- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 24, 2000 (Vol. 5, #31 - Issue #205)
Who Cares About Security?
  This issue of W2Knews™ contains:
    • Renew your Subscription and get a $500 tool for free
    • Who cares about Security? Users sure don't
    • New W2K Kerberos network security protocol explained
    • Big Microsoft News Roundup of this week
    • How To Keep A (Cheap) Eye On Your Network Health
    • BrainBuzz Offers Career Help
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  SPONSOR: SurfControl
WARNING: Networks bottleneck & costs climb as workers squander
hours online ... surfing, listening to the radio over the net,
downloading MP3s, video & other bandwidth hogs. Install Surf-
Control on your network & in 20 minutes you'll know exactly WHO
is doing WHAT, WHEN and WHERE on the Internet. Monitor, record &
manage all TCP/IP protocols. You've got responsibility for the
network, download an easy way to manage it. *FREE* 30-day trial.

Visit SurfControl for more information.

Renew your Subscription and get a $500 tool for free

Hi NT/2000 Pros, 3 short points:

  1. There is a TREMENDOUS amount of news this week, so I'm going to keep all the items as short as possible. If your email address was either AOL or Hotmail, I'm sorry we skipped you the last few issues. We rolled back our database due to some list pollution and these two ISP's were omitted to be put back in by error. But now you're in the nt-list again, and invited to move yourself to the new W2K-list. You'll get the new NT/2000 booster AutoPilot for free (a $500 value) if you renew your subscription. Click here:

  2. Oh, and quite a few people asked when my new 'Windows 2000 Administrator's Black Book' will be available. Well, it's being printed as you read this, and we will start taking orders via the online shop somewhere between August 8 and 13. It's very close indeed :-) Here is the outline of the book, so you know what's in there:

  3. We have a new SunPoll[tm] for you to vote on. Here it is:
Q: In which area is currently your biggest System Admin Headache?
  • User Account Management
  • Storage Management
  • Security
  • W2K Migration

    We had over 3,000 people vote on the last one regarding their progress on W2K migration. You can see the full results on our site and vote for the new one as well Click here to vote:

    Now, let's have a look at all that news of this week!

    Warm regards,

    Stu Sjouwerman
    (email me with feedback: [email protected])

  •   SPONSOR: Ecora
    documentation can tame all of these, over our Website or behind
    your firewall. For all NT and Exchange Networks. A few clicks and
    out comes comprehensive, full-text documentation in PDF, HTML,
    or WORD. No software to configure or maintain. FREE server trial.

    Visit Ecora for more information.

    Who cares about Security? Users sure don't

    Ever seen an end-user locking their workstation because they were concerned with company security? Fat chance unless you are in a secure Department Of Defense site and it was drilled in from Day One with threats of punishment by death ;-)

    Recently, some AOL support techs opened up attachments that allowed hackers to grab customer data, credit cards and passwords. Just an example of how wrong things can go _even_ if your end users are warned and/or technically proficient. I'm sure that AOL will investigate and roll out a 'Corporate Security Awareness Program' that stresses the importance of security. And will it help? Forget it, won't work.

    Most employees identify easily where the corporate priorities lie, and it is clear that security isn't one of them. For most of them, having to press ctrl-alt-del and then Enter to lock the workstation and then opening it up with a password is simply a pain in the neck and too much work for a 10 minute break.

    Even high executives that allow security flubs to happen do not get shot as long as they produce good bottom line results. So who _does_ get the bullet in those cases? IT guys that were supposed to keep the company networks safe but without the resources to do it. Perhaps one day your top management will have a major realization that security really is important and this will start to trickle down through the command channels.

    But for now, it's up to us in the trenches. So you really have to get solutions in place for outside attacks in the form of firewalls and anti-virus software. In Sunbelt we just changed from a software based firewall to Cisco's PIX hardware based system. We love it. For Exchange virus protection we use Sybari's Antigen. Works like a charm.

    So, monitor your server logs, and your network traffic. But since a very high percentage of attacks come from inside the company, using existing security holes it is ab-so-lu-tely vital that you regularly run a scanner that sniffs out vulnerabilities and tells you how to fix them. That at least functions as a minimum job- protection measure.

    You should create your MINIMAL SECURITY TOOLKIT. What tools to use? Check our website for the following low cost security solutions:

  • Monitoring server logs: ELM - $350 per server
  • Monitoring Network Traffic: TrafficMax - $995 per admin
  • Scan your Security Holes with: STAT - $795 for 10 nodes
  • Auto-logoff workstations with Fortress-NT - $495 for 50 users

    New W2K Kerberos network security protocol explained

    (The name Kerberos comes from Greek mythology where it was the three headed dog that was guarding the gates to Hades. Why some one would purposefully _want_ to get in there is still a riddle though.)

    DEFINITION: Kerberos is a network authentication protocol that allows one computer to prove its identity to another computer across an insecure network by exchanging encrypted messages. Once the identities are verified, Kerberos provides the two systems with encryption keys for a secure communications session.

    The protocol was created by MIT in the 1980's so it's a standard protocol. It is a three-way protocol between: The Client, the Server and the Key Distribution Center (KDC). Kerberos does its magic because both client and server share a secret with the KDC. The KDC does two things: Authenticating and Granting Tickets. By exchanging a series of tickets, (encrypted messages) the KDC generates new encryption keys for each stage of the authentication process. The result is a secure, encrypted session between the client and the server.

    The 1-hour webcast below is really excellent if you want to understand the keys to why the new Kerberos authentication is superior in strength and in reducing server workload, among other things: [wrapped]
    http://support.microsoft.com/servicedesks/webcasts/ wc040600/wcblurb040600.asp?LN=EN-US&SD=tech&FR=0

  •   NT/2000 RELATED NEWS

    Big Microsoft News Roundup of this week

    Here is a gaggle of all kinds of MS-related items.

    1. MS is coming out with its own cookie crusher. IE users will be able to delete all cookies and also refuse cookies to be dropped on their hard disk. It's a mixed blessing, as you'd lose all the nice personalized settings like your one-click purchase at Amazon and other conveniences.

    2. Compaq is MS's first officially approved OEM for W2K Datacenter. MS has instituted a mandatory approval process for hardware outfits that want to bundle W2K Datacenter with their boxes. Datacenter was to be released 120 days after the other W2K flavors but they are late as usual. The very first Release Candidate saw the light this week, so they are getting close.

    3. Microsoft's last Quarter was only a little bit better than the slowed expansion that they warned us for at the end of Q1-2000. Due to the fact that a whole bunch of people are waiting for Service Pack 1 to arrive, there was no boost in W2K sales during April-June. (It was delayed again. Look for it in the coming weeks though)

      And since most of the existing sites using BackOffice were waiting for the new BackOffice 2000, that did not sell too good either. So the sales were flat at $5.8 billion. They were $5.76 billion in the same quarter last year. Profits were $2.41 billion, 44 cents per share. They made a whopping investment revenue of $1.13 billion.

      SQL Server was the big hit last quarter. Microsoft didn't release specifically broken out sales figures for Win2K, but there are about 3 million licenses out there now, which means decent growth. Due to a continued scarcity of PC parts, systems builders did not create as many servers as usual, and OS sales slumped as a result.

      Microsoft's results over the whole year were impressive despite the flat sales in their Q4. Numbers for their full fiscal year that ended June 30-th were up 16% to $22.96 billion and profits were up 20% to $9.42 billion. The shares bounced up 1.9% after the news release, but are down about 9% for the week.

    4. Running W2K? Some apps have compatibility problems? MSDN's web site has a new tool that will help you pinpoint where the trouble is. I suggest you get your hands on the new Win2K Application Compa- tibility Toolkit over at

    5. Running Exchange? One of the most interesting shows is the MEC. (Microsoft Exchange and Collaboration Solutions Conference 2000) Sunbelt will be there too, and you can pick up some goodies at our booth. The W2Knews Target Awards will also be given to the lucky winners. The show is October 9 through 13 in Dallas, TX and a bit later at October 24 through 26, in Nice, France. To register, click here:

    6. A newly discovered vulnerability in Microsoft Corp.'s Outlook and Outlook Express e-mail clients could give outsiders access to a remote computer simply by sending it an e-mail message. And unlike the wave of viruses that have hit PCs worldwide in the last few months, this hole can be exploited without the recipient even opening the message. For the whole story, mouse your way to:

    7. Looks like IDC models show that MS will maintain its hold on the Client OS market. The IDC projections show that Windows products generated approximately 87 percent of revenues in the that segment during 1999. By 2004, NT Workstation and Windows 2000 Professional will account for about 85 percent of all Client revenues. More at:

    How To Keep A (Cheap) Eye On Your Network Health

    Your network consists out of a bunch of network components like systems, routers, hubs, switches, and servers. Each of these can go down. It would be nice to have a low cost tool that can ping all these components and warn you if they are sick and need their mommy.

    At the most basic level, Event Log Monitor can ping any TCP/IP device at any specified interval (in minutes) to verify that the device is up and on the network. The next level of monitoring is done via SNMP. Any device that can generate an SNMP trap (alert) can be monitored by ELM. ELM will receive these traps as if they were events, allowing you to leverage ELM's notification engine and database features.

    ELM can also send SNMP traps, enabling it to be upstream or downstream of any SNMP framework management system you already might have in place like Tivoli, OpenView or CA Unicenter. And, ELM 2.2 just introduced Syslog integration. Any device capable of acting as a Syslog client can send Syslog messages to the ELM Console, which can act as a Syslog server. The ELM Console can also act as a Syslog client, enabling it to be upstream or downstream of any customer-owned Syslog management system.

    This means that for just $345 you have a _very_ useful tool to keep an eye out for your network health!

    BrainBuzz Offers Career Help

    Because the IT career has so many different stages, it's difficult to find one site that encapsulates all of the information you need for the particular stage that you're in.

    If anyone comes close, it's BrainBuzz.com. This is a very cool site that literally offers something for every stage of your IT career. Whether you are a newbie or a veteran, a developer or an engineer, a student or a trainer, a job seeker or an employer...you can find information on BrainBuzz.com that will make your job easier.

    Of particular interest to certification students are the Windows 2000 study guides found on BrainBuzz's certification and training page, known as Cramsession. Most of these free Cramsession study guides were available to the public before the exams were released by Microsoft. There are also Cramsessions for many of the major IT education vendor certifications, including Novell, Cisco, CompTIA, Lotus, Oracle, and Linux.

    On July 28, 2000, our subscribers will be receiving a complimentary copy of the Cramsession Must Know Newsletter. This special edition of Must Know News comes packed with training and certification news and resources. This is a special offer for our Sunbelt W2Knews subscribers, from Sunbelt and BrainBuzz.com. Enjoy!

    To subscribe to Cramsession Must Know News, go to:


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Really useful site with all kinds of hard to find NT and 2000 resources.
  • MCP Magazine just got their Salary Survey online. A must see:
  • Vote for your FAVE TOOLS! Very useful resource. See what your colleagues prefer:
  • Windows 2000 and Exchange Connections: Oct 4 - 7 2000, Scottsdale, AZ. The most powerful Windows technology conferences co-produced by Windows 2000 Magazine, delivers over 45 hard-core sessions by the savviest experts and writers in the industry. The keynote sessions by Mark Minasi, world-renowned Windows speaker and writer, and Microsoft's Barry Goffe, lead product manager, will inform and provoke you. Computer labs, exhibits and networking parties will keep you busy for three days of non-stop opportunities. Register early to save $100 and receive a free pass to also attend the sessions of the concurrently run SQL Connections. Details at
    or call 800-505-1201 or 203-268-3204