Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, January 8, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 9 Jan 2003 03:44:13 -0600 (CST)
********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Black Hat Briefings & Training: Windows Security
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw0pHV0Az

Wireless Technologies Survey
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw07Ei0AK
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: BLACK HAT BRIEFINGS & TRAINING: WINDOWS SECURITY ~~~~
   Attend the world's premier technical event for Windows and .Net
security experts, February 25-28, Seattle. Six tracks, seven training
sessions and full support by Microsoft. See for yourself what the
Black Hat buzz is all about.
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw0pHV0Az
~~~~~~~~~~~~~~~~~~~~

January 8, 2003--In this issue:

1. IN FOCUS
     - Phasing In Trustworthy Computing

2. SECURITY RISKS
     - Protection Bypass Vulnerability in Pedestal Software's
       Integrity Protection Driver for Win2K

3. ANNOUNCEMENTS
     - Planning on Getting Certified? Make Sure to Pick Up Our New
       eBook!
     - The Microsoft Mobility Tour Is Coming Soon to a City Near You!

4. SECURITY ROUNDUP
     - Microsoft Releases ISA Server Feature Pack 1
     - Feature: Customizing Dimension Security
     - News: Network-1 to Discontinue CyberwallPLUS Firewall
     - News: Eight Tips to Better Secure Email

5. INSTANT POLL
     - Results of Previous Poll: ICSA Firewall Certification
     - New Instant Poll: ISA Server 2000

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Protect My System from a Denial of Service (DoS)
       Attack?

7. NEW AND IMPROVED
     - Scan Domino Servers for Vulnerabilities
     - Protect Networks Against Insider Attacks
     - Submit Top Product Ideas
 
8. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: I Can't Connect to Windows.NET Server with
           Remote Desktop Connection

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* PHASING IN TRUSTWORTHY COMPUTING

As you know, 1 year ago, Microsoft announced its Trustworthy Computing
initiative. The first phase of the initiative included examining the
current state of security in the company's products and educating its
developers so that they could write more secure code from the ground
up. (As an aside, Microsoft's efforts toward security include the 72
security patches published in 2002 for the company's existing software
packages.)
 
The second phase of Trustworthy Computing, which Microsoft calls
"Designed for Trust," is well underway. As Craig Mundie, senior vice
president and chief technical officer, advanced strategies and policy
for Microsoft, pointed out in November 2002, "[The second phase]
involves intercepting several products in mid-development and building
in new approaches to security." Part of the effort produced Windows XP
Service Pack 1 (SP1) and will produce Windows .NET Server (Win.NET
Server) 2003, slated for release about April of this year. In
addition, the company is working on "several Web security standards,"
which are bound to include Web Services Security Language
(WS-Security). You can learn more about WS-Security in Christa
Anderson's article "WS-Security Sets Standard for Web Services
Transactions" (see the first URL below) and in the June 12, 2002,
Security UPDATE newsletter (see the second URL below).
   http://www.secadministrator.com/articles/index.cfm?articleid=24401
   http://www.secadministrator.com/articles/index.cfm?articleid=25593

According to a story at "eWeek" (see the URL below), the second phase
of Trustworthy Computing also includes Prescriptive Architectural
Guidance. The story states that the guidance "will lay out
instructions for ways IT managers can lock down Windows 2000 machines.
Under the guidelines, OEMs such as Dell Computer Corp. will be able to
configure systems to customer specifications, including turning off
unwanted services and features, such as active scripting in Internet
Explorer [IE]."
   http://www.eweek.com/article2/0,3959,808254,00.asp

You'll find even more ways to eliminate unwanted services in the
upcoming Win.NET Server release. In the past, Windows server and
workstation installations activated many services, and users had to
use a checklist to disable unwanted services. However, Win.NET Server
includes a technology called Secure Server Roles (SSR), which helps
users configure their servers through a series of questions and
answers. After users answer questions about how they'll use the server
in a given network environment, unnecessary services would be left
inactive, which lessens the chances of intrusion through inadvertent
service provision.

In addition, Win.NET Server will include the option of having the
server act as an intermediary--by pulling Microsoft patches into the
network and automatically sending them out to workstations and
servers. The technology is already available as Microsoft Software
Update Services (SUS) and can be downloaded from the URL below. SUS
runs on Win.NET Server and Win2K Server and can deploy patches to XP
and Win2K systems. The update service is a great concept that could
potentially save companies a lot of time and effort; however, in some
instances, patches still break system functionality and on rare
occasions reintroduce previously patched problems. Microsoft patch
testing must become more thorough--in fact, impeccable--if the company
expects users to adopt automatic updates with total confidence.

The third phase of the Trustworthy Computing initiative, which
Microsoft calls "Architected for Trust," involves products still on
the drawing board. Among those products, presumably, are the next
version of Windows, code-named Longhorn, and the new security
subsystem, code-named Palladium. To learn more about Longhorn and
Palladium, search our Web sites at the URLs below.
   http://search.win2000mag.net/query.html?col=0&qt=longhorn
   http://search.win2000mag.net/query.html?col=0&qt=palladium

At this point, Microsoft's initiative seems to be working to some
extent. However, the brunt of the company's road map remains to come
in future products. Getting more secure and staying more secure will
undoubtedly require users to expense new hardware and software. And
those who choose to keep their existing platforms for longer periods
of time might find themselves gaining more value for their
investments, yet at the same time incurring slightly higher risks. How
the initiative balances out in the long run remains to be seen.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: WIRELESS TECHNOLOGIES SURVEY ~~~~
   TELL US WHAT YOU THINK ABOUT WIRELESS TECHNOLOGIES!
   Take our short, confidential survey on wireless technologies and
you could win an HP 1.3 megapixel digital camera worth $300. Click
here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw07Ei0AK
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* PROTECTION BYPASS VULNERABILITY IN PEDESTAL SOFTWARE'S INTEGRITY
PROTECTION DRIVER FOR WIN2K
   A vulnerability in Pedestal Software's Integrity Protection Driver
(IPD) 1.3 for Windows 2000 can result in the driver's kernel
protection being bypassed. By using a certain function in Win2K, a
potential attacker can bypass the IPD by creating a symbolic link that
points to the Windows driver's directory. The vendor has released IPD
1.4, which isn't vulnerable to this condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=37570

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
   "The Insider's Guide to IT Certification" eBook is hot off the
presses and contains everything you need to know to help you save time
and money while preparing for certification exams from Microsoft,
Cisco Systems, and CompTIA and have a successful career in IT. Get
your copy of the Insider's Guide today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw06cX0AW

* THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
   This outstanding seven-city event will help support your growing
mobile workforce. Industry guru Paul Thurrott discusses the coolest
mobility hardware solutions around, demonstrates how to increase the
productivity of your "road warriors" with the unique features of
Windows XP and Office XP, and much more. You could also win an HP iPAQ
Pocket PC. There is no charge for these live events, but space is
limited so register today! Sponsored by Microsoft, HP, and Toshiba.
   http://list.winnetmag.com/cgi-bin3/flo?y=eO8v0CJgSH0CBw06Kw0Ad

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT RELEASES ISA SERVER FEATURE PACK 1
   Yesterday, Microsoft announced the release of Internet Security and
Acceleration (ISA) Server 2000 Feature Pack 1, a set of add-ons that
enhance the security for Microsoft Exchange Server, IIS, and Outlook
Web Access (OWA) and improve ease of use for administrators.
   http://www.secadministrator.com/articles/index.cfm?articleid=37583

* FEATURE: CUSTOMIZING DIMENSION SECURITY
   A virtual cube can provide flexible, scalable security. The
virtual-cube approach uses a separate fact table to store all the
allowed combinations of usernames and dimension members. Because the
number of records in a fact table is unlimited, you have the
flexibility you need to define specific privileges for your users.
Read more about virtual cubes in Russ Whitney's article from SQL
Server Magazine on our Web site.
   http://www.sqlmag.com/articles/index.cfm?articleid=27305

* NEWS: NETWORK-1 TO DISCONTINUE CYBERWALLPLUS FIREWALL
   Network-1 Security Solutions announced that it would discontinue
its CyberwallPLUS firewall product line. The company announced in
November that it didn't expect the product line to be profitable.
Network-1, which has also reduced its staff, is seeking a merger and
might sell the CyberwallPLUS product line to an interested buyer.
   http://www.secadministrator.com/articles/index.cfm?articleid=37548

* NEWS: EIGHT TIPS TO BETTER SECURE EMAIL
   800onemail, a secure email service provider, published a list of
eight tips to help companies better secure their email systems. With
the New Year just arrived, it's a good time to turn over a new leaf
toward all-around security, email systems included.
   http://www.secadministrator.com/articles/index.cfm?articleid=37547

5. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: ICSA FIREWALL CERTIFICATION
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you consider ICSA Labs Certification as a factor when you select a
firewall?" Here are the results from the 164 votes. (Deviations from
100 percent are due to rounding error.)
   - 37% Yes
   - 52% No
   - 10% No, but we will
 
* NEW INSTANT POLL: ISA SERVER 2000
   The next Instant Poll question is, "Does your company use Microsoft
Internet Security and Acceleration (ISA) Server 2000?" Go to the
Security Administrator Channel home page and submit your vote for a)
Yes, b) No, or c) No, but we intend to implement it.
   http://www.secadministrator.com

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I PROTECT MY SYSTEM FROM A DENIAL OF SERVICE (DoS)
ATTACK?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Firewall products can protect your machines from DoS attacks, and
you should use a firewall whenever possible. However, built-in Windows
functionality can also help protect against DoS attacks and quickly
time out SYN requests. To enable this functionality, perform the
following steps:
   1. Start a registry editor (e.g., regedit.exe).
   2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
registry subkey.
   3. From the Edit menu, select New, DWORD Value.
   4. Enter the name SynAttackProtect, then press Enter.
   5. Double-click the new value, set it to 2, then click OK.
   6. Close the registry editor.
   7. Reboot the machine.

The SynAttackProtect default value is 0, which offers no protection. A
value of 1 limits the number of SYN retries and delays the route cache
entry when the maximum number of open TCP connections (i.e., the
connections in the SYN_RECEIVED state known as TcpMaxHalfOpen) and
retries (i.e., TcpMaxHalfOpenRetried) has been met. When
SynAttackProtect has a value of 2, the effect is similar to when the
value is set to 1 but includes a delayed Winsock notification until
the three-way handshake involved in the SYN process is complete.
Because Windows invokes the SynAttackProtect value only after the
system exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values, I
recommend that you also create the TcpMaxHalfOpen and
TcpMaxHalfOpenRetried values under the same registry key (both DWORD
values) and set them to 100 and 80, respectively.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* SCAN DOMINO SERVERS FOR VULNERABILITIES
   Application Security announced AppDetective for Lotus Domino, an
application security scanner that performs network-based penetration
testing and vulnerability assessments. The software locates, examines,
reports, and helps fix security holes in Lotus Domino Groupware and
Web Application Servers. The product supports Lotus Domino 4.5 through
Lotus Domino 6.x, Windows XP Professional, Windows 2000 Professional,
and Windows NT. Contact Application Security at 212-420-9270,
866-927-7732, and info () appsecinc com.
   http://www.appsecinc.com

* PROTECT NETWORKS AGAINST INSIDER ATTACKS
   SmartLine released PortsLock, a software firewall with user-level
access controls for Windows XP, Windows 2000, and Windows NT. It's
transparent to your users and compatible with their other firewalls
and routers. PortsLock can block access to network resources for your
users or groups, control access based on time of day and day of the
week, audit network activity for users or groups, and monitor
applications' network activities in realtime for possible malicious
programs. The price of a single license is $50; a site license is
$2000. Contact SmartLine on the Web.
   http://www.protect-me.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: I Can't Connect to Win.NET Server with Remote Desktop
Connection
   (One message in this thread)

A user uses Windows .NET Server (Win.NET Server) 2003 and Windows 2000
Server Terminal Services, but when he connects to the server with
Remote Desktop Connection, he receives an error. He enters the
username, password, and domain, and the response he receives states
"You do not have the proper encryption level to access this session."
How can he configure the correct encryption level? Lend a hand or read
the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=52124

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: