- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Wed, Mar 10, 1999
Hot New Security Tool & Linux Survey Results
  This issue of W2Knews™ contains:
--------------------------------------------------------------------
1) HOT NEW SECURITY TOOL RELEASED BY SURPRISE COMPANY
2) LINUX SURVEY RESULTS
3) WNT BETA3 OUT THIS APRIL
--------------------------------------------------------------------


W O W,

That was _some_kind of response! We got over 15,000 people answering
the survey. It's a hot topic for sure, and an interesting story. One
thing first though, a hot new important utility.
--------------------------


1) HOT NEW SECURITY TOOL RELEASED BY SURPRISE COMPANY

In the survey, one of the two most mentioned problems with NT at 
the moment is managing SECURITY. That (really) was not planned but 
admittedly fortunate. Sunbelt is releasing a BRAND NEW TOP LEVEL 
SECURITY TOOL FOR NT. It was developed by a surprise player. Keep 
on reading...

THE BEST TIME TO THINK ABOUT IMPLEMENTING AN NT SECURITY PRODUCT FOR
YOUR WINDOWS NT LAN IS BEFORE IT GETS BROKEN INTO.

It's the stuff nightmares are made of. You are scanning the logs of 
your firewall one morning, and notice traces of unusual activity
during last night. Instant panic hits: an unknown outsider made several
connection attempts to random ports from an IP address you do not
recognize. Your LAN has been broken into. You are now scrambling like
mad to find the exploited hole, track down what data was stolen and
pray it was not anything confidential. Next you start to worry how to
explain to your boss what was lost and how to prevent it next time if
you still have a job...

Suddenly, you wake up. This time it was a bad dream but next time this
may come true. Better get something to prevent this before it occurs.
As your network grows with more users, more servers, and more network 
gear you need to watch for new vulnerabilities. What gets essential is
an electronic bloodhound, that you can have dig methodically and on a 
regular basis in to all NT systems and sniffs out vulnerabilities that 
can be exploited. 

YOU ARE LACKING A NETWORK SECURITY SCANNER

Now, who should you buy a security product from? Ideally a large
company that has lots of experience supporting major mission critical
environments and preferably specialized in servicing the US Government. 
Their security requirements are the highest on the planet. You would 
also like to have a team of anti-hacker experts ready for you 24x7x365. 

More over, you'd like a company that is constantly on the lookout 
for more NT vulnerabilities and allows you to update your security 
software on an almost weekly basis via web downloads. With these 
requirements fulfilled you'd be covered. You could also do nothing 
and run the risk of getting really burned.

We have good news for you. Now there _is_ such an organization: Harris
GCSD. This is the same company that does work for NASA and the US 
government. They have developed a BRAND NEW TOP QUALITY NT SECURITY 
PRODUCT. It's called STAT. That's an abbreviation for Security Test
and Analysis Tool. 

Sunbelt is the first company bringing STAT to the NT community. STAT 
does a thorough checkup of all the critical and vulnerable points in 
your NT LAN, and warns you about the weak links in the chain. It also
has a built-in knowledge base that tells you exactly how to fix the 
hole, or sometimes can even 'AutoFix' it for you. Installation: a 
minute or two. 

SURVIVE THE SECURITY AUDIT

The analysis is fast and thoroughly documented. Suggestions for fixes 
are provided instantly. STAT provides you with the certainty and proof 
you have done everything you can to detect and prevent intrusions of 
your corporate NT LAN and mission critical data. So, let's have a 
look at the features?

FEATURES:

-Assess Windows NT 4.0 and 3.51 
-Detects 400 + Vulnerabilities (and growing...) 
-Automatic Vulnerability Fix 
-Network Discovery 
-Analyze Entire Domain 
-Analyze Single Machine 
-Multiple Host Select 
-Retest Single Vulnerability 
-Executive Summary Printout 
-Network Summary Printout 
-Machine Vulnerability List 
-Database Updates 
-Configuration File/Template 
-Detailed Information Display 

STAT COMES WITH YOUR SECURITY SPECIALIST SWAT TEAM

Unlike other security scanners for NT, you are not buying just a tool. 
You are getting a tool and a whole security backup team, to support you
in keeping your LAN airtight. Included in the price of your maintenance
are continuous vulnerability database updates and a direct hotline into 
the STAT Operations Center in case you need critical support.

STAT addresses the dynamic hacker community by providing a vulnerability
analysis and solutions update service from the STAT support web site. 
The STAT Operations Center updates the web site as rapidly as the 
vulnerability can be assessed and the solution thoroughly tested. The 
response to a critical threat is within DAYS of the discovery! (Unlike 
other tools that have an upgrade once a year) STAT provides the expertise 
of seasoned security specialists and streamlines your analysis and 
remediation process. 

US NAVAL SURFACE WARFARE CENTER CONCLUSION ABOUT HACKER ATTACKS:

As you know, Department of Defense systems are being attacked daily.
Some very sophisticated tools have been developed by the hackers. This
is part of a hacker attack assessment that was published recently. 

"CONCLUSION: The examples shown above represent a change in the kinds 
of attacks and probes we track. Previously it has been common for a 
single attacker to target multiple sites. Now we see indications of 
multiple attackers working together to target either single sites or 
multiple sites. We assert that these techniques are starting to be 
widely used and that the attacker community is likely to continue using 
these new techniques for the forseeable future. It is imperative that 
intrusion detection tools,techniques, and tracking databases be developed 
or modified to detect and respond to this new threat". Reference:
http://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txt

NEW HACKER TOOLS ARRIVED ON THE SCENE THIS CHRISTMAS

The SANS institute reported the following: http://www.sans.org 
(I received this email just on the morning of March 9-th 1999)

"Just before Christmas, intrusion detection experts reported widespread 
use of a new version of a popular scanning tool which *simulates* 
coordinated multi-national attacks using a very effective illusion.

"This tool (called 'nmap') can perform decoy scans using any selection
of TCP addresses desired by its operator. So, a person scanning you
from your own city can pretend to be a coordinated group of Russian,
Canadian, Norwegian, Israeli, French, and British hackers even though
he is using just one computer running nmap to find vulnerabilities on
your computer! Furthermore, it takes only 15 minutes to download nmap
and complete a scan -- this tool does *not* require one to be an expert
cracker.

"Do not allow this information to lead you to think that there is nothing
to worry about; exactly the opposite is the case. This new generation
of tools can hide their activities in a barrage of what appears to be
multi-national attacks. Unfortunately, behind that barrage the tools
are far more malignant than their predecessors. They can spread out
their attacks to hide below your monitoring thresholds and are extremely
effective at identifying the types of computers you are running and the
potentially vulnerable services available on every one of those computers.

"By embedding these new tools in a perl script, sophisticated hackers
can automate the entire process of identifying your systems, finding
the ones that have services with known vulnerabilities, and exploiting
those vulnerabilities to gain root access -- all in seconds. Once root
access is gained, every file and every program on your servers is open
to being read or changed. The state of the art may soon include
freely available automated scripts that are push- button tools for
automatically finding your vulnerabilities and taking control of your
machines. Military and commercial espionage has never been so easy.
Competitors inside or outside the country have little stopping them from
closing down an enemy's electronic commerce and other network-based
services".

Well, I guess they said it better than I ever could. STAT was developed
for EXACTLY these kind of circumstances to protect military and secure
and/or secret installations from being broken into. Commercial sites
are going to be exposed to this too. Better prevent that. You have to
have dedicated people in your organization to protect you, do regular
security scans and keep your people and tools up to date. 

PRODUCT DESCRIPTION: 

STAT V2.0 performs a complete security vulnerability analysis of your 
Windows NT resources using a unique database of over 400 entries. With 
a single mouse-click you can perform the analysis of a single machine 
or your entire domain. We have included a list of the types of vulnera-
bilities that STAT detects on the STAT webpage. You can see them here
http://www.sunbelt-software.com/stat.htm 

NEW VERSION 2.0 OUT NOW

This new version includes support for Service Pack 3 and 4 with their 
respective hotfixes. If you tell it to, it will automatically download 
and implement the Microsoft Hotfixes on a regular basis for the machines
you specify. If you want to check out what the weak areas of NT are, 
check out this: http://www.sunbelt-software.com/statdetects.htm

SNIFF OUT SECURITY HOLES BEFORE HACKERS DO

The main things that you are going to be looking out for are data 
theft from inside and outside, viruses, password exposure and 
malicious code. NT has a series of security features built in, but 
you need to be sure they are turned on and implemented well. 
Essentially NT comes out of the box in a trusting mode, so you 
have to _give_ it paranoia ! 

Furthermore, the international hacking community has set its eyes on 
NT and almost weekly new vulnerabilities are discovered. You are 
responsible to add these to your systems to keep them hackerproof. 

DOWNLOAD IS 2 MEGS ONLY - EVAL TAKES 10 MINUTES - GREAT LICENSING

STAT will help you keep up and manage your ongoing security concerns.
Download it and see what it does on your system. The download is less 
than 2 Meg. You will be impressed. This will only take 10 minutes at 
the most. I suggest you do it right away. The best thing is, this 
is licensed per _administrator_! That means you get a great value 
compared to other products out there that are licensed per server.

I personally have not seen any other security tool for NT as good as
this. I strongly recommend you have a good look at it. Like I said
before:

THE BEST TIME TO THINK ABOUT IMPLEMENTING AN NT SECURITY PRODUCT FOR
YOUR WINDOWS NT LAN IS BEFORE IT GETS BROKEN INTO. DO IT NOW.

Here is the form where you can download the STAT product immediately:
http://www.sunbelt-software.com/statfrm.htm


---------------------------------------------------------------------

2) SURVEY RESULTS: LINUX IS HERE TO STAY.

And now, the answers to the survey questions! Before anything else, 
thanks for your many thousands of survey answers. This is a hot 
topic for sure!!

First though, some background data. This survey was meant to 
get an idea how things are looked at BY the NT community, FOR
the NT community. Well, that was somewhat na´ve I have to admit
. The questions were created while looking at discussions 
between NT system administrators and were definitely written 
from that viewpoint. Some claim that they were biased. There may 
be some truth in that if you look at it from the Linux POV. 

Sunbelt does not claim any kind of scientific validity. This
survey is a snapshot and not a random sample at all. It is not
objective but that was not the idea in the first place.

BUT, I guess if you step into a war you should expect some bullets 
flying around, and I did get some flak from people. Most of these 
people are both running NT and Linux and know them well. Personally 
I know NT but have not much experience with Linux. We have a few 
'closet' Linux users in Sunbelt though, both in sales and Tech .

Anyway, what happened is that we sent the invitation to do the
survey, and very quickly got thousands of responses back. We
followed in real-time what the results were, every 500 responses
or so. Extremely surprising numbers to start with. But even more
strange after the first few hours. Numbers started suddenly to 
change and become slanted toward more Linux than before. Very odd 
from a statistical perspective I remember from my stats course 
in college.

Now, it so happens that the software we use to do the survey 
queries the browser that was used to fill out the survey. So
we know what O/S it is running on, and the IP address it comes
from. The Linux user community had gotten word about the survey
and was getting into gear to show that Linux had support. 

So anyway, we took the first 2000 survey results and did our
analysis on those. These were from predominantly NT users with
some people answering from a Linux machine. That will give some
idea about the current state of Linux use and the results are
revealing.


HERE ARE THE HIGHLIGHTS OF THE SURVEY:

We have a URL with all the raw data in HTML format at the end...

1) You spend about 40% of your time doing System Administration

2) 68% of you has 1 to 10 NT Servers
13% runs 11-20 servers
8% runs 21 to 50 servers

3) 59% has between 1-100 workstations hooked up
14% has 100-250 WS
9% has 250-500

The questions about the Sunbelt website are more for our internal 
use and not so interesting for you. The upshot is that over 80% 
of you thought it was OK as it was. Thanks for the suggestions
though. We'll work on it!

4) 40% of you are using OUTLOOK, the rest is other email clients

5) 80% of you can receive HTML (rich text) email so we'll experiment
with that a bit.

NOW FOR THE INTERESTING STUFF:

It is loud and clear. Linux is no fad, and it is here to stay.

6) 67% of respondees is already running Linux on one or more machines.
20% is not
12% is thinking about it.

7) What are you using Linux for?
First was WebServer, then EmailServer, next Desktop, fourth File/print.

8) The 2 Biggest Benefits? STABILITY AND PERFORMANCE.
(no particular drawbacks were significant.)

9) How many Linux servers are you planning to add?
42% of the respondees planned 1-5 Linux servers
9.5% planned to add 6 to 10 servers

10) How many NT servers are you planning to add?
31% of the respondees planned to add 1-5 NT Servers
7.6% planned to add 6-10 NT servers.

11) The biggest NT Management Headache at the moment was:

1) A tie between SECURITY and PERFORMANCE
2) Network Management
3) User Management
4) Backups
5) Storage Management
6) Other

You can check the raw data over here: 
http://www.sunbelt-software.com/0399_2000.htm

Some preliminary conclusions (& draw your own looking at the data)

Linux seems to be growing faster than NT at the moment. That confirms
some other market research I have seen last week. It sounds like you
look hard at what _use_ the server is going to have, and then take the
platform best suited for that. There seems to be no anti-Microsoft
sentiment involved here, mainly a technical decision. 

(As an aside, many of you wrote me to tell me you use both platforms
for years already and are tired of the religious wars. OK, I will take 
heed! :-) 

Obviously Linux is more stable, requiring less reboots. NT needs work 
in that area for sure. From this informal survey it is not clear what
marketshare Linux is eating into. It may be the existing Unix flavors
(like SCO) or NT, in reality it is probably some of both.

Another news item is that Red Hat Software Inc., a top supplier of 
Linux on Tuesday said that four major computer makers had invested in 
the company. Red Hat said COMPAQ, IBM CORP, NOVELL INC and ORACLE 
CORP had made minority equity investments in the company, joining 
earlier investors INTEL CORP and NETSCAPE. 

You will hear no more anti-Linux noise from me any more. Sunbelt will
keep it's focus on NT Tools though, but let me know if you find a good
NT-Linux integration utiltity? 

---------------------------------------------------------------------

3) WNT BETA3 OUT THIS APRIL

Microsoft is confident it can hit its target of releasing the much 
delayed W2K operating system upgrade by the end of 1999, a company 
exec said on Monday.

Yusuf Mehdi, director of Windows marketing at the computer software 
giant, said MS is committed to releasing the third major beta test 
version of the business oriented operating system next month.

He said Beta3 would be deployed very broadly, possibly to millions 
of users, including 40 enterprise customers who plan to use it 
to run their businesses.

"We feel good about shipping in '99," he said in response to a question,
but he added the system would not be released until it was ready.

Mehdi also said there were plans for a consumer edition of Windows 2000
based on the company's NT technology, but he declined to specify any 
firm plans on the release.

I will let you know the day Beta3 will be released!

That's all for now, a full newsletter follows this weekend.

Warm regards,

Stu Sjouwerman

(email me with feedback: [email protected])