This newsletter is customized for:CheckPoint_Mailing_List
===============================================================
DTM inSecurity News
===============================================================
Thursday, November 30, 2000
Created for you by:
The Secure Internet Solutions Group and DTM Systems Corporation
===============================================================
CONTENTS
1. Today's Focus: Firewalls
2. Security News
18 November 2000 Christmas DDoS Threat
15 November 2000 Navidad and W95.Ussrhymn
13 November 2000 Tightening Web Security
10 November 2000 IIS Patch Released
10 November 2000 Navidad Worm Is Spreading
09 November 2000 Same Server Attacked Again At Microsoft
08 November 2000 Mideast Cyber Attacks Intensify
07 November 2000 Reactions to Microsoft's Security Breaches
07 November 2000 DDoS Suspect will Plead Guilty
3. New & Improved: NetScreen-100 receives Top Choice Award
4. Exploit of the Week: IIS 4.0/5.0 CGI File Name Inspection
5. DTM Announcements
===============================================================
1. Today's Focus: Firewalls
By: Ian J. Watson
Senior Information Security Consultant
The Internet is a valuable resource that enables your company to:
-communicate more efficiently with customers and suppliers
-reduce telecommunications costs
-provide information about yourself to customers and prospects
Your challenge is to deliver Internet services without compromising
the security of the corporate network. You need the ability to
control and manage information entering and leaving your network.
In a recent study by Information Week, 60% of respondents stated
that their network had been penetrated. It happened to them and
it can happen to you.
Internet technology provides a cost effective, global communications
infrastructure that enables worldwide access for employees,
customers, vendors, suppliers and key business partners. While this
is a critical requirement to collaborative information sharing, it
also exposes an organization's network to new risks and threats. How
can an organization keep its resources and information protected
from unauthorized network access, both inside and outside the
organization? Access control, a fundamental building block in any
security policy, addresses this issue.
In a survey undertaken by the FBI in cooperation with the Computer
Security institute, 73% of the respondents said their sites had been
penetrated by Hackers. Extrapolating from this, it is estimated
that the average corporate network is hacked approximately
12 to 15 times each year. Many times, these hacks occur without the
knowledge of the corporation being attacked. Statistics such as
these are a sobering reminder that no site is immune from Hacker
attacks.
Preventing assaults upon the data that forms the lifeblood of your
corporation takes a cooridinated effort from the system/network
administrators and users. Prevention can take many forms, but a
critical component in any protection scheme should be a full-featured
firewall. DTM and the Secure Internet Solutions Group offers
best-of-breed firewall solutions for you specific business needs.
2. Security News
--18 November 2000 Christmas DDoS Threat
Internet Security System's (ISS) research and development team warns
that crackers may be planing more Distributed Denial of Service
(DDoS)attacks this Christmas season. Companies should assemble
incident response teams and establish links with local law
enforcement.
http://sg.dailynews.yahoo.com/headlines/technology/article.html?s=sing
apore/headlines/001118/technology/newsbytes/Denial_of_Service_Attacks_
Planned_For_Christmas_-_ISS.html
--15 November 2000 Navidad and W95.Ussrhymn
The Navidad worm spreads by sending itself as a reply to all incoming
e-mail; while Navidad does not appear to destroy or change data, it
can freeze Windows systems. W95.Ussrhymn is programmed to start
destroying files on January 1 while playing a Soviet hymn.
http://www.wired.com/news/politics/0,1283,40195,00.html
--13 November 2000 Tightening Web Security
Security experts encourage e-merchants to heighten security in light
of recent cracker threats and the upcoming holiday shopping season.
Companies should increase firewall analysis and intrusion detection,
carefully inspect site usage logs, and use strong encryption to
protect customer data. Web sites should also have procedures in
place to detect and manage denial of service attacks.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53952,00.html
--10 November 2000 IIS patch Released, Could have prevented
breaches
Microsoft released a patch that addresses a serious flaw
in Microsoft IIS 5.0 "Web Server File Request Parsing" and fixes
the "Web Server Folder Traversal Vulnerability" issue, which was
exploited twice in recent weeks within Microsoft's own systems.
Vulnerable versions are IIS 5.0 and 4.0 with service packs 4 and
earlier. Users of IIS 4.0 who have not yet done so are urged to
upgrade to the latest service pack. A Microsoft bulletin
recommends that all customers running IIS 5.0 immediately apply
the patch for this vulnerability. Exploit code has not yet been
released.
This is the second network intrusion in two weeks suffered by the
software giant. Microsoft reported Oct. 26 that a hacker broke
into its system and accessed the source code of a product under
development. The FBI is investigating the incident.
http://www.nsfocus.com/english/homepage/sa_07.htm
http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
T5/EN-US/Q277873_W2K_SP2_x86_en.EXE
http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Microsoft IIS 4.0:
http://www.microsoft.com/ntserver/nts/downloads/critical/q269862
Microsoft IIS 5.0:
http://www.microsoft.com/windows2000/downloads/critical/q269862
--10 November 2000 Navidad Worm Is Spreading
Navidad spreads through in-boxes in Microsoft Outlook and Outlook
Express, and arrives as an attachment to a reply e-mail. If the
attachment is opened, an eye icon appears on the desktop in the
system tray. Clicking on the eye yields a button accompanied by a
message in Spanish, which, if clicked, installs a program that
prevents the computer from launching any executable applications.
http://www.cnn.com/2000/TECH/computing/11/10/navidad/index.html
Directions for manually removing the program:
http://vil.nai.com/vil/virusRemovalInstructions.asp?virus_k=98881
--9 November 2000 Same Server Attacked Again At Microsoft
The same Dutch cracker who broke a Microsoft server last week did so
again four days later.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53648,00.html
--8 November 2000 Mideast Cyber Attacks Intensify
The Mideast cyber war is escalating. One pro-Palestinian extremist
group is pursuing an attack plan that may take down Israeli e-
commerce. Another cyber activist warns that the US may also be
a target.
http://www.wired.com/news/print/0,1294,40030,00.html
--7 November 2000 Reactions to Microsoft's Security Breaches
Many IT professionals say they don't think any less of Microsoft
because of its recently disclosed security problems: security is not
a perfect science. One analyst questioned Microsoft's monitoring
of the intruder, remarking that he would have shut the cracker out
right away.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53471,00.html
--7 November 2000 DDoS Suspect will Plead Guilty
The Montreal teenager, who goes by the name Mafiaboy agreed to plead
guilty to most of 66 charges associated with launching the
distributed denial of service (DDoS) attacks against such sites as
Yahoo.com, eBay.com, and Amazon.com. Under Canadian law, he could
face a fine of $1000 (Canadian - $650 US) and two years in prison.
http://www.computerworld.com/cwi/story/0,1199,NAV47_STO53492,00.html
3. New & Improved:
NetScreen-100 receives IPSec VPN Gateway Tester's Top Choice Award
NetScreen Technologies, a leading developer of ASIC-based Internet
security systems and appliances, today announced that Network Test
Inc. and CommWeb awarded the Tester's Top Choice award to the
NetScreen-100. The NetScreen-100, NetScreen's high-end security
appliance, was cited as the fastest, most secure and cost-effective
solution tested.
The CommWeb-Network Test ranking reflected the importance of
security, scalability, cost and ease of use, while zeroing in on
performance as a key criterion for enterprise VPN gateways. The
NetScreen-100 "had no security issues, the fastest throughput of
any device we tested, and a reasonable price tag," wrote the test
reviewers in the Sept. 14 online publication.
"The NetScreen-100 delivers first-rate security, performance and
manageability for half the price of some of its heaviest
competition," the CommWeb review stated. "The price is especially
impressive considering that the NetScreen-100 includes firewall
and bandwidth-management functions at no additional charge."
"VPNs are critical as the Internet becomes the de facto platform for
e-business, but that doesn't mean that enterprises and service
providers must sacrifice performance in order to use VPNs," said
David Flynn, vice president of marketing at NetScreen Technologies.
"While using the most stringent security techniques (including
Triple DES encryption, IKE Key Management for secure key exchange
and MD5 and SHA-1 authentication to ensure that data is protected)
the CommWeb-Network Test review shows that the NetScreen-100 is
still able to outperform all other VPN gateways in its class."
The NetScreen-100 is geared for high-traffic sites, such as
e-businesses and corporate headquarters locations. The NetScreen-100
offers near wire-speed performance of 100 Mbps while handling 128,000
simultaneous TCP connections and 1,000 VPN tunnels.
About NetScreen Technologies
NetScreen Technologies develops ASIC-based Internet security
appliances and systems that delivers high performance firewall, VPN
and traffic shaping functionality to Internet data centers,
e-business sites, broadband service providers and application
service providers. This offers customers wire-speed performance,
scalability, and manageability in one comprehensive security
solution. NetScreen is located at 2860 San Tomas Expressway,
Santa Clara, CA 95051. More information on NetScreen's products
can be found by calling Charlene Nand of DTM Systems Corporation
at (604) 257-6706
4. Exploit of the week
The IIS Web Server Folder Traversal Vulnerability reportedly
allowed a Dutch hacker, who goes by the alias Dimitri, to
penetrate a Microsoft server that hosts events and redirects
information for the Redmond, Wash. company's Web site. While
Dimitri broke into a semi-retired server, it provided him a
potential platform for distributing malware, including
reversed-engineered backdoors and Trojan horses, and access to
encrypted files containing administrator user names and
passwords.
Microsoft confirmed Dimitri hacked into their server, but
considers it a minor intrusion because of the server's low value.
The company says the intrusion was a result of not applying the
IIS patch across its entire network, which left a server slated to
be taken out of service vulnerable to attack. Technicians are in
the process of correcting the vulnerability and ensuring other
servers have received the patch.
http://www.microsoft.com/technet/security/bulletin/MS00-086.asp
Microsoft IIS 4.0:
http://www.microsoft.com/ntserver/nts/downloads/critical/q269862
Microsoft IIS 5.0:
http://www.microsoft.com/windows2000/downloads/critical/q269862
5. DTM Announcements
DTM was a proud participant and Gold-level sponsor of the Westcoast
Security Forum 2000. Ian Watson, DTM's Senior Information Security
Consultant, hosted a technology session "Defensive Tactics for
Defeating Distributed Attacks"
Distributed denial of service attacks highlight security
weaknesses in hosts and software used in the Internet that put
electronic commerce at risk. With the advent of attacks such as
Trinoo, TFN, TFN2K and stacheldraht, there is an extreme interest
in finding solutions that thwart or defeat such attacks. These
attacks also illuminate several recent trends and serve as a
warning for the kinds of high-impact attacks that we may see in
the near future. Ian's presentation evaluated distributed
attacks in general; the intent was not to devise or recommend
protocol revisions, but instead, to illustrate useable solutions that
can be implemented at a fairly low cost.
TO SUBSCRIBE TO THE LIST
Send an Email to [EMAIL PROTECTED] with "Subscribe inSecurity
News" in the Subject line.
TO UNSUBSCRIBE FROM THE LIST
Reply back to [EMAIL PROTECTED] with "Unsubscribe inSecurity
News" in the Subject line.
TO CHANGE YOUR ADDRESS
First unsubscribe and then resubscribe as per the procedure above.
Things Our Lawyers Make Us Say:
This document is provided for informational purposes only.
The information contained in this document represents the current
view of DTM Systems Corporation on the issues discussed as
of the date of publication. Because DTM Systems Corporation must
respond to changes in market conditions, it should not be
interpreted to be a commitment on the part of DTM Systems
Corporation and DTM Systems Corporation cannot guarantee the
accuracy of any information presented after the date of publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the use of
this document. This document may be copied and distributed subject to
the following conditions: 1) All text must be copied without
modification and all pages must be included; 2) All copies must
contain DTM Systems Corporation's copyright notice and any other
notices provided therein; and 3) This document may not be distributed
for profit.
All trademarks acknowledged. Copyright DTM Systems Corporation, 2000.
We are signing the DTM inSecurity News with PGP.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
