Security UPDATE, January 22, 2003

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows Server 2003, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Panda Antivirus: Want Truly Automatic Daily Updates?
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QG0Ai

PacWest Security Road Show
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07Kz0AT
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: PANDA ANTIVIRUS: WANT TRULY AUTOMATIC DAILY UPDATES? ~~~~
   Most antivirus companies tell you they have daily automatic
updates, but the truth is they only update their files twice a week at
best. You can log on every day, but the files only update twice a
week. How does this protect you? Panda Software truly automatically
updates your antivirus every single day. And since you've probably
been paying the other guys extra for tech support, you'll be happy to
know that Panda's corporate tech support is FREE, 24 hours a day, 365
days per year. For more information on our award-winning network
antivirus solutions, click below and receive a FREE gift from Panda
Software.
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QG0Ai
~~~~~~~~~~~~~~~~~~~~

January 22, 2003--In this issue:

1. IN FOCUS
     - Security Tools for Your Data-Gathering Efforts

2. SECURITY RISKS
     - Buffer-Overflow Vulnerability in CuteFTP 5.0 for XP

3. ANNOUNCEMENTS
     - Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT
       Challenges, March 31, 2003
     - Windows & .NET Magazine Connections Announces Spring 2003 Dates

4. SECURITY ROUNDUP
     - News: Microsoft Opens Source Code to Governments
     - News: Group Espada Announces New Security Tools
     - Feature: Building a Secure VPN

5. INSTANT POLL
     - Results of Previous Poll: ISA Server 2000
     - New Instant Poll: Security Administrative Duties

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Restore My Windows XP System Using an Automated
       System Recovery (ASR) Backup?

7. NEW AND IMPROVED
     - Let the Pros Keep You Secure
     - Inspect and Report on Computers' Security
     - Submit Top Product Ideas

8. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Trouble with Network Windows XP Shares and
           Logons
      - HowTo Mailing List:
         - Featured Thread: Microsoft Windows PKI and PEM Certificates

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* SECURITY TOOLS FOR YOUR DATA-GATHERING EFFORTS

As part of your overall security efforts, you need to know which
resources are available on your systems and how those resources are
being used. It's important to monitor log files, and, in some cases,
consolidate and generate log files--and some add-on tools can
significantly simplify the task. In poking around the Internet
recently, I found several tools that you might want to consider using
in your Windows network environments. Most of the tools address log
files, and one tool enumerates system characteristics on local and
remote systems.

First, consider Purdue University Engineering Computer Network's
Eventlog to Syslog, a utility that runs on Windows and monitors event
logs, reformats the log entries, and sends them to a UNIX-based syslog
service for centralized collection. This utility helps administrators
who use UNIX as their main desktop monitor events that take place on
Windows-based systems.
   https://engineering.purdue.edu/ecn/resources/documents/unix/evtsys

Second, consider SecurIT Informatique's LogAgent, another tool
designed to centralize log files. LogAgent can gather text-based logs
from just about any type of software and centralize those logs in one
or more locations. For example, you can use the tool to gather and
monitor text-based logs such as firewall logs, antivirus software
logs, download managers, and content-screening software--without
having to look at each one through that software's particular software
interface.
   http://iquebec.ifrance.com/securit

A third tool to consider--also available from SecurIT Informatique--is
ComLog. This tool lets you introduce logging in a place in which
logging might otherwise be impossible: in a Windows command shell.
ComLog monitors everything that happens in a Windows command shell and
logs it to a file. ComLog is written in Perl and compiled with
Perl2Exe. The program replaces the cmd.exe file on your Windows
systems and becomes a front end to that file. After ComLog is in
place, the program captures all keystrokes and command output and
writes the data to date-stamped log files for your review.
   http://iquebec.ifrance.com/securit

Another tool, Foundstone's FileWatch, monitors files by detecting
file-size changes and write operations. The tool can monitor log files
for changes and produce a separate application when it detects
changes. For example, you can use it to monitor firewall logs or logs
from ComLog and LogAgent. You could also use Filewatch to send
administrative alerts (through email or pager software) when file
changes occur. Or you could use the tool to initiate other actions,
such as shutting down services or network connections or starting data
capture programs.
   http://www.foundstone.com/knowledge/proddesc/filewatch.html

Foundstone's NTLast lets you monitor Windows event logs (including
saved log files) for logon information. You can use it to perform
date-driven searches, filter based on hosts, distinguish data logged
by Web servers, and produce formatted output suitable for Microsoft
Excel spreadsheets.
   http://www.foundstone.com/knowledge/proddesc/ntlast.html

Finally, check into SourceForge's Winfingerprint. This tool determines
OS type and can enumerate users, groups, shares, SIDs, network
transports, disk drives, sessions, and services. Winfingerprint can
also determine service pack and hotfix levels and discover any open
TCP and UDP ports. It works with Windows NT domains and Active
Directory (AD) network structures and can interrogate remote systems
based on a range of IP addresses.
   http://sourceforge.net/projects/winfingerprint

Be sure to consider these and other log-related and system-enumeration
utilities. They could help you become aware of suspicious events and
activities that might otherwise go completely unnoticed--or go
unnoticed until damage has been done.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: PACWEST SECURITY ROAD SHOW ~~~~
   BACK BY POPULAR DEMAND - DON'T MISS OUR SECURITY ROAD SHOW EVENT!
   If you missed last year's popular security Road Show event, now's
your chance to catch it again in Portland and Redmond. Learn from
experts Mark Minasi and Paul Thurrott about how to shore up your
system's security and what desktop security features are planned for
.NET and beyond. Registration is free so sign up now!
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07Kz0AT
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* BUFFER-OVERFLOW VULNERABILITY IN CUTEFTP 5.0 FOR XP
   A buffer-overflow vulnerability in GlobalSCAPE's CuteFTP 5.0 XP for
Windows could result in a potential attacker executing arbitrary code
on the vulnerable system. When an FTP Server is responding to a "LIST"
(directory listing) command, the response is sent over a data
connection. Sending 257 bytes over this connection will cause a buffer
to overflow, and the IP register can be overwritten completely by
sending 260 bytes of data.
   http://www.secadministrator.com/articles/index.cfm?articleid=37731
 
3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT
CHALLENGES, MARCH 31, 2003
   Annual executive conference highlights the increased focus on IT
security in global pharmaceutical enterprises. Networking, case
studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and
other top-decision-makers leverage pharmaceutical IT solutions
successfully. Keynote presentations by executives from Aventis,
Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of
Health & Human Services.
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QH0Aj

* WINDOWS & .NET MAGAZINE CONNECTIONS ANNOUNCES SPRING 2003 DATES
   Learn first hand from the magazine writers you know and trust.
In-depth coverage by the world's top gurus regarding security insights
about Windows Server 2003, Windows XP, Windows 2000 Server, IIS, SQL
Server, and the Microsoft .NET platform. Benefit immediately from the
latest real-world tips on Active Directory, Group Policy, and
migration techniques. May 18-21, 2003. Register today.
   http://list.winnetmag.com/cgi-bin3/flo?y=ePKT0CJgSH0CBw07QI0Ak

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT OPENS SOURCE CODE TO GOVERNMENTS
   Microsoft announced it has opened its source code to governments
under a new Government Security Program (GSP). The GSP lets
governments review code to address security and other concerns.
Governments have long had access to UNIX platform source code,
including Linux versions. However, ensuring the security of Microsoft
products has been a stumbling block for government acceptance.
   http://www.wininformant.com/articles/index.cfm?articleid=37683

* NEWS: GROUP ESPADA ANNOUNCES NEW SECURITY TOOLS
   Group Espada announced it would release a set of new security tools
now undergoing beta testing. The new tools consist of KATANA,
KATANA.NET, and KATANA for SQL Server 2000 and will be available as a
suite or as individual components.
   http://www.wininformant.com/articles/index.cfm?articleid=37700

* FEATURE: BUILDING A SECURE VPN
   The VPN concept has been around for almost 10 years. Technologies
that use public data lines for private corporate traffic promise
companies a cornucopia of benefits--from saving money on expensive
leased lines to a workforce empowered to access the entire wealth of
corporate IT resources from any kind of connection anywhere on the
globe. But as with other overhyped and overmarketed technologies, the
devil is in the details. Read all about it in this article by Tony
Howlett.
   http://www.secadministrator.com/articles/index.cfm?articleid=37447

5. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: ISA SERVER 2000
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Does your company use Microsoft Internet Security and Acceleration
(ISA) Server 2000?" Here are the results from the 348 votes.
(Deviations from 100 percent are due to rounding errors.)
   - 38% Yes
   - 55% No
   -  7% No, but we intend to implement it
 
* NEW INSTANT POLL: SECURITY ADMINISTRATIVE DUTIES
   The next Instant Poll question is, "What is currently the main
focus of your security-related administrative duties?" Go to the
Security Administrator Channel home page and submit your vote for a)
Tightening general security, b) Defending against network attacks, c)
Defending against Web site attacks, d) Filtering junk email, or e)
Controlling employee surfing habits.
   http://www.secadministrator.com

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I RESTORE MY WINDOWS XP SYSTEM USING AN AUTOMATED
SYSTEM RECOVERY (ASR) BACKUP?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. If you experience a core-OS corruption in XP and you've created an
ASR backup, you can use the ASR backup to restore your system by
performing the following steps:
   1. Boot from your original XP media.
   2. If prompted, press a key to boot the system from the CD-ROM.
   3. During the text mode portion of setup, press F2 to initiate an
ASR restore.
   4. When prompted, insert the ASR backup disk and follow the
onscreen instructions.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* LET THE PROS KEEP YOU SECURE
   Dimension Data Holdings launched Surveyor for Security, a security
assessment and risk management service. Dimension Data assesses your
IT environment and determines the probability and impact associated
with security risks. Dimension Data's security experts develop a
remediation road map to ensure that the appropriate people, tools, and
processes are in place to protect your company's assets. Dimension
Data's security personnel then implement those safeguards and provide
ongoing security management and monitoring services. Contact Dimension
Data Holdings at 703-262 3200 or email the Director of North America
Marketing at geary.campbell () us didata com.
   http://www.didata.com

* INSPECT AND REPORT ON COMPUTERS' SECURITY
   Shavlik Technologies announced EnterpriseInspector 2.1, software
that remotely inspects and reports on the security of your servers and
workstations. EnterpriseInspector 2.1 combines the security checklist
of the Microsoft Baseline Security Analyzer (MBSA), which Shavlik
Technologies developed, with the power of Microsoft SQL Server 2000
and a custom reporting engine. New features include detection on
Microsoft Exchange Server and Windows Media Player (WMP), scanning on
all instances of SQL Server, support for Microsoft Software Update
Services (SUS), and database statistics and maintenance. Contact
Shavlik Technologies at 651-426-6624, 800-690-6911, and
info () shavlik com.
   http://www.shavlik.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Trouble with Network Windows XP Shares and Logons
   (Two messages in this thread)

A user says he's using Windows 2000 Server as a PDC and the only
domain controller (DC) on his network. He uses XP, Win2K, and Windows
NT clients.

When he logs on to the domain with an XP client, all the network
shares and printers work for a certain amount of time, but then they
stop working. If he tries to connect to a network share, he receives
the error message:

"The system detected a possible compromise in security. Please ensure
that you can contact the server that authenticated you."

The event log shows the following error, with the source as NETLOGON:

"No Domain Controller is available for domain [domain name] due to the
following: There are currently no logon servers available to service
the logon request. Make sure that the computer is connected to the
network and try again. If the problem persists, please contact your
domain administrator."

If he logs off and logs on again, everything works again. He doesn't
have any problems with Win2K and NT clients, and the domain server is
available all the time. Also, it takes users more than a minute to log
on after they enter their password. He wants to know why. Lend a hand
or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=52550

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Microsoft Windows and PEM Certificates
   (One message in this thread)

A user writes that he's attempting to implement Microsoft's
Certificate Authority (CA) using Windows 2000. His company's
development and engineering team wants to generate and send out
certificates in certain applications using Privacy Enhanced Mail (PEM)
formatting, which is the ASCII base-64 format of DER. How does the CA
format its certificates--in binary or in text? Will this approach
work? Read the responses or lend a hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?a2=ind0301c&l=howto&p=330

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.