Skip navigation

Security UPDATE--Auditing Your Systems Can Improve Security--October 19, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Control access, change and availability of IT

Software Packaging Workflow Best Practices


1. In Focus: Auditing Your Systems Can Improve Security

2. Security News and Features

- Recent Security Vulnerabilities

- Overlooked Security Patches Bring Down Spread Firefox Site

- Check Point Snaps Up Sourcefire

- Curious Stirrings in the World of Open Source

3. Instant Poll

4. Security Toolkit

- Security Matters Blog


- Security Forum Featured Thread

5. New and Improved

- VPN Firewalls Add Malware Protection


==== Sponsor: Quest Software ====

Control access, change and availability of IT

This paper provides an overview of the techniques for implementing internal controls and how these techniques are utilized to mitigate an organization's IT applications and infrastructure risk. This paper also discusses the importance of IT control standards and frameworks, such as COSO and CobiT, and examines specific examples of IT controls. Get your paper today.


==== 1. In Focus: Auditing Your Systems Can Improve Security

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

As you hopefully know by now, Microsoft released nine security bulletins this month as part of its regular patch release schedule. One of the bulletins includes a vulnerability in Microsoft Distributed Transaction Coordinator (MSDTC). The vulnerability is serious, and an exploit has already been created. Although the exploit was created by Immunity Security strictly for release to its business customers, by the time you read this newsletter, someone else will likely have already released another exploit onto the Internet--possibly in the form of a worm or Trojan horse, either of which could lead to a complete compromise of your entire network.

Protecting your systems in advance is of paramount concern. The obvious approach is to load the patch as soon as you can, and if you can't, for whatever reason, then take other defensive measures. MSDTC listens on TCP port 3372. Minimally, scan your network to determine which systems listen on TCP port 3372. You can disable MSDTC on individual systems or by using Group Policy. But doing so might break various types of functionality. Review Microsoft Security Bulletin MS05-051--Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400) for details.

The fact that someone created an exploit for the MSDTC vulnerability in fewer than 24 hours points out the need to stay on top of vulnerability reports and patching. It also points out the need to know precisely what software runs on your systems. A fantastic case in point is Mozilla Foundation, which I wrote about in a news story on our Web site that's also included in this newsletter.

In summary, the Spread Firefox Web site was compromised back in July. After that intrusion, Mozilla Foundation rebuilt the entire server. But, when doing so, the company failed to properly record what software runs on that server. Apparently between July and October, no significant audit was performed on the server either. As a result, Mozilla Foundation overlooked the fact that TWiki runs on the server, although not as a prominent service. (For more information about TWiki, go to )

You can probably guess what happened next: A vulnerability was discovered in TWiki, and soon an intruder began attempts to break into the Spread Firefox Web site. So Mozilla Foundation once again spent considerable time rebuilding a server that was rebuilt only a few months prior. The Spread Firefox site was taken offline by October 4, and didn't come back online until yesterday. I have no idea what the combined incidents cost the company in terms of time and money, but in addition to those costs, the incidents cost the organization in terms of reputation.

These sorts of incidents can happen to anybody who doesn't know exactly what software runs on their systems and doesn't stay up to date on new vulnerabilities. The bottom line is that you're responsible to determine what software runs on your systems, and you can't rely on your software vendors to consistently provide you the latest vulnerability information. The reason for the latter is simple: When vulnerabilities are announced to the public (sometimes with only scant details), potential intruders can use that information to begin looking for a way to breach security. In some cases, all a discoverer needs to say is, "I found a problem in XYZ application," and someone else can use logic to figure out where the vulnerability might be, find it, and develop a way to exploit it.

The lessons here are clear. In order to maintain optimum network security, you must audit your system regularly, keep precise and up-to-date records, and monitor the Internet for new vulnerability developments. Doing so can make even the biggest networks a much smaller target.


==== Sponsor: Macrovision ====

Software Packaging Workflow Best Practices

Managing desktop software configurations doesn't have to be a manual process, resulting in unplanned costs, deployment delays, and client confusion. In this free whitepaper you'll learn how to manage the software package preparation process and increase your desktop reliability, user satisfaction, and IT cost effectiveness. Download your copy now and discover the value of standardizing the software packaging process.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Overlooked Security Patches Bring Down Spread Firefox Site

Mozilla Foundation overlooked critical patches on its Spread Firefox site. As a result, the site was temporarily taken offline and site visitors were redirected to the Firefox area of the main Mozilla Web site.

Check Point Snaps Up Sourcefire

Check Point Technologies announced a deal to acquire Sourcefire, makers of the ever-popular open-source Snort Intrusion Detection System (IDS). Check Point will add the Sourcefire line of commercial security products to its suite of offerings.

Curious Stirrings in the World of Open Source

Several events in the open-source world have piqued my curiousity. What's going on? To see what I mean, read this news item on our Web site.


==== Resources and Events ====

Recovery vs. Continuity--Do You Know the Difference?

Attend this free Web seminar and learn the difference between the ability to quickly recover lost or damaged data and the ability to keep your messaging operations running normally before, during, and after an outage. You'll discover what the real technical differences between recovery and continuity are, when each is important, and what you can do to make sure that you're hitting the right balance between them.

Discover SQL Server 2005 for the enterprise. Are you prepared--In New York!

In this free half-day event, you'll learn how the top new features of SQL Server 2005 will help you create and manage large-scale, mission-critical enterprise database applications, making your job easier. Find out how to leverage SQL Server 2005's new capabilities to best support your business initiatives. Register today for the new show added in New York!

Do You Know What "High Availability" Really Means?

In this free Essential Guide learn what high availability really means and the different strategies that you can use to improve your email systems' availability and resiliency.

Get the Maximum Return on Software Investments by Optimizing Every Dollar Spent on Software

Often software applications are over-licensed by one department and under-licensed by another, resulting in denial of some end users the access to software they need or overspending on additional licenses that go unused. In this free Web seminar get the 5-step plan for quickly implementing a license management program today!

Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?

In this free, on-demand Web seminar, discover the issues involved with integrating your compliance system with backup and recovery, including backup schedules, the pros and cons of outsourcing your backup media storage and management, the DR implications of having to back up all that compliance data, and the possibility of using alternative backup methods to provide backup and compliance in a single system. You'll learn what to watch out for when combining the two functions and how to assess whether your backup/restore mechanisms are equal to the challenge.


==== 3. Instant Poll ====

Results of Previous Poll: Have you, your company, or someone you know been a victim of online fraud?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 30 votes:

- 57% Yes

- 37% No

- 7% Not sure

(Deviations from 100% are due to rounding.)

New Instant Poll: Which of the following devices and/or software do you monitor?

Go to the Security Hot Topic and submit your vote for

- Windows

- Network devices such as firewalls, gateways, VPN appliances, and wireless Access Points

- Important applications such as Exchange Server and IIS

- Two or more of the above

- None of the above


==== Featured White Paper ====

Can you afford to have anything less than 100% uptime for your mission critical email?

Email has become mission critical to the functioning of business, and every hour of downtime can cost thousands of dollars in lost productivity and revenue. In this free white paper, learn how to address challenges such as: making email truly available 24x7x365, securing against viruses, comprehensively backing up email data and more. Download your copy now!


==== Hot Release ====

Free Network Security Test from Qualys

Testing and improving your network security has never been easier. Requiring NO software, QualysGuard will safely and accurately test your network for security threats and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free.


==== 4. Security Toolkit ====

Security Matters Blog: Network Security Toolkit 1.2.3

by Mark Joseph Edwards,

Version 1.2.3 of the Network Security Toolkit was recently released. This is an excellent toolkit, and if you haven't looked at it, consider doing so. This blog entry links to my review of version 1.0.6.


by John Savill,

Q: How can I enable access-based share enumeration so that users see only files and folders to which they have access?

Find the answer at

Security Forum Featured Thread: Stop IE from Downloading .exe Files

A forum participant asks whether there's any way to prevent Microsoft Internet Explorer (IE) users from downloading and saving .exe, .mp3, and other files to their network drives in a Windows 2000 environment. Join the discussion at:


==== Announcements ====

(from Windows IT Pro and its partners)

Get Access to Every Windows IT Pro Article on CD

Get the Windows IT Pro Master CD and get portable, high-speed access to the entire Windows IT Pro article database--more than 9,000 articles on CD! The newest issue includes BONUS Windows Tips, and if you sign up now, you'll SAVE 25%. Offer ends 10/31/05, so subscribe now:

The Windows Scripting Solutions Newsletter

The Windows Scripting Solutions Newsletter is a "must have." Subscribe today and get a 12-issue resource loaded with expert-reviewed downloadable code and scripting techniques, as well as hundreds of tips on automating repetitive tasks. You will also get online access to the entire newsletter archive (over 500 scripting articles), including access to our popular "Shell Scripting 101" series. This resource will help to save you time and money. Order now:


==== 5. New and Improved ====

by Renee Munshi, [email protected]

VPN Firewalls Add Malware Protection NETGEAR announced the incorporation of Trend Micro's Client/Server (CS) and Client/Server/Messaging (CSM) Suite for Small and Medium Business (SMB) into the NETGEAR ProSafe VPN Firewall 200 (FVX538) and ProSafe VPN Firewall 50 (FVS338). Both firewalls now enforce security policies established by the network administrator by allowing Internet access for only those computers that have the latest antivirus and antispam signatures. Computers that aren't compliant will be redirected to a server to obtain updates. The ProSafe VPN firewalls with Trend Micro software are designed to be all-in-one security appliances for SMBs. They're list priced at $557 for the ProSafe 200 (200 simultaneous IPsec tunnels) and $278 for the ProSafe 50 (50 tunnels). For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Admins rush to install BLOG servers

How to run your own blog server. Free 5 user license.


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.