Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Windows & .NET Magazine Security UPDATE--September 3, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 4 Sep 2003 00:33:47 -0500 (CDT)
====================

==== This Issue Sponsored By ====

Windows & .NET Magazine Network
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0owX0AH

====================

1. In Focus: Service Pack Maintenance with Scripts

2. Security Risks
     - Buffer Overflow in Avant Browser for Windows
     - Buffer Overflow in Tullerian TftpdNT

3. Announcements
     - For Security-Minded IT Pros: Windows & .NET Magazine
       Connections
     - Special Offer from SQL Server Magazine

4. Security Roundup
     - News: SoBig.F Slows, but SoBig.G Is Coming Soon
     - Feature: SOAP/XML Firewalls

5. Instant Poll
     - Results of Previous Poll: The RPC/DCOM Worms
     - New Instant Poll: Rolling Out Service Packs

6. Security Toolkit
     - Virus Center
     - FAQ: How Do I Determine Which Programs Access Files?

7. Event
     - New--Mobile & Wireless Road Show!

8. New and Improved
     - Lock Down Your Systems
     - Control Internet Access
     - Tell Us About a Hot Product and Get a T-Shirt!

9. Hot Threads
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Security Patch Installation for MSBlaster
           Worm
     - HowTo Mailing List
         - Featured Thread: Network Security?

10. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Windows & .NET Magazine Network ====

   If You Like This Email Newsletter...
   Then be sure to check out the Windows & .NET Magazine Network.
You'll find page after page of problem-solving, time-saving articles
plus other fantastic resources like our forums, Windows IT library,
Download Central, and much, much more. Click here now!
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0owX0AH

====================

==== 1. In Focus: Service Pack Maintenance with Scripts ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

As you know, maintaining service pack levels and hotfixes on your
systems is important. Many factors affect how and when you patch your
systems. If you've tested your particular architecture and know that a
given service pack or hotfix won't adversely affect operations, you
still face the problem of how to roll out the service pack to all your
systems, especially if some of your systems are mobile and connect
only periodically.

You can roll out patches various ways. You might use Microsoft Systems
Management Server (SMS) with Software Update Services (SUS), SUS by
itself, or any of several third-party service pack and
hotfix-management tools. Also, you can ask users to patch their
systems, or you might patch systems manually. Clearly, however,
automation is the most effective rollout approach.

One efficient way to handle patch management is by using Group Policy
and scripts. You can use scripts to check a system's patch levels,
then use Group Policy to cause systems to load patches--for example,
if a system doesn't have a given patch installed. To use this
approach, you need some level of proficiency in writing script code,
which isn't hard to achieve but does require some time and focus.

Patrick Goodwin, who reads the HowTo Mailing List(see the URL below),
recently offered readers a startup boot script that he uses to help
automate service pack installation. (Goodwin's employee, Chi Kin To
wrote the script.) The script checks the OS type and service pack
level against presets written into the script code. If the system
doesn't meet conditions (e.g., Windows 2000 Service Pack 4--SP4--isn't
installed), the script places that computer in a service pack
installation group (a Group Policy Object--GPO). The original script
creates a second script on the system that schedules a system reboot
at a predetermined time (e.g., in the middle of the night when no one
uses the system). When the system reboots, the system downloads and
installs a copy of the service pack. When the same script runs again
and determines that the system has the specified service pack
installed, the script moves that system out of the service pack
installation group.
   http://63.88.172.96/listserv/page_listserv.asp?s=howto

Depending on your particular situation, you might find this script
handy. You might also consider modifying the code to fit another task
or purpose. Also, if you want to learn scripting techniques, the
script serves as a good example of how to perform various actions,
such as determining an OS type, service pack level, and GPO
membership. You can access the script to examine or use in the HowTo
for Security mailing list archives (see the first URL below). At the
second URL below, you'll find another version of the script (Chi Kin
To also wrote this version), which has additional code that checks a
machine's IP address to make sure it's connected to the local subnets
before any actions are performed. This check might be helpful for
systems connected over slow WAN links. The IP address check can ensure
that the script doesn't cause that system to try to download a huge
service pack file over a slow link.
   http://www.secadministrator.com/listserv/page_listserv.asp?a2=ind0308c&l=howto&p=3253
   http://www.secadministrator.com/listserv/page_listserv.asp?a2=ind0308d&l=howto&p=2351

You can get a head start on script writing by searching for ready-made
scripts on the Internet, by learning about scripting techniques in
various forums, and of course by reading the Windows Scripting
Solutions newsletter. (You can learn more about our scripting forum
and newsletter at the URLs below.)
   http://www.winscriptingsolutions.com
   http://www.winnetmag.com/forums/categories.cfm?catid=43

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Buffer Overflow in Avant Browser for Windows
   "Nimber" discovered a buffer-overflow condition in Avant Browser
8.02 for Microsoft Internet Explorer (IE). By causing a user to click
on a URL that's longer than 780 characters, an attacker can cause the
Web browser to crash. Avant Browser has been notified.
   http://www.secadministrator.com/articles/index.cfm?articleid=39966

Buffer Overflow in Tullerian TftpdNT
   A buffer-overflow condition in Tellurian TftpdNT Server 1.8 for
Windows NT and Windows 9x can result in the execution of arbitrary
code on the vulnerable system. This overflow occurs in the product's
parsing of a filename. Tellurian has released version 2.0, which isn't
vulnerable to this condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=40030

==== Sponsor: Virus Update from Panda Software ====

   Check for the latest anti-virus information and tools, including
weekly virus reports, virus forecasts, and virus prevention tips, at
Panda Software's Center for Virus Control.

   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBlT0AN

   Viruses routinely infect "fully protected" networks. Is total
protection possible? Find answers in the free guide HOW TO KEEP YOUR
COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
networks, what they do, and the most effective weapons to combat them.
Protect your network effectively and permanently - download today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBDp0AB

====================

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

For Security-Minded IT Pros: Windows & .NET Magazine Connections
   Have you ever been hacked? Are Windows Server 2003's improved
security features worth the migration effort? Want to stop spam? Learn
the answers to these questions and more at Windows & .NET Magazine
Connections. Stay competitive by investing your time in the latest
technologies, tips, and tricks. Register today, save money, and
receive access to concurrently running Exchange Connections.
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0KXQ0A2

Special Offer from SQL Server Magazine
   SQL Server Magazine presents the SQL Server Technical Education
Package, including a 1-year print subscription to SQL Server Magazine,
full SQL Server Magazine Web site access, and a 1-year subscription to
the SQL Server Magazine Master CD (2 CDs), for only $39.95! Click here
for this incredible limited-time offer!
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKs0AM

==== 4. Security Roundup ====

News: SoBig.F Slows, but SoBig.G Is Coming Soon
   SoBig.F, the fastest-spreading email virus in history, has slowed
down somewhat, but security experts warn that replicated viruses could
launch a new wave of attacks soon. SoBig.F's creator designed the
virus to unleash two broad attacks, either of which could have
temporarily crippled the Internet, but security experts were able to
protect against the assaults, rendering them ineffective. Before the
virus expires on September 10, it will try one more broad attack,
according to people who have examined its source code.
   http://www.secadministrator.com/articles/index.cfm?articleid=39943

Feature: SOAP/XML Firewalls
   Web services are already a reality for many organizations and are
just around the corner for most of the rest of us. Web services rely
heavily on Simple Object Access Protocol (SOAP) and XML technologies
to tie heterogeneous business systems together. However, SOAP and XML
expose a new attack surface in your organization that could
potentially let intruders penetrate to the core of your crucial
business systems. Packet-level firewalls can't help you secure Web
services traffic because they can't detect SOAP and XML traffic. For
example, because SOAP typically uses HTTP or SMTP, it easily passes
through traditional firewalls--a phenomenon known as the port 80
problem. So, just when you thought firewalls had matured and you could
move on to other security concerns, a new kind of firewall has
appeared: the SOAP/XML firewall. Randy Franklin Smith explores this
new segment of the firewall market and its key players.
   http://www.secadministrator.com/articles/index.cfm?articleid=39755

==== Hot Release ====

Thawte

   Get Thawte's New Step-by-Step SSL Guide for MSIIS
   In this guide you will find out how to test, purchase, install and
use a Thawte Digital Certificate on your MSIIS web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient
ongoing management of your encryption keys and digital certificates.
Get your copy of this new guide now:
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKt0AN

==== 5. Instant Poll ====

Results of Previous Poll: The RPC/DCOM Worms
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Now that remote procedure call (RPC)/Distributed COM (DCOM) worm
variants have appeared, have they affected your network or systems?"
Here are the results from the 295 votes.
   - 29% Yes
   - 14% No--We patched against it
   - 47% No--We patched and used other defenses
   - 10% No--We used other defenses, but not the patch

New Instant Poll: Rolling Out Service Packs
   The next Instant Poll question is, "What is your primary method of
rolling out service packs?" Go to the Security Administrator Channel
home page and submit your vote for a) Software Update Services (SUS)
by itself, b) Systems Management Server (SMS), or SMS with SUS, c)
Scripts and/or Group Policy, d) Windows automatic updates, or e)
Third-party tools.
   http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: How Do I Determine Which Programs Access Files?
   contributed by Randy Franklin Smith, rsmith () montereytechgroup com
 
   Your security setup provides enough information to determine which
program accesses a file, but the client/server nature of file sharing
reduces the value of the information. When someone accesses a file on
your server, Windows 2000 logs event ID 560 (success audit: object
open) to the Security log. Event ID 560 informs you that EXAMPLE\tom
opened C:\junk\junk.txt for Read access at 4:22:20 p.m. on June 10.
Event ID 560 also identifies the executable that Tom used to open the
file and the logon session in which the access occurred. You just need
to do a little translation. For complete details about interpreting
Security log information, including screen shots that help you
understand, read the rest of this FAQ on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=26107

==== 7. Event ====

New--Mobile & Wireless Road Show!
   Learn more about the wireless and mobility solutions that are
available today! Register now for this free event!
   http://www.winnetmag.com/roadshows/wireless

==== 8. New and Improved ====
   by Sue Cooper, products () winnetmag com

Lock Down Your Systems
   CE-Infosys released CompuSec 4.15, system security freeware.
CompuSec protects your desktops and notebooks from unauthorized access
with two-part authentication; encrypts your hard drive and the files
and folders on your local, network, and floppy drives; and provides
secure storage for your access keys. New features include single
sign-on (SSO), advanced handling of removable media and drives, and
the ability to boot from alternate drives. CompuSec 4.15 supports
Windows XP/2000 and will support Windows Me/98 in the near future.
Contact CE-Infosys on the company Web site.
   http://www.ce-infosys.com

Control Internet Access
   Codework announced Browse Control 1.4, Internet access control
software that helps you restrict inappropriate surfing and enforce
usage policies. The application can restrict access to sites that you
specify, completely block Internet access, or restrict access to
specific times of the day. Application blocking is a new feature that
lets you create a blacklist of applications that users aren't
permitted to launch. Browse Control 1.4 traps applications by using
the internal Windows name for each package, so users can't circumvent
this feature by renaming .exe files. You can locate local Codework
offices at http://www.codework.com/contact.html.
   http://www.codework.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

==== 9. Hot Threads ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Security Patch Installation for MSBlaster Worm
   (Three messages in this thread)

A user writes that he runs three Novell NetWare servers (NetWare 5.1
with Service Pack 6--SP6) with about 900 Windows NT 4.0 SP6 and
Windows 2000 SP2 clients. The MSBlaster worm has hit his network, and
he has since downloaded Microsoft security patches. However, because
of the size of his network, he wants to know an easy way to deploy the
patches--without having to physically visit each machine. Lend a hand
or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=62508

HowTo Mailing List
   http://63.88.172.96/listserv/page_listserv.asp?s=howto

Featured Thread: Network Security?
   (Seven messages in this thread)

A user writes that he's looking for a product that will control who
can access his network--and will alert him if someone plugs a laptop
or other device into the network. He wonders whether anyone can
recommend such a product. Lend a hand or read the responses:
   http://63.88.172.127/ListServ/page_listserv.asp?A2=IND0308D&L=HOWTO&F=&S=&P=860

==== Sponsored Links ====

Aelita Software
   Free message-level Exchange recovery web seminar October 9th
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCKG0Ac

CrossTec
   Free Download - NEW NetOp 7.6 - faster, more secure, remote support
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BBnb0Ad

MailFrontier
   Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
   http://list.winnetmag.com/cgi-bin3/DM/y/eccS0CJgSH0CBw0BCEC0AS

===================

==== 10. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup


Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: