Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com
THIS ISSUE SPONSORED BY
CipherTrust IronMail
http://www.ciphertrust.com/article/windows_s01.htm
Real-World Strategies for Infrastructure Success
http://www.ibm.com/e-business/playtowin/n161
(below COMMENTARY)
SPONSOR: CIPHERTRUST IRONMAIL
Secure the Email Gateway **FREE Email Security White Paper
IronMail secures email traffic entering and leaving enterprise email systems.
- Stop SPAM from consuming resources and annoying end-users
- Prevent HACKERS and INTRUDERS from penetrating or taking down email systems
- Block VIRUSES, WORMS and TROJAN HORSES before they reach mail servers and users
- Protect WEB MAIL systems including OWA and iNotes
- Secure your email systems with APPLICATION-SPECIFIC gateway protection for Exchange, Notes, GroupWise, Sendmail and other mail.
IronMail integrates defenses against these threats in a secure, hardened gateway appliance.
FREE white paper on email security risks:
http://www.ciphertrust.com/article/windows_s01.htm
August 7, 2002—In this issue:
1. IN FOCUS
- Warchalking Wireless Networks
2. SECURITY RISKS
- Buffer-Overrun Vulnerability in MDAC 2.7, 2.6, and 2.5
3. ANNOUNCEMENTS
- The Backup and Recovery Solutions You've Been Searching For!
- Get a Free Digital or Print Sample Issue Today!
4. SECURITY ROUNDUP
- Feature: Protect Your IM Use
- Feature: Security Holes Pop Up in Unexpected Places
5. INSTANT POLL
- Results of Previous Poll: Security Budget
- New Instant Poll: Wireless Security
6. SECURITY TOOLKIT
- Virus Center
- FAQ: How Can I Configure Microsoft's Secure Desktop Restriction Setting in Win2K SP1 and Later?
7. NEW AND IMPROVED
- ITsecurity.com Launches Security Clinic Compendium
- IUpgrades to Existing Security Software
- ISubmit Top Product Ideas
8. HOT THREADS
- Windows & .NET Magazine Online Forums
- Featured Thread: Can You Audit Removable Media Drives for Access?
9. CONTACT US
- See this section for a list of ways to contact us.
1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])
About 20 years ago, attackers used "war dialers" to find computer systems to crack. War-dialer software calls phone numbers looking for answering modems. With the advent of wireless technology, the term "war dialers" morphed into "war drivers," which I discussed in last week's Security UPDATE in conjunction with Science Applications International Corporation's (SAIC's) new wireless honeypot network. The network is designed to trap war drivers—people who drive around with wireless connectivity devices looking for unprotected wireless networks. Intruders then use those unprotected networks to gain free Internet access for various online activities.
http://www.secadministrator.com/articles/index.cfm?articleid=26113
This week, I encountered the relatively new trend called "warchalking," which is related to war driving. War drivers use chalk to identify buildings that run wireless networks. According to what I've read, four men sitting at a pizza parlor in London developed warchalking, after at least one of them saw UK Architectural Association students design an office floor plan on the pavement. One of the men mentioned that hobos had once used symbols (see the URL below) to pass along useful information, such as identifying houses at which they could get meals. The four men then decided that they could use a similar technique to identify unprotected wireless networks.
http://www.worldpath.net/~minstrel/hobosign.htm
Soon thereafter, a Web site appeared where users can log ideas and share information (see the first URL below), and the idea has taken off like a Colorado wildfire. As far as I know, three basic symbols are in use, and you can download a PDF file of the symbols (see the second URL below). The first symbol, two halves of circle joined back to back at the curved edges, represents completely open wireless nodes. The second symbol, a circle, represents a closed node. The third symbol, a circle with the letter "W" in the center, represents a Wired Equivalent Privacy (WEP) node that probably won't allow easy public access. In addition, each symbol might have a Service Set Identifier (SSID) indicated above it, which tells people how to access that particular wireless node. To obtain SSIDs, intruders use sniffer software that can crack wireless LAN codes.
http://www.warchalking.us
http://www.blackbeltjones.com/warchalking/warchalking0_9.pdf
Using chalk to identify available wireless connectivity points might seem somewhat useless at first: Someone can rub off the chalk and it washes away in the rain. But chalk is less intrusive and less damaging than other media such as spray paint. In addition, any given wireless network might change its configuration over time—and warchalkers can easily adjust symbols accordingly.
Some wireless network operators have complained in online public forms about having warchalkers mark their networks. However, because the symbols are visible, network operators know that others have identified their premises as having wireless networks. Those operators can decide whether and how they want to react to the situation. If operators don't want unknown persons connecting to their network, they can apply various forms of security to prevent such access. Some operators think warchalking is a good idea and plan to print the relevant symbol on paper and put it in their building windows. Others propose adding symbols to identify networks that are voluntarily open to the public as a means to share unused bandwidth.
All in all, warchalking is a relative invasion of privacy that heightens the security risks and liabilities involved with maintaining a network. However, as wireless nodes become more commonplace, warchalking will probably disappear.
SPONSOR: REAL-WORLD STRATEGIES FOR INFRASTRUCTURE SUCCESS
Learn how your company can tackle the challenge of continually integrating to remain competitive as e-business technologies evolve. The IBM white paper, "Managing e-business integration challenges," can help you understand how to identify key integration components. So even as today's systems becomes tomorrow's legacy systems, you'll be able to support ever-changing business goals. Also included is a discussion of how to assess your integration requirements for whatever state of e-business adoption your infrastructure has reached. Visit us online to get your complimentary copy today at
http://www.ibm.com/e-business/playtowin/n161
2. SECURITY RISKS
(contributed by Ken Pfeil, [email protected])
David Litchfield of Next Generation Security Software discovered a buffer-overflow vulnerability in Microsoft Data Access Components (MDAC) that could result in the SQL service failing or executing arbitrary code from a potential attacker. This vulnerability results from an unchecked buffer in the MDAC functions that handle the OpenRowSet command. Microsoft has released Security Bulletin MS02-040 (Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the security bulletin.
http://www.secadministrator.com/articles/index.cfm?articleid=26126
3. ANNOUNCEMENTS
(brought to you by Windows & .NET Magazine and its partners)
Our popular Interactive Product Guides (IPGs) are online catalogs of the hottest vendor solutions around. Our latest IPG highlights the backup and recovery solutions and services that will help you recover your data and your network when disaster strikes. Download the IPG for free at:
http://www.itbuynet.com/pdf/0802-backup-ipg.pdf
SQL Server Magazine is the premiere independent resource for Microsoft SQL Server database solutions—packed with hands-on, how-to articles to keep your database running at peak performance. This technical handbook is now available in two convenient formats. Select your free digital or print sample issue at:
http://www.sqlmag.com/sub.cfm?code=sfei212hdu
4. SECURITY ROUNDUP
Unfortunately, Instant Messaging (IM) provides new avenues for electronic assault. Intruders constantly use IM to achieve their mischievous or malicious purposes. Some IM networks are so overrun by malicious users that no one else participates. No signs accurately warn users about the IM risks and how to reduce those risks. Roger A. Grimes introduces you to the different IM models, discusses how four popular IM networks operate, and describes how you can protect yourself from malicious attacks.
http://www.secadministrator.com/articles/index.cfm?articleid=25669
With so many obvious security holes that systems administrators have to watch out for, keeping up with all the potential problem areas that the Windows OSs present is tough. It's even worse when the security problems occur in a little-used but ubiquitous application such as the Windows Media Player (WMP).
http://www.secadministrator.com/articles/index.cfm?articleid=25840
5. INSTANT POLL
The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Is your current level of network security a function of budget constraints?" Here are the results (+/- 2 percent) from the 162 votes:
- 9% Yes—We need more security staff
- 26% Yes—We need additional security tools
- 49% Yes—We need additional staff and tools
- 10% No—We budget for adequate network security
- 6% No—We "spare no expense" for network security
The next Instant Poll question is, "Does your company use some form of security to prevent unauthorized access to its wireless network?" Go to the Security Administrator Channel home page and submit your vote for a) Yes, b) No, c) No—We leave the wireless network unprotected to offer open access.
http://www.secadministrator.com
6. SECURITY TOOLKIT
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.secadministrator.com/panda
A. Users who interactively log on to a computer running Windows 2000 or later can perform tasks that might be security risks, such as gaining access to display and input devices that a computer process with wider-reaching privileges owns. These users then can create a process to capture passwords or sensitive data. For more information about the problem, see Microsoft Security Bulletin MS00-200 (Patch Available for 'Desktop Separation' Vulnerability).
Win2K SP1 corrected this vulnerability by adding a Secure Desktop Restriction setting, but the new locked-down functionality might adversely affect certain applications. If your application vendor advises you to disable this security setting, perform the following steps:
- Start a registry editor (e.g., regedit.exe).
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.
- From the Edit menu, select New, DWORD Value.
- Enter a name of SecureDesktop.
- Double-click the new value, set it to 0 to disable the setting (you can set the value to 1 to reenable the default configuration), then click OK.
- Restart the machine for the change to take effect.
7. NEW AND IMPROVED
(contributed by Judy Drennen, [email protected])
ITsecurity.com has produced the first volume of Security Clinic Compendium, a compilation of real-life security problems and the experts' answers to them. The Security Clinic Compendium contains about 400 information security problems and solutions in one fully searchable application. The experts provide their help and advice completely free of charge. The Security Clinic Compendium costs $75 for a single workstation license. Send orders to [email protected]. Site and educational discounts are available.
http://www.itsecurity.com/asktecs/volumeone.htm
SecureWave released SecureEXE 2.5 and SecureNT 2.5, upgrades to SecureEXE and SecureNT, respectively. SecureEXE 2.5 is an Application Execution Control security solution that lets an organization define which applications users can execute. No other applications will execute, including viruses and Trojan horses. SecureNT 2.5 gives businesses the ability to control and manage end-user access to I/O devices such as the floppy disk drive, memory-sticks, PDAs, USB external storage, CD-ROMs, serial and parallel ports, and Plug and Play (PnP) devices. Version 2.5 introduces Device White List Driver (WLD), an optional component that filters out all devices that don't fall into one of the device classes that SecureNT manages. Both releases run on Windows XP, Windows 2000, and Windows NT. For pricing, contact SecureWave at the Web site or email [email protected].
http://www.securewave.com
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].
8. HOT THREADS
http://www.winnetmag.com/forums
(Two messages in this thread)
Rod wants to know if he can audit access to removable media drives, such as Zip drives, floppy disk drives, and CD-ROMs. Read the responses or lend a hand at:
http://www.secadministrator.com/forums/thread.cfm?thread_id=110095
9. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT IN FOCUS — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SECURITY UPDATE?
[email protected]
This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
http://www.secadministrator.com/sub.cfm?code=saei25xxup
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
Thank you for reading Security UPDATE.
