Windows & .NET Magazine Security UPDATE--December 31, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Windows & .NET Magazine VIP Web Site/Super CD
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BEMw0Am

====================

1. In Focus: What's in Store for 2004?

2. Announcements
     - Take Our Print Publications Survey!
     - 2004 Dates Announced: Connections Conferences

3. Security News and Features
     - Recent Security Vulnerabilities
     - News: Open-Source Patch for IE?
     - News: XP SP2 Beta: Deploying ICF
     - Feature: OWA Attachment Security

4. Instant Poll
     - Results of Previous Poll: Your Web Browser
     - New Instant Poll: System Security in 2004

5. Security Toolkit
     - Virus Center
     - FAQ: What's the Best Way of Assigning Permissions to Users and
       Groups in Windows 2000 and Later?
     - Featured Thread: GPO Startup Script

6. Event
     - New--Microsoft Security Strategies Roadshow!

7. New and Improved
     - Secure Wi-Fi, Bluetooth, USB, and FireWire Devices
     - Tell Us About a Hot Product and Get a T-Shirt!

8. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Windows & .NET Magazine VIP Web Site/Super CD ====

   The Windows & .NET Magazine Network VIP Web Site/Super CD Has It
 All!
   If you want to be sure you're getting everything the Windows & .NET
Magazine Network has to offer, then you need a subscription to the VIP
Web site/Super CD. You'll get online access to all of our
publications, a print subscription to Windows & .NET Magazine, and a
subscription to our VIP Web site, a banner-free resource loaded with
articles you can't find anywhere else. Click here to find out how you
can get it all at 25% off!
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BEMw0Am

====================

==== 1. In Focus: What's in Store for 2004? ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

> From a security standpoint, 2003 ended with a few events that I found
notable. Several key companies consolidated: Check Point Software
Technologies bought Zone Labs, Shavlik Technologies bought Gibraltar
Software, VeriSign bought Guardent, and EMC bought VMware. Each
acquisition will have a significant impact on the security market.
   http://www.checkpoint.com/press/2003/zonelabs121503.html
   http://www.shavlik.com/press_releases/nr%20gibraltar%20release%20final%2012-16-03.pdf
   http://verisign.com/corporate/news/2003/pr_20031217.html?sl=070807
   http://www.emc.com/news/press_releases/viewUS.jsp?id=1970

Also of note are a couple of Microsoft events: On December 17, the
company posted the beta version of its upcoming Service Pack 2 (SP2)
for Windows XP on its Betaplace Web site (you must be a beta team
member to access the Web site). The service pack promises to
significantly improve the security of the XP OS. Microsoft also
released a related document to help users deploy XP's Internet
Connection Firewall (ICF) in enterprise network environments. You can
read more about the latter in the related news story, "XP SP2 Beta:
Deploying ICF," in this edition of the newsletter.
   http://www.betaplace.com

So what's in store for 2004? Although that's anybody's guess, I can
make a few reasonable predictions based on industry hot spots and sore
spots. I'll bet we see some significant events centered on patch
management, junk email, viruses and worms, and managed security
services.

I could be wrong, but it seems to me that the volume of complaints
about patch management is second only to the volume of complaints
about the security of a given product. Patches are "good things";
however, applying patches in a given network environment isn't
necessarily simple. Better tools are required. In 2004, I think we'll
see both Microsoft and third-party patch solution vendors involved in
some major development work in this area. I wouldn't be surprised to
see Microsoft acquire a patch solution company in the next year or
two.

New antispam laws are on the US law books now, and we know about two
people who were recently charged with felonies for specific email
abuses. We'll probably see more spammers criminally prosecuted in
2004, but the question remains whether such prosecutions will bring
any real reduction of junk email. One effect of the new laws we
probably will see is more spammers moving their operations offshore.

One of the biggest security problems we'll probably all face in 2004
is malicious users propagating major viruses and worms perhaps even
more severe than MSBlaster, Slammer, and SoBig. Such events will wreak
havoc on users everywhere. However, one or two more major incidents
will also put greater pressure on ISPs, both large and small, to step
forward and help stem the flow in some long-term fashion. How could
ISPs help? I don't know of any ISPs that require customers to maintain
both firewalls and antivirus software. Perhaps ISPs will begin to make
firewalls and antivirus software mandatory for all customers who
expect to use connection services.

All of which leads me to another significant area for security in 2004
and beyond: managed security services. We'll surely see increased
activity in managed security services as companies try to offset their
expenses while reducing their level of risk and liability. As more
companies move toward outsourcing their security needs through such
services, security administrators will probably have to make changes
to remain competitive in the workforce--whether they stay inside or
move outside their current organizations. For example, they might take
on additional responsibilities, such as more generalized network
administration; move into business management positions or consulting;
or seek employment at managed security services companies.

If you have additional ideas about elements of the security arena that
seem ripe for major movement or change in 2004, I'd like to hear about
them. Send me an email with your thoughts. In the meantime, I wish you
all a happy and secure new year.

====================

==== 2. Announcements ====
   (from Windows & .NET Magazine and its partners)

Take Our Print Publications Survey!
   To help us improve the hardware and software product coverage in
the Windows & .NET Magazine print publications, we need your opinion
about which products matter most to you and your organization. The
survey takes only a few minutes to finish, so share your thoughts with
us at
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BEE10AU

2004 Dates Announced: Connections Conferences
   Save these dates: Windows & .NET Magazine Connections will be held
April 4-7, 2004, in Las Vegas, Nevada. Microsoft ASP.NET Connections,
Visual Studio Connections, and SQL Server Magazine Connections will
run concurrently on April 18-21, 2004, in Orlando, Florida. Early
registrants will receive the best discounts, so go online or call
203-268-3204 or 800-505-1201 to register.
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0qSH0Aj

====================

==== Sponsor: Virus Update from Panda Software ====

   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BEGa0AK 
for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Open-Source Patch for IE?
   As we reported in a previous news story ("Flaw in Internet Explorer
Makes Spoofing Easier"), researchers discovered a flaw in Microsoft
Internet Explorer (IE) 6.0, IE 5.5, and IE 5.01 that could trick users
into visiting a Web site they didn't intend to visit. The Microsoft
article "Steps that you can take to help identify and to help protect
yourself from deceptive (spoofed) Web sites and malicious hyperlinks"
( http://support.microsoft.com/?kbid=833786 ) outlines various steps
that users can take to mitigate such risks. However, Opensoft, an
open-source software (OSS) group, has produced a third-party patch for
the flaw. Openwares.org published the patch on its Web site.
   http://secadministrator.com/articles/index.cfm?articleid=41266

News: XP SP2 Beta: Deploying ICF
   Microsoft has posted the Windows XP Service Pack 2 (SP2) beta to
its Betaplace Web site. The new service pack promises to enhance the
security of the OS in several key ways, one of which is with
enhancements to the Internet Connection Firewall (ICF). To supplement
the beta, Microsoft also published a new white paper, "Deploying
Internet Connection Firewall Settings for Microsoft Windows XP with
Service Pack 2," which helps explain how to deploy ICF in a network
environment.
   http://secadministrator.com/articles/index.cfm?articleid=41220

Feature: OWA Attachment Security
   Outlook Web Access (OWA) is a terrific tool for giving users remote
access to their mailboxes. However, when users open attachments from
computers that you don't control, they run the risk of accidentally
disclosing sensitive information. You should teach OWA users not to
open OWA attachments on public machines. However, just in case users
open attachments despite your warnings, OWA 2003 includes several
security features to help mitigate the risk. Learn about them in Paul
Robichaux's article on our Web site.
   http://secadministrator.com/articles/index.cfm?articleid=41265

====================

==== 4. Instant Poll ====

Results of Previous Poll: Your Web Browser
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Which
browser does your company use as its primary Web interface?" Here are
the results from the XXX votes.
   - 76% Microsoft Internet Explorer (IE)
   - 13% Mozilla
   - 10% Opera
   -  2% Other
(Deviations from 100 percent are due to rounding.)

New Instant Poll: System Security in 2004
   The next Instant Poll question is, "Which of the following factors
do you think will have the greatest impact on system security in
2004?" Go to the Security Web page and submit your vote for a) Viruses
and worms, b) Junk email, c) Patch management, or d) Managed security
services.
   http://www.winnetmag.com/windowssecurity

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

FAQ: What's the Best Way of Assigning Permissions to Users and Groups
in Windows 2000 and Later?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. In general, the best way to assign permissions is by performing the
following steps:
   1. Assign user accounts to global groups within the user's domain.
   2. Place global groups from any domain into universal groups.
   3. Place universal groups into domain local groups on the domain
controllers (DCs), and place local groups on member servers and
 workstations.
   4. Assign permissions to the domain local groups or local groups as
necessary to access the network resources.

One advantage of establishing this hierarchy is that universal group
memberships are unlikely to change because they contain only global
groups. A good way to remember this hierarchy is to use the following
mnemonic device:

   All Good Users Do Love Permissions

Accounts are placed in global groups, global groups are placed in
universal groups, universal groups are placed in domain local groups,
and domain local groups are assigned permissions.

Featured Thread: GPO Startup Script

A user writes that he uses the following command in a startup script:

   "NET LOCALGROUP ADMINISTRATORS AM_AGCYARLFCNDA_G () STATES ORG /ADD >>
D:\PROD\util\agcycnda.log 2>>&1"

The global group is in the root domain. The Group Policy Object (GPO)
that runs this script is in a child domain. The command is duplicated
in multiple organizational units (OUs), with the only difference that
the group name changes to correspond to the tech support group for
that OU. When this command is processed on some servers, it works
fine. However, for some OUs, the command doesn't work at all--even
though security is the same and the command runs under the localsystem
user security context. The user sees the problem in one particular
domain and can't reproduce it in other environments. He wants to know
whether anyone else has had a similar problem. Lend a hand or read the
responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=66105

==== 6. Event ====

New--Microsoft Security Strategies Roadshow!
   We've teamed with Microsoft, Avanade, and Network Associates to
bring you a full day of training to help you get your organization
secure and keep it secure. You'll learn how to implement a
patch-management strategy; lock down servers, workstations, and
network infrastructure; and implement security policy management.
Register now for this free, 20-city tour.
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BELe0AT

==== 7. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Secure Wi-Fi, Bluetooth, USB, and FireWire Devices
   SmartLine released DeviceLock 5.51, a security solution that lets
you restrict access to 802.11b (aka Wi-Fi), Bluetooth, USB, and
FireWire (IEEE 1394) devices on Windows Server 2003/2000/XP. With
DeviceLock, you can control which users can access certain devices on
a local computer. You don't need to physically remove or block
hardware. You need only install the software and assign appropriate
privileges to each user or user group. You can control user access to
floppy drives and other removable media; CD-ROM drives and tape
devices; WiFi and Bluetooth adapters; and USB, FireWire, infrared
(IR), serial, and parallel ports. DeviceLock costs $35 for a
single-user license. You can download a free, fully functional
demonstration version from the company Web site. For more information
about DeviceLock 5.51, contact SmartLine at 866-668-5625 or on the
Web.
   http://www.devicelock.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Links ====

NetSupport
   Free Trial - Fast and Easy Network Management. - NetSupport DNA
   http://list.winnetmag.com/cgi-bin3/DM/y/ed7T0CJgSH0CBw0BEOp0Ah

===================

==== 8. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Security Administrator, the
print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup

Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.