Security UPDATE, January 15, 2003

Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

Experience How Real Time Monitoring Will Benefit YOU

Microsoft Mobility Tour
(below IN FOCUS)


SPONSOR: EXPERIENCE HOW REAL TIME MONITORING WILL BENEFIT YOU

A proactive Security Administrator installed TNT Software's ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. During the first week, EEM 3.0 paged him as a disgruntled employee attempted to access confidential files, emailed him during a port scan attack, and automatically restarted a failed anti-virus service. As a result, ELM Enterprise Manager was purchased and fully deployed during the second week. Download your FREE 30 day full feature evaluation copy today and experience how real time monitoring will benefit YOU.


January 15, 2003—In this issue:

1. IN FOCUS

  • Security Initiatives and Windows Server 2003

2. ANNOUNCEMENTS

  • InfoSec World Conference and Expo/2003
  • Windows Scripting Solutions for the Systems Administrator
  • Back by Popular Demand—Don't Miss Our Security Road Show Event!

3. SECURITY ROUNDUP

  • News: Lirva Worm Might Spoof Microsoft Security Bulletin
  • News: Finjan Software Acquires Alchemedia Technologies
  • News: Microsoft Releases ISA Server 2000 Feature Pack 1

4. SECURITY TOOLKIT

  • Virus Center
  • FAQ: How Can I Prevent Windows XP's Network Bridge Feature from Forwarding Network Packets?
  • Event Highlight: Smart Card Alliance Mid-Winter Conference

5. NEW AND IMPROVED

  • Assess Windows Server Security
  • Secure Your Desktops
  • Submit Top Product Ideas

6. HOT THREAD

  • Windows & .NET Magazine Online Forums
  • Featured Thread: Tool for ACL Comparison and Changes
  • HowTo Mailing List:
  • Featured Thread: Sharing XP Folders in a Workgroup

7. CONTACT US
See this section for a list of ways to contact us.


1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])

  • SECURITY INITIATIVES AND WINDOWS SERVER 2003

  • As I wrote in last week's Security UPDATE, Microsoft has been working on its Trustworthy Computing initiative. The initiative involves addressing concerns customers have about the security of Microsoft products, especially the issues customers encounter most frequently. To address those concerns, Microsoft has developed a strategy called SD3+C—Secure by Design, Secure by Default, Secure in Deployment, and Communications.

    Secure by Design means better-designed products, more thorough testing and approval processes before release, and more security features. As you know, Microsoft stopped development on Windows Server 2003 for 2 months while the company focused attention on matters such as employee training and product redesign.

    The company changed some of the server architecture to improve security. For example, the Web listener is no longer part of the kernel. Also, at a lower level of architecture, Microsoft has improved the server's compilers and changed code-development processes such as the thread-modeling processes. In addition, teams must review and test code to ensure quality—reviews that can stop a product's release until developers change the code.

    Secure by Default emphasizes not exposing aspects of functionality unless an administrator wants them exposed. For example, Microsoft IIS and many other services are no longer active by default. Microsoft has added two new accounts for network access and local system access to offer administrators more ways to limit service exposure. In addition, people can't use blank passwords to authenticate to network services.

    Microsoft is taking several steps in the areas of Secure by Deployment and Communications. One such step is to offer users more documentation to help architect their particular data centers. Another step is to continue building enterprise customer communications, a response to enterprise customers who assert that they don't have enough communication with Microsoft. But SD3+C contains much more than I can discuss here; you can read about SD3+C's overall premises on Microsoft's Web site.

    You might already be aware of some of the matters I mention above. However, on January 27, Microsoft will begin briefing the press in more detail about its security innovations in Windows 2003. Stay tuned, and I hope I'll be able to fill you in on new details in that week's edition of Security UPDATE.

    Meanwhile, take advantage of some new documentation Microsoft has made available on its Microsoft Developer Network (MSDN) Web site. In November 2002, Microsoft published the online book "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication." Chapters include Security Model for ASP.NET Applications, Authentication and Authorization, Secure Communication, Intranet Security, Extranet Security, Internet Security, ASP.NET Security, Enterprise Services Security, Web Services Security, Remoting Security, Data Access Security, and Troubleshooting Security Issues. In December, Microsoft published "Building and Configuring More Secure Web Sites," a paper that discusses best practices for Windows 2000 Advanced Server, Internet Information Services (IIS) 5.0, Microsoft SQL Server 2000, and the Microsoft .NET Framework.
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/openhack.asp?frame=true

    Be sure to check out these resources. Also, stop by the .NET Security Web site to see what else you might find useful.


    SPONSOR: MICROSOFT MOBILITY TOUR

    THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
    Brought to you by Windows & .NET Magazine, this outstanding seven-city event will help support your growing mobile workforce! Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. There is no charge for these live events, but space is limited so register today!
    http://www.winnetmag.com/seminars/mobility

    2. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • INFOSEC WORLD CONFERENCE AND EXPO/2003

  • MIS Training Institute's InfoSec World Conference and Expo/2003 will be held in Orlando, FL, March 10-12, 2003, with optional workshops on March 8, 9, 12, 13, and 14. InfoSec World will cover today's need-to-know topics and deliver proven strategies for protecting your systems. For details and to register, click here.

  • WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR

  • You might not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today.

  • BACK BY POPULAR DEMAND—DON'T MISS OUR SECURITY ROAD SHOW EVENT!

  • If you missed last year's popular security road show event, now is your chance to catch it again in Portland, Oregon, and Redmond. Learn from experts Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Registration is free so sign up now!

    3. SECURITY ROUNDUP

  • NEWS: LIRVA WORM MIGHT SPOOF MICROSOFT SECURITY BULLETIN

  • New variants of the worm Lirva are spreading around the Internet infecting users of Microsoft Outlook. The worm is dangerous in that it can shut down antivirus and firewall software and overwrite Microsoft Word, Excel, and PowerPoint files, leaving the file sizes at 0KB, which renders the files unrecoverable without a backup.
    http://www.wininformant.com/articles/index.cfm?articleid=37662

  • News: Finjan Software Acquires Alchemedia Technologies

  • Finjan Software announced that it has acquired Dallas-based Alchemedia Technologies. The acquisition includes the customer base, intellectual property, and products. Alchemedia's flagship product, Mirage, offers Digital Rights Management (DRM) to documents.
    http://www.secadministrator.com/articles/index.cfm?articleid=37644

  • News: Microsoft Releases ISA Server 2000 Feature Pack 1

  • Microsoft has announced the release of Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1, a set of add-ons that enhance security for Microsoft Exchange Server, IIS, and Outlook Web Access (OWA) and improve ease of use for administrators.
    http://www.secadministrator.com/articles/index.cfm?articleid=37583

    4. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

  • FAQ: How can I prevent Windows XP's Network Bridge feature from forwarding network packets?

  • (contributed by John Savill, http://www.windows2000faq.com)

    A. The Network Bridge feature in XP Professional and XP Home Edition can forward network packets; however, this capability can cause major problems on some networks. To permanently disable packet forwarding, perform the following steps:

    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BridgeMP registry subkey.
    3. From the Edit menu, select New, DWORD Value; enter the name DisableForwarding; then press Enter.
    4. Double-click the new value, set it to 1, then click OK.
    5. Close the registry editor.
    6. Reboot the machine for the change to take effect.

  • EVENT HIGHLIGHT: SMART CARD ALLIANCE MID-WINTER CONFERENCE

  • February 12 through February 13, 2003
    Salt Lake City, Utah

    "Identity: Technology and Policy Issues of Trust" addresses how we protect our identities and minimize the risks to our privacy. Expert panels will examine the specific roles in which individuals use their identities—as public citizens (such as crossing borders, at airports, in voting booths); as corporate citizens (accessing buildings, networks, private databases); and as private citizens (in retail stores, on the Internet, and using wireless devices). For more information, click here.

    5. NEW AND IMPROVED
    (contributed by Sue Cooper, [email protected])

  • ASSESS WINDOWS SERVER SECURITY

  • Winzero Custom Solutions released ACLReporter, security assessment and reporting software for your NTFS file, folder, and share data. ACLReporter lets you perform security permission searches and gather security information from remote servers in realtime or when they're offline. Supports Windows Server 2003, Windows 2000, and Windows NT servers. An enterprise license for unlimited servers and users is $695 until January 31, 2003. Contact Winzero Custom Solutions at 604-736-7395 in Canada, at 973-439-6908 in the United States, or at [email protected].
    http://www.winzero.ca

  • SECURE YOUR DESKTOPS

  • Anfibia announced Deskman 5.2, a Windows desktop security tool that gives you control over your users' desktop components. Deskman features include encrypted profiles, authentication procedures, and Windows NT service implementation. Deskman 5.2 now offers a new password policy and the ability to protect access to drives. Contact Anfibia at [email protected].
    http://www.anfibia.net

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].

    6. HOT THREAD

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS
  • Featured Thread: Tool for ACL Comparison and Changes
    (Two messages in this thread)

    A user writes that he's seeking a tool that will compare current folder and file ACLs against a database, then apply ACL changes to all files and folders that don't have the NTFS permissions. The tool should also generate a comparison report. Is there such a tool, other than CACLS or SuperCACLS? Lend a hand or read the responses.

  • HOWTO MAILING LIST
  • Featured Thread: Sharing XP Folders in a Workgroup
    (Three messages in this thread)

    A user writes that he needs to share folders on a Windows XP Professional system that's in a workgroup, and he wants to provide granular security permissions on the folders. Without joining a domain, however, he can't remove the Everyone group—which means he can't provide individualized user access permission to the folders. How can he solve this problem? Read the responses or lend a hand.

    7. CONTACT US
    Here's how to reach us with your comments and questions:

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish