Windows & .NET Magazine Security UPDATE--May 28, 2003

[InfoSec News <isn () c4i org>]

=================================

==== This Issue Sponsored By ====
Research in Motion
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw0BAOr0AM

Windows & .NET Magazine
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw06Kw0A5

=================================

1. In Focus: Security Tools: Everybody Has Favorites

2. Security Risks
     - DoS in Cisco IOS

3. Announcements
     - Get Windows 2003 Active Directory Answers in a New eBook!
     - Back by Popular Demand--Windows & .NET Magazine's Security Road
       Show!

4. Security Roundup
     - News: Microsoft Launches Virus Information Center as Deceptive
       Worm Floods Inboxes
     - Feature: Improve Security with XP's Command-Line Tools
     - Feature: The Security of EFS

5. Instant Poll
     - Results of Previous Poll: Managing Junk Mail
     - New Instant Poll: Windows Update and SUS

6. Security Toolkit
     - Virus Center
     - FAQ: What Are the Differences Between Usrmgr.exe and
       Musrmgr.exe?

7. Event
     - Windows & .NET Magazine Web Seminar
 
8. New and Improved
     - Remove Risks in P2P File Sharing and IM Applications
     - Inoculate Windows 2003
     - Submit Top Product Ideas

9. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Continuous Password Attacks

10. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Research in Motion ====

   NEW BLACKBERRY SECURITY WHITE PAPER
   Prevent wireless handhelds from compromising your enterprise
security! Download the BlackBerry Security White Paper for Microsoft
Exchange and learn how the BlackBerry security architecture addresses
data encryption, corporate firewalls, lost devices, and other critical
security concerns.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw0BAOr0AM

====================

==== 1. In Focus: Security Tools: Everybody Has Favorites ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

Handling information security is a tedious task. Having decent tools
at your disposal makes the job easier to accomplish. Of course, some
tools are more valuable than others, depending on the tasks at hand.

You probably use some of the many security tools available today--to
secure cross-network communication links, network borders and
segments, servers, workstations, mobile devices, data storage systems,
forensics, and more. Tool developers and vendors tout their wares, but
what they say about their tools doesn't always provide enough insight
into what a hands-on experience with a given tool might be like.

You've probably found choosing which tools to use in a given scenario
a challenge. One must review the possibilities, ask for
recommendations, then investigate the most suitable tools to see which
might meet a given set of needs. Nevertheless, you probably have a few
favorites--depending on which tasks you need to perform.

As a publisher of computing-related information, our publications
review tools and present information about those tools in as unbiased
a fashion as possible. But we can review only a fraction of the many
tools available. At the same time, hundreds of thousands of people
read our publications, and vast numbers of you have accumulated great
hands-on experience with various security-related tools. Because many
of you who read this newsletter are probably administrators who deal
at some level with information security, I'm asking you what your
favorite security tools are.

Given the broad range of security tools available, I plan to leave the
question wide open. I've no way of knowing which variables affect your
network environment and your work--and thus your choice of tools.
Perhaps you depend upon a particularly useful authentication tool,
Wi-Fi (the 802.11b wireless standard) tool, encryption tool, Intrusion
Detection System (IDS), firewall, packet analyzer, file system
analyzer, scanner, Web protection, database protection, log analyzer,
or spam prevention technology. Rather than developing a list of
possible categories, I'm asking you to nominate the tools that serve
you best.

Whether you have one favorite tool or many, you probably like them
because they're useful. Your experience can help others who might need
such tools.

If you're a security administrator (no developers or vendors, please),
I hope you'll take time to send me an email message listing your
favorite one or two tools (respond anonymously if you prefer). Prefix
the subject of your response with "[Tools]" so that I can more easily
gather the email messages and tally the results. In the body of the
message, please list each of your favorite tools, and for each tool
include the tool name; URL for each tool if possible; the platforms it
runs on; whether the tool is commercial, shareware, or freeware; and a
paragraph about the tasks it handles successfully. After June 12, I'll
compile your responses and let you know the results when they're
available.

==========================================

==== Sponsor: Windows & .NET Magazine ====

Microsoft Mobility Tour
   If you were too busy to catch our Microsoft Mobility Tour event in
person, now you can view the Webcast archives for free! You'll learn
more about the available solutions for PC and mobile devices and
discover where the mobility marketplace is headed.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw06Kw0A5

==========================================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

DoS in Cisco IOS
   Cisco Systems' IOS software contains a vulnerability that might
result in a Denial of Service (DoS) attack. This vulnerability stems
from a flaw in the Service Assurance Agent, also known as the Response
Time Reporter (RTR). By sending a malformed RTR packet to the router,
a potential attacker can crash the router. Cisco has released an
advisory and free upgrades for affected customers, which can be
obtained through the usual support channels.
   http://www.secadministrator.com/articles/index.cfm?articleid=39055

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Get Windows 2003 Active Directory Answers in a New eBook!
   The first chapter of Windows & .NET Magazine's latest eBook,
"Windows 2003: Active Directory Administration Essentials," is now
available at no charge! Chapter 1 delves into Windows Server 2003 and
focuses on what's new and improved with Active Directory. Expert
Jeremy Moskowitz discusses which AD features might be important to you
(and why). Download it now!
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw0BALs0AK

Back by Popular Demand--Windows & .NET Magazine's Security Road Show!
   Join the Windows & .NET Magazine 2003 Security Road Show (a free
in-person event), and hear Mark Minasi and Paul Thurrott detailing how
to attack your security problems head on. You'll learn 12 tips for
securing a Windows 2000 network, discover the future of Microsoft's
security strategy from Windows Server 2003 and beyond, and more!
Register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw07Kz0AA

==== 4. Security Roundup ====

News: Microsoft Launches Virus Information Center as Deceptive Worm
Floods Inboxes
   Microsoft, Network Associates (McAfee's parent company), and Trend
Micro announced that they've formed an initiative called the Virus
Information Alliance (VIA), a new way for customers to get information
about virus threats that affect Microsoft technology. The VIA
announcement is well timed; a new network worm called Palyh is
spreading quickly through email and LANs.
   http://www.secadministrator.com/articles/index.cfm?articleid=39060

Feature: Improve Security with XP's Command-Line Tools
   If you've rolled out Windows XP in your organization or plan to do
so, certain tools will help you monitor, manage, and secure your XP
installations. Microsoft has beefed up several familiar GUI and
command-line tools and added some new ones. Microsoft has chosen not
to ship utilities with the "Microsoft Windows XP Resource Kit."
Instead, the company has moved the more useful utilities from the
"Microsoft Windows 2000 Resource Kit" and the "Microsoft Windows NT
4.0 Resource Kit" into the base XP OS and into the Support Tools
folder on the installation CD-ROM.
   http://www.secadministrator.com/articles/index.cfm?articleid=25014

Feature: The Security of EFS
   Encrypting File System (EFS), which Microsoft introduced in Windows
2000, is a surprisingly powerful and robust technology that lets users
protect their sensitive data from unauthorized eyes by encrypting it.
In "Securing Win2K with Certificate Services," September 2001,
http://www.secadministrator.com , InstantDoc ID 22113, John Howie
described how Microsoft's public key infrastructure (PKI) product,
Certificate Services, worked and showed you how you can improve your
network's security by leveraging the service as an Enterprise
Certification Authority (CA). In this follow-up article, Howie shows
you how to leverage the features that (EFS) offers by tying it into
your PKI.
   http://www.secadministrator.com/articles/index.cfm?articleid=24051

=====================
==== Hot Release ====

Hewlett-Packard
   HP OpenView for Windows Test Drive
   Monitor the availability and performance of your corporate website
-- FREE for 30 days, using powerful HP OpenView management software
for Windows. Simulate activity. Monitor complex transactions. Meet
business demands. Manage web services. Click here.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw08fJ0Ao

=====================

==== 5. Instant Poll ====

Results of Previous Poll: Managing Junk Mail
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Does your company use junk-mail filtering technologies?" Here are the
results from the 155 votes.
   -  1% Yes--Whitelists
   -  8% Yes--Blacklists
   - 21% Yes--Mail filters
   - 40% Yes--Two or more of the above
   - 30% No

New Instant Poll: Windows Update and SUS
   The next Instant Poll question is, "Do you use either Windows
Update or Software Update Services (SUS)?" Go to the Security
Administrator Channel home page and submit your vote for a) Yes, b)
Yes--We also use a third-party update tool, c) No, or d) No--We use
only a third-party update tool.
   http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: What Are the Differences Between Usrmgr.exe and Musrmgr.exe?
   contributed by Jan De Clercq, jan.declercq () hp com

User Manager (musrmgr.exe) is a Windows NT Workstation 4.0 tool for
managing a workstation's accounts (also known as local accounts). User
Manager for Domains (usrmgr.exe) is an NT Server 4.0 tool for
administering an NT domain's accounts (also known as domain accounts).

Musrmgr is a reduced functionality version of Usrmgr. When you work
with a workstation, many of the options for NT domains don't apply, so
you don't need the extra features that Usrmgr provides. Unlike
Musrmgr, Usrmgr can be used to administer domain accounts, global
groups, and trust relationships.

Usrmgr is the only tool a domain administrator really needs. You can
use Usrmgr to manage not only domain accounts but also local accounts
stored in the SAM of workstations and member servers. To connect to
another SAM, simply choose Select Domain from the User menu. In the
resulting dialog box, you can select a domain or type the name of a
workstation or member server to whose SAM you want to connect. If you
type the machine name, make sure that you precede it with two
backslashes.

If your primary computer is an NT workstation and you'll regularly
administer domain accounts from this machine, you can install Usrmgr
on it. To do so, go to the \Clients\Srvtools\Winnt directory on the NT
Server 4.0 CD-ROM on your workstation and execute the Setup.bat file.
   http://www.secadministrator.com/articles/index.cfm?articleid=25021

==== 7. Event ====

Windows & .NET Magazine Web Seminar
   How can you reclaim 30% to 50% of Windows server space? Attend the
newest Web seminar from Windows & .NET Magazine and discover the
secrets from the experts.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQ6U0CJgSH0CBw06A10Ak

==== 8. New and Improved ====
   by Sue Cooper, products () winnetmag com

Remove Risks in P2P File Sharing and IM Applications
   Akonix Systems announced Akonix Enforcer, software that helps
eliminate the security and corporate liability risks associated with
unsanctioned peer-to-peer (P2P) file-sharing and public Instant
Messaging (IM) applications. Using a protocol signature matching
technology, the software blocks unsanctioned file transfers from
entering or leaving your network through P2P and IM, protecting your
company from potential liability for copyright infringements, for
excessive bandwidth consumption, and for the transmission of viruses,
Trojan horses, or installed spyware. Akonix Enforcer will be available
in early June. Contact Akonix Systems at 619-814-2330 or
sales () akonix com.
   http://www.akonix.com

Inoculate Windows 2003
   Panda Software announced Panda Antivirus for Windows Server 2003.
The software operates in both 32-bit and 64-bit environments and
adapts to the Active Directory Service (ADS) in Windows 2003. You can
detect and disinfect viruses even in Encrypting File System (EFS)
files. Features include automatic daily updates and centralized and
remote management. The real-time scanner's core engine is
multithreaded and uses multiple channel scanning technology optimized
for parallel scanning on multiprocessor servers. Contact Panda
Software at 800-603-4922, 818-543-6901, or info.usa () pandasoftware com.
   http://www.pandasecurity.com

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

==== 9. Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Continuous Password Attacks
   (Two messages in this thread)

A user writes that he's administering a Microsoft Exchange 2000 Server
with Microsoft Outlook Web Access (OWA) enabled. Continuous failed
attempts from various IP addresses to log on as Administrator and with
other usernames (about five attempts per hour, about 10 usernames
being rotated) seem to indicate a concerted effort to break in by
guessing passwords. Apart from blocking the offending IP addresses in
his router, does anyone have a good strategy to deal with this type of
attack? His company doesn't want him to disable OWA. Lend a hand or
read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=58348

==== 10. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
 today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.