Windows & .NET Magazine Security UPDATE--September 24, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Avatier
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCmm0AP

NETIQ...The Anti-Spam
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCmn0AQ

====================

1. In Focus: Evaluating Intrusion Detection Systems

2. Security Risks
     - Buffer-Overflow Vulnerability in WideChapter Internet Browser
       for Windows
     - Directory Traversal Vulnerability in Plug & Play Web Server for
       Windows

3. Announcements
     - Get Problem-Solving Scripts That Will Simplify Your Life
     - New Web Seminars on Exchange, Active Directory, and More!

4. Security Roundup
     - Feature: RPC Security Round 2: Cleaning Up After the Latest RPC
       Vulnerability
     - Feature: Group Policy Changes in Windows Server 2003

5. Security Toolkit
     - Virus Center
     - FAQ: How Can I Work Around LDAP Administration Limits?

6. Event
     - New--Mobile & Wireless Road Show!

7. New and Improved
     - Secure Access to Your Applications
     - Reveal Your Enterprise's Security State
     - Tell Us About a Hot Product and Get a T-Shirt

8. Hot Threads
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Exchange 2003 SMTP Server Authentication
           Problem
      - HowTo Mailing List
         - Featured Thread: Seeking Free Auditing Software

9. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Avatier ====
   Guarantee Dormant Account Termination For $995
   When someone leaves your organization, how do you guarantee their
access is removed from all systems?
   Can you ensure access to your network is compliant with regulations
stemming from HIPAA, Homeland Security, and the Sarbanes-Oxley Act?
   Account Terminator is a web-based Identity Management application
that allows your staff to securely disable or delete user accounts
across all platforms in real time. These platforms include the most
popular operating systems, directories, applications, and databases.
   For only $995.00 per platform, Account Terminator can be securely
delegated to your IT or HR staff or even automated. Other core
features include auditing, alerting, scheduled reporting, parallel
processing, "Delayed" deletes, account enable, and guaranteed
transaction queuing when a destination host is unreachable.
   Experience a live demo preview of Account Terminator now:
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCmm0AP

====================

==== 1. In Focus: Evaluating Intrusion Detection Systems ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

Certainly, you all have at least one firewall in place on your
network, and most of you probably have several. However, you might not
use an Intrusion Detection System (IDS) on your network in addition to
your firewall. I think an IDS is a good idea because it offers more
information about events on your network than a firewall alone does.

I recently learned about a couple of great reports on IDSs, and you
might want to read them to gain some technical insight into a few
popular IDSs. The reports, published by NSS Group (a network and
security testing organization), cover IDSs for 10Mbps/100Mbps Ethernet
and Gigabit Ethernet networks. For each IDS, NSS Group looked at the
architecture, installation process, configuration routine,
manageability, event handling, event analysis, and alert reporting.

To test the IDSs, NSS Group established a test environment comprising
several products specifically designed for testing and analysis:
Network Critical Solutions' Critical TAPs to tap into the ports on a
network switch; Spirent Communications' (formerly Caw Networks')
WebAvalanche and WebReflector to generate high traffic loads that
simulate a variety of network traffic and conditions including browser
use, differing traffic speeds, packet loss, user input delay, and
aborted transactions; and Spirent's SmartBits to measure network
performance. The products and how NSS Group used them are described in
more detail in the reports' appendices.

The 10Mbps/100Mbps Ethernet IDS report is NSS Group's fourth report on
these products. The products tested were Cisco Systems' IDS 4235
Sensor 4.0, Internet Security Systems' (ISS's) Proventia A201, NFR
Security's NID-310 3.2.1, and Snort 2.0.

The Gigabit Ethernet IDS report is NSS Group's second report on these
products and covers ISS's RealSecure Gigabit Network 7.0, NetScreen
Technologies' NetScreen-IDP 500 2.1; NFR's NID-320 3.2.1; and Symantec
ManHunt 3.0.

NSS Group's reports review each product in detail, revealing precisely
how the IDS faired in the test environment and showing the product's
strong points and weak points under various attack conditions during
various load conditions. The reports also provide the testers'
opinions of the various products.

The reports are great resources if you're weighing various products
for use on your network. The benchmarking is revealing. Even if you
already have an IDS, the reports are a great way to see how your
product stacks up against others. And the reports contain tidbits of
general security-related information that you might not be aware of.

In addition to the IDS reports, NSS Group offers a new report on eight
public key infrastructure (PKI) solutions as well as December 2002
reports on six firewalls and five vulnerability-assessment products.
You can find all the reports at the NSS Group Web site and read them
online after filling out and submitting a simple form or purchase
copies of the reports in PDF format or on CD-ROM.
   http://www.nss.co.uk

====================

==== Sponsor: NETIQ...The Anti-Spam ====
   Remember When Spam Just Bugged You? Now it's sucking you dry. Fight
back. MailMarshal from NetIQ zaps spam. Dead. The most comprehensive
spam-busting software on the planet, NetIQ MailMarshal has proprietary
detection and analysis tools, plus robust reporting and management
functions. It's more than just anti-spam--it's a total e-mail content
filtering system. Download a free copy of our white paper,
"Controlling Spam" at
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCmn0AQ
   And tell those pesky spammers to bug off.

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Buffer-Overflow Vulnerability in WideChapter Internet Browser for
Windows
   Bahaa Naamneh discovered that a vulnerability in Wintel's
WideChapter for Windows Internet browser can result in the execution
of arbitrary code on the vulnerable system. By initiating a long HTTP
request, an attacker can cause a buffer overflow in WideChapter. This
overflow permits modification of the Execution Instruction Point,
which lets the attacker execute arbitrary code. Wintel has been
notified.
   http://secadministrator.com/articles/index.cfm?articleid=40296

Directory Traversal Vulnerability in Plug & Play Web Server
   Bahaa Naamneh discovered that a vulnerability in Plug & Play
Software's Plug & Play Web Server can result in unauthorized read
access to any file located on the vulnerable server. By using the
"../" or "..\" string in a URL, an attacker can gain read access to
any file that resides outside the intended Web-published file system
directory. Plug & Play Software has been notified.
   http://secadministrator.com/articles/index.cfm?articleid=40295

====================

==== Sponsor: Virus Update from Panda Software ====
   Check for the latest anti-virus information and tools, including
weekly virus reports, virus forecasts, and virus prevention tips, at
Panda Software's Center for Virus Control.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BBlT0Aw
   Viruses routinely infect "fully protected" networks. Is total
protection possible? Find answers in the free guide HOW TO KEEP YOUR
COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
networks, what they do, and the most effective weapons to combat them.
Protect your network effectively and permanently - download today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BBDp0Ak

====================

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Get Problem-Solving Scripts That Will Simplify Your Life
   OK, so you're not a programmer. But if you read Windows Scripting
Solutions every month, you don't need to be. Tackle common problems
and automate everyday, time-consuming tasks with our simple tools,
tricks, and scripts. Try a no-charge sample issue today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCiZ0A1

New Web Seminars on Exchange, Active Directory, and More!
   Check out the latest lineup of Web seminars from Windows & .NET
Magazine. Prepare your enterprise for Exchange Server 2003, discover
the legal ramifications of deterring email abuse, and find out how
Active Directory can help you create and maintain a rock-solid
infrastructure. There is no charge for these events, but space is
limited, so register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw02lB0AI

==== 4. Security Roundup ====

Feature: RPC Security Round 2: Cleaning Up After the Latest RPC
Vulnerability
   The MSBlaster (LoveSan) saga prompted a thorough analysis of
Microsoft's implementation of remote procedure call (RPC) processing.
During the analysis, several security firms uncovered three
additional, and potentially nasty, vulnerabilities in how the RPC
service processes malformed RPC requests. Learn how to clean your
systems to defend against RPC-based attacks in this article by Paula
Sharick.
   http://www.secadministrator.com/articles/index.cfm?articleid=40272

Feature: Group Policy Changes in Windows Server 2003
   Group Policy introduced the ability to control a wealth of computer
and user-environment settings by Active Directory (AD) group (i.e., by
site, domain, or organizational unit--OU) rather than by computer or
user. For example, you can configure Group Policy Objects (GPOs) to
standardize security policies for an entire OU and restrict users'
ability to reconfigure their desktop computers. Unfortunately,
Microsoft's implementation of all that power was imperfect. For
example, Windows 2000 Server's Group Policy management tools don't
provide a comprehensive view of GPO deployment and its effects.
Windows Server 2003 tries to remedy Group Policy's shortcomings
through several new GPO options and two GPO administration tools.
Learn more about them in this article by Joe Rudich.
   http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39987

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: How Can I Work Around LDAP Administration Limits?
   contributed by Steve Seguis, scriptmaster () scripthorizon com

You can use the ntdsutil.exe command (which is in the Support tools
folder on the Windows 2000 Server installation CD-ROM) to set the
MaxPageSize Lightweight Directory Access Protocol (LDAP) policy to a
higher number so that userstatusrpt.vbs returns all your users. For
more details, refer to the Microsoft article "HOW TO: View and Set
Lightweight Directory Access Protocol Policies by Using Ntdsutil.exe
in Windows 2000" ( http://support.microsoft.com/?kbid=315071 ).

If your users are divided among organizational units (OUs) that each
contain no more users than the maximum number that an LDAP query can
return, you can simply run the script for each OU. For example, if you
have a top-level OU called Department and three OUs beneath it called
IT, Engineering, and Sales, and all your users are divided among these
OUs, you can run the script three times in succession, once for each
OU. Each time, you would specify a different baseDN and output file
appropriate for that particular OU. Here are three sample commands
that you would run one after the other to generate a complete report:

userstatusrpt.vbs "OU=IT,OU=Department,OU=DOMAIN,OU=COM" it.csv
userstatusrpt.vbs "OU=Engineering,OU=Department,OU=DOMAIN,OU=COM"
eng.csv
userstatusrpt.vbs "OU=Sales,OU=Department,OU=DOMAIN,OU=COM" sales.csv

==== 6. Event ====

New--Mobile & Wireless Road Show!
   Learn more about the wireless and mobility solutions that are
available today! Register now for this free event!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BA8Y0AA

==== 7. New and Improved ====
   by Sue Cooper, products () winnetmag com

Secure Access to Your Applications
   Citrix Systems announced Citrix MetaFrame Password Manager, which
will provide password security and single sign-on (SSO) access to
heterogeneous environments that include Windows, Web, proprietary, and
host-based applications. The software lets users log on to any
password-protected information system, enforces password policies,
monitors password-related events, manages password changes, and
generates complex and random passwords for users without complex
scripting or application-level integration. Availability is scheduled
for this month. Contact Citrix Systems at 800-424-8749 or
954-267-3000.
   http://www.citrix.com

Reveal Your Enterprise's Security State
   NetVision released NVAssess, a vulnerability-assessment tool for
Microsoft and Novell environments. The software lets you scan, audit,
and receive reports regarding the security status of your directories,
servers, and applications. NVAssess's NetVision Policy Enforcement
Engine can automatically discover and fix any deviations from your
defined policies and threshold levels. You can implement NVAssess as a
standalone tool or as part of NetVision's Integrated Security Policy
Management system. Pricing starts at $9 per user. Contact NetVision at
877-828-9180, 801-764-0400, or info () netvision com.
   http://www.netvision.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

==== 8. Hot Threads ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Exchange 2003 SMTP Server Authentication Problem
   (1 message in this thread)

Reader jandrake writes that he has an environment that includes
Microsoft Exchange Server 2003, Active Directory (AD), and Microsoft
IIS with Microsoft Outlook Web Access (OWA). The services are all
installed on one system that has two IP addresses. The reader wants to
configure the system so that it has two SMTP servers, one on each of
the assigned IP addresses. He wants DNS to publish one SMTP server for
inbound SMTP traffic only. The server would allow only anonymous
connections and disallow relaying for everybody. He wants to use the
second SMTP server for email from employees outside the firewall. He
also wants the traffic to that server encrypted and authentication
required and the server to allow relaying for authenticated users.
Jandrake's problem is that he can't get the second virtual server to
require authentication. When he enables anonymous access on the
server, all mail routes through and relaying is enabled for everyone.
However, when he locks down the SMTP server in any way, he sees errors
regarding a failure to authenticate. These problems occur when he's
testing the server with a correctly configured Outlook 2002 client.
Lend a hand or read the responses:
   http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=63319

HowTo Mailing List
   http://63.88.172.96/listserv/page_listserv.asp?s=howto

Featured Thread: Seeking Free Auditing Software
   (7 messages in this thread)

Jeffery Jacob wonders whether anyone knows of a freeware security
audit tool besides Microsoft Baseline Security Analyzer (MBSA). He
needs a tool that will check system configurations, event logs,
network settings, and so on. He prefers that the tool be able to scan
remote machines and store data in a central repository so that he
doesn't have to install auditing software locally on each system. Lend
a hand or read the responses. The message thread starts at
   http://63.88.172.127/listserv/page_listserv.asp?a1=ind0309b&l=howto

The thread continues at
   http://63.88.172.127/listserv/page_listserv.asp?a1=ind0309c&l=howto

===================

==== Sponsored Links ====

Aelita Software
   Free message-level Exchange recovery web seminar October 9th
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCKG0AD

CrossTec
   Free Download - NEW NetOp 7.6 - faster, more secure, remote support
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BBnb0AE

MailFrontier
   Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecud0CJgSH0CBw0BCEC0A2

===================

==== 9. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Security Administrator, the
print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup


Thank you for reading Security UPDATE!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.