Windows & .NET Magazine Security UPDATE--Patch and Configuration Change Control--January 7, 2004

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Microsoft Security Solutions
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae

Exchange & Outlook Administrator
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7

====================

1. In Focus: Patch and Configuration Change Control

2. Announcements
     - Register for Windows & .NET Magazine Connections!
     - The Windows & .NET Magazine Network VIP Web Site/Super CD Has
       It All!

3. Security News and Features
     - Recent Security Vulnerabilities
     - Feature: Change and Configuration Management for AD
     - Feature: Change and Configuration Management Tools
     - Feature: Microsoft's New Security Update Procedure; Improved
       Office Update Inventory Tool

4. Security Toolkit
     - Virus Center
         - Virus Alert: Bookmark.B
     - FAQ: What does the infrastructure Flexible Single-Master
       Operation (FSMO) role do?
     - Featured Thread: Blocking Specific IP Addresses in ISA Server

5. Event
     - New--Microsoft Security Strategies Roadshow!

6. New and Improved
     - Stop Known and Unknown Attacks
     - VPN Firewall Routers
     - Tell Us About a Hot Product and Get a T-Shirt

7. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Microsoft Security Solutions ====
   Invest in the best network protection: Readiness.
   Introducing the Microsoft(R) Security Readiness Kit: This is your
source for creating an enhanced risk-management plan. Visit
http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDoI0Ae
to order your free kit

====================

==== 1. In Focus: Patch and Configuration Change Control ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

Unless you were away from your email last week, you're probably aware
that we posted a new Instant Poll question on the Windows & .NET
Magazine Security Web page that asks which of the following issues you
think will have the greatest effect on security in 2004: viruses and
worms, junk email, patch management, or managed security services. The
poll is still open for votes, but at the time of this writing, it
looks like the majority of you think that patch management will be the
biggest issue in the security realm this year (with viruses and worms
running a close second).
 
Patch management has been in the forefront of security concerns for
quite some time and probably will remain so for quite a long time in
the future. Managing security isn't always a process of simply loading
patches. As you know, Microsoft's and other vendors' security
bulletins sometimes include not only patches but also configuration
settings that might help better protect your systems. So patch
management goes hand in hand with systems change control.

To help you with these processes, three recent feature articles
related to keeping your systems up-to-date with the latest patches and
configuration settings are available on the Windows & .NET Magazine
Web site. Jeremy Moskowitz has written two informative articles that
cover Change and Configuration Management (CCM) and that have
associated Buyer's Guides that help you find third-party CCM
solutions. Paula Sharick has written a great article covering two
topics: Microsoft's new security update procedure and the improved
Office Update Inventory Tool You'll find links to these articles in
the "Security News and Features" section below.

You're aware by now that Microsoft's new policy regarding security
bulletins is to release them only once a month, usually on the second
Tuesday of the month. You might be wondering whether Microsoft will be
releasing any new security bulletins this month. The answer is
definitely yes.

On January 13, the company is slated to release its first security
bulletins of 2004. Although Microsoft hasn't said precisely what the
bulletins pertain to, the company has already scheduled a Webcast to
discuss them. On January 14 at 10:00 A.M. Pacific time, the company
will give a 1-hour presentation about the technical details involved
in the bulletins and outline steps users can take to protect their
systems and networks. Mark Miller, Security Incident Response manager
for Microsoft Product Support Services (PSS), and Jeff Jones, senior
director of Trustworthy Computing, will make the presentation. If
you're interested in viewing the Webcast, be sure to visit Microsoft's
Web site to register for the event.
http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032241586&culture=en-us

====================

==== Sponsor: Exchange & Outlook Administrator ====
   Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information that will go a long way towards
preventing serious messaging problems and down time. Request a sample
issue today, and discover tools you won't find anywhere else to help
you migrate, optimize, administer, and secure Exchange and Outlook.
Order now!
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEf10A7

====================

==== 2. Announcements ====
   (from Windows & .NET Magazine and its partners)

Register for Windows & .NET Magazine Connections!
   Windows & .NET Magazine Connections will be held April 4-7, 2004,
in Las Vegas, Nevada. Complete details about workshops, breakout
sessions, and speakers are now online. Save $200 if you hurry and
register before the early bird discount expires. Register now on the
Web or by calling 203-268-3204 or 800-505-1201.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0KXQ0AQ

The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
   With a VIP Web site/Super CD subscription, you'll get online access
to all of our publications, a print subscription to Windows & .NET
Magazine, and a subscription to our VIP Web site, a banner-free
resource loaded with articles you can't find anywhere else. Click here
to find out how you can get it all at 25% off!
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEMw0Ar

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BEGa0AP
for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

Feature: Change and Configuration Management for AD
   Out of the box, Windows Server 2003 and Windows 2000 Server let you
perform basic auditing of Active Directory (AD) machines. For example,
you can determine who logged on to AD and who manipulated a file on a
server. You can even determine when someone created a new Group Policy
Object (GPO) or granted AD privileges to a new user. AD's
out-of-the-box auditing capabilities come up short, however. The
ability to determine when AD changes occur and--more importantly--who
made them can help you quickly and easily restore the system should
you need to. That's where Change and Configuration Management (CCM)
products come in. Read more about them in Jeremy Moskowitz's article
and the associated Buyer's Guide on our Web site.
   http://www.winnetmag.com/article/articleid/41099/41099.html

Feature: Change and Configuration Management Tools
   If you administer a large environment, you need to be able to
control your systems centrally without having to visit each desktop.
You need a way to report on the current state of affairs and know what
happens when someone changes a configuration. Change and Configuration
Management (CCM) software gives you those capabilities and helps you
get a grip on your sprawling system. If you want to find a third-party
CCM solution, start your search with our Buyer's Guide.
   http://www.winnetmag.com/article/articleid/41097/41097.html

Feature: Microsoft's New Security Update Procedure; Improved Office
Update Inventory Tool
   According to the Microsoft Security Bulletin Search site, in 2003,
Microsoft published 51 security updates across all product lines, or
an average of 4 per month. Of the 51 updates, 25 were for the Windows
2000 Server platform and 15 were for Windows Server 2003 during the 6
months after the product hit the street. During 2003, Microsoft also
released 6 cumulative updates for the supported versions of Microsoft
Internet Explorer (IE). In case you missed it, Microsoft released the
latest security rollup for IE on November 11, 2003.
   Also in November, Microsoft released an improved version of the
Office Update Inventory Tool that audits the hotfix status of
Microsoft Office 2003, Office XP, and Office 2000. Office Update
Inventory Tool 2.0, which incorporates many of the Microsoft Baseline
Security Analyzer (MBSA) self-updating features, automatically
downloads new inventory tool components when the existing files are
out-of-date, downloads the most current catalog of published hotfixes
for each version of Office, and produces an XML report that contains a
description of and links to missing hotfixes or hotfixes that have
been superceded by more recent updates. Read more about Microsoft's
software update tools and procedures in Paula Sharick's article on our
Web site.
   http://www.winnetmag.com/article/articleid/41296/41296.html

==== 4. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

Virus Alert: Bookmark.B
   Bookmark.B is a Trojan horse program that changes the home page of
Microsoft Internet Explorer (IE), deletes links in the Favorites
folder, and adds links to pornographic Web sites. It also overwrites
the HOSTS file to redirect the default search page to a specific IP
address. For more information about the Trojan horse, be sure to visit
Panda Software's Web site.
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=43110

FAQ: What does the infrastructure Flexible Single-Master Operation
(FSMO) role do?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. The infrastructure FSMO role is one of the three "per domain"
Operations Masters. The infrastructure FSMO keeps its domain's
references to other domains' objects up-to-date by comparing its data
with information in the Global Catalog (GC). As a result, the
infrastructure FSMO doesn't usually work if it's a GC because the
FSMO's information is always the same as the GC's information. If the
infrastructure FSMO's data becomes out-of-date, the FSMO will request
updated information from the GC, then replicate the update to all
domain controllers (DCs) in its domain. Where possible in the same
site, the infrastructure FSMO needs to have a good connection to the
GC. The infrastructure FSMO can reside on a GC server only when every
DC in a domain is a GC (because every DC would have up-to-date
information) or when only one domain exists in the forest.

The primary purpose of the infrastructure FSMO is to update group
memberships for users who reside in domains other than the group's
domain. If you rename a user or move a user who belongs to a different
domain, the group might exhibit some strange behavior. For example,
the group might temporarily appear to not contain the user or the user
icon might appear with gray hair because the group contains the user's
SID and globally unique identifier (GUID), not just the distinguished
name (DN). This collection of attributes is known as a "phantom
record" in the group's domain. When you view the group's members, the
Microsoft Management Console (MMC) Active Directory Users and
Computers snap-in verifies the DN with the user's domain. Because the
DN has changed as the result of a rename or move operation, the
snap-in doesn't find a match and gives the user's icon gray hair.

After the infrastructure FSMO runs and detects the user rename or move
(i.e., checks all phantom entries), it updates the group with the
correct name and location by querying the GC for the new DN of the
stored GUID. Then, the user will again appear as a regular member of
the group.

Featured Thread: Blocking Specific IP Addresses in ISA Server
   (Two messages in this thread)
   A user writes that he has a Microsoft Internet Security and
Acceleration (ISA) Server 2000 system as his default network gateway.
He wants to know whether he can block specific destination IP
addresses by using access lists on the ISA Server 2000 system. He
knows how to block TCP ports, but he's not sure how to block
destination IP addresses. Lend a hand or read the responses at the
following URL:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66204

==== 5. Event ====

New--Microsoft Security Strategies Roadshow!
   We've teamed with Microsoft, Avanade, and Network Associates to
bring you a full day of training to help you get your organization
secure and keep it secure. You'll learn how to implement a
patch-management strategy; lock down servers, workstations, and
network infrastructure; and implement security policy management.
Register now for this free, 20-city tour.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BELe0AY

==== 6. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Stop Known and Unknown Attacks
   DeepNines Technologies announced the Sleuth9 Security System,
software that stops known viruses and worms and mitigates the effects
of zero-day attacks. Sleuth9 sits invisible, in front of the router,
to protect corporate networks from known and unknown attacks. For
pricing information, contact DeepNines Technologies at 214-273-6996 or
on the Web.
   http://www.deepnines.com

VPN Firewall Routers
   TRENDware announced the expansion of its router family with the
addition of two VPN firewall products: the TW100-BRV204 and the
TW100-BRV304. These routers let remote PCs and small LANs share a
broadband Internet connection with advanced security to protect
against intruders. TRENDware's new routers offer Stateful Packet
Inspection (SPI) and let you set firewall rules to block or permit
specific traffic. The entry-level TW100-BRV204 supports as many as
five simultaneous VPN tunnels and costs $79.99. The TW100-BRV304
supports as many as 70 simultaneous VPN tunnels and costs $149.99. For
more information about these routers, contact TRENDware on the Web.
   http://www.trendnet.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Link ====

Microsoft(R) Security Readiness Kit
   Get your free kit for creating an enhanced risk-management plan.
   http://list.winnetmag.com/cgi-bin3/DM/y/eeAN0CJgSH0CBw0BDkc0A1

===================

==== 7. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

To make other changes to your email account such as change your email
address, update your profile, and subscribe or unsubscribe to any of
our email newsletters, simply log on to our Email Preference Center.
   http://www.winnetmag.com/email

Copyright 2004, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.