Security UPDATE--Checking Up on Products--June 9, 2004

Don't blindly trust products--make sure they're performing as expected. Plus, get links to security news and features.

ITPro Today

June 8, 2004

11 Min Read
ITPro Today logo in a gray background | ITPro Today

===============

To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.

==========

==========

==========

==== Sponsor: OpenNetwork ==== Concerned about meeting auditing and compliance requirements for controlling access to sensitive information? Quickly enable and disable employee access to corporate applications and resources with an effective Identity Management strategy. Read OpenNetwork's free whitepaper, Understanding the Identity Management Roadmap, at http://www.opennetwork.com/?goto=WinNetSecurity

==========

==== 1. In Focus: Checking Up on Products ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net When you configure your software and hardware to operate in a specific manner, how do you know they really perform as configured? Do you trust that the vendors have developed their products to operate properly? Of course you don't. Right? We all know that vendors, like everybody else, make mistakes. A case in point appeared on the Bugtraq mailing list last week. A researcher discovered that some Linksys WRT54G wireless routers under some circumstances might expose the administration interface to the WAN interface (typically connected to the Internet), even if the routers are configured to disable remote administration. So if you turned off remote administration and put the router on an Internet link, assuming the administration interface was disabled, a hacker could use the admin interface to break in. However, if you took a few minutes to probe the router from the WAN side, you might discover that the admin interface still answers even though it's supposedly disabled. Linksys, a division of Cisco Systems, released a new beta version of the WRT54G firmware to correct the problem, so if you use the device, you might consider loading the beta firmware. You might also consider placing your wireless routers behind a firewall, even if your routers have a built-in firewall, to help minimize unwanted system exposure and unwanted access. http://www.linksys.com/download/firmware.asp?fwid=201 A case in point for that suggestion pertains to another wireless router, the NETGEAR WG602, also mentioned on Bugtraq last week. Apparently, for some unknown reason, NETGEAR has integrated an undocumented administrator account into its router's firmware. The account can't be disabled, is accessible from the LAN and WAN sides of the router, and has a plaintext logon name and password that researchers have of course discovered. Anybody who uses the router is vulnerable to attack. If you have the router behind some other firewall that blocks access to its administration interface, then at least you're protected against attacks from the outside, but unauthorized users inside the local network could still log on to the router. The Linksys router vulnerability apparently stemmed from a programming error and has been fixed. But I have no idea why NETGEAR would implement an undocumented administrator account. Maybe it was inadvertently left in place. Clearly, you shouldn't blindly trust products--you need to consider checking them to make sure they perform as expected.

==========

==== Sponsor: Windows & .NET Magazine ==== Get 2 Sample Issues of Windows & .NET Magazine! Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month! http://www.winnetmag.com/rd.cfm?code=fsep204xup

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html News: SP2 for Web Developers Microsoft has published a document on the Microsoft Developer Network (MSDN) titled "How to Make Your Web Site Work with Windows XP Service Pack 2." The article covers design changes you might need to consider regarding ActiveX controls, file download mechanisms, pop-up windows, Java, HTML dialog boxes, and window-positioning restrictions. http://www.winnetmag.com/article/articleid/42843/42843.html Book Review: Hardening Windows For professionals who are heavily involved with Windows, a book titled "Hardening Windows" just cries out to be read. The author of "Hardening Windows" is Jonathan Hassell, a systems administrator and IT consultant who defines the term "hardening" as "the process of protecting a system against unknown threats." He points out that the four cornerstones of any such policy are privacy, trust, authenticity, and integrity. Privacy is the capability that a company or organization possesses to keep information confidential, and trust questions the validity of data and objects by not simply accepting things at face value. Authenticity involves ensuring that people really are who they say they are, and integrity ensures that systems aren't compromised in any way. You can read the entire book review on our Web site. http://www.winnetmag.com/article/articleid/42751/42751.html Feature: Performing Forensic Analyses, Part 1 In the "Security Administrator" articles "Building and Using an Incident Response Toolkit, Part 1" (April 2004, InstantDoc ID 41900) and "Building and Using an Incident Response Toolkit, Part 2" (May 2004, InstantDoc ID 42173), Matt Lesko discusses how to quickly and appropriately respond to a computer security incident. In the follow-up article "Performing Forensic Analyses, Part 1," he prepares to analyze the compromised machine by creating a bootable CD-ROM and duplicating the compromised machine's hard disk. http://www.winnetmag.com/article/articleid/42445/42445.html

==========

==========

==== Hot Release ==== CipherTrust Spammers are attacking the security and integrity of corporations. In this white paper, you'll learn to defend your organization against these threats. Topics include: * The security threat presented by spam * Spammer methods and techniques * The impact, including liability and damage to your reputation http://www.ciphertrust.com/files/forms/article/em-winwp-ad22-p1-ssec-04012004.php

==========

==== 4. Security Toolkit ==== FAQ: How can I recover Microsoft Office Outlook Messages that have been removed by a hard delete? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. Usually when you delete a message, Exchange Server moves it to the Deleted Items folder, which you can empty by right-clicking Deleted Items and selecting Empty "Deleted Items" Folder from the displayed context menu. Alternatively, you can configure Outlook to empty the Deleted Items folder each time you close Outlook. To do so, select Tools, Options and click the Other tab. In the General section, select the "Empty the Deleted Items folder upon exiting" check box. After Exchange removes items from the Deleted Items folder, it keeps them for 7 days. During this time, you can recover deleted messages from the Deleted Items folder by selecting Tools, Recover Deleted Items. You can perform a hard delete of a message by highlighting the message and pressing Shift+Del. Performing a hard delete removes the message without moving it to the Deleted Items folder. When you attempt to recover hard-deleted items, you'll see that they aren't listed in the recovery dialog box. If you select the folder from which you performed the hard delete (e.g., Inbox), you'll see that the option to recover deleted items is unavailable from the Tools menu. If you want to be able to recover items that have been deleted from an Outlook folder--including hard-deleted items--you need to perform the following steps or add the dumpster.reg entry to the registry. You can download the dumpster.reg entry at the URL below. 1. Start the registry editor (regedit.exe). 2. Navigate to the HKEY_LOCAL_MACHINESOFTWAREMicrosoftExchangeClientOptions subkey. 3. From the Edit menu, select New and click DWORD Value. 4. Enter the name DumpsterAlwaysOn and press Enter. 5. Double-click the new value and set it to 1. Click OK. 6. Close the registry editor. When you restart Outlook, the option to recover messages should be available for all folders. http://www.winnetmag.com/articles/download/dumpster_reg.zip Featured Thread: Directory ACL Report Generator (Two messages in this thread) Chris writes that he's looking for a tool that will generate a report of the directory structure and the assigned ACLs on his file servers. He has tried some of the tools from the Windows 2000 Resource Kit, such as showacls and showmbrs, but they don't seem to work on large directory structures like his. Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=121489

==========

==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) The Exchange Server Seminar Series Coming to Your City in June Join industry experts Kieran McCorry, Donald Livengood, and Kevin Laahs for this free event! Learn the benefits of migrating to an integrated communications environment, consolidating and simplifying implementation of technology, and accelerating worker productivity. Register now and enter to win an HP iPAQ and $500 cash! http://www.winnetmag.com/roadshows/exchange2003

==========

==== 5. New and Improved ==== by Jason Bovberg, [email protected] Secure Your Property with Network Camera Surveillance RFC Services released Visual Hindsight Professional Edition 1.01, software that supports network cameras and video servers capable of working with industry-standard JPEG still images or motion-JPEG image streams. Version 1.01 permits real-time viewing of as many as 100 cameras and video servers, while simultaneously recording as many as 50 live video streams to disk as compressed AVI files. Visual Hindsight, which costs $149, works with Windows XP, Windows 2000, and Windows NT. You can download a trial version from the Visual Hindsight Web site. http://www.visualhindsight.com/download.htm Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==========

==========

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

==========

==== Contact Our Sponsors ==== Primary Sponsor: OpenNetwork -- http://www.opennetwork.com -- 1-877-561-9500 Hot Release Sponsor: CipherTrust -- http://www.ciphertrust.com -- 1-877-448-8625

===============

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

http://www.winnetmag.com/sub.cfm?code=wswi201x1z

View the Windows & .NET Magazine privacy policy at

http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like