Windows & .NET Magazine Security UPDATE, brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

Free Demo—Panda Antivirus Enterprise Suite
http://www.pandasecurity.com/download-paves-4020.htm

Exchange & Outlook Administrator Web Site
http://www.exchangeadmin.com/
(below IN FOCUS)


SPONSOR: FREE DEMO—PANDA ANTIVIRUS ENTERPRISE SUITE

Panda Antivirus Enterprise Suite is a fully integrated and seamless security solution that protects networks from all sides of attack - from firewalls, SMTP gateways, proxy servers to Exchange Servers and desktops. Panda not only detects and destroys more than 63,000 known viruses, but heuristically scans and eliminates unknown malicious code. Truly automatic updates every 24 hours. Central Administration. 24x7x365 free tech support. Disinfects virus-infected email at the packet level. Download a FREE demo now.
http://www.pandasecurity.com/download-paves-4020.htm


July 10, 2002—In this issue:

1. IN FOCUS

  • Five-Minute Security Advisor—and More

2. SECURITY RISKS

  • Multiple Vulnerabilities in WMP
  • Multiple Vulnerabilities in Commerce Server 2002 and Commerce Server 2000

3. ANNOUNCEMENTS

  • Get Valuable Info for Free with IT Consultant Newsletter
  • July Is Hot! Our Free Webinars Are Cool!

4. SECURITY ROUNDUP

  • News: EU Warns Microsoft About Palladium
  • Feature: External Firewall Attacks

5. INSTANT POLL

  • Results of Previous Poll: Is OSS Less Secure?
  • New Instant Poll: Credit Card Information Theft

6.SECURITY TOOLKIT

  • Virus Center
  • FAQ: Why Do I Receive the Error Message "You May Not Remove the Local Logon Right from the Administrators Local Group" When I Edit User Rights?

7. NEW AND IMPROVED

  • End-to-End Security Solution for Small and Large Enterprises
  • Bootability Added to USB 2.0 and FireWire

8. HOT THREADS

  • Windows & .NET Magazine Online Forums
  • Featured Thread: Mapping Drives Through ISA Server 2000

9. CONTACT US

  • See this section for a list of ways to contact us.

1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, mark@ntsecurity.net)

  • FIVE-MINUTE SECURITY ADVISOR—AND MORE

  • Have you seen Microsoft's "5-Minute Security Advisor" documents? According to the company's TechNet site (where you'll find the documents), "The 5-Minute Security Advisor series has been created to help quickly communicate important security topics, tasks, and issues. The advisor will point to the content necessary to go deeper into technical details or into step-by-step, how-to guides."
    http://www.microsoft.com/technet/columns/security/5min/default.asp

    The series currently includes 15 documents divided into four levels, with each level based on users' situations, expertise, and needs. You'll find security-related documents for small office/home office (SOHO) and home users, power users, IT professionals, and network and systems administrators. Available documents cover a range of subjects:

    • Simple Firewall Setup for Home Office Users
    • Protecting Your Computer Against Compromise
    • Configuring Your Computer for Multiple Users
    • Getting the Most from Windows Update (Automated Security Assessment and Updates)
    • Essential Security Tools for Home Office and Power Users
    • Using the Encrypting File System
    • Basic Physical Security
    • Using the Internet Connection Firewall
    • The Road Warrior's Guide to Laptop Protection
    • How Windows XP Protects Your Privacy
    • How Outlook Security Works
    • Configuring Outlook Web Access
    • Choosing A Good Password Policy
    • Recovering Encrypted Data Using EFS
    • Signing Office Objects

    As you can see, the list includes a variety of topics—and if you want to see a document about a particular topic that isn't covered, you're invited to submit that topic for the series.

    In addition to the 5-Minute Security Advisor documents, Microsoft maintains a long list of "Security How-Tos" that explain various tasks you're likely to perform on Windows-based systems. On the how-to Web page, you'll find dozens of documents that cover various aspects of security for XP, Windows 2000 Server, Win2K Professional, Microsoft IIS, and Microsoft Internet Security and Acceleration (ISA) Server 2000. For example, the IIS section includes information about how to prevent mail relaying through the SMTP connector and how to use IP Security (IPSec) to secure communications between hosts. The XP section includes instructions for sharing encrypted files and for preventing users from running or stopping scheduled services. The ISA Server 2000 section includes information about how to filter Web Proxy cache entries. Although most of the articles have been published and available in the TechNet database for some time, they seem to have been recently updated.
    http://www.microsoft.com/technet/itsolutions/howto/sechow.asp

    Finally, have you tried Microsoft Software Update Services (SUS)? The service (see the first URL below) is designed to audit a system and determine which patches that system might need. You can learn more about SUS at the first URL below, where Microsoft has posted additional information that includes a Flash-based demo of the service. The two versions of SUS serve individual users (see the second URL below) as well as corporate users. I've seen complaints about SUS posted on various mailing lists. For example, to determine whether a specific patch is missing, SUS checks only registry keys, whereas another Microsoft tool, HFNetChk, checks files to detect versioning or checksum issues that SUS would miss. If you use SUS or a third-party patch-auditing tool instead, please send me an email message about your experience.
    http://www.microsoft.com/technet/ittasks/support/corpwu.asp
    http://windowsupdate.microsoft.com

    I'm not surprised that Microsoft's emphasis on security and trustworthy computing has led to an increased emphasis on security resources. Let me know what you think about these resources, such as the 5-Minute Security Advisor documents, or about other resources you've discovered.


    SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE

    GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX?
    Visit our Exchange & Outlook Administrator Web site for news, articles, discussion forums, FAQs, and technical solutions in one, easy-to-navigate Web site. While you're there, check out the popular article "Is Your Exchange Server Relay-Secure?" at
    http://www.exchangeadmin.com/


    2. SECURITY RISKS

  • MULTIPLE VULNERABILITIES IN WMP

  • Jelmer and the Security Internals Research Team discovered multiple vulnerabilities in Microsoft Windows Media Player (WMP), one of which could result in an attacker executing arbitrary code on the vulnerable system. Microsoft Security Bulletin MS02-032 (26 June 2002 Cumulative Patch for Windows Media Player) addresses this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered WMP vulnerabilities.
    http://www.secadministrator.com/articles/index.cfm?articleid=25784

  • MULTIPLE VULNERABILITIES IN COMMERCE SERVER 2002 AND 2000

  • Mark Litchfield of Next Generation Security Software discovered multiple vulnerabilities in Microsoft Commerce Server 2002 and Commerce Server 2000, each of which can run an attacker's choice of code. Microsoft Security Bulletin MS02-033 (Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server) addresses this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered vulnerabilities in the affected product.
    http://www.secadministrator.com/articles/index.cfm?articleid=25785

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • GET VALUABLE INFO FOR FREE WITH IT CONSULTANT NEWSLETTER

  • Sign up today for IT ConsultantWire, a FREE email newsletter from Penton Media. This newsletter is specifically designed for IT consultants, bringing you news, product analysis, project management and business logic trends, industry events, and more. Find out more about this solution-packed resource and sign up for FREE at
    http://www.itconsultmag.com

  • JULY IS HOT! OUR FREE WEBINARS ARE COOL!

  • Check out our latest Web seminar offerings from Windows & .NET Magazine. "Storage, Availability, and You," sponsored by VERITAS, will help you bring your Windows storage under control. "Easing the Migration: 15 Tips for Your Windows 2000 Journey", sponsored by ePresence, will help you plan and implement a successful Win2K migration. Find out more and register today!
    http://www.winnetmag.com/seminars

    4. SECURITY ROUNDUP

  • NEWS: EU WARNS MICROSOFT ABOUT PALLADIUM

  • Incoming European Union (EU) Competition Directorate-General Philip Lowe warned Microsoft yesterday that its upcoming security plan, Trustworthy Computing (code-named Palladium), shouldn't exclude the company's competitors. Speaking at a conference sponsored by the American Antitrust Institute, Lowe said that the EU will ensure that "\[Microsoft\] competitors have the capacity to offer the range of services they want to provide, including security. We have always emphasized ... interoperability."
    http://www.secadministrator.com/articles/index.cfm?articleid=25774

  • FEATURE: EXTERNAL FIREWALL ATTACKS

  • Malicious intruders use literally hundreds of methods and tools when they attempt to compromise PCs. Some attacks are technically sophisticated and require the skills of a learned intruder. But more and more often, worms and Trojan horses automate external attacks that scour the Internet looking for vulnerable machines. Attackers use compromised machines as a staging area for more attacks against new machines. In this article, Roger Grimes outlines some of the more common attack types you're likely to experience.
    http://www.secadministrator.com/articles/index.cfm?articleid=25543

    5. INSTANT POLL

  • RESULTS OF PREVIOUS POLL: IS OSS LESS SECURE?

  • The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Do you think that open source software (OSS) is less secure than closed source software, such as Windows?" Here are the results (+/2 percent) from the 416 votes:
    • 20% Yes
    • 73% No
    • 7% Not sure

  • NEW INSTANT POLL: CREDIT CARD INFORMATION THEFT

  • The next Instant Poll question is, "Have you or has your company experienced credit card information theft through the Internet?" Go to the Security Administrator Channel home page and submit your vote for a) I have experienced Internet credit card information theft, b) My company has experienced Internet credit card information theft, c) Both have experienced Internet credit card information theft, or d) Neither has experienced Internet credit card information theft through the Internet.
    http://www.secadministrator.com

    6. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
    http://www.secadministrator.com/panda

  • FAQ: Why Do I Receive the Error Message "You May Not Remove the Local Logon Right from the Administrators Local Group" When I Edit User Rights?

  • (contributed by John Savill, http://www.windows2000faq.com)

    A. Before Microsoft developed the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in, administrators used the User Manager for Domains tool to manage user accounts. You might still need to administer a Windows NT 4.0 domain from Windows 2000 or NT 4.0 clients, which can lead to problems when you try to add or remove user accounts from the "Grant To" list in the User Rights Policy dialog box and result in the following error message:

    "You may not remove the local logon right from the Administrators local group. Doing so will disable all local administration of this computer."

    This error can result from the following conditions:

    A Win2K Professional installation is running the NT 4.0 Administration Tools. Win2K machines must run the Win2K Administration Tools (i.e., adminpak.msi) that come with Win2K Server.

    The "Grant To" list you're attempting to modify contains a deleted user or group. To resolve this problem, you must log on to the PDC of the NT 4.0 domain and use the local User Manager for Domains tool to remove the deleted account or group from the "Grant To" list.

    7. NEW AND IMPROVED
    (contributed by Judy Drennen, products@winnetmag.com)

  • END-TO-END SECURITY SOLUTION FOR SMALL AND LARGE ENTERPRISES

  • Funk Software announced Odyssey, the first end-to-end 802.1x security solution that lets users securely access wireless LANs (WLANS) but can be easily and widely deployed and managed across an enterprise network. Odyssey includes client and server software. The product runs on Windows XP, Windows 2000, Windows Me, and Windows 98. Odyssey costs $2500, which includes the Odyssey Server and 25 Odyssey Client licenses. Standalone client licenses are available for $50 each. Contact Funk Software at 800-828-4146.
    http://www.funk.com

  • BOOTABILITY ADDED TO USB 2.0 AND FIREWIRE

  • CMS Peripherals announced the addition of complete system bootability for its USB 2.0 and FireWire Notebook and Desktop Automatic Backup System Plus (ABSplus) for Windows users. With the additional disaster-recovery capability, ABSplus users have for their computers data security that lets them quickly replace failed hard disks with the ABSplus hard disk. ABSplus runs on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x. Prices start at $279. Contact CMS at 800-327-5773 or go to the Web site.
    http://www.cmsproducts.com

    8. HOT THREADS

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS

  • http://www.winnetmag.com/forums

    Featured Thread: Mapping Drives Through ISA Server

    (Ten messages in this thread)

    Dave writes that when he accesses a VPN through a dial-up connection to Microsoft Internet Security and Acceleration (ISA) Server 2000, he can map drives to internal network machines by IP address, but when he tries to map drives using Network Neighborhood (by double-clicking a listed machine), he receives an "Access denied" error message. To read the responses or offer help, use the URL below.
    http://www.secadministrator.com/forums/thread.cfm?thread_id=83830

    4. CONTACT US
    Here's how to reach us with your comments and questions:

    • ABOUT IN FOCUS — mark@ntsecurity.net
    • ABOUT THE NEWSLETTER IN GENERAL — vpatterson@winnetmag.com
      (please mention the newsletter name in the subject line)
    • TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
    • PRODUCT NEWS — products@winnetmag.com
    • QUESTIONS ABOUT YOUR Windows & .NET Magazine Security UPDATE SUBSCRIPTION?
      Customer Support — securityupdate@winnetmag.com

    This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
    http://www.secadministrator.com/sub.cfm?code=saei25xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email