Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] Security UPDATE, March 12, 2003
From: InfoSec News (isnc4i.org)
Date: Thu Mar 13 2003 - 02:50:30 CST
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows Server 2003, Windows 2000, and
Windows NT systems.
~~~~ THIS ISSUE SPONSORED BY ~~~~
More e-Security - Less Money
(below IN FOCUS)
~~~~ SPONSOR: MORE e-SECURITY - LESS MONEY ~~~~
Pay 2/3 less than the industry leader for Strong (two-factor)
Authentication for VPN and Web using the Authenex A-Key(tm) USB token.
Plus with the same A-Key USB Token, you can leverage an entire suite
of strong e-Security applications, including: Web Access Control,
Endpoint Encryption to protect either files or the entire hard drive,
Secure File Exchange, and Storage for Digital Certificates. Click now
for a FREE A-Key USB Token.
March 12, 2003--In this issue:
1. IN FOCUS
- Concise Security Knowledge Available Online
2. SECURITY RISKS
- Multiple Vulnerabilities in Minihttp's Forum Web Server
- Content Bypass Vulnerability in Clearswift's MAILsweeper
- Networld+Interop Las Vegas 2003--Conference: April 27-May 2,
Exhibition: April 29-May 1
- Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT
Challenges, March 31, 2003
4. SECURITY ROUNDUP
- News: Survey Says: Viruses and System Intrusion Among Top
- Feature: Nmap Your Network
5. HOT RELEASES (ADVERTISEMENTS)
- eToken USB-based 2-Factor Authentication
- Next-Generation Firewall Appliances Keep Pace
- Increase Security Today with RippleTech's PatchWorks!
6. SECURITY TOOLKIT
- Virus Center
- FAQ: When I Right-Click an NTFS Volume, Why Can't I See the
7. NEW AND IMPROVED
- Automate Your Patch Management
- Install Antivirus Defense at the Gateway
- Submit Top Product Ideas
8. HOT THREAD
- Windows & .NET Magazine Online Forums
- Featured Thread: User Continually Locked Out After Browsing
9. CONTACT US
See this section for a list of ways to contact us.
1. ==== IN FOCUS ====
(contributed by Mark Joseph Edwards, News Editor,
* CONCISE SECURITY KNOWLEDGE AVAILABLE ONLINE
If you're looking for help securing Windows Server 2003, Windows 2000
Server, Microsoft SQL Server, Microsoft Exchange Server, and other
related technologies, several online sources of information can assist
you. Some of the resources I discuss are chapters excerpted from
books, and others are entire books available online for free.
Last week, Erik Birkholz announced that a discussion among colleagues
at the recent Black Hat Windows Security 2003 conference convinced him
to release a chapter from the upcoming book "Special Ops: Host and
Network Security for Microsoft, UNIX, and Oracle," a book that he
developed with the help of several knowledgeable authors. Birkholz
released Chip Andrews' Chapter 12, "Attacking and Defending the
Microsoft SQL Server." The chapter offers 38 pages of highly useful
As the chapter title implies, the material covers a wealth of tactics
you can use to attack and defend SQL Server. The discussion delves
into information such as server instances, authentication, network
libraries, security principles for SQL Server, server discovery and
related tools, acquiring accounts for security contexts, escalating
privileges, exploiting unpatched vulnerabilities, configuring a secure
installation, monitoring, and maintenance. You can find the chapter in
PDF format at the Special Ops Internal Network Security Web site.
Also last week, Paul Robichaux released three chapters of his new
book, "Secure Messaging with Microsoft Exchange Server 2000." He calls
the book a "broad guide to securing Exchange-based systems, beginning
with risk and vulnerability assessment and continuing through applying
communications security, patch management, and service-specific
approaches to make Exchange systems more secure." He also said, "I had
a lot of help from the Exchange development and support team while
writing the book, and there's a great deal of material there that
isn't widely available elsewhere."
The three sample chapters are "Windows & Exchange Security
Architecture," "Threat & Risk Assessment," and "SMTP, Relaying, and
Spam Control." The security-architecture chapter covers built-in
accounts and groups, what happens during the logon process, how
Exchange modifies the Windows discretionary ACL (DACL) evaluation
process, Exchange-specific permissions, roles, mailboxes, public
folders, and more.
The threat-assessment chapter discussion includes identifying threats,
threat classification, possible courses of action, and risk
assessment. The SMTP chapter covers mail relaying--explaining why mail
relaying might be necessary, how it can lead to trouble, and how to
control it. The chapter also discusses how to deal with unwanted
email, including how to use Exchange's built-in email filters. The
chapters are available in PDF format at the E2K Security Web site.
Realtimepublishers.com is another excellent resource for online
security information. Sean Daily, president and CEO of the company,
has published many guidebooks related to enterprise computing--and
several of them pertain directly to security. You can read them in
their entirety online by simply registering for access. At the
company's Web site, you'll find security-related titles such as "The
Definitive Guide To Windows 2000 Security," "The Definitive Guide To
Windows 2000 Group Policy," "The Definitive Guide To Identity
Management," "The Tips and Tricks Guide To Securing .NET Server," and
"The Tips and Tricks Guide To Windows 2000 Group Policy."
Realtimepublishers.com has about 2 dozen eBooks online, and more are
in the works.
Overall, you can find a lot of information online about securing your
particular platform--from white papers and checklists to chapters and
entire books. Check out the publications I mention; they're among the
most timely resources available. And if you know about other new
publications I didn't mention, send me an email with the details.
~~~~ SPONSOR: CIPHERTRUST ~~~~
Top 10 Techniques To Control Spam
Stop spam! There are ways to secure and reclaim your mail server(s)
before spam and other email threats become security issues. Don't
leave your email systems vulnerable. This whitepaper provides the TOP
10 TECHNIQUES to Control Spam in the enterprise. Request your copy
2. ==== SECURITY RISKS ====
(contributed by Ken Pfeil, kenwinnetmag.com)
* MULTIPLE VULNERABILITIES IN MINIHTTP'S FORUM WEB SERVER
Dennis Rand discovered that three vulnerabilities exist in
Minihttp's Forum Web Server 1.60. The first lets a potential attacker
access files that reside outside the restricted area of the server.
existing Web pages (Cross Site Scripting). The third makes it possible
to steal other users' username and password. The vendor, Minihttp has
released Forum Web Server 1.61, which isn't vulnerable to this
* CONTENT BYPASS VULNERABILITY IN CLEARSWIFT'S MAILSWEEPER
Martin O'Neal discovered that a vulnerability exists in
Clearswift's MAILsweeper 4.x that could result in the bypass of the
attachment-blocking feature on the vulnerable server. If an attacker
uses a deliberately malformed MIME encapsulation technique, the
MAILsweeper product won't recognize the attachment and lets it pass.
The vendor has made an updated script utility available that can
detect the malformed MIME header used in this vulnerability. You
should implement this utility as a workaround until a fix or patch is
3. ==== ANNOUNCEMENTS ====
(brought to you by Windows & .NET Magazine and its partners)
* NETWORLD+INTEROP LAS VEGAS 2003--CONFERENCE: APRIL 27-MAY 2,
EXHIBITION: APRIL 29-MAY 1
Networld+Interop, the definitive networking event of the year,
brings together high-level buyers in networking, security, wireless,
VoIP, and network storage technologies with industry leading companies
and their products and services. Call 888.886.4057 or register now at:
* PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT
CHALLENGES, MARCH 31, 2003
Annual executive conference highlights the increased focus on IT
security in global pharmaceutical enterprises. Networking, case
studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and
other top-decision-makers leverage pharmaceutical IT solutions
successfully. Keynote presentations by executives from Aventis,
Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of
Health & Human Services.
4. ==== SECURITY ROUNDUP ====
* NEWS: SURVEY SAYS: VIRUSES AND SYSTEM INTRUSION AMONG TOP CONCERNS
VanDyke Software announced the results of a security-related survey
commissioned through Saurage Research. Saurage contacted 710 small and
midsized businesses in fourth quarter 2002 to learn about their
priorities in protecting their enterprises.
* FEATURE: NMAP YOUR NETWORK
Port scanning offers security professionals and systems
administrators a fast and effective way to identify which services or
applications their servers have open to the Internet or another
network. Jeff Fellinge's article on our Web site teaches you how to
use Nmap to scan your network.
5. ==== HOT RELEASES (ADVERTISEMENTS) ====
* eTOKEN USB-BASED 2-FACTOR AUTHENTICATION
eToken from Aladdin offers simple, reliable and affordable 2-factor
authentication for secure network logon, VPN access, web access,
e-mail, and PC security. No reader or server required to securely
store users' passwords, keys, and certificates.
* NEXT-GENERATION FIREWALL APPLIANCES KEEP PACE
Want faster network throughput without the security bottleneck?
This new WatchGuard(R) white paper includes criteria for evaluating
next-generation firewall appliances that keep pace with the fastest
networks and provide the security required by large, distributed
* INCREASE SECURITY TODAY WITH RIPPLETECH'S PATCHWORKS!
Struggling to find time for patch management? PatchWorks makes it
easy to remotely manage and deploy security updates, hotfixes and
service packs. For research, software inventory, policy enforcement
and more, try PatchWorks FREE today!
6. ==== SECURITY TOOLKIT ====
* VIRUS CENTER
Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
* FAQ: WHEN I RIGHT-CLICK AN NTFS VOLUME, WHY CAN'T I SEE THE QUOTA
( contributed by John Savill, http://www.windows2000faq.com )
A. If the Quota tab isn't visible, your user account or group doesn't
have the Traverse Folder/Execute File right on that NTFS volume. To
resolve this problem, perform the following steps:
1. Right-click the NTFS volume in Windows Explorer or My Computer,
then select Properties from the displayed context menu.
2. Select the Security tab.
3. Click the Advanced button.
4. Select the Permissions tab.
5. Select the entry that applies to your user account or group,
then click Edit.
6. Under the "Apply onto" section, make sure that the "This folder,
subfolders and files" check box is selected.
7. Select the Allow check box for Traverse Folder/Execute File
permissions, then click OK.
8. Click OK to close all dialog boxes.
7. ==== NEW AND IMPROVED ====
(contributed by Sue Cooper, productswinnetmag.com)
* AUTOMATE YOUR PATCH MANAGEMENT
Shavlik Technologies released HFNetChkPro 4.0, an automated patch
management solution that Shavlik originally developed for Microsoft.
HFNetChkPro scans your entire network for vulnerabilities and pushes
patches as soon as an update is issued, protecting systems in
realtime. HFNetChkPro patches offline machines automatically when they
come back online. The software's third-party threat-rating system lets
you customize patch criticality and receive threat analyses and
comments about patches from security industry leaders. The Automated
PatchPush Tracker lets you view the status of the patches being pushed
as well as information about who deployed the most recent patch and
when it was deployed. HFNetChkPro 4.0 is now integrated with Active
Directory (AD). Contact Shavlik Technologies at 651-426-6624,
800-690-6911, or infoshavlik.com.
* INSTALL ANTIVIRUS DEFENSE AT THE GATEWAY
Panda Software announced the Panda Antivirus Appliance, offering
perimeter protection against inbound and outbound viruses for your
mail servers, workstations, and server hardware. Features include load
balancing and scalability, secure remote administration, automatic
daily updates, content filtering, status reports on the virus scan and
content filter, and realtime system monitoring. Protected protocols
include SMTP, HTTP, POP3, FTP, Network News Transfer Protocol (NNTP),
IMAP4, and SOCKS. Contact Panda Software at 818-543-6901, 800-603-4922
* SUBMIT TOP PRODUCT IDEAS
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshotwinnetmag.com.
8. ==== HOT THREAD ====
* WINDOWS & .NET MAGAZINE ONLINE FORUMS
Featured Thread: User Continually Locked Out After Browsing Network
(Two messages in this thread)
A user writes that when one user on his network attempts to browse a
mapped network drive, the user receives the following message in
"The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you"
The user can't access the server after logging on and is somehow
locked out of his workstation. After the administrator unlocks the
user account and the user logs on again, the user is locked out again
when he tries to browse the network for server access. Do you know why
this occurs? Lend a hand or read the responses:
9. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT IN FOCUS -- markntsecurity.net
* ABOUT THE NEWSLETTER IN GENERAL -- letterswinnetmag.com (please
mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
* PRODUCT NEWS -- productswinnetmag.com
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdatewinnetmag.com
* WANT TO SPONSOR SECURITY UPDATE? emedia_oppswinnetmag.com
This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
Thank you for reading Security UPDATE.
MANAGE YOUR ACCOUNT
You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
Copyright 2003, Penton Media, Inc.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.