Security UPDATE: Recent Security Vulnerabilities

====================

==== This Issue Sponsored By ====

Windows & .NET Magazine VIP Web Site/Super CD

http://www.winnetmag.com/rd.cfm?code=edep273lup

====================

1. In Focus: What's in Store for 2004?

2. Announcements

- Take Our Print Publications Survey!

- 2004 Dates Announced: Connections Conferences

3. Security News and Features

- Recent Security Vulnerabilities

- News: Open-Source Patch for IE?

- News: XP SP2 Beta: Deploying ICF

- Feature: OWA Attachment Security

4. Instant Poll

- Results of Previous Poll: Your Web Browser

- New Instant Poll: System Security in 2004

5. Security Toolkit

- Virus Center - FAQ: What's the Best Way of Assigning Permissions to Users and Groups in Windows 2000 and Later?

- Featured Thread: GPO Startup Script

6. Event

- New--Microsoft Security Strategies Roadshow!

7. New and Improved

- Secure Wi-Fi, Bluetooth, USB, and FireWire Devices

- Tell Us About a Hot Product and Get a T-Shirt!

8. Contact Us

See this section for a list of ways to contact us.

====================

==== Sponsor: Windows & .NET Magazine VIP Web Site/Super CD ====

The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!

If you want to be sure you're getting everything the Windows & .NET Magazine Network has to offer, then you need a subscription to the VIP Web site/Super CD. You'll get online access to all of our publications, a print subscription to Windows & .NET Magazine, and a subscription to our VIP Web site, a banner-free resource loaded with articles you can't find anywhere else. Click here to find out how you can get it all at 25% off!

http://www.winnetmag.com/rd.cfm?code=edep273lup

====================

==== 1. In Focus: What's in Store for 2004? ====

by Mark Joseph Edwards, News Editor, [email protected]

From a security standpoint, 2003 ended with a few events that I found notable. Several key companies consolidated: Check Point Software Technologies bought Zone Labs, Shavlik Technologies bought Gibraltar Software, VeriSign bought Guardent, and EMC bought VMware. Each acquisition will have a significant impact on the security market.

http://www.checkpoint.com/press/2003/zonelabs121503.html

http://www.shavlik.com/press_releases/nr gibraltar release final 12-16-03.pdf

http://verisign.com/corporate/news/2003/pr_20031217.html?sl=070807

http://www.emc.com/news/press_releases/viewUS.jsp?id=1970

Also of note are a couple of Microsoft events: On December 17, the company posted the beta version of its upcoming Service Pack 2 (SP2) for Windows XP on its Betaplace Web site (you must be a beta team member to access the Web site). The service pack promises to significantly improve the security of the XP OS. Microsoft also released a related document to help users deploy XP's Internet Connection Firewall (ICF) in enterprise network environments. You can read more about the latter in the related news story, "XP SP2 Beta: Deploying ICF," in this edition of the newsletter.

http://www.betaplace.com

So what's in store for 2004? Although that's anybody's guess, I can make a few reasonable predictions based on industry hot spots and sore spots. I'll bet we see some significant events centered on patch management, junk email, viruses and worms, and managed security services.

I could be wrong, but it seems to me that the volume of complaints about patch management is second only to the volume of complaints about the security of a given product. Patches are "good things"; however, applying patches in a given network environment isn't necessarily simple. Better tools are required. In 2004, I think we'll see both Microsoft and third-party patch solution vendors involved in some major development work in this area. I wouldn't be surprised to see Microsoft acquire a patch solution company in the next year or two.

New antispam laws are on the US law books now, and we know about two people who were recently charged with felonies for specific email abuses. We'll probably see more spammers criminally prosecuted in 2004, but the question remains whether such prosecutions will bring any real reduction of junk email. One effect of the new laws we probably will see is more spammers moving their operations offshore.

One of the biggest security problems we'll probably all face in 2004 is malicious users propagating major viruses and worms perhaps even more severe than Blaster, Slammer, and SoBig. Such events will wreak havoc on users everywhere. However, one or two more major incidents will also put greater pressure on ISPs, both large and small, to step forward and help stem the flow in some long-term fashion. How could ISPs help? I don't know of any ISPs that require customers to maintain both firewalls and antivirus software. Perhaps ISPs will begin to make firewalls and antivirus software mandatory for all customers who expect to use connection services.

All of which leads me to another significant area for security in 2004 and beyond: managed security services. We'll surely see increased activity in managed security services as companies try to offset their expenses while reducing their level of risk and liability. As more companies move toward outsourcing their security needs through such services, security administrators will probably have to make changes to remain competitive in the workforce--whether they stay inside or move outside their current organizations. For example, they might take on additional responsibilities, such as more generalized network administration; move into business management positions or consulting; or seek employment at managed security services companies.

If you have additional ideas about elements of the security arena that seem ripe for major movement or change in 2004, I'd like to hear about them. Send me an email with your thoughts. In the meantime, I wish you all a happy and secure new year.

====================

==== 2. Announcements ====

(from Windows & .NET Magazine and its partners)

Take Our Print Publications Survey!

To help us improve the hardware and software product coverage in the Windows & .NET Magazine print publications, we need your opinion about which products matter most to you and your organization. The survey takes only a few minutes to finish, so share your thoughts with us at

http://websurveyor.net/wsb.dll/12237/editorsproduct.htm

2004 Dates Announced: Connections Conferences

Save these dates: Windows & .NET Magazine Connections will be held April 4-7, 2004, in Las Vegas, Nevada. Microsoft ASP.NET Connections, Visual Studio Connections, and SQL Server Magazine Connections will run concurrently on April 18-21, 2004, in Orlando, Florida. Early registrants will receive the best discounts, so go online or call 203-268-3204 or 800-505-1201 to register.

http://www.devconnections.com

====================

==== Sponsor: Virus Update from Panda Software ====

Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.

Visit "Panda's GateDefender Stands Guard!" at http://www.pandasecurity.com/gatedefender for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

News: Open-Source Patch for IE?

As we reported in a previous news story ("Flaw in Internet Explorer Makes Spoofing Easier"), researchers discovered a flaw in Microsoft Internet Explorer (IE) 6.0, IE 5.5, and IE 5.01 that could trick users into visiting a Web site they didn't intend to visit. The Microsoft article "Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks" ( http://support.microsoft.com/?kbid=833786 ) outlines various steps that users can take to mitigate such risks. However, Opensoft, an open-source software (OSS) group, has produced a third-party patch for the flaw. Openwares.org published the patch on its Web site.

http://secadministrator.com/articles/index.cfm?articleid=41266

News: XP SP2 Beta: Deploying ICF

Microsoft has posted the Windows XP Service Pack 2 (SP2) beta to its Betaplace Web site. The new service pack promises to enhance the security of the OS in several key ways, one of which is with enhancements to the Internet Connection Firewall (ICF). To supplement the beta, Microsoft also published a new white paper, "Deploying Internet Connection Firewall Settings for Microsoft Windows XP with Service Pack 2," which helps explain how to deploy ICF in a network environment.

http://secadministrator.com/articles/index.cfm?articleid=41220

Feature: OWA Attachment Security

Outlook Web Access (OWA) is a terrific tool for giving users remote access to their mailboxes. However, when users open attachments from computers that you don't control, they run the risk of accidentally disclosing sensitive information. You should teach OWA users not to open OWA attachments on public machines. However, just in case users open attachments despite your warnings, OWA 2003 includes several security features to help mitigate the risk. Learn about them in Paul Robichaux's article on our Web site.

http://secadministrator.com/articles/index.cfm?articleid=41265

====================

==== 4. Instant Poll ====

Results of Previous Poll: Your Web Browser

The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Which browser does your company use as its primary Web interface?" Here are the results from the 168 votes.

- 76% Microsoft Internet Explorer (IE)

- 13% Mozilla

- 10% Opera

- 2% Other

(Deviations from 100 percent are due to rounding.)

New Instant Poll: System Security in 2004

The next Instant Poll question is, "Which of the following factors do you think will have the greatest impact on system security in 2004?" Go to the Security Web page and submit your vote for a) Viruses and worms, b) Junk email, c) Patch management, or d) Managed security services.

http://www.winnetmag.com/windowssecurity

==== 5. Security Toolkit ====

Virus Center

Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

http://www.winnetmag.com/windowssecurity/panda

FAQ: What's the Best Way of Assigning Permissions to Users and Groups in Windows 2000 and Later?

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. In general, the best way to assign permissions is by performing the following steps:

1. Assign user accounts to global groups within the user's domain.

2. Place global groups from any domain into universal groups.

3. Place universal groups into domain local groups on the domain controllers (DCs), and place local groups on member servers and workstations.

4. Assign permissions to the domain local groups or local groups as necessary to access the network resources.

One advantage of establishing this hierarchy is that universal group memberships are unlikely to change because they contain only global groups. A good way to remember this hierarchy is to use the following mnemonic device:

All Good Users Do Love Permissions

Accounts are placed in global groups, global groups are placed in universal groups, universal groups are placed in domain local groups, and domain local groups are assigned permissions.

Featured Thread: GPO Startup Script

A user writes that he uses the following command in a startup script:

"NET LOCALGROUP ADMINISTRATORS [email protected] /ADD >> D:\PROD\util\agcycnda.log 2>>&1"

The global group is in the root domain. The Group Policy Object (GPO) that runs this script is in a child domain. The command is duplicated in multiple organizational units (OUs), with the only difference that the group name changes to correspond to the tech support group for that OU. When this command is processed on some servers, it works fine. However, for some OUs, the command doesn't work at all--even though security is the same and the command runs under the localsystem user security context. The user sees the problem in one particular domain and can't reproduce it in other environments. He wants to know whether anyone else has had a similar problem. Lend a hand or read the responses:

http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=66105

==== 6. Event ====

New--Microsoft Security Strategies Roadshow!

We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.

http://www.winnetmag.com/roadshows/computersecurity2004

==== 7. New and Improved ====

by Jason Bovberg, [email protected]

Secure Wi-Fi, Bluetooth, USB, and FireWire Devices

SmartLine released DeviceLock 5.51, a security solution that lets you restrict access to 802.11b (aka Wi-Fi), Bluetooth, USB, and FireWire (IEEE 1394) devices on Windows Server 2003/2000/XP. With DeviceLock, you can control which users can access certain devices on a local computer. You don't need to physically remove or block hardware. You need only install the software and assign appropriate privileges to each user or user group. You can control user access to floppy drives and other removable media; CD-ROM drives and tape devices; WiFi and Bluetooth adapters; and USB, FireWire, infrared (IR), serial, and parallel ports. DeviceLock costs $35 for a single-user license. You can download a free, fully functional demonstration version from the company Web site. For more information about DeviceLock 5.51, contact SmartLine at 866-668-5625 or on the Web.

http://www.devicelock.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

===================

==== Sponsored Links ====

NetSupport

Free Trial - Fast and Easy Network Management. - NetSupport DNA

http://ad.doubleclick.net/clk;6823752;8214395;q?http://www.netsupport-inc.com/dna/netsupport_dna_overview.htm

===================

==== 8. Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today.

https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup

Copyright 2003, Penton Media, Inc.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish