Security UPDATE--More About Wi-Fi Security--June 16, 2004

Important: With the upcoming release of Gmail, we realize that many of you might be considering switching to a new email address. To help ensure uninterrupted delivery of this free newsletter to your inbox, Windows & .NET Magazine would like to remind you to take a minute to visit our email subscription center at where you can confirm or update your email address. We would also like to recommend that you add [email protected] to your list of allowed senders and contacts so that your copy of Security UPDATE isn't mistakenly blocked by antispam software. We value your readership and want to ensure that we can continue to reach you. Thanks for reading!


==== This Issue Sponsored By ====

Free Security White Paper from Postini

Windows & .NET Magazine


1. In Focus: More About Wi-Fi Security

2. Security News and Features

- Recent Security Vulnerabilities

- News: New IE Flaws Might Allow Code Injection

3. Instant Poll

4. Security Toolkit


- Featured Thread

5. New and Improved

- Increased Control Over IP Network Access and Security


==== Sponsor: Postini ====

How to Preemptively Eliminate the Top 5 Email Security Threats

Are worries about spam and virus attacks to your enterprise email system keeping you up at night? See why spam and viruses are only the "tip of the iceberg" when it comes to email security threats. Learn how you can eliminate the top 5 security threats to your email system, including the silent killer -- directory harvest attacks. The good news is there's an easy and effective way to arm your organization against all threats, even the latest spam and email attacks. Find out how to completely and preemptively protect against major threats including spam, viruses, directory harvest attacks (DHA), denial-of-service (DoS) attacks, as well as internal policy violations. Download this free white paper today!


==== 1. In Focus: More About Wi-Fi Security ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Last week, I wrote about problems with particular Linksys and NETGEAR wireless Access Points (APs). I suggested that people might consider putting their APs behind a firewall to better protect the systems from access by outsiders who might approach the units from a WAN link. This practice might protect wireless APs against any unknown vulnerabilities that intruders might discover. Even if your APs have built-in firewalls of their own, consider also using a firewall external to them. The approach makes sense, but while cruising the Internet last week, I came across an old, but interesting article, "WiFi Security Checklist," at the Security Technique Web site that made me realize that I had overlooked another potential problem that you might want to consider.

As you know, wireless protocols are vulnerable to a variety of attacks. APs' very nature makes them prone to granting access to users outside your immediate working environment. And of course, once someone has connected to one of your APs, he or she is part of your network. This situation raises the question of how much of your network is exposed to your APs. If you have no additional barriers in place and your APs are essentially inside your trusted network, an intruder will also be inside your trusted network after he or she connects to one of your APs. I doubt that you want to leave that gaping hole open.

So in addition to putting a firewall in between your APs and external networks (whether they be the Internet, partner networks, remote offices, or other networks), you should probably consider putting a firewall behind your APs. In that sort of configuration, you could use some sort of VPN in which wireless clients tunnel back into your private network for access to network resources. That way, if an intruder connects to one of your APs, he or she will have far less to work with when trying to penetrate your overall network.

Or, if your environment uses Remote Authentication Dial-In User Service (RADIUS), you might consider using RADIUS to pass routing restrictions to your APs. For example, Randy Franklin Smith explains in "A Secure Wireless Network Is Possible," Windows & .NET Magazine, May 2004, that if a visiting business partner connects to your AP, RADIUS could pass a routing restriction to the AP that allows him or her access only to the Internet and not your internal network. If you subscribe to the print magazine, you can read Smith's article on our Web site.


==== Sponsor: Windows & .NET Magazine ====

Get 2 Sample Issues of Windows & .NET Magazine!

Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

News: New IE Flaws Might Allow Code Injection

On June 7, Jelmer Kuperus posted a message to the Full Disclosure mailing list to report the existence of new vulnerabilities in Microsoft Internet Explorer (IE) and exploits that take advantage of those flaws. As a result, we might see Microsoft release at least one new IE patch before its next scheduled security patch release date of July 15.


==== Announcements ====

(from Windows & .NET Magazine and its partners)

Security Patch Management Tools--Windows and Office Update Web Seminar

How are you evaluating, distributing, and installing software patches? This free Webcast discusses the importance of patch management and establishing a patch-management process by using Windows and Office Update as a patch-management tool in your environment. Register now!

Windows Connections October 24-27, Orlando, Florida.

Save these dates for the Fall 2004 Windows Connections conference, which will run concurrently with Microsoft Exchange Connections. Register early and receive admission to both conferences for one low price. Learn firsthand from Microsoft product architects and the best third-party experts. Go online or call 800-505-1201 for more information.

Attend the Black Hat Briefings & Training USA Event - July 24-29, 2004

This is the world's premier technical IT security conference, hosting 2,000 delegates from 30 nations. Featuring 27 hands-on training courses and 10 conference tracks with presentations by security experts and "underground" security specialists. Early-bird registration deadline is July 1!


==== Hot Release ====

Ultimate Windows Security Training

You've read his articles... Now come to his training! Mind-meld with Windows security expert Randy Franklin Smith and learn his secrets on AD, Group Policy, WiFi Security, VPNs, IPSec, Security Log, EFS, IAS, Software Restrictions, Windows Firewall, etc. Download free security log quick reference chart.


==== 3. Instant Poll ====

Results of Previous Poll

The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Does your company intend to implement Windows XP Service Pack 2 (SP2)?" Here are the results from the 134 votes.

- 29% Yes, as soon as it's available

- 31% Yes, within 3 months of its release

- 7% Yes, within 6 months of its release

- 19% Yes, but we're not sure when

- 13% No

(Deviations from 100 percent are due to rounding.)

New Instant Poll

The next Instant Poll question is, "Where are your wireless Access Points (APs)?" Go to the Security Web page and submit your vote for

- Inside the border firewall

- Outside the border firewall

- Between the border firewall and an internal firewall

==== 4. Security Toolkit ====

FAQ: How Do I Install Microsoft Exchange Server 2003 Service Pack 1 (SP1)?

by John Savill,

A. Before you install Exchange 2003 SP1, read the release notes. They contain a number of notices that could apply to your site and might affect the order in which you upgrade servers. You also need to apply the hotfix described by the Microsoft article "FIX: IIS 6.0 compression corruption causes access violations," before you install the service pack. After you have the SP1 installation files, run the update.exe program as you would for any other service pack.

During the installation, the Information Store service, WWW service, and other Exchange processes are stopped, which interrupts service to users. Therefore, you should plan to perform the upgrade at a time when users don't need to access Exchange.

A new version of the Exchange Server Deployment Tools is available from the link below. You can use the deployment tools to assist you in the upgrade process. The tools offer new features, including enhanced support for consolidating sites in a mixed-mode environment (i.e., an environment containing a mix of servers running any combination of Exchange 2003, Exchange 2000 Server, and Exchange Server 5.5).

Featured Thread: Extranet Security Setup

(One message in this thread)

A reader wants to create an Active Server Pages (ASP) extranet application that will give his customers access to information such as the work his company has done for them, the costs, and any scheduled work. Each user should be able to view his or her own information but not other customers' information. All the information is stored in one database, so he's thinking about using views in SQL Server 2000 to ensure that customers see only their own information. You can read the reader's plans for his application and offer advice at


==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New--Shrinking the Server Footprint: Blade Servers

In this free Web seminar, you'll learn how blade servers provide native hot swappable support, simplified maintenance, modular construction, and support for scalability. And we'll talk about why you should be considering a blade server as the backbone of your next hardware upgrade. Register now!


==== 5. New and Improved ====

by Jason Bovberg, [email protected]

Increased Control Over IP Network Access and Security

MetaInfo and Perfigo announced a joint marketing and integration alliance in which the companies will provide and support integration between MetaInfo's Meta IP SAFE DHCP and Perfigo's SecureSmart and CleanMachines products. By integrating the companies' complementary technologies, customers will be able to control and protect against unauthenticated access, viruses, worms, and policy noncompliance at the IP layer. While authenticating the machine's identity, the Meta IP SAFE DHCP server simultaneously requests network security validation and policy compliance checks from CleanMachines. CleanMachines conducts administrator-defined network and device-based scans that can find security vulnerabilities, such as viruses, outdated patches, spyware, and worms. For more information about this partnership, contact MetaInfo at 206-674-3700 or on the Web.

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Sponsored Links ====


Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?

Microsoft(R) TechNet

Microsoft(R) TechNet Webcasts: essential guidance, industry experts;7759917;8214395;c?


Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:

Postini -- -- 1-888-584-3150

Hot Release Sponsor:

Monterey Technology Group -- -- 1-864-587-9720


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine privacy policy at

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.