[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Security UPDATE, December 4, 2002



********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Disaster Recovery -- Is Your Backup Plan Complete?
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06iZ0Ah

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw05Kz0Ai
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: DISASTER RECOVERY -- IS YOUR BACKUP PLAN COMPLETE? ~~~~
   Disaster recovery for Microsoft Windows XP/2000/NT servers and
workstations gets a big boost with UltraBac Disaster Recovery (UBDR)! 
Do you have a product in place that performs the following?
   +  Image Backup to Local/Remote Tape or Disk
   +  Boot Floppy Bare Metal Disaster Recovery
   +  Backs up Partitions, Including All Files and ACLs
   +  Live OS Backup with Built-in Locked File Agent
   +  Restores OS Partitions with Zero User Interaction
   If you answered no to any of the above, UltraBac v7.0.2 is
available for download now. Best of all, UBDR can co-exist with ALL
backup software. To learn more visit
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06iZ0Ah
~~~~~~~~~~~~~~~~~~~~

December 4, 2002--In this issue:

1. IN FOCUS
     - Tired of Unwanted Email? Try This Simple Solution

2. SECURITY RISKS
     - Multiple Vulnerabilities in Sybase Adaptive Server 12.0 and
       12.5

3. ANNOUNCEMENTS
     - Planning on Getting Certified? Make Sure to Pick Up Our New
       eBook!
     - Sample Our Security Administrator Newsletter!

4. SECURITY ROUNDUP
     - News: PKWARE Teams with RSA Security to Enhance ZIP Technology
     - Feature: Serious About Security

5. HOT RELEASE (ADVERTISEMENT)
     - Protect Your Infrastructure

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: Under What Conditions Is Fast User Switching Available in
       Windows XP?

7. NEW AND IMPROVED
     - Add Two-Factor Authentication to ISA Server 2000
     - Scan for Network Vulnerabilities
     - Submit Top Product Ideas
 
8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: How Do I Prevent Service and User Listing?
     - HowTo Mailing List
         - Featured Thread: Kazaa Lite Capturing Keystrokes?
 
9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark@xxxxxxxxxxxxxx)

* TIRED OF UNWANTED EMAIL? TRY THIS SIMPLE SOLUTION

Are you tired of junk mail yet? I am. At one point, I thought that if
I received one more unsolicited email asking me to help a "poor widow
in Nigeria" move $10 million into the United States or Canada I'd
scream. What a scam!

Recently, I found an easy and free way to filter email--a method that
just about anyone can deploy on Windows and Novell systems. If you use
the Mercury Mail Transport System, you can quickly establish custom
filtering rules that can eliminate just about any kind of unwanted
email.
   http://www.pmail.com/overviews/ovw_mercwin.htm

Mercury is a full SMTP mail server with a lot of extras, such as an
IMAP server, a Finger server, and a password-changing server. Two
interesting Mercury components include its built-in POP3 client and
its Content Control subsystem. The POP3 client lets the mail server
pick up email from any POP3 accounts you specify, and the Content
Control subsystem can filter email that the POP3 client receives or
that comes through the SMTP server, if you use Mercury as a full-blown
mail server. In effect, you can use Mercury as a junk-mail filtering
system with just a few minor changes to the way you receive email.

Configuring Mercury as an email-filtering system is simple: Install
the Mercury server, configure the basic settings (e.g., host name, DNS
servers, user mail accounts), configure the POP3 client to pick up
your POP-based email, configure the content-filtering rules to
eliminate unwanted email, and configure your regular POP3 mail client
to pick up email from Mercury instead of your usual POP3 mail server.

The Content Control filtering rules are flexible and easy to create,
and Mercury ships with a predefined rule set that helps eliminate
several common types of junk mail you're likely to receive. You can
filter based on several email elements (e.g., header, subject).
Writing custom rules involves deciding which aspects of an email
message to base a filter on, specifying what content will trigger the
rule, and giving the filter a weighted numeric value. The weighted
value helps govern what happens to a message when it triggers a rule.
For example, here's a rule that captures all email that contains the
words "Make Money Fast":
 
   If body contains "make money fast" then weight 50

If you configure the Content Control subsystem to delete all messages
with a weight of 50 or above, no email containing the above keywords
will ever reach your desktop email client.

The rules are powerful. You can filter based on subject, sender,
recipients, body content, and email headers. The rules use typical
expressions such as "if," "and," "andnot," "or," and "ornot" and
special markup codes for character pattern matching. In addition, the
Content Control system lets you insert custom email headers into
filtered messages you can then use to refilter the message headers in
your desktop email client for special action upon receipt, such as
sorting email messages into specific folders.

Mercury supports multiple rule sets and separate blacklist and
whitelist files. It also works with the Mail Abuse Prevention System
(MAPS--see the URL below), which further helps prevent the spread and
receipt of unsolicited email. In addition, Mercury includes other
built-in filtering systems that let you automatically perform such
actions as forwarding, replying to, copying, extracting, and appending
email messages to files--all based on individual email
characteristics.
   http://mail-abuse.org

I find Mercury a powerful and inexpensive way to manage email traffic.
It's a great full-blown standalone mail server and a terrific POP3
mail relay to help you filter out unwanted email simply. And because
it uses a small amount of memory, it won't significantly burden
resources. What amazes me most about Mercury is that its developer,
David Harris, provides this package free for personal and commercial
use. You can download a copy of Mercury at the URL below.
   http://www.pmail.com/downloads.htm

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~
   FREE E-COMMERCE SECURITY GUIDE
   Is your e-business built on a strong, secure foundation? Find out
with VeriSign's FREE White Paper, "Building an E-Commerce Trust
Infrastructure." Learn how to authenticate your site to customers,
secure your web servers with 128-Bit SSL encryption, and accept secure
payments online. Click here:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw05Kz0Ai
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken@xxxxxxxxxxxxx)

* MULTIPLE VULNERABILITIES IN SYBASE ADAPTIVE SERVER 12.0 AND 12.5
   Application Security discovered three new buffer-overrun
vulnerabilities in Sybase's Adaptive Server 12.5 and Adaptive Server
12.0. The vulnerabilities can grant an attacker complete control over
the vulnerable system. The first vulnerability involves a buffer
overflow in the Database Consistency Checker (DBCC) CHECKVERIFY
function. The second vulnerability involves a buffer overflow in the
DROP DATABASE function. The third vulnerability is a buffer-overflow
condition in the xp_freedll stored procedure. For more information
about these vulnerabilities, see the discoverer's Web site. Sybase has
released patches that address these vulnerabilities and recommends
that affected users download the appropriate patch from the company's
Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=27459

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
   "The Insider's Guide to IT Certification" eBook is hot off the
presses and contains everything you need to know to help you save time
and money while preparing for certification exams from Microsoft,
Cisco Systems, and CompTIA and have a successful career in IT. Get
your copy of the Insider's Guide today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06cX0AZ

* SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!
   Security breaches and viruses can happen to your enterprise. But
there are steps you can take to prevent disaster, like subscribing to
Security Administrator, the print newsletter from the experts at
Windows & .NET Magazine. Every issue shows you how to protect your
systems with informative, in-depth articles, timely tips, and
practical advice. Don't just take our word for it--get a sample issue
today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06Kx0Ah

4. ==== SECURITY ROUNDUP ====

* NEWS: PKWARE TEAMS WITH RSA SECURITY TO ENHANCE ZIP TECHNOLOGY
   PKWARE and RSA Security announced that they've formed a new
strategic technology, sales, and marketing partnership. Under the new
partnership, PKWARE has licensed RSA BSAFE encryption software, and
RSA Security has licensed PKWARE's PKZIP compression technology.
PKWARE will use RSA BSAFE to enhance its product offerings across
desktops, servers, and mainframe systems. RSA Security will use PKZIP
in the products it offers through its direct sales and distribution
channels. The companies pointed out that compression and encryption
technologies complement each other in that compression reduces
encryption overhead while encryption helps to protect data.
   http://www.secadministrator.com/articles/index.cfm?articleid=27438

* FEATURE: SERIOUS ABOUT SECURITY
   In this age of rampant viruses and increasingly sophisticated
system attacks, securing your Microsoft SQL Server system means more
than just protecting your data--it also means protecting your network.
Attackers can use a compromised SQL Server system to access other
systems in your network. This year, Microsoft finally got serious
about security. In January, Microsoft launched its much-publicized
3-month security initiative, halting all new development, hunting for
security holes, and training its developers to be security-conscious.
But even with Microsoft's ramped-up security efforts, your systems are
still only as secure as you make them. Microsoft and other companies
might give you the lock, but you have to turn the key.
   http://www.secadministrator.com/articles/index.cfm?articleid=26942

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* PROTECT YOUR INFRASTRUCTURE
   How do you make sure only the right people access your vital
systems? IBM can help build trust into your e-business relationships.
Get the IBM white paper, "Linking Security Needs to e-business
Evolution" at http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06ia0Ao

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: UNDER WHAT CONDITIONS IS FAST USER SWITCHING AVAILABLE IN
WINDOWS XP?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Fast User Switching is an XP feature that lets more than one user
simultaneously log on, although only one user account can be active at
any time. For example, say user John is currently logged on and Kevin
needs to print a document from his desktop. Without logging off John,
Kevin can log on, print his document, then make John's user account
active again without logging off to perform the switch.

Several factors determine whether Fast User Switching is available:
   - You must not be using a third-party Microsoft Graphical
Identification and Authentication (GINA--msgina.dll) file.
   - The computer must not be a member of a domain (this factor
applies to XP Professional only).
   - You must enable the Fast User Switching feature (go to the
Control Panel User Accounts applet and select "Change the way users
log on or off"). If the computer has more than 64MB of RAM, XP enables
Fast User Switching by default.
   - The computer has sufficient free resources to create an
additional Winlogon service thread (when multiple users are logged on,
all the accounts--even those not currently in use--use resources).
   - If your computer video card uses Shared Video Memory (i.e., the
computer uses a portion of the system's RAM for video display memory),
the shared memory will minimize the amount of free RAM and can cause
XP to disable Fast User Switching.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products@xxxxxxxxxxxxx)

* ADD TWO-FACTOR AUTHENTICATION TO ISA SERVER 2000
   Authenex introduced AOne, which integrates two-factor
authentication with Microsoft Internet Security and Acceleration (ISA)
Server 2000. End users' passwords and A-Key USB tokens let you control
inbound and outbound HTTP or HTTP Secure (HTTPS) page or file requests
according to permissions established for groups or individual users.
AOne supports Windows 2000 Server with Service Pack 2 (SP2) or later
and requires an available USB port. Clients are supported on Windows
XP, Win2K, Windows 98, and Windows Me. For pricing or more
information, contact Authenex at 510-568-6558, 877-288-4363, and
sales@xxxxxxxxxxxxx
   http://www.authenex.com
 
* SCAN FOR NETWORK VULNERABILITIES
   Latis Networks announced StillSecure Server VAM 1.1, which
continuously and systematically scans for network vulnerabilities. You
can customize scanning based on the type and importance of devices,
and you can set frequency. After the application discovers weaknesses,
you can track them through repair with the Workflow Management Engine.
StillSecure Server VAM 1.1 is sold as an annual subscription based on
the number of IP addresses. It's available as a software appliance
with a hardened OS or as a preconfigured integrated hardware
appliance. For pricing or more information, contact Latis Networks at
303-642-4500 and sales@xxxxxxxxxxxxxxxx
   http://latis.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot@xxxxxxxxxxxxxx

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: How Do I Prevent Service and User Listing?
   (One message in this thread)

A user knows that programs such as DUMPSEC can list all running
services on remote Windows 2000 and Windows NT systems. He wants to
know whether he can lock down systems to prevent such applications
from enumerating services and local users. Lend a hand or read the
responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50652

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Kazaa Lite Capturing Keystrokes?
   (One message in this thread)

A user writes that while he was testing the OKENA StormWatch Intrusion
Detection System (IDS), an alert stated that kazaa.exe was capturing
keystrokes. He loaded a new image on another computer and loaded the
StormWatch application first, then downloaded Kazaa Lite. He replaced
the .exe per the instructions and executed the program. The same thing
happened. He has looked at all the files and doesn't see that the
application is writing to anything. He wonders whether anyone can tell
him about this behavior. Read the responses or lend a hand at the
following URL:
   http://63.88.172.96/listserv/page_listserv.asp?A2=IND0211D&L=HOWTO&P=687

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark@xxxxxxxxxxxxxx

* ABOUT THE NEWSLETTER IN GENERAL -- letters@xxxxxxxxxxxxx (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products@xxxxxxxxxxxxx

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate@xxxxxxxxxxxxx

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps@xxxxxxxxxxxxx

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!

__________________________________________________________
Copyright 2002, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.