD - Windows & .NET Magazine Online Forums - Featured Thread: Integrated Windows Authentication and IIS 10. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== (contributed by Mark Joseph Edwards, News Editor, mark () ntsecurity net) * SECURITY INDUSTRY TRENDS: CONSOLIDATION AND INTEGRATION If you've watched security companies in general over the past year, a noticeable trend seems to be emerging: consolidation. What might consolidation mean for the security segment of the computer industry as a whole? Large companies, such as Computer Associates (CA), Network Associates, Symantec, and Internet Security Systems (ISS), have over time built suites of products. Whereas in the past, a given security technology vendor might provide one or two products, larger vendors now offer several products integrated into suites and into even broader management platforms. Although many security management platforms are available, complete cross-platform communication between different vendors' products is still uncommon. Of course, software development kits (SDKs) support some interactivity, such as virus scanners communicating with firewalls to prevent viruses from entering a network. But by and large, cross-platform communication (vendor to vendor) among security products is still a challenge. The current situation is probably natural. After all, vendors want to protect and enlarge their market space. But is that really beneficial to computer users as a whole? How can niche security vendors continue to compete? Interoperability might offer an answer. The Organization for the Advancement of Structured Information Standards (OASIS--see the first URL below) recently announced a new standard, the Application Vulnerability Description Language (AVDL--see the second URL below). According to the description, AVDL "is a new security interoperability standard being proposed by leading application security vendors as part of the OASIS standards process. The goal of AVDL is to create a uniform way of describing application security vulnerabilities using XML." http://www.oasis-open.org/home/index.php http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=avdl AVDL's effect will be to let security-related applications interoperate. Initially, five companies are proposing AVDL: Citadel Security Software, GuardedNet, NetContinuum, SPI Dynamics, and Teros. The five companies offer a range of security products that detect vulnerabilities, automate vulnerability remediation, aggregate event and log information, protect Web applications, and more. With a standard such as AVDL implemented in the listed security categories as well as other product categories, users who don't buy single-vendor suites can more easily integrate information sources for reporting and action. But which other companies will support AVDL? Many large companies support the OASIS project, but fewer actually contribute to it. I think that the larger companies might prefer to consolidate rather than to integrate. http://www.oasis-open.org/about/contributors.php The security market's consolidation trend might be similar to the last decade's consolidation within the ISP market and the communications market. Smaller companies were often either forced out of the market or assimilated by larger companies. How long can niche security companies last, even if they have great products? I think AVDL is a good way for niche vendors to team up for expanded interoperability, and it might offer a survival strategy in the consolidating market. AVDL would let users build a sort of "virtual suite" of individual products of their own choosing. At the same time, AVDL could help niche vendors avoid having industry giants squash them out of the market over time if consolidation becomes a key market factor as we witnessed with ISPs and communications companies. ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW ~~~~ JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW! Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Attend the HP & Microsoft Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register now! http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw07cD0Af ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, ken () winnetmag com) * DoS IN MICROSOFT ISA SERVER 2000 AND MICROSOFT PROXY SERVER 2.0 A vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 and Microsoft Proxy Server 2.0 can result in a Denial of Service (DoS) condition on the vulnerable server. The vulnerability, which results from a flaw in the Winsock Proxy service, lets malicious users on the internal network send specially crafted packets that can cause the server to stop responding to internal and external requests. Receipt of such a packet causes CPU utilization on the server to reach 100 percent. Microsoft has released Security Bulletin MS03-012 (Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service) to address this vulnerability. http://www.secadministrator.com/articles/index.cfm?articleid=38683 * SYSTEM COMPROMISE VULNERABILITY IN MICROSOFT VM A vulnerability in Microsoft Virtual Machine (VM) can result in the execution of code on the vulnerable system under the user's security context. This vulnerability occurs because the ByteCode verifier doesn't correctly check for the presence of certain malicious code during the loading of a Java applet. An attacker can exploit this vulnerability by creating a malicious Java applet and inserting it into a Web page. Microsoft has released Security Bulletin MS03-011 (Flaw in Microsoft VM Could Enable System Compromise) to address this vulnerability. http://www.secadministrator.com/articles/index.cfm?articleid=38682 * AUTHENTICATION BYPASS VULNERABILITY IN ORACLE E-BUSINESS SUITE Stephen Kost of Integrigy discovered that a vulnerability in the communications protocol that Oracle Applications FND File Server (FNDFS) uses lets an attacker bypass any OS, database, and application authentication to retrieve files from Oracle Applications Concurrent Manager servers. If the attacker has direct access to the Concurrent Manager server through SQL*Net, he or she can retrieve sensitive data or files (e.g., any file that the oracle or applmgr accounts can access) that contain critical passwords. Oracle has released a security bulletin regarding this vulnerability and recommends that affected users download and apply the appropriate update. http://www.secadministrator.com/articles/index.cfm?articleid=38686 3. ==== ANNOUNCEMENTS ==== (brought to you by Windows & .NET Magazine and its partners) * COULDN'T MAKE THE MICROSOFT MOBILITY TOUR EVENT? If you were too busy to catch our Microsoft Mobility Tour event in person, now you can view the Webcast archives for free! You'll learn more about the available solutions for PC and mobile devices and discover the direction mobility marketplace is headed. http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw06Kw0A6 * MICROSOFT TECH-ED 2003 EUROPE, JUNE 30 - JULY 4, BARCELONA Connect at Microsoft's premier European conference for building, deploying and managing connected solutions. Choose from 270+ in-depth technical sessions and hands-on labs to realize your full potential on the latest Microsoft technologies, platforms and tools. Register now and save 300 Euros! http://list.winnetmag.com/cgi-bin3/DM/y/eQWq0CJgSH0CBw0zFv0A8 4. ==== SECURITY ROUNDUP ==== * NEWS: VERISIGN AND nCIPHER OFFER HARDWARE-PROTECTED SSL CERTIFICATES nCipher announced a new product, the Hardware Protected SSL Certificate. The new offering ensures that Secure Sockets Layer (SSL) certificates are protected by Federal Information Processing Standard (FIPS)-validated cryptographic hardware, which allows a stronger level of authentication. The hardware complies with the FIPS 140-2 specification. nCipher is partnering with VeriSign to provide certificates for the new hardware-based certificate model. http://www.secadministrator.com/articles/index.cfm?articleid=38623 * NEWS: ISS RELEASES INTERNET RISK IMPACT SUMMARY FOR FIRST QUARTER 2003 Internet Security Systems (ISS) released its Internet Risk Impact Summary report for first quarter 2003. According to the report, the number of security incidents increased 84 percent, compared with fourth quarter 2002. http://www.secadministrator.com/articles/index.cfm?articleid=38624 * FEATURE: OWA 2003'S NEW SECURITY FEATURES Microsoft has put great effort into improving the security of Exchange Server 2003, and that effort is apparent in the new version of Microsoft Outlook Web Access (OWA)--especially if you run Exchange 2003 on Windows Server 2003. (In that scenario, OWA runs on Microsoft Internet Information Services--IIS--6.0, which has a much improved security model compared to IIS 5.0 and earlier.) If you have more than a handful of OWA users, you'll find that OWA's new features make it well worth upgrading to Exchange 2003. The most noteworthy features are support for encryption, cookie authentication, and various content blocks. http://www.secadministrator.com/articles/index.cfm?articleid=38599 5. ==== HOT RELEASE (ADVERTISEMENT) ==== * EVALUATING NEXT-GENERATION HIGH-PERFORMANCE FIREWALL APPLIANCES Download this free technical white paper now from Windows & .NET Magazine's White Paper Central. Brought to you courtesy of WatchGuard. http://ad.doubleclick.net/clk;5219034;7402808;e?http://click.atdmt.com/CWS/go/wndwnwq100100023cws/direct/01/ 6. ==== INSTANT POLL ==== * RESULTS OF PREVIOUS POLL: WEP and WPA The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Will your company replace Wired Equivalent Privacy (WEP) with Wi-Fi Protected Access (WPA)?" Here are the results from the 92 votes. (Deviations from 100 percent are due to rounding errors.) - 20% Yes - 32% No - 22% No--We're waiting for 802.11i - 27% Undecided * NEW INSTANT POLL: WINDOWS SERVER 2003 The next Instant Poll question is, "Will your company upgrade to Windows Server 2003 for better security?" Go to the Security Administrator Channel home page and submit your vote for a) Yes--within 1 year, b) Yes--within 2 years, c) Yes--within 3 years, d) Not sure, or e) No. http://www.secadministrator.com 7. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: How Can I Parse Log Files with SQL-Style Queries? (contributed by Microsoft) A: You can use Microsoft's free tool, Log Parser 2.0, to perform Microsoft SQL-style queries on a variety of log files. The tool is a set of scriptable COM objects that permits the query outputs to be displayed on screen or written to an output file or SQL database. The tool runs on Windows Server 2003, Windows XP, and Windows 2000. You can download a copy from Microsoft's Web site. http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=8cde4028-e247-45be-bab9-ac851fc166a4 8. ==== NEW AND IMPROVED ==== (contributed by Sue Cooper, products () winnetmag com) * INOCULATE YOUR WINDOWS SYSTEMS AGAINST MALWARE BBX Technologies has announced ImmuneEngine, a network OS layer that resides with Microsoft OSs and protects your desktops and servers from known and unknown viruses and malicious mobile code. ImmuneEngine monitors all Windows kernel operations, including the memory stack, mouse activity, and keyboard activity as applications execute. IT also monitors all file creation input/output operations that the OS performs. The software detects and deletes most unauthorized executables before they can launch, but if they launch, it will also persistently try to stop their execution. ImmuneEngine restores to their original state both protected portions of the registry that are modified and protected system files that are damaged--and it creates a forensic report for your review. The management console lets you automate the configuration, installation, and monitoring of your Windows systems across the network. Because ImmuneEngine doesn't use signature files, you won't need to distribute signature updates. A double-key protection system requires two administrators to disable ImmuneEngine's defenses and let you install or modify new software. ImmuneEngine supports Windows XP/2000/NT/9x. Prices start at $175 per workstation or laptop and $10,000 per enterprise server. Leading systems integrators distribute ImmuneEngine, which the National Security Agency (NSA) has approved for sale to the government. Contact BBX Technologies at 212-686-2828 or info () bbxtechnolgies com. http://www.bbxtechnologies.com * SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshot () winnetmag com. 9. ==== HOT THREAD ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.com/forums Featured Thread: Integrated Windows Authentication and IIS (Three messages in this thread) A user writes that he has a subdirectory within a Web site on Microsoft Internet Information Services (IIS) 5.0 that users log on to with their username and password. The Web server is placed in a demilitarized zone (DMZ) and isn't part of the domain. Local accounts created on the server require NTFS permissions on the subdirectory. On the IIS level, the directory is enabled with "Integrated Windows Authentication" only. However, whenever users try to log on from within the domain through their Windows XP clients, they receive a message that they aren't authorized for access. No logon page appears on which they can enter their credentials. The user writes that he can make the logon page display from within the domain only by enabling Basic Authentication (but he doesn't want to leave Basic Authentication enabled for security reasons). He wants to find a way around this problem. Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=57203 10. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- mark () ntsecurity net * ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums * PRODUCT NEWS -- products () winnetmag com * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdate () winnetmag com * WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-| Thank you for reading Security UPDATE. MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security UPDATE, April 16, 2003 InfoSec News (Apr 17)