- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 8, 2002 (Vol. 7, #28 - Issue #359)
Vulnerability Remediation
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Vulnerability Remediation
  2. TECH BRIEFING
    • Exchange and AD Gotchas
    • Server Port 80 Plagues Internet Security
    • Companies, Colleges, Fail Computer Security
  3. NT/2000 RELATED NEWS
    • "Don't Like, No Money" For MS Licensing 6.0
  4. NT/2000 THIRD PARTY NEWS
    • Save With Top Security Bundle: Retina + UpdateEXPERT
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Check Point Next Generation Security Administration
  SPONSOR: NetIQ
Secure your Windows Environment, Decrease Costs - NetIQ White Paper!
Learn proven strategies to manage group policies in Windows
2000/Active Directory. This free white paper will reveal how to
EASILY manage Group Policies so you can unleash its power to
eliminate and address security holes as well as automate time-
consuming administrative tasks. Get the reporting and documentation
you need to feel comfortable with the security of your Windows
environment.
Visit NetIQ for more information.
  EDITORS CORNER

Vulnerability Remediation

"No IT guy ever got promoted for deploying a hotfix, but you can sure get fired if your system gets hacked." - Anonymous System Admin.

At the RSA Security Conference in California last month the buzzword was "Remediation". As you all know, a firewall is not the ultimate protection you'd like to think it is. Web and email traffic goes right through it. And Intrusion Detection Systems are generally based on attack signatures. Guess what that means? They need updates. The logical conclusion: IDS tools are often too late to stop attacks. Accomplished hackers go through firewall and IDS products in minutes.

The first thing you need to do is to have an assessment of your network to see how secure it is, and when you discover how secure it is, the the next logical step is then to remediate it. Better yet, you need a policy to keep that remediation up to date, which means policy for patch management, and a tool to enforce these policies.

In the Windows management environment there are many different hats to wear. One is the Security Admin, another one is the Network Admin. The Security Admin sets policy, the Network Admin then enforces policy. In many of the Windows shops, this is the same person. If you get into the large enterprise area then of course you have a situation where the Security- and Network Admin are different people.

This is where the problem starts. The Security Admin uses a scanner and sends big lists with vulnerabilities to the network admin. The Network Admin has a whole bunch of fires to put out and claims: "I'm really busy, I've got to do a thousand other things" So, the holes do not get fixed in time. One of the reasons the Network Admin can't always deal with holes is because they do not have a bridge between setting the policy and the enforcing of the policy.

Patch management is a major headache. For instance, it is extremely important that you deploy patches in the proper sequence. It determines success or failure. Other problems are that patches become obsolete, patches supersede other patches, service pack releases do not include all older hotfixes, sometimes patches require reinstallation but you don't know about it, some combinations of patches must never be deployed, and patches often require prerequisites before installation. See what I mean?

Two IT security companies have banded together and came up with a bundled solution to bridge this gap and help you get and keep your environment as secure as possible. Read the "Save With Top Security Bundle" story below in Third Party Tools.

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: "pcAnywhere Killer"
User Declares Sunbelt Remote Admin "pcAnywhere Killer"
You might want to give Remote Admin a try too. It's as if you are there,
with all the admin tools to control remote systems. This puppy was
"made-by-and-for" system administrators. Pricing is dirt cheap, especially
site- and company licenses. Now a "client & server" combo is available
via the online shop for just 35 bucks! Get yours here:
Visit "pcAnywhere Killer" for more information.
  TECH BRIEFING

Exchange and AD Gotchas

Donzea Jordan sent these two:

Sid History Doesn't cure everything: By just migrating Users' SIDHistory over to AD, you won't keep your legacy permissions if they were assigned to a group. All the Groups have to be migrated as well (preferably before the users) with SidHistory in order for the users to use old permissions that are based on Groups. If you're doing a large gradual migration, this is a big deal.

Exchange names flipped in Gal: The disabled accounts created by ADC preserve the Display Name. However after migrating the actual NT account and merging using ADClean or 3rd party tool, the Display name field becomes populated with the Full Name field of the NT account name. Thus the GAL gets updated to whatever the NT Full Name is. This may not match what the display was. In our case, "Smith, John" became "John L. Smith" in the GAL.

Server Port 80 Plagues Internet Security

The Internet has become a riskier place for businesses since the fall of 2001 and doesn't look to be any more secure in the near future, according to security firm Internet Security Systems, which released its security incident figures for the first quarter of 2002 Wednesday. The Sept. 11 terrorist attacks on the U.S. have not prompted any obvious cyberattacks, ISS concluded. For the full story see this InfoWorld article:
http://www.w2knews.com/rd/rd.cfm?id=020408TB-Port80

Companies, Colleges, Fail Computer Security

Another interesting InfoWorld security article is this one. The security holes exploited by Code Red and Nimda, worms that experts said had the potential to knock the entire Internet offline, attacked long-standing vulnerabilities in Microsoft's IIS (Internet Information Services) Web server software caused by a type of error made through bad code writing: the buffer overflow.

A buffer overflow occurs when the amount of memory assigned to a specific application or task is flooded, often with unpredictable results. Frequently, however, buffer overflows allow attackers to run any code they choose on a target machine. How come? Colleges do not train students to write secure code. For the full story:
http://www.w2knews.com/rd/rd.cfm?id=020408TB-SecFailure

  NT/2000 RELATED NEWS

"Don't Like, No Money" For MS Licensing 6.0

Clearwater, Fla. - Four months before Microsoft Corp. launches its Licensing 6.0 Program, a new joint Sunbelt Software, Inc./ Information Technology Intelligence Corp. (ITIC) survey indicates that 41 percent of businesses say they lack the necessary funds to migrate to the new plan.

Those are the results of the latest Information Technology Intelligence Corp. /Sunbelt Software, Inc. independent Web-based poll of 1,400 corporations worldwide. Those polled included Windows 2000 network and systems admins, Exchange and SQL administrators as well as Chief Technology Officers, Chief Information Officers and Chief Operating Officers.

The findings of this latest survey closely mirror the results of the prior October 2001 Sunbelt survey. In both surveys, the overwhelming majority of corporations - nearly 80 percent - said they have a negative view of the plan, while 90 percent believe that migrating to the Licensing 6.0 program will increase their licensing costs.

As with the earlier surveys the high response rate is a clear indication that the Microsoft Licensing Program 6.0 is and will remain, an extremely crucial and controversial issue for the majority of businesses.

The chief problems cited by businesses: uncertainty over the terms and conditions of the new licensing scheme, complexity and lack of available funds, appear to have worsened and not improved in the six months following the initial Sunbelt October, 2001 survey.

"If anything corporations say they are more confounded and befuddled in attempting to discern the business and cost advantages/disadvantages, comprehending the new pricing provisions and true up costs and determining the benefits of a Select vs. an Enterprise Agreement," noted Laura DiDio, a principal at ITIC, which co-sponsored the survey. One aspect of the upcoming licensing scheme that seems to be clear to users is their overwhelming dislike for the Enterprise Subscription agreement, which is akin to leasing not owning the software.

As a result, 36 percent of businesses said they will not upgrade to the new Microsoft Licensing 6.0 scheme and another 38 percent of the respondents said they are actively seeking alternatives to Microsoft products.

Survey Highlights:

  • Only 12 percent of organizations say their firms have the necessary funds to migrate to the Licensing 6.0 program, compared with 41 percent of the respondents that say they lack the necessary funds to move to the new licensing plan.
  • Only 22 percent of respondents said they fully understood the terms and provisions of the 6.0 Licensing Program; 45 percent said they understood it "somewhat" and 24 percent responded that they did not comprehend it.
  • The biggest areas of confusion identified by organizations comprehended the pricing provisions and benefits of Select vs. Enterprise and determining the actual true-up costs.
  • Some 12 percent of businesses that have already migrated or are in the midst of negotiating 6.0 licensing agreements said their experience was a positive one; another 32 percent gave a "fair" rating to the negotiating process.
  • However, 51 percent of organizations said their experience negotiating a new 6.0 contract with Microsoft and/or their Large Account Resellers was negative.
  • Nearly two-thirds of respondents -- 63 percent -- have not done a comprehensive cost analysis of what it will cost to migrate to the new licensing scheme.
  • About 50 percent said their firms are unprepared to negotiate licensing agreements Microsoft or their Large Account Resellers compared with only 16 percent said they were prepared for the negotiation process.
  • And 50 percent of corporations said the confusion and uncertainty would delay upgrades to new versions of Microsoft Office XP, Windows XP, Windows 2000 Server and the forthcoming Windows .NET Server - with at least half saying there would be significant upgrade delays of one year or more.
In summary, the overwhelming majority of corporations expressed outrage and distaste at the high cost of both the new Licensing 6.0 terms and conditions as well as the expense for the Software Assurance - 25 percent of the list price of a server license and 29 percent of the list price of a client license. It is a fact that these prices are the highest in the industry and that fact has not gone unnoticed by corporations.

[Disclaimer: This is a self-selecting Web-based survey undertaken to identify corporate user trends, behavior and buying patterns. The findings are not absolute and no one can predict with any certainty how any of us will act in the future.]

  THIRD PARTY NEWS

Save With Top Security Bundle: Retina + UpdateEXPERT

Use Retina to identify vulnerabilities and recommend security policies. Use UpdateEXPERT to enforce policies for software patches: Scan and Fix! Retina + UpdateEXPERT together are your total solution for system and network vulnerabilities: Assessment and Remediation.

Any out-of-update system can be exploited, and errors in updating your system can create new vulnerabilities and disastrous results. Remediation is complex and requires specialized knowledge, and keeping settings and patches up to date is an ongoing process to prevent your domains from getting hacked into.

Product Features: Retina: Vulnerability Scanning and Policy Setting

  • Retina is the best-of-class network vulnerability security scanner on the market (Reference Network World Buyer?s Guide "Blue Ribbon" award for excellence)
  • Retina scans and audits all IP?s (servers, workstations, firewalls, routers, desktops, Web interfaces, OS, etc.,) looking for security vulnerabilities
  • The result is a customized report listing all the vulnerabilities on every IP and their threat level
Product Features: UpdateEXPERT: Patch Application and Management
  • Make informed decisions
  • Manage from a central console without agents
  • Improved reliability without needing to install remote software
  • Install only those updates that are missing and applicable:
  • Worry-free installation
  • Deploy worry-free using exclusive database
  • Combine any patches, eliminate reboots
  • Check all systems to make sure that patches are still installed and valid:
  • Support on-going efforts to manage patch levels
  • Define required list of patches
  • Make all machines comply in 1 click
  • Conformance report (odd-man-out) scans against list of required patches
  • Check to see if exceptional systems do not comply and why
Product Benefits:

What Makes Retina Unique?

  • Fastest - 2 to 10x faster than the competition
  • Constant Updates - Often multiple dailies
  • NMAP - Most comprehensive and accurate database available plus eEye's daily research (discovered and named Code Red worm & XP- UPnP, hundreds of advisories)
  • Non-Intrusive - ID's vulnerabilities without exploit testing
  • CHAM - Common Hacking Attack Methods (for "unknown" vulnerabilities used by Sec Admin)
  • Customized Audits - Admin can customize a check
  • No IP restrictions - Scan ranges of IP?s
  • Reports - Both "Executive" and "Technical"
UpdateEXPERT ? Remediation and Policy Enforcement:
  • UpdateEXPERT installs security, system stability & private software patches
  • Identifies what hotfixes are missing & applicable to your system
  • Arranges hotfixes in proper order
  • Schedules when to push out a hotfix
  • Broadcasts hotfix from central console inside a wrapper
  • Installs hotfix independently
  • Way more complete, powerful and reliable than any free tool
UpdateEXPERT solves the challenges of keeping your systems patched correctly. It is extremely important that you deploy patches in the proper sequence. It determines success or failure.

Try this combination on your own domains now and save a bundle.
http://www.w2knews.com/rd/rd.cfm?id=020408TP-Secbundle

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • A site full of links to interesting articles
    http://www.w2knews.com/rd/rd.cfm?id=020408FA-ArtBell
  • Into Digital Cameras? This is a pretty good resource
    http://www.w2knews.com/rd/rd.cfm?id=020408FA-DigitalCameras
  • Google's this year's April First joke, pretty funny
    http://www.w2knews.com/rd/rd.cfm?id=020408FA-GoogleGag
  •   PRODUCT OF THE WEEK

    Check Point Next Generation Security Administration

    The Check Point Next Generation suite of products provides the tools necessary for easy development and deployment of Enterprise Security Solutions. Check Point VPN-1/FireWall-1 has been beating out its competitors for years, and the Next Generation software continues to improve the look, feel, and ease of use of this software. Check Point NG Security Administration will show you the ins and outs of the NG product line. Here is the Amazon Link:
    http://www.w2knews.com/rd/rd.cfm?id=020404BW-CheckPoint