********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET, 2000, and NT systems.
http://www.secadministrator.com
********************
~~~~ THIS ISSUE SPONSORED BY ~~~~
Free WebTrends Firewall Suite Trial from NetIQ
http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3
Lieberman & Associates--Shore Up Your Back Doors
http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4
(below IN FOCUS)
~~~~~~~~~~~~~~~~~~~~
~~~~ SPONSOR: FREE WEBTRENDS FIREWALL SUITE TRIAL FROM NETIQ ~~~~
Do you need to capture every move, incoming and outgoing, across
your company's firewall? Then leave nothing to chance--download a FREE
trial of WebTrends' award-winning Firewall Suite from NetIQ. Firewall
Suite provides immediate alerts, identifies and reports on critical
security events and generates more than 200 reports for IT managers and
security professionals. It also provides support for more than 35
leading firewall and proxy servers, including Check Point and Cisco.
Download your free trial today at:
http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3
********************
December 19, 2001--In this issue:
1. IN FOCUS
- Office XP SP1: No More HTML Messages
2. SECURITY RISK
- DoS in Win2K Internet Key Exchange
3. ANNOUNCEMENTS
- Check Out the New WebSphere Professional Site!
- What Does a Connected Home Look Like?
4. SECURITY ROUNDUP
- News: A Quick Look at the First Office XP Service Pack
- News: BlackICE Now Offers VPN Protection
- News: Specially Formed Script in HTML Mail Can Execute in
Exchange 5.5 OWA
- Feature: Securing Exchange 2000 Servers
5. HOT RELEASE (ADVERTISEMENT)
- Sponsored by VeriSign--The Value of Trust
6. SECURITY TOOLKIT
- Virus Center
- FAQ: How Can I Enable Users to Set the Administrator Password
During a Remote Installation Services Installation?
7. NEW AND IMPROVED
- Security Partnership
- Protect Your Password
8. HOT THREADS
- Windows 2000 Magazine Online Forums
- Featured Thread: To Whom Do I Report an Ongoing Attack?
- HowTo Mailing List:
- Featured Thread: How Can I Monitor Third-Party Email?
9. CONTACT US
See this section for a list of ways to contact us.
~~~~~~~~~~~~~~~~~~~~
1. ==== IN FOCUS ====
[Editor's note: Windows 2000 Magazine has a new name: Windows & .NET
Magazine. But, our mission hasn't changed: We're still providing
technical, how-to content to help you do your job now--and help you
make smart decisions about new technology for the future. We think the
new name better conveys the scope of our coverage--we hope you think so
too.]
* OFFICE XP SP1: NO MORE HTML MESSAGES
Hello everyone,
Are you using Microsoft Office XP 2002? If so, you'll want to read Paul
Thurrott's article about Office XP Service Pack 1 (SP1). Thurrott spoke with
Office XP Product Manager Nicole von Kaenel about some of the changes
and improvements SP1 offers, including use of the suite's error-
feedback tool. You can find the story at the URL below.
http://www.secadministrator.com/articles/index.cfm?articleid=23525
SP1 also includes all of the previous Office suite security fixes, and
future suite updates will depend on this service pack already being
installed, so be sure to consider loading it (first URL below). You can
read Paul's original story about the service pack on our WinInfo Web
site (second URL below).
http://support.microsoft.com/default.aspx?scid=kb;en-us;q307841
http://www.wininformant.com/articles/index.cfm?articleid=23492
One slick feature of SP1 is its ability to read nonsecure email as
plain text. As you'll learn in Microsoft article Q307594, by adjusting
an Outlook-related registry key, all nondigitally-signed email and
nonencrypted email will appear in plain text whether the message is
opened separately or displayed in the preview pane. Individual users
can use the feature, and administrators can set policies for Outlook
2002 that apply across the enterprise.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307594
On December 4, I wrote a news story about Russ Cooper's NoHTML tool
(first URL below) for Outlook 2002 and Outlook 2000 clients. The new
functionality in SP1 goes beyond the capability Cooper introduced;
however, SP1 contains no such feature for Outlook 2000 clients, so
Cooper's tool is a great way to introduce more security into those
products. You can find the tool by going to the second URL below.
http://www.secadministrator.com/articles/index.cfm?articleid=23391
http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38
This week, I learned about a new Java-based packet sniffer and analyzer
called Mognet, which is free and comes complete with source code. It
runs on handheld devices or on desktops and is available under the GNU
General Public License (GPL).
http://chocobospore.org/mognet
Until the next issue, on January 2, have a great holiday.
Mark Joseph Edwards, News Editor, mark_at_ntsecurity.net
********************
~~~~ SPONSOR: LIEBERMAN & ASSOCIATES--SHORE UP YOUR BACK DOORS ~~~~
THE NEW YEAR IS KNOCKING! Use your year-end budget dollars for
management tools you have always wanted. With Service Account Manager
you can report and change service settings on all your servers in
seconds. With User Manager Pro you can make the same changes to all
your workstations in a few mouse clicks. Get the award winning tools
you've been waiting for all year. Year-end discounts through December
31. Microsoft Gold Certified FREE TRIAL at
http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4
2. ==== SECURITY RISK ====
* DOS IN WIN2K INTERNET KEY EXCHANGE
A Denial of Service (DoS) condition exists in Microsoft Windows 2000
Internet Key (IKE) Exchange Service. If an attacker connects to a Win2K
system on port 500 and floods the service with UDP packets of 800 bytes
or greater, the system stops responding. Microsoft has not released a
fix or workaround for this problem. As a temporary workaround, affected
users who aren't using IP Security (IPSec) in their Win2K firewall can
turn off port 500.
http://www.secadministrator.com/articles/index.cfm?articleid=23515
3. ==== ANNOUNCEMENTS ====
* CHECK OUT THE NEW WEBSPHERE PROFESSIONAL SITE!
Look to this great new site for invaluable resources, such as our V4
Portal, which brings you fast, in-depth information about V4, the
WebSphere Road Map that will help you get started, DocFinder for help
finding IBM WebSphere reference materials, and forums for your
questions and comments. While you're there, sign up for FREE email
newsletters with news you can use!
http://www.webspherepro.com
* WHAT DOES A CONNECTED HOME LOOK LIKE?
You've never seen anything like the Connected Home Magazine Virtual
Tour. Experience (room by room) the latest home entertainment, home
networking, and home automation options that are going to change how
you work and play. While you're there, enter to win a free copy of
Windows XP!
http://www.connectedhomemag.com/virtualtour
4. ==== SECURITY ROUNDUP ====
* NEWS: A QUICK LOOK AT THE FIRST OFFICE XP SERVICE PACK
Microsoft expects last week's Office XP Service Pack 1 (SP1) release
to usher in a new era of corporate adoptions of the product because
many organizations wait for the first consolidated update package
before upgrading. In this case, that expectation is probably warranted:
In addition to focusing on the three general areas of security,
stability, and performance, Office XP SP1 includes a number of Windows
XP-specific performance improvements that let the two systems work more
efficiently together. Paul Thurrott spoke with Office XP product
manager Nicole von Kaenel about the release (see URL below).
http://www.secadministrator.com/articles/index.cfm?articleid=23525
* NEWS: BLACKICE NOW OFFERS VPN PROTECTION
Internet Security Systems (ISS) announced BlackICE Agent for
Workstations 3.1, a combination firewall and Intrusion Detection System
(IDS) that analyzes network activity on servers, workstations, and
network segments that VPN connections use. The product can protect
mobile users, remote users, and systems inside a network perimeter.
Learn more about the new version at the following URL.
http://www.secadministrator.com/articles/index.cfm?articleid=23466
* NEWS: SPECIALLY FORMED SCRIPT IN HTML MAIL CAN EXECUTE IN EXCHANGE
5.5 OWA
Microsoft released a patch for Exchange Server 5.5 to fix an Outlook
Web Access (OWA) problem in which special script in an HTML-format
message could execute and perform operations on the user's Exchange
mailbox when the user opens the message. This patch is suitable only
for OWA servers running Internet Explorer (IE) 5.0 or later. Because no
full set of security patches exists for IE 5.0, Microsoft recommends
that companies with earlier versions of IE upgrade their OWA servers to
either IE 5.5 Service Pack 2 (SP2) or IE 6.0.
http://www.microsoft.com/technet/security/bulletin/ms01-057.asp
* FEATURE: SECURING EXCHANGE 2000 SERVERS
In this feature article for Exchange and Outlook UPDATE, Tony
Redmond discusses techniques that can help you better secure your
Microsoft Exchange Servers. Be sure to stop by our Web site and check
it out!
http://www.secadministrator.com/articles/index.cfm?articleid=23516
5. ==== HOT RELEASE (ADVERTISEMENT) ====
* SPONSORED BY VERISIGN -- THE VALUE OF TRUST
Secure your servers with 128-bit SSL encryption! Grab your copy of
VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn
about using SSL to encrypt e-commerce transactions. Get it now!
http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0Lo50AP
6. ==== SECURITY TOOLKIT ====
* VIRUS CENTER
Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
http://www.secadministrator.com/panda
* FAQ: HOW CAN I ENABLE USERS TO SET THE ADMINISTRATOR PASSWORD DURING
A REMOTE INSTALLATION SERVICES INSTALLATION?
( contributed by John Savill, http://www.windows2000faq.com )
A. When you use the Microsoft Remote Installation Services (RIS), by
default the Administrator password is set to null (blank) during the
installation. You can, however, let the user set a password during the
final GUI portion of installation by following these steps:
On the RIS server, open the .sif file of the installation you want to
modify. By default, this file is in the
RemoteInstall\Setup\[language]\Images\[folder name]\I386\Templates
folder with a name of ristndrd.sif.
Go to the [GuiUnattended] section of the .sif file, and find the
following line:
AdminPassword = *
Change this line to read as follows:
AdminPassword = ""
Save the change.
During installation, the system will prompt the user to type an
Administrator password. You should test this change to ensure that it
works correctly.
As a side note, instead of "" you could type a password (e.g.,
AdminPassword = "fred"), which sets the Administrator password to the
password you specify and doesn't prompt the user. However, this
password travels as clear text, so I don't recommend this approach.
The Microsoft Windows 2000 Server Resource Kit describes another
option: You can use a Custom Installation Wizard and let the user type
in a password. However, this approach is quite complex.
7. ==== NEW AND IMPROVED ====
(contributed by Scott Firestone, IV, products_at_winnetmag.com)
* SECURITY PARTNERSHIP
Symantec and TruSecure announced a partnership that lets Symantec
Security Services use the TruSecure Service Provider 2001 service to
certify the security position of its Security Operations Centers.
Symantec Security Services will offer its customers the TruSecure 2001
service, which provides a process for managing information security
risks. TruSecure will also utilize NetRecon, Symantec's vulnerability
assessment tool, as part of its security assurance services. Contact
Symantec at 408-517-8000.
http://www.symantec.com
* PROTECT YOUR PASSWORD
SSH Communications Security released SSH Secure Shell 3.1, software
that protects you from people who try to steal passwords from the
Internet. The software supports Online Certificate Status Protocol for
improved security through realtime verification of a certificate's
validity. The new version also supports Secure File Transfer Protocol
event logging at the server end, enabling recording of user actions for
improved security. Pricing starts at $99 per workstation license, $475
per UNIX server license, and $565 per Windows server license. Contact
SSH Communications Security at 650-251-2700.
http://www.ssh.com
8. ==== HOT THREADS ====
* WINDOWS 2000 MAGAZINE ONLINE FORUMS
http://www.winnetmag.net/forums
Featured Thread: To Whom Do I Report an Ongoing Attack?
(Four messages in this thread)
Our server was hit earlier this year with the Code Red worm. I applied
all the recommended security fixes. However, our server continues to log
ongoing probes from changing IP addresses in the Web service log.
Every day we get hits searching for root.exe and cmd.exe in different
directories. Currently, I manually enter all originating IP addresses in
the "Excluded Computer" property sheet in the Directory Security tab.
However, I want to track down the perpetrators and stop the probes. The
machine is running an intranet site and needs to be connected so
employees in different states can access it.
Is there any law enforcement entity or other agency that can help? Can
you help? Read the responses or lend a hand at the
following URL:
http://www.secadministrator.com/forums/thread.cfm?thread_id=87730
* HOWTO MAILING LIST
http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
Featured Thread: How Can I Monitor Third-Party Email?
(Six messages in this thread)
Sebastian wonders how a business can monitor the email messages that
users send using third-party mail servers such as Hotmail and Yahoo. Can
you help? Read the responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0112b&L=howto&F=&S=&P=84
9. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT IN FOCUS -- mark_at_ntsecurity.net
* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey_at_winnetmag.com (please
mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
* PRODUCT NEWS -- products_at_winnetmag.com
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate_at_winnetmag.com
* WANT TO SPONSOR SECURITY UPDATE? emedia_opps_at_winnetmag.com
********************
Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
|-+-+-+-+-+-+-+-+-+-|
Thank you for reading Security UPDATE.
SUBSCRIBE
To subscribe, send a blank email to mailto:Security_UPDATE_Sub_at_lists.win2000mag.net.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Dec 20 2001
Intro
