Ferino Mardo | 2 Aug 14:41 2004

RE: Lotus Notes Security

In addition, if I recall correctly one can prevent the administrator
from looking at the user's files from the server by removing some
default settings in Domino. But you have to be aware that restoring or
resetting the password would be very difficult. Well at least that's how
I remembered it in R4.

2cents.

> -----Original Message-----
> From: roger.smith <at> calyonfinancial.com 
> [mailto:roger.smith <at> calyonfinancial.com] 
> Sent: Thursday, July 29, 2004 4:48 PM
> Subject: Re: Lotus Notes Security
> 
> 
> 
> 
> 
> 
> I preface this post by saying I am not a Notes Admin but 
> having done numerous audits and forensic investigations on 
> compromised Notes platforms I am comfortable with these 
> statements.  However, I don't mind being enlightened  by more 
> knowledgeable experts!
> 
> You have  a big challenge.
> Subject areas of concern:
>    1) Managing ID files and passwords.
>    2) Encryption
>    3) iNotes remote access - (eventually everyone wants remote access)
(Continue reading)

Ansgar -59cobalt- Wiechers | 1 Aug 19:45 2004
Picon

Re: AD in the DMZ . . . OK?

On 2004-08-01 Dieter Sarrazyn wrote:
> On 2004-07-30 Ansgar -59cobalt- Wiechers wrote:
>> On 2004-07-30 Dieter Sarrazyn wrote:
>>> Wouldn't using LDAP be a solution here? Every AD system is in fact
>>> also an ldap server.
>>> 
>>> If the only thing needed is authentication with userid/password,
>>> then this is fairly simple to do. A special group could be created
>>> containing all users that are allowed to use this type of
>>> authentication. Using a "ldap-read" user which has only read access
>>> to this group is pretty secure I guess.
>> 
>> If I'm reading you correctly that would still require access from the
>> DMZ to the DC, thus still violating the DMZ. No host in the DMZ
>> should ever be able to access any service inside the internal
>> network.
> 
> What about your email traffic then?

What about it? Your internal MTA polls the MTA in your DMZ which
receives mail from the outside world.

> The traffic I'm talking about is only a very limited ldap traffic with
> a very restricted user.

I know. However, it doesn't matter how limited the traffic is. The
internal network should not be accessible from the DMZ. Period. Of
course there may be exceptions, but I seriously doubt that a web-
application qualifies as such.

(Continue reading)

LINKCRAFT | 1 Aug 09:17 2004
Picon

RE: Network spyware detection


You may want to try Bulletproof Spyware-adware
remover.
Regards/LINKCRAFT

__________________________________________________
Do You Yahoo!?
Download the latest ringtones, games, and more!
http://sg.mobile.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Ansgar -59cobalt- Wiechers | 2 Aug 17:23 2004
Picon

Re: Access from DMZ Was: AD in the DMZ . . . OK?

On 2004-08-02 Depp, Dennis M. wrote:
> On 2004-07-30 Ansgar -59cobalt- Wiechers wrote:
>> If I'm reading you correctly that would still require access from the
>> DMZ to the DC, thus still violating the DMZ. No host in the DMZ
>> should ever be able to access any service inside the internal
>> network.
> 
> I've often wondered if this is really possible.  In today's
> environment, we have to provide some access to our internal networks
> either from the DMZ or from the internet.  (VPN for example.)  Is it
> possible to continue to stay with this phillosophy and still not have
> direct Internet connections into you secure network (even VPN
> connections). 

I would say that VPNs can be considered a special case since hosts
connected through a VPN are actually part of the internal network.

There *may* be reasons to violate a DMZ, however, these reasons should
be very well evaluated and I fail to see that simplified user management
for a web application should be reason enough.

Regards
Ansgar Wiechers
--

-- 
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
(Continue reading)

tim_edwards | 2 Aug 04:07 2004

Opinion about 3rd party security patch for Windows


Hi,

I have heard of the "StopListening" patch offered on nonebar.com 
via the GRC newsgroups. The author claims to be able to close 
down ALL ports that are open by default on a Win 2K/XP system,
thus closing the door to any worm-based infections and alleviating
the need for more OS patching. I haven't had a chance to try it out
yet, but can anyone who did let me know how much truth there is in 
that claim? 

Cheers,

Tim

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Picon

XP and RAS


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a good question, I have a friend who has an XP box.  She has dial-up
access to the Net.  Is it possible that
someone sent her a file that turn RAS on?  If so where should I tell her to look
in the control panel to turn RAS back
off.  She has recently installed McAfee's firewall, which is a step in the right
direction.

Herman F. Ebeling Jr.

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use < http://www.pgp.com
<http://www.pgp.com> >

mQGiBDqgVzkRBADGM2c6x9c0xfZI/fNeLAjuqnJkRvxoc7aLXreD6sj1pqlSdubz
U+BtlV3YD8niY+6eKwB+9V1SerkavA9NEjl0+RpfOLEkmnh+Hr3HiMZdw+JGImdp
MMtvdJOpfLBl+UmookedKHFuzKlaAJQ5640GuAkxM+eX5Yc0Ykg8MqXvrwCg/6Hg
XQX6JpPrQXgyopMFe9SOUVEEAKam1OpUtRXzFZgqYzI8jwzJMzgqRDVvkmb87Y4E
xIZN3ZYMslk/oIOI7/+OjKqf0mkdCsCEiVLNfcJ3btvpSclpGnOcSqIEG/cWZBqK
Rv0krePrzHFeDN5m/K3MB03JPBxp0BuD1OyKyx+3DvyDZ1iJy47Eoz31UXkzXShz
WJoQBACiHpne/m1RzM7CGqX4wJLzRhnSFv031YNWISBlNYhwO9yXpAyoVjWsmG7f
5id162Y8NLi0ZJcAjgV2GDJoCJeFUvYeoyFk9/pWn5SBZSG5mfdrr3BvhPhDk3Dj
8pW8D5+yn1CKZI6w5JVvbqrbO70pm9MYCWn3Jb7ZBJzvTWEV97Q0SGVybWFuIEZy
ZWRlcmljayBFYmVsaW5nIEpyLiA8aGZlYmVsaW5nanJAbHljb3MuY29tPokATgQQ
EQIADgUCOqBXOQQLAwIBAhkBAAoJEB/i52nbE9vTuqcAniTigLSXQ3XWNx9oQ025
AuAkCL2EAJ9Vsi+Rxo+zLg5JFol7e4VphTSQx7kEDQQ6oFc6EBAA+RigfloGYXpD
kJXcBWyHhuxh7M1FHw7Y4KN5xsncegus5D/jRpS2MEpT13wCFkiAtRXlKZmpnwd0
(Continue reading)

Handy, Mark (IT | 2 Aug 11:50 2004

RE: Network spyware detection

One problem here is that SAV only detects about 500 spyware products and
only provides a notification of detection.
There is no cleaning options involved.

Mark 

-----Original Message-----
From: Barber, Chris Mr. ATEC/Contractor
[mailto:Chris.M.Barber <at> atec.army.mil] 
Sent: 29 July 2004 14:20
To: 'security-basics <at> securityfocus.com'
Subject: RE: Network spyware detection

Ben,
	Symantec Antivirus 9.0 has that option built in.  With SAV
Enterprise you can manage all your SAV clients and have them scan for
AD/Spy ware.  It is not an automatic scan, but it can be setup as a
scheduled scan.
The schedule and the policy are pushed from the Enterprise server to the
clients.

Chris.

-----Original Message-----
From: Ben Huntley [mailto:benh <at> steffian.com]
Sent: Tuesday, July 27, 2004 8:10 AM
To: security-basics <at> securityfocus.com
Subject: Network spyware detection

hi,
(Continue reading)

Dieter Sarrazyn | 1 Aug 09:38 2004

RE: AD in the DMZ . . . OK?

What about your email traffic then?

The traffic I'm talking about is only a very limited ldap traffic with a
very restricted user.

Regards,
Dieter 

> -----Original Message-----
> From: Ansgar -59cobalt- Wiechers [mailto:bugtraq <at> planetcobalt.net] 
> Sent: vrijdag 30 juli 2004 20:54
> To: security-basics <at> securityfocus.com
> Subject: Re: AD in the DMZ . . . OK?
> 
> On 2004-07-30 Dieter Sarrazyn wrote:
> > Wouldn't using LDAP be a solution here? Every AD system is in fact 
> > also an ldap server.
> > 
> > If the only thing needed is authentication with 
> userid/password, then 
> > this is fairly simple to do. A special group could be created 
> > containing all users that are allowed to use this type of 
> > authentication. Using a "ldap-read" user which has only 
> read access to 
> > this group is pretty secure I guess.
> 
> If I'm reading you correctly that would still require access 
> from the DMZ to the DC, thus still violating the DMZ. No host 
> in the DMZ should ever be able to access any service inside 
> the internal network.
(Continue reading)

David Gillett | 2 Aug 18:11 2004

RE: fax software in the domain

  If the modem isn't configured to accept incoming calls, the line
can be configured not to have a reachable DID.  That will hold even
if someone later reconfigures the modem....
  On the other hand, either measure presumes that all this employee
needs to do is SEND faxes.  If they need to be able to receive them,
the line should feed an actual fax machine and not a general-purpose
computer on the network.

David Gillett

> -----Original Message-----
> From: Depp, Dennis M. [mailto:deppdm <at> ornl.gov]
> Sent: Monday, July 26, 2004 10:50 AM
> To: Juan B; security-basics <at> securityfocus.com
> Subject: RE: fax software in the domain
> 
> 
> Ensure the modem is not configured to accept incoming calls.  
> Also don't
> allow bridging or connection sharing on this pc.  I don't know if its
> possible to restrict access to ISPs or not.
> 
> Dennis
> 
> 
> -----Original Message-----
> From: Juan B [mailto:juanbabi <at> yahoo.com] 
> Sent: Saturday, July 24, 2004 6:06 AM
> To: security-basics <at> securityfocus.com
> Subject: fax software in the domain
(Continue reading)

RE: Network spyware detection

How do you detect ADS (Alternate Data Stream) being they are subterranean and hide inside the file system,
invisible to Window directory tools and most AV products ?? I heared Symantec Corporate edition has
protection if turned on but I'm not sure, anyone ???  

-----Original Message-----
From: Barber, Chris Mr. ATEC/Contractor
[mailto:Chris.M.Barber <at> atec.army.mil]
Sent: Thursday, July 29, 2004 9:20 AM
To: 'security-basics <at> securityfocus.com'
Subject: RE: Network spyware detection

Ben,
	Symantec Antivirus 9.0 has that option built in.  With SAV
Enterprise you can manage all your SAV clients and have them scan for AD/Spy
ware.  It is not an automatic scan, but it can be setup as a scheduled scan.
The schedule and the policy are pushed from the Enterprise server to the
clients.

Chris.

-----Original Message-----
From: Ben Huntley [mailto:benh <at> steffian.com] 
Sent: Tuesday, July 27, 2004 8:10 AM
To: security-basics <at> securityfocus.com
Subject: Network spyware detection

hi,

do any of you have recommendations/preferences regarding spyware detection
software appropriate for win2k networks?  spybot s&d 1.3 is part of our base
(Continue reading)


Gmane