SecurityFocus Microsoft Newsletter #61
From: Marc Fossi (mfossi@securityfocus.com)Date: 11/19/01
- Previous message: Jacob Bresciani: "Re: IE cookies assigned to RAM disk survive reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 Nov 2001 13:53:35 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com> Subject: SecurityFocus Microsoft Newsletter #61 Message-ID: <Pine.GSO.4.30.0111191353180.26358-100000@mail.securityfocus.com>
SecurityFocus Microsoft Newsletter #61
------------------------------------------
Sponsored by VeriSign - The Internet Trust Company
Do you need to encrypt all your online transactions? Secure corporate
intranets? Authenticate your Web site? Whatever security your site needs,
you'll find the perfect solution in this FREE Guide from VeriSign,
"Securing Your Web site for Business." Get your copy today to learn the
facts!
http://www.verisign.com/cgi-bin/go.cgi?a=n094565680057000
===========================================================
I. FRONT AND CENTER
1. Advertising Information
2. The Evolution of Intrusion Detection Systems
3. Authentication as the Foundation for eBusiness
4. Episode Twelve: The Serpent's Tooth
5. Overview of LIDS, Part Three
II. MICROSOFT VULNERABILITY SUMMARY
1. Cisco 12000 Series Internet Router ACL Failure To Drop Packets...
2. Cisco 12000 Series Internet Router Denial Of Service Vulnerability
3. Cisco Access Control List Fragment Non-blocking Vulnerability
4. Cisco 12000 Outgoing ACL Fragmented Packet Vulnerability
5. Acme THTTPD/Mini_HTTPD File Disclosure Vulnerability
6. Cistron RADIUS Digest Calculation Buffer Overflow Vulnerability
7. RedHat Linux Korean Installation Insecure Default UMask...
8. Microsoft Windows 2000 RunAs User Credentials Exposure...
9. Microsoft Windows 2000 RunAs Service Named Pipe Hijacking...
10. Microsoft Windows 2000 RunAs Service Denial of Services...
III. MICROSOFT FOCUS LIST SUMMARY
1. Batching Hot-fix installation (Thread)
2. auditing PCs (Thread)
3. file?? (Thread)
4. Encryption between standalone hosts (Thread)
5. Web monitoring tool ala George Orwell. (Thread)
6. Single sign-on capability? (Thread)
7. Cached Network Password (Thread)
8. Password-change Audit Failures & Security Template Bug (Thread)
9. local admin compromised (Thread)
10. MS DNS strangeness (Thread)
11. Password management WAS: local admin compromised (Thread)
12. Direct Hosting Safer than NetBIOS? (Thread)
13. SV: Password management WAS: local admin compromised (Thread)
14. Proper hotfix order (Thread)
15. Win 9X File and Print Sharing (Thread)
16. Strange IIS behavior, (Thread)
17. Domain Question (Thread)
18. SecurityFocus.com Microsoft Newsletter #60 (Thread)
19. Strange IIS behavior (Possible non-publicized DoS) (Thread)
20. Can you disable shutdown but not restart? (Thread)
21. search & destroy spyware (Thread)
22. Advanced batch files for Hotfix Reporter... (Thread)
23. Two different password life within a NT4 domain (Thread)
24. ms_webcheckmonitor (Thread)
25. New hashing tool released (Thread)
26. SOLVED: Anybody know what this is? (Thread)
27. SecurityFocus Microsoft Newsletter #59 (Thread)
28. Anybody know what this is? (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. WorldSecure Server
2. NET.S@FE
3. Silent Watch
4. Exceleration PolicyWare
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. XMail v1.2
2. Anubis v1.0.5
3. Archaeopteryx v1.0
4. AID - Adaptive Intrusion Detection
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak directly
with a customer service representative, please call +1(650) 655-6350.
2. The Evolution of Intrusion Detection Systems
by By Paul Innella, Tetrad Digital Integrity, LLC
I am currently working with a client who asked me to choose an intrusion
detection system (IDS) to deploy in their environment. I have been working
with intrusion detection since it was virtually unknown, so it would seem
the decision would be quite simple. On the contrary, with all of the
different components and vendors to choose from, IDS offerings have become
pretty complex. That led me to wonder how IDS technology has progressed to
its current state. So, I invested some time trying to figure it out. Now
that I have, let me tell you, it is enough to induce a headache.
Nonetheless, I wrote this article to share my findings with you. If you
are ready for a discussion about the evolution of IDS, then read on;
however, be forewarned, the history of intrusion detection is as confusing
as Greenspan's economic strategies.
http://www.securityfocus.com/infocus/1514
3. Authentication as the Foundation for eBusiness
by Diana Kelley
This article outlines the reasons why authentication is critical for a
successful business, along with a discussion of the two main security
methods it can be applied to. Additionally, this article will discuss
authentication methods that are currently available, along with some
factors that businesses must take into account to ensure they choose an
authentication system that makes the most sense for them.
http://www.securityfocus.com/infocus/1513
4. Chasing the Wind, Episode Twelve: The Serpent's Tooth
by Robert G. Ferrell
Jake and Deanna sat in a quiet little out-of-the-way Oriental restaurant
in the old King William district and gazed into one another's eyes. They
held hands across a small antique table equipped with a brightly colored
vinyl tablecloth, a small candle in a knobby red glass vase, and a single
artificial flower that had seen better days. They weren't so much
romancing as simply drawing support from one another. The shock of recent
events had begun to wear off, leaving in its wake a dull melange of fear,
sadness, and a deep sense of innocence lost. Life was suddenly rather
empty and forlorn, as though the laughter of nearby children and the
verdant aroma of honeysuckle had been abruptly banished from the world.
Though the South Texas air was still quite warm, the city, the planet, the
universe, seemed cold and harsh. It was hard to remember the smiles of
friends, or celebrations, or joy, or the elations of the past. They clung
to one another and hoped that the light would gradually return, although
they sensed somehow that it could never be the same illumination they had
once known.
http://www.securityfocus.com/infocus/1512
5. Overview of LIDS, Part Three
by Brian Hatch
This is the third part of a four-part article devoted to the exploration
of LIDS, a Linux kernel patch that will allow users to take away the
all-powerful nature of root. The first article in this series offered an
overview of LIDS. The second installment looked at file restrictions, LIDS
File ACLs, and LIDS enhancements of Linux capabilities. This installment
will discuss granting capabilities, the LIDS-specific capabilities, ACL
inheritance and time-based ACLs.
http://www.securityfocus.com/infocus/1510
II. BUGTRAQ SUMMARY
-------------------
1. Cisco 12000 Series Internet Router ACL Failure To Drop Packets...
BugTraq ID: 3536
Remote: Yes
Date Published: Nov 14, 2001
Relevant URL:
http://www.securityfocus.com/bid/3536
Summary:
Cisco 12000 Series Internet Routers with line cards based on Engine 2 are
prone to an unusual issue where they may fail to drop packets.
This issue occurs when an outgoing Access Control List(ACL) is exactly 448
lines and the last statement is not explicitly a "deny ip any any" rule.
The result is that some packets will not be dropped, potentially allowing
restricted traffic into the network.
Cisco has assigned Vulnerability CSCdu03323 to this issue.
2. Cisco 12000 Series Internet Router Denial Of Service Vulnerability
BugTraq ID: 3534
Remote: Yes
Date Published: Nov 14, 2001
Relevant URL:
http://www.securityfocus.com/bid/3534
Summary:
Cisco 12000 Series Internet Routers are prone to a denial of service
condition. If circumstances require an affected router to send out a large
of number of ICMP Unreachable packets, this may starve CPU resources and
cause services to be denied. Successful exploitation may cause the router
to stop forwarding packets.
This condition may occur when the router is "Black Hole" filtering.
It should be noted that this vulnerability only affects certain Cisco
12000 Series Internet Routers, and other Cisco router products should not
be considered vulnerable.
Cisco classifies this issue under Vulnerability CSCdr46528, Vulnerability
CSCds36541 and Vulnerability CSCdt66560.
3. Cisco Access Control List Fragment Non-blocking Vulnerability
BugTraq ID: 3535
Remote: Yes
Date Published: Nov 14, 2001
Relevant URL:
http://www.securityfocus.com/bid/3535
Summary:
Cisco IOS is the router firmware included with numerous devices
manufactured by Cisco Systems.
IOS on Cisco 12000 series routers with Engine 2 based cards do not
properly filter fragmented packets with access control entries.
Non-initial fragmented packets sent to a protected host will bypass the
ACL.
This could allow a user to communicate with 'protected' hosts, bypassing
security policy.
4. Cisco 12000 Outgoing ACL Fragmented Packet Vulnerability
BugTraq ID: 3538
Remote: Yes
Date Published: Nov 14, 2001
Relevant URL:
http://www.securityfocus.com/bid/3538
Summary:
Cisco IOS is the router firmware included with numerous devices
manufactured by Cisco Systems.
IOS on Cisco 12000 series routers with Engine 2 based cards may fail to
block intended traffic using outgoing ACLs. Outgoing ACL lists do not
support the keyword 'fragment', and will ignore it. If the keyword is
included in the ACL, fragmented packets will not be evaluated against the
associated rules, possibly bypassing security policy.
5. Acme THTTPD/Mini_HTTPD File Disclosure Vulnerability
BugTraq ID: 3528
Remote: Yes
Date Published: Nov 13, 2001
Relevant URL:
http://www.securityfocus.com/bid/3528
Summary:
Acme THTTPD and Mini_HTTPD are both small web servers and will run on
Freebsd, SunOs, Solaris, Linux, and other Unix operating systems. They are
freely available and maintained by Acme Laboratories.
Both of these programs are prone to an issue which may allow a remote
attacker to make a specially crafted web request which is capable of
displaying arbitrary files on a vulnerable host. This may occur if the
attacker appends a '/' to a request for an existing files. Files that
exist in protected directories or that are marked 403(but not
world-readable) may be retrieved in this manner. This issue may be taken
advantage of to retrieve '.htpasswd' files.
It should be noted that THTTPD Secure Webserver is only prone to this
issue when the 'chroot' option is enabled. Mini_HTTPD is affected
regardless of any settings.
Though the vendor has acknowledged and patched the problem, there have
been reports that some environments may not be vulnerable to this issue.
For example, systems running Acme thttpd 2.20b on FreeBSD and some Linux
distributions.
6. Cistron RADIUS Digest Calculation Buffer Overflow Vulnerability
BugTraq ID: 3530
Remote: Yes
Date Published: Nov 13, 2001
Relevant URL:
http://www.securityfocus.com/bid/3530
Summary:
Cistron is a popular RADIUS server implementation. It contains a buffer
overflow error in a function used to calculate a message digest.
While it is not believed that this vulnerability can be used to execute
arbitrary code, it may cause a sementation fault. This will cause the
server to crash, leading to a remote DoS attack.
It is possible that other servers based on the Cistron source code are
also vulnerable.
7. RedHat Linux Korean Installation Insecure Default UMask Vulnerability
BugTraq ID: 3527
Remote: No
Date Published: Nov 13, 2001
Relevant URL:
http://www.securityfocus.com/bid/3527
Summary:
RedHat Linux is the UNIX clone operating system distributed by Red Hat,
Incorporated. It is freely available, and open source.
A problem with the operating system has been discovered that under some
circumstances could lead to local users gaining unauthorized privileges.
The problem is in the implementation of umask with some installations. The
Korean installation of RedHat Linux sets a default umask of 000, meaning
all files created on the system are mode 777 by default.
This makes it possible for a local user to gain elevated privileges, and
potentially administrative access.
8. Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
BugTraq ID: 3184
Remote: No
Date Published: Nov 12, 2001
Relevant URL:
http://www.securityfocus.com/bid/3184
Summary:
The Windows 2000 RunAs service allows an application or service to be
executed as a different user. It is accessed by holding down the shift key
and right mouse clicking on an icon, then selecting 'Run as...' from the
context menu.
When a command is executed using the RunAs command, the user must supply a
username and password in order for the command to complete. After the
RunAs utility has terminated, the user credentials supplied to execute the
command are still stored (in cleartext) in memory.
These credentials may be retrievable by other processes who have been
allocated the page previously used by the instance of RunAs.
Microsoft has claimed that they are unable to reproduce this behaviour,
however, if the application does not zero out its physical memory after
the process exits, the contents of those memory pages should remain
intact.
9. Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
BugTraq ID: 3185
Remote: No
Date Published: Nov 12, 2001
Relevant URL:
http://www.securityfocus.com/bid/3185
Summary:
The Windows 2000 RunAs service allows an application or service to be
executed as a different user. It is accessed by holding down the shift key
and right mouse clicking on an icon, then selecting 'Run as...' from the
context menu.
When the RunAs service is invoked, it creates a named pipe for client for
communication of credentials (in cleartext).
If the RunAs service is stopped, the attacker can create a named pipe with
the same name to which credentials will be communicated when another user
tries to use 'RunAs'.
10. Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
BugTraq ID: 3291
Remote: Yes
Date Published: Nov 12, 2001
Relevant URL:
http://www.securityfocus.com/bid/3291
Summary:
The Windows 2000 RunAs service allows an application or service to be
executed as a different user. It is accessed by holding down the shift key
and right mouse clicking on an icon, then selecting 'Run as...' from the
context menu.
When the service is invoked, it creates a named pipe session with the
specified server for authentication of credentials. The RunAs service only
allows one instance of this session at a time. If a client were to create
this pipe on the server without requesting any service, other clients
would be unable to connect to this service.
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Batching Hot-fix installation (Thread)
Relevant URL:
20011116043434.24759.qmail@securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011116043434.24759.qmail@securityfocus.com&threads=1
2. auditing PCs (Thread)
Relevant URL:
3. file?? (Thread)
Relevant URL:
20011116020656.52902.qmail@web20509.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011116020656.52902.qmail@web20509.mail.yahoo.com&threads=1
4. Encryption between standalone hosts (Thread)
Relevant URL:
301e060a@lauradominion.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=016b01c16e26$1ab90430$301e060a@lauradominion.com&threads=1
5. Web monitoring tool ala George Orwell. (Thread)
Relevant URL:
DBC363EA37C5D311823A00508BCF2A6A09699828@seamail.ssofa.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=DBC363EA37C5D311823A00508BCF2A6A09699828@seamail.ssofa.com&threads=1
6. Single sign-on capability? (Thread)
Relevant URL:
3BF42669.2283B033@ai.mit.edu&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3BF42669.2283B033@ai.mit.edu&threads=1
7. Cached Network Password (Thread)
Relevant URL:
2DBFCBE6D1DAD11191E300805F577D1202C10FD6@exchange104.comp.pge.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=2DBFCBE6D1DAD11191E300805F577D1202C10FD6@exchange104.comp.pge.com&threads=1
8. Password-change Audit Failures & Security Template Bug (Thread)
Relevant URL:
5DFDA65A902AD411B5C80020352A82980503547A@se001031.rbc1.royalbank.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5DFDA65A902AD411B5C80020352A82980503547A@se001031.rbc1.royalbank.com&threads=1
9. local admin compromised (Thread)
Relevant URL:
04F92BA33955D51195B700508B4AB6E911F00C@dslak13.dnznet.co.nz&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=04F92BA33955D51195B700508B4AB6E911F00C@dslak13.dnznet.co.nz&threads=1
10. MS DNS strangeness (Thread)
Relevant URL:
Pine.LNX.4.33.0111140927270.30382-100000@abalone.zerobelow.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.LNX.4.33.0111140927270.30382-100000@abalone.zerobelow.org&threads=1
11. Password management WAS: local admin compromised (Thread)
Relevant URL:
6400000a@leafgrove.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=006901c16ce9$e84350b0$6400000a@leafgrove.com&threads=1
12. Direct Hosting Safer than NetBIOS? (Thread)
Relevant URL:
13. SV: Password management WAS: local admin compromised (Thread)
Relevant URL:
C7CE3745EA634A42AC64A22D8FE0D3F4071104@nt-as9.bbsas.no&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=C7CE3745EA634A42AC64A22D8FE0D3F4071104@nt-as9.bbsas.no&threads=1
14. Proper hotfix order (Thread)
Relevant URL:
0393D629EEDEC246956A0F2CEBF8F83B01A411@njmail1.dbma.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=0393D629EEDEC246956A0F2CEBF8F83B01A411@njmail1.dbma.com&threads=1
15. Win 9X File and Print Sharing (Thread)
Relevant URL:
EBEKIPJCIAPMGAMINGHHEENEDAAA.andrewk@spray-quip.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=EBEKIPJCIAPMGAMINGHHEENEDAAA.andrewk@spray-quip.com&threads=1
16. Strange IIS behavior, (Thread)
Relevant URL:
6F11274B628C564AA0A0D756F1E2C21E03CF22@DOLXCH05.DOL.int&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=6F11274B628C564AA0A0D756F1E2C21E03CF22@DOLXCH05.DOL.int&threads=1
17. Domain Question (Thread)
Relevant URL:
DFE0540916A5D5119E8B0003477A07AA054D@h5s64a32n192.user.nortelnetworks.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=DFE0540916A5D5119E8B0003477A07AA054D@h5s64a32n192.user.nortelnetworks.com&threads=1
18. SecurityFocus.com Microsoft Newsletter #60 (Thread)
Relevant URL:
Pine.GSO.4.30.0111121238210.4046-100000@mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0111121238210.4046-100000@mail.securityfocus.com&threads=1
19. Strange IIS behavior (Possible non-publicized DoS) (Thread)
Relevant URL:
Pine.GSO.4.30.0111121221260.4046-100000@mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0111121221260.4046-100000@mail.securityfocus.com&threads=1
20. Can you disable shutdown but not restart? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3BEE46AD.24938.55ED813@localhost&threads=1
21. search & destroy spyware (Thread)
Relevant URL:
22. Advanced batch files for Hotfix Reporter... (Thread)
Relevant URL:
D503BBD92FE9D2118A010008C75F6448108A1DE9@usnssexc20.us.kworld.kpmg.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=D503BBD92FE9D2118A010008C75F6448108A1DE9@usnssexc20.us.kworld.kpmg.com&threads=1
23. Two different password life within a NT4 domain (Thread)
Relevant URL:
24. ms_webcheckmonitor (Thread)
Relevant URL:
25. New hashing tool released (Thread)
Relevant URL:
20011109165023.84580.qmail@web20508.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011109165023.84580.qmail@web20508.mail.yahoo.com&threads=1
26. SOLVED: Anybody know what this is? (Thread)
Relevant URL:
20011109155042.79824.qmail@web14407.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011109155042.79824.qmail@web14407.mail.yahoo.com&threads=1
27. SecurityFocus Microsoft Newsletter #59 (Thread)
Relevant URL:
Pine.GSO.4.30.0111090749410.10873-100000@mail.securityfocus.com">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0111090749410.10873-100000@mail.securityfocus.com &threads=1
28. Anybody know what this is? (Thread)
Relevant URL:
20011109120524.82511.qmail@web20507.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011109120524.82511.qmail@web20507.mail.yahoo.com&threads=1
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
---------------------------------------
1. WorldSecure Server
by Worldtalk
Platforms: Windows NT
Relevant URL:
http://www.worldtalk.com/Products/WSS/wss.shtm
Summary:
WorldSecure Server is an e-mail Firewall that allows administrators and
compliance officers to configure and enforce Internet mail security
policies for the entire organization. WorldSecure Server incorporates
several policy enforcement tools and e-mail security countermeasures,
including content control, encryption, archival, and virus scanning in one
integrated solution. WorldSecure Server provides powerful policy
management wizards that ease policy definition and enforcement.
2. NET.S@FE
by Modulo
Platforms: Windows 95/98, Windows NT
Relevant URL:
http://www.modulo.com.br/net_i.htm
Summary:
NET.S@FE is an integrated security systems that provides Internet/intranet
the security your valuable information needs. Concept • NET.S@FE is the
ultimate add-on to your firewall, criptography and access control systems.
•
NET.S@FE is a program for your corporate network that controls and
monitors Internet and intranet usage in your office. • With a simple and
easy to use interface, NET.S@FE expands the concept of security to
individual users, groups of users, and others, both inside and outside of
your business. Features • Automatically recognizes Novell and NT users
(ready to use upon installation). • Controls access by individual users
and groups of users. • Restricts access by web-site. • Restricts access by
service, i.e. IRC, HTTP, TCP, etc. • Controls access to internal networks
like e-mail, workgroup systems, and individual user applications. Benefits
•
Assures the integrity of your internal network information • Maximizes
your on-line resources and time. • Guarantees Internet access in direct
relationship to business objectives • Access trail provides location and
identity of unauthorized access attempts • Graphical use reports •
Clarifies and defines an internal Access Control Policy • Facilitates
e-mail administration
3. Silent Watch
by Adavi
Platforms: Windows 95/98, Windows NT
Relevant URL:
http://www.secure-it.co.uk/silentwatch.htm
Summary:
Desktop PC Surveillance software, monitor display, keylogs, URL logs and
define keyword dictionary to trigger alarms and monitor hundreds of PC's
remotely. Freeze PC's, block keyword trapped email and file transfers.
4. Exceleration PolicyWare
by NetBoost
Platforms: Windows NT
Relevant URL:
http://www.netboost.com/products/
Summary:
NetBoost's PolicyWare provides a new platform for building and deploying
an emerging breed of network policy enforcement applications that address
the complexities of today's corporate networks. Network policy enforcement
applications translate business policies into network behavior and include
firewall, intrusion detection, VPN, RMON probe, rate shaping, and web
caching systems. NetBoost partners with leading vendors of policy
enforcement applications and platforms to create flexible, scalable
solutions that make today's high–speed corporate networks more efficient,
controllable and intelligent. NetBoost provides significant time to market
and performance advantages for ISVs and network equipment manufacturers,
offering the flexibility of software development with the high–speed
performance of custom silicon. In implementation, NetBoost PolicyWare
solutions allow CIOs, network security managers, and network
administrators to deploy, update, and enforce network policies more
efficiently, as well as, maximize the performance of policy enforcement
applications and platforms.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. XMail v1.2
by Davide Libenzi davidel@xmailserver.org
Relevant URL:
http://www.xmailserver.org/
Platforms: FreeBSD, Linux, Solaris, Windows 2000, Windows NT
Summary:
XMail is an Internet and intranet mail server featuring an SMTP server,
POP3 server, finger server, multiple domains, no need for users to have a
real system account, SMTP relay checking, RBL/RSS/ORBS/DUL and custom ( IP
based and address based ) spam protection, SMTP authentication ( PLAIN
LOGIN CRAM-MD5 POP3-before-SMTP and custom ), a POP3 account syncronizer
with external POP3 accounts, aliases, custom mail processing, direct mail
files delivery, custom mail filters, mailing lists, remote administration,
custom mail exchangers, logging, and multi-platform code.
2. Anubis v1.0.5
by The Anubis Team ghostface@lodz.pdi.net
Relevant URL:
http://www.geocities.com/jolpkow/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Anubis is an anonymous email sender for Unix, BeOS, Win32, and AmigaOS. It
supports WinGates, encrypted TLS/SSL connections, remailers, anonymous
news posting, and more.
3. Archaeopteryx v1.0
by FoxThree
Relevant URL:
http://members.fortunecity.com/sektorsecurity/projects/archaeopteryx.html
Platforms: Windows 2000, Windows NT
Summary:
Archaeopteryx is a Passive mode OS Identification Tool. It is based off
Siphon v.666 by SubTerrain. It has a great GUI and a highly configurable
OS signature file. It uses POSIX threads for multi-threading (pthreads for
Win32). Also requires WinPCAP Drivers. We plan to support this tool
actively! So, please send all new OS signatures to us
4. AID - Adaptive Intrusion Detection
by Brandenburg University of Technology at Cottbus
Relevant URL:
http://www-rnks.informatik.tu-cottbus.de/~sobirey/aid.e.html
Platforms: Windows NT
Summary:
The development of AID (Adaptive Intrusion Detection system) is ongoing at
the Brandenburg University of Technology at Cottbus. The system is
designed for network audit based monitoring of local area networks and
used for investigating network and privacy oriented auditing. The research
project was funded by the Brandenburg Department of Science, Research and
Culture from 1994 to spring 1996.
The system has a client-server architecture consisting of a central
monitoring station and several agents (servers) on the monitored hosts.
The central station hosts a manager (client) and an expert system. The
agents take the audit data that were collected by the local audit
functions and convert them into an operating system independent data
format. By these means a monitoring of a heterogeneous UNIX environment is
supported. Then the audit data are transferred to the central monitoring
station, buffered in a cache and analysed by an RTworks based real-time
expert system. The manager provides functions for the security
administration of the monitored hosts. It controls their audit functions,
requests new audit data by controlled polling and returns the decisions of
the expert system to the agents. Secure RPC is used for the communication
between the manager and the agents.
VI. SPONSORSHIP INFORMATION
---------------------------
Sponsored by VeriSign - The Internet Trust Company
Do you need to encrypt all your online transactions? Secure corporate
intranets? Authenticate your Web site? Whatever security your site needs,
you'll find the perfect solution in this FREE Guide from VeriSign,
"Securing Your Web site for Business." Get your copy today to learn the
facts!
http://www.verisign.com/cgi-bin/go.cgi?a=n094565680057000
===========================================================
- Previous message: Jacob Bresciani: "Re: IE cookies assigned to RAM disk survive reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
