Recommended Security Initiative #349 - Focus on Proactive Security

In these times when worms and viruses threaten information security at its core, a traditional reactive approach to security doesn’t provide enough protection. While reactive tools such as firewalls and IDSs are a crucial part of an overall security solution, proactive security, or protecting your web servers from attacks before they occur, is the best approach for the utmost protection.

Proactive security should include (but is not limited to) having defined and stringent administrative security policies in place, regularly analyzing the network for security vulnerabilities or possible weak points, educating employees on the ways they can help with the overall security of the network (password protection, email attachment limitations, etc.), and an overall awareness of the security community and how it affects your network as a whole.

CNET: Gartner: Companies Should Drop IIS
"Research group Gartner is advising businesses to 'immediately' replace their Microsoft Internet Information Server software with a more secure server application, following attacks on IIS by the worms CodeRed and Nimda." Full Article

SecurityFocus: Does IIS Have a Future?
"The Gartner Group recommends dumping Microsoft's web server software for alternatives. What are they smoking?" Full Article

Vnunet: 80,000 Microsoft Servers "Disappear"
"The impact of CodeRed and related viruses such as Nimda has caused over 150,000 IIS-based websites on around 80,000 different machines to disappear from the Internet." Full Article

Microsoft: It’s Time to End Information Anarchy
"The security community has long debated whether it's helpful or harmful to post details on how to exploit security vulnerabilities. The recent worms conclusively answer the question." Full Article

Q: I have installed Iris on my machine but I can only capture traffic originating from and coming to my machine. Why is this?

A: In a case like this, you are more than likely in a switched environment. A switch routes packets only to the machine it was intended for, therefore you will not be able to see the traffic on the entire network. To remedy this problem, either run Iris on a machine connected to your switch's "monitor" port, or run Iris on a hub installed before the switch.

Have a question you would like answered? Send it to versa@eEye.com, and win an eEye t-shirt if we select your question for an upcoming newsletter.

Retina 4.6 Beta Is Now Available
Clients, please refer to your Retina purchase email for instructions on obtaining updates. Full Article

Vnunet: eEye Captain of the IIS Protection Army
IIS has repeatedly been in the news for its poor security and kiddy friendly hacks. It's clear that relying on Microsoft and its patches is no longer good enough. Full Article

Iris™ Wins 2001 W2Knews Target Award for Best Traffic Monitor
Read more about Iris and the Target Awards on the eEye website. Full Article

eEye's Top-Ten Ways to Secure Your Windows Servers and Workstations

1. Set a strong password for the Administrator account.
2. Disable or delete any old and unnecessary accounts, such as disabling the 'Guest' account.
3. Pick a good antivirus software to install. Be sure to install all updates as well.
4. Remove all unnecessary file shares.
5. Verify that the registry has appropriate ACLs and that anonymous access is disabled.
6. Set an account lockout policy for all accounts including the administrator account.
7. Set strong password length and timeout policies.
8. Disable any unnecessary services.
9. Make sure that all disk partitions are formatted with NTFS.
10. Install the most recent Service Pack and hotfixes.

eEye at Black Hat
eEye Digital Security's Dale Coddington and Ryan Permeh are scheduled to speak at The Black Hat Briefings & Training Europe 2001 which will be held in The Grand Hotel Krasnapolsky in Dam Square, Amsterdam, the Netherlands from November 19-22, 2001. More

HOW TO SUBSCRIBE
To subscribe to this and other eEye newsletters, please visit: http://www.eeye.com/html/resources/newsletters/subscribe.html

FEEDBACK
The eEye newsletter staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to versa@eeye.com.

DISCLAIMER
The information within this newsletter may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

NOTICE
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of eEye. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email versa@eeye.com for permission.