Information Security News
mailing list archives
Security UPDATE, September 20, 2001
From: InfoSec News <isn () c4i org>
Date: Fri, 21 Sep 2001 02:42:25 -0500 (CDT)
[Editor's Note: Due to unforeseen circumstances, Security UPDATE
only mailed to a very small percentage of subscribers yesterday, so
some readers might receive a duplicate copy. We apologize for any
inconvenience this delay and duplication might have caused.]
Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
~~~~ THIS ISSUE SPONSORED BY ~~~~
Top 10 Windows and AD Security Threats
Is Your System Prepared For The Next Code Red?
(below SECURITY RISK)
~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~
Security vulnerabilities never die; they just become more
embarrassing when exploited. Protect your organization from common
security risks. To find out how, download a free white paper "Top Ten
Security Threats for Windows 2000 and Active Directory." This white
paper not only describes vulnerability threats such as IIS RDS, IIS
Unicode, SQL Server with no system administrator (SA) password, and weak
or no passwords, but also tells you how to protect your organization
from these Windows 2000 and Active Directory security exposures.
Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwR0AS
September 20, 2001--In this issue:
1. IN FOCUS
- Attack on Privacy
2. SECURITY RISK
- DoS Condition in Microsoft Windows NT 4.0 Endpoint Mapper Service
- Tired of the Same Old Sales Pitch?
- Visit the New Connected Home Web Site!
4. SECURITY ROUNDUP
- News: Nimda Worm Boring into Computers Worldwide
- Feature: ACL-Based Security Tips for IIS
- Feature: Inside the Exchange Server Antivirus API
5. HOT RELEASE (ADVERTISEMENT)
- Sponsored by CyberwallPLUS Server Resident Security
6. SECURITY TOOLKIT
- Book Highlight: Hackers Beware: Defending Your Network from the
- Virus Center
- FAQ: Why Can't I Create a Kerberos-Based Trust Between Two
Domains in Different Forests?
7. NEW AND IMPROVED
- Detect and Repair Viruses
- Secure Email Messages, Files, and Documents
8. HOT THREADS
- Windows 2000 Magazine Online Forums
- Featured Thread: Saving Log Files Automatically
- HowTo Mailing List:
- How to Improve Microsoft's Security Site
9. CONTACT US
See this section for a list of ways to contact us.
1. ==== COMMENTARY ====
The recent attacks against the United States have raised many concerns
in the information security industry because of the changes these
events might bring. For example, the Federal Bureau of Investigation
(FBI) said that terrorists use strong encryption and related
technologies, such as steganography, to hide and disseminate their
communications--once again raising the problem of key escrow and
encryption export restrictions. Some people who had already accused
pretty good privacy (PGP) of contributing to crime are now making those
claims even more loudly.
According to Wired News (see URL below), the FBI has installed its
DCS1000 software (formerly Carnivore) in the core networks of all
consenting tier-1 ISPs across the nation. The FBI can now scan most
communications that travel across American-based computer networks for
potentially incriminating content.
In addition, corporations are considering monitoring email and Internet
traffic even more closely, and federal attention is focusing on free
email and mailing list services (e.g., Hotmail and Yahoo) as possible
vantage points for terrorist communications.
Furthermore, the Bush administration intends to ask Congress for
expanded wiretap powers. The expanded powers would make wiretap orders
applicable to individuals instead of specific devices owned by an
individual. Instead of tapping a specific device, law enforcement might
be able to tap any device that a suspect might use--including all of
our private telephone and computer networks.
Meanwhile, attackers have defaced or denied service to various
governmental Web sites in both Israel and Afghanistan. I've received
reports this week that attackers defaced the Israeli Prime Ministry's
Web site, and the Afghanistan presidential palace Web site suffered
Denial of Service (DoS) attacks and had to take the site offline.
We stand a good chance of losing some of our civil liberties,
especially rights to privacy, and I can't fathom how that's necessary
to fight terrorism.
Microsoft has released a beta version of HFNetChk 3.2, which lets you
check which hotfixes are installed on any machine on the network. You
can learn about the beta, including how to download a copy, by reading
the message Microsoft posted to our HowTo Mailing List at the URL
below. In addition, Microsoft says that it's redesigning its security
site, and the company is soliciting suggestions about how to improve
the site's content and functionality. Be sure to read the Microsoft
message listed in the HowTo Mailing List section of this newsletter
under HOT THREADS.
Mark Joseph Edwards, News Editor, mark () ntsecurity net
2. ==== SECURITY RISK ====
(contributed by Ken Pfeil, ken () win2000mag com)
* DOS CONDITION IN MICROSOFT WINDOWS NT 4.0 ENDPOINT MAPPER SERVICE
A vulnerability exists in the NT 4.0 remote procedure call (RPC)
endpoint mapper service that an attacker can use to cause a Denial of
Service (DoS) condition. A problem in the service causes it to fail
when an attacker sends a request that contains a particular type of
malformed data. Microsoft has released security bulletin MS01-048 to
address this vulnerability and recommends that affected users apply the
patch provided at its Web site. Microsoft will provide a patch for NT
Server 4.0, Terminal Server Edition at bulletin MS01-048 when the patch
~~~~ SPONSOR: IS YOUR SYSTEM PREPARED FOR THE NEXT CODE RED? ~~~~
The Code Red worm and other intrusions are easily avoided if the
latest security updates are identified and deployed with
UpdateEXPERT(tm). UpdateEXPERT is a solution that helps you secure your
systems by remotely managing service packs and hotfixes. UpdateEXPERT
supports Windows NT and 2000, and a long list of mission critical
applications. Quickly conduct research, take inventory, deploy updates
and validate installations of networked machines with UpdateEXPERT.
3. ==== ANNOUNCEMENTS ====
* TIRED OF THE SAME OLD SALES PITCH?
Now there's a better way to find the perfect IT vendor or solution--
absolutely free! The IT Buyer's Network (ITBN) lets you search through
thousands of vendor solutions. You'll love the ITBN's one-stop shopping
approach for hardware, network and systems software, IT services, and
much more! Visit the ITBN today!
* VISIT THE NEW CONNECTED HOME WEB SITE!
The people who bring you Connected Home EXPRESS have launched a new
Web site! Get how-to tips and tricks to help you with home networking,
home theater, audio, and much more. While you're there, sign up (for
free!) for the first issue of Connected Home Magazine, coming in late
October. Check it out!
4. ==== SECURITY ROUNDUP ====
* NEWS: NIMDA WORM BORING INTO COMPUTERS WORLDWIDE
A new worm, dubbed Nimda, is spreading rapidly across the Internet
affecting both businesses and home computer users. The worm spreads in
a variety of fashions using various unpatched software programs,
including Microsoft Outlook, Internet Explorer (IE), and IIS.
* FEATURE: ACL-BASED SECURITY TIPS FOR IIS
Every system object in Windows 2000 and Windows NT has a unique
security descriptor that includes an ACL. In his article for "IIS Tips
and Tricks Newsletter," Tim Huckaby teaches you how to tweak ACL
settings to better protect your Microsoft IIS systems.
* FEATURE: INSIDE THE EXCHANGE SERVER ANTIVIRUS API
Many readers have asked about the new antivirus API (AVAPI 2.0) that
Microsoft has included in Microsoft Exchange 2000 Server Service Pack 1
(SP1) and what AVAPI 2.0 means to Exchange administrators. Jerry
Cochran offers a brief review to bring everyone up to date.
5. ==== HOT RELEASE (ADVERTISEMENT) ====
* SPONSORED BY CYBERWALLPLUS SERVER RESIDENT SECURITY
Were your Windows NT/2000 Web servers hit by the Code Red Worm? Are
there other important servers still at risk? Use CyberwallPLUS server-
class firewall and intrusion prevention software as your last line of
defense when perimeter security is no longer enough.
Free 30-day evaluation - http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwV0AW
6. ==== SECURITY TOOLKIT ====
* BOOK HIGHLIGHT: HACKERS BEWARE: DEFENDING YOUR NETWORK FROM THE WILEY
By Eric Cole
List Price: $45.00
Fatbrain Online Price: $36.00
Softcover; 778 pages
Published by New Riders Publishing, August 2001
For more information or to purchase this book, go to
and enter WIN2000MAG as the discount code when you order the book.
* VIRUS CENTER
Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
* FAQ: WHY CAN'T I CREATE A KERBEROS-BASED TRUST BETWEEN TWO DOMAINS IN
( contributed by John Savill, http://www.windows2000faq.com )
A. When you manually create trusts, you can select one of two
- Kerberos -- The Kerberos V5 authentication protocol is the default
authentication service for Windows 2000. You use the protocol to verify
that a user or host is who it says it is. Trusts between domains in a
tree and between the root domains in a forest use this protocol.
- NT LAN Manager (NTLM) -- The NTLM authentication protocol is the
default for network authentication in Windows NT 4.0 and earlier, but
Win2K still supports it (although not as the default). NTLM is a
challenge-and-response authentication protocol.
A transitive Kerberos-based trust links domains within a forest. When
you create a trust between two domains in different forests, you can
select only NTLM because Kerberos isn't available for cross-forest
trust relationships. This isn't a Kerberos limitation, but a Microsoft
implementation limitation. If you use a third-party Kerberos
implementation (e.g., MIT), you can use Kerberos for cross-forest
7. ==== NEW AND IMPROVED ====
(contributed by Scott Firestone, IV, products () win2000mag com)
* DETECT AND REPAIR VIRUSES
Symantec released Norton AntiVirus 2002--software that detects and
repairs a virus automatically, provides automated Internet updates, and
integrates with Windows Explorer. Norton AntiVirus 2002 also scans
incoming and outgoing email to stop viruses, and proactively uses
script blocking to constantly monitor scripts and alert users to virus-
like malicious behavior. The software prevents email programs from
sending or forwarding virus-infected email messages. Norton AntiVirus
2002 costs $49.95. Contact Symantec at 408-517-8000.
* SECURE EMAIL MESSAGES, FILES, AND DOCUMENTS
Citrix Systems and Entrust, a provider of Internet security and
managed services, announced interoperability of Citrix MetaFrame XP and
Citrix Extranet software with Entrust Entelligence 6.0 and Entrust
Authority 6.0 software. Entrust Entelligence 6.0 and Entrust Authority
6.0 feature enhanced identification, verification, privacy, and
security management to ensure online security and privacy for email,
files, and documents. For pricing, contact Citrix Systems at 954-267-
3000 or Entrust at 972-943-7300 or 888-690-2424.
8. ==== HOT THREADS ====
* WINDOWS 2000 MAGAZINE ONLINE FORUMS
Featured Thread: Saving Log Files Automatically
(Two messages in this thread)
Craig knows how to save security log files manually using Event Viewer,
but he wants to save his log files automatically to keep a running
archive. Read more about the question and the responses, or lend a hand
at the following URL:
* HOWTO MAILING LIST
Featured Thread: How to Improve Microsoft's Security Site
(One message in this thread)
Microsoft will soon redesign its security Web pages. The company is now
soliciting suggestions from users about how to improve the site's
design. If you have content needs or suggestions for content and
functionality not already present, be sure to read Microsoft's message
and respond with your concerns!
9. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT THE COMMENTARY -- mark () ntsecurity net
* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () win2000mag com; please
mention the newsletter name in the subject line.
* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
* PRODUCT NEWS -- products () win2000mag com
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support at securityupdate () win2000mag com
* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () win2000mag com
Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Security UPDATE, September 20, 2001 InfoSec News (Sep 21)