[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] TEST
This newsletter is customized for:CheckPoint_Mailing_List =============================================================== DTM inSecurity News =============================================================== Thursday, November 30, 2000 Created for you by: The Secure Internet Solutions Group and DTM Systems Corporation =============================================================== CONTENTS 1. Today's Focus: Firewalls 2. Security News 18 November 2000 Christmas DDoS Threat 15 November 2000 Navidad and W95.Ussrhymn 13 November 2000 Tightening Web Security 10 November 2000 IIS Patch Released 10 November 2000 Navidad Worm Is Spreading 09 November 2000 Same Server Attacked Again At Microsoft 08 November 2000 Mideast Cyber Attacks Intensify 07 November 2000 Reactions to Microsoft's Security Breaches 07 November 2000 DDoS Suspect will Plead Guilty 3. New & Improved: NetScreen-100 receives Top Choice Award 4. Exploit of the Week: IIS 4.0/5.0 CGI File Name Inspection 5. DTM Announcements =============================================================== 1. Today's Focus: Firewalls By: Ian J. Watson Senior Information Security Consultant The Internet is a valuable resource that enables your company to: -communicate more efficiently with customers and suppliers -reduce telecommunications costs -provide information about yourself to customers and prospects Your challenge is to deliver Internet services without compromising the security of the corporate network. You need the ability to control and manage information entering and leaving your network. In a recent study by Information Week, 60% of respondents stated that their network had been penetrated. It happened to them and it can happen to you. Internet technology provides a cost effective, global communications infrastructure that enables worldwide access for employees, customers, vendors, suppliers and key business partners. While this is a critical requirement to collaborative information sharing, it also exposes an organization's network to new risks and threats. How can an organization keep its resources and information protected from unauthorized network access, both inside and outside the organization? Access control, a fundamental building block in any security policy, addresses this issue. In a survey undertaken by the FBI in cooperation with the Computer Security institute, 73% of the respondents said their sites had been penetrated by Hackers. Extrapolating from this, it is estimated that the average corporate network is hacked approximately 12 to 15 times each year. Many times, these hacks occur without the knowledge of the corporation being attacked. Statistics such as these are a sobering reminder that no site is immune from Hacker attacks. Preventing assaults upon the data that forms the lifeblood of your corporation takes a cooridinated effort from the system/network administrators and users. Prevention can take many forms, but a critical component in any protection scheme should be a full-featured firewall. DTM and the Secure Internet Solutions Group offers best-of-breed firewall solutions for you specific business needs. 2. Security News --18 November 2000 Christmas DDoS Threat Internet Security System's (ISS) research and development team warns that crackers may be planing more Distributed Denial of Service (DDoS)attacks this Christmas season. Companies should assemble incident response teams and establish links with local law enforcement. http://sg.dailynews.yahoo.com/headlines/technology/article.html?s=sing apore/headlines/001118/technology/newsbytes/Denial_of_Service_Attacks_ Planned_For_Christmas_-_ISS.html --15 November 2000 Navidad and W95.Ussrhymn The Navidad worm spreads by sending itself as a reply to all incoming e-mail; while Navidad does not appear to destroy or change data, it can freeze Windows systems. W95.Ussrhymn is programmed to start destroying files on January 1 while playing a Soviet hymn. http://www.wired.com/news/politics/0,1283,40195,00.html --13 November 2000 Tightening Web Security Security experts encourage e-merchants to heighten security in light of recent cracker threats and the upcoming holiday shopping season. Companies should increase firewall analysis and intrusion detection, carefully inspect site usage logs, and use strong encryption to protect customer data. Web sites should also have procedures in place to detect and manage denial of service attacks. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53952,00.html --10 November 2000 IIS patch Released, Could have prevented breaches Microsoft released a patch that addresses a serious flaw in Microsoft IIS 5.0 "Web Server File Request Parsing" and fixes the "Web Server Folder Traversal Vulnerability" issue, which was exploited twice in recent weeks within Microsoft's own systems. Vulnerable versions are IIS 5.0 and 4.0 with service packs 4 and earlier. Users of IIS 4.0 who have not yet done so are urged to upgrade to the latest service pack. A Microsoft bulletin recommends that all customers running IIS 5.0 immediately apply the patch for this vulnerability. Exploit code has not yet been released. This is the second network intrusion in two weeks suffered by the software giant. Microsoft reported Oct. 26 that a hacker broke into its system and accessed the source code of a product under development. The FBI is investigating the incident. http://www.nsfocus.com/english/homepage/sa_07.htm http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/EN-US/Q277873_W2K_SP2_x86_en.EXE http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Microsoft IIS 4.0: http://www.microsoft.com/ntserver/nts/downloads/critical/q269862 Microsoft IIS 5.0: http://www.microsoft.com/windows2000/downloads/critical/q269862 --10 November 2000 Navidad Worm Is Spreading Navidad spreads through in-boxes in Microsoft Outlook and Outlook Express, and arrives as an attachment to a reply e-mail. If the attachment is opened, an eye icon appears on the desktop in the system tray. Clicking on the eye yields a button accompanied by a message in Spanish, which, if clicked, installs a program that prevents the computer from launching any executable applications. http://www.cnn.com/2000/TECH/computing/11/10/navidad/index.html Directions for manually removing the program: http://vil.nai.com/vil/virusRemovalInstructions.asp?virus_k=98881 --9 November 2000 Same Server Attacked Again At Microsoft The same Dutch cracker who broke a Microsoft server last week did so again four days later. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53648,00.html --8 November 2000 Mideast Cyber Attacks Intensify The Mideast cyber war is escalating. One pro-Palestinian extremist group is pursuing an attack plan that may take down Israeli e- commerce. Another cyber activist warns that the US may also be a target. http://www.wired.com/news/print/0,1294,40030,00.html --7 November 2000 Reactions to Microsoft's Security Breaches Many IT professionals say they don't think any less of Microsoft because of its recently disclosed security problems: security is not a perfect science. One analyst questioned Microsoft's monitoring of the intruder, remarking that he would have shut the cracker out right away. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53471,00.html --7 November 2000 DDoS Suspect will Plead Guilty The Montreal teenager, who goes by the name Mafiaboy agreed to plead guilty to most of 66 charges associated with launching the distributed denial of service (DDoS) attacks against such sites as Yahoo.com, eBay.com, and Amazon.com. Under Canadian law, he could face a fine of $1000 (Canadian - $650 US) and two years in prison. http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53492,00.html 3. New & Improved: NetScreen-100 receives IPSec VPN Gateway Tester's Top Choice Award NetScreen Technologies, a leading developer of ASIC-based Internet security systems and appliances, today announced that Network Test Inc. and CommWeb awarded the Tester's Top Choice award to the NetScreen-100. The NetScreen-100, NetScreen's high-end security appliance, was cited as the fastest, most secure and cost-effective solution tested. The CommWeb-Network Test ranking reflected the importance of security, scalability, cost and ease of use, while zeroing in on performance as a key criterion for enterprise VPN gateways. The NetScreen-100 "had no security issues, the fastest throughput of any device we tested, and a reasonable price tag," wrote the test reviewers in the Sept. 14 online publication. "The NetScreen-100 delivers first-rate security, performance and manageability for half the price of some of its heaviest competition," the CommWeb review stated. "The price is especially impressive considering that the NetScreen-100 includes firewall and bandwidth-management functions at no additional charge." "VPNs are critical as the Internet becomes the de facto platform for e-business, but that doesn't mean that enterprises and service providers must sacrifice performance in order to use VPNs," said David Flynn, vice president of marketing at NetScreen Technologies. "While using the most stringent security techniques (including Triple DES encryption, IKE Key Management for secure key exchange and MD5 and SHA-1 authentication to ensure that data is protected) the CommWeb-Network Test review shows that the NetScreen-100 is still able to outperform all other VPN gateways in its class." The NetScreen-100 is geared for high-traffic sites, such as e-businesses and corporate headquarters locations. The NetScreen-100 offers near wire-speed performance of 100 Mbps while handling 128,000 simultaneous TCP connections and 1,000 VPN tunnels. About NetScreen Technologies NetScreen Technologies develops ASIC-based Internet security appliances and systems that delivers high performance firewall, VPN and traffic shaping functionality to Internet data centers, e-business sites, broadband service providers and application service providers. This offers customers wire-speed performance, scalability, and manageability in one comprehensive security solution. NetScreen is located at 2860 San Tomas Expressway, Santa Clara, CA 95051. More information on NetScreen's products can be found by calling Charlene Nand of DTM Systems Corporation at4. Exploit of the week The IIS Web Server Folder Traversal Vulnerability reportedly allowed a Dutch hacker, who goes by the alias Dimitri, to penetrate a Microsoft server that hosts events and redirects information for the Redmond, Wash. company's Web site. While Dimitri broke into a semi-retired server, it provided him a potential platform for distributing malware, including reversed-engineered backdoors and Trojan horses, and access to encrypted files containing administrator user names and passwords. Microsoft confirmed Dimitri hacked into their server, but considers it a minor intrusion because of the server's low value. The company says the intrusion was a result of not applying the IIS patch across its entire network, which left a server slated to be taken out of service vulnerable to attack. Technicians are in the process of correcting the vulnerability and ensuring other servers have received the patch. http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Microsoft IIS 4.0: http://www.microsoft.com/ntserver/nts/downloads/critical/q269862 Microsoft IIS 5.0: http://www.microsoft.com/windows2000/downloads/critical/q269862 5. DTM Announcements DTM was a proud participant and Gold-level sponsor of the Westcoast Security Forum 2000. Ian Watson, DTM's Senior Information Security Consultant, hosted a technology session "Defensive Tactics for Defeating Distributed Attacks" Distributed denial of service attacks highlight security weaknesses in hosts and software used in the Internet that put electronic commerce at risk. With the advent of attacks such as Trinoo, TFN, TFN2K and stacheldraht, there is an extreme interest in finding solutions that thwart or defeat such attacks. These attacks also illuminate several recent trends and serve as a warning for the kinds of high-impact attacks that we may see in the near future. Ian's presentation evaluated distributed attacks in general; the intent was not to devise or recommend protocol revisions, but instead, to illustrate useable solutions that can be implemented at a fairly low cost. TO SUBSCRIBE TO THE LIST Send an Email to [email protected] with "Subscribe inSecurity News" in the Subject line. TO UNSUBSCRIBE FROM THE LIST Reply back to [email protected] with "Unsubscribe inSecurity News" in the Subject line. TO CHANGE YOUR ADDRESS First unsubscribe and then resubscribe as per the procedure above. Things Our Lawyers Make Us Say: This document is provided for informational purposes only. The information contained in this document represents the current view of DTM Systems Corporation on the issues discussed as of the date of publication. Because DTM Systems Corporation must respond to changes in market conditions, it should not be interpreted to be a commitment on the part of DTM Systems Corporation and DTM Systems Corporation cannot guarantee the accuracy of any information presented after the date of publication. INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. The user assumes the entire risk as to the accuracy and the use of this document. This document may be copied and distributed subject to the following conditions: 1) All text must be copied without modification and all pages must be included; 2) All copies must contain DTM Systems Corporation's copyright notice and any other notices provided therein; and 3) This document may not be distributed for profit. All trademarks acknowledged. Copyright DTM Systems Corporation, 2000. We are signing the DTM inSecurity News with PGP. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|