********************
Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
http://www.secadministrator.com
********************
~~~~ THIS ISSUE SPONSORED BY ~~~~
Top 10 Windows and AD Security Threats
http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7
FREE Outbreak Prevention Service for SMTP Gateway
http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At
(below IN FOCUS)
~~~~~~~~~~~~~~~~~~~~
~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~
Security vulnerabilities never die, they just become more
embarrassing when exploited. Protect your organization from common
security risks. To find out how, download a free white paper "Top Ten
Security Threats for Windows 2000 and Active Directory." This white
paper not only describes vulnerability threats such as IIS RDS, IIS
Unicode, SQL Server with no system administrator (SA) password, and
weak or no passwords, but also tells you how to protect your
organization from these Windows 2000 and Active Directory security
exposures. Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7
********************
November 14, 2001--In this issue:
1. IN FOCUS
- RADIUS Insecurity; Hotfix Reporter; New Security Services and
Risks
2. SECURITY RISK
- Script Injection Vulnerability in Microsoft Internet Explorer
3. ANNOUNCEMENTS
- Windows Security 2002 Briefings and Training, February 5 Through
8, 2002
- Tell Us About Your Connected Home!
4. SECURITY ROUNDUP
- News: Microsoft Ships Post-SP6a Security Rollup for NT 4.0
- News: Microsoft Adds Security to .Net My Services
- News: Three Personal Firewalls Pass Stringent Security Testing
- Feature: Have You Given Your Exchange Server a Security Checkup
Lately?
5. HOT RELEASE
- VeriSign--The Value of Trust
6. SECURITY TOOLKIT
- Book Highlight: Cisco Secure Intrusion Detection Systems
- Virus Center
- FAQ: How Can I Prevent a User from Running or Stopping a
Scheduled Process?
7. NEW AND IMPROVED
- Protect Microsoft IIS
- Protect Your System
8. HOT THREADS
- Windows 2000 Magazine Online Forums
- Featured Thread: Hackers?
- HowTo Mailing List
- Featured Thread: Detecting Packet Sniffers
9. CONTACT US
See this section for a list of ways to contact us.
~~~~~~~~~~~~~~~~~~~~
1. ==== COMMENTARY ====
Hello everyone,
Do you run RADIUS for authentication in your network environment? If
so, you might be interested in a new paper, "An Analysis of the RADIUS
Authentication Protocol," which Joshua Hill posted on the BugTraq
mailing list on November 12. Hill dissects the protocol to reveal half
a dozen vulnerabilities that an attacker can use in various
combinations to compromise a network. The vulnerabilities originate
mostly from what Hill considers to be the misuse of MD5 (a hash
function) as a cipher primitive. Hill also makes several suggestions
for improving the protocol, and he points out that the Internet
Engineering Task Force (IETF) is working on a new authentication
protocol specification called DIAMETER. Stop by Hill's Web page to read
the paper (URL below), which also includes information about DIAMETER.
http://www.untruth.org/~josh/security/radius
If you use the Microsoft HFNetChk tool, which checks systems for
installed and missing hotfixes, you know that the output the tool
presents could be improved. Maximized Software provides a freeware
complement for HFNetChk called "Hotfix Reporter," which further
automates hotfix checking and reporting. The tool consists of command
(.cmd) files and an executable that converts the tabbed HFNetChk output
into a formatted .html file for viewing with a Web browser. In the HTML
report, Hotfix Reporter displays related Microsoft Security Bulletins
and TechNet articles as clickable links, compares scans against the
same system to determine whether new hotfixes are available, and lets
you hide hotfixes that you want to ignore.
In addition, the Hotfix Reporter Web site offers advice about how to
perform actions such as automating HFNetChk scans, emailing subsequent
reports to a given account, and automating the download of the
Microsoft-related mssecure.xml file, which HFNetChk uses to determine
the state of hotfixes on a given system. Hotfix Reporter seems to be a
great tool you might want to add to your toolkit. You can find it at
the URL below.
http://www.maximized.com/freeware/hotfixreporter/cmdfiles.htm
The Denver Post ran an interesting story on November 5 (URL below)
about a new security firm called Fuzion Security, which offers a new
vulnerability-assessment service called AsseZment. Customers already
include firms such as Qwest and OppenheimerFunds. According to the news
story, AsseZment produces a "report that shows what the company's
security risks are, how much it will cost to address the risks and how
much the company can expect to save by addressing the risks. The report
also prioritizes the most significant security risks."
http://www.denverpost.com/stories/0,1002,33%257E208826,00.html
Since 1992, Fuzion Security founders have written 14 books on security-
risk assessment, and they've spent the last 14 months developing their
new services. You can learn more at the Fuzion Security Web site (see
below).
http://www.fuzionsecurity.com
Did you hear about the college students who managed to break the
security of bank ATMs? The Cambridge students published details of the
findings last week, much to the dismay of banks and customers
everywhere. Apparently, most ATMs run standard software in conjunction
with an IBM 4758 cryptographic co-processor. The IBM device uses the
Common Cryptographic Architecture (CCA) technology, which relies on
Data Encryption Standard (DES) to protect sensitive information.
Attackers have shown repeatedly that DES is vulnerable to attack. Now,
using off-the-shelf software, the college students have proven that any
unscrupulous bank employee can steal funds from unsuspecting banks and
banking customers.
Although Ross Anderson (also of Cambridge University) first exposed the
vulnerability in February 2001, apparently no one took action to
correct the matter. But now that the Cambridge students have revealed
the exploit, banks might begin to better protect their assets and the
assets of their customers. Be sure to stop by and read the report (URL
below). Until next time, have a great week.
http://www.cl.cam.ac.uk/~rnc1/descrack
Sincerely,
Mark Joseph Edwards, News Editor, mark@ntsecurity.net
********************
~~~~ SPONSOR: TREND MICRO INTERSCAN MESSAGING SECURITY SUITE ~~~~
InterScan(R) Messaging Security for SMTP is a high performance
policy-based antivirus and content security for the SMTP gateway
designed to protect your messaging system from virus outbreaks. Its
Outbreak Prevention Policy is a fast defense against new email-borne
virus. Automatically deployed policies give administrators peace of
mind while offering an effective protection available against new
viruses. Get your free Outbreak Prevention service today! For program
details or to download your 30-day FREE InterScan evaluation copy:
http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At
~~~~~~~~~~~~~~~~~~~~
2. ===== SECURITY RISK ====
(contributed by Ken Pfeil, ken@win2000mag.com)
* SCRIPT INJECTION VULNERABILITY IN MICROSOFT INTERNET EXPLORER
A vulnerability exists in Microsoft Internet Explorer (IE) that can
result in information disclosure through locally stored cookies on the
vulnerable system. The vulnerability stems from a problem in IE that
lets a specially crafted URL read and modify this information.
Microsoft has released Security Bulletin MS01-055 to address this
vulnerability and recommends that affected users apply the patch that
Microsoft will provide at the URL when the patch becomes available. As
a workaround, users can disable active scripting in both the Internet
and intranet zones. This vulnerability doesn't affect users who have
applied the Outlook E-Mail Security Update or who have set Outlook
Express to use the Restricted Sites zone.
http://www.secadministrator.com/articles/index.cfm?articleid=23197
3. ==== ANNOUNCEMENTS ====
* WINDOWS SECURITY 2002 BRIEFINGS AND TRAINING, FEBRUARY 5 THROUGH 8,
2002
Registration and call for papers for the BlackHat's Windows Security
2002 conference is now open. This is the Windows XP/Windows 2000/.NET
security event of the year, with intensive training sessions! Join 500
experts and "underground" security specialists for briefings, training,
and Mardi Gras in New Orleans.
http://www.blackhat.com
* TELL US ABOUT YOUR CONNECTED HOME!
Does your computer technology savvy come in handy at home? We want
to know how you use home networking, computer technology, and home
automation technology for work and play. Take a few minutes to answer
our online survey today!
http://www.zoomerang.com/survey.zgi?85ab2cl65159mdggmah9del6
4. ==== SECURITY ROUNDUP ====
* NEWS: MICROSOFT SHIPS POST-SP6A SECURITY ROLLUP FOR NT 4.0
Microsoft shipped the promised replacement for Windows NT 4.0
Service Pack 7 (SP7--see first URL below). The cleverly named Windows
NT 4.0 Post-SP6a Security Rollup Package (SRP) is a handy 14.3MB
package that provides all available post-NT 4.0 SP6a security updates.
For more information about this free download, visit the second URL
below. (For information about some specific post-NT 4.0 SP6a fixes, go
to the third URL below and see Paula Sharick's, "Mailto Address List
Truncated; Post-SP6a Fixes," InstantDoc ID 9755, and "NT 4.0 Post-SP6a
Fixes; Preparing for SMS 2.0 SP2," InstantDoc ID 8969.)
http://www.secadministrator.com/articles/index.cfm?articleid=22769
http://www.microsoft.com/ntserver/sp6asrp.asp
http://www.win2000mag.com
* NEWS: MICROSOFT ADDS SECURITY TO .NET MY SERVICES
Microsoft has made a deal with Web-authentication infrastructure
provider VeriSign to include digital certificate-authentication
technology in Microsoft's upcoming .NET My Services (formerly code-
named Hailstorm). .NET My Services represents the first wave of .NET-
enabled services and utilizes Microsoft Passport, which stores user
information such as passwords and credit card information for
compatible Web sites. Microsoft has also contracted with antivirus
vendor McAfee to add security software to Microsoft .NET server
products.
http://www.secadministrator.com/articles/index.cfm?articleid=22767
* NEWS: THREE PERSONAL FIREWALLS PASS STRINGENT SECURITY TESTING
TruSecure announced that its Internet Computer Security Association
(ICSA) Labs division has awarded certification to three products under
its new PC firewall certification program. The newly certified products
include ZoneAlarm Pro for Windows, Tiny Personal Firewall for Windows
2000, and Norton Personal Firewall for Win2K, Windows 2000
Professional, Windows Me, and Windows NT Workstation.
http://www.secadministrator.com/articles/index.cfm?articleid=23173
* FEATURE: HAVE YOU GIVEN YOUR EXCHANGE SERVER A SECURITY CHECKUP
LATELY?
Recent discussions in the media and other forums show a heightened
concern about Microsoft Windows 2000 and Exchange 2000 Server security.
Typical Exchange security discussions focus on protecting Exchange
servers from outside threats, but Jerry Cochran offers a twist and
looks at protecting Exchange servers from internal threats--in other
words, protecting ourselves from ourselves.
http://www.secadministrator.com/articles/index.cfm?articleid=23052
5. ==== HOT RELEASE (ADVERTISEMENT) ====
* VERISIGN - THE VALUE OF TRUST
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web site for Business," and learn
about using SSL to encrypt e-commerce transactions. Get it now!
http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0Lo50AW
6. ==== SECURITY TOOLKIT ====
* BOOK HIGHLIGHT: CISCO SECURE INTRUSION DETECTION SYSTEMS
By Earl Carter
Fatbrain Online Price: $50.00
Hardcover; 912 pages
Published by Cisco Press, October 2001
ISBN 158705034X
For more information or to purchase this book, go to
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=158705034X
and enter WIN2000MAG as the discount code when you order.
* VIRUS CENTER
Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
http://www.secadministrator.com/panda
* FAQ: HOW CAN I PREVENT A USER FROM RUNNING OR STOPPING A SCHEDULED
PROCESS?
( contributed by John Savill, http://www.windows2000faq.com )
A. You can block user access to scheduled tasks in several ways. To
block access at a Group Policy level, perform the following steps:
1. Start Group Policy Editor (GPE) for the container you want to
modify.
2. Expand either User Configuration or Computer Configuration.
3. Expand Administrative Templates, Windows Components, Task
Scheduler.
4. Double-click "Prevent Task Run or End."
5. Select Enabled and click OK.
You can also edit the registry to block access on a per-computer or
per-user basis:
1. Start regedit.exe on the machine where you want to block access.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task
Scheduler5.0 or
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
(you might need to create the key).
3. From the Edit menu, select New, DWORD Value, enter a name of
Execution, and press Enter.
4. Double-click the new value, and set it to 1. Click OK.
5. Close regedit.
7. ==== NEW AND IMPROVED ====
(contributed by Scott Firestone, IV, products@win2000mag.com)
* PROTECT MICROSOFT IIS
Flicks Software released Titan, software that protects Microsoft IIS
Web servers by analyzing and verifying incoming Web server data for any
possible security breaches. The software lets network administrators
set parameters and monitor all HTTP traffic over their networks for
illicit behavior. You can prevent buffer overflows, scan for certain
keywords common to intruders, and receive email notification of failed
malicious intruder attempts. Titan costs $395 for a single-user
license. Contact Flicks Software at 310-526-0325.
http://www.flicks.com
* PROTECT YOUR SYSTEM
LuoSoft released Iparmor 5.17, security software that protects your
system from Trojan horse, worm, and virus attacks. When you run the
program, Iparmor 5.17 scans memory to ensure that no unauthorized
programs are active. You can view each of your active network ports to
see whether an attacker is using it to run a Trojan horse, or whether a
Trojan horse is using the port to transmit your data to attackers.
Iparmor 5.17 runs on Windows XP, Windows 2000, Windows NT, Windows Me,
and Windows 9x and costs $29.95. Contact LuoSoft at
iparmorsales@luosoft.com.
http://www.luosoft.com
8. ==== HOT THREADS ====
* WINDOWS 2000 MAGAZINE ONLINE FORUMS
http://www.win2000mag.net/forums
Featured Thread: Hackers?
(Six messages in this thread)
Bobby is using Windows NT 4.0 at school, and other students are somehow
accessing his files. He suspects they have his user password, and he
wonders how they're able to gain such access. Can you help? Read more
about the questions and responses or lend a hand at the following URL:
http://www.secadministrator.com/forums/thread.cfm?thread_id=82656
* HOWTO MAILING LIST
http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
Featured Thread: Detecting Packet Sniffers
(Three messages in this thread)
Andrew ran a packet sniffer on his network to determine what information
he could gather. Within 5 minutes he had captured packets that included
usernames, passwords, and other sensitive information. He's wondering
how he can go about detecting other people running packet sniffers on
his network to prevent them from gathering similar information. Can you
help? Read the responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0111A&L=howto&p=190
9. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT THE COMMENTARY -- mark@ntsecurity.net
* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey@win2000mag.com (please
mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
* PRODUCT NEWS -- products@win2000mag.com
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support -- securityupdate@win2000mag.com
* WANT TO SPONSOR SECURITY UPDATE? -- emedia_opps@win2000mag.com
********************
Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
http://www.win2000mag.net/email
|-+-+-+-+-+-+-+-+-+-|
Thank you for reading Security UPDATE.
SUBSCRIBE
To subscribe, send a blank email to mailto:Security_UPDATE_Sub@lists.win2000mag.net.
_______________________________________________________________________
Copyright 2001, Penton Media, Inc.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Thu Nov 15 04:09 CST 2001