Security UPDATE--Patrolling Wireless Networks--May 12, 2004

==== This Issue Sponsored By ====

CipherTrust

http://www.ciphertrust.com/files/forms/article/em-winwp-ad22-p1-ssec-04012004.php

Exchange & Outlook Administrator

http://www.exchangeadmin.com/rd.cfm?code=fsep234xup

1. In Focus: Patrolling Wireless Networks

2. Security News and Features

- Recent Security Vulnerabilities

- News: Time to Patch Quicktime, iTunes, Mac OS X, and Panther

- Update: Problems with Microsoft's Patch MS04-011

3. Security Toolkit

- FAQ

- Featured Thread

4. New and Improved

- Firewall Gets Faster and Easier

==== Sponsor: CipherTrust ====

Corporations are experiencing spam levels in excess of 60% of their total email volume. The effect of this volume on productivity, bandwidth and storage is significant and costly. But these are not the only effects. Spam now presents a serious threat to security with implications for network integrity and legal liability. In this white paper, you'll learn about the security threat presented by spam, as well as valuable insight into spammer methods and techniques, all from the experts in anti-spam and email security at CipherTrust. Take action now to secure your networks against spam!

http://www.ciphertrust.com/files/forms/article/em-winwp-ad22-p1-ssec-04012004.php

==== 1. In Focus: Patrolling Wireless Networks ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

The Sasser worm basically fizzled, and I think that so far, its variants are little more than a nuisance. But that could change in the future. We'll have to wait and see. In any event, it's a certainty that someone with misconnected neurons will unleash yet another worm on the unsuspecting public before people have had time to install the most recent patches and fix any problems with them. Gee, I can hardly wait. In the meantime, other matters need attending to. For example, what's the state of your wireless security?

If you subscribe to "Windows & .NET Magazine," you've probably received the May issue, which includes "A Secure Wireless Network Is Possible," an informative article by Randy Franklin Smith. Subscribers can also read the article at the URL below. In the article, Smith points out that, "Wireless networks can be secure if you use the right technologies. To add a secure wireless network to an existing Windows network, all you need to do is install one or more 802.1x-compliant wireless Access Points (APs) and one computer running Windows Server 2003. The Windows 2003 server will facilitate 802.1x authentication between your wireless clients and your existing Windows network. Your users will be able to gain access to your wireless network simply by using their existing Windows user accounts."

http://www.winnetmag.com/windows/article/articleid/42273/42273.html

If you have wireless equipment and Windows Server 2003, consider implementing the suggestions in the article. Also consider what might happen if someone plugs in a wireless AP without your knowledge or someone (inadvertently or not) configures his or her wireless network card to operate in ad-hoc mode. In either case, your network would suddenly gain a security hole that you might not want to leave open. Another problem arises when unwanted wireless clients come within broadcast range of your wireless gear.

Solutions are available to monitor the airwaves against unwanted access points and unknown wireless clients, a few of which are AirDefense, AirMagnet, and Red-M's Red-Detect. These are hardware-based solutions that can quickly identify broadcasting APs and clients, help prevent unwanted wireless connectivity, detect various types of wireless network attacks, and more.

I'm in the process of reviewing these three products for an upcoming edition of "Windows & .NET Magazine." I wonder if you use one of these solutions or maybe another solution? If so, I'm interesting in learning what you think about it and what your experiences have been to date. Please send me an email with your detailed thoughts about these products or whichever solution you might use. And please prefix your message subject with "WIFI:" so that I can more easily find your responses among the junk mail.

==== Sponsor: Exchange & Outlook Administrator ====

Try a Sample Issue of Exchange & Outlook Administrator!

If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now!

http://www.exchangeadmin.com/rd.cfm?code=fsep234xup

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.winnetmag.com/departments/departmentid/752/752.html

News: Time to Patch Quicktime, iTunes, Mac OS X, and Panther

If you use Quicktime or iTunes software on Windows or Apple systems or manage Apple desktops or servers, you might want to load the latest patches.

http://www.winnetmag.com/article/articleid/42586/42586.html

Update: Problems with Microsoft's Patch MS04-011

Last week, I wrote about the Microsoft article "Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011," http://support.microsoft.com/?kbid=841382 , released April 28.

Another Microsoft article, "MS04-011: Security Update for Microsoft Windows," http://support.microsoft.com/?kbid=835732 , was also released on April 28 and provides links to six articles (including article 841382) that pertain to problems administrators might encounter while trying to implement the MS04-011 patch.

http://www.winnetmag.com/article/articleid/42505/42505.html

==== Announcements ====

(from Windows & .NET Magazine and its partners)

New--Small Servers for Small Businesses Web Seminar

Today a small business can be as agile as a large business by understanding which technology can be leveraged to create a centralized server environment. In this free Web seminar, you'll learn about the perils of peer-to-peer file sharing, backup and recovery, migration from desktop to servers, and Small Business Server basics. Register now!

http://www.winnetmag.com/seminars/serversmallbusiness/index.cfm?code=emailannc051004

Get 2 Free Sample Issues of SQL Server Magazine!

SQL Server Magazine is a useful resource loaded with relevant information covering database modeling and design, performance tuning, security, ADO.NET, ASP.NET, XML, and the latest topics that SQL Server developers, administrators, and business-intelligence architects need to know. Try two (no-risk) sample issues today, and discover the timesaving qualities the magazine has to offer. Order now:

http://secure.pentontech.com/nt/sql/index.cfm?promocode=fsep2145fs

Get Your Free Email Security Toolkit--Includes a Free Web Seminar, eBook, and White Paper!

You'll learn how to eliminate the top 5 email security threats including spam and viruses. Plus, get an inside look at how Enterprise Rent-A-Car reduced spam and viruses, improved its email security, and increased productivity. Don't miss your chance to get a free eBook, Web seminar, and white paper. Get your Email Security Toolkit now!

http://www.winnetmag.com/techxtraining/postini

==== 3. Security Toolkit ====

FAQ: Granting Necessary Permissions to AD for SMS 2003 Advanced Security Mode

by John Savill, http://www.winnetmag.com/windowsnt20002003faq

Q: How can I avoid errors when I create Active Directory (AD) containers on a server that runs Microsoft Systems Management Server (SMS) 2003 in Advanced Security Mode?

A. SMS 2003's Advanced Security Mode removes the requirement for multiple accounts and instead relies on the Local System and Computer accounts for all security-related actions (such as interacting with the file system and updating AD). The Computer account therefore needs permission to parts of AD when AD integration is enabled--specifically the System partition of the domain namespace. To grant this permission, perform the following steps:

1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (click Start, Programs, Administrative Tools, Active Directory Users and Computers).

2. Click View, Advanced Features.

3. Select the System branch from the treeview pane.

4. Right-click the system container and select Properties.

5. On the Security tab, click Advanced.

6. Click Add.

7. Click Object Types and ensure that only the Computers check box is selected. Click OK.

8. In the "Enter the object name to select" text box, enter the name of the SMS site server. (Alternatively, you can click Advanced, then click Find Now and select the computer.) Click OK.

9. The set of permissions is displayed. Ensure that in the "Apply onto:" list box, only "This object and all child objects" is selected.

10. Under Permissions, select the "Full Control" check box under the Allow column. Click OK.

11. Click OK to close the main System Properties dialog box.

You must also ensure that the computer account of the SMS site server that uses Advanced Security Mode is a member of the local Administrators group. To add the account, run the command:

net localgroup Administrators

\$ /add

Featured Thread: Exchange--Outbound SMTP Fails

(One message in this thread)

A reader writes that his company's Microsoft Exchange 2000 Server is directly connected to the firewall; however, the company wants to route all Internet traffic through the Microsoft ISA Server system, which is configured to allow outbound and inbound SMTP traffic. The Exchange server is a Network Address Translation (NAT) secure client. The company has no problems with DNS resolution or inbound SMTP, but outbound SMTP doesn't work at all. Email messages sit queued in the Exchange SMTP connector.

The reader looked at the ISA log files and saw that outbound SMTP sessions have a status of 13301, which means that the firewall policy denied the connection requests. He then installed the firewall client on his Exchange server and could send messages through the firewall. But as far as he knows, a firewall client can only function when a user is logged on to the system on which the client is installed and he wants to know if that's true or if there's a way around that. Lend a hand or read the responses:

http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=120712

==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

New--From Chaos to Control: Using Service Management to Reclaim Your Life

Take control of your workday! If you're supporting 24 x 7 operations by working around the clock instead of 9 to 5, learn how you can benefit from a sound service management strategy. In this free Web seminar, you'll learn practical steps for implementing service management for your key Windows systems and applications. Register now!

http://www.winnetmag.com/seminars/servicemanagement/index.cfm?code=emailannc051004

==== 4. New and Improved ====

by Jason Bovberg, [email protected]

Firewall Gets Faster and Easier

Agnitum announced Outpost Firewall Pro 2.1, a new version of the company's firewall software that boasts enhanced speed and ease of use. Users now have increased control over filtering rules and can more easily customize the product. Agnitum has also simplified the upgrade process and hidden advanced features to ease operation for novice users. Visual alerts inform you about events that need your immediate attention; automatic news and plug-in announcements keep you up-to-date about the latest security news and updates from Agnitum. Outpost Firewall Pro 2.1 costs $39.95. For more information, or to download an evaluation copy, contact Agnitum at [email protected] or on the Web.

http://www.agnitum.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

Microsoft(R) TechNet

Microsoft(R) TechNet Webcasts: essential guidance, industry experts

http://ad.doubleclick.net/clk;7759917;8214395;c?http://www.microsoft.com/technet/community/webcasts/default.mspx

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.winnetmag.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

==== Contact Our Sponsors ====

Primary Sponsor:

CipherTrust -- http://www.ciphertrust.com -- 1-877-448-8625