Security UPDATE, January 15, 2003

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Experience How Real Time Monitoring Will Benefit YOU
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw07Ln0A7

Microsoft Mobility Tour
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw06Kw0AF
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: EXPERIENCE HOW REAL TIME MONITORING WILL BENEFIT YOU ~~~~
   A proactive Security Administrator installed TNT Software's ELM
Enterprise Manager 3.0 on his critical servers to assess the benefits
of real time monitoring. During the first week, EEM 3.0 paged him as a
disgruntled employee attempted to access confidential files, emailed
him during a port scan attack, and automatically restarted a failed
anti-virus service. As a result, ELM Enterprise Manager was purchased
and fully deployed during the second week. Download your FREE 30 day
full feature evaluation copy today and experience how real time
monitoring will benefit YOU.
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw07Ln0A7
~~~~~~~~~~~~~~~~~~~~

January 15, 2003--In this issue:

1. IN FOCUS
     - Security Initiatives and Windows Server 2003

2. ANNOUNCEMENTS
     - InfoSec World Conference and Expo/2003
     - Windows Scripting Solutions for the Systems Administrator
     - Back by Popular Demand--Don't Miss Our Security Road Show
       Event!

3. SECURITY ROUNDUP
     - News: Lirva Worm Might Spoof Microsoft Security Bulletin
     - News: Finjan Software Acquires Alchemedia Technologies
     - News: Microsoft Releases ISA Server 2000 Feature Pack 1

4. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Prevent Windows XP's Network Bridge Feature from
       Forwarding Network Packets?
     - Event Highlight: Smart Card Alliance Mid-Winter Conference

5. NEW AND IMPROVED
     - Assess Windows Server Security
     - Secure Your Desktops
     - Submit Top Product Ideas

6. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Tool for ACL Comparison and Changes
      - HowTo Mailing List:
         - Featured Thread: Sharing XP Folders in a Workgroup
 
7. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* SECURITY INITIATIVES AND WINDOWS SERVER 2003

As I wrote in last week's Security UPDATE, Microsoft has been working
on its Trustworthy Computing initiative. The initiative involves
addressing concerns customers have about the security of Microsoft
products, especially the issues customers encounter most frequently.
To address those concerns, Microsoft has developed a strategy called
SD3+C--Secure by Design, Secure by Default, Secure in Deployment, and
Communications.

Secure by Design means better-designed products, more thorough testing
and approval processes before release, and more security features. As
you know, Microsoft stopped development on Windows Server 2003 for 2
months while the company focused attention on matters such as employee
training and product redesign.

The company changed some of the server architecture to improve
security. For example, the Web listener is no longer part of the
kernel. Also, at a lower level of architecture, Microsoft has improved
the server's compilers and changed code-development processes such as
the thread-modeling processes. In addition, teams must review and test
code to ensure quality--reviews that can stop a product's release
until developers change the code.

Secure by Default emphasizes not exposing aspects of functionality
unless an administrator wants them exposed. For example, Microsoft IIS
and many other services are no longer active by default. Microsoft has
added two new accounts for network access and local system access to
offer administrators more ways to limit service exposure. In addition,
people can't use blank passwords to authenticate to network services.

Microsoft is taking several steps in the areas of Secure by Deployment
and Communications. One such step is to offer users more documentation
to help architect their particular data centers. Another step is to
continue building enterprise customer communications, a response to
enterprise customers who assert that they don't have enough
communication with Microsoft. But SD3+C contains much more than I can
discuss here; you can read about SD3+C's overall premises on
Microsoft's Web site.
   http://www.microsoft.com/enterprise/articles/security.asp

You might already be aware of some of the matters I mention above.
However, on January 27, Microsoft will begin briefing the press in
more detail about its security innovations in Windows 2003. Stay
tuned, and I hope I'll be able to fill you in on new details in that
week's edition of Security UPDATE.
 
Meanwhile, take advantage of some new documentation Microsoft has made
available on its Microsoft Developer Network (MSDN) Web site. In
November 2002, Microsoft published the online book "Building Secure
ASP.NET Applications: Authentication, Authorization, and Secure
Communication." Chapters include Security Model for ASP.NET
Applications, Authentication and Authorization, Secure Communication,
Intranet Security, Extranet Security, Internet Security, ASP.NET
Security, Enterprise Services Security, Web Services Security,
Remoting Security, Data Access Security, and Troubleshooting Security
Issues. In December, Microsoft published "Building and Configuring
More Secure Web Sites," a paper that discusses best practices for
Windows 2000 Advanced Server, Internet Information Services (IIS) 5.0,
Microsoft SQL Server 2000, and the Microsoft .NET Framework.
   http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
   http://msdn.microsoft.com/library/en-us/dnnetsec/html/openhack.asp?frame=true

Be sure to check out these resources. Also, stop by the .NET Security
Web site to see what else you might find useful.
   http://msdn.microsoft.com/nhp/default.asp?contentid=28001369

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: MICROSOFT MOBILITY TOUR ~~~~
   THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
   Brought to you by Windows & .NET Magazine, this outstanding
seven-city event will help support your growing mobile workforce!
Industry guru Paul Thurrott discusses the coolest mobility hardware
solutions around, demonstrates how to increase the productivity of
your "road warriors" with the unique features of Windows XP and Office
XP, and much more. There is no charge for these live events, but space
is limited so register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw06Kw0AF
~~~~~~~~~~~~~~~~~~~~

2. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* INFOSEC WORLD CONFERENCE AND EXPO/2003
   MIS Training Institute's InfoSec World Conference and Expo/2003
will be held in Orlando, FL, March 10-12, 2003, with optional
workshops on March 8, 9, 12, 13, and 14. InfoSec World will cover
today's need-to-know topics and deliver proven strategies for
protecting your systems. For details and to register, visit:
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw07Lo0A8

* WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR
   You might not be a programmer, but that doesn't mean you can't
learn to create and deploy timesaving, problem-solving scripts.
Discover Windows Scripting Solutions, the monthly print publication
that helps you tackle common problems and automate everyday tasks with
simple tools, tricks, and scripts. Try a sample issue today at
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw06ob0AU

* BACK BY POPULAR DEMAND--DON'T MISS OUR SECURITY ROAD SHOW EVENT!
   If you missed last year's popular security road show event, now is
your chance to catch it again in Portland, Oregon, and Redmond. Learn
from experts Mark Minasi and Paul Thurrott about how to shore up your
system's security and what desktop security features are planned for
Microsoft .NET and beyond. Registration is free so sign up now!
   http://list.winnetmag.com/cgi-bin3/flo?y=ePEP0CJgSH0CBw07Kz0AJ

3. ==== SECURITY ROUNDUP ====

* NEWS: LIRVA WORM MIGHT SPOOF MICROSOFT SECURITY BULLETIN
   New variants of the worm Lirva are spreading around the Internet
infecting users of Microsoft Outlook. The worm is dangerous in that it
can shut down antivirus and firewall software and overwrite Microsoft
Word, Excel, and PowerPoint files, leaving the file sizes at 0KB,
which renders the files unrecoverable without a backup.
   http://www.wininformant.com/articles/index.cfm?articleid=37662
 
* NEWS: FINJAN SOFTWARE ACQUIRES ALCHEMEDIA TECHNOLOGIES
   Finjan Software announced that it has acquired Dallas-based
Alchemedia Technologies. The acquisition includes the customer base,
intellectual property, and products. Alchemedia's flagship product,
Mirage, offers Digital Rights Management (DRM) to documents.
   http://www.secadministrator.com/articles/index.cfm?articleid=37644

* NEWS: MICROSOFT RELEASES ISA SERVER 2000 FEATURE PACK 1
   Microsoft has announced the release of Internet Security and
Acceleration (ISA) Server 2000 Feature Pack 1, a set of add-ons that
enhance security for Microsoft Exchange Server, IIS, and Outlook Web
Access (OWA) and improve ease of use for administrators.
   http://www.secadministrator.com/articles/index.cfm?articleid=37583

4. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I PREVENT WINDOWS XP'S NETWORK BRIDGE FEATURE FROM
FORWARDING NETWORK PACKETS?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. The Network Bridge feature in XP Professional and XP Home Edition
can forward network packets; however, this capability can cause major
problems on some networks. To permanently disable packet forwarding,
perform the following steps:
   1. Start a registry editor (e.g., regedit.exe).
   2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BridgeMP registry
 subkey.
   3. From the Edit menu, select New, DWORD Value; enter the name
DisableForwarding; then press Enter.
   4. Double-click the new value, set it to 1, then click OK.
   5. Close the registry editor.
   6. Reboot the machine for the change to take effect.

* EVENT HIGHLIGHT: SMART CARD ALLIANCE MID-WINTER CONFERENCE
   February 12 through February 13, 2003
   Salt Lake City, Utah

"Identity: Technology and Policy Issues of Trust" addresses how we
protect our identities and minimize the risks to our privacy. Expert
panels will examine the specific roles in which individuals use their
identities--as public citizens (such as crossing borders, at airports,
in voting booths); as corporate citizens (accessing buildings,
networks, private databases); and as private citizens (in retail
stores, on the Internet, and using wireless devices). For more
information, go to
   http://www.smartcardalliance.org

5. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* ASSESS WINDOWS SERVER SECURITY
   Winzero Custom Solutions released ACLReporter, security assessment
and reporting software for your NTFS file, folder, and share data.
ACLReporter lets you perform security permission searches and gather
security information from remote servers in realtime or when they're
offline. Supports Windows Server 2003, Windows 2000, and Windows NT
servers. An enterprise license for unlimited servers and users is $695
until January 31, 2003. Contact Winzero Custom Solutions at
604-736-7395 in Canada, at 973-439-6908 in the United States, or at
sales () winzero ca.
   http://www.winzero.ca

* SECURE YOUR DESKTOPS
   Anfibia announced Deskman 5.2, a Windows desktop security tool that
gives you control over your users' desktop components. Deskman
features include encrypted profiles, authentication procedures, and
Windows NT service implementation. Deskman 5.2 now offers a new
password policy and the ability to protect access to drives. Contact
Anfibia at sales () anfibia net.
   http://www.anfibia.net

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

6. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Tool for ACL Comparison and Changes
   (Two messages in this thread)

A user writes that he's seeking a tool that will compare current
folder and file ACLs against a database, then apply ACL changes to all
files and folders that don't have the NTFS permissions. The tool
should also generate a comparison report. Is there such a tool, other
than CACLS or SuperCACLS? Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=52418

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Sharing XP Folders in a Workgroup
   (Three messages in this thread)

A user writes that he needs to share folders on a Windows XP
Professional system that's in a workgroup, and he wants to provide
granular security permissions on the folders. Without joining a
domain, however, he can't remove the Everyone group--which means he
can't provide individualized user access permission to the folders.
How can he solve this problem? Read the responses or lend a hand at
the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?A2=IND0301B&L=HOWTO&P=345

7. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.


MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.