Home page logo
/

isn logo Information Security News mailing list archives

Security UPDATE, September 20, 2001
From: InfoSec News <isn () c4i org>
Date: Fri, 21 Sep 2001 02:42:25 -0500 (CDT)

[Editor's Note: Due to unforeseen circumstances, Security UPDATE 
only mailed to a very small percentage of subscribers yesterday, so 
some readers might receive a duplicate copy. We apologize for any
inconvenience this delay and duplication might have caused.]

********************

Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
   http://www.secadministrator.com

********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Top 10 Windows and AD Security Threats
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwR0AS 

Is Your System Prepared For The Next Code Red?
http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwS0AT
   (below SECURITY RISK) 

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~
   Security vulnerabilities never die; they just become more 
embarrassing when exploited. Protect your organization from common 
security risks. To find out how, download a free white paper "Top Ten 
Security Threats for Windows 2000 and Active Directory." This white 
paper not only describes vulnerability threats such as IIS RDS, IIS 
Unicode, SQL Server with no system administrator (SA) password, and weak 
or no passwords, but also tells you how to protect your organization 
from these Windows 2000 and Active Directory security exposures. 
Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwR0AS 

********************

September 20, 2001--In this issue:

1. IN FOCUS
     - Attack on Privacy

2. SECURITY RISK
     - DoS Condition in Microsoft Windows NT 4.0 Endpoint Mapper Service

3. ANNOUNCEMENTS
     - Tired of the Same Old Sales Pitch?
     - Visit the New Connected Home Web Site!

4. SECURITY ROUNDUP
     - News: Nimda Worm Boring into Computers Worldwide
     - Feature: ACL-Based Security Tips for IIS
     - Feature: Inside the Exchange Server Antivirus API

5. HOT RELEASE (ADVERTISEMENT)
     - Sponsored by CyberwallPLUS Server Resident Security

6. SECURITY TOOLKIT
     - Book Highlight: Hackers Beware: Defending Your Network from the 
       Wiley Hacker
     - Virus Center
     - FAQ: Why Can't I Create a Kerberos-Based Trust Between Two 
       Domains in Different Forests?

7. NEW AND IMPROVED
     - Detect and Repair Viruses
     - Secure Email Messages, Files, and Documents

8. HOT THREADS
     - Windows 2000 Magazine Online Forums
         - Featured Thread: Saving Log Files Automatically
     - HowTo Mailing List:
         - How to Improve Microsoft's Security Site

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== COMMENTARY ====

Hello everyone,

The recent attacks against the United States have raised many concerns 
in the information security industry because of the changes these 
events might bring. For example, the Federal Bureau of Investigation 
(FBI) said that terrorists use strong encryption and related 
technologies, such as steganography, to hide and disseminate their 
communications--once again raising the problem of key escrow and 
encryption export restrictions. Some people who had already accused 
pretty good privacy (PGP) of contributing to crime are now making those 
claims even more loudly. 

According to Wired News (see URL below), the FBI has installed its 
DCS1000 software (formerly Carnivore) in the core networks of all 
consenting tier-1 ISPs across the nation. The FBI can now scan most 
communications that travel across American-based computer networks for 
potentially incriminating content.
   http://www.wired.com/news/politics/0,1283,46747,00.html

In addition, corporations are considering monitoring email and Internet 
traffic even more closely, and federal attention is focusing on free 
email and mailing list services (e.g., Hotmail and Yahoo) as possible 
vantage points for terrorist communications.

Furthermore, the Bush administration intends to ask Congress for 
expanded wiretap powers. The expanded powers would make wiretap orders 
applicable to individuals instead of specific devices owned by an 
individual. Instead of tapping a specific device, law enforcement might 
be able to tap any device that a suspect might use--including all of 
our private telephone and computer networks.

Meanwhile, attackers have defaced or denied service to various 
governmental Web sites in both Israel and Afghanistan. I've received 
reports this week that attackers defaced the Israeli Prime Ministry's 
Web site, and the Afghanistan presidential palace Web site suffered 
Denial of Service (DoS) attacks and had to take the site offline. 
We stand a good chance of losing some of our civil liberties, 
especially rights to privacy, and I can't fathom how that's necessary 
to fight terrorism. 

Microsoft has released a beta version of HFNetChk 3.2, which lets you 
check which hotfixes are installed on any machine on the network. You 
can learn about the beta, including how to download a copy, by reading 
the message Microsoft posted to our HowTo Mailing List at the URL 
below. In addition, Microsoft says that it's redesigning its security 
site, and the company is soliciting suggestions about how to improve 
the site's content and functionality. Be sure to read the Microsoft 
message listed in the HowTo Mailing List section of this newsletter 
under HOT THREADS. 
http://www.secadministrator.com/ListServ/win2ks-l.asp?A2=IND0109C&L=WIN2KSECADVICE&P=270

Sincerely,

Mark Joseph Edwards, News Editor, mark () ntsecurity net

2. ==== SECURITY RISK ====
   (contributed by Ken Pfeil, ken () win2000mag com)

* DOS CONDITION IN MICROSOFT WINDOWS NT 4.0 ENDPOINT MAPPER SERVICE
   A vulnerability exists in the NT 4.0 remote procedure call (RPC) 
endpoint mapper service that an attacker can use to cause a Denial of 
Service (DoS) condition. A problem in the service causes it to fail 
when an attacker sends a request that contains a particular type of 
malformed data. Microsoft has released security bulletin MS01-048 to 
address this vulnerability and recommends that affected users apply the 
patch provided at its Web site. Microsoft will provide a patch for NT 
Server 4.0, Terminal Server Edition at bulletin MS01-048 when the patch 
becomes available.
   http://www.secadministrator.com/articles/index.cfm?articleid=22481

********************

~~~~ SPONSOR: IS YOUR SYSTEM PREPARED FOR THE NEXT CODE RED? ~~~~
   The Code Red worm and other intrusions are easily avoided if the 
latest security updates are identified and deployed with 
UpdateEXPERT(tm). UpdateEXPERT is a solution that helps you secure your 
systems by remotely managing service packs and hotfixes. UpdateEXPERT 
supports Windows NT and 2000, and a long list of mission critical 
applications. Quickly conduct research, take inventory, deploy updates 
and validate installations of networked machines with UpdateEXPERT.
   Free Trial:
http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwS0AT 

~~~~~~~~~~~~~~~~~~~~

3. ==== ANNOUNCEMENTS ====

* TIRED OF THE SAME OLD SALES PITCH?
   Now there's a better way to find the perfect IT vendor or solution--
absolutely free! The IT Buyer's Network (ITBN) lets you search through 
thousands of vendor solutions. You'll love the ITBN's one-stop shopping 
approach for hardware, network and systems software, IT services, and 
much more! Visit the ITBN today!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KXr0AT 

* VISIT THE NEW CONNECTED HOME WEB SITE!
   The people who bring you Connected Home EXPRESS have launched a new 
Web site! Get how-to tips and tricks to help you with home networking, 
home theater, audio, and much more. While you're there, sign up (for 
free!) for the first issue of Connected Home Magazine, coming in late 
October. Check it out! 
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KA30A2 

4. ==== SECURITY ROUNDUP ====

* NEWS: NIMDA WORM BORING INTO COMPUTERS WORLDWIDE
   A new worm, dubbed Nimda, is spreading rapidly across the Internet 
affecting both businesses and home computer users. The worm spreads in 
a variety of fashions using various unpatched software programs, 
including Microsoft Outlook, Internet Explorer (IE), and IIS. 
   http://www.secadministrator.com/articles/index.cfm?articleid=22523
   http://www.secadministrator.com/articles/index.cfm?articleid=22520
 
* FEATURE: ACL-BASED SECURITY TIPS FOR IIS
   Every system object in Windows 2000 and Windows NT has a unique 
security descriptor that includes an ACL. In his article for "IIS Tips 
and Tricks Newsletter," Tim Huckaby teaches you how to tweak ACL 
settings to better protect your Microsoft IIS systems.
   http://www.secadministrator.com/articles/index.cfm?articleid=22444

* FEATURE: INSIDE THE EXCHANGE SERVER ANTIVIRUS API
   Many readers have asked about the new antivirus API (AVAPI 2.0) that 
Microsoft has included in Microsoft Exchange 2000 Server Service Pack 1 
(SP1) and what AVAPI 2.0 means to Exchange administrators. Jerry 
Cochran offers a brief review to bring everyone up to date.
   http://www.secadministrator.com/articles/index.cfm?articleid=22416

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* SPONSORED BY CYBERWALLPLUS SERVER RESIDENT SECURITY
   Were your Windows NT/2000 Web servers hit by the Code Red Worm? Are 
there other important servers still at risk? Use CyberwallPLUS server-
class firewall and intrusion prevention software as your last line of 
defense when perimeter security is no longer enough.
   Free 30-day evaluation - http://lists.win2000mag.net/cgi-bin3/flo?y=eHcd0CJgSH0BVg0KwV0AW 

6. ==== SECURITY TOOLKIT ====

* BOOK HIGHLIGHT: HACKERS BEWARE: DEFENDING YOUR NETWORK FROM THE WILEY 
HACKER
   By Eric Cole
   List Price: $45.00
   Fatbrain Online Price: $36.00
   Softcover; 778 pages
   Published by New Riders Publishing, August 2001
   ISBN 0735710090

For more information or to purchase this book, go to 
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0735710090 
and enter WIN2000MAG as the discount code when you order the book.

* VIRUS CENTER
   Panda Software and the Windows 2000 Magazine Network have teamed to 
bring you the Center for Virus Control. Visit the site often to remain 
informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: WHY CAN'T I CREATE A KERBEROS-BASED TRUST BETWEEN TWO DOMAINS IN 
DIFFERENT FORESTS?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. When you manually create trusts, you can select one of two 
authentication protocols: 

   - Kerberos -- The Kerberos V5 authentication protocol is the default 
authentication service for Windows 2000. You use the protocol to verify 
that a user or host is who it says it is. Trusts between domains in a 
tree and between the root domains in a forest use this protocol. 
   - NT LAN Manager (NTLM) -- The NTLM authentication protocol is the 
default for network authentication in Windows NT 4.0 and earlier, but 
Win2K still supports it (although not as the default). NTLM is a 
challenge-and-response authentication protocol. 

A transitive Kerberos-based trust links domains within a forest. When 
you create a trust between two domains in different forests, you can 
select only NTLM because Kerberos isn't available for cross-forest 
trust relationships. This isn't a Kerberos limitation, but a Microsoft 
implementation limitation. If you use a third-party Kerberos 
implementation (e.g., MIT), you can use Kerberos for cross-forest 
trusts.

7. ==== NEW AND IMPROVED ====
   (contributed by Scott Firestone, IV, products () win2000mag com)

* DETECT AND REPAIR VIRUSES
   Symantec released Norton AntiVirus 2002--software that detects and 
repairs a virus automatically, provides automated Internet updates, and 
integrates with Windows Explorer. Norton AntiVirus 2002 also scans 
incoming and outgoing email to stop viruses, and proactively uses 
script blocking to constantly monitor scripts and alert users to virus-
like malicious behavior. The software prevents email programs from 
sending or forwarding virus-infected email messages. Norton AntiVirus 
2002 costs $49.95. Contact Symantec at 408-517-8000.
   http://www.symantec.com

* SECURE EMAIL MESSAGES, FILES, AND DOCUMENTS
   Citrix Systems and Entrust, a provider of Internet security and 
managed services, announced interoperability of Citrix MetaFrame XP and 
Citrix Extranet software with Entrust Entelligence 6.0 and Entrust 
Authority 6.0 software. Entrust Entelligence 6.0 and Entrust Authority 
6.0 feature enhanced identification, verification, privacy, and 
security management to ensure online security and privacy for email, 
files, and documents. For pricing, contact Citrix Systems at 954-267-
3000 or Entrust at 972-943-7300 or 888-690-2424.
   http://www.citrix.com
   http://www.entrust.com

8. ==== HOT THREADS ====

* WINDOWS 2000 MAGAZINE ONLINE FORUMS
   http://www.win2000mag.net/forums 

Featured Thread: Saving Log Files Automatically
   (Two messages in this thread)

Craig knows how to save security log files manually using Event Viewer, 
but he wants to save his log files automatically to keep a running 
archive. Read more about the question and the responses, or lend a hand 
at the following URL:
   http://www.win2000mag.net/forums/rd.cfm?app=64&id=78714

* HOWTO MAILING LIST
   http://www.secadministrator.com/ListServ/page_listserv.asp?s=HowTo

Featured Thread: How to Improve Microsoft's Security Site
   (One message in this thread)

Microsoft will soon redesign its security Web pages. The company is now 
soliciting suggestions from users about how to improve the site's 
design. If you have content needs or suggestions for content and 
functionality not already present, be sure to read Microsoft's message 
and respond with your concerns! 
http://63.88.172.96/ListServ/page_listserv.asp?A2=IND0109B&L=HOWTO&P=85

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () win2000mag com; please
  mention the newsletter name in the subject line.

* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums

* PRODUCT NEWS -- products () win2000mag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
  Support at securityupdate () win2000mag com 

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () win2000mag com

********************

Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
http://www.win2000mag.net/email

|-+-+-+-+-+-+-+-+-+-|



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • Security UPDATE, September 20, 2001 InfoSec News (Sep 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]