[ISN] Security UPDATE--Patrolling Wireless Networks--May 12, 2004

InfoSec News isn at c4i.org
Thu May 13 05:48:35 EDT 2004


====================

==== This Issue Sponsored By ====

CipherTrust
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BHFc0AK

Exchange & Outlook Administrator
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BEf10Ax

====================

1. In Focus: Patrolling Wireless Networks

2. Security News and Features
   - Recent Security Vulnerabilities
   - News: Time to Patch Quicktime, iTunes, Mac OS X, and Panther
   - Update: Problems with Microsoft's Patch MS04-011

3. Security Toolkit
   - FAQ
   - Featured Thread

4. New and Improved
   - Firewall Gets Faster and Easier

====================

==== Sponsor: CipherTrust ====
   Corporations are experiencing spam levels in excess of 60% of their
total email volume. The effect of this volume on productivity,
bandwidth and storage is significant and costly. But these are not the
only effects. Spam now presents a serious threat to security with
implications for network integrity and legal liability. In this white
paper, you'll learn about the security threat presented by spam, as
well as valuable insight into spammer methods and techniques, all from
the experts in anti-spam and email security at CipherTrust. Take
action now to secure your networks against spam!
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BHFc0AK

====================

==== 1. In Focus: Patrolling Wireless Networks ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

The Sasser worm basically fizzled, and I think that so far, its
variants are little more than a nuisance. But that could change in the
future. We'll have to wait and see. In any event, it's a certainty
that someone with misconnected neurons will unleash yet another worm
on the unsuspecting public before people have had time to install the
most recent patches and fix any problems with them. Gee, I can hardly
wait. In the meantime, other matters need attending to. For example,
what's the state of your wireless security?

If you subscribe to "Windows & .NET Magazine," you've probably
received the May issue, which includes "A Secure Wireless Network Is
Possible," an informative article by Randy Franklin Smith. Subscribers
can also read the article at the URL below. In the article, Smith
points out that, "Wireless networks can be secure if you use the right
technologies. To add a secure wireless network to an existing Windows
network, all you need to do is install one or more 802.1x-compliant
wireless Access Points (APs) and one computer running Windows Server
2003. The Windows 2003 server will facilitate 802.1x authentication
between your wireless clients and your existing Windows network. Your
users will be able to gain access to your wireless network simply by
using their existing Windows user accounts."
   http://www.winnetmag.com/windows/article/articleid/42273/42273.html

If you have wireless equipment and Windows Server 2003, consider
implementing the suggestions in the article. Also consider what might
happen if someone plugs in a wireless AP without your knowledge or
someone (inadvertently or not) configures his or her wireless network
card to operate in ad-hoc mode. In either case, your network would
suddenly gain a security hole that you might not want to leave open.
Another problem arises when unwanted wireless clients come within
broadcast range of your wireless gear.

Solutions are available to monitor the airwaves against unwanted
access points and unknown wireless clients, a few of which are
AirDefense, AirMagnet, and Red-M's Red-Detect. These are
hardware-based solutions that can quickly identify broadcasting APs
and clients, help prevent unwanted wireless connectivity, detect
various types of wireless network attacks, and more.

I'm in the process of reviewing these three products for an upcoming
edition of "Windows & .NET Magazine." I wonder if you use one of these
solutions or maybe another solution? If so, I'm interesting in
learning what you think about it and what your experiences have been
to date. Please send me an email with your detailed thoughts about
these products or whichever solution you might use. And please prefix
your message subject with "WIFI:" so that I can more easily find your
responses among the junk mail.

====================

==== Sponsor: Exchange & Outlook Administrator ====
   Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information that will go a long way towards
preventing serious messaging problems and downtime. Request a sample
issue today, and discover tools you won't find anywhere else to help
you migrate, optimize, administer, and secure Exchange and Outlook.
Order now!
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BEf10Ax

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Time to Patch Quicktime, iTunes, Mac OS X, and Panther
   If you use Quicktime or iTunes software on Windows or Apple systems
or manage Apple desktops or servers, you might want to load the latest
patches.
   http://www.winnetmag.com/article/articleid/42586/42586.html

Update: Problems with Microsoft's Patch MS04-011
   Last week, I wrote about the Microsoft article "Your computer stops
responding, you cannot log on to Windows, or your CPU usage for the
System process approaches 100 percent after you install the security
update that is described in Microsoft Security Bulletin MS04-011,"
http://support.microsoft.com/?kbid=841382 , released April 28.
   Another Microsoft article, "MS04-011: Security Update for Microsoft
Windows," http://support.microsoft.com/?kbid=835732 , was also
released on April 28 and provides links to six articles (including
article 841382) that pertain to problems administrators might
encounter while trying to implement the MS04-011 patch.
   http://www.winnetmag.com/article/articleid/42505/42505.html

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

New--Small Servers for Small Businesses Web Seminar
  Today a small business can be as agile as a large business by
understanding which technology can be leveraged to create a
centralized server environment. In this free Web seminar, you'll learn
about the perils of peer-to-peer file sharing, backup and recovery,
migration from desktop to servers, and Small Business Server basics.
Register now!
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BH1G0AV

Get 2 Free Sample Issues of SQL Server Magazine!
   SQL Server Magazine is a useful resource loaded with relevant
information covering database modeling and design, performance tuning,
security, ADO.NET, ASP.NET, XML, and the latest topics that SQL Server
developers, administrators, and business-intelligence architects need
to know. Try two (no-risk) sample issues today, and discover the
timesaving qualities the magazine has to offer. Order now:
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BH6l0AD

Get Your Free Email Security Toolkit--Includes a Free Web Seminar,
eBook, and White Paper!
   You'll learn how to eliminate the top 5 email security threats
including spam and viruses. Plus, get an inside look at how Enterprise
Rent-A-Car reduced spam and viruses, improved its email security, and
increased productivity. Don't miss your chance to get a free eBook,
Web seminar, and white paper. Get your Email Security Toolkit now!
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BH1H0AW

==== 3. Security Toolkit ====

FAQ: Granting Necessary Permissions to AD for SMS 2003 Advanced
Security Mode
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

Q: How can I avoid errors when I create Active Directory (AD)
containers on a server that runs Microsoft Systems Management Server
(SMS) 2003 in Advanced Security Mode?

A. SMS 2003's Advanced Security Mode removes the requirement for
multiple accounts and instead relies on the Local System and Computer
accounts for all security-related actions (such as interacting with
the file system and updating AD). The Computer account therefore needs
permission to parts of AD when AD integration is enabled--specifically
the System partition of the domain namespace. To grant this
permission, perform the following steps:

   1. Start the Microsoft Management Console (MMC) Active Directory
Users and Computers snap-in (click Start, Programs, Administrative
Tools, Active Directory Users and Computers).
   2. Click View, Advanced Features.
   3. Select the System branch from the treeview pane.
   4. Right-click the system container and select Properties.
   5. On the Security tab, click Advanced.
   6. Click Add.
   7. Click Object Types and ensure that only the Computers check box
is selected. Click OK.
   8. In the "Enter the object name to select" text box, enter the
name of the SMS site server. (Alternatively, you can click Advanced,
then click Find Now and select the computer.) Click OK.
   9. The set of permissions is displayed. Ensure that in the "Apply
onto:" list box, only "This object and all child objects" is selected.
  10. Under Permissions, select the "Full Control" check box under the
Allow column. Click OK.
  11. Click OK to close the main System Properties dialog box.

You must also ensure that the computer account of the SMS site server
that uses Advanced Security Mode is a member of the local
Administrators group. To add the account, run the command:

   net localgroup Administrators <domain name>
      \<site server computer name>$ /add

Featured Thread: Exchange--Outbound SMTP Fails
   (One message in this thread)

A reader writes that his company's Microsoft Exchange 2000 Server is
directly connected to the firewall; however, the company wants to
route all Internet traffic through the Microsoft ISA Server system,
which is configured to allow outbound and inbound SMTP traffic. The
Exchange server is a Network Address Translation (NAT) secure client.
The company has no problems with DNS resolution or inbound SMTP, but
outbound SMTP doesn't work at all. Email messages sit queued in the
Exchange SMTP connector.

The reader looked at the ISA log files and saw that outbound SMTP
sessions have a status of 13301, which means that the firewall policy
denied the connection requests. He then installed the firewall client
on his Exchange server and could send messages through the firewall.
But as far as he knows, a firewall client can only function when a
user is logged on to the system on which the client is installed and
he wants to know if that's true or if there's a way around that. Lend
a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=120712

====================

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

New--From Chaos to Control: Using Service Management to Reclaim Your
Life
   Take control of your workday! If you're supporting 24 x 7
operations by working around the clock instead of 9 to 5, learn how
you can benefit from a sound service management strategy. In this free
Web seminar, you'll learn practical steps for implementing service
management for your key Windows systems and applications. Register
now!
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BH1I0AX

====================

==== 4. New and Improved ====
   by Jason Bovberg, products at winnetmag.com

Firewall Gets Faster and Easier
   Agnitum announced Outpost Firewall Pro 2.1, a new version of the
company's firewall software that boasts enhanced speed and ease of
use. Users now have increased control over filtering rules and can
more easily customize the product. Agnitum has also simplified the
upgrade process and hidden advanced features to ease operation for
novice users. Visual alerts inform you about events that need your
immediate attention; automatic news and plug-in announcements keep you
up-to-date about the latest security news and updates from Agnitum.
Outpost Firewall Pro 2.1 costs $39.95. For more information, or to
download an evaluation copy, contact Agnitum at info at agnitum.com or on
the Web.
   http://www.agnitum.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.

====================

==== Sponsored Links ====

Argent
   Comparison Paper: The Argent Guardian Easily Beats Out MOM
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BDWV0AK

Microsoft(R) TechNet
   Microsoft(R) TechNet Webcasts: essential guidance, industry experts
   http://list.winnetmag.com/cgi-bin3/DM/y/efqP0CJgSH0CBw0BG360AF

====================

==== Contact Us ====

About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com

====================

==== Contact Our Sponsors ====

Primary Sponsor:
   CipherTrust -- http://www.ciphertrust.com -- 1-877-448-8625

====================

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub at list.winnetmag.com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.






More information about the ISN mailing list