CAT Chat Minutes

January 27, 2003

 

Information and Follow-up

Thomas Gog asked what are the requirements for GFCI breaker in experimental enclosures. Originally CATs were told to install GFCIs in all breakers. Apparently, this requirement was relaxed a number of years ago. As pointed out by a User, there are still valid reasons why a CAT may want the GFCIs (e.g., water leak inside the enclosure).

Bill Wesolowski said that users should contact a floor coordinator who will assist the beamline personnel when testing these breakers.

User asked whom to contact to correct the beamline status entered within an 8 hr shift.

Kevin Beyer said that AOD will send out a letter instructing users to page the floor coordinator to correct beamline status information for the eight-hour shift. A yellow sign will be posted when data is entered if no personnel are present and no ULC has been left. The sign will ask Users to page the floor coordinator upon their return so the eight-hour shift data can be corrected. Kevin also reminds experimenters to refrain from inappropriate entries on the green cards. A user has asked that the floor coordinators to please notify the CATs when inappropriate comments are entered on the cards.

 

General Information

Machine Status G. Decker: Operations begin Wednesday at 8 a.m.

Run 2003-02 Schedule R. Klaffky: Roger explained a viewgraph of the next scheduled run. User asked when the schedule would be posted to the web. Roger answered that J. M. Gibson is reviewing the schedule and once approved, will be posted to the web.

Recent Scans by ANL CSPO B. McDowell: Bill explained to the group that Microsoft is reporting that the recent worm, which struck just before the weekend, is getting worse. Bill has provided information which will be sent out on CAT-net (text follows).

-------- Original Message --------

Subject: [Fwd: Slammer worm - MSDE applications - Message from John Rhodes, CIAC]
Date: Mon, 27 Jan 2003 15:43:00 -0600
From: Bill McDowell <wpm@aps.anl.gov>
To: Roger Klaffky <klaffky@aps.anl.gov>, Barb Dalton <dalton@aps.anl.gov>

For catnet

-------- Original Message --------

Subject: Slammer worm - MSDE applications - Message from John Rhodes, CIAC
Date: Mon, 27 Jan 2003 13:53:44 -0600 (CST)
From: Dotti_Cardia@achilles.ctd.anl.gov
|To: SecurityList@atalanta.ctd.anl.gov

Slammer worm - MSDE applications - Message from John Rhodes, CIAC

All: If you are already aware of this list of Slammer-vulnerable MSDE applications via other sources, I apologize. This notice is from the NCS and has had a broad posting. Best bet is to scan your nets for 1434 to see if it's listening and take action as appropriate.

-John Rhodes, CIAC
-----------------------------------------------------------

We have learned that after people thought they had the slammer worm under control and had either cleared and patched the vulnerable servers or isolated them from the network until they could be fixed, they began to see re-infection attempts. This traffic was traced to desktop machines rather that servers. The realization that desktop machines were infected and spreading the infection as well as servers presented a problem, as no one had prepared a strategy for addressing this magnitude problem.

In addition to MS SQL Server, MSDE (Microsoft Data Exchange) is vulnerable to infection. Many Microsoft applications and 3rd party applications use MSDE. Most do not advise the user know of their reliance on MSDE. The Web Site, http://SQLsecurity.com provides a list of applications that may install MSDE/SQL Server. Each of the listed applications may cause the OS Platform they are installed on (regardless of which it is) to be vulnerable to the Slammer Worm and similar malicious code.

Microsoft Biztalk Server
Visual Studio.NET
.NET Framework SDK
Application Center Server
Microsoft Visio 2000
Microsoft Project
McAfee Centralized Virus Admin
FlipFactory
Lyris Listserver
ASP.NET Web Matrix Tool
Office XP Developer Edition
MSDN Universal and Enterprise Edition
Microsoft Visual FoxPro 7.0
Compaq Insight Manager
Dell OpenManage
HP Openview Internet Services Monitor
Websense
Megatrack from BLUEMEGA
Veritas Backup Exec ver 9.0
WebBoard
Chubb security system
Microsoft Office 2000/XP
Crystal Reports Enterprise 8.5
MonTel (a PABX admin tool)
HelpMaster Pro
Hailstorm (http://www.cenzic.com)
McAfee Epolicy Orchestrator
GFI S.E.L.M
SecureScanNX - Vigilante
ASSET v1.01 - NIST
Centennial Discovery
SalesLogix
Helpstar (Helpdesk)
http://www.realestate.intuit.com/
Microsoft's Age of Mythology
Tumbleweed Secure Guardian
World Secure
PowerQuest Deploy Center 5
ControlCenter ST
Trend Micro Damage Cleanup Server 1.0
Compaq Insight Manager v7
Patchlink Patch Management System
Microsoft SharePoint Portal Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dorothy M. Cardia, Cyber Security Analyst
Argonne National Laboratory
e-mail: dcardia@anl.gov

ANL CSPO and DOE OA (Office of Assessment) are re-scanning at the lab this week.

ANL Battery Recycling Program E. Chang: Elroy talked on the Argonne battery recycling program and some basic instructions. If anyone needs more green recycling envelopes, contact him at ext. 6714.

Central Shops D. Hauserman:  Daniel has a question on the rates being charged by Central Shops and wonders if anyone else has the same concern. Recently, he sent the same drawings out for bid to Central Shops and an outside source. When the cost charges came back, Central Shops was almost double the charge from the outside source.

Daniel was wondering if APS might be interested in sending out a survey to the experimenters. The survey could contain specific questions such as: Estimate the number of jobs that now go to CS. If rates were reduced, would you send more? What kind of work is given to CS? How precise is the work given to CS? What is the difference between bids from CS and outside? How important is the close proximity to CS when determining where to send your shop jobs?