Windows & .NET Magazine Security UPDATE--June 18, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Hewlett-Packard
http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw08fJ0Av

Windows & .NET Magazine
http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw06cX0A5

====================

1. In Focus: Are IDSs Overrated?

2. Security Risks
     - Multiple Buffer-Overflow Vulnerabilities in FlashFXP FTP Client
       for Windows
     - Multiple Buffer-Overflow Vulnerabilities in SmartFTP FTP Client
       for Windows

3. Announcements
     - New--Test-Drive Our Performance Portal!
     - Fight Spam and Viruses, and Secure Exchange 2003!

4. Security Roundup
     - News: News: Microsoft Gears Up for Antivirus Efforts
     - News: Win2K SP4 Is Coming Soon; The Newest IIS Security Rollup
     - Feature: Where to Place Your Antivirus Defenses

5. Security Toolkit
     - Virus Center
     - FAQ: What's the purpose of the SELF Subject I See in Windows
       2000 Active Directory (AD)?

6. Event
     - Security 2003 Road Show
 
7. New and Improved
     - Leave the Monitoring to Professionals
     - Use Plant DNA Codes to Authenticate Users
     - Submit Top Product Ideas

8. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: How to Issue Certificates with an Offline
CA

9. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Hewlett-Packard ====

   HP OpenView for Windows Test Drive
   Monitor the availability and performance of your corporate website
-- FREE for 30 days, using powerful HP OpenView management software
for Windows. Simulate activity. Monitor complex transactions. Meet
business demands. Manage web services. Click here.
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw08fJ0Av

====================

==== 1. In Focus: Are IDSs Overrated? ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

Microsoft recently announced plans to acquire the technological and
intellectual assets of GeCAD Software, a Romanian antivirus software
vendor. The acquisition lets Microsoft add another layer to its
existing set of security protection mechanisms across the majority of
its product lines. You can read about the acquisition in the related
news story, "Microsoft Gears Up for Antivirus Efforts," in this
edition of Security UPDATE.

Microsoft is adding a layer of security that will eventually become
available to customers. At the same time, Gartner recommends that
enterprises remove a layer of security from their protection schemes.

In a press release issued last week, Gartner declared that Intrusion
Detection Systems (IDSs) are a market failure because they fail to add
value relative to their costs. Gartner recommends that instead of
spending money on an IDS, companies spend their money on firewall
solutions that offer both network-level and application-level
protection.

Gartner's comments about IDSs appeared in a press release that
promotes the company's recently released report, "Hype Cycles"
(interested parties can purchase the report from Gartner). The report
considers what the future technology will be, including whether IDSs'
current popularity results more from hype than from their lasting
value and cost-effectiveness. Gartner's prognosis leads me to pose a
couple of questions to you. Do you believe that the cost of an IDS
outweighs its benefits? Do you believe that removing your standalone
IDS would benefit your enterprise?

As Gartner notes, firewalls, whether they reside in the network layer,
the application layer, or the desktop layer, serve well to defend
against attack. Even so, I believe IDSs have a place among the layers.

IDS technology lets you view the type of traffic traveling into your
networks. Proactive IDSs sometimes reveal attack types about which
firewalls "know" nothing. If IDSs are positioned behind a firewall,
they can reveal and shut down attacks that bypass the firewall. If
proactive IDSs are positioned in front of a firewall, they can shut
down suspicious traffic before it reaches the firewall.

Gartner also notes that IDS technology often provides false positives
and false negatives, that it places an increased burden on staff
(requiring round-the-clock monitoring every day of the year), that it
requires a tedious incident-response process, and that it can't
monitor traffic at speeds exceeding 600Mbps. One could make the first
three complaints about firewalls too. Firewall users deal with false
detections (all shops that are serious about security must monitor
many matters around the clock), and most security incidents (and even
nonsecurity incidents, such as a failed server or desktop
installation) are time-consuming and tedious to handle--not to mention
frustrating.

As for IDSs being unable to monitor traffic that exceeds 600Mbps: That
concern is addressable--because it depends in large part on the
underlying hardware and OS. The fastest platforms seem to be
standalone units designed for specific purposes (e.g., Internet
Security Systems'--ISS's--new Proventia security appliances).
Proventia appliances combine firewall, intrusion detection, VPN, and
virus-scanning capabilities in standalone units that can operate at
speeds that far exceed 1Gbps.

However, using a standalone all-in-one unit can sometimes create a
single point of failure--a notable risk. If intruders somehow break
the appliance unit, they might break all the included security
features, including the firewall, IDS, and the antivirus protection.
Even if you use multiple standalone units, the same holds true--an
exploitable flaw in one unit might be an exploitable flaw in all
identical units, depending on configuration and circumstances. In such
a potential event, a multivendor and multifunction security solution
might hold up better.

I think IDSs do have a place in the security market and that they're
not simply overhyped solutions. But if today's firewall vendors intend
to diversify their security-related offerings, they'll need to provide
proven fail-safe solutions that don't create a single point of
failure. And that's not an easy task, especially when it comes to the
"proving" part.

====================

==== Sponsor: Windows & .NET Magazine ====

Insider's Guide to IT Certification eBook
   Get the eBook that will help you get certified!  The "Insider's
Guide to IT Certification," from the Windows & .NET Magazine Network,
has one goal: to help you save time and money on your quest for
certification. Find out how to choose the best study guides, save
hundreds of dollars, and be successful as an IT professional. The
amount of time you spend reading this book will be more than made up
by the time you save preparing for your certification exams. Order
your copy today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw06cX0A5

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Multiple Buffer-Overflow Vulnerabilities in FlashFXP FTP Client for
Windows
   Two buffer-overflow vulnerabilities in FlashFXP FTP Client for
Windows can result in the execution of arbitrary code on the
vulnerable computer. These two vulnerabilities consist of a buffer
overflow that occurs if a server replies to a PASV command request
with a long string and a buffer overflow that occurs if a long host
name is specified as the destination server. FlashFXP has released
version 2.1, which doesn't contain these vulnerabilities.
   http://www.secadministrator.com/articles/index.cfm?articleid=39271

Multiple Buffer-Overflow Vulnerabilities in SmartFTP FTP Client for
Windows
   Two buffer-overflow vulnerabilities in SmartFTP FTP Client for
Windows can result in the execution of arbitrary code on the
vulnerable computer. If a server responds to a PWD command request
with a reply that contains a long address, a buffer overflow can
occur. If a server returns a File List that contains a long string, a
buffer overflow can also occur. SmartFTP has released version 1.0.976,
which doesn't contain these vulnerabilities.
   http://www.secadministrator.com/articles/index.cfm?articleid=39272

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

New--Test-Drive Our Performance Portal!
   The Windows & .NET Magazine Performance Portal site is an online
service that lets IT professionals test client/server scalability and
application performance of client/server database, workflow, streaming
media, and office productivity applications. Check out this innovative
service at
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw0BAW70Ac

Fight Spam and Viruses, and Secure Exchange 2003!
   Check out our June Web events, and get expert advice that will help
you fight spam and viruses and also help you assess the security risks
of Exchange 2003. There's no charge for any of these eye-opening,
educational events, but space is limited so sign up now!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw02lB0An

==== 4. Security Roundup ====

News: Microsoft Gears Up for Antivirus Efforts
   Microsoft announced its intention to acquire the intellectual
property and technology assets of Romanian-based antivirus software
maker GeCAD Software. Viruses, worms, and Trojan horses constantly
plague Microsoft products, so we'll probably see the company release
an antivirus solution based on GeCAD technology in the near future.
   http://www.secadministrator.com/articles/index.cfm?articleid=39277

News: Win2K SP4 Is Coming Soon; The Newest IIS Security Rollup
   According to Windows & .NET Magazine columnist Paula Sharick,
Windows 2000 bug reports and hotfixes have slowed to a trickle during
the past few months. This slowdown always presages the release of a
new service pack. As of June 8, the Microsoft Knowledge Base contained
23 Win2K pre-Service Pack 5 (SP5) articles, including the recommended
Layer Two Tunneling Protocol (L2TP), IP Security (IPSec), and Network
Address Translation (NAT) update. These pre-SP5 articles indicate that
SP4 won't include fixes for several USB problems or problems with
terminal servers that fail in high-stress environments. So ramp up
your software distribution scripts, and put SP4 on the schedule for a
late summer or early fall deployment.
   http://www.winnetmag.com/articles/index.cfm?articleid=39259

Feature: Where to Place Your Antivirus Defenses
   Deciding whether to run a virus scanner is a "no-brainer." The key
decision is where to place it. You must place antivirus products where
attackers might introduce malicious code into your environment.
Because you probably don't have an unlimited security budget, you must
make good cost/benefit decisions about antivirus products. Your
decisions involve your entire environment--including those assets you
choose not to protect with virus scanners. However, by carefully
reviewing your networked environment, knowing which antivirus
resources you can afford to implement, and placing the virus
protection strategically, you can develop the most effective overall
protection for your organization. Learn more about this crucial aspect
of network security in Roger A. Grimes's article on our Web site.
  
 http://www.secadministrator.com/articles/index.cfm?articleid=24050&pg=1&show=799

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: What's the Purpose of the SELF Subject I See in Windows 2000
Active Directory (AD)?
   ( contributed by Randy Franklin Smith, rsmith () montereytech com )

A. The SELF subject is specific to AD--you won't find this subject in
ACLs for objects outside AD (e.g., files, folders). SELF lets you
control what users can do to their accounts. SELF comes in handy
because you can use it to define--at the organizational unit (OU)
level--which operations your users can perform on themselves; you
don't need to edit each user object's ACL.

Child objects (e.g., user accounts) in an OU inherit the permissions
that you set on the OU. Therefore, if you want to let all users in an
OU perform certain operations on their accounts, you can create an
OU-level access control entry (ACE) for which the subject is SELF and
the "Apply onto" field is User objects. For example, if you want users
in the SalesReps OU to be responsible for keeping their phone numbers
and email addresses up-to-date, you can add an ACE to the SalesReps OU
that grants all its members SELF Write access to Phone and Mail
options.

==== 6. Event ====

Security 2003 Road Show
   Join Mark Minasi and Paul Thurrott as they deliver sound security
advice at our popular Security 2003 Road Show event.
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw07Kz0AH

==== 7. New and Improved ====
   by Sue Cooper, products () winnetmag com

Leave the Monitoring to Professionals
   I-Trap announced the I-Trap Internet security service, which
combines an onsite appliance with offsite monitoring to provide
intrusion detection and an external-to-the-firewall attack detection
system. The solution sniffs the packets of incoming data for
signatures of software code that intruders use. I-Trap routes the
network activity data to the servers at I-Trap's 24-hour Network
Operation Center (NOC), which filters and makes data available to you
in real time, through detailed online reports. I-Trap's security
professionals review your network activity for threats and, when
indicated, alert you and remotely reconfigure the network or firewall
to block the threat. Contact I-Trap at 888-658-8727, 330-658-1040, or
service () i-trap net.
   http://www.i-trap.net

Use Plant DNA Code to Authenticate Users
   Applied DNA Sciences announced Applied DNA Security Access System,
which employs biotechnology to identify users and authenticate their
credit card-type media. The technology integrates unique nonhuman DNA
code into a nonsilicon-based microchip, creating a DNA security access
microchip. Only the proprietary DNA Chip Reader can read the security
access microchip. Without authentication, the product into which the
microchip is embedded won't let the user proceed. Possible uses of the
System include ID verification, card counterfeit protection, and
personnel access control. Contact Applied DNA Sciences at 310-860-1362
or info () adnas com.
   http://www.adnas.com

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

==== 8. Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: How to Issue Certificates with an Offline CA
   (Five messages in this thread)

A user wants to know whether the Certificate Authority (CA)
administrator can create and issue browser certificates on behalf of
clients, thereby keeping the client off the CA. He needs to be able to
issue certificates from an offline standalone CA, so he would like to
create browser certificates for clients and issue them through email.
Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=60021

==== Sponsored Link ====

FaxBack
   Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)
   http://list.winnetmag.com/cgi-bin3/DM/y/eRPA0CJgSH0CBw0BAoJ0AL

===================

==== 9. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
 today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup


Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.