Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

Disaster Recovery — Is Your Backup Plan Complete?
http://www.ultrabac.com/default.asp?src=SecUpdateDec1204&tgt=./

VeriSign — The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n26110107130057000
(below COMMENTARY)


SPONSOR: DISASTER RECOVERY — IS YOUR BACKUP PLAN COMPLETE?

Disaster recovery for Microsoft Windows XP/2000/NT servers and workstations gets a big boost with UltraBac Disaster Recovery (UBDR)! Do you have a product in place that performs the following?

  • Image Backup to Local/Remote Tape or Disk
  • Boot Floppy Bare Metal Disaster Recovery
  • Backs up Partitions, Including All Files and ACLs
  • Live OS Backup with Built-in Locked File Agent
  • Restores OS Partitions with Zero User Interaction

If you answered no to any of the above, UltraBac v7.0.2 is available for download now. Best of all, UBDR can co-exist with ALL backup software. To learn more visit
http://www.ultrabac.com/default.asp?src=SecUpdateDec1204&tgt=./


December 4, 2002—In this issue:

1. IN FOCUS

  • Tired of Unwanted Email? Try This Simple Solution

2. SECURITY RISKS

  • Multiple Vulnerabilities in Sybase Adaptive Server 12.0 and 12.5

3. ANNOUNCEMENTS

  • Planning on Getting Certified? Make Sure to Pick Up Our New eBook!
  • Sample Our Security Administrator Newsletter!

4. SECURITY ROUNDUP

  • News: PKWARE Teams with RSA Security to Enhance ZIP Technology
  • Feature: Serious About Security

5. HOT RELEASE (ADVERTISEMENT)

  • Protect Your Infrastructure

6. SECURITY TOOLKIT

  • Virus Center
  • FAQ: Under What Conditions Is Fast User Switching Available in Windows XP?

7. NEW AND IMPROVED

  • Add Two-Factor Authentication to ISA Server 2000
  • Scan for Network Vulnerabilities
  • Submit Top Product Ideas

8. HOT THREADS

  • Windows & .NET Magazine Online Forums
  • Featured Thread: How Do I Prevent Service and User Listing?
  • HowTo Mailing List
  • Featured Thread: Kazaa Lite Capturing Keystrokes?

9. CONTACT US

  • See this section for a list of ways to contact us.

1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, mark@ntsecurity.net)

  • TIRED OF UNWANTED EMAIL? TRY THIS SIMPLE SOLUTION

  • Are you tired of junk mail yet? I am. At one point, I thought that if I received one more unsolicited email asking me to help a "poor widow in Nigeria" move $10 million into the United States or Canada I'd scream. What a scam!

    Recently, I found an easy and free way to filter email — a method that just about anyone can deploy on Windows and Novell systems. If you use the Mercury Mail Transport System, you can quickly establish custom filtering rules that can eliminate just about any kind of unwanted email.
    http://www.pmail.com/overviews/ovw_mercwin.htm

    Mercury is a full SMTP mail server with a lot of extras, such as an IMAP server, a Finger server, and a password-changing server. Two interesting Mercury components include its built-in POP3 client and its Content Control subsystem. The POP3 client lets the mail server pick up email from any POP3 accounts you specify, and the Content Control subsystem can filter email that the POP3 client receives or that comes through the SMTP server, if you use Mercury as a full-blown mail server. In effect, you can use Mercury as a junk-mail filtering system with just a few minor changes to the way you receive email.

    Configuring Mercury as an email-filtering system is simple: Install the Mercury server, configure the basic settings (e.g., host name, DNS servers, user mail accounts), configure the POP3 client to pick up your POP-based email, configure the content-filtering rules to eliminate unwanted email, and configure your regular POP3 mail client to pick up email from Mercury instead of your usual POP3 mail server.

    The Content Control filtering rules are flexible and easy to create, and Mercury ships with a predefined rule set that helps eliminate several common types of junk mail you're likely to receive. You can filter based on several email elements (e.g., header, subject). Writing custom rules involves deciding which aspects of an email message to base a filter on, specifying what content will trigger the rule, and giving the filter a weighted numeric value. The weighted value helps govern what happens to a message when it triggers a rule. For example, here's a rule that captures all email that contains the words "Make Money Fast":

    If body contains "make money fast" then weight 50

    If you configure the Content Control subsystem to delete all messages with a weight of 50 or above, no email containing the above keywords will ever reach your desktop email client.

    The rules are powerful. You can filter based on subject, sender, recipients, body content, and email headers. The rules use typical expressions such as "if," "and," "andnot," "or," and "ornot" and special markup codes for character pattern matching. In addition, the Content Control system lets you insert custom email headers into filtered messages you can then use to refilter the message headers in your desktop email client for special action upon receipt, such as sorting email messages into specific folders.

    Mercury supports multiple rule sets and separate blacklist and whitelist files. It also works with the Mail Abuse Prevention System (MAPS — see the URL below), which further helps prevent the spread and receipt of unsolicited email. In addition, Mercury includes other built-in filtering systems that let you automatically perform such actions as forwarding, replying to, copying, extracting, and appending email messages to files — all based on individual email characteristics.
    http://mail-abuse.org

    I find Mercury a powerful and inexpensive way to manage email traffic. It's a great full-blown standalone mail server and a terrific POP3 mail relay to help you filter out unwanted email simply. And because it uses a small amount of memory, it won't significantly burden resources. What amazes me most about Mercury is that its developer, David Harris, provides this package free for personal and commercial use. You can download a copy of Mercury at the URL below.
    http://www.pmail.com/downloads.htm


    SPONSOR: VERISIGN — THE VALUE OF TRUST

    FREE E-COMMERCE SECURITY GUIDE
    Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
    http://www.verisign.com/cgi-bin/go.cgi?a=n26110107130057000


    2. SECURITY RISKS
    (contributed by Ken Pfeil, ken@winnetmag.com)

  • MULTIPLE VULNERABILITIES IN SYBASE ADAPTIVE SERVER 12.0 AND 12.5

  • Application Security discovered three new buffer-overrun vulnerabilities in Sybase's Adaptive Server 12.5 and Adaptive Server 12.0. The vulnerabilities can grant an attacker complete control over the vulnerable system. The first vulnerability involves a buffer overflow in the Database Consistency Checker (DBCC) CHECKVERIFY function. The second vulnerability involves a buffer overflow in the DROP DATABASE function. The third vulnerability is a buffer-overflow condition in the xp_freedll stored procedure. For more information about these vulnerabilities, see the discoverer's Web site. Sybase has released patches that address these vulnerabilities and recommends that affected users download the appropriate patch from the company's Web site.
    http://www.secadministrator.com/articles/index.cfm?articleid=27459

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!

  • "The Insider's Guide to IT Certification" eBook is hot off the presses and contains everything you need to know to help you save time and money while preparing for certification exams from Microsoft, Cisco Systems, and CompTIA and have a successful career in IT. Get your copy of the Insider's Guide today!
    http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

  • SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!

  • Security breaches and viruses can happen to your enterprise. But there are steps you can take to prevent disaster, like subscribing to Security Administrator, the print newsletter from the experts at Windows & .NET Magazine. Every issue shows you how to protect your systems with informative, in-depth articles, timely tips, and practical advice. Don't just take our word for it — get a sample issue today!
    http://www.secadministrator.com/sub.cfm?code=ufei252kup

    4. SECURITY ROUNDUP

  • NEWS: PKWARE TEAMS WITH RSA SECURITY TO ENHANCE ZIP TECHNOLOGY

  • PKWARE and RSA Security announced that they've formed a new strategic technology, sales, and marketing partnership. Under the new partnership, PKWARE has licensed RSA BSAFE encryption software, and RSA Security has licensed PKWARE's PKZIP compression technology. PKWARE will use RSA BSAFE to enhance its product offerings across desktops, servers, and mainframe systems. RSA Security will use PKZIP in the products it offers through its direct sales and distribution channels. The companies pointed out that compression and encryption technologies complement each other in that compression reduces encryption overhead while encryption helps to protect data.
    http://www.secadministrator.com/articles/index.cfm?articleid=27438

  • FEATURE: SERIOUS ABOUT SECURITY

  • In this age of rampant viruses and increasingly sophisticated system attacks, securing your Microsoft SQL Server system means more than just protecting your data — it also means protecting your network. Attackers can use a compromised SQL Server system to access other systems in your network. This year, Microsoft finally got serious about security. In January, Microsoft launched its much-publicized 3-month security initiative, halting all new development, hunting for security holes, and training its developers to be security-conscious. But even with Microsoft's ramped-up security efforts, your systems are still only as secure as you make them. Microsoft and other companies might give you the lock, but you have to turn the key.
    http://www.secadministrator.com/articles/index.cfm?articleid=26942

    5. HOT RELEASE (ADVERTISEMENT)

  • PROTECT YOUR INFRASTRUCTURE

  • How do you make sure only the right people access your vital systems? IBM can help build trust into your e-business relationships. Get the IBM white paper, "Linking Security Needs to e-business Evolution" at http://www.ibm.com/e-business/playtowin/n364

    6. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
    http://www.secadministrator.com/panda

  • FAQ: UNDER WHAT CONDITIONS IS FAST USER SWITCHING AVAILABLE IN WINDOWS XP?

  • (contributed by John Savill, http://www.windows2000faq.com)
    A. Fast User Switching is an XP feature that lets more than one user simultaneously log on, although only one user account can be active at any time. For example, say user John is currently logged on and Kevin needs to print a document from his desktop. Without logging off John, Kevin can log on, print his document, then make John's user account active again without logging off to perform the switch. Several factors determine whether Fast User Switching is available:
    • You must not be using a third-party Microsoft Graphical Identification and Authentication (GINA — msgina.dll) file.
    • The computer must not be a member of a domain (this factor applies to XP Professional only).
    • You must enable the Fast User Switching feature (go to the Control Panel User Accounts applet and select "Change the way users log on or off"). If the computer has more than 64MB of RAM, XP enables Fast User Switching by default.
    • The computer has sufficient free resources to create an additional Winlogon service thread (when multiple users are logged on, all the accounts — even those not currently in use — use resources).
    • If your computer video card uses Shared Video Memory (i.e., the computer uses a portion of the system's RAM for video display memory), the shared memory will minimize the amount of free RAM and can cause XP to disable Fast User Switching.

    7. NEW AND IMPROVED
    (contributed by Sue Cooper, products@winnetmag.com)

  • ADD TWO-FACTOR AUTHENTICATION TO ISA SERVER 2000

  • Authenex introduced AOne, which integrates two-factor authentication with Microsoft Internet Security and Acceleration (ISA) Server 2000. End users' passwords and A-Key USB tokens let you control inbound and outbound HTTP or HTTP Secure (HTTPS) page or file requests according to permissions established for groups or individual users. AOne supports Windows 2000 Server with Service Pack 2 (SP2) or later and requires an available USB port. Clients are supported on Windows XP, Win2K, Windows 98, and Windows Me. For pricing or more information, contact Authenex at 510-568-6558, 877-288-4363, and sales@authenex.com.
    http://www.authenex.com

  • SCAN FOR NETWORK VULNERABILITIES

  • Latis Networks announced StillSecure Server VAM 1.1, which continuously and systematically scans for network vulnerabilities. You can customize scanning based on the type and importance of devices, and you can set frequency. After the application discovers weaknesses, you can track them through repair with the Workflow Management Engine. StillSecure Server VAM 1.1 is sold as an annual subscription based on the number of IP addresses. It's available as a software appliance with a hardened OS or as a preconfigured integrated hardware appliance. For pricing or more information, contact Latis Networks at 303-642-4500 and sales@stillsecure.com.
    http://latis.com

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshot@winnetmag.com.
    http://www.authenex.com

    8. HOT THREADS

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS

  • http://www.winnetmag.com/forums Featured Thread: How Do I Prevent Service and User Listing?
    (One message in this thread) A user knows that programs such as DUMPSEC can list all running services on remote Windows 2000 and Windows NT systems. He wants to know whether he can lock down systems to prevent such applications from enumerating services and local users. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50652

  • HOWTO MAILING LIST

  • http://63.88.172.96/listserv/page_listserv.asp?a0=howto Featured Thread: Kazaa Lite Capturing Keystrokes?
    (One message in this thread) A user writes that while he was testing the OKENA StormWatch Intrusion Detection System (IDS), an alert stated that kazaa.exe was capturing keystrokes. He loaded a new image on another computer and loaded the StormWatch application first, then downloaded Kazaa Lite. He replaced the .exe per the instructions and executed the program. The same thing happened. He has looked at all the files and doesn't see that the application is writing to anything. He wonders whether anyone can tell him about this behavior. Read the responses or lend a hand at the following URL:
    http://63.88.172.96/listserv/page_listserv.asp?A2=IND0211D&L=HOWTO&P=687

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
    http://www.secadministrator.com/sub.cfm?code=saei25xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.com/email