Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Wed, Mar 10, 1999
Hot New Security Tool & Linux Survey Results
This issue of W2Knews contains:
1) HOT NEW SECURITY TOOL RELEASED BY SURPRISE COMPANY
2) LINUX SURVEY RESULTS
3) WNT BETA3 OUT THIS APRIL
W O W,
That was _some_kind of response! We got over 15,000 people answering
the survey. It's a hot topic for sure, and an interesting story. One
thing first though, a hot new important utility.
1) HOT NEW SECURITY TOOL RELEASED BY SURPRISE COMPANY
In the survey, one of the two most mentioned problems with NT at
the moment is managing SECURITY. That (really) was not planned but
admittedly fortunate. Sunbelt is releasing a BRAND NEW TOP LEVEL
SECURITY TOOL FOR NT. It was developed by a surprise player. Keep
THE BEST TIME TO THINK ABOUT IMPLEMENTING AN NT SECURITY PRODUCT FOR
YOUR WINDOWS NT LAN IS BEFORE IT GETS BROKEN INTO.
It's the stuff nightmares are made of. You are scanning the logs of
your firewall one morning, and notice traces of unusual activity
during last night. Instant panic hits: an unknown outsider made several
connection attempts to random ports from an IP address you do not
recognize. Your LAN has been broken into. You are now scrambling like
mad to find the exploited hole, track down what data was stolen and
pray it was not anything confidential. Next you start to worry how to
explain to your boss what was lost and how to prevent it next time if
you still have a job...
Suddenly, you wake up. This time it was a bad dream but next time this
may come true. Better get something to prevent this before it occurs.
As your network grows with more users, more servers, and more network
gear you need to watch for new vulnerabilities. What gets essential is
an electronic bloodhound, that you can have dig methodically and on a
regular basis in to all NT systems and sniffs out vulnerabilities that
can be exploited.
YOU ARE LACKING A NETWORK SECURITY SCANNER
Now, who should you buy a security product from? Ideally a large
company that has lots of experience supporting major mission critical
environments and preferably specialized in servicing the US Government.
Their security requirements are the highest on the planet. You would
also like to have a team of anti-hacker experts ready for you 24x7x365.
More over, you'd like a company that is constantly on the lookout
for more NT vulnerabilities and allows you to update your security
software on an almost weekly basis via web downloads. With these
requirements fulfilled you'd be covered. You could also do nothing
and run the risk of getting really burned.
We have good news for you. Now there _is_ such an organization: Harris
GCSD. This is the same company that does work for NASA and the US
government. They have developed a BRAND NEW TOP QUALITY NT SECURITY
PRODUCT. It's called STAT. That's an abbreviation for Security Test
and Analysis Tool.
Sunbelt is the first company bringing STAT to the NT community. STAT
does a thorough checkup of all the critical and vulnerable points in
your NT LAN, and warns you about the weak links in the chain. It also
has a built-in knowledge base that tells you exactly how to fix the
hole, or sometimes can even 'AutoFix' it for you. Installation: a
minute or two.
SURVIVE THE SECURITY AUDIT
The analysis is fast and thoroughly documented. Suggestions for fixes
are provided instantly. STAT provides you with the certainty and proof
you have done everything you can to detect and prevent intrusions of
your corporate NT LAN and mission critical data. So, let's have a
look at the features?
-Assess Windows NT 4.0 and 3.51
-Detects 400 + Vulnerabilities (and growing...)
-Automatic Vulnerability Fix
-Analyze Entire Domain
-Analyze Single Machine
-Multiple Host Select
-Retest Single Vulnerability
-Executive Summary Printout
-Network Summary Printout
-Machine Vulnerability List
-Detailed Information Display
STAT COMES WITH YOUR SECURITY SPECIALIST SWAT TEAM
Unlike other security scanners for NT, you are not buying just a tool.
You are getting a tool and a whole security backup team, to support you
in keeping your LAN airtight. Included in the price of your maintenance
are continuous vulnerability database updates and a direct hotline into
the STAT Operations Center in case you need critical support.
STAT addresses the dynamic hacker community by providing a vulnerability
analysis and solutions update service from the STAT support web site.
The STAT Operations Center updates the web site as rapidly as the
vulnerability can be assessed and the solution thoroughly tested. The
response to a critical threat is within DAYS of the discovery! (Unlike
other tools that have an upgrade once a year) STAT provides the expertise
of seasoned security specialists and streamlines your analysis and
US NAVAL SURFACE WARFARE CENTER CONCLUSION ABOUT HACKER ATTACKS:
As you know, Department of Defense systems are being attacked daily.
Some very sophisticated tools have been developed by the hackers. This
is part of a hacker attack assessment that was published recently.
"CONCLUSION: The examples shown above represent a change in the kinds
of attacks and probes we track. Previously it has been common for a
single attacker to target multiple sites. Now we see indications of
multiple attackers working together to target either single sites or
multiple sites. We assert that these techniques are starting to be
widely used and that the attacker community is likely to continue using
these new techniques for the forseeable future. It is imperative that
intrusion detection tools,techniques, and tracking databases be developed
or modified to detect and respond to this new threat". Reference:
NEW HACKER TOOLS ARRIVED ON THE SCENE THIS CHRISTMAS
The SANS institute reported the following: http://www.sans.org
(I received this email just on the morning of March 9-th 1999)
"Just before Christmas, intrusion detection experts reported widespread
use of a new version of a popular scanning tool which *simulates*
coordinated multi-national attacks using a very effective illusion.
"This tool (called 'nmap') can perform decoy scans using any selection
of TCP addresses desired by its operator. So, a person scanning you
from your own city can pretend to be a coordinated group of Russian,
Canadian, Norwegian, Israeli, French, and British hackers even though
he is using just one computer running nmap to find vulnerabilities on
your computer! Furthermore, it takes only 15 minutes to download nmap
and complete a scan -- this tool does *not* require one to be an expert
"Do not allow this information to lead you to think that there is nothing
to worry about; exactly the opposite is the case. This new generation
of tools can hide their activities in a barrage of what appears to be
multi-national attacks. Unfortunately, behind that barrage the tools
are far more malignant than their predecessors. They can spread out
their attacks to hide below your monitoring thresholds and are extremely
effective at identifying the types of computers you are running and the
potentially vulnerable services available on every one of those computers.
"By embedding these new tools in a perl script, sophisticated hackers
can automate the entire process of identifying your systems, finding
the ones that have services with known vulnerabilities, and exploiting
those vulnerabilities to gain root access -- all in seconds. Once root
access is gained, every file and every program on your servers is open
to being read or changed. The state of the art may soon include
freely available automated scripts that are push- button tools for
automatically finding your vulnerabilities and taking control of your
machines. Military and commercial espionage has never been so easy.
Competitors inside or outside the country have little stopping them from
closing down an enemy's electronic commerce and other network-based
Well, I guess they said it better than I ever could. STAT was developed
for EXACTLY these kind of circumstances to protect military and secure
and/or secret installations from being broken into. Commercial sites
are going to be exposed to this too. Better prevent that. You have to
have dedicated people in your organization to protect you, do regular
security scans and keep your people and tools up to date.
STAT V2.0 performs a complete security vulnerability analysis of your
Windows NT resources using a unique database of over 400 entries. With
a single mouse-click you can perform the analysis of a single machine
or your entire domain. We have included a list of the types of vulnera-
bilities that STAT detects on the STAT webpage. You can see them here
NEW VERSION 2.0 OUT NOW
This new version includes support for Service Pack 3 and 4 with their
respective hotfixes. If you tell it to, it will automatically download
and implement the Microsoft Hotfixes on a regular basis for the machines
you specify. If you want to check out what the weak areas of NT are,
check out this: http://www.sunbelt-software.com/statdetects.htm
SNIFF OUT SECURITY HOLES BEFORE HACKERS DO
The main things that you are going to be looking out for are data
theft from inside and outside, viruses, password exposure and
malicious code. NT has a series of security features built in, but
you need to be sure they are turned on and implemented well.
Essentially NT comes out of the box in a trusting mode, so you
have to _give_ it paranoia !
Furthermore, the international hacking community has set its eyes on
NT and almost weekly new vulnerabilities are discovered. You are
responsible to add these to your systems to keep them hackerproof.
DOWNLOAD IS 2 MEGS ONLY - EVAL TAKES 10 MINUTES - GREAT LICENSING
STAT will help you keep up and manage your ongoing security concerns.
Download it and see what it does on your system. The download is less
than 2 Meg. You will be impressed. This will only take 10 minutes at
the most. I suggest you do it right away. The best thing is, this
is licensed per _administrator_! That means you get a great value
compared to other products out there that are licensed per server.
I personally have not seen any other security tool for NT as good as
this. I strongly recommend you have a good look at it. Like I said
THE BEST TIME TO THINK ABOUT IMPLEMENTING AN NT SECURITY PRODUCT FOR
YOUR WINDOWS NT LAN IS BEFORE IT GETS BROKEN INTO. DO IT NOW.
Here is the form where you can download the STAT product immediately:
2) SURVEY RESULTS: LINUX IS HERE TO STAY.
And now, the answers to the survey questions! Before anything else,
thanks for your many thousands of survey answers. This is a hot
topic for sure!!
First though, some background data. This survey was meant to
get an idea how things are looked at BY the NT community, FOR
the NT community. Well, that was somewhat na´ve I have to admit
. The questions were created while looking at discussions
between NT system administrators and were definitely written
from that viewpoint. Some claim that they were biased. There may
be some truth in that if you look at it from the Linux POV.
Sunbelt does not claim any kind of scientific validity. This
survey is a snapshot and not a random sample at all. It is not
objective but that was not the idea in the first place.
BUT, I guess if you step into a war you should expect some bullets
flying around, and I did get some flak from people. Most of these
people are both running NT and Linux and know them well. Personally
I know NT but have not much experience with Linux. We have a few
'closet' Linux users in Sunbelt though, both in sales and Tech .
Anyway, what happened is that we sent the invitation to do the
survey, and very quickly got thousands of responses back. We
followed in real-time what the results were, every 500 responses
or so. Extremely surprising numbers to start with. But even more
strange after the first few hours. Numbers started suddenly to
change and become slanted toward more Linux than before. Very odd
from a statistical perspective I remember from my stats course
Now, it so happens that the software we use to do the survey
queries the browser that was used to fill out the survey. So
we know what O/S it is running on, and the IP address it comes
from. The Linux user community had gotten word about the survey
and was getting into gear to show that Linux had support.
So anyway, we took the first 2000 survey results and did our
analysis on those. These were from predominantly NT users with
some people answering from a Linux machine. That will give some
idea about the current state of Linux use and the results are
HERE ARE THE HIGHLIGHTS OF THE SURVEY:
We have a URL with all the raw data in HTML format at the end...
1) You spend about 40% of your time doing System Administration
2) 68% of you has 1 to 10 NT Servers
13% runs 11-20 servers
8% runs 21 to 50 servers
3) 59% has between 1-100 workstations hooked up
14% has 100-250 WS
9% has 250-500
The questions about the Sunbelt website are more for our internal
use and not so interesting for you. The upshot is that over 80%
of you thought it was OK as it was. Thanks for the suggestions
though. We'll work on it!
4) 40% of you are using OUTLOOK, the rest is other email clients
5) 80% of you can receive HTML (rich text) email so we'll experiment
with that a bit.
NOW FOR THE INTERESTING STUFF:
It is loud and clear. Linux is no fad, and it is here to stay.
6) 67% of respondees is already running Linux on one or more machines.
20% is not
12% is thinking about it.
7) What are you using Linux for?
First was WebServer, then EmailServer, next Desktop, fourth File/print.
8) The 2 Biggest Benefits? STABILITY AND PERFORMANCE.
(no particular drawbacks were significant.)
9) How many Linux servers are you planning to add?
42% of the respondees planned 1-5 Linux servers
9.5% planned to add 6 to 10 servers
10) How many NT servers are you planning to add?
31% of the respondees planned to add 1-5 NT Servers
7.6% planned to add 6-10 NT servers.
11) The biggest NT Management Headache at the moment was:
1) A tie between SECURITY and PERFORMANCE
2) Network Management
3) User Management
5) Storage Management
You can check the raw data over here:
Some preliminary conclusions (& draw your own looking at the data)
Linux seems to be growing faster than NT at the moment. That confirms
some other market research I have seen last week. It sounds like you
look hard at what _use_ the server is going to have, and then take the
platform best suited for that. There seems to be no anti-Microsoft
sentiment involved here, mainly a technical decision.
(As an aside, many of you wrote me to tell me you use both platforms
for years already and are tired of the religious wars. OK, I will take
Obviously Linux is more stable, requiring less reboots. NT needs work
in that area for sure. From this informal survey it is not clear what
marketshare Linux is eating into. It may be the existing Unix flavors
(like SCO) or NT, in reality it is probably some of both.
Another news item is that Red Hat Software Inc., a top supplier of
Linux on Tuesday said that four major computer makers had invested in
the company. Red Hat said COMPAQ, IBM CORP, NOVELL INC and ORACLE
CORP had made minority equity investments in the company, joining
earlier investors INTEL CORP and NETSCAPE.
You will hear no more anti-Linux noise from me any more. Sunbelt will
keep it's focus on NT Tools though, but let me know if you find a good
NT-Linux integration utiltity?
3) WNT BETA3 OUT THIS APRIL
Microsoft is confident it can hit its target of releasing the much
delayed W2K operating system upgrade by the end of 1999, a company
exec said on Monday.
Yusuf Mehdi, director of Windows marketing at the computer software
giant, said MS is committed to releasing the third major beta test
version of the business oriented operating system next month.
He said Beta3 would be deployed very broadly, possibly to millions
of users, including 40 enterprise customers who plan to use it
to run their businesses.
"We feel good about shipping in '99," he said in response to a question,
but he added the system would not be released until it was ready.
Mehdi also said there were plans for a consumer edition of Windows 2000
based on the company's NT technology, but he declined to specify any
firm plans on the release.
I will let you know the day Beta3 will be released!
That's all for now, a full newsletter follows this weekend.
(email me with feedback: [email protected])