New Exploits and a New Security Toolkit
New exploits target the recently discovered PCT and TCP-reset vulnerabilities, and a new version of the Network Security Toolkit is available.
April 27, 2004
One of the security patches that Microsoft released in the Microsoft Security Bulletin MS04-011 on April 13 fixes a serious problem in the Private Communications Technology (PCT) protocol, which is part of Microsoft's Secure Sockets Layer (SSL) implementation. If you haven't patched your production systems yet, consider doing so immediately because exploits have already been released that can provide remote access to an intruder. So your unpatched systems are sitting ducks.
http://www.winnetmag.com/article/articleid/42438/42438.html
If you can't load the patch for some reason, consider disabling PCT, which you can do by adjusting a particular registry key. For more information about disabling PCT, see "Information about code that attempts to exploit PCT in SSL" at
http://www.microsoft.com/security/incident/pctdisable.asp
You also need to be aware of the recently reported TCP-reset vulnerability, which affects many devices, including routers. As you'll learn in the related news story below, exploiting the vulnerability causes routers to drop connections, including important border gateway protocol (BGP) sessions. A new Windows-based exploit tool was recently released, so be sure to check with your router vendors to determine whether their particular products are affected. If they are, install the latest updates.
http://www.winnetmag.com/article/articleid/42437/42437.html
You should ensure your Intrusion Detection System (IDS) has the most recent rules and signatures available. For example, new Snort rules became available on April 25 as I was writing this editorial. So if you use Snort, be sure to obtain the last rules files.
http://www.snort.org/dl/rules
A New Security Toolkit
I don't think a person can ever have enough security tools. If you share that opinion, you might want to download a copy of the recently released version 1.0.4 of Network Security Toolkit (NST), which is the creation of Paul Blankenbaker and Ron Henderson.
NST is available on a bootable CD-ROM or is downloadable as an International Organization for Standardization (ISO) image and is based on Red Hat Linux 9.0. The CD-ROM contains dozens upon dozens of tools and, according to the NST Web site, can "transform most x86 systems into a system designed for network traffic analysis, intrusion detection, network packet generation, a virtual system service server, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebook's hard disk will not be altered in any way."
Head over to the NST Web site and have a look at NST's contents and capabilities. At the site, you'll also find the link to download the 194MB package.
http://www.networksecuritytoolkit.org/nst/index.html
About the Author
You May Also Like