Security UPDATE, May 28, 2003

==== This Issue Sponsored By ====

Research in Motion http://list.winnetmag.com/cgi-bin3/DM/y/eA0D8O6p0CCB0BAOr0AP

Windows & .NET Magazine http://list.winnetmag.com/cgi-bin3/DM/y/eA0D8O6p0CCB06Kw0A8

1. In Focus: Security Tools: Everybody Has Favorites

2. Security Risks - DoS in Cisco IOS

3. Announcements - Get Windows 2003 Active Directory Answers in a New eBook! - Back by Popular Demand--Windows & .NET Magazine's Security Road Show!

4. Security Roundup - News: Microsoft Launches Virus Information Center as Deceptive Worm Floods Inboxes - Feature: Improve Security with XP's Command-Line Tools - Feature: The Security of EFS

5. Instant Poll - Results of Previous Poll: Managing Junk Mail - New Instant Poll: Windows Update and SUS

6. Security Toolkit - Virus Center - FAQ: What Are the Differences Between Usrmgr.exe and Musrmgr.exe?

7. Event - Windows & .NET Magazine Web Seminar 8. New and Improved - Remove Risks in P2P File Sharing and IM Applications - Inoculate Windows 2003 - Submit Top Product Ideas

9. Hot Thread - Windows & .NET Magazine Online Forums - Featured Thread: Continuous Password Attacks

10. Contact Us See this section for a list of ways to contact us.

==== Sponsor: Research in Motion ==== NEW BLACKBERRY SECURITY WHITE PAPER Prevent wireless handhelds from compromising your enterprise security! Download the BlackBerry Security White Paper for Microsoft Exchange and learn how the BlackBerry security architecture addresses data encryption, corporate firewalls, lost devices, and other critical security concerns. http://list.winnetmag.com/cgi-bin3/DM/y/eA0D8O6p0CCB0BAOr0AP

==== 1. In Focus: Security Tools: Everybody Has Favorites ==== by Mark Joseph Edwards, News Editor, [email protected]

Handling information security is a tedious task. Having decent tools at your disposal makes the job easier to accomplish. Of course, some tools are more valuable than others, depending on the tasks at hand.

You probably use some of the many security tools available today--to secure cross-network communication links, network borders and segments, servers, workstations, mobile devices, data storage systems, forensics, and more. Tool developers and vendors tout their wares, but what they say about their tools doesn't always provide enough insight into what a hands-on experience with a given tool might be like.

You've probably found choosing which tools to use in a given scenario a challenge. One must review the possibilities, ask for recommendations, then investigate the most suitable tools to see which might meet a given set of needs. Nevertheless, you probably have a few favorites--depending on which tasks you need to perform.

As a publisher of computing-related information, our publications review tools and present information about those tools in as unbiased a fashion as possible. But we can review only a fraction of the many tools available. At the same time, hundreds of thousands of people read our publications, and vast numbers of you have accumulated great hands-on experience with various security-related tools. Because many of you who read this newsletter are probably administrators who deal at some level with information security, I'm asking you what your favorite security tools are.

Given the broad range of security tools available, I plan to leave the question wide open. I've no way of knowing which variables affect your network environment and your work--and thus your choice of tools. Perhaps you depend upon a particularly useful authentication tool, Wi-Fi (the 802.11b wireless standard) tool, encryption tool, Intrusion Detection System (IDS), firewall, packet analyzer, file system analyzer, scanner, Web protection, database protection, log analyzer, or spam prevention technology. Rather than developing a list of possible categories, I'm asking you to nominate the tools that serve you best.

Whether you have one favorite tool or many, you probably like them because they're useful. Your experience can help others who might need such tools.

If you're a security administrator (no developers or vendors, please), I hope you'll take time to send me an email message listing your favorite one or two tools (respond anonymously if you prefer). Prefix the subject of your response with "\[Tools\]" so that I can more easily gather the email messages and tally the results. In the body of the message, please list each of your favorite tools, and for each tool include the tool name; URL for each tool if possible; the platforms it runs on; whether the tool is commercial, shareware, or freeware; and a paragraph about the tasks it handles successfully. After June 12, I'll compile your responses and let you know the results when they're available.

==== Sponsor: Windows & .NET Magazine ==== Microsoft Mobility Tour If you were too busy to catch our Microsoft Mobility Tour event in person, now you can view the Webcast archives for free! You'll learn more about the available solutions for PC and mobile devices and discover where the mobility marketplace is headed. http://list.winnetmag.com/cgi-bin3/DM/y/eA0D8O6p0CCB06Kw0A8

==== 2. Security Risks ==== contributed by Ken Pfeil, [email protected]

DoS in Cisco IOS Cisco Systems' IOS software contains a vulnerability that might result in a Denial of Service (DoS) attack. This vulnerability stems from a flaw in the Service Assurance Agent, also known as the Response Time Reporter (RTR). By sending a malformed RTR packet to the router, a potential attacker can crash the router. Cisco has released an advisory and free upgrades for affected customers, which can be obtained through the usual support channels. http://www.secadministrator.com/articles/index.cfm?articleid=39055

==== 3. Announcements ==== (from Windows & .NET Magazine and its partners)

Get Windows 2003 Active Directory Answers in a New eBook! The first chapter of Windows & .NET Magazine's latest eBook, "Windows 2003: Active Directory Administration Essentials," is now available at no charge! Chapter 1 delves into Windows Server 2003 and focuses on what's new and improved with Active Directory. Expert Jeremy Moskowitz discusses which AD features might be important to you (and why). Download it now! http://www.windowsitlibrary.com/ebooks/administeringad/index.cfm?pc=adupd

Back by Popular Demand--Windows & .NET Magazine's Security Road Show! Join the Windows & .NET Magazine 2003 Security Road Show (a free in-person event), and hear Mark Minasi and Paul Thurrott detailing how to attack your security problems head on. You'll learn 12 tips for securing a Windows 2000 network, discover the future of Microsoft's security strategy from Windows Server 2003 and beyond, and more! Register today! http://www.winnetmag.com/roadshows/security2003

==== 4. Security Roundup ====

News: Microsoft Launches Virus Information Center as Deceptive Worm Floods Inboxes Microsoft, Network Associates (McAfee's parent company), and Trend Micro announced that they've formed an initiative called the Virus Information Alliance (VIA), a new way for customers to get information about virus threats that affect Microsoft technology. The VIA announcement is well timed; a new network worm called Palyh is spreading quickly through email and LANs. http://www.secadministrator.com/articles/index.cfm?articleid=39060

Feature: Improve Security with XP's Command-Line Tools If you've rolled out Windows XP in your organization or plan to do so, certain tools will help you monitor, manage, and secure your XP installations. Microsoft has beefed up several familiar GUI and command-line tools and added some new ones. Microsoft has chosen not to ship utilities with the "Microsoft Windows XP Resource Kit." Instead, the company has moved the more useful utilities from the "Microsoft Windows 2000 Resource Kit" and the "Microsoft Windows NT 4.0 Resource Kit" into the base XP OS and into the Support Tools folder on the installation CD-ROM. http://www.secadministrator.com/articles/index.cfm?articleid=25014

Feature: The Security of EFS Encrypting File System (EFS), which Microsoft introduced in Windows 2000, is a surprisingly powerful and robust technology that lets users protect their sensitive data from unauthorized eyes by encrypting it. In "Securing Win2K with Certificate Services," September 2001, http://www.secadministrator.com , InstantDoc ID 22113, John Howie described how Microsoft's public key infrastructure (PKI) product, Certificate Services, worked and showed you how you can improve your network's security by leveraging the service as an Enterprise Certification Authority (CA). In this follow-up article, Howie shows you how to leverage the features that (EFS) offers by tying it into your PKI. http://www.secadministrator.com/articles/index.cfm?articleid=24051

==== Hot Release ====

Hewlett-Packard HP OpenView for Windows Test Drive Monitor the availability and performance of your corporate website -- FREE for 30 days, using powerful HP OpenView management software for Windows. Simulate activity. Monitor complex transactions. Meet business demands. Manage web services. Click here. http://list.winnetmag.com/cgi-bin3/DM/y/eA0D8O6p0CCB08fJ0Ar

==== 5. Instant Poll ====

Results of Previous Poll: Managing Junk Mail The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Does your company use junk-mail filtering technologies?" Here are the results from the 155 votes. - 1% Yes--Whitelists - 8% Yes--Blacklists - 21% Yes--Mail filters - 40% Yes--Two or more of the above - 30% No

New Instant Poll: Windows Update and SUS The next Instant Poll question is, "Do you use either Windows Update or Software Update Services (SUS)?" Go to the Security Administrator Channel home page and submit your vote for a) Yes, b) Yes--We also use a third-party update tool, c) No, or d) No--We use only a third-party update tool. http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda

FAQ: What Are the Differences Between Usrmgr.exe and Musrmgr.exe? contributed by Jan De Clercq, [email protected]

User Manager (musrmgr.exe) is a Windows NT Workstation 4.0 tool for managing a workstation's accounts (also known as local accounts). User Manager for Domains (usrmgr.exe) is an NT Server 4.0 tool for administering an NT domain's accounts (also known as domain accounts).

Musrmgr is a reduced functionality version of Usrmgr. When you work with a workstation, many of the options for NT domains don't apply, so you don't need the extra features that Usrmgr provides. Unlike Musrmgr, Usrmgr can be used to administer domain accounts, global groups, and trust relationships.

Usrmgr is the only tool a domain administrator really needs. You can use Usrmgr to manage not only domain accounts but also local accounts stored in the SAM of workstations and member servers. To connect to another SAM, simply choose Select Domain from the User menu. In the resulting dialog box, you can select a domain or type the name of a workstation or member server to whose SAM you want to connect. If you type the machine name, make sure that you precede it with two backslashes.

If your primary computer is an NT workstation and you'll regularly administer domain accounts from this machine, you can install Usrmgr on it. To do so, go to the \Clients\Srvtools\Winnt directory on the NT Server 4.0 CD-ROM on your workstation and execute the Setup.bat file. http://www.secadministrator.com/articles/index.cfm?articleid=25021

==== 7. Event ====

Windows & .NET Magazine Web Seminar How can you reclaim 30% to 50% of Windows server space? Attend the newest Web seminar from Windows & .NET Magazine and discover the secrets from the experts. http://www.winnetmag.com/seminars/precise

==== 8. New and Improved ==== by Sue Cooper, [email protected]

Remove Risks in P2P File Sharing and IM Applications Akonix Systems announced Akonix Enforcer, software that helps eliminate the security and corporate liability risks associated with unsanctioned peer-to-peer (P2P) file-sharing and public Instant Messaging (IM) applications. Using a protocol signature matching technology, the software blocks unsanctioned file transfers from entering or leaving your network through P2P and IM, protecting your company from potential liability for copyright infringements, for excessive bandwidth consumption, and for the transmission of viruses, Trojan horses, or installed spyware. Akonix Enforcer will be available in early June. Contact Akonix Systems at 619-814-2330 or [email protected]. http://www.akonix.com

Inoculate Windows 2003 Panda Software announced Panda Antivirus for Windows Server 2003. The software operates in both 32-bit and 64-bit environments and adapts to the Active Directory Service (ADS) in Windows 2003. You can detect and disinfect viruses even in Encrypting File System (EFS) files. Features include automatic daily updates and centralized and remote management. The real-time scanner's core engine is multithreaded and uses multiple channel scanning technology optimized for parallel scanning on multiprocessor servers. Contact Panda Software at 800-603-4922, 818-543-6901, or [email protected]. http://www.pandasecurity.com

Submit Top Product Ideas Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].

==== 9. Hot Thread ====

Windows & .NET Magazine Online Forums http://www.winnetmag.com/forums

Featured Thread: Continuous Password Attacks (Two messages in this thread)

A user writes that he's administering a Microsoft Exchange 2000 Server with Microsoft Outlook Web Access (OWA) enabled. Continuous failed attempts from various IP addresses to log on as Administrator and with other usernames (about five attempts per hour, about 10 usernames being rotated) seem to indicate a concerted effort to break in by guessing passwords. Apart from blocking the offending IP addresses in his router, does anyone have a good strategy to deal with this type of attack? His company doesn't want him to disable OWA. Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=58348

==== 10. Contact Us ====

About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]