[ISN] Security UPDATE -- Auditing Your Systems Can Improve Security
-- October 19, 2005
InfoSec News
isn at c4i.org
Thu Oct 20 02:07:15 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Control access, change and availability of IT
http://list.windowsitpro.com/t?ctl=16E6F:4FB69
Software Packaging Workflow Best Practices
http://list.windowsitpro.com/t?ctl=16E5B:4FB69
====================
1. In Focus: Auditing Your Systems Can Improve Security
2. Security News and Features
- Recent Security Vulnerabilities
- Overlooked Security Patches Bring Down Spread Firefox Site
- Check Point Snaps Up Sourcefire
- Curious Stirrings in the World of Open Source
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- VPN Firewalls Add Malware Protection
====================
==== Sponsor: Quest Software ====
Control access, change and availability of IT
This paper provides an overview of the techniques for implementing
internal controls and how these techniques are utilized to mitigate an
organization's IT applications and infrastructure risk. This paper also
discusses the importance of IT control standards and frameworks, such
as COSO and CobiT, and examines specific examples of IT controls. Get
your paper today.
http://list.windowsitpro.com/t?ctl=16E6F:4FB69
====================
==== 1. In Focus: Auditing Your Systems Can Improve Security
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
As you hopefully know by now, Microsoft released nine security
bulletins this month as part of its regular patch release schedule. One
of the bulletins includes a vulnerability in Microsoft Distributed
Transaction Coordinator (MSDTC). The vulnerability is serious, and an
exploit has already been created. Although the exploit was created by
Immunity Security strictly for release to its business customers, by
the time you read this newsletter, someone else will likely have
already released another exploit onto the Internet--possibly in the
form of a worm or Trojan horse, either of which could lead to a
complete compromise of your entire network.
Protecting your systems in advance is of paramount concern. The obvious
approach is to load the patch as soon as you can, and if you can't, for
whatever reason, then take other defensive measures. MSDTC listens on
TCP port 3372. Minimally, scan your network to determine which systems
listen on TCP port 3372. You can disable MSDTC on individual systems or
by using Group Policy. But doing so might break various types of
functionality. Review Microsoft Security Bulletin MS05-051--
Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
(902400) for details.
http://list.windowsitpro.com/t?ctl=16E62:4FB69
The fact that someone created an exploit for the MSDTC vulnerability in
fewer than 24 hours points out the need to stay on top of vulnerability
reports and patching. It also points out the need to know precisely
what software runs on your systems. A fantastic case in point is
Mozilla Foundation, which I wrote about in a news story on our Web site
that's also included in this newsletter.
http://list.windowsitpro.com/t?ctl=16E67:4FB69
In summary, the Spread Firefox Web site was compromised back in July.
After that intrusion, Mozilla Foundation rebuilt the entire server.
But, when doing so, the company failed to properly record what software
runs on that server. Apparently between July and October, no
significant audit was performed on the server either. As a result,
Mozilla Foundation overlooked the fact that TWiki runs on the server,
although not as a prominent service. (For more information about TWiki,
go to http://list.windowsitpro.com/t?ctl=16E74:4FB69 )
You can probably guess what happened next: A vulnerability was
discovered in TWiki, and soon an intruder began attempts to break into
the Spread Firefox Web site. So Mozilla Foundation once again spent
considerable time rebuilding a server that was rebuilt only a few
months prior. The Spread Firefox site was taken offline by October 4,
and didn't come back online until yesterday. I have no idea what the
combined incidents cost the company in terms of time and money, but in
addition to those costs, the incidents cost the organization in terms
of reputation.
These sorts of incidents can happen to anybody who doesn't know exactly
what software runs on their systems and doesn't stay up to date on new
vulnerabilities. The bottom line is that you're responsible to
determine what software runs on your systems, and you can't rely on
your software vendors to consistently provide you the latest
vulnerability information. The reason for the latter is simple: When
vulnerabilities are announced to the public (sometimes with only scant
details), potential intruders can use that information to begin looking
for a way to breach security. In some cases, all a discoverer needs to
say is, "I found a problem in XYZ application," and someone else can
use logic to figure out where the vulnerability might be, find it, and
develop a way to exploit it.
The lessons here are clear. In order to maintain optimum network
security, you must audit your system regularly, keep precise and up-to-
date records, and monitor the Internet for new vulnerability
developments. Doing so can make even the biggest networks a much
smaller target.
====================
==== Sponsor: Macrovision ====
Software Packaging Workflow Best Practices
Managing desktop software configurations doesn't have to be a manual
process, resulting in unplanned costs, deployment delays, and client
confusion. In this free whitepaper you'll learn how to manage the
software package preparation process and increase your desktop
reliability, user satisfaction, and IT cost effectiveness. Download
your copy now and discover the value of standardizing the software
packaging process.
http://list.windowsitpro.com/t?ctl=16E5B:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=16E61:4FB69
Overlooked Security Patches Bring Down Spread Firefox Site
Mozilla Foundation overlooked critical patches on its Spread Firefox
site. As a result, the site was temporarily taken offline and site
visitors were redirected to the Firefox area of the main Mozilla Web
site.
http://list.windowsitpro.com/t?ctl=16E67:4FB69
Check Point Snaps Up Sourcefire
Check Point Technologies announced a deal to acquire Sourcefire,
makers of the ever-popular open-source Snort Intrusion Detection System
(IDS). Check Point will add the Sourcefire line of commercial security
products to its suite of offerings.
http://list.windowsitpro.com/t?ctl=16E6A:4FB69
Curious Stirrings in the World of Open Source
Several events in the open-source world have piqued my curiousity.
What's going on? To see what I mean, read this news item on our Web
site.
http://list.windowsitpro.com/t?ctl=16E69:4FB69
====================
==== Resources and Events ====
Recovery vs. Continuity--Do You Know the Difference?
Attend this free Web seminar and learn the difference between the
ability to quickly recover lost or damaged data and the ability to keep
your messaging operations running normally before, during, and after an
outage. You'll discover what the real technical differences between
recovery and continuity are, when each is important, and what you can
do to make sure that you're hitting the right balance between them.
http://list.windowsitpro.com/t?ctl=16E5D:4FB69
Discover SQL Server 2005 for the enterprise. Are you prepared--In New
York!
In this free half-day event, you'll learn how the top new features
of SQL Server 2005 will help you create and manage large-scale,
mission-critical enterprise database applications, making your job
easier. Find out how to leverage SQL Server 2005's new capabilities to
best support your business initiatives. Register today for the new show
added in New York!
http://list.windowsitpro.com/t?ctl=16E5F:4FB69
Do You Know What "High Availability" Really Means?
In this free Essential Guide learn what high availability really
means and the different strategies that you can use to improve your
email systems' availability and resiliency.
http://list.windowsitpro.com/t?ctl=16E60:4FB69
Get the Maximum Return on Software Investments by Optimizing Every
Dollar Spent on Software
Often software applications are over-licensed by one department and
under-licensed by another, resulting in denial of some end users the
access to software they need or overspending on additional licenses
that go unused. In this free Web seminar get the 5-step plan for
quickly implementing a license management program today!
http://list.windowsitpro.com/t?ctl=16E5E:4FB69
Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?
In this free, on-demand Web seminar, discover the issues involved
with integrating your compliance system with backup and recovery,
including backup schedules, the pros and cons of outsourcing your
backup media storage and management, the DR implications of having to
back up all that compliance data, and the possibility of using
alternative backup methods to provide backup and compliance in a single
system. You'll learn what to watch out for when combining the two
functions and how to assess whether your backup/restore mechanisms are
equal to the challenge.
http://list.windowsitpro.com/t?ctl=16E5C:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Have you, your company, or someone you know
been a victim of online fraud?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 30 votes:
- 57% Yes
- 37% No
- 7% Not sure
(Deviations from 100% are due to rounding.)
New Instant Poll: Which of the following devices and/or software do you
monitor?
Go to the Security Hot Topic and submit your vote for
- Windows
- Network devices such as firewalls, gateways, VPN appliances, and
wireless Access Points
- Important applications such as Exchange Server and IIS
- Two or more of the above
- None of the above
http://list.windowsitpro.com/t?ctl=16E6C:4FB69
====================
==== Featured White Paper ====
Can you afford to have anything less than 100% uptime for your mission
critical email?
Email has become mission critical to the functioning of business,
and every hour of downtime can cost thousands of dollars in lost
productivity and revenue. In this free white paper, learn how to
address challenges such as: making email truly available 24x7x365,
securing against viruses, comprehensively backing up email data and
more. Download your copy now!
http://list.windowsitpro.com/t?ctl=16E59:4FB69
====================
==== Hot Release ====
Free Network Security Test from Qualys
Testing and improving your network security has never been easier.
Requiring NO software, QualysGuard will safely and accurately test
your network for security threats and provide you with the necessary
fixes to proactively guard your network. Try QualysGuard Risk Free.
http://list.windowsitpro.com/t?ctl=16E70:4FB69
====================
==== 4. Security Toolkit ====
Security Matters Blog: Network Security Toolkit 1.2.3
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=16E6E:4FB69
Version 1.2.3 of the Network Security Toolkit was recently released.
This is an excellent toolkit, and if you haven't looked at it, consider
doing so. This blog entry links to my review of version 1.0.6.
http://list.windowsitpro.com/t?ctl=16E68:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=16E6D:4FB69
Q: How can I enable access-based share enumeration so that users see
only files and folders to which they have access?
Find the answer at
http://list.windowsitpro.com/t?ctl=16E6B:4FB69
Security Forum Featured Thread: Stop IE from Downloading .exe Files
A forum participant asks whether there's any way to prevent
Microsoft Internet Explorer (IE) users from downloading and saving
.exe, .mp3, and other files to their network drives in a Windows 2000
environment. Join the discussion at:
http://list.windowsitpro.com/t?ctl=16E5A:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Get Access to Every Windows IT Pro Article on CD
Get the Windows IT Pro Master CD and get portable, high-speed access
to the entire Windows IT Pro article database--more than 9,000 articles
on CD! The newest issue includes BONUS Windows Tips, and if you sign up
now, you'll SAVE 25%. Offer ends 10/31/05, so subscribe now:
http://list.windowsitpro.com/t?ctl=16E63:4FB69
The Windows Scripting Solutions Newsletter
The Windows Scripting Solutions Newsletter is a "must have."
Subscribe today and get a 12-issue resource loaded with expert-reviewed
downloadable code and scripting techniques, as well as hundreds of tips
on automating repetitive tasks. You will also get online access to the
entire newsletter archive (over 500 scripting articles), including
access to our popular "Shell Scripting 101" series. This resource will
help to save you time and money. Order now:
http://list.windowsitpro.com/t?ctl=16E64:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
VPN Firewalls Add Malware Protection
NETGEAR announced the incorporation of Trend Micro's Client/Server
(CS) and Client/Server/Messaging (CSM) Suite for Small and Medium
Business (SMB) into the NETGEAR ProSafe VPN Firewall 200 (FVX538) and
ProSafe VPN Firewall 50 (FVS338). Both firewalls now enforce security
policies established by the network administrator by allowing Internet
access for only those computers that have the latest antivirus and
antispam signatures. Computers that aren't compliant will be redirected
to a server to obtain updates. The ProSafe VPN firewalls with Trend
Micro software are designed to be all-in-one security appliances for
SMBs. They're list priced at $557 for the ProSafe 200 (200 simultaneous
IPsec tunnels) and $278 for the ProSafe 50 (50 tunnels). For more
information, go to
http://list.windowsitpro.com/t?ctl=16E73:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Admins rush to install BLOG servers
How to run your own blog server. Free 5 user license.
http://list.windowsitpro.com/t?ctl=16E72:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=16E71:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=16E66:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list