Home page logo
/

isn logo Information Security News mailing list archives

Security UPDATE, June 6, 2001
From: InfoSec News <isn () c4i org>
Date: Wed, 6 Jun 2001 22:11:13 -0500 (CDT)

********************
Windows 2000 Magazine Security UPDATE--brought to you by the Windows
2000 Magazine Network
   **Watching the Watchers**
   http://www.win2000mag.net/Channels/Security
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

McAfee ePolicy Orchestrator
   http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: MCAFEE EPOLICY ORCHESTRATOR ~~~~
   Managing anti-virus protection through policy can save any business
money. A policy gives you a framework that allows you to more
effectively update your protection - critical in the fight against
viruses. Up-to-date protection prevents infections. And fewer infections
means less downtime and less time spent cleaning up. A policy also gives
you a benchmark against which to measure performance - in terms of both
protection and infection rates. By establishing and enforcing an
anti-virus policy, you save money where it counts the most: in the
ongoing management of anti-virus protection. ePolicy Orchestrator is the
best anti-virus management tool in independent tests. 
   http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985
~~~~~~~~~~~~~~~~~~~~

June 6, 2001--In this issue:

1. IN FOCUS
     - When Employees Leave the Firm

2. SECURITY RISKS
     - Cisco WebNS Management Software Allows Unauthenticated Access 
     - Scanning Software Vulnerability Can Trigger Reload of Cisco IOS
Configuration 
     - FTP Vulnerability in Cisco Arrowpoint Switches 
     - Denial of Service in Pi-Soft SpoonFTP Server  

3. ANNOUNCEMENTS
     - Tired of the Same Old Sales Pitch?
     - Security Community for Technology Professionals

4. SECURITY ROUNDUP
     - Editorial: Microsoft 'Gets' Security 
     - Review: Disk Imaging Solutions
     - Buyer's Guide: Smart Card Devices
     - Feature: Wireless Security Considerations, Part 1

5. SECURITY TOOLKIT
     - Book Highlight: Hack Attacks Denied: A Complete Guide to Network
Lockdown
     - Virus Center: VBS/LoveLetter.CM
     - FAQ: Can I Automatically Schedule Shared Resources?
     - SOHO Security: Spyware

6. NEW AND IMPROVED
     - Protect Against Vulnerable Passwords
     - Mac Internet Security Utilities Move to Windows

7. HOT THREADS 
     - Windows 2000 Magazine Online Forums
          Antivirus on Terminal Server
     - HowTo Mailing List
          Scheduled Task Won't Run unless Logged In

8. CONTACT US
   See this section for a list of ways to contact us.

1. ==== COMMENTARY ====

Hello everyone,

Last week, I discussed how some people feel that open-source-based
networks are more secure than Windows-based networks, largely because of
higher employee retention at companies with open-source platforms. I
also discussed some factors involved in employee retention, as well as
how poor employee retention can adversely affect a company's best
practices. I received numerous responses to that editorial, many
claiming that I had identified the primary reason they change jobs: lack
of creative freedom. 

In response to the claim that open-source-based networks remain more
secure than Windows-based networks, Microsoft said in a roundabout way
that the answer to a more secure Windows-based network is through best
practices. When you visit Microsoft's security site at the URL below,
you'll find several links to best practices that teach how to form
strategies and how to monitor and secure your networks. But you won't
find any information about how to secure your employees' participation
in your company for any great length of time so that those practices can
become more effective.
   http://www.microsoft.com/technet/security/bestprac.asp

All companies are interested in finding and keeping good employees, and
how they accomplish that is relative to the company's philosophies,
budgets, and management structure, so I can't offer a lot of specific
advice. In general, competitive pay and relative creative freedom are
two factors that significantly affect employee retention.

If keeping good employees helps reduce a company's overall security
risks, what happens when employees do leave the company? Have you
considered the additional security risks involved when an employee
departs? Many employees leave a company disgruntled to some degree, and
therein resides an often-overlooked risk: the potential for retaliation.


Most companies develop a number of processes for bringing an employee
into the company, but fewer companies develop adequate processes for
exiting an employee from the company. In my opinion, these tasks are
equally important. Does your company have employee exit procedures? Do
you conduct exit interviews with employees as part of those procedures?
Do you clearly state (perhaps in writing) in the exit interview when any
or all of an employee's rights are officially terminated? 

If you don't tie up such loose ends quickly, the risk associated with
employee departure increases dramatically. A recent news story quoted
the FBI in San Francisco as saying that at any given moment, it is
actively working on 40 to 50 cases where disgruntled ex-employees have
retaliated by hacking into the company network. Adequate exit procedures
that include immediate removal of all credentials, exit interviews, and
employee rights termination notices might help curb retaliation in many
instances.

If nothing else, exit interviews help to determine an ex-employee's
attitude about leaving. And specifically informing employees that they
no longer have the right to access company resources might cause them to
think twice before giving in to any retaliation impulses. 

If your company doesn't have exit procedures that include an exit
interview, consider the need to adopt such policies. This precaution
might save you a lot of headaches down the road. Until next time, have a
great week.

Sincerely,

Mark Joseph Edwards, News Editor, mark () ntsecurity net

2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, mark () ntsecurity net)

* CISCO WEBNS MANAGEMENT SOFTWARE ALLOWS UNAUTHENTICATED ACCESS 
   If users bookmark the URL that the Web management interface directs
users to after first authentication, users can access that URL anytime
in the future without having to reauthenticate. Cisco has issued an
advisory regarding this vulnerability. Cisco recommends that users
running WebNS management software upgrade to versions 4.01B29s or
4.10B17s, available through regular support channels. As a workaround,
Cisco recommends either disabling the Web management interface on the
switch or applying access control as specified in the documents linked
in the Web article below.
   http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21332

* SCANNING SOFTWARE VULNERABILITY CAN TRIGGER RELOAD OF CISCO IOS
CONFIGURATION 
   A vulnerability exists in Cisco's Internetwork Operating System (IOS)
that can cause a configuration reload. Security scanning software making
a TCP connection to ports 3100-3999, 5100-5999, 7100-7999, and
10100-10999 causes the router to unexpectedly reload at the next
issuance of the commands "show running-config" or "write memory" or
during the next access of the configuration file. An attacker can't
configure Cisco IOS software to support any services that might listen
at these port addresses or accept connections on those ports. However,
connection attempts to these ports in the affected version can cause
memory corruption, leading to an unexpected reload. Cisco has issued a
notice regarding this vulnerability.
   http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21333

* FTP VULNERABILITY IN CISCO ARROWPOINT SWITCHES 
   A user account that doesn't have administrative privileges can open
an FTP connection to a Cisco CSS 11000 series switch and use the GET and
PUT FTP commands with no user-level restrictions enforced. Cisco
recommends that users running the WebNS software versions listed in the
article at the URL (below) upgrade to versions 4.01B29s or 4.10B17s,
available through regular support channels. As a workaround, Cisco
recommends that users don't configure nonprivileged users on the switch,
as the software doesn't create any by default. Cisco also recommends
using the RESTRICT command to disable FTP access to the switch and
applying access control to FTP users as specified in the documents
linked in the Web article below.
   http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21335

* DENIAL OF SERVICE IN PI-SOFT SPOONFTP SERVER  
   A Denial of Service (DoS) condition in Pi-Soft SpoonFTP 1.0.0.12 can
let an attacker execute arbitrary code on the server. By establishing an
FTP connection to a vulnerable server and issuing the LIST or CWD
command, followed by 531 bytes of data or more, an attacker can cause
the server process to crash. In most cases, the computer kills the
process before passing any data to the stack, but the possibility still
exists for an attacker to overwrite the code's execution instruction
point (EIP) and execute the code. The vendor, Pi-Soft Consulting, has
released version 1.0.0.13 to fix this vulnerability.
   http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21336

3. ==== ANNOUNCEMENTS ====

* TIRED OF THE SAME OLD SALES PITCH?     
   Now there's a better way to find the perfect IT vendor or
solution--absolutely free! The IT Buyers Network (ITBN) lets you search
through thousands of vendor solutions. You'll love the ITBN's one-stop
shopping approach for hardware, network and systems software, IT
services, and much more! Visit the ITBN today! 
   http://www.itbuynet.com

* SECURITY COMMUNITY FOR TECHNOLOGY PROFESSIONALS
   Looking for a free, online resource for research and support?
ITtoolbox Security provides information on Internet Security Protocols,
firewalls, encryption and many other facets of security technology. With
portals for essential technologies such as Networking, Wireless, and
Storage, ITtoolbox is your gateway to IT knowledge. Visit soon to work
smarter.
   http://www.ittoolbox.com/welcome.asp?site=security&sndr=win2000sec

4. ========== SECURITY ROUNDUP ==========

* NEWS: MICROSOFT 'GETS' SECURITY
   If the spate of recent virus scares, Web-site break-ins, and other
security violations have taught us anything, it's that the
interconnected future will require a more open and responsible attitude
toward security and privacy. Although naysayers (e.g., Sun Microsystems
CEO Scott McNealy, who last year uttered, "You gave up your privacy a
long time ago. Get over it.") abound, securing our personal and
corporate data is of paramount importance as we move into a .NET
environment, and we need to plan accordingly. Find out what Microsoft is
doing to secure its customers' information and what you can do to make
sure you 'get' security too in Paul Thurrott's editorial on our Web
site.
   http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20938

* REVIEW: DISK-IMAGING SOLUTIONS
   Disk-imaging programs are a boon to administrators deploying PCs in
their organization. You configure a system the way you want it, then
copy the hard disk's contents (i.e., the image) to another system's hard
disk so that the second system is configured the same as the first.
Although the basics haven't changed since cloning software's inception,
the mechanisms for copying and deploying images have become
sophisticated. Read all about disk imaging in Ed Roth's comparative
review on our Web site.
   http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20876

* BUYER'S GUIDE: SMART CARD DEVICES
   Europeans use smart cards as prepaid phone cards, public-transit fare
cards, and health insurance ID cards. Smart cards aren't as widely
accepted in North America, but some organizations use them for security
applications. Mark Weitz explains that smart cards are available in two
forms: memory cards and microprocessor cards. Memory cards are a
relatively inexpensive way to improve PC and network security because
the user must present a card, a username, and a password to gain access.
You generally use memory cards to access personal computers and
networks, but some vendors offer cards that also let you access your
employer's entry doors so that you don't have to carry more than one
card.
   http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20946

* FEATURE: WIRELESS SECURITY CONSIDERATIONS, PART 1
   This look at wireless security focuses on wide area wireless systems.
Contrary to popular belief, you can secure wireless systems at levels
that approach the security levels of Web systems. As Steve Milroy
informs us, the four main areas that form the foundation of both wired
and wireless secure systems are authentication, encryption,
authorization, and nonrepudiation. Be sure to read the rest of the story
on our Web site.
   http://www.win2000mag.com/Articles/Index.cfm?ArticleID=21226 

5. ==== SECURITY TOOLKIT ====

* BOOK HIGHLIGHT: HACK ATTACKS DENIED: A COMPLETE GUIDE TO NETWORK
LOCKDOWN
   By John Chirillo
   List Price: $54.99
   Fatbrain Online Price: $43.99
   Softcover; 512 pages
   Published by John Wiley & Sons, April 2001
   ISBN 0471416258

For more information or to purchase this book, go to
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471416258
and enter WIN2000MAG as the discount code.

* VIRUS CENTER
   Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
   http://www.windowsitsecurity.com/panda

VIRUS ALERT: VBS/LOVELETTER.CM 
   VBS/LoveLetter.CM is a worm that uses email to carry out its
infections. The worm arrives in email with the subject line "Where are
you?" The message line reads "This is my pic in the beach" and contains
an attached file called JENNIFERLOPEZ_NAKED.JPG.VBS. It appears to be a
picture file, but in fact it's simply a VBS worm. 
   http://63.88.172.96/Panda/Index.cfm?FuseAction=Virus&VirusID=1099

* FAQ: CAN I AUTOMATICALLY SCHEDULE SHARED RESOURCES?
   ( contributed by Paul Robichaux, http://www.windows2000faq.com )
   Microsoft Exchange Server lets you set up objects that can
automatically accept or decline meeting requests. You can also set up
objects for such things as scheduling meeting rooms or audio/visual
(A/V) equipment so that everyone in your Global Address List (GAL) can
easily check for times to reserve the object. However, Exchange's
built-in shared resource functions are pretty anemic. One solution is to
install Robert Strong's excellent AutoAccept script from the
Exchangecode.com Web site. The script includes a lot of the
functionality missing from standard Microsoft capabilities, letting you
set up, manage, and automatically schedule resources without a major
investment in time or money. (Exchangecode.com is a noncommercial Web
site that provides free code samples and applications focusing on
Exchange Server and Outlook.)

* SOHO SECURITY: SPYWARE
   In previous articles, Jonathan Hassel described some of the security
threats and solutions that a small office/home office (SOHO) user needs
to consider regarding firewalls, routers, email, and backdoor programs.
One security threat that Jonathan hasn't examined is spyware. Spyware is
a threat to your data, and its use violates programming ethics. Loosely
defined, spyware is software that covertly sends and receives
information about a person or an organization without that party's
express consent. Most frequently, spyware comes in the form of software
that you install on your system--a component that quietly gathers
information (e.g., usage statistics, browsing patterns, and marketing
data) to send to the software's manufacturer or to third parties. If you
install such software, and you're aware of the program's intended
purpose, that software isn't spyware. 
   http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=21272

6. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () win2000mag com)

* PROTECT AGAINST VULNERABLE PASSWORDS
   MDD announced Password Bouncer Standard Edition for Windows 2000/NT4,
software that prevents users from selecting vulnerable passwords that
hackers can easily guess. The program screens passwords through advanced
rules and validates them against a list of more than 300,000 commonly
compromised words and proper nouns. Password Bouncer Standard Edition
supports Win2K and NT systems and is licensed on an annual, nonperpetual
subscription at $995. Contact MDD at 925-831-4746.
   http://www.passwordbouncer.com

* MAC INTERNET SECURITY UTILITIES MOVE TO WINDOWS
   Intego, a developer of Macintosh Internet security utilities,
announced that its entire product line of security programs will be
ported to Windows. The first Windows versions will be NetBarrier
personal firewall and the ContentBarrier parental control software in
fourth quarter 2001. NetBarrier provides three modules: Firewall,
Antivandal, and Internet Filter to make NetBarrier a complete personal
security solution. ContentBarrier helps parents protect their children
by monitoring Internet usage to avoid contact with dangerous Web sites,
chat rooms, email, newsgroups, and downloads. The program also contains
key features to help businesses optimize their employees' productivity
by limiting Internet access. Contact Intego at 305-868-7920.
   http://www.intego.com  

7. ==== HOT THREADS ====

* WINDOWS 2000 MAGAZINE ONLINE FORUMS
   http://www.win2000mag.net/forums 

Featured Thread: Antivirus on Terminal Server
   (Two messages in this thread)

Jason wants to know about antivirus software for a Terminal
Server/CITRIX environment. Read the responses of others or lend a
helping hand at the following URL:
   http://www.win2000mag.net/forums/rd.cfm?app=64&id=68947

* HOWTO MAILING LIST
   http://www.windowsitsecurity.com/go/page_listserv.asp?s=HowTo

Featured Thread: Scheduled Task Won't Run unless Logged In
   (Four messages in this thread)

This reader is having trouble running a batch file that runs some Java
code. As long as the person running the scheduled task is logged on to
the server with the batch file and Java, it runs just fine, but when no
one is logged on the task runs and the batch file executes, but the Java
commands don't do anything. Read other responses or lend a hand at the
following URL.
   http://63.88.172.96/go/page_listserv.asp?A2=IND0106A&L=HOWTO&P=468

8. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- tfaubion () win2000mag com; please
mention the newsletter name in the subject line.

* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums

* PRODUCT NEWS -- products () win2000mag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support at securityupdate () win2000mag com 

* WANT TO SPONSOR Security UPDATE? emedia_opps () win2000mag com

********************
   This weekly email newsletter is brought to you by Windows 2000
Magazine, the leading publication for Windows 2000/NT professionals who
want to learn more and perform better. Subscribe today.
   http://www.win2000mag.com/sub.cfm?code=wswi201x1z

   Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
   http://www.win2000mag.net/email

|-+-+-+-+-+-+-+-+-+-|

Thank you for reading Security UPDATE.


http://go.win2000mag.net/UM/T.asp?A2153.23115.1104.1.532985You are
subscribed as isn () c4i org 

SUBSCRIBE
To subscribe send a blank email to
subscribe-Security_UPDATE () list win2000mag net 

If you have questions or problems with your UPDATE subscription, please
contact securityupdate () win2000mag com  
___________________________________________________________
Copyright 2001, Penton Media, Inc.













ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com 


  By Date           By Thread  

Current thread:
  • Security UPDATE, June 6, 2001 InfoSec News (Jun 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault