- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 16, 2000 (Vol. 5, #49 - Issue #223)
The Name Of The Security Game: Proactive
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • An Immense Amount of News This Week
  2. TECH BRIEFING
    • The Name Of The Security Game: Proactive
  3. NT/2000 RELATED NEWS
    • You Can Now TweakUI Windows ME/NT/2000
    • MS Intro's TAHOE Document Server
    • Enormous EDS Navy Contract: MS & Dell Share Bounty
  4. NT/2000 THIRD PARTY NEWS
    • MS Drops 175Mil+ on NetIQ
    • New Security Tool Released: Enterprise Security Reporter (ESR)
    • NEW: Tired of AT scripting? Replace it with Opalis JobEngine!
    • How Sprint Keeps Servers From Running Out of Space
    • Change Member Servers to BDC and back? Use U-Promote
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  SPONSOR: NETIQ
ARE YOU SURE YOU'RE SECURE? Get your FREE copy of Windows NT
Security: Step-by-Step, a valuable 36-page resource guide
produced by the highly regarded SANS Institute.
Order now! Limited quantities available.
Lock out potential violators to your Windows NT and
Windows 2000 network with security protection from NetIQ.
Nobody does Windows 2000 better. Nobody.

Visit NETIQ for more information.
  EDITORS CORNER

An Immense Amount of News This Week

Hi NT/W2K Pros,

With me being at the MEC in Dallas last week, you would not believe the amount of mail and news that has piled up while I was away. I have been scanning stuff for *hours* before I could even start writing this week's newsletter. So I'm going to keep all items relatively short, to get you at least the most important headlines all in one go.

Pardon Our Dust: a small section of you received an old newsletter dated May 4 last week. Our Lyris listserver had some major database corruption. Then we found that the very last version of the backup tool we used, had not made valid backups for about a week: Aaaugh! After a whole day messing with restores we got back a version of the October 3-rd. Sorry for the dust during the reconstruction. Everything is back to normal now. Still mystified what caused it though.

If I see any good 'end-of-year' deals I'll send you a W2KnewsFlash.

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: NETWORK-1
Now -a Firewall that operates like a Bridge, not a Router
Now you can install a firewall into your network without having
to touch any IP addresses. In fact, even the firewall has no IP
address! Try hacking that. CyberwallPLUS is even ISCA-certified
for reliability. CyberwallPLUS - the way firewalls are supposed
to work. Free 14-day evaluation:

Visit NETWORK-1 for more information.
  TECH BRIEFING

The Name Of The Security Game: Proactive

How many of your users walk away from their workstations without locking it for hours at a time? And how many happily click on the "save my password" button on a website? That option is another way of saying: 'store my password in a persistent cookie on my harddisk'.

And don't tell me you are not guilty. Everybody is, except for some secure sites where the punishment is death if you forget to give your workstation the three-finger salute and press Enter. [grin]. So, what to do? Being proactive in your Security management is the thing to do. That means a series of policies and procedures in place, that sometimes are a headache for users which then rebel. That is why Top Management involvement providing air cover is a must.

You also need to talk about a separate budget for IT Security, and ideally not bundled into the normal IT soft- and hardware expenses. It is a separate discipline, and way too often overlooked, under- estimated, and only activated after the damage has been done. Does your company have a separate IT Security Audit officer? Should it? You bet your boots you should.

If not full-time, train some one to wear this hat at least part- time and give them the tools to get the job done. If staff *know* some one is doing regular scans for illegal software, if strong passwords are simply enforced, if weekly checks for excessive permissions are done and action taken if found, you are getting in the right direction. But for Pete's sake, DO SOMETHING! More suggestions below.

If you run into a bug or suspected security vulnerability, this is where you can go to check and/or report on it. It's the Microsoft Security Response Center.
http://www.microsoft.com/technet/security/sectour.asp

If you want to do a regular excessive permissions scan, here is a brand new tool that will help to find them and report on these for action: It's called Enterprise Security Reporter.
http://www.sunbelt-software.com/product.cfm?id=787

IDG News reported that half of small and midsize enterprises will suffer Internet attack as per Gartner Group. They claim small and midsize enterprises need to watch their backs, as they are likely targets for Internet attacks, and many will fall victim between now and 2003.

More than half of those that manage their own network security and use the Internet for more than e-mail will be hit and more than 60% of companies that are targeted won't even know what hit them. Gartner recommends four steps for protection: Security checkup, firewall configuration, boundary services and consolidated remote access with strong authentication. Here is the full article:
http://www.nwfusion.com/news/2000/1011attack50.html

And here are all the Best-of-Breed Sunbelt Security tools:
http://www.sunbelt-software.com/search_category.cfm#SEC

  NT/2000 RELATED NEWS

You Can Now TweakUI Windows ME/NT/2000

Tweaking the User Interface is always fun, you can make it behave exactly as you want it to. TweakUI is one of those free, unsupported but very useful little tools provided by MS. The latest version now supports W2K as well. Good for people with paranoia as it can erase all the tracks of your recent activity.
http://www.microsoft.com/ntworkstation/downloads/powertoys/ networking/nttweakUI.asp

MS Intro's TAHOE Document Server

At the MEC, I got curious about what Tahoe was all about. Well, in a nutshell it's like YAHOO for your Intranet, and with automatic indexing to boot. They were showing a beta version that of course crashed at the show and needed a wipeout and rebuild but while that was happening, I got a verbal explanation. BTW, the MS-guy that did the demo commented: "When in doubt, wipe out!" Interesting motto.

Anyway, this puppy manages internal documents for workgroups of 1000 people and below. It scans Word, Excel and PowerPoint docs and indexes them for easy retrieval. It comes with its own search engine which is a spider comparable with an internet crawler.

The way you get a document on the Tahoe server goes like this:

  1. You make it, no one else can see it. Phase= Checkout
  2. You release the lock, for peer review. Phase= Checkin
  3. Now it will be published and is visible. Phase= Publish
  4. (Conditional) Final Issue Authority: Phase= Approval
The last phase can be combined with 3) above when needed.

What you get out of this? Better documentation of the work done, and easier to find who wrote what and where is it. Ideal for groups that have to generate a lot of documents. Look for it mid to end 2001. Beta's are available for the strong of heart.

Enormous EDS Navy Contract: MS & Dell Share Bounty

It was all over the newspapers and the EDS stock went up immediately. They won the bid for the U.S. Navy for a Windows-based corporate network. This contract is the largest ever for the US government.

It's a 5-year deal covering $4.1 billion, and if they decide to extend the contract for 3 more years the total could even be $6.9B. EDS needs to first install and then manage a humongous intranet of 350,000 seats. The network links all 300 Marine and Navy bases.

The interesting thing is that this was a PC versus Mainframe battle. EDS was bidding against a combine of CSC, General Dynamics and IBM. The winning EDS partners are Raytheon, MCI Worldcom and Waminet. MS and Dell provide software and hardware for the deal so stand to win substantially. Cisco was tapped for all the networking gear.

EDS claims the contract will save the Navy a cool $ 1 Billion per year. Seems the Navy has done their homework and agrees. Interesting to see if that actually pans out.

  THIRD PARTY NEWS

MS Drops 175Mil+ on NetIQ

It's a small world. In 1996, Sunbelt decided that an event log monitor tool called SeNTry made by Serverware in the UK would be excellent for NT system administrators. We did well with it. But a while later, the Serverware people sold their tool to MissionCritical (MC) for a good chunk of cash but not more than $10-20Mil in my estimation. MC did not want Sunbelt to distribute it, so we needed to find another event tool.

The MC people kept developing SeNTry further, and after a year or so, renamed it to 'OnePoint Operations Manager'. Then NetIQ merged with MC, and the 'Onepoint' was lopped off. Next, NetIQ continued to develop it. And guess what? Microsoft thought it was a good idea to provide event management with W2K. I thought so too, just a little earlier. [grin]

NetIQ sold off the code to MS this week, but for a whopping 175Mil to be included in the new .NET initiative. Neat profit margin. I wish my friend and the original technical developer Selim Kohen was still here to see this happen, but he passed away recently due to a heart attack at the too young age of just 50. Selim, RIP, your original idea just got the ultimate endorsement.

The code will now be called Microsoft Operations Manager. MS will grab the existing code, spruce it up and run it through their internal quality control. It will see the light of day in a new retail deal by MS somewhere in 2001. No idea what it will cost yet though.

MS pays NetIQ $175Mil for OpsMan, next they will pay $6M/yr more in the next 3 years to develop additional projects, $5M/yr for co-op marketing and MS will also buy NetIQ stock for three years at the rate of $5M a year. Sum Total: 211Mil. Not to be sneezed at.

New Security Tool Released: Enterprise Security Reporter (ESR)

So how do you find out which objects on a network a user or group has *effective* permissions to, without manually examining each individual object on your network?
And ever asked yourself:

  • To which groups does a user belong?
  • To which folders and files does a user and/or group have access?
  • How can I view *all* the shares and their permissions on the LAN?
Using the tools that come natively with NT/W2K you quickly realize that it is nearly impossible to gather the data to produce the reports you need. ESR is a powerful security reporting package that was created to comb through the vast amount of data on your network so you can analyze, query and report on the security and configuration of your network.

Some of the features:

Create unique summarized permissions reports - - ESR's exclusive Delta Permissions Reporting technology targets and reports permission changes on folders and files that differ from those of its parent folder, enterprise wide.

Powerful Reports - Featuring reports developed using Seagate Software's Crystal Reports, ESR reports can be exported to numerous formats and you can email them to others.

Support for Microsoft Access Reports - By natively supporting Microsoft Access reports, ESR allows you complete flexibility in developing your own reports in a tool most people are familiar with, and then letting you run these reports from the ESR interface.

Scalable Data Discovery - Using either a centralized data discovery agent or distributed data discovery agents, ESR can accommodate both small and large networks without becoming intrusive.

Remote Agent Installation - Install the agents on remote servers without having to log onto the server itself.

Open Database - ESR uses MS-SQL Server 7 or the scaled-down Microsoft Data Engine as its back-end database. This means you can use any tool you want to connect to and query the data. The ESR database is fully documented so you can write your own queries and reports.

And more features like:

  • Parameterized Queries
  • Enterprise Scopes
  • Browse Real-time Data
  • User Extensible
    Check it out at:
    http://www.sunbelt-software.com/product.cfm?id=787

    NEW: Tired of AT scripting? Replace it with Opalis JobEngine!

    For just 199 bucks you can automate Job Processing instead of spending tons of time with the AT command. Opalis JobEngine is one of the Modules of Opalis Robot we have broken out of the package at popular request.

    It's an advanced job scheduling and automation tool for Windows NT/2000 environments. You can use it to automate routine tasks and multi-step job sequences to improve productivity and availability of resources.

    JOB SCHEDULING & PROCESS AUTOMATION

    The Opalis JobEngine enables you to schedule jobs that run unattended. Daily tasks such running batch files, launching the back-up, connecting to the Internet and transferring files can all be automated. Weekly or monthly reboots, reports and file purges can also be scheduled.

    This is one of those little gems that can save you time and increase your productivity. Schedule uploads, downloads, file transfers, database updates, report generation, email distribution, backups, server reboots, internet connections, program executions, batch files and more, all without one line of writing a script.

    MANAGEMENT & NOTIFICATION

    You've got one cool interface to build and manage automated tasks. A detailed log provides a centralized view of job status, errors and a job description of each process. Receive real-time status on automated jobs. Detailed logging and reporting options available through standard communication channel such as email, telephone, pager, pop-up and ODBC/SQL databases. We have said enough. Here are the specs:
    http://www.sunbelt-software.com/product.cfm?id=585
    Buy it online with 24/7 delivery and a key emailed within 24 hours:
    http://www.sunbelt-software.com/onlineshop.cfm

    How Sprint Keeps Servers From Running Out of Space

    I decided to give you a case study on how one of the largest telecom outfits controls their disk space.

    Three call center groups at Sprint, in Kansas City, Missouri, use WQuinn's StorageCeNTtral on Windows NT file and print servers to make sure 5,000 employees don't run out of disk space. At the same time, these three call center groups don't want employees to misuse the amount of space that is assigned to them.

    For the past year, Eric Bosch, a systems integrator at Sprint's Business Service Group, has relied upon StorageCeNTral to monitor space usage on about 28 servers - a mix of Dells and Proliants - with an average of about 36 Gbytes of internal RAID.

    When Bosch first got StorageCeNTral, he immediately ran a report to find out why some servers were running out of space and others were at peak capacity. He says, "A few employees had 100s of Mbytes of .mp3 files in their home directory." Since the computer policy forbids certain types of files, such as .mp3's, from being stored on servers, Bosch deleted the files. He adds that he freed up about three Gbytes of space on some servers.

    StorageCeNTral allows Bosch easily to allocate a 150-Mbyte space quota to each home directory of the 2,500 employees on these servers. As employees get within 70 percent of their quota, then StorageCeNTral sends them an on-screen, pop-up message saying they need to clean up their file or they'll run out of space. They receive another message when they reach 90 percent of their quota, and again at 100 percent.

    He says, "When they reach 100 percent, we allow them about 10 percent more so they've enough room to store files they're working on. When they've cleaned up their area, then we readjust the quota to 150-MB."

    Bosch says that some employees grumble about having to clean up their space. On the other hand, he says, rapid disk growth is a real problem in a large company such as ours. Without StorageCeNTral, we'd have a difficult time finding out who is using all the disk space on a server."

    Bosch uses StorageCeNTral's reporting capabilities to look at disk space by users, ranked in descending order by the largest users. With the release of StorageCeNTral 4.1, Bosch will be able to give employees an HTML-page listing links to their largest files and or oldest files. An employee can first view a file by double clicking on a link. To delete the file, an employee can go back and click on the link and hit delete.

    Blocking certain types, such as .mp3's, from being stored on the servers has become an important concern for Bosch. He says, "Right now I delete any copies of games, such as Doom, or any .mp3. Since we use Tivoli for network management, someone suggested that we use it to set filters for blocking certain file types from being stored on servers. But you can't do this with Tivoli." StorageCeNTral 4.1's filescreening capability will allow Bosch easily to set filters on just about any type of file, such as The Love Bug's Visual Basic Script, and prevent the file from being stored on a server.

    With the servers being upgraded to 80 Gbytes Bosch says he looks forward to using StorageCeNTral 4.1, which he recently downloaded. He says, "StorageCeNTral just sits there keeping an eye on your disk usage. It doesn't require any maintenance or put any strain on a server's CPU."
    http://www.sunbelt-software.com/product.cfm?id=423

    Change Member Servers to BDC and back? Use U-Promote

    On the NTSYSADMIN list the following question was asked: "Does any one have any experience using Utools "U Promote". Any feedback especially any comments why I should not use this product would be appreciated. I need to rebuild several Domain Controls for a major domain migration project. This tool seems like a tremendous time saver".

    Two answers came: "It's worked very well for us. No problems to report. (I've not experienced it fail, but it would be wise to take a full backup before doing this.) This question has come up often over the past several months so you should be able to find many hits in the archives.

    and

    "I have used it on 2 machines in our domain. Changing a member server to a BDC and a BDC back to a member server. Worked very well. Easy and quick. No complaints".
    Where?
    http://www.sunbelt-software.com/onlineshop.cfm
    Single copies: $99.95
    Unlimited: $239.95

  •   FAVE LINKS

    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Want to understand how LDAP (Lightweight Directory Access Protocol) works? Here is a white paper that explains.
    http://www. microsoft.com/windows2000/library/howitworks/activedirectory/ldap.asp
  • Want to get into the latest IT fashion fast? SearchXMLresources.com will do the trick. Check out:
    http://www.searchXMLresources.com/p1
  • Where the IT gossip hits first: The Register site in the UK:
    http://www.theregister.co.uk