Why is a network printer a security hole?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
 - 1
 - Open File-Security Warning This message on opening a network EXE is driving me crazy. One workstation has XP with IE7. I have tried every regisitry edit, security edit, open edit etc. I could find available and still no luck. I have seen hundreds of posts about this. Anyone have something new to try? Thanks Tag: Why is a network printer a security hole? Tag: 97019
 - 2
 - Immediate Disable of Terminated Employee First off, apologies if this subject has been covered before, but I did a search and couldn't find anything. Our situation is this: an employee was terminated today and his/her user account was disabled and password reset. In spite of this, the terminated employee was able to send emails on the company Exchange email up to 30 minutes later. I've been asked to find a way to make disabling the user account have the immediate effect of keeping them from sending emails or doing anything else on the domain. I know that disabling the user account will prevent the user from being able to log on to the domain, but it appears that a disabled user who is already logged on maintains some or all abilities to access resources such as email. Is this expected behavior in Windows 2003 AD? If so, is there a way to change this behavior? For example, is there a way to force a disabled user account to be logged off of any computer he/she is logged onto on the domain? For those who will make the very logical suggestion that the terminated user be immediately escorted off the premises: I appreciate it, but that sensible solution has already been rejected by management! Thanks in advance for any tips. -- JL Tag: Why is a network printer a security hole? Tag: 97015
 - 3
 - Automated CA build Creating a hands off PKI install. And Enterprise Root CA. I need to set the DN to the following. O=Parent Company OU=Child Company C=US Somehow, i seem to only be able to set the CA's name. not the Distinguished name. If I build the CA by hand, of course i can type it in. But the automatic version of this seems to be tricky. Here is my unattend.inf file: [components] certsrv=on CertSrv_Server=on CertSrv_Client=on [Certsrv_Server] CAType=EnterpriseRoot CSPProvider="Microsoft Strong Cryptographic Provider" HashAlgorithm=SHA1 KeyLength=2048 Locality="US" Name="XYZ Corp Experimental CA R3" Organization="Parent Corporation" OrganizationUnit="Child Corp" SharedFolder=c:\cainstall UseSharedFolder=Yes ValidityPeriod=5 ValidityPeriodUnits=Years Here is my reference: http://technet2.microsoft.com/windowsserver/en/library/fec76c5f-bc6f-411d-96a7-6cd0587c1dd91033.mspx?mfr=true I am using the following command prompt to launch it. sysocmgr /i:sysoc.inf /u:c:\cainstall\unattend.inf Anyone ever set the CA's DN from an unattended install? if so, how? -Wayne wayne_a_harris@hotmail.com Tag: Why is a network printer a security hole? Tag: 97011
 - 4
 - Microsoft Security Bulletin Minor Revisions, 12 Mar-08 <QP> ******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: March 12, 2008 ******************************************************************** Summary ======= The following bulletins have undergone a minor revision increment. Please see the appropriate bulletin for more details. * MS08-017 - Critical * MS08-016 - Critical * MS08-015 - Critical * MS08-014 - Critical Bulletin Information: ===================== * MS08-017 - Critical - http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx - Reason for Revision: V1.1 (March 12, 2008): Bulletin updated to reflect new download link for Microsoft Office Web Components 2000 for BizTalk Server 2000 and 2002. Also corrected the registry key for verifying the update for ISA Server. - Originally posted: March 11, 2008 - Updated: March 12, 2008 - Bulletin Severity Rating: Critical - Version: 1.1 * MS08-016 - Critical - http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx - Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also removed MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3. - Originally posted: March 11, 2008 - Updated: March 12, 2008 - Bulletin Severity Rating: Critical - Version: 1.1 * MS08-015 - Critical - http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx - Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also updated the vulnerability FAQs and the file information tables for Outlook 2000 and Outlook 2003. - Originally posted: March 11, 2008 - Updated: March 12, 2008 - Bulletin Severity Rating: Critical - Version: 1.1 * MS08-014 - Critical - http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx - Reason for Revision: V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. - Originally posted: March 11, 2008 - Updated: March 12, 2008 - Bulletin Severity Rating: Critical - Version: 1.1 </QP> Source: MSRC -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Tag: Why is a network printer a security hole? Tag: 97003
 - 5
 - Unknown workgroup in Microsoft Windows Network Recently a new workgroup/domain appeared in our "Network Neighborhood > Microsoft Windows Network" We are running Windows 2003 Server with Windows XP Pro workstations in our network. Two questions: 1. I only found this by chance when I was looking in Network Neighborhood. Is there a way that I could be alerted if a new workgroup or domain appear? 2. How can we track this back to who or what IP address device attached to the network? Thanks, Bill Tag: Why is a network printer a security hole? Tag: 96993
 - 6
 - The directory datatype cannot be converted to/from native DS datat Hi, We are using a LDAP sync service. We are facing no problem when it was run on Windows XP. But we are getting the following error on Windows Server 2003 with Service Pack 2. More importantly this error is coming once in a couple of days but this will executes continously. Thanks in advance for the help. Ram Mohan Tag: Why is a network printer a security hole? Tag: 96990
 - 7
 - Microsoft Security Bulletin (MS08-017) Hi, This with regards to the recent (March) security bulletin published, on the link http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx it says that Office 2003 SP3 is not affected, however the below link says that Office 2003 SP3 is affected, could someone please clarify this? http://www.microsoft.com/technet/security/current.aspx Thanks & Regards, Rajiv Saha Tag: Why is a network printer a security hole? Tag: 96989
 - 8
 - Can't get past Windows login??? When I enter my login info at initial Windows login in screen, it's not recognizing the user/password as correct? I don't have the Windows XP CD as it was loaded when I received it. Can I connect it to my PC and overwrite with my PCs Windows XP? If so, how? Thanks! Tag: Why is a network printer a security hole? Tag: 96985
 - 9
 - Secuirty Collection Does anyone know of a tool that will allow me to collect user and group information from multiple servers to be posted in an Excel spreadsheet or a SQL database? 99% of our servers are stand alone and we are in the process of auditing them. -- Todd W. Gage Network Administrator Preferred Mutual Insurance Co. Tag: Why is a network printer a security hole? Tag: 96982
 - 10
 - SSL and Remote Desktop Hi, I am trying to install a SSL certificate for Remote Desktop. I installed the Microsoftâ??s Certificate Services and since the computer is not part of a domain, the only option I had to install the CA as is stand alone. So everything went fine that. However, when Iâ??m in the certificate mmc and I try to request new certificate, I do not have the choice â??request certificateâ??. The choice does not exist. I have set this up on my domain and have no problems, however on this stand alone computer, I am unable to request certificate and get the SSL installed for Remote Desktop. Thanks, Sam Tag: Why is a network printer a security hole? Tag: 96974
 - 11
 - Webmasterslookup launches Encrypted Messaging Service. You want to send your girlfriend a message from the office and you'd rather the IT guys weren't reading your e-mail. You're messaging a potential client about the special offer you want to make and want to keep it a secret to your competitors. These are just some examples when you might want to keep your messages for yourself. Why Encrypt your messages? Encrypting a message keeps the contents of the message private by converting it from readable text to scrambled text. An encrypted message can be read only by recipients who have the private key to decrypt it. Encryption does not make your data secure. Not using encryption, however, means that any data in transit is as easy to read as a newspaper on your doorstep. Encryption at least ensures that anyone who does read your messages has had a hard time hacking it. The Webmasterslookup Encrypted Messaging Service will help you with your encrypting messaging needs. Issues you have to consider (I). - The Encryted Messaging Service of Webmasterslookup is a Private Key encryption system. Both parties share an encryption key, and the encryption key is also the one used to decrypt the message. The difficulty is sharing the key before you start encrypting the message - how do you safely transmit that key? In this system however the key is not transmitted but present on the internet. You only have to know which key to use. - Cryptanalysis, or the process of attempting to read the encrypted message without the key, is very much easier with modern computers than it has ever been before. Modern computers are fast enough to allow for 'brute force' methods of cryptanalysis - or using every possible key in turn until the 'plain text' version of the message is found. In this particular system however the key can be a temporary key with only a short lifetime. This makes it very hard to decrypt. The longer the key, the longer it takes to use the 'brute force' method of cryptanalysis - but it also makes the process of encrypting and decrypting the message slower. Key length is very important to the security of the encryption method - but the 'safe' key length changes every time CPU manufacturers bring out a new processor. You can choose your own key length in the Encrypted Messaging Service of WebmastersLookup. Benefits. * Encryption is done by an unknown unusual method. * The message is encrypted and stored in our database. It is not sent by e-mail. * We don't store IP`s or Web Keys in our database. * Only a notification is sent by e-mail to the recipient if you want it. * The receiver's e-mail address is the identifier, both users don't need a special account or membership. * You don't have to install a certificate. * A handshake with your personal computer secures your identity. * This web based service means no download, no special software and no need for a special mail client. * There are no traces of the message on your computer. * It is Free!! Go to http://www.webmasterslookup.com/esend.php to start sending your secret messages without any password or payment. Kind Regards, Wim Hoogenraad Tag: Why is a network printer a security hole? Tag: 96965
 - 12
 - PKI Question -- Moving CA to New Hardware We're preparing to lease refresh our PKI servers, which will mean moving them to new hardware. I've found a good Microsoft KB article on this (298138), but wanted to post here to see if anyone else has direct experience with this sort of thing. Specifically: -- are the procedures outlined in this KB article the same for the root CA and the issuing servers? -- does it matter whether the root CA or the issuing servers are done first? -- any landmines to avoid that aren't covered in this article? Thanks in advance for any advice! I really don't want to blow up our PKI infrastructure. -- JL Tag: Why is a network printer a security hole? Tag: 96964
 - 13
 - vista problems with defender, onecare, disk defragmenter I am having problems with my computer. Installing new virus software like onecare doesn't help. The problem may actually be related to onecare not even being able to open. It says restart comp or contact support if problem persists. My disk defragmenter hasn't been working like it did when i first go my computer around a year ago. it says it is degragmenting but just keeps syaing that forever. This has been going on for about a month. Also my windows defender won't open at all so i can't manage start up programs and turn defender on off. It tells me i need to turn it on when i try to open it but it won't let me turn it on. I think my problem is a virus or somethign. But considering i installed onecare and it won't open i am stuck. I have been able to have a person connect with windows remote assistance. If someone is willing to do that that would help. Tag: Why is a network printer a security hole? Tag: 96949
 - 14
 - Auto downloads and installs -- ? Okay, we've established that I have XP Home ed. with only SP1 installed. Now the question is: my updates preferences are set to automatically download AND install at 3 am every night, but clearly SP2 and a host of little hotfixes and stuff have not installed themselves. Is that because my computer is usually off at 3 am, or what? [I had once upon a time installed SP2 and it interfered with my other programs, so I uninstalled it, but realize I'm a bit behind the times now and there are some other apps I am looking at that require at least SP1a, which means I need to probably bite the bullet and do SP2 and its hotfixes etc.] My fear here is that SP2 and its progeny will lock up my computer and I'd then unable to get online or do anything at all, so I've been better off without SP2. Why does SP2 cause conflicts, and will my computer and its programs be operable when SP2 is installed, and if not, why not, and then what? Thanks. Tag: Why is a network printer a security hole? Tag: 96939
 - 15
 - HELP ! My PC has been compromised !! Last nite my PC behaves normally, but this morning, it took over 1 hour to boot up the XP. Now, in the tasking tray, I see tons and tons of messages are being sent out ! I have not configure this PC to send out emails. I use webmails. But now my PC is sending out tons and tons of emails !! The symantec norton antivirus is doing the "Symantec Email Scan" on those emails and the emails are jamming up the system. What can I do ???? What software should I use to remove this security breach ???? Please help !!!! Thank you !! Tag: Why is a network printer a security hole? Tag: 96928
 - 16
 - HELP ! My PC has been compromised !! Last nite my PC behaves normally, but this morning, it took over 1 hour to boot up the XP. Now, in the tasking tray, I see tons and tons of messages are being sent out ! I have not configure this PC to send out emails. I use webmails. But now my PC is sending out tons and tons of emails !! The symantec norton antivirus is doing the "Symantec Email Scan" on those emails and the emails are jamming up the system. What can I do ???? What software should I use to remove this security breach ???? Please help !!!! Thank you !! Tag: Why is a network printer a security hole? Tag: 96927
 - 17
 - PKI CA CRL Extension: "Inlcude in all CRLs" "Include in all CRLs. Specifies where to publish in the Active Directory when publishing manually" This option in the Extension list of the CA properties is named a little bit incomprehensible for me. Even though the CRL publishing properties are described in detail at Mircosoft: http://technet2.microsoft.com/windowsserver/en/library/073732b5-80f0-4cf0-bc8e-d8e055ce26491033.mspx?mfr=true What exactly does this option? As far as I understand, it is used for offline CAs, to manually publish CRLs in the Active Directory but exactly why and how? Where is the difference between "Include in all CRLs" and "Include in the CDP extension of issued certificates".? As far as I understood, these options just control if the CRLs are to be published at the specified location and/or if they are to be included in the certificates. MS describes this option with "The Include in all CRLs flag specifies that the Active Directory publication location should be included in the CRL itself.". Does this mean in the CDP extension of the certificate - I don't believe that, as there's still another option for that. Much confusion here... Thanks in advance for throwing some light on it.. Reinhard Tag: Why is a network printer a security hole? Tag: 96922
 - 18
 - PKI CRL LDAP location exposes infos about internal DS structure to I want to set up a 2 tier PKI based on W2K3. The issuing CA is AD integrated. Certificates are also to be provided to external customers for secure web transactions. Unfortunately, the LDAP URL in the CRL extensions exposes details about the internal AD structure and NB-name of the CA. I read about LDAP translation but couldn't find any info on how to implement that. How can I obscure these details on the internal AD structure? How critical would you value keeping these details in the CRLs? Microsoft themselves advise in their design documents to obscure it but unfortunately don't tell how... You help is really appreciated. Reinhard Tag: Why is a network printer a security hole? Tag: 96920
 - 19
 - Microsoft Award Lottery Dear Sir or Madam, I received the following mail. From: Microsoft Award Lottery <angeliquemitchell@eircom.net> Date: Sat, Mar 8, 2008 at 5:28 AM Subject: AWARD WINNER (Ref:MSN-...........) YOUR EMAIL ID HAVE WON (Â£500,000) To: This is to inform you that you have won a prize money of FIVE HUNDRED THOUSAND POUNDS (Â£500,000) for the month of Feburary 2008 Lottery promotion which is organized by YAHOO LOTTERY INC & WINDOWS LIVE.YAHOO & MICROSOFT WINDOWS........................etc. It's also include Batch Number,Winning Number and Reference Number.... Please consider me that it is really sent by Microsoft or not. Tag: Why is a network printer a security hole? Tag: 96917
 - 20
 - Microsoft Award Lottery Dear Sir or Madam, I received the following mail. From: Microsoft Award Lottery <angeliquemitchell@eircom.net> Date: Sat, Mar 8, 2008 at 5:28 AM Subject: AWARD WINNER (Ref:MSN-...........) YOUR EMAIL ID HAVE WON (Â£500,000) To: This is to inform you that you have won a prize money of FIVE HUNDRED THOUSAND POUNDS (Â£500,000) for the month of Feburary 2008 Lottery promotion which is organized by YAHOO LOTTERY INC & WINDOWS LIVE.YAHOO & MICROSOFT WINDOWS........................etc. It's also include Batch Number,Winning Number and Reference Number.... Please consider me that it is really sent by Microsoft or not. Tag: Why is a network printer a security hole? Tag: 96916
 - 21
 - How do I know if XP SP2 is installed? I have auto updates enabled, and the list of updates downloaded from MS is long and has a green checkmark next to most (the updates that have a mark showing the download failed are then shown a few days later as having succeeded wiith a green checkmark). XP SP2 has a green checkmark, but the explanations, in their usual circular manner, don't indicate whether the download AND the installation happen automatically, or only the download. How can I tell if SP2 is installed? Thanks. Tag: Why is a network printer a security hole? Tag: 96912
 - 22
 - Unique -- Limiting User to Inside Folder I have a program which links to an enterprise server in real-time. My program uses a DLL provided by the company who owns the server. This DLL is currently registered in C:\Windows. ============================ My security objective is to keep the server operator from accessing my system through their DLL (my machine remote access is disabled) if such code is included within the DLL -- or -- possibly turn on my remote access remotely (which I understand can be done) even though it is disabled. If I move the DLL to a specific directory (folder) along with my program, how do I configure my system so that: 1) I can execute my program as system administrator, and 2) Keep the server provider within the program directory I created without getting into other directories (folders) or drives on my system. Thanks David Tag: Why is a network printer a security hole? Tag: 96911
 - 23
 - banning the entry of IP address searches from within Internet Expl I have a problem in my School where the pupils have discovered a way to bypass my filtering. I can't think of away to stop them from entering IP addresses into Internet Explorer and bypassing the filtering through our external DNS filtering service. Would I use an ISA rule or is there a setting in GPO? Thanks Tag: Why is a network printer a security hole? Tag: 96905
 - 24
 - Reason Please! Hi all, I have one internal employee which used the hacking tool to scan our network and change our administror account. He did not get any permision and thought it help us to do internal assessment. Can anyone give me the reason why he should not do it in the production network? Thank you. Tag: Why is a network printer a security hole? Tag: 96891
 - 25
 - WLAN Security WPA EAP/TLS. Authentication Failed error I am setting up WLAN to secure our wireless network. I plan to use 802.1x EAP/TLS with certificates for the client machine and user. My issuing certificate server is Windows 2003 Enterprise and I have the certificates set to Autoenroll the machines in the correct AD group. WHen I check the machines, they appear to have the correct certificates installed. The AP is set for 802.1x and is pointed to the radius server. The radius server has the AP as a client. However, when trying to connect to the AP, I get a "Windows was unable to log you into the network" error after the initial connection to the AP. Ipconfig shows an ip address of 0.0.0.0. I need some help troubleshooting this issue. I've included some of the radius server log below but I don't see any obvious problems. Radius Server Log. "RAD1","IAS",03/04/2008,00:00:01,1,"me@mydomain.net","mydomain.net/InformationTechnology/me","00-1c-f0-59-df-d1","00-13-02-1e-98-44",,,"DWL-3140_WLS_SW","0.0.0.0",0,0,"10.1.0.101","AP_1",,,19,,,,5,"Connections to other access servers",0,"311 1 10.1.0.28 02/29/2008 18:01:15 31478",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,, "RAD1","IAS",03/04/2008,00:00:01,3,,"mydomain.net/InformationTechnology/Me",,,,,,,,0,"10.1.0.101","AP_1",,,,,,,5,"Connections to other access servers",66,"311 1 10.1.0.28 02/29/2008 18:01:15 31478",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,, I am really scratching my head on how to tell where the process is failing so any help would be greatly appreciated. Steve Halvorson Preferred Credit, Inc Tag: Why is a network printer a security hole? Tag: 96889
- Next
 - 1
 - Code signing a "Flash" .EXE file issue / Code sign any .EXE? Dear Group, Hope you can advice me with this! If this is not the right forum, your advice is also appreciated. ] Background To avoid that our customers are confronted with the 'unknown publisher' warnings (there are other valid reason to code sign...), we are using Code Signing and the related certificate from Verisign. Recently, I noted that one of the signed .exe's did not function as when it was unsigned (I'm able to reproduce). In fact, it was a Macromedia Flash in an .exe file. Unsigned it runs the Flash content perfectly, signed, it does not run any more. Just the Flash Player windows opens, the content does not play. The signature verifies OK. I had a similar experience with some flash content converted to .exe using a tool called FLAjector. After successful signing, executing the .exe triggers an "X Flash player not installed" error. Unsigned the .exe runs OK. ] Question I thought that *any* .exe could be signed, but the above example shows that in this case - though the signature itself appears OK - the resulting signed .exe does not work as before. Any suggestions on how to address this? Is this specific to Flash? Thanks, Wytze Tag: Why is a network printer a security hole? Tag: 96884
 - 2
 - Vista is infected. Hello, I'm using Vista as OS and I think my laptop is infected. After vista load and after I input my username and passsword, the screen goes black and cannot do anything else. Is there any solution or advice that can help save my laptop or reinstalling is the only suggestion? Thank you in advance! Mingo Tag: Why is a network printer a security hole? Tag: 96880
 - 3
 - Windows Firewall Dropping Return UDP Packets I have a Windows 2003 Server Domain Controller with Windows Firewall enabled and set up correctly, and the domain controller works fine. But I occasionally see dropped packets for protocols in the pfirewall.log file that are absolutely authorized for travel through the firewall. For example, we have rules that allow any incoming packets on UDP ports 53, 88, and 389, yet I still see entries in Windows firewall such as these: 2008-03-05 18:47:00 DROP UDP 192.168.14.121 192.168.105.13 3825 389 246 - - - - - - - RECEIVE 2008-03-05 18:47:00 DROP UDP 192.168.14.121 192.168.105.13 3825 389 246 - - - - - - - RECEIVE 2008-03-05 18:47:00 DROP UDP 192.168.14.121 192.168.105.13 3825 389 246 - - - - - - - RECEIVE 2008-03-05 18:47:00 DROP UDP 192.168.14.121 192.168.105.13 3825 389 246 - - - - - - - RECEIVE 2008-03-05 18:47:01 DROP UDP 192.168.14.121 192.168.105.13 3826 53 105 - - - - - - - RECEIVE 2008-03-05 18:47:02 DROP UDP 192.168.14.121 192.168.105.13 3830 88 1403 - - - - - - - RECEIVE 192.168.105.13 is the host that is protected by the firewall in this case, and 192.168.14.121 is a member server communicating to the domain controller. I'm well aware of the many special requirements that domain controllers have when used with firewalls. I don't need to read Knowledgebase 555381 for example. My question is under what circumstances does it make sense for the firewall to be blocking the above UDP packets when the firewall rule explicitly allows them as exceptions? Maybe someone who understands details about the Windows Firewall's internals could explain why such packets might be dropped. -- Will Tag: Why is a network printer a security hole? Tag: 96878
 - 4
 - XCACLS.VBS and error In doing the following: cscript c:\windows\XCACLS.vbs \\mi-mke-mcfile02\users\05822 /G MI \05822:F /f /t /e I am getting an error -2147023174: occurred in connecting to server. (msg#3203) error description: the rpc server is unavailable. Not sure why this is happening, everything is fine network wise Tag: Why is a network printer a security hole? Tag: 96874
 - 5
 - urgent help! Hi all, We just found out that our administrtator password was changed last night. I am looking at security logs now. Can anyone help me how I find out who changed the password and through which computer? any specific ID? Thank you!!! Windows 2003 R2 environment Tag: Why is a network printer a security hole? Tag: 96873
 - 6
 - CAPICOM and CSR or PKCS#10 Does anyone know if CAPICOM can help me to create a Certificate Signing Request (or a PKCS#10)? Thanks Roberto Tag: Why is a network printer a security hole? Tag: 96867
 - 7
 - LinkedIn groups for SBS users and security enthusiasts To all, For those of you that are LinkedIn users and fans of SBS, I have created a networking group on the LinkedIn system for you. You can join it at http://www.linkedin.com/e/gis/64458/7D7008666D31. ALSO: Please feel free to join my security group on LinkedIn. It is for the National Information Security Group. Join at http://www.linkedin.com/e/gis/43269/7DC2303017E0 Yours, Brad Dinerman _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group http://www.naisg.org Tag: Why is a network printer a security hole? Tag: 96866
 - 8
 - On security standards about home networks or digital home Can anyone give me some advices on how to find security standards about home networks or digital home? It can be world wide standards or just industry specific ones. Thanks. Tag: Why is a network printer a security hole? Tag: 96863
 - 9
 - "include in CDP" extention error - Reproducible error: Hi Folks, I have been messing around with the PKIView tool to figure out what makes it tick. I understand that if I make changes to the AIA and CDP extensions in the Cert Auth Properties, that I have to re-issue the CAExch cert because PKIView uses the data in that cert to show status of these locations. However, I have found something else that makes PKIView show errors. And I dont understand it. The error is reproducible. It has to do with the "Include in the CDP extension of issued certificates" check box for http URL entries for the CDP extension area of the Cert Auth Properties. In the help file it states that you "check this box if you want to use a URL as a CRL distribution point". that's confusing. I thought that adding the URLs in the first place showed users where to get CRL and CA cert files. So why the need for this additional checkbox? Anyway, i have 2 entries CDP entries. The registry shows them like this: 7:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10 4:http://%1/CertEnroll/%3%8%9.crl Here is the reproducible error. I highlight the HTTP URL and check the box to use the URL as a CRL distribution point, and then refresh PKIView. I get an error: DeltaCRL Location #2 Unable to download. This location is pointing to a file://BIGFIRMCA1.bigfirm.com/certenroll/bigfirm-CA1-CA(6)+.crl If I right click on the error and choose COPY URL, and paste that in a browser, I get a file. If I remove this check box the error goes away. This does not happen if I check of uncheck this box corresponding to the LDAP url. Why on earth is the location pointing to a FILE url anyway? And what is the connection with this setting? The certutil -verify urlfetch command output run on the newest CAExch cert is below too. Many thanks! Kristin PS - I know the verify url.txt file shows a bunch of lines like this: Wrong Issuer "Certificate (2)" Time: 0 I reissued the CA cert a bunch of times at one point to see what happened. I assume this is why i am seeing those lines..... Microsoft Windows [Version 6.0.6001] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\Administrator.BIGFIRM>certutil -verify -urlfetch c:\test4.cer Issuer: CN=bigfirm-BIGFIRMCA1-CA DC=bigfirm DC=com Subject: CN=bigfirm-BIGFIRMCA1-CA-Xchg DC=bigfirm DC=com Cert Serial Number: 6106c8b1000600000057 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwRevocationFreshnessTime: 1 Hours, 37 Minutes, 40 Seconds SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwRevocationFreshnessTime: 1 Hours, 37 Minutes, 40 Seconds CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0 Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com NotBefore: 3/4/2008 3:33 PM NotAfter: 3/11/2008 3:43 PM Subject: CN=bigfirm-BIGFIRMCA1-CA-Xchg, DC=bigfirm, DC=com Serial: 6106c8b1000600000057 Template: CAExchange Template: CA Exchange bf fa 68 00 46 b3 e6 df 46 47 51 da 2f be 28 b4 e5 09 cc 5d Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ---------------- Certificate AIA ---------------- Verified "Certificate (0)" Time: 0 [0.0] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (1)" Time: 0 [0.1] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (2)" Time: 0 [0.2] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (3)" Time: 0 [0.3] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (4)" Time: 0 [0.4] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (5)" Time: 0 [0.5] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Wrong Issuer "Certificate (6)" Time: 0 [0.6] ldap:///CN=bigfirm-BIGFIRMCA1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configur ation,DC=bigfirm,DC=com?cACertificate?base?objectClass=certificationAuthority Verified "Certificate (0)" Time: 0 [1.0] http://bigfirmca1.bigfirm.com/CertEnroll/BIGFIRMCA1.bigfirm.com_bigfirm-BIGFIRMCA1-CA(6).c rt ---------------- Certificate CDP ---------------- Verified "Base CRL (45)" Time: 0 [0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6).crl Verified "Delta CRL (45)" Time: 0 [0.0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl Failed "CDP" Time: 0 Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50) [0.1.0] file://BIGFIRMCA1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl ---------------- Base CRL CDP ---------------- OK "Delta CRL (46)" Time: 0 [0.0] http://bigfirmca1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl Failed "CDP" Time: 0 Error retrieving URL: The request is not supported. 0x80070032 (WIN32: 50) file://BIGFIRMCA1.bigfirm.com/CertEnroll/bigfirm-BIGFIRMCA1-CA(6)+.crl ---------------- Certificate OCSP ---------------- No URLs "None" Time: 0 -------------------------------- CRL 45: Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com 49 71 74 14 32 b5 ee 36 af 2f ed 59 f9 c0 91 83 63 08 5c d2 Delta CRL 46: Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com 4f 51 b4 1d b4 a4 8f 09 fc ab a1 01 eb ec 7e 91 cf 24 2b a1 Application[0] = 1.3.6.1.4.1.311.21.5 Private Key Archival CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0 Issuer: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com NotBefore: 3/4/2008 1:54 PM NotAfter: 3/5/2013 2:04 PM Subject: CN=bigfirm-BIGFIRMCA1-CA, DC=bigfirm, DC=com Serial: 2ef74929617bd7a744bd687ba6947828 1c 4e 88 de 4c c4 f4 82 bd 36 7c 8f 02 74 c0 1d df 7f 20 66 Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ---------------- Certificate AIA ---------------- No URLs "None" Time: 0 ---------------- Certificate CDP ---------------- No URLs "None" Time: 0 ---------------- Certificate OCSP ---------------- No URLs "None" Time: 0 -------------------------------- Exclude leaf cert: c1 18 ef 26 63 88 38 c6 b7 95 b7 8f 7f 85 79 e5 d8 00 2b f5 Full chain: a9 10 81 8e 4f ee 69 7b e5 6b 90 64 14 6e 51 52 30 e2 61 ae ------------------------------------ Verified Issuance Policies: None Verified Application Policies: 1.3.6.1.4.1.311.21.5 Private Key Archival Leaf certificate revocation check passed CertUtil: -verify command completed successfully. C:\Users\Administrator.BIGFIRM> Tag: Why is a network printer a security hole? Tag: 96862
 - 10
 - Not authorized to logon to Domain from this PC - error message We are migrating some special, secured, PCs to a new Active Directory Domain. A central IT technician was dispatched to lock down the PC and verify the PCs Information Assurance level. In the process Domain Users get (not exact quote) "Not authorized to logon to Domain from this PC" as an error message when attempting a logon. Only Domain Admins. can logon. Any advice ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Tag: Why is a network printer a security hole? Tag: 96857
 - 11
 - looking for individuals to run local security groups This is a multi-part message in MIME format. --------------070109020208050901090907 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hello, My name is Brad Dinerman. I am the founder and president of the National Information Security Group (NAISG, http://www.naisg.org). We are a US chapter-based organization of security professionals. Each chapter typically holds monthly meetings, but we also provide a number of online resources and an internationally recognized TechTips email list. Membership is ALWAYS free to the general public; there are no annual dues or fees. Our membership includes top notch security professionals, but the only requirement to join is that you have an *interest* in information security. You do not need to be a CISSP, MCSE or any other acronym. As of today, we have chapters in: * Boston, MA * New York City * Seattle, WA (coming soon) * Washington, DC (coming soon) * Silicon Valley, CA (coming soon) *We are looking for individuals who would be interested to form and lead chapters in other cities, whether in the US or even other countries.* The time commitment is not tremendous, and the position is totally voluntary. You would run the chapter simply for the enjoyment of promoting security. NAISG has excellent ties with the FBI, Infragard and local law-enforcement agencies. Members include administrators, managers, executive, law enforcement, educators/students and more. Members of the local press frequently attend meetings and do write-ups in their respective publications. If this is of interest to you, please check out our Web site at http://www.naisg.org. There are details there about some of the requirements and benefits of creating a chapter. Yours, Brad Dinerman -- _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group http://www.naisg.org --------------070109020208050901090907 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> </head> <body bgcolor="#ffffff" text="#000000"> Hello, My name is Brad Dinerman.  I am the founder and president of the National Information Security Group (NAISG, <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a>).  We are a US chapter-based organization of security professionals.  Each chapter typically holds monthly meetings, but we also provide a number of online resources and an internationally recognized TechTips email list.  Membership is ALWAYS free to the general public; there are no annual dues or fees.  Our membership includes top notch security professionals, but the only requirement to join is that you have an interest in information security.  You do not need to be a CISSP, MCSE or any other acronym. As of today, we have chapters in: <ul> <li>Boston, MA</li> <li>New York City</li> <li>Seattle, WA (coming soon)</li> <li>Washington, DC (coming soon)</li> <li>Silicon Valley, CA (coming soon)</li> </ul> We are looking for individuals who would be interested to form and lead chapters in other cities, whether in the US or even other countries.  The time commitment is not tremendous, and the position is totally voluntary.  You would run the chapter simply for the enjoyment of promoting security. NAISG has excellent ties with the FBI, Infragard and local law-enforcement agencies.  Members include administrators, managers, executive, law enforcement, educators/students and more.  Members of the local press frequently attend meetings and do write-ups in their respective publications. If this is of interest to you, please check out our Web site at <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a>.  There are details there about some of the requirements and benefits of creating a chapter. Yours, Brad Dinerman <pre class="moz-signature" cols="72">-- _______________________________________________ Bradley J. Dinerman, MVP - Enterprise Security President, National Information Security Group <a class="moz-txt-link-freetext" href="http://www.naisg.org">http://www.naisg.org</a> </pre> </body> </html> --------------070109020208050901090907-- Tag: Why is a network printer a security hole? Tag: 96856
 - 12
 - Recommended PKI book? Can anybody recommend a good book about PKI and Windows server (2003 server to be exact)? There are a few on Amazon and the like. Which ones are the better of the batch? Tag: Why is a network printer a security hole? Tag: 96853
 - 13
 - Setting up AD (W2K3) for SmartCard Authentication Can someone direct me to some articles that explain how to configure AD for Smart Card Authentication? If read various articles and they were not clear as to what is required and how to implement smartcard authentication. If this isn't the correct group, please let me know what the correct group would be. Thanks. Don Jones Tag: Why is a network printer a security hole? Tag: 96851
 - 14
 - Wireless authentication with AD & Cisco AIR-AP1231G-A-K9 Hi, I've read about using IAS to authenticate wireless users against AD but I can't find any detailed instructions on actually how to set everything up. I read about needing a CA and using certificates however is that really necessary? I was told that there is a way to create user accounts named after the MAC address of the wireless card. Does anyone know how to do this? Do I have to also distribute certificates to laptops? I could really use some help. A big thanks to anyone that can help me with this. Riley Tag: Why is a network printer a security hole? Tag: 96849
 - 15
 - Security Event Log Backup via script Hello, I have a problem I am beating my head against. I have a script that will backup the security event log and then clear it. It works perfectly as an administrator but a standard user cannot successfully run it. Script: --------------------------------------------------------------- 'Arguments fileName = WScript.Arguments.Item(0) logType = WScript.Arguments.Item(1) fullPathName = filename & ".evt" 'Display args passed Wscript.echo "Argument 0 - fileName :" & fileName Wscript.echo "Argument 1 - logType :" & logType Wscript.echo "fullPathName :" & fullPathName strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup,security)}!\\" & strComputer & "\root\cimv2") Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='" & logType & "'") For Each objLogfile in colLogFiles errBackupLog = objLogFile.BackupEventLog(fullPathName) If errBackupLog = 0 Then Wscript.Echo "The Security event log was backed up." objLogFile.ClearEventLog() End If If errBackupLog = 8 Then Wscript.Echo "Privilege missing!" End If If errBackupLog = 21 Then Wscript.Echo "Invalid Parameter in call" End If If errBackupLog = 183 Then Wscript.Echo "The archive file already exists." End If Next ---------------------------------------------------------------- I have tried assigning the following rights to my test user: Manage Auditing and Security Rights Impersonate a client after authentication backup files and directories From what I could find (which is somewhat sparse) it may have to do with needing to set a CustomSD to the security event log. I have no experience what so ever in regards to working with the windows security subsystems at that level. Nor am I sure you could do that on a stand alone machine that is not under a domain. The user can view the security event log in the event viewer but not save it it returns the error message "A required privilege is not held by the client". Anyone have any ideas? Thanks John Bates Raytheon Tag: Why is a network printer a security hole? Tag: 96845
 - 16
 - Securing data to a process identity Hello all - I've been looking for a way to do this, and I'm hoping someone either can point me at the obvious API that does this that I somehow missed after searching long and hard, or else can comment on an idea I'll outline below that I think would get me there. First, here's what I'm trying to do: I want something similar to DPAPI, but with process identity granularity. I'm going to have an administrative UI that would take a service ID and password, call LogonUser, and then call my encryption API to encrypt data based on something unique to the security context created by LogonUser. Later, I want a process configured to run as that service ID / password identity - and *only* processes running with that identity - to be able to call a decryption API on that data. (As for why I want this, it's to provide a "vault" to applications in a shared environment, where I don't want to require that applications "trust" each other. Machine-level DPAPI is inadequate for this, since any application can decrypt another app's secrets.) So maybe I've missed an obvious way you do this in Windows, and someone can point me at the right API ... but if not, here's my idea: An obvious secret associated with the process' identity is the password hash, but how to get at it - there's no API that I can find that would let me do that. (Of course there are hacker tools that do this using kernel mode code, but I don't want anything so messy.) Now here's the idea: I do both client and server sides of the NTLM challenge / response using SSPI (I have code that does this already from something else), but I don't really do the server side that would be generating a random challenge. Instead I feed a constant pre-baked challenge packet to the second call to InitializeSecurityContext, so that I get the same challenge response packet every time, but one which still depends uniquely on the caller's security context. That challenge response could then be used in a CryptDeriveKey call to get the actual reversible encryption key. I'd appreciate any comments. Thanks, Steve Schuler Safeco Insurance Please reply to the group. If you also want to send private email, I can be reached at sjschu AT safeco DOT com Tag: Why is a network printer a security hole? Tag: 96843
 - 17
 - February Update problems I installed the Microsoft February updates eg. KB944533/KB943055/KB946026/KB890830) and had problems with lots of blue screens and difficulty connecting to server. I restored to an earlier date and have not re-installed them. If I deleted these ( still in the notification area) and installed the updates from Microsoft site - would the glitches have been sorted out after a few weeks- and therefore patches included to sort out problems? Also, should one block own firewall (Bullguard in this case) when installing updates and then turn on again afterwards?? I run Windows XP Pro Media Centre model with Service Pack2 and use Internet Explorer and Outlook Express. Thanks in anticipation for any answers. -- SilverSurfer Tag: Why is a network printer a security hole? Tag: 96840
 - 18
 - C:/3887508a051ab09532 I searched this folder on the internet but couldn't find any information about it. It is located under C:/ and it contains "mrt.exe" and "mrtstub.exe". Is there someone who has this same unknown folder in his computer who can explain to me its function, if it is legitimate or not? Tag: Why is a network printer a security hole? Tag: 96839
 - 19
 - Searchme Robot intrussion Anyone able to cast any light on this crawler/robot - it has been causing a huge data throughput on our IP (not a public site) and stops if BITS2.0 is closed down! Tag: Why is a network printer a security hole? Tag: 96837
 - 20
 - Private Key Export Urgent help needed !!!! i recenly purchase code signing certificate online and i end up with the certificate private key imported on my vista machine . Now when i tried to export the certificate ,it doesnt allow me to export the private key!!!! any help Tag: Why is a network printer a security hole? Tag: 96833
 - 21
 - ISA 2006 Server Array Problems I have a ISA 2006 Array of which when one node is switched off the other node does not process any client requests at all. I use the ISA array for proxy. Tag: Why is a network printer a security hole? Tag: 96823
 - 22
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: Why is a network printer a security hole? Tag: 96822
 - 23
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: Why is a network printer a security hole? Tag: 96821
 - 24
 - Please recommend one free software that can erase the files permanently and completely Thanks Tag: Why is a network printer a security hole? Tag: 96820
 - 25
 - Randomly allocated high tcp ports on both client/server? We unfortunately have a firewall (hardware based not the host based) between this one client (only one, the others are on our LAN) and our domain controller. Outgoing traffic are not blocked on either side. We won't modify the registry to use a static port for RPC for some reason. And we can't use the VPN. So on the hardware firewall that's protecting the domain controller (no host based firewall) side, we're going to allow all traffic from that one client to the domain controller. On the client side (on the hardware firewall, there's no host based firewall on the client) the usual MS ports are open ex) 135, 137 U, 138 U, 139, 445. Do we need to open the dynamic ports on the firewall that's protecting the client side 1024:65535 or just by opening all traffic on the domain controller side as I mentioned above will take care of the traffic? Thanks Tag: Why is a network printer a security hole? Tag: 96819

Gurus,

Our network security guy scanned our network with a vulnerability scanner
and stated that our HP Plotter has security vulnerabilities, namely, SNMP
and anonymous FTP were enabled. Can someone give me a good reason why a
network printer could be a security hole? I just can't wrap my head around
that.

--
Spin

Top

Re: Why is a network printer a security hole? by Jason

Jason
Mon Mar 17 03:19:18 CDT 2008

Spin wrote:
> Gurus,
>
> Our network security guy scanned our network with a vulnerability
> scanner and stated that our HP Plotter has security vulnerabilities,
> namely, SNMP and anonymous FTP were enabled. Can someone give me a good
> reason why a network printer could be a security hole? I just can't
> wrap my head around that.
>

You can turn off ftp and snmp on the printers web interface if you're
worried...

Top

Re: Why is a network printer a security hole? by Roger

Roger
Mon Mar 17 01:25:19 CDT 2008

Security is a relative thing. I think he is saying that someone
can impact the HP Plotter due to these, whereas you seem to
be thinking he is saying your network infrastructure is at risk
due to weaknesses on a printer.

"Spin" <Spin@spin.com> wrote in message
news:640gouF29mjvjU1@mid.individual.net...
> Gurus,
>
> Our network security guy scanned our network with a vulnerability scanner
> and stated that our HP Plotter has security vulnerabilities, namely, SNMP
> and anonymous FTP were enabled. Can someone give me a good reason why a
> network printer could be a security hole? I just can't wrap my head
> around that.
>
> --
> Spin

Top