Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, March 12, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 13 Mar 2003 02:50:30 -0600 (CST)
********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows Server 2003, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

More e-Security - Less Money
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DU0Az

CipherTrust
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DV0A1
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: MORE e-SECURITY - LESS MONEY ~~~~
   Pay 2/3 less than the industry leader for Strong (two-factor)
Authentication for VPN and Web using the Authenex A-Key(tm) USB token.
Plus with the same A-Key USB Token, you can leverage an entire suite
of strong e-Security applications, including: Web Access Control,
Endpoint Encryption to protect either files or the entire hard drive,
Secure File Exchange, and Storage for Digital Certificates. Click now
for a FREE A-Key USB Token.
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DU0Az
~~~~~~~~~~~~~~~~~~~~

March 12, 2003--In this issue:

1. IN FOCUS
     - Concise Security Knowledge Available Online

2. SECURITY RISKS
     - Multiple Vulnerabilities in Minihttp's Forum Web Server
     - Content Bypass Vulnerability in Clearswift's MAILsweeper

3. ANNOUNCEMENTS
     - Networld+Interop Las Vegas 2003--Conference: April 27-May 2,
       Exhibition: April 29-May 1
     - Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT
       Challenges, March 31, 2003

4. SECURITY ROUNDUP
     - News: Survey Says: Viruses and System Intrusion Among Top
       Concerns
     - Feature: Nmap Your Network

5. HOT RELEASES (ADVERTISEMENTS)
     - eToken USB-based 2-Factor Authentication
     - Next-Generation Firewall Appliances Keep Pace
     - Increase Security Today with RippleTech's PatchWorks!

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: When I Right-Click an NTFS Volume, Why Can't I See the
       Quota Tab?

7. NEW AND IMPROVED
     - Automate Your Patch Management
     - Install Antivirus Defense at the Gateway
     - Submit Top Product Ideas

8. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: User Continually Locked Out After Browsing
           Network

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* CONCISE SECURITY KNOWLEDGE AVAILABLE ONLINE

If you're looking for help securing Windows Server 2003, Windows 2000
Server, Microsoft SQL Server, Microsoft Exchange Server, and other
related technologies, several online sources of information can assist
you. Some of the resources I discuss are chapters excerpted from
books, and others are entire books available online for free.

Last week, Erik Birkholz announced that a discussion among colleagues
at the recent Black Hat Windows Security 2003 conference convinced him
to release a chapter from the upcoming book "Special Ops: Host and
Network Security for Microsoft, UNIX, and Oracle," a book that he
developed with the help of several knowledgeable authors. Birkholz
released Chip Andrews' Chapter 12, "Attacking and Defending the
Microsoft SQL Server." The chapter offers 38 pages of highly useful
information.

As the chapter title implies, the material covers a wealth of tactics
you can use to attack and defend SQL Server. The discussion delves
into information such as server instances, authentication, network
libraries, security principles for SQL Server, server discovery and
related tools, acquiring accounts for security contexts, escalating
privileges, exploiting unpatched vulnerabilities, configuring a secure
installation, monitoring, and maintenance. You can find the chapter in
PDF format at the Special Ops Internal Network Security Web site.
   http://www.specialopssecurity.com

Also last week, Paul Robichaux released three chapters of his new
book, "Secure Messaging with Microsoft Exchange Server 2000." He calls
the book a "broad guide to securing Exchange-based systems, beginning
with risk and vulnerability assessment and continuing through applying
communications security, patch management, and service-specific
approaches to make Exchange systems more secure." He also said, "I had
a lot of help from the Exchange development and support team while
writing the book, and there's a great deal of material there that
isn't widely available elsewhere."

The three sample chapters are "Windows & Exchange Security
Architecture," "Threat & Risk Assessment," and "SMTP, Relaying, and
Spam Control." The security-architecture chapter covers built-in
accounts and groups, what happens during the logon process, how
Exchange modifies the Windows discretionary ACL (DACL) evaluation
process, Exchange-specific permissions, roles, mailboxes, public
folders, and more.

The threat-assessment chapter discussion includes identifying threats,
threat classification, possible courses of action, and risk
assessment. The SMTP chapter covers mail relaying--explaining why mail
relaying might be necessary, how it can lead to trouble, and how to
control it. The chapter also discusses how to deal with unwanted
email, including how to use Exchange's built-in email filters. The
chapters are available in PDF format at the E2K Security Web site.
   http://www.e2ksecurity.com

Realtimepublishers.com is another excellent resource for online
security information. Sean Daily, president and CEO of the company,
has published many guidebooks related to enterprise computing--and
several of them pertain directly to security. You can read them in
their entirety online by simply registering for access. At the
company's Web site, you'll find security-related titles such as "The
Definitive Guide To Windows 2000 Security," "The Definitive Guide To
Windows 2000 Group Policy," "The Definitive Guide To Identity
Management," "The Tips and Tricks Guide To Securing .NET Server," and
"The Tips and Tricks Guide To Windows 2000 Group Policy."
Realtimepublishers.com has about 2 dozen eBooks online, and more are
in the works.
   http://www.realtimepublishers.com

Overall, you can find a lot of information online about securing your
particular platform--from white papers and checklists to chapters and
entire books. Check out the publications I mention; they're among the
most timely resources available. And if you know about other new
publications I didn't mention, send me an email with the details.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: CIPHERTRUST ~~~~
   Top 10 Techniques To Control Spam
   Stop spam! There are ways to secure and reclaim your mail server(s)
before spam and other email threats become security issues. Don't
leave your email systems vulnerable. This whitepaper provides the TOP
10 TECHNIQUES to Control Spam in the enterprise. Request your copy
today!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DV0A1
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* MULTIPLE VULNERABILITIES IN MINIHTTP'S FORUM WEB SERVER
   Dennis Rand discovered that three vulnerabilities exist in
Minihttp's Forum Web Server 1.60. The first lets a potential attacker
access files that reside outside the restricted area of the server.
The second permits insertion of malicious HTML and JavaScript into
existing Web pages (Cross Site Scripting). The third makes it possible
to steal other users' username and password. The vendor, Minihttp has
released Forum Web Server 1.61, which isn't vulnerable to this
condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=38333

* CONTENT BYPASS VULNERABILITY IN CLEARSWIFT'S MAILSWEEPER
   Martin O'Neal discovered that a vulnerability exists in
Clearswift's MAILsweeper 4.x that could result in the bypass of the
attachment-blocking feature on the vulnerable server. If an attacker
uses a deliberately malformed MIME encapsulation technique, the
MAILsweeper product won't recognize the attachment and lets it pass.
The vendor has made an updated script utility available that can
detect the malformed MIME header used in this vulnerability. You
should implement this utility as a workaround until a fix or patch is
available.
   http://www.secadministrator.com/articles/index.cfm?articleid=38334

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* NETWORLD+INTEROP LAS VEGAS 2003--CONFERENCE: APRIL 27-MAY 2,
EXHIBITION: APRIL 29-MAY 1
   Networld+Interop, the definitive networking event of the year,
brings together high-level buyers in networking, security, wireless,
VoIP, and network storage technologies with industry leading companies
and their products and services. Call 888.886.4057 or register now at:
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08Bg0AH

* PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT
CHALLENGES, MARCH 31, 2003
   Annual executive conference highlights the increased focus on IT
security in global pharmaceutical enterprises. Networking, case
studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and
other top-decision-makers leverage pharmaceutical IT solutions
successfully. Keynote presentations by executives from Aventis,
Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of
Health & Human Services.
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw07QH0Ay

4. ==== SECURITY ROUNDUP ====

* NEWS: SURVEY SAYS: VIRUSES AND SYSTEM INTRUSION AMONG TOP CONCERNS
   VanDyke Software announced the results of a security-related survey
commissioned through Saurage Research. Saurage contacted 710 small and
midsized businesses in fourth quarter 2002 to learn about their
priorities in protecting their enterprises.
   http://www.secadministrator.com/articles/index.cfm?articleid=38256

* FEATURE: NMAP YOUR NETWORK
   Port scanning offers security professionals and systems
administrators a fast and effective way to identify which services or
applications their servers have open to the Internet or another
network. Jeff Fellinge's article on our Web site teaches you how to
use Nmap to scan your network.
   http://www.secadministrator.com/articles/index.cfm?articleid=23655

5. ==== HOT RELEASES (ADVERTISEMENTS) ====

* eTOKEN USB-BASED 2-FACTOR AUTHENTICATION
   eToken from Aladdin offers simple, reliable and affordable 2-factor
authentication for secure network logon, VPN access, web access,
e-mail, and PC security. No reader or server required to securely
store users' passwords, keys, and certificates.
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw076g0A3

* NEXT-GENERATION FIREWALL APPLIANCES KEEP PACE
   Want faster network throughput without the security bottleneck?
This new WatchGuard(R) white paper includes criteria for evaluating
next-generation firewall appliances that keep pace with the fastest
networks and provide the security required by large, distributed
 enterprises.
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw08DW0A2

* INCREASE SECURITY TODAY WITH RIPPLETECH'S PATCHWORKS!
   Struggling to find time for patch management? PatchWorks makes it
easy to remotely manage and deploy security updates, hotfixes and
service packs. For research, software inventory, policy enforcement
and more, try PatchWorks FREE today!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePzp0CJgSH0CBw076f0A2

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: WHEN I RIGHT-CLICK AN NTFS VOLUME, WHY CAN'T I SEE THE QUOTA
TAB?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. If the Quota tab isn't visible, your user account or group doesn't
have the Traverse Folder/Execute File right on that NTFS volume. To
resolve this problem, perform the following steps:
   1. Right-click the NTFS volume in Windows Explorer or My Computer,
then select Properties from the displayed context menu.
   2. Select the Security tab.
   3. Click the Advanced button.
   4. Select the Permissions tab.
   5. Select the entry that applies to your user account or group,
then click Edit.
   6. Under the "Apply onto" section, make sure that the "This folder,
subfolders and files" check box is selected.
   7. Select the Allow check box for Traverse Folder/Execute File
permissions, then click OK.
   8. Click OK to close all dialog boxes.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* AUTOMATE YOUR PATCH MANAGEMENT
   Shavlik Technologies released HFNetChkPro 4.0, an automated patch
management solution that Shavlik originally developed for Microsoft.
HFNetChkPro scans your entire network for vulnerabilities and pushes
patches as soon as an update is issued, protecting systems in
realtime. HFNetChkPro patches offline machines automatically when they
come back online. The software's third-party threat-rating system lets
you customize patch criticality and receive threat analyses and
comments about patches from security industry leaders. The Automated
PatchPush Tracker lets you view the status of the patches being pushed
as well as information about who deployed the most recent patch and
when it was deployed. HFNetChkPro 4.0 is now integrated with Active
Directory (AD). Contact Shavlik Technologies at 651-426-6624,
800-690-6911, or info () shavlik com.
   http://www.shavlik.com

* INSTALL ANTIVIRUS DEFENSE AT THE GATEWAY
   Panda Software announced the Panda Antivirus Appliance, offering
perimeter protection against inbound and outbound viruses for your
mail servers, workstations, and server hardware. Features include load
balancing and scalability, secure remote administration, automatic
daily updates, content filtering, status reports on the virus scan and
content filter, and realtime system monitoring. Protected protocols
include SMTP, HTTP, POP3, FTP, Network News Transfer Protocol (NNTP),
IMAP4, and SOCKS. Contact Panda Software at 818-543-6901, 800-603-4922
or info.usa () pandasoftware com.
   http://www.pandasoftware.us

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: User Continually Locked Out After Browsing Network
   (Two messages in this thread)

A user writes that when one user on his network attempts to browse a
mapped network drive, the user receives the following message in
Microsoft Word:

"The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you"

The user can't access the server after logging on and is somehow
locked out of his workstation. After the administrator unlocks the
user account and the user logs on again, the user is locked out again
when he tries to browse the network for server access. Do you know why
this occurs? Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=55214

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: