Security UPDATE - 25 Feb 2004
Create a customized bootable Windows CD-ROM with tools for security analysis and system recovery. Plus, get the latest security news.
February 24, 2004
====================
==== This Issue Sponsored By ====
VERITAS Software
http://placeware.viewcentral.com/events/cust/search_results.asp?event_address_id=24&cid=veritas&pid=2&lid=5
Free Download: Shavlik Security Patch Management
http://www.shavlik.com/pHFNetChkAdmin.aspx
====================
* In Focus: Creating a Bootable Windows CD-ROM
* Security News and Features
- News: Leaked Code Leads to Vulnerability Discovery in IE 5.x
- News: Microsoft's Security Guidance Center
- News: Windows Security Update CD Now Available
* New and Improved
- Establish Hardware-Based Encryption
- Protect Your Email Systems
- Tell Us About a Hot Product and Get a T-Shirt!
====================
==== Sponsor: VERITAS Software ====
Improving the performance of applications relying on databases and storage can be a daunting task. Join this Webcast hosted by VERITAS Software - "Improving Application Performance on Storage Arrays" - to pick up tools and techniques that will help you to improve your application performance. http://placeware.viewcentral.com/events/cust/search_results.asp?event_address_id=24&cid=veritas&pid=2&lid=5
====================
==== In Focus: Creating a Bootable Windows CD-ROM ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
A system failure can be an aggravating experience. Any number of problems can cause erratic system behavior, including viruses, worms, Trojan horses, corrupt or missing files, or a failed software update. Recovering from such instances sometimes requires that we gain access to a disk subsystem without using the installed OS.
Booting to the Windows recovery console can typically be a great help, but in some cases, that method doesn't provide enough utility to get the job done. Sometimes, you must remove a drive and install it in a working system so that you can boot an OS to gain access to the drive or files that need repair or inspection.
You might be aware that numerous versions of bootable Linux CD-ROMs are available--many of which can support NTFS. These CD-ROMs are handy for tasks such as fixing corrupted files or recovering and resetting lost passwords. Did you know that you can create a customized bootable Windows CD-ROM complete with the tools you might need for security analysis and system recovery?
Bart Lagerweij has created BartPE, a tool that you might consider adding to your security toolkit. BartPE uses a licensed copy of Windows Server 2003 or Windows XP to create a bootable CD-ROM in the form of a preinstalled environment (PE). You can boot a system from that CD-ROM and have access to network resources as well as various tools, depending on what you've included on the CD-ROM during the build process.
In its default configuration, BartPE builds a bootable Windows CD-ROM that contains Chkdsk, a RAM disk, a remote desktop client, mouse support, and more. BartPE also has a framework into which you can plug other tools, such as various network drivers, spyware-removing tools, virus-scanning tools, the PuTTY SSH client, Advanced SCSI Programming Interface (ASPI) support, Mozilla, Winternals Software's Disk Commander and ERD Commander, Symantec Ghost, and Ahead Software's Nero for creating CD-ROM and DVD images. You can also add a Citrix client, Novell NetWare client, hexadecimal editor, data-recovery tools, and numerous other tools. Keep in mind that if you want to plug a tool that's not freeware or shareware into your bootable CD-ROM, you'll need a licensed copy of the tool. You can learn more about BartPE and download the related building tools at the Nu2 Productions Web site.
http://www.nu2.nu/pebuilder
====================
==== Sponsor: Free Download: Shavlik Security Patch Management ====
Install the latest critical Microsoft security patch today with HFNetChkPro. A free, fully functional, no time-out version of HFNetChkPro is available to help you automate the delivery and testing of this critical patch. HFNetChkPro offers unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush capabilities. Save time on patch deployment, ensure systems are fully protected and safeguard your systems from remote code execution, identity spoofing, arbitrary code execution and other attacks. It's free, and it simplifies patch management without agents. Learn more and download the free version of HFNetChkPro at
http://www.shavlik.com/pHFNetChkAdmin.aspx
====================
==== Announcements ====
(from Windows & .NET Magazine and its partners)
Get the SQL Server 2000 System Table Map Poster!
If you're an administrator or developer and work with SQL Server, SQL Server Magazine can help you at work. Subscribe today and you'll gain access to a treasury of SQL Server experts, content, tips, code listings, articles, and more. Bonus--the System Table Map Poster. Click here for details:
https://secure.pentontech.com/nt/sql/index.cfm?promocode=psep2142ss
Event Central--a Comprehensive Resource for the Latest Events in Your Field
Looking for one place to find the latest Web seminars, roadshows, and conferences? Event Central has every topic you're looking for. Stay current on the latest developments in your field. Visit Event Central and find answers now!
http://www.winnetmag.com/events
Take Our Quick Survey!
Help shape the future of Windows & .NET Magazine! We want to hear your opinions about our name and your perceptions of us. Thank you in advance for your time and ideas. Click on this link to complete our quick survey.
http://www.zoomerang.com/survey.zgi?L223AATBUKRVYF8040X51XSM
====================
==== Sponsor: Virus Update from Panda Software ====
Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.
Visit "Panda's GateDefender Stands Guard!" at
http://www.pandasecurity.com/gatedefender/
for more information.
====================
==== Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.winnetmag.com/departments/departmentid/752/752.html
News: Leaked Code Leads to Vulnerability Discovery in IE 5.x
Someone with access to the leaked Windows source code found a hole in Microsoft Internet Explorer (IE) 5.x and leaked details to various security mailing lists.
http://www.winnetmag.com/article/articleid/41784/41784.html
News: Microsoft's Security Guidance Center
Microsoft has launched its new Security Guidance Center Web site for developers and IT professionals. The site lets you register for training, obtain security-related tools, and sign up for Microsoft's email-based security alerts and newsletter.
http://www.winnetmag.com/article/articleid/41799/41799.html
News: Windows Security Update CD Now Available
Microsoft is now taking orders for copies of its Windows Security Update CD, which is available free of charge. The CD-ROM contains updates for Windows XP, Windows 2000, Windows Me, and Windows 98 that have been released since October 2003.
http://www.winnetmag.com/article/articleid/41801/41801.html
====================
==== Hot Release ====
Get Thawte's New Step-by-Step SSL Guide for MSIIS
In this guide you will find out how to test, purchase, install and use a Thawte Digital Certificate on your MSIIS web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. Get your copy of this new guide now:
http://ad.doubleclick.net/clk;7310583;8859391;v
====================
==== Instant Poll ====
Results of Previous Poll: Protecting Aps
The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Does your company protect rogue wireless access points on its network?" Here are the results from the 31 votes.
- 71% Yes
- 16% No, we're not sure how to protect them
- 13% No, we're unconcerned about protecting them
- 0% I'm not sure
New Instant Poll: Bootable CD-ROMs
The next Instant Poll question is, "Do you rely on bootable Windows or Linux disks for system recovery and analysis?" Go to the Security Web page and submit your vote for
- Yes (Windows)
- Yes (Linux)
- No, but I plan to start
- No, and I don't plan to start
http://www.winnetmag.com/windowssecurity
==== Security Toolkit ====
Virus Center
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.winnetmag.com/windowssecurity/panda
Virus Alert: Netsky.B
A new worm, Netsky.B, is spreading via email. The worm uses its own SMTP engine to mass-mail itself and once inside a network, it tries to further propagate through network shares. For more details about this worm, go to
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=44815
FAQ: What's the Microsoft Systems Management Server (SMS) 2003 Administration Feature Pack?
by John Savill, http://www.winnetmag.com/windowsnt20002003faq
A. The SMS 2003 Administration Feature Pack contains three tools. The Manage Site Accounts Tool lets you use the command line to manage accounts and passwords for one or multiple sites in a hierarchy. The tool also lets you update, create, verify, delete, and list the Windows accounts for the SMS sites.
The Transfer Site Settings Wizard lets you copy site configuration, packages, and collection settings from one site to one or more target sites. You can copy settings interactively or by using XML templates. The tool provides both a graphical and command-line interface.
The Elevated Rights Deployment Tool (aka RunOnce) lets you use the elevated privileges of the SMS software distribution features to install applications that require administration rights after a system restart. The tool can execute the registry entries in the RunOnce location by moving the entries in the registry to a new SMSRunOnce location where SMS can execute those entries.
You can download the SMS 2003 Administration Feature Pack from the Microsoft Web site. After you download the software, run the downloaded file to create three folders, each containing one of the tools. http://www.microsoft.com/downloads/details.aspx?familyid=7bd3a16e-1899-4e0b-bb99-1320e816167d&displaylang=en
Featured Thread: War-Dialing Attacks
(Two messages in this thread)
A reader writes that a war dialer is attacking his business phone system. When the dialer attacks, each phone line rings in turn. He has also observed that the company's modem lines are being probed and that probes of his cell phone are starting. He wants to know how to guard against these sorts of attacks. Lend a hand or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=67308
==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
New--Microsoft Security Strategies Roadshow!
We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.
http://www.winnetmag.com/roadshows/computersecurity2004
==== New and Improved ====
by Jason Bovberg, [email protected]
Establish Hardware-Based Encryption
Kanguru Solutions announced the Kanguru Encryptor, a security device that locks down and encrypts your hard disk so that it's inaccessible without an access key. The Encryptor uses a silicon-based real-time encryption/decryption processor that encrypts an entire hard disk's contents bit-by-bit, including the boot sector and the OS. Starting at $59.95, the Encryptor is available in two models--40-bit Data Encryption Standard (DES) and 128-bit Triple DES (3DES) encryption--and fits easily in a 5.25" bay. For more information about the Encryptor, contact Kangaru Solutions on the Web.
http://www.kanguru.com
Protect Your Email Systems
BorderWare Technologies announced MXtreme Mail Firewall 3.0, an application-specific security appliance that protects your email systems from threats such as spam, viruses, Trojan horses, Internet worms, malformed messages, and Denial of Service (DoS) attacks. MXtreme Mail Firewall also provides secure remote access for Web mail and secure authenticated session proxies for Microsoft Outlook Web Access (OWA) and Lotus iNotes. For more information about MXtreme Mail Firewall 3.0, contact BorderWare Technologies at 877-814-7900 or on the Web.
http://www.borderware.com
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].
===================
==== Sponsored Links ====
NetSupport
Free Trial - Fast and Easy Network Management. - NetSupport DNA
http://ad.doubleclick.net/clk;7276793;8214395;y?http://www.netsupport-inc.com/dna/netsupport_dna_overview.htm
Surf Control
SurfControl Web Filter manages Internet risk. Try it FREE for 30 days.
http://ad.doubleclick.net/clk;7342764;8214395;q?http://www.surfcontrol.com/go/zwn0218
Aelita Software
White Paper! Event Log Management: A Guide to a Stress-free Audit
http://ad.doubleclick.net/clk;7317099;8214395;t?http://www.aelita.com/0204sponlink
===================
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Copyright 2004, Penton Media, Inc. All rights reserved.
About the Author
You May Also Like