Security UPDATE--2005 SANS Top 20 List of Vulnerabilities--November 23, 2005

1. In Focus: 2005 SANS Top 20 List of Vulnerabilities

2. Security News and Features

- Recent Security Vulnerabilities

- Microsoft Bolsters Antiphishing Efforts with Third-Party Data

- Windows Genuine Advantage Now Supports Mozilla-based Browsers

- CMP Buys Black Hat

3. Instant Poll

4. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

5. New and Improved

- Web Filter Gets New Features

==== Sponsor: Diskeeper ====

Free Utility: Find Performance Bottlenecks

Disk Performance Analyzer for Networks is a free utility that remotely scans your systems looking for fragmentation-related disk performance bottlenecks. Disk fragmentation is a major source of slowdowns, freeze-ups and headaches; with Disk Performance Analyzer you can stamp out these little fires before they flare up into five-alarm blazes. Disk Performance Analyzer will save you time and reduce help desk traffic by enabling you to find and fix these problems before they find (and fix) your users and you. Get the free Disk Performance Analyzer for Networks now!

http://www.diskeeper.com/landing/landing.asp?RId=1072&APID=PPS0001252&ad=witpdpan15

==== 1. In Focus: 2005 SANS Top 20 List of Vulnerabilities

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Since 2000, The SANS (SysAdmin, Audit, Network, Security) Institute has maintained a list of what it considers to be the vulnerabilities that administrators should be most aware of. The list can be looked at as a summary of concerns to address if you don't have time to immediately address all known vulnerabilities in the universe. The reason you might use the Top 20 List as your short list is that typically the most critical vulnerabilities are the ones used by intruders to launch attacks--which often turn out to be widespread.

This week, SANS published the annual version of its SANS Top 20 Most Critical Internet Vulnerabilities list. The list is divided into sections that cover problems related to Windows platforms, Unix platforms, cross-platform products, and networking products. According to Rohit Dhamankar, project manager for the SANS Top 20 (and lead security architect at 3Com division TippingPoint), "Vulnerabilities on this list meet four requirements: (1) they affect a large number of users, (2) they have not been patched on a substantial number of systems, (3) they allow computers to \[be\] controlled by a remote, unauthorized user, (4) sufficient details about the vulnerabilities have been posted to the Internet to enable attackers to exploit them."

If you look at the report, you might think "Top 20" is a bit of a misnomer. The report has 20 categories of vulnerabilities, and in any given category, you might find 10 or more individual vulnerabilities. Thus, the Top 20 report includes dozens upon dozens of critical vulnerabilities. For example, vulnerabilities in the PHP scripting language might expand into countless application vulnerabilities. In another example, peer-to-peer (P2P) file-sharing software is cited as a vulnerability. How many different types of P2P software are there these days? I lost count some time ago.

You're probably getting the picture: The report isn't exactly a guide to quickly fixing the top 20 vulnerability problems. That said, it does reveal some of the major vulnerability trends of this year.

SANS says that in the past, the majority of attacks targeted Windows, UNIX (I assume they include Linux in the UNIX category), Web services, email services, and similar Internet services. However, this year, a different trend has emerged. According to SANS, more attacks this year have been aimed at critical core services, such as backup applications, antivirus software, and "other security tools." Another trend pointed out in the report "is public recognition of the critical vulnerabilities that are found in network devices such as routers and switches that form the backbone of the Internet."

As for Windows platforms, the report points out 11 critical vulnerabilities in system services, 10 in Microsoft Internet Explorer (IE), 11 in various system libraries, 3 in Microsoft Office and Outlook Express, as well as the risk of using weak password schemes in the OS and related services, such as SQL Server. That's at least 32 vulnerabilities plus an entire password infrastructure to address.

Hopefully, you've addressed all these problems as they've become known to the public over the past year. If not, the quickest way to find out if you're vulnerable to most of the items in the report is of course to use a decent vulnerability scanner. Be sure to check the report (first URL below) to determine whether it mentions vulnerabilities that you haven't addressed that might affect your network. You can also check out our news story on the SANS Top 20 list on our Web site (second URL below).

http://www.sans.org/top20/

http://www.windowsitpro.com/Article/ArticleID/48526/48526.html

==== Sponsor: Panda Software ====

Provide Secure Remote Access

It may be tempting to deploy a WiFi wireless access point or offer PDAs or laptops to your roaming employees so they can work from virtually anywhere. In this free white paper you'll get the important security implications you should consider before you do so.

http://www.windowsitpro.com/go/whitepapers/panda/mobileandwireless?code=secmid1123

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Bolsters Antiphishing Efforts with Third-Party Data

Microsoft announced that three companies will help bolster its Phishing Filter and SmartScreen technologies. Each of the three companies--Cyota, Internet Identity, and MarkMonitor--will regularly provide Microsoft with data that helps identify known phishing sites.

http://www.windowsitpro.com/Article/ArticleID/48492

Windows Genuine Advantage Now Supports Mozilla-based Browsers

Downloading certain types of software from Microsoft's Web site has typically been limited to those who use Microsoft Internet Explorer (IE). But not anymore. The Windows Genuine Advantage team created a new ActiveX control that works with browsers based on code developed by the Mozilla Foundation.

http://www.windowsitpro.com/Article/ArticleID/48479

CMP Buys Black Hat

Black Hat, operator of popular conferences related to information security, has been acquired by CMP Media. Jeff Moss, Black Hat founder, will continue as director of Black Hat for CMP.

http://www.windowsitpro.com/Article/ArticleID/48475

==== Resources and Events ====

Get the Most from Reporting Services

In this free Web seminar, you'll learn about innovative ways to extend your reports, reporting from XML-based data, delivering reports with the new Report Viewer, supercharging reports with SQL Server 2005 CLR stored procedures, and more! Register today:

http://www.windowsitpro.com/go/seminars/reportingservices/?parterref=1123emailannc

Free Tools to Stop Internet Attacks

Your network users' negligent or inappropriate activity is often the entry point for Internet criminals to access your systems. In this free Web seminar, you'll learn how to effectively implement policy, user training, and technology to mitigate Internet risks. You will take away free tools to help you analyze threats and create Acceptable-Use Policies (AUPs). Register now at

http://www.windowsitpro.com/seminars/internetsecurity/index.cfm?code=1123emailannc

Get the Most from Your Infrastructure by Consolidating Servers and Storage

Improved utilization of existing networking resources and server hardware lets you allocate money and time where they're needed most. In this free Web seminar, learn to optimize your existing infrastructure with the addition of server and storage consolidation software and techniques. You'll get the jumpstart you need to evaluate the suitability and potential of your computing environment for the added benefits that consolidation technology can provide.

http://www.windowsitpro.com/go/seminars/serverconsolidation?partnerref=1123emailannc

Do You Know What "High Availability" Really Means?

In this free guide learn what high availability really means and the different strategies that you can use to improve your email systems' availability and resiliency. Download this FREE guide now and get prepared to choose the appropriate solutions to protect your messaging data at the lowest cost; with the highest reliability.

http://www.windowsitpro.com/essential/index.cfm?code=1123emailannc

Win the NEW, full-color LCD Display iPod (for Mac or PC)

Download a Windows IT Pro podcast on Windows IT Pro Radio by your favorite author, editor or industry figure. You'll automatically be entered to win!

http://www.windowsitpro.com/podcast/

Win A $100 American Express Gift Certificate!

We invite you to take 3 minutes and tell us your opinion about the email security products and services you currently use--or wish you could use. Take the Email Security Products Survey today at

https://websurveyor.net/wsb.dll/12237/EmailSec.htm

==== 3. Instant Poll ====

Results of Previous Poll: Which of the following devices and/or software do you monitor?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 15 votes:

- 20% Windows

- 13% Network devices such as firewalls, gateways, VPN appliances, and wireless Access Points

- 0% Important applications such as Exchange Server and IIS

- 67% Two or more of the above

- 0% None of the above

New Instant Poll: What's the best defense against malware?

Go to the Security Hot Topic and submit your vote for

- Establish a Guest account for risky activities

- Connect user workstations only to trusted accounts

- Maintain and regularly use anti-malware software

- Educate all users about malware risks

- My pop-up blocker is sufficient

http://www.windowsitpro.com/windowssecurity#poll

==== Featured White Paper ====

Learn about the capabilities offered by the integration of Microsoft SMS 2003 and Afaria In this free white paper, you'll learn about new functionality and benefits of Microsoft SMS specifically targeted to improving management of remote and mobile devices, challenges of managing frontline systems, how the combined solution creates value around the successful use of technology at the front lines of business and more. http://www.windowsitpro.com/go/whitepapers/ianywhere/enterprisemgmt?code=1123emailannc

==== Hot Release ====

Meet the challenges of Microsoft Exchange

Discover a unified solution to get a handle on the growth of your email and unstructured data and address compliance and government mandates. In this free white paper you'll learn to overcome the management and storage challenges that Microsoft Exchange can bring.

http://www.windowsitpro.com/go/whitepapers/mimosa/exchange?code=sechot1123

==== 4. Security Toolkit ====

Security Matters Blog: Security Work to Go

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Laptops are great tools, particularly when it comes to security work, because they're portable. But what about an ultraportable computer? Check out this blog article to learn about an incredibly powerful full-function PC that you can literally put in your pocket.

http://www.windowsitpro.com/Article/ArticleID/48478

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I dump out the mailbox permissions on a Microsoft Exchange Server box or bulk change multiple users' attributes at once?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/48450

Security Forum Featured Thread: Errors in Generic Host Services and LSA Shell services

A forum participant's Windows Server 2003, Enterprise Edition system is rebooting at frequent intervals due to some sort of remote procedure call (RPC) error. Whenever it restarts, the system generates errors related to LSASS and Generic Host Services. After the system is back up and running for about 5 to 10 minutes, those services stop. Know what the problem might be? Join the discussion at:

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44561&STARTPAGE=1

==== Announcements ====

(from Windows IT Pro and its partners)

VIP Monthly Online Pass = Quick Answers

Sign up for a VIP Monthly Online Pass and get online access to ALL the articles, tools, and helpful resources published in SQL Server Magazine, Windows IT Pro, Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security. You'll have 24/7 access to a database of more than 25,000 articles that will give you all the answers you need, when you need them. BONUS--Includes the latest issue of Windows IT Pro each month. Sign up now for just US$29.95 per month:

https://store.pentontech.com/index.cfm?s=1&promocode=eu275buv

Need Answers to Your Tough Security Questions?

The Windows IT Security newsletter can help. Subscribe now and discover fundamentals on building and maintaining a secure enterprise. Each issue features in-depth product coverage of the best security tools available, expert advice on the best way to implement various security components, and much more. Paid subscribers also get searchable access to the full online security article database (more than 1900 articles). Subscribe today:

https://store.pentontech.com/index.cfm?s=1&promocode=eu255buy

==== 5. New and Improved ====

by Renee Munshi, [email protected]

Web Filter Gets New Features

8e6 Technologies announced new features for its R3000 Internet filtering appliance. The R3000 can now block the use of Google Web Accelerator (Accelerator can have the effect of circumventing Internet filtering) and enforce Yahoo! SafeSearch mode (even if end users deactivate SafeSearch from their browsers). R3000 users can now use wildcards in specifying sites to block; and the R3000's X-Strikes feature, which lets administrators set criteria for restricting a user's Internet access after repeated attempts to access "unacceptable" Internet sites, has been enhanced. For more information, go to

http://www.8e6.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]