Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com
THIS ISSUE SPONSORED BY
VeriSign - The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n204087360057000
Security Exploits Are a Result of Missing Patches
http://www.stbernard.com/products/targetpages/win2kN-ue.asp
(below IN FOCUS)
SPONSOR: VeriSign - The Value of Trust
Get the strongest server security — 128-bit SSL encryption!
Download VeriSign's FREE guide, "Securing Your Web Site for Business" and learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n204087360057000
August 21, 2002—In this issue:
1. IN FOCUS
- Thought Police: Coming to a Computer Near You?
2. SECURITY RISKS
- Privilege Elevation Vulnerability in Microsoft SQL and MSDE
- Privilege Elevation Vulnerability in Win2K Network Connection Manager
- Macromedia Shockwave Flash Malformed Header Overflow
- Buffer Overflow in Winhlp32.exe
3. ANNOUNCEMENTS
- Why Pay When You Can Get In-Person Security Expertise at No Charge?
- Take Our Survey and You Could Win a Free T-Shirt!
4. SECURITY ROUNDUP
- News: Security Certifications Decline
- News: Severe Vulnerability in IE Secure Sockets Layer
- News: Intruder Stole New Shuttle Design Plans from NASA
5. HOT RELEASE
- Stop IIS Web Server Intrusions & Cyber Attacks
6. INSTANT POLL
- Results of Previous Poll: Wireless Security
- New Instant Poll: Biometric Scanners
7. SECURITY TOOLKIT
- Virus Center
- FAQ: How Can I Connect to a Windows .NET Server (Win.NET Server) Console?
8. NEW AND IMPROVED
- Upgrade to VPN Security Solution
- Centralized Auditing of Windows Security Logs
- Submit Top Product Ideas
9. HOT THREADS
- Windows & .NET Magazine Online Forums
- Featured Thread: PGP or PKI?
- HowTo Mailing List:
- Featured Thread: Windows XP User Account Creation
10. CONTACT US
- See this section for a list of ways to contact us.
1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])
Imagine a computer security device that won't let you access a computer or network unless your thoughts are preapproved by a policing scanner. You walk up to a terminal, and a device instantly scans your brain waves and heart rate and gathers biometric identification data from your body. The scanner then compares the biometrics data and your vital statistics to a variety of databases, including credit bureaus, criminal records, travel habits, and hundreds (if not thousands) of other sensitive databases. If you're deemed not to be a risk, you're allowed access to the computer or network. Sound far-fetched? Think again (no pun intended).
According to a "The Washington Times" report, such technology is under development right now, all in the name of antiterrorism. The report states that the National Aeronautics and Space Administration (NASA) is developing the technology with cooperation from an unnamed commercial firm for use at airports to help identify potential terrorists. Given the fact that computers and networks are vital to everyday affairs, it hardly stretches the imagination to think that such technology could become commonplace in the computer industry sometime in the future.
http://washtimes.com/national/20020817-704732.htm
According to "The Washington Times" report, on July 31, the Electronic Privacy Information Center (EPIC) obtained documents from the Transportation Security Administration (TSA) under the Freedom of Information Act (FOIA) for a lawsuit. The documents revealed a plan to implement such technology to screen passengers at airports. NASA told security specialists at Northwest Airlines, where the technology might be tested, about the brain-monitoring technology.
http://www.epic.org
NASA Aerospace Research Manager Herb Schlickenmaier likened the technology to "a super lie detector that would also measure pulse rate, body temperature, eye-flicker rate and other biometric aspects sensed remotely." Today, a ball cap-type sensor must touch someone's head to read brainwaves. And, in fact, Schlickenmaier noted, "To say I can take that cap off and put sensors in a doorjamb, and as the passenger starts walking through \[say that the passenger is\] a threat or not, is at this point a future application."
Physics professors familiar with brainwave research have raised privacy concerns about that research. Nevertheless, if NASA can produce such a device and the public accepts such technology as part of the general screening process for airport access, then it's reasonable to think that such technology might also make its way into the computer security industry (and other industries soon thereafter). After all, computer networks are mission-critical elements of a nation's infrastructure, and it's rather obvious that computer intruders pose a serious threat to such infrastructures.
For information about such threats, be sure to read our news story, "Intruder Stole New Shuttle Design Plans from NASA," listed in the SECURITY ROUNDUP section of this UPDATE (see the URL below). And read "The Washington Times" report for a revealing glimpse of a potential future scenario.
http://www.secadministrator.com/articles/index.cfm?articleid=26246
SPONSOR: SECURITY EXPLOITS ARE A RESULT OF MISSING PATCHES
Are you confident your network has the patches required to prevent intrusions? UpdateEXPERT is a patch remediation tool that scans for missing hotfixes, and FIXES discovered weaknesses for increased protection. UpdateEXPERT features an exclusive database of patches that are researched and tested for interdependencies by our in-house patch experts. Supporting Windows NT4/2000/XP, SQL Server, Exchange Server, IE, Outlook and other critical applications, UpdateEXPERT installs updates to all servers and workstations remotely without a required client agent. FREE 15-day live trial and Whitepaper!
http://www.stbernard.com/products/targetpages/win2kN-ue.asp
2. SECURITY RISKS
(contributed by Ken Pfeil, [email protected])
David Litchfield of NGS Software discovered vulnerabilities in Microsoft SQL Server and Microsoft Desktop Engine (MSDE) that could result in an unprivileged user gaining control of the database. These vulnerabilities stem from weak default permissions on certain extended stored procedures that let unprivileged users run these stored procedures with Administrator privileges. Microsoft has released Security Bulletin MS02-043 (Cumulative Patch for SQL Server) to address this vulnerability and recommends that affected users download and apply the patch mentioned in the security bulletin
http://www.secadministrator.com/articles/index.cfm?articleid=26292
Microsoft reported a vulnerability in Windows 2000's Network Connection Manager (NCM) that could result in compromise of the affected system. This vulnerability stems from a flaw in an NCM handler routine that could grant an unprivileged user LocalSystem rights. Microsoft has released Security Bulletin MS02-042 (Flaw in Network Connection Manager Could Enable Privilege Elevation) to address this vulnerability and recommends that affected users download and apply the patch mentioned in the security bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=26291
Drew Copley and Riley Hassell of eEye Digital Security discovered a vulnerability in Macromedia's Shockwave Flash that could lead to execution of arbitrary code on the vulnerable system. An intruder can exploit a malformed Macromedia Flash movie (SWF) header that supplies more frame data than the decoder expects, resulting in a buffer-overrun condition. Macromedia has released bulletin MPSB02-07 (Macromedia Flash Malformed Header Vulnerability Issue) regarding this vulnerability and recommends that affected users download Flash Player 6,0,40,0, which addresses this vulnerability.
http://www.secadministrator.com/articles/index.cfm?articleid=26250
A buffer-overrun vulnerability in Winhlp32.exe could result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the Item parameter within WinHlp Command. This exploit would execute in the security context of the currently logged on user. Microsoft has released Windows 2000 Service Pack 3 (SP3), which includes a fix for this vulnerability.
http://www.secadministrator.com/articles/index.cfm?articleid=26252
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
Windows & .NET Magazine Network Road Show 2002 is coming this fall to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ. Registration is free, but space is limited so sign up now!
http://www.winnetmag.com/seminars/roadshow
We need to hear your thoughts on the future on technology! Take our reader survey, and you'll be entered to win a T-shirt, compliments of Windows & .NET Magazine. All responses are completely confidential, so visit
http://www.up2research.com/windotnet
4. SECURITY ROUNDUP
According to a new "Cyber Defense IQ Report" from Brainbench, the number of new security certifications obtained over an 8-month period has declined significantly. Brainbench compared the number of security certifications obtained between November 2000 through July 2001 with the number of security certifications obtained between November 2001 through July 2002.
http://www.secadministrator.com/articles/index.cfm?articleid=26262
In what has been called one of the most serious problems ever detected in cryptography, researcher Mike Benham has discovered that intruders can implement undetected man-in-the-middle attacks against users of Microsoft Internet Explorer (IE) 6.x and 5.x. Benham reported his findings to readers of a popular security mailing and detailed the vulnerability.
http://www.secadministrator.com/articles/index.cfm?articleid=26245
According to a "Computerworld" report, an intruder known as RaFa has broken into a network that National Aeronautics and Space Administration (NASA) operates and stolen extremely sensitive design plans for a space shuttle. Using a vulnerability in FTP servers that allow anonymous logons, RaFa managed to locate and download more than 43MB of data, including a Microsoft PowerPoint presentation.
http://www.secadministrator.com/articles/index.cfm?articleid=26246
5. HOT RELEASE
eEye Digital Security has released SecureIIS, a proactive security solution built specifically for IIS. Known for their IIS vulnerability research expertise, eEye created SecureIIS to prevent damaging network traffic that goes undetected by firewalls and IDS's.
Learn more & free trial downloads at:
http://www.eeye.com/click.asp?ref=wnetnews1&target=secureiis
6. INSTANT POLL
The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Does your company use some form of security to prevent unauthorized access to its wireless network?" Here are the results (+/- 2 percent) from the 90 votes:
- 56% Yes
- 28% No
- 17% No—We leave the wireless network unprotected to offer open access
The next Instant Poll question is, "Which of the following types of biometric scanners are currently in use on your network?" Go to the Security Administrator Channel home page and submit your vote for a) Fingerprint, b) Retina, c) Facial, d) Two or more of the above, or e) None of the above.
http://www.secadministrator.com
7. SECURITY TOOLKIT
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.secadministrator.com/panda
(contributed by John Savill, http://www.windows2000faq.com)
A. The Windows 2000 Server family lets you make two connections to a server in Win2K Server Terminal Services administration mode without requiring additional licenses, but neither connection is an actual console session. Win.NET Server addresses this omission by letting you connect to the console session using technology taken from Windows XP's Remote Desktop feature.
The XP Remote Desktop Connection (RDC) client can connect to a console session, but this ability is hidden. To connect to a Win.NET Server console from an XP system, you have to start the RDC client with the /console switch by typing the following at the command prompt:
msdtc /console
The RDC graphical interface will start as usual, but the connection to the Win.NET Server will display a console session instead of creating a new RDP session.
To modify the RDC client shortcut to always include the /console switch, right-click the RDC client shortcut item on the Start menu, select Properties from the context menu, and add /console to the Target. For example,
C:\program files\remote desktop\mstsc.exe
becomes
C:\program files\remote desktop\mstsc.exe /console
If you aren't using XP, you can install the Win.NET Server RDC client on a Win2K or later client. Win.NET Server also ships with the Microsoft Management Console (MMC) Remote Desktops snap-in, which lets you connect to a console by selecting the "Connect to console" check box.
8. NEW AND IMPROVED
(contributed by Judy Drennen, [email protected])
WatchGuard Technologies announced WatchGuard Firebox System (WFS) 6.0 for its Firebox III line of products. WFS 6.0, a complete firewall and VPN solution with advanced stateful packet filtering and transparent proxy architecture, is a free software upgrade for current LiveSecurity subscribers. WFS 6.0 integrates a new public key infrastructure (PKI) with built-in Certificate Authority (CA). WFS 6.0 is available for download from http://www.watchguard.com. For more information, contact WatchGuard at 206-521-8340 or go to the Web site.
http://www.watchguard.com
GFI announced LANguard Security Event Log Monitor (S.E.L.M.) 3.0, a host-based Intrusion Detection System (IDS) that monitors networks for security breaches. The product analyzes network Security logs and alerts administrators about key security events in realtime. Because it performs intrusion detection by scanning the event logs, GFI LANguard S.E.L.M. isn't impaired by switches, IP traffic encryption, or high-speed data transfer, as are traditional network-based intrusion detection products. The product scans Windows XP, Windows 2000, and Windows NT, and pricing starts at $375 for a two-server/10-workstation package. Contact GFI Software at [email protected] or go to the Web site.
http://www.gfi.com
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].
9. HOT THREADS
http://www.winnetmag.com/forums
(Two messages in this thread)
A user writes that he's moving to a new office in 3 months and his company will be completely rebuilding its network. The company will maintain a remote site for five people. Therefore, he intends to have a VPN connecting the two sites. His boss is very concerned about security, including email. He wants to know which is more secure and easier to implement and maintain: pretty good privacy (PGP) or public key infrastructure (PKI)? Read the responses or lend a hand at:
http://www.secadministrator.com/forums/thread.cfm?thread_id=23123
http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
(One message in this thread)
Michael wants to know a way to create users in Windows XP, then restrict their local access without using the domain model. He tried using Group Policy in Microsoft Management Console (MMC) and felt that the results were disastrous because the process locked all accounts (including administrative accounts) out of the Control Panel. Read the responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0208b&l=howto&p=82
8. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT IN FOCUS — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SECURITY UPDATE?
[email protected]
This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
http://www.secadministrator.com/sub.cfm?code=saei25xxup
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
Thank you for reading SECURITY UPDATE.
