Subject: Security UPDATE, March 12, 2003

********************

Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows Server 2003, Windows 2000, and Windows NT systems. http://www.secadministrator.com

********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

More e-Security - Less Money http://www.authenex.com/campaign/campaign.asp?scid=21

CipherTrust http://www.ciphertrust.com/article/windows_0312.htm (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: MORE e-SECURITY - LESS MONEY ~~~~ Pay 2/3 less than the industry leader for Strong (two-factor) Authentication for VPN and Web using the Authenex A-Key(tm) USB token. Plus with the same A-Key USB Token, you can leverage an entire suite of strong e-Security applications, including: Web Access Control, Endpoint Encryption to protect either files or the entire hard drive, Secure File Exchange, and Storage for Digital Certificates. Click now for a FREE A-Key USB Token. http://www.authenex.com/campaign/campaign.asp?scid=21 ~~~~~~~~~~~~~~~~~~~~

March 12, 2003--In this issue:

1. IN FOCUS - Concise Security Knowledge Available Online

2. SECURITY RISKS - Multiple Vulnerabilities in Minihttp's Forum Web Server - Content Bypass Vulnerability in Clearswift's MAILsweeper

3. ANNOUNCEMENTS - Networld+Interop Las Vegas 2003--Conference: April 27-May 2, Exhibition: April 29-May 1 - Pharma-IT Summit: Real-World Solutions for Today's Pharma-IT Challenges, March 31, 2003

4. SECURITY ROUNDUP - News: Survey Says: Viruses and System Intrusion Among Top Concerns - Feature: Nmap Your Network

5. HOT RELEASES (ADVERTISEMENTS) - eToken USB-based 2-Factor Authentication - Next-Generation Firewall Appliances Keep Pace - Increase Security Today with RippleTech's PatchWorks!

6. SECURITY TOOLKIT - Virus Center - FAQ: When I Right-Click an NTFS Volume, Why Can't I See the Quota Tab?

7. NEW AND IMPROVED - Automate Your Patch Management - Install Antivirus Defense at the Gateway - Submit Top Product Ideas

8. HOT THREAD - Windows & .NET Magazine Online Forums - Featured Thread: User Continually Locked Out After Browsing Network

9. CONTACT US See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1.

IN FOCUS

(contributed by Mark Joseph Edwards, News Editor, mark@ntsecurity.net)

* CONCISE SECURITY KNOWLEDGE AVAILABLE ONLINE

If you're looking for help securing Windows Server 2003, Windows 2000 Server, Microsoft SQL Server, Microsoft Exchange Server, and other related technologies, several online sources of information can assist you. Some of the resources I discuss are chapters excerpted from books, and others are entire books available online for free.

Last week, Erik Birkholz announced that a discussion among colleagues at the recent Black Hat Windows Security 2003 conference convinced him to release a chapter from the upcoming book "Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle," a book that he developed with the help of several knowledgeable authors. Birkholz released Chip Andrews' Chapter 12, "Attacking and Defending the Microsoft SQL Server." The chapter offers 38 pages of highly useful information.

As the chapter title implies, the material covers a wealth of tactics you can use to attack and defend SQL Server. The discussion delves into information such as server instances, authentication, network libraries, security principles for SQL Server, server discovery and related tools, acquiring accounts for security contexts, escalating privileges, exploiting unpatched vulnerabilities, configuring a secure installation, monitoring, and maintenance. You can find the chapter in PDF format at the Special Ops Internal Network Security Web site. http://www.specialopssecurity.com

Also last week, Paul Robichaux released three chapters of his new book, "Secure Messaging with Microsoft Exchange Server 2000." He calls the book a "broad guide to securing Exchange-based systems, beginning with risk and vulnerability assessment and continuing through applying communications security, patch management, and service-specific approaches to make Exchange systems more secure." He also said, "I had a lot of help from the Exchange development and support team while writing the book, and there's a great deal of material there that isn't widely available elsewhere."

The three sample chapters are "Windows & Exchange Security Architecture," "Threat & Risk Assessment," and "SMTP, Relaying, and Spam Control." The security-architecture chapter covers built-in accounts and groups, what happens during the logon process, how Exchange modifies the Windows discretionary ACL (DACL) evaluation process, Exchange-specific permissions, roles, mailboxes, public folders, and more.

The threat-assessment chapter discussion includes identifying threats, threat classification, possible courses of action, and risk assessment. The SMTP chapter covers mail relaying--explaining why mail relaying might be necessary, how it can lead to trouble, and how to control it. The chapter also discusses how to deal with unwanted email, including how to use Exchange's built-in email filters. The chapters are available in PDF format at the E2K Security Web site. http://www.e2ksecurity.com

Realtimepublishers.com is another excellent resource for online security information. Sean Daily, president and CEO of the company, has published many guidebooks related to enterprise computing--and several of them pertain directly to security. You can read them in their entirety online by simply registering for access. At the company's Web site, you'll find security-related titles such as "The Definitive Guide To Windows 2000 Security," "The Definitive Guide To Windows 2000 Group Policy," "The Definitive Guide To Identity Management," "The Tips and Tricks Guide To Securing .NET Server," and "The Tips and Tricks Guide To Windows 2000 Group Policy." Realtimepublishers.com has about 2 dozen eBooks online, and more are in the works. http://www.realtimepublishers.com

Overall, you can find a lot of information online about securing your particular platform--from white papers and checklists to chapters and entire books. Check out the publications I mention; they're among the most timely resources available. And if you know about other new publications I didn't mention, send me an email with the details.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: CIPHERTRUST ~~~~ Top 10 Techniques To Control Spam Stop spam! There are ways to secure and reclaim your mail server(s) before spam and other email threats become security issues. Don't leave your email systems vulnerable. This whitepaper provides the TOP 10 TECHNIQUES to Control Spam in the enterprise. Request your copy today! http://www.ciphertrust.com/article/windows_0312.htm ~~~~~~~~~~~~~~~~~~~~

2.

SECURITY RISKS

(contributed by Ken Pfeil, ken@winnetmag.com)

* MULTIPLE VULNERABILITIES IN MINIHTTP'S FORUM WEB SERVER Dennis Rand discovered that three vulnerabilities exist in Minihttp's Forum Web Server 1.60. The first lets a potential attacker access files that reside outside the restricted area of the server. The second permits insertion of malicious HTML and JavaScript into existing Web pages (Cross Site Scripting). The third makes it possible to steal other users' username and password. The vendor, Minihttp has released Forum Web Server 1.61, which isn't vulnerable to this condition. http://www.secadministrator.com/articles/index.cfm?articleid=38333

* CONTENT BYPASS VULNERABILITY IN CLEARSWIFT'S MAILSWEEPER Martin O'Neal discovered that a vulnerability exists in Clearswift's MAILsweeper 4.x that could result in the bypass of the attachment-blocking feature on the vulnerable server. If an attacker uses a deliberately malformed MIME encapsulation technique, the MAILsweeper product won't recognize the attachment and lets it pass. The vendor has made an updated script utility available that can detect the malformed MIME header used in this vulnerability. You should implement this utility as a workaround until a fix or patch is available. http://www.secadministrator.com/articles/index.cfm?articleid=38334

3.

ANNOUNCEMENTS

(brought to you by Windows & .NET Magazine and its partners)

* NETWORLD+INTEROP LAS VEGAS 2003--CONFERENCE: APRIL 27-MAY 2, EXHIBITION: APRIL 29-MAY 1 Networld+Interop, the definitive networking event of the year, brings together high-level buyers in networking, security, wireless, VoIP, and network storage technologies with industry leading companies and their products and services. Call 888.886.4057 or register now at: http://www.interop.com/lasvegas2003

* PHARMA-IT SUMMIT: REAL-WORLD SOLUTIONS FOR TODAY'S PHARMA-IT CHALLENGES, MARCH 31, 2003 Annual executive conference highlights the increased focus on IT security in global pharmaceutical enterprises. Networking, case studies, intensive workshops forums help CIOs, CTOs, CFOs, VPs and other top-decision-makers leverage pharmaceutical IT solutions successfully. Keynote presentations by executives from Aventis, Novartis, Astrazeneca, Hoffman-Laroche and Pfizer, plus US Dept. of Health & Human Services. http://www.pharmaitsummit.com

4.

SECURITY ROUNDUP

* NEWS: SURVEY SAYS: VIRUSES AND SYSTEM INTRUSION AMONG TOP CONCERNS VanDyke Software announced the results of a security-related survey commissioned through Saurage Research. Saurage contacted 710 small and midsized businesses in fourth quarter 2002 to learn about their priorities in protecting their enterprises. http://www.secadministrator.com/articles/index.cfm?articleid=38256

* FEATURE: NMAP YOUR NETWORK Port scanning offers security professionals and systems administrators a fast and effective way to identify which services or applications their servers have open to the Internet or another network. Jeff Fellinge's article on our Web site teaches you how to use Nmap to scan your network. http://www.secadministrator.com/articles/index.cfm?articleid=23655

5.

HOT RELEASES (ADVERTISEMENTS)

* eTOKEN USB-BASED 2-FACTOR AUTHENTICATION eToken from Aladdin offers simple, reliable and affordable 2-factor authentication for secure network logon, VPN access, web access, e-mail, and PC security. No reader or server required to securely store users' passwords, keys, and certificates. http://www.eAladdin.com/eToken

* NEXT-GENERATION FIREWALL APPLIANCES KEEP PACE Want faster network throughput without the security bottleneck? This new WatchGuard(R) white paper includes criteria for evaluating next-generation firewall appliances that keep pace with the fastest networks and provide the security required by large, distributed enterprises. http://click.atdmt.com/CWS/go/wndwnwq100100021cws/direct/01/

* INCREASE SECURITY TODAY WITH RIPPLETECH'S PATCHWORKS! Struggling to find time for patch management? PatchWorks makes it easy to remotely manage and deploy security updates, hotfixes and service packs. For research, software inventory, policy enforcement and more, try PatchWorks FREE today! http://www.rippletech.com/wm

6.

SECURITY TOOLKIT

* VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda

* FAQ: WHEN I RIGHT-CLICK AN NTFS VOLUME, WHY CAN'T I SEE THE QUOTA TAB? ( contributed by John Savill, http://www.windows2000faq.com )

A. If the Quota tab isn't visible, your user account or group doesn't have the Traverse Folder/Execute File right on that NTFS volume. To resolve this problem, perform the following steps: 1. Right-click the NTFS volume in Windows Explorer or My Computer, then select Properties from the displayed context menu. 2. Select the Security tab. 3. Click the Advanced button. 4. Select the Permissions tab. 5. Select the entry that applies to your user account or group, then click Edit. 6. Under the "Apply onto" section, make sure that the "This folder, subfolders and files" check box is selected. 7. Select the Allow check box for Traverse Folder/Execute File permissions, then click OK. 8. Click OK to close all dialog boxes.

7.

NEW AND IMPROVED

(contributed by Sue Cooper, products@winnetmag.com)

* AUTOMATE YOUR PATCH MANAGEMENT Shavlik Technologies released HFNetChkPro 4.0, an automated patch management solution that Shavlik originally developed for Microsoft. HFNetChkPro scans your entire network for vulnerabilities and pushes patches as soon as an update is issued, protecting systems in realtime. HFNetChkPro patches offline machines automatically when they come back online. The software's third-party threat-rating system lets you customize patch criticality and receive threat analyses and comments about patches from security industry leaders. The Automated PatchPush Tracker lets you view the status of the patches being pushed as well as information about who deployed the most recent patch and when it was deployed. HFNetChkPro 4.0 is now integrated with Active Directory (AD). Contact Shavlik Technologies at 651-426-6624, 800-690-6911, or info@shavlik.com. http://www.shavlik.com

* INSTALL ANTIVIRUS DEFENSE AT THE GATEWAY Panda Software announced the Panda Antivirus Appliance, offering perimeter protection against inbound and outbound viruses for your mail servers, workstations, and server hardware. Features include load balancing and scalability, secure remote administration, automatic daily updates, content filtering, status reports on the virus scan and content filter, and realtime system monitoring. Protected protocols include SMTP, HTTP, POP3, FTP, Network News Transfer Protocol (NNTP), IMAP4, and SOCKS. Contact Panda Software at 818-543-6901, 800-603-4922 or info.usa@pandasoftware.com. http://www.pandasoftware.us

* SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshot@winnetmag.com.

8.

HOT THREAD

* WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.com/forums

Featured Thread: User Continually Locked Out After Browsing Network (Two messages in this thread)

A user writes that when one user on his network attempts to browse a mapped network drive, the user receives the following message in Microsoft Word:

"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you"

The user can't access the server after logging on and is somehow locked out of his workstation. After the administrator unlocks the user account and the user logs on again, the user is locked out again when he tries to browse the network for server access. Do you know why this occurs? Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=55214

9.

CONTACT US

Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark@ntsecurity.net

* ABOUT THE NEWSLETTER IN GENERAL -- letters@winnetmag.com (please mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products@winnetmag.com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdate@winnetmag.com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps@winnetmag.com

******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc.