- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 31, 2000 (Vol. 5, #32 - Issue #206)
Service Pack 1 is Here!
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • ! W2K Service Pack 1 IS HERE !
  2. TECH BRIEFING
    • The Worst Security Mistakes You Can Make
  3. NT/2000 RELATED NEWS
    • Linux takes over NetWare as the #2 Server OS
    • MS casts its .NET spells on Analysts
    • Tempest of Outlook Security Fixes
    • Special offer from SQL Server Mag for W2Knews Subscribers
    • Microsoft tries to woo Novell NDS customers
    • Need to design a new Lan? Ask Ed Tittel live
  4. NT/2000 THIRD PARTY NEWS
    • OpalisRobot Improves Availability and Performance
    • NEW Enterprise Config. Manager 3.1: Mobile Users Support
    • Dow Chemical Fires 50 After E-Mail Probe
    • Hate coding? Tired of login-script debugging? Move Fast!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  SPONSOR: Computing Edge
Having difficulty managing your mobile and remote users? Looking
to gather hardware and software inventory from these "sometimes"
and "never connected" systems? Computing Edge Inventory +Solution
makes gathering inventory from LAN and remote users simple. Run
Inventory +Solution from the network, floppy (never connected) and
even gather inventory from users who only have a dial-up Internet
connection. Seamless Microsoft SMS integration. Inventory +Solution
web reports will blow you away. FREE 30-day eval. Register to win a
Compaq 18" flat panel monitor.

Visit Computing Edge for more information.
  EDITORS CORNER

! W2K Service Pack 1 IS HERE !

Hi NT/2000 Pros,

THIS IS A RESEND. I started today at about 3 pm to send this issue but at 8pm I received an email that SP1 for W2K was available so I interrupted the broadcast to tell you the news.

Keep in mind that often after being posted, it disappears again for a while before it comes back with even more bugfixes. So be warned: test, test, test!

These links worked when I tested them Sat July 29, 2000 at 20:15

http://mschus.www.conxion.com/download/win2000platform/sp/sp1/NT5/EN-US/sp1network.exe

http://mssjus.www.conxion.com/download/win2000platform/sp/sp1/NT5/EN-US/sp1network.exe

http://msvaus.www.conxion.com/download/win2000platform/sp/sp1/NT5/EN-US/sp1network.exe

And remember to vote in the new SunPoll[tm]
Q: In which area is currently your biggest System Admin Headache?

  • User Account Management
  • Storage Management
  • Security
  • W2K Migration
    You will see immediate and surprising results! Click & Vote:
    http://www.sunbelt-software.com

    Now, let's have a look at those Security Mistakes.

    Warm regards,

    Stu Sjouwerman
    (email me with feedback: [email protected])

  •   SPONSOR: Tranxition
    ALLEVIATE MIGRATION PAIN. REDUCE COSTS. KEEP USERS HAPPY.
    Personality Tranxport(tm) Professional(PT PRO)- Rated BEST overall
    migration product by PC Mag. Perform deep migrations. Great for
    mass PC replacements and cross WIN OS/application upgrades.
    Capture the complete user state including data (6,500 personality
    items) and transfer it to new desktops in minutes. Purchase online:

    Visit Tranxition for more information.
      TECH BRIEFING

    The Worst Security Mistakes You Can Make

    Now, I have to immediately admit that I did not think all these up myself. I'd be making millions as a security consultant in that case . They are a small part from a SANS institute poster that I got in the mail with the invitation to come to their Network Security Seminars. A whole team created these most unwanted flaws.

    If you want to get Security Certified, these SANS seminars are truly excellent. You will find a hotlink to SANS at the bottom of this section. (BTW, You could send these below lists to the respective groups, and ask for management permission to get security trained). And read through them as a checklist of the most urgent things you want to fix right away.

    THE FIVE WORST SECURITY MISTAKES END USERS MAKE:

    1. Opening unsollicited email attachments without verifying their source and checking their content first.
    2. Failing to install security patches, especially MS Office, IE and Netscape.
    3. Installing Screen Savers or games without safety guarantees.
    4. Not making and testing backups.
    5. Connecting a modem to a phone line while the same computer is connected to a LAN.

    THE SEVEN WORST SECURITY MISTAKES SENIOR EXECUTIVES MAKE:

    1. Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job.
    2. Failing to understand the relationship of information security to the business problem - they understand physical security but do not see the consequences of poor information security.
    3. Failing to deal with the operational aspects of security: making a few fixes and then not allowing the follow through necessary to ensure that problems stay fixed.
    4. Relying primarily on a firewall.
    5. Failing to realize how much money their information and organizational reputations are worth.
    6. Authorizing reactive, short term fixes so problems re-emerge rapidly.
    7. Pretending the problem will go away if they ignore it.

    THE TEN WORST SECURITY MISTAKES INFORMATION TECHNOLOGY PEOPLE MAKE:

    1. Connecting systems to the Internet before hardening them. (removing unnecessary devices and patching necessary ones).
    2. Connecting test systems to the Internet with default accounts and passwords.
    3. Failing to update systems when security vulnerabilities are found and patches or upgrades are available.
    4. Using telnet and other unencrypted protocols for managing systems, routers, firewalls and PKI (Public Key Infrastructure).
    5. Giving users passwords over the phone, or changing passwords in response to telephone or personal request when the requester is not authenticated.
    6. Failing to maintain and test backups.
    7. Running unnecessary services, especially ftpd, telnetd, finger, rpc, mail, rservices (some of these are Unix specific).
    8. Implementing firewalls with rules that allow malicious or dangerous traffic - incoming or outgoing.
    9. Failing to implement or update virus detection software.
    10. Failing to educate users on that to look for and what to do when they see a potential security problem.

    And SANS gave a bonus one too ;-) Allowing untrained, uncertified people to take responsibility for securing important systems. Well, you got the message: Get Trained!
    www.SANS.org
      NT/2000 RELATED NEWS

    Linux takes over NetWare as the #2 Server OS

    Some interesting numbers from IDC. Last year, in terms of new licenses shipped, Linux overtook NetWare. That is no wonder of course. Novell (and SCO Unix too) have lost the commitment of their resellers and OEM's to a very large degree. These are now all mainly installing Linux and NT/2000 for their customers.

    IDC forecasts that Linux will grow fast, but will stay so small that MS will not lose any sleep over it. IDC just came out with its new "Server Operating Environments Market Forecast and Analysis, 2000-2004.

    They predict that Linux shipments will grow at 28% and revenue will grow at a compound annual rate of 23%. The unit volume of all OSes together will increase 17%. But if you look a little closer at these numbers, the conclusion is that Linux server revenues in 2004 will be only around $85 million. And MS makes that kind of money in just a couple of days.

    MS casts its .NET spells on Analysts

    Last Thursday MS tried to explain their new .NET magic to the financial analysts who had traveled to the Redmond Mountain. In a nutshell, MS spun a story about the Internet in a few years from now, where people do not buy software, they rent it. (I warned about this in NTools E-News - June 12, 1999)

    MS was painting a picture of the transition from the old client/ server model to the 'New Net World' where the platform is the Internet. Here, everything talks to everything else and often via the ether with the XML language as the chief Wizard.

    What MS really is planning to do is breaking up all their software in small modules, that you can use on whatever device you happen to have around. No more monolithic Office applications, no more BackOffice bundles that you buy all-in-one. You only rent the stuff you need. That means MS-Word could shrink to normal size again. That would be a relief, except for the monthly fees.

    Money wise, it looks like they are going by something like rental fees that are so low that you pay in 2 years what you otherwise would pay to buy the software outright. After that 2 years they will start to make out. The software you rent would blur the distinction between stuff running on the desktop, the server or anywhere on the Internet, via some sort of Browser on steroids.

    Sounds like this dream may take a while to materialize. I'm wondering about the time it will take to go from NT to .NET.

    Tempest of Outlook Security Fixes

    Microsoft has released a tempest of fixes for Outlook and Outlook Express in the last couple of weeks. There are too many to mention. If you are deploying Outlook in your corporate environment, it is a very good idea to regularly check the following site:
    http://windowsupdate.microsoft.com/

    Special offer from SQL Server Mag for W2Knews Subscribers

    Subscribe to SQL Server Magazine today and receive a 25% discount off your subscription. SQL Server Magazine is the only magazine devoted to how-to advice and articles about SQL Server. If you work with SQL Server, this magazine will save you time, energy and frustration - subscribe right away, click here and do it now!
    http://www.sqlmag.com/sub.cfm?code=er00erpxsun

    Microsoft tries to woo Novell NDS customers

    MS released last Wednesday Microsoft Metadirectory Services 2.2. If you are running multiple directories in your enterprise, MMS is a tool that makes it easier to manage those. It also simplifies the deployment of Active Directory. But this thing is aimed straight at loosening up the hold that NDS has on large enterprises.

    What MMS does, is extend the network management capabilities of Active Directory across multiple types of directories. If you have information about your employees, customers, systems and resources, MMS enables real-time synchronization of directory information into Active Directory.

    The next step that MS envisions is that you use AD primarily, and in the long run phase out NDS or other directories. It's going to take a while as NDS has about 5 years head start on AD and is better developed. AD still needs some work to be up to par with NDS. I'm being mild here. But over time MS will catch up, and third party tools will certainly come to help.

    Need to design a new Lan? Ask Ed Tittel live

    Have questions about designing a new LAN or integrating existing multiprotocol LANs? Then join a Live Expert Q&A session with Ed Tittel, president of LANWrights Inc. and vice president of IT certifications at LeapIt.com. Tittel, who has coauthored numerous networking books, like Windows NT Power Toolkit with yours truly, will answer your questions about wired LANs of 4 Mbits/sec or higher.
    Log on at:
    www.SearchNetworking.com
    On Tuesday, August 1, at 11:00 EDT and engage in the interactive discussion with Ed Tittel.

      THIRD PARTY NEWS

    OpalisRobot Improves Availability and Performance

    OpalisRobot was reviewed & recommended by NT/2000 Guru Ed Tittel. This tool allows you to improve the availability and performance of your servers. OpalisRobot actually covers more than one 'tool category' with its unique combination of job scheduling, application /event log monitoring, and notification and corrective action features. It automatically fixes network errors before they affect your business critical resources. You can automate routine tasks, monitor critical resources and do job processing with one product! I suggest you get a 30-day eval and Download OpalisRobot over at:
    http://www.sunbelt-software.com/product.cfm?id=585

    NEW Enterprise Config. Manager 3.1: Mobile Users Support

    The new ECM 3.1 is a powerful tool that arms you with configuration management. You need this to keep large environments under control. ECM now also supports mobile Windows NT/ 2000 systems. It alerts you, the help desk, and/or enterprise management frameworks like Unicenter, Tivoli or OpenView of critical system configuration changes.

    These new features reduce downtime for mobile users, as you can now standardize their notebook systems like you can desktops and servers. You can resolve problems faster with ECM 3.1?s high power collection and filtering of registry configuration settings.

    ECM enables you to efficiently and cost-effectively standardize server, workstation and mobile system configurations, and keep them in compliance, minimize downtime, accelerate problem resolution, reduce help desk calls and enhance system performance. Actually, ECM can help you to identify and help correct configuration problems _before_ users even know they exist. Major time and money saver:
    http://www.sunbelt-software.com/product.cfm?id=522

    Dow Chemical Fires 50 After E-Mail Probe

    (Reported by TechRepublic.com from an Associate Press Article)
    I'm giving you a short version of what happened there. Last week during an investigation by The Dow Chemical Co. of their employee e-mail they found that people at all levels had sent pornography and violent images from company computers. This lead to 50 people being fired and 200 others disciplined.

    Eric Grates, spokesman for Dow's Michigan Operations said: "There was a whole range of things, from mild pornography to very graphic pornography and some seriously violent images." The investigation by the nation's No. 2 chemical company was sparked by an employee complaint in May. The company does not monitor e-mail on a regular basis, Grates said.

    When DowChem officials looked into the complaint, they quickly found out that it was more than just one worker. They then decided to make a snapshot of all e-mail use during one week in May. Grates said: "We have to protect our other employees, this sort of activity creates a harassment environment that we can't tolerate."

    Last March, employees were sent books that outlined company policies, including the prohibition of computer use for personal and objectionable subject matter, he said. "It specifically discusses what is and is not tolerated," Grates said.

    Last year, the New York Times fired 22 employees in Virginia for something similar and Xerox Corp. fired 40 workers for spending work time - in some cases up to eight hours a day - surfing pornographic and shopping sites on the Web.

    I strongly suggest you talk to your management and get two tools in place that nip this in the bud. Use TrafficMax to monitor web traffic and stop the 'employee time drain'. Use Mail essentials to monitor your (Exchange) email traffic. You need this tool anyway to filter for malignant virus attachments. 30-day Downloads over at:
    TrafficMax:
    http://www.sunbelt-software.com/product.cfm?id=740
    Mail Essentials:
    http://www.sunbelt-software.com/product.cfm?id=610

    Hate coding? Tired of login-script debugging? Move Fast!

    Let me ask you some questions:

    • Are you still modifying the registry of new computers manually?
    • Still installing the latest service packs by hand?
    • Still creating Outlook profiles manually?
    • Would you like to know who logged on to what station, with what IP address, privilege level and when?
    • Frustrated by trying to create a real "logon script" with a myriad of MS-DOS batch file commands?
    • Sick and tired of login-script modifications and debugging?

    We have found ScriptLogic to be extremely popular in this area. As a matter of fact, this tool is the world's best selling enterprise logon-script generator. (Version 3 is coming soon but there is a BUY NOW special going for the current version. Ask your Rep about it quickly).

    You have the ability to display your own company's bitmap logo in place of the default Inteletek ScriptLogic splash screen during the logon process, and you can redirect shell folders such as bookmarks, desktops, start menus, etc. to network shares or user home directories. All without coding a single line.

    Looking for a logon-script time saver? Mouse your way over here:
    http://www.sunbelt-software.com/product.cfm?id=299

      FAVE LINKS

    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Need to construct a Disaster Recovery Plan? Here's an outline.
    http://www.dlttape.com/ProveIt/steps/plan/drp/toolkit.asp
  • Need to check last login? NET USER /domain command, or else DumpACL/DumpSec utility at
    www.systemtools.com/somarsoft
  • Vote for your FAVE TOOLS! Very useful resource. See what your colleagues prefer:
    http://www.sunbelt-software.com/targetawards/
  • MS Comes Out With IIS 5.0 Security Checklist
    MS recently came out with a new security-related checklist that will help you to harden your IIS 5.0 systems. They called the document "Secure Internet Information Services 5 Checklist". It shows you 12 areas you have to address, and some more W2K things you need to tweak.
    http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=178&TB=news