Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

VeriSign — The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n30770107130057000

Microsoft Mobility Tour
http://www.winnetmag.com/seminars/mobility
(below COMMENTARY)


SPONSOR: VERISIGN — THE VALUE OF TRUST

Secure all your Web servers now — with a proven 5-part strategy. The FREE Server Security Guide shows you how:

  • DEPLOY THE LATEST ENCRYPTION and authentication techniques
  • DELIVER TRANSPARENT PROTECTION with the strongest security without disrupting users. And more.
    Get your FREE Guide now.

November 27, 2002—In this issue:

1. IN FOCUS

  • Security Conferences in 2003

2. SECURITY RISKS

  • Buffer-Overrun Vulnerability in Microsoft Data Access Components
  • Multiple Vulnerabilities in Microsoft IE

3. ANNOUNCEMENTS

  • Happy 10th Anniversary SQL Server!
  • Give Us Your Feedback and Be Entered to Win an Xbox

4. SECURITY ROUNDUP

  • News: Butterfly Security Releases CodeSeeker as Open Source
  • News: RSA Security's Crypto-J Receives FIPS 140-1 Certification

5. INSTANT POLL

  • Results of Previous Poll: Using SAML
  • New Instant Poll: Using Open-Source Products

6. SECURITY TOOLKIT

  • Virus Center
  • FAQ: How Can I Check a System's Availability?

7. NEW AND IMPROVED

  • Reduce Network Threats
  • Secure Your IT Perimeter
  • Submit Top Product Ideas

8. HOT THREADS

  • Windows & .NET Magazine Online Forums
  • Featured Thread: ISA Server 2000 Routing Problem
  • HowTo Mailing List
  • Featured Thread: User Account Creation Is Slow

9. CONTACT US

  • See this section for a list of ways to contact us.

1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, mark@ntsecurity.net)

  • SECURITY CONFERENCES IN 2003

  • Are you planning to attend any security conferences in 2003? Many are already scheduled, and now is the time to put them on your calendar. This week, I present six conferences that you might want to consider attending. They're listed below in chronological order.
    • BlackHat Windows Security 2003 Briefings and Training, February 24 through 27 at the Sheraton Seattle Hotel & Towers in Seattle.
      The briefings will cover six tracks over 2 days. Subjects include policies, deep knowledge, networking and integration, and application development, as well as Microsoft .NET, Microsoft IIS, Microsoft SQL Server, and Microsoft Internet Security and Acceleration (ISA) Server 2000. Training sessions include exposing Cisco Systems network vulnerabilities, analyzing software for security vulnerabilities, uncovering Web application vulnerabilities, using forensics tools and processes for Windows XP platforms, and securely deploying Microsoft technologies, as well as a National Security Agency (NSA) information security assessment methodology course.
      http://www.blackhat.com/html/win-usa-03/win-usa-03-index.html
      http://www.blackhat.com/html/win-usa-03/train-bh-win-03-index.html


    • SANS 2003, March 5 through 12 at the Sheraton San Diego Hotel and Marina in San Diego
      The SysAdmin, Audit, Network, Security (SANS) Institute's Stephen Northcutt describes the conference as "our largest conference and vendor exhibition of the year." According to Northcutt, "The defensive information community enters 2003 with a wealth of great initiatives: the Gold Standards, the Cyber Defense Initiatives, more hands-on pragmatic advanced technical training and the wide array of new tools." At SANS 2003, many special activities will emphasize ways to fight back against cyber crime and how to use these initiatives to help you secure your organization.
      http://www.sans.org/SANS2003


    • RSA Conference 2003, April 13 through 17 at Moscone Center in San Francisco.
      The RSA conference has four main components: General Sessions, Expo, Tutorials, and Class Tracks. "The General Sessions bring everyone together for special keynote addresses, expert panels and discussions of general interest. This year's Expo will feature more than 138,000 square feet of exhibit space with more than 200 vendors demonstrating the very latest e-security products. Optional Sunday tutorials and immersion training sessions will provide the basics of e-security technology, enterprise security and security development techniques." The conference's 13 Class Tracks will feature many workshops, seminars, and talks. The 2003 conference offers a catalog of more than 200 classes.
      http://www.rsaconference.net/rsa2003
      http://www.rsasecurity.com/conference


    • 2003 Techno-Security Conference, April 27 through 30 at the Wyndham Myrtle Beach Resort in Myrtle Beach, South Carolina.
      The conference features a "blend of physical and cyber security forums ... the latest in computer forensics and related legal issues affecting federal, state and local law enforcement, as well as the Fortune 500 \[companies\]."

      Guidance Software hosts the conference. According to Robert Shields, senior director of marketing at Guidance Software, "Combining both physical and cyber security issues - Techno-Security addresses a common linkage surrounding the use of computer forensics software. With numerous sessions covering issues such as homeland defense, intrusion detection, and evidence management," the conference will serve many computer security experts and investigators.
      http://www.thetrainingco.com/html/Techno2003.html
      http://www.thetrainingco.com/html/Conferences.html


    • 15th Annual Computer Security Incident Handling Conference, June 22 through 27 at the Westin Hotel in Ottawa.
      First.Org sponsors the FIRST Conference, which "focuses on the field of computer security incident handling and response. The presentations are international in scope and include the latest in incident response and prevention, vulnerability analysis, and computer security."
      http://www.first.org/conference/2003


    • NetSec 2003, June 23 through 25 at the Hyatt Regency New Orleans in New Orleans.
      Computer Security Institute's (CSI's) NetSec network security conference is "devoted exclusively to network security." NetSec 2003 will offer more than 85 sessions about subjects such as Internet/intranet, secure ecommerce, VPNs, computer crime, Denial of Service (DoS) attacks, forensic investigation, response teams, cryptography/public key infrastructure (PKI), intrusion detection, Windows NT, privacy, policies, awareness, and remote access. The exhibition will feature more than 70 network security product exhibitors.
      http://www.gocsi.com

    Many security conferences will be held throughout the year. To find others that you might be interested in, go to your favorite search engine and search for "Security +conference +2003." Here are a few links to get you started.
    http://search.dogpile.com/texis/search?q=security%20%2bconference%20%2b2003
    http://search.yahoo.com/bin/search?p=security+%2bconference+%2b2003
    http://www.altavista.com/web/results?q=security+%2bconference+%2b2003
    http://www.google.com/search?q=security+%2bconference+%2b2003


    SPONSOR: MICROSOFT MOBILITY TOUR

    THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
    Brought to you by Windows & .NET Magazine, this outstanding seven-city event will help support your growing mobile workforce! Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. There is no charge for these live events, but space is limited so register today!
    http://www.winnetmag.com/seminars/mobility


    2. SECURITY RISKS
    (contributed by Ken Pfeil, ken@winnetmag.com)

  • BUFFER-OVERRUN VULNERABILITY IN MICROSOFT DATA ACCESS COMPONENTS

  • Foundstone discovered that a Microsoft Data Access Components (MDAC) vulnerability might let a potential attacker execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap. Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution) to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.
    http://www.secadministrator.com/articles/index.cfm?articleid=27357

  • MULTIPLE VULNERABILITIES IN MICROSOFT IE

  • eEye Digital Security discovered that Microsoft Internet Explorer (IE) contains six newly discovered vulnerabilities, the most serious of which might let a potential attacker execute commands on the vulnerable system. Microsoft has released Security Bulletin MS02-066 (Cumulative Patch for Internet Explorer) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch that the bulletin mentions. This cumulative patch also addresses all previously discovered IE vulnerabilities.
    http://www.secadministrator.com/articles/index.cfm?articleid=27364

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • HAPPY 10TH ANNIVERSARY SQL SERVER!

  • Microsoft and SQL Server Magazine want to thank you for your support over the past 10 years. To show our appreciation, we're running a 20-week contest that will test your SQL Server knowledge. Answer our quiz, and you'll be entered in a biweekly drawing for cool prizes such as Microsoft Press books and MCDBA exam vouchers, plus a grand prize: a Microsoft Xbox! Enter today at
    http://www.sqlmag.com/quiz

  • GIVE US YOUR FEEDBACK AND BE ENTERED TO WIN AN XBOX

  • Tell us how well your enterprise is prepared for when disaster strikes. Complete our brief survey about backup and recovery, and you could win an Xbox. Click here!
    http://www.zoomerang.com/recipient/survey.zgi?ID=LXS1NQNTJ8K8&PIN=94295V32V0MQ

    4. SECURITY ROUNDUP

  • NEWS: BUTTERFLY SECURITY RELEASES CODESEEKER AS OPEN SOURCE

  • Butterfly Security released CodeSeeker as open source through the Open Web Application Security Project (OWASP). CodeSeeker is a Web application firewall and Intrusion Detection System (IDS) tool that runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
    http://www.secadministrator.com/articles/index.cfm?articleid=27358

  • NEWS: RSA SECURITY'S CRYPTO-J RECEIVES FIPS 140-1 CERTIFICATION

  • RSA Security announced that its Crypto-J software has attained Federal Information Processing Standards (FIPS) 140-1 certification. Crypto-J is part of RSA Security's BSAFE product line. BSAFE also includes implementations of Secure Sockets Layer (SSL), Secure MIME (S/MIME), Wireless Transport Layer Security (WTLS), IP Security (IPSec) and Public Key Cryptography Standards (PKCS).
    http://www.secadministrator.com/articles/index.cfm?articleid=27359

    5. INSTANT POLL

  • RESULTS OF PREVIOUS POLL: USING SAML

  • The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Do you use Security Assertion Markup Language (SAML) for security in your Web applications?" Here are the results (+/- 2 percent) from the 101 votes:
    • 4% Yes
    • 77% No
    • 8% Not yet, but we will
    • 1% No—We use Extensible Rights Markup Language (XrML)
    • 10% No—We use other security technology

  • NEW INSTANT POLL: USING OPEN-SOURCE PRODUCTS

  • The next Instant Poll question is, "Do you use open-source products on your network?" Go to the Security Administrator Channel home page and submit your vote for a) Yes, b) No, c) Not sure, or d) We plan to.
    http://www.secadministrator.com

    6. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
    http://www.secadministrator.com/panda

  • FAQ: HOW CAN I CHECK A SYSTEM'S AVAILABILITY?

  • (contributed by John Savill, http://www.windows2000faq.com)

    A. Microsoft's Uptime tool (available at the second URL below) displays basic system-uptime information. This tool can also list all startup and shutdown events, and you can use the /s switch to show the total percent time that your machine has been available. For an example of Uptime commands and associated output, visit this FAQ on our Web site.
    http://www.windows2000faq.com/articles/index.cfm?articleid=27249
    http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp

    7. NEW AND IMPROVED
    (contributed by Sue Cooper, products@winnetmag.com)

  • REDUCE NETWORK THREATS

  • eEye Digital Security announced Enterprise Vulnerability Assessment and Remediation Management Solution for large and distributed networks to proactively control and manage network security. The software consists of four fully integrated applications: Retina Network Security Scanner, Retina Remote Manager, REM Events Server, and REM Events Manager. It gathers security vulnerability events from Retina scanners, as well as other third-party vendor solutions, and reports to a centralized management system. The events can then be analyzed and delegated to your IT staff for remediation. For pricing or more information, contact eEye Digital Security at 949-349-9062, 866-339-3732, and sales@eeye.com.
    http://www.eeye.com

  • SECURE YOUR IT PERIMETER

  • eSoft announced the InstaGate xSP Business, a scalable VPN/firewall appliance for midsize enterprises wanting to integrate a simplified Internet security solution. Features include an IP Security (IPSec)/PPTP VPN, a firewall policy manager, Web proxy capabilities, mail relaying, and a demilitarized zone (DMZ)/failover network interface. Also included is a comprehensive catalog of SoftPak applications that includes antivirus, URL filtering, and centralized VPN management tools. InstaGate xSP Business, which costs $1999, supports up to 100 users and 100 VPN tunnels, as well as all OS environments. Contact eSoft at 303-444-1600, 888-903-7638, and sales @esoft.com.
    http://www.esoft.com

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshot@winnetmag.com.

    8. HOT THREADS

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS

  • http://www.winnetmag.com/forums

    Featured Thread: ISA Server 2000 Routing Problem

    (Two messages in this thread)

    A user writes that he has a problem with Microsoft Internet Security and Acceleration (ISA) Server 2000 routing. He installed ISA Server on a computer with two NICs. One NIC is connected to an external router, and the other NIC is connected to an internal network. His router uses Network Address Translation (NAT). He created all the required policies for the internal network to access the Internet through the external router. However, users can't access systems outside the internal network. He wonders why. Lend a hand or read the responses.
    http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50285

  • HOWTO MAILING LIST

  • http://63.88.172.96/listserv/page_listserv.asp?a0=howto

    Featured Thread: User Account Is Slow

    (One message in this thread)

    A user writes that he uses Windows 2000 as a standalone system. Any time he creates user accounts or makes changes to those account, it seems to take 1 minute or more for the system to process those changes. He wonders why this happens. Read the responses or lend a hand at the following URL:
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0211c&l=howto&p=2670

    9. CONTACT US
    Here's how to reach us with your comments and questions: