Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 24, 2000 (Vol. 5, #31 - Issue #205)
Who Cares About Security?
This issue of W2Knews contains:
- EDITORS CORNER
- Renew your Subscription and get a $500 tool for free
- TECH BRIEFING
- Who cares about Security? Users sure don't
- New W2K Kerberos network security protocol explained
- NT/2000 RELATED NEWS
- Big Microsoft News Roundup of this week
- NT/2000 THIRD PARTY NEWS
- How To Keep A (Cheap) Eye On Your Network Health
- BrainBuzz Offers Career Help
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
WARNING: Networks bottleneck & costs climb as workers squander
hours online ... surfing, listening to the radio over the net,
downloading MP3s, video & other bandwidth hogs. Install Surf-
Control on your network & in 20 minutes you'll know exactly WHO
is doing WHAT, WHEN and WHERE on the Internet. Monitor, record &
manage all TCP/IP protocols. You've got responsibility for the
network, download an easy way to manage it. *FREE* 30-day trial.
Visit SurfControl for more information.
Renew your Subscription and get a $500 tool for free
Hi NT/2000 Pros, 3 short points:
Q: In which area is currently your biggest System Admin Headache?
User Account Management
- There is a TREMENDOUS amount of news this week, so I'm going to
keep all the items as short as possible. If your email address
was either AOL or Hotmail, I'm sorry we skipped you the last few
issues. We rolled back our database due to some list pollution
and these two ISP's were omitted to be put back in by error. But
now you're in the nt-list again, and invited to move yourself to
the new W2K-list. You'll get the new NT/2000 booster AutoPilot for
free (a $500 value) if you renew your subscription. Click here:
- Oh, and quite a few people asked when my new 'Windows 2000
Administrator's Black Book' will be available. Well, it's being
printed as you read this, and we will start taking orders via
the online shop somewhere between August 8 and 13. It's very
close indeed :-) Here is the outline of the book, so you know
what's in there:
- We have a new SunPoll[tm] for you to vote on. Here it is:
We had over 3,000 people vote on the last one regarding their
progress on W2K migration. You can see the full results on our
site and vote for the new one as well Click here to vote:
Now, let's have a look at all that news of this week!
(email me with feedback: [email protected])
MIGRATIONS, TROUBLESHOOTING, LET ALONE DISASTER! ECORA'S AUTOMATED
documentation can tame all of these, over our Website or behind
your firewall. For all NT and Exchange Networks. A few clicks and
out comes comprehensive, full-text documentation in PDF, HTML,
or WORD. No software to configure or maintain. FREE server trial.
Visit Ecora for more information.
Who cares about Security? Users sure don't
Ever seen an end-user locking their workstation because they
were concerned with company security? Fat chance unless you
are in a secure Department Of Defense site and it was drilled in
from Day One with threats of punishment by death ;-)
Recently, some AOL support techs opened up attachments that allowed
hackers to grab customer data, credit cards and passwords. Just an
example of how wrong things can go _even_ if your end users are
warned and/or technically proficient. I'm sure that AOL will
investigate and roll out a 'Corporate Security Awareness Program'
that stresses the importance of security. And will it help?
Forget it, won't work.
Most employees identify easily where the corporate priorities
lie, and it is clear that security isn't one of them. For most of
them, having to press ctrl-alt-del and then Enter to lock the
workstation and then opening it up with a password is simply a pain
in the neck and too much work for a 10 minute break.
Even high executives that allow security flubs to happen do not
get shot as long as they produce good bottom line results. So who
_does_ get the bullet in those cases? IT guys that were supposed to
keep the company networks safe but without the resources to do it.
Perhaps one day your top management will have a major realization
that security really is important and this will start to trickle
down through the command channels.
But for now, it's up to us in the trenches. So you really have to
get solutions in place for outside attacks in the form of firewalls
and anti-virus software. In Sunbelt we just changed from a software
based firewall to Cisco's PIX hardware based system. We love it. For
Exchange virus protection we use Sybari's Antigen. Works like a charm.
So, monitor your server logs, and your network traffic. But since
a very high percentage of attacks come from inside the company,
using existing security holes it is ab-so-lu-tely vital that you
regularly run a scanner that sniffs out vulnerabilities and tells
you how to fix them. That at least functions as a minimum job-
You should create your MINIMAL SECURITY TOOLKIT. What tools to use?
Check our website for the following low cost security solutions:
Monitoring server logs: ELM - $350 per server
Monitoring Network Traffic: TrafficMax - $995 per admin
Scan your Security Holes with: STAT - $795 for 10 nodes
Auto-logoff workstations with Fortress-NT - $495 for 50 users
New W2K Kerberos network security protocol explained
(The name Kerberos comes from Greek mythology where it was the
three headed dog that was guarding the gates to Hades. Why some
one would purposefully _want_ to get in there is still a riddle
DEFINITION: Kerberos is a network authentication protocol that
allows one computer to prove its identity to another computer
across an insecure network by exchanging encrypted messages.
Once the identities are verified, Kerberos provides the two systems
with encryption keys for a secure communications session.
The protocol was created by MIT in the 1980's so it's a standard
protocol. It is a three-way protocol between: The Client, the
Server and the Key Distribution Center (KDC). Kerberos does its
magic because both client and server share a secret with the KDC.
The KDC does two things: Authenticating and Granting Tickets.
By exchanging a series of tickets, (encrypted messages) the KDC
generates new encryption keys for each stage of the authentication
process. The result is a secure, encrypted session between the
client and the server.
The 1-hour webcast below is really excellent if you want to
understand the keys to why the new Kerberos authentication is
superior in strength and in reducing server workload, among
other things: [wrapped]
NT/2000 RELATED NEWS
Big Microsoft News Roundup of this week
Here is a gaggle of all kinds of MS-related items.
- MS is coming out with its own cookie crusher. IE users will
dropped on their hard disk. It's a mixed blessing, as you'd
lose all the nice personalized settings like your one-click
purchase at Amazon and other conveniences.
- Compaq is MS's first officially approved OEM for W2K Datacenter.
MS has instituted a mandatory approval process for hardware outfits
that want to bundle W2K Datacenter with their boxes. Datacenter was
to be released 120 days after the other W2K flavors but they are
late as usual. The very first Release Candidate saw the light this
week, so they are getting close.
- Microsoft's last Quarter was only a little bit better than the
slowed expansion that they warned us for at the end of Q1-2000.
Due to the fact that a whole bunch of people are waiting for Service
Pack 1 to arrive, there was no boost in W2K sales during April-June.
(It was delayed again. Look for it in the coming weeks though)
And since most of the existing sites using BackOffice were waiting
for the new BackOffice 2000, that did not sell too good either.
So the sales were flat at $5.8 billion. They were $5.76 billion in
the same quarter last year. Profits were $2.41 billion, 44 cents per
share. They made a whopping investment revenue of $1.13 billion.
SQL Server was the big hit last quarter. Microsoft didn't release
specifically broken out sales figures for Win2K, but there are
about 3 million licenses out there now, which means decent growth.
Due to a continued scarcity of PC parts, systems builders did not
create as many servers as usual, and OS sales slumped as a result.
Microsoft's results over the whole year were impressive despite the
flat sales in their Q4. Numbers for their full fiscal year that ended
June 30-th were up 16% to $22.96 billion and profits were up 20% to
$9.42 billion. The shares bounced up 1.9% after the news release,
but are down about 9% for the week.
- Running W2K? Some apps have compatibility problems? MSDN's web
site has a new tool that will help you pinpoint where the trouble
is. I suggest you get your hands on the new Win2K Application Compa-
tibility Toolkit over at
- Running Exchange? One of the most interesting shows is the MEC.
(Microsoft Exchange and Collaboration Solutions Conference 2000)
Sunbelt will be there too, and you can pick up some goodies at our
booth. The W2Knews Target Awards will also be given to the lucky
winners. The show is October 9 through 13 in Dallas, TX and a
bit later at October 24 through 26, in Nice, France. To register,
- A newly discovered vulnerability in Microsoft Corp.'s Outlook
and Outlook Express e-mail clients could give outsiders access to
a remote computer simply by sending it an e-mail message. And
unlike the wave of viruses that have hit PCs worldwide in the
last few months, this hole can be exploited without the recipient
even opening the message. For the whole story, mouse your way to:
- Looks like IDC models show that MS will maintain its hold on the
Client OS market. The IDC projections show that Windows products
generated approximately 87 percent of revenues in the that segment
during 1999. By 2004, NT Workstation and Windows 2000 Professional
will account for about 85 percent of all Client revenues.
THIRD PARTY NEWS
How To Keep A (Cheap) Eye On Your Network Health
Your network consists out of a bunch of network components like
systems, routers, hubs, switches, and servers. Each of these can
go down. It would be nice to have a low cost tool that can ping
all these components and warn you if they are sick and need
At the most basic level, Event Log Monitor can ping any TCP/IP
device at any specified interval (in minutes) to verify that the
device is up and on the network. The next level of monitoring is
done via SNMP. Any device that can generate an SNMP trap (alert)
can be monitored by ELM. ELM will receive these traps as if they
were events, allowing you to leverage ELM's notification engine
and database features.
ELM can also send SNMP traps, enabling it to be upstream or
downstream of any SNMP framework management system you already
might have in place like Tivoli, OpenView or CA Unicenter. And,
ELM 2.2 just introduced Syslog integration. Any device capable
of acting as a Syslog client can send Syslog messages to the ELM
Console, which can act as a Syslog server. The ELM Console can
also act as a Syslog client, enabling it to be upstream or
downstream of any customer-owned Syslog management system.
This means that for just $345 you have a _very_ useful tool to keep
an eye out for your network health!
BrainBuzz Offers Career Help
Because the IT career has so many different stages, it's
difficult to find one site that encapsulates all of the
information you need for the particular stage that you're
If anyone comes close, it's BrainBuzz.com. This is a very
cool site that literally offers something for every stage
of your IT career. Whether you are a newbie or a veteran,
a developer or an engineer, a student or a trainer, a job
seeker or an employer...you can find information on
BrainBuzz.com that will make your job easier.
Of particular interest to certification students are the
Windows 2000 study guides found on BrainBuzz's certification
and training page, known as Cramsession. Most of these free
Cramsession study guides were available to the public
before the exams were released by Microsoft. There are
also Cramsessions for many of the major IT education vendor
certifications, including Novell, Cisco, CompTIA, Lotus,
Oracle, and Linux.
On July 28, 2000, our subscribers will be receiving a
complimentary copy of the Cramsession Must Know
Newsletter. This special edition of Must Know News comes
packed with training and certification news and resources.
This is a special offer for our Sunbelt W2Knews
subscribers, from Sunbelt and BrainBuzz.com. Enjoy!
To subscribe to Cramsession Must Know News, go to:
This Week's Links We Like. Tips, Hints And Fun Stuff
Really useful site with all kinds of hard to find NT and 2000
MCP Magazine just got their Salary Survey online. A must see:
Vote for your FAVE TOOLS! Very useful resource. See what your
Windows 2000 and Exchange Connections: Oct 4 - 7 2000, Scottsdale,
AZ. The most powerful Windows technology conferences co-produced
by Windows 2000 Magazine, delivers over 45 hard-core sessions by
the savviest experts and writers in the industry. The keynote
sessions by Mark Minasi, world-renowned Windows speaker and writer,
and Microsoft's Barry Goffe, lead product manager, will inform and
provoke you. Computer labs, exhibits and networking parties will
keep you busy for three days of non-stop opportunities. Register
early to save $100 and receive a free pass to also attend the
sessions of the concurrently run SQL Connections. Details at
or call 800-505-1201 or 203-268-3204