********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

FREE Security White Paper from NetIQ!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak

VeriSign--The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE SECURITY WHITE PAPER FROM NETIQ! ~~~~
   The 6 biggest security wastes . . . are you aware of them? Need to
maximize corporate security and minimize risks on a limited IT budget?
Learn which six network security measures you should invest in and six
money-wasting expenses to avoid. You can't afford to allocate your
limited resources to the wrong tools. Learn how to develop a sound
investment strategy for information security today. Download NetIQ's
free white paper, "Investing Wisely in Security" now.
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0rkJ0Ak

~~~~~~~~~~~~~~~~~~~~

April 17, 2002--In this issue:

1. IN FOCUS
     - Report Details Computer Crime and Security Concerns

2. SECURITY RISKS
     - Multiple Vulnerabilities in Microsoft IIS
     - DoS in WatchGuard's Firewall

3. ANNOUNCEMENTS
     - Learn from (or Try to Stump) Top Windows Security Forum Pros
     - If You Missed Out on TechEd 2002 US ...

4. SECURITY ROUNDUP
     - News: CERT Offers Overview of Attack Trends
     - News: Microsoft Releases Baseline Security Analyzer
     - News: A Critical IE Security Rollup, VM Hotfix, and Post-Win2K
       SP2 Fixes

5. SECURITY TOOLKIT
     - Virus Center
     - FAQ: Download a CAB File Through a Proxy Server

6. NEW AND IMPROVED
     - Prevent Recovery of Your Deleted Files
     - Protect Against Internal and External Attacks

7. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Wrong Settings on File Permissions
     - HowTo Mailing List
         - Featured Thread: Grant Permission to Reset Users' Passwords
           Without Account Operator Privilege

8. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
markntsecurity.net)

* REPORT DETAILS COMPUTER CRIME AND SECURITY

The Computer Security Institute (CSI) recently released the findings of
its seventh annual Computer Crime and Security Survey, conducted in
conjunction with the Federal Bureau of Investigation's (FBI's) San
Francisco-based Computer Intrusion Squad. According to the survey,
computer crimes and their related costs continue to increase.

Survey results are based on responses from 503 security practitioners
who work in the business, government, finance, medical, and higher-
education sectors. The survey reports that 90 percent of the
respondents detected security breaches in the past 12 months and 80
percent suffered measurable financial losses. Of the organizations that
suffered losses, 223 respondents quantified their losses, which totaled
$455,848,000. Respondents attributed most losses to theft of
proprietary information and financial fraud. Three-quarters of
respondents said that their Internet connections were the most frequent
points of attack.

The types of intrusions varied. Forty percent detected penetration
attempts from the outside. Fifty-two percent of the respondents conduct
e-commerce. Twelve percent of respondents reported the theft of
transaction information. Seventy percent reported vandalism. Not
surprisingly, 85 percent detected computer viruses.

Notably, only 34 percent of the respondents reported intrusions to law-
enforcement officials. Although that percent has risen from 16 percent
in 1996, most companies still don't reveal the true extent of security
threats to their investors, customers, business partners--or to law-
enforcement officials. The FBI urged organizations to share such
information. CSI Executive Assistant Director Bruce J. Gebhardt,
formerly with the FBI, said, "The United States' increasing dependency
on information technology to manage and operate our nation's critical
infrastructures provides a prime target to would be cyber-terrorists.
Now, more than ever, the government and private sector need to work
together to share information and be more cognitive of information
security so that our nation's critical infrastructures are protected
from cyber-terrorists."

You can read selected highlights and obtain CSI's new report through
the CSI Web site at the URL below. To request a copy of the full report
in PDF format, you complete a simple Web-based form.
   http://www.gocsi.com

The CSI Web site offers another helpful security resource: the CSI
Firewall Product Search Center. This firewall guide presents vendor-
maintained information about 31 popular firewalls. The guide lets you
compare firewall features and prices. For example, you can select any
number of firewalls from the list of products and display a side-by-
side feature comparison. The comparison includes details about features
such as local and remote administration interfaces, user authentication
subsystems, support costs, product updates, and whether a product is
proprietary or sits on top of an OS. If you're shopping for a firewall,
you'll find this guide invaluable. Be sure to take a look.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~
   Secure your servers with 128-bit SSL encryption!
   Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for
Business," and you'll learn everything you need to know about using
128-bit SSL to encrypt your e-commerce transactions, secure your
corporate intranets and authenticate your Web sites. 128-bit SSL is
serious security for your online business. Get it now!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFu0Ay
   
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====

* MULTIPLE VULNERABILITIES IN MICROSOFT IIS
   Microsoft released Security Bulletin MS02-018 (Cumulative Patch
for Internet Information Services), which details 10 new
vulnerabilities in IIS. The vulnerabilities can lead to a complete
system compromise. Microsoft urges users to patch their systems
immediately. For complete details about these 10 problems, be sure to
read the article at the URL below.
   http://www.secadministrator.com/articles/index.cfm?articleid=24817

* DoS IN WATCHGUARD'S SOHO FIREWALL
   A Denial of Service (DoS) condition exists in WatchGuard
Technology's small office/home office (SOHO) Firebox. Because the
product doesn't parse IP packets except when forwarding them, an
attacker can crash or reboot the server by sending packets with certain
malformed arguments.
   http://www.secadministrator.com/articles/index.cfm?articleid=24816

3. ==== ANNOUNCEMENTS ====

* LEARN FROM (OR TRY TO STUMP) TOP WINDOWS SECURITY FORUM PROS
   The Windows & .NET Magazine LIVE! event brings together industry
gurus who take security seriously. Topic coverage includes Microsoft
IIS security, deploying public key infrastructure (PKI), designing
Group Policies to enhance security, tips for securing Windows 2000
networks, security pitfalls (and solutions) for your mobile workforce,
and more. Register today before this event sells out!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0qQl0Ar

* IF YOU MISSED OUT ON TECHED 2002 US ...
   ... you still have a chance to dive deep into the latest Microsoft
products and future technologies at Microsoft TechEd 2002 Europe, July
1 through 5, 2002, in Barcelona. Sessions at TechEd Europe are similar
to those at TechEd US but will be updated to take advantage of the
latest technical information available. It is the largest event of its
kind in Europe. Register now!
   http://list.winnetmag.com/cgi-bin3/flo?y=eLZk0CJgSH0CBw0zFv0Az

4. ==== SECURITY ROUNDUP ====

* NEWS: CERT OFFERS OVERVIEW OF ATTACK TRENDS
   The Computer Emergency Response Team (CERT) has issued a new report
that outlines the current trends in computer-related attacks. The
report, "Overview of Attack Trends," reveals six trends that network
operators need to be aware of.
   http://www.secadministrator.com/articles/index.cfm?articleid=24809

* NEWS: MICROSOFT RELEASES BASELINE SECURITY ANALYZER
   Microsoft has released an important security tool that all users of
Windows XP, Windows 2000, and Windows NT 4.0 should download
immediately. Dubbed the Microsoft Baseline Security Analyzer (MBSA),
the tool looks for common security misconfigurations and presents a
security report card with pass/fail grades.
   http://www.secadministrator.com/articles/index.cfm?articleid=24773

* NEWS: A CRITICAL IE SECURITY ROLLUP, VM HOTFIX, AND POST-WIN2K SP2
FIXES
   Update your systems with a new Microsoft Internet Explorer (IE)
security rollup, determine whether you need the new Virtual Machine
(VM) hotfix, and see a list of recent hotfixes for your Windows 2000
systems.
   http://www.secadministrator.com/articles/index.cfm?articleid=24787

5. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: DOWNLOAD A CAB FILE THROUGH A PROXY SERVER
   ( contributed by Thomas Eck, http://www.windowswebsolutions.com )

A. At the time of writing, HFNetChk can't automatically download a
signed compressed cabinet format (CAB) file through a proxy server. To
work around this limitation, you can manually download a copy of the
current CAB file from the URL below.
   http://download.microsoft.com/download/xml/security/1.0/nt5/en-us/mssecure.cab

   Use WinZip or a similar tool to extract the XML file from the CAB
file. Put the XML file in the Data folder. Hive.exe contains a sample
XML file in the Data folder to get you started.
   Alternatively, I've written a Visual Basic (VB) service that
leverages the Microsoft Internet Transfer Control (ITC) to download the
CAB file automatically through a proxy server. You can obtain the
compiled service (hivesvc.zip) and full source code for the tool from
the Code Library on the Windows Web Solutions Web site, at the URL
below.
   http://www.windowswebsolutions.com

   To use the service, unzip the hivesvc.zip file to a setup folder on
the Hotfix Identification and Verification Engine (HIVE) central
server. Then, navigate to the setup folder and edit the hive.reg file
with appropriate values for your environment. Next, copy the ntsvc.ocx
file from the setup folder to \%systemroot%\system32. Open a command
prompt and type

   regsvr32 ntsvc.ocx
   
Then, to install the service, type

   hive_svc.exe –install

   A dialog box appears stating that the service has been installed.
Ensure that the proxy credentials are correct for your environment and
that the target folder (which you specified in the hive.reg file) for
the CAB file exists. Finally, start the HIVE service. The CAB file
might take several minutes to appear in the target folder.

6. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, productswinnetmag.com)

* PREVENT RECOVERY OF YOUR DELETED FILES
   AKS-Labs released QuickWiper 7.3, software that provides file
deletion with a single pass and includes an option that uses an
extremely secure erasure algorithm. QuickWiper's Secure Folder option
prevents recovery of any temporary or swap files. QuickWiper 7.3 runs
on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x.
systems and costs $29.95 per license. For information, contact AKS-
Labs.
   http://www.aks-labs.com/products/quickwiper.htm

* PROTECT AGAINST INTERNAL AND EXTERNAL ATTACKS
   SOFTWIN released BitDefender, antivirus software that protects the
files transferred within and between workgroups or teams using
Microsoft SharePoint Portal Server. BitDefender for Microsoft
SharePoint Portal Server leverages its unique features to support users
who want to share documents and search for information across the
organization and enterprise without the risk of losing or infecting
essential information. For pricing, contact SOFTWIN at
salesbitdefender.com or obtain a free 30-day trial version at the Web
site.
   http://www.bitdefender.com

7. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.net/forums

Featured Thread: Wrong Settings on File Permissions
   (One message in this thread)

Greg writes that he mistakenly updated permissions on his Windows 2000
Server on the root and all subfolders to the following:

   Everyone - Deny on all options
   Administrator - Full Control

The machine will no longer boot. He thinks it might be because the
services that rely on accounts other than the Administrator account now
have the wrong permissions. Can you help?
   http://www.secadministrator.com/forums/thread.cfm?thread_id=101599

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: Grant Permission to Reset Users' Passwords Without
Account Operator Privilege
   (One message in this thread)

Andy wants to grant one user the right to reset the users' passwords,
without adding that user to the Account Operators group. (Andy prefers
that the user have only the right to reset passwords and not other
privileges associated with the Account Operators group.). Can you help?

http://63.88.172.96/listserv/page_listserv.asp?a2=ind0204b&l=howto&p=81

8. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- markntsecurity.net

* ABOUT THE NEWSLETTER IN GENERAL -- vpattersonwinnetmag.com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums

* PRODUCT NEWS -- productswinnetmag.com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdatewinnetmag.com

* WANT TO SPONSOR SECURITY UPDATE? emedia_oppswinnetmag.com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise. Subscribe
today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.net/email

|-+-+-+-+-+-+-+-+-+-|

Thank you for reading Security UPDATE.

SUBSCRIBE
To subscribe, send a blank email to mailto:Security-UPDATE_Sublist.winnetmag.com.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]