- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 23, 2000 (Vol. 5, #50 - Issue #224)
NEW: W2K Survival Kit
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • New Free Sunbelt Peer-to-Peer Support List: AD
  2. TECH BRIEFING
    • Security Comes In Many Flavors
  3. NT/2000 RELATED NEWS
    • MS Shares Jump 21% This Week
    • George W Bush Prefers "Innovation Over Litigation"
  4. NT/2000 THIRD PARTY NEWS
    • W2K Survival Kit, Limited Edition
    • New AutoPilot Gives Strong Performance Gain Results
    • Read This QualysGuard Security Scan Success Story
      ~~~ How many holes in *your* LAN? Find out! ~~~
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Designing Security for a W2K Network
  SPONSOR: ALTIRIS
Migrating to Windows 2000? In a matter of minutes, would you
like the migrated PC to look, feel and work the way it did before
the upgrade? Altiris PC Transplant Pro gives end-users all
customized settings restored including, files, shortcuts, network
and printer connections, templates, e-mail and web addresses and
more. PC Transplant Pro makes transferring the files and settings
that make your PC unique--its personality--a quick and intuitive
process. Don't get stuck with a bad transplant! 30-day FREE trial!
Visit ALTIRIS for more information.
  EDITORS CORNER

New Free Sunbelt Peer-to-Peer Support List: AD

Hi NT/W2K Pros,

  • Sunbelt has just started a new free list for you on our Lyris list server: MS Active Directory. Since Exchange 2000 was just officially released, and is completely integrated with W2K and AD, many of you are going to have to confront this area now. Having your own peer- to-peer support list is going to be a big help, so here it is.

    Sunbelt sponsors this list, and in a nutshell, the list charter is simple: ON-TOPIC, NO NOISE and FRIENDLY. For a bit more detailed explanation:
    http://www.sunbelt-software.com/ad_list_charter.htm I expect this list to generate about 50 to 100 messages per day when it gets rolling. You can subscribe over here.
    http://lyris.sunbelt-software.com/scripts/lyris.pl?join=ad-list

  • The other fun point this issue is the new W2K survival kit. We have pulled together some pretty good stuff and bundled it for a 'Christmas Special Price' that cannot be beat. Check the Third Party News Section, you will like what you see.

    If I see any good 'end-of-year' deals I'll send you a W2KnewsFlash.

    Warm regards,

    Stu Sjouwerman
    (email me with feedback: [email protected])

  •   SPONSOR: Sunbelt Domain Reporter
    WHERE DID THAT EX-EMPLOYEE HAVE ACCESS?
    And what data did they take when they left? Security auditing is
    a major concern, as the security of data contained in the NT/2000
    file systems is hard to evaluate. There are no native tools that
    can report on file system permissions. Sunbelt Domain Reporter's
    NTFS reporting allows you to get specific info about where a
    particular user or users have been given explicit access -
    something not normally done outside of users' personal directories.

    Visit Sunbelt Domain Reporter for more information.
      TECH BRIEFING

    Security Comes In Many Flavors

    But a recent survey from SANS (www.sans.org) shows that the biggest challenge is to get people trained to begin with. You just gotta get trained in this area, so that you can then confront the threats. Getting Trained is the only affective ammo against attacks. To quote Stuart McClure and Joel Scambray, the writers of the Security Watch column in the venerable InfoWorld Magazine: "Security is not a goal, it is a process, and Security is not a product, it's a mentality".

    Most of upper management does not get this, and thinks products alone are the answer. Fuhgeddaboutit. Awareness is number one, and you only get that by being trained. More over, products you are using today may be deemed safe, but tomorrow a hacker my develop an exploit for that same product so big you can drive a truck through it!

    You need to become aware of how you are being attacked, so that you can then plan how to defend yourself. Some good organizations to get trained are SANS and the International Systems Security Certifications Consortium (www.isc2.org). And getting CISCO certified is also a must if you want to get a thorough understanding of the area. Some related and I hope useful links follow:

    MCSE Training Guide (70-220): Designing Security for a W2K Network
    http://www.sunbelt-software.com/bookclub/

    New large hole found in MS Web Server:
    http://www.msnbc.com/news/477722.asp#BODY

    Read how MS is incorporating BioLogons in W2K, interesting to know how that will work. Example: "Security via a Mouse with a fingerprint scanner built in". It works via an extension of the AD-schema.
    http://www.microsoft.com/presspass/features/2000/05-09ni.asp
    and
    http://www.identix.com/itsecurity/products/securitypack.html

      NT/2000 RELATED NEWS

    MS Shares Jump 21% This Week

    Microsoft shares jumped 21% this week after Thursday's pleasant surprise of the healthy fiscal first-quarter results and positive outlook. MS reported late Wednesday that profit from operations rose to $2.58 billion, or 46 cents a share, from $2.09 billion, or 38 cents, a year earlier. Revenues climbed to $5.8 billion from $5.38 billion which is a modest 8% growth compared to the growth rates of 30-40% a few years ago. The total results were in-line with what Wall Street expected.

    Win2K Pro sales now are roughly a third of all the desktop seats MS sells. Some of the big deals they bragged about are 17,000 seats at NASA, planned to total 60,0000, and 200,000 seats installed at Siemens. And, there are now a very surprising 11 million seats of Active Directory installed.

    The biggest chunk of revenues was for Desktop Apps: $2.14 billion (37%) of the total $5.8 billion in sales, down 3% year-over-year. This category includes MS-Office, Project, Visio and revenues from Win2K/NT Server, Exchange and BackOffice client access licenses (CALs). MS explained that all the above thrown together, some things went up and others went down. W2K server sales were increasing a lot, but the CAL revenues went down as customers wait deployment of W2K servers.

    MS has their new "enterprise software and services segment" and in this area sit Win2K Server, BackOffice and the other servers that run on NT/2000. This chunk's sales rose a healthy 9% to $1.04 billion. The big money maker was SQL Server 2000, that was released mid-quarter, together with growth in consulting and product support revenues. Some other results: SUN really shined with sales up 60% but Apple profits stank and its stock was punished on the Street. IBM PCs were profitable again with sales of $4.4 billion, up 11.9%, and profits of $65 million. On the flip side, mainframe sales were down 6.6% to $2.5 billion and the IBM stock tanked.

    George W Bush Prefers "Innovation Over Litigation"

    OK, I normally do not cover politics, but since this is regarding Microsoft and only happens once every 4 year in the States, I thought I'd spend a few lines on it. Presidential Candidate George W Bush, when asked about the MS case in an interview on CNBC last Thursday, said he preferred "innovation over litigation,". We all know it's a PR-world, and this line sure sounds like it came directly out of the MS PR-machine.

    Bush went for a fairly transparent play for votes in the state of Washington, and clearly chose for Microsoft's side in the antitrust case. However, he carefully avoided making any direct comments. Washington State is considered as one of those important so called 'swing states' (the vote could go either way). Washington has voted Democratic a few times in the past, so it is going to be interesting what Al Gore is going to do about this.

      THIRD PARTY NEWS

    W2K Survival Kit, Limited Edition

    Sunbelt Software has created a cutting-edge and advanced training kit that will exceed your expectations. A book written by 'experts from the trenches' and a dynamic series of 5 CD's (videos put on CD) that completely cover the new Windows 2000 system.

    Sunbelt is proud to present certified training expert Ross Brunson. He is a Microsoft certified trainer and currently has a 96% first time passing ratio. Ross trains the trainers that teach Windows 2000 classes. You could consider this your very own home ' W2K boot camp' at about 10% of the cost.

    Everything you need to know about Win2K! 'The book and the movie'. Plus a great performance boosting tool for W2K Professional thrown in the package: The new AutoPilot for Windows 2000! Who needs this kit?

    • NT/2000 CTO's
    • NT/2000 System Engineers
    • NT System Admins
    • W2K System Admins
    • NT/2000 Network Admins
    • NT/2000 Power Users, and any MCP that needs to survive the future

    The individual elements of this bundle normally are a total of $794.90 (Book: $49.95 + Training: $695 + AutoPilot W2KPro: $49.95) But this 'Christmas Special' Sunbelt Bundle is only $195.00! More over, we only produced 1000 copies of this Limited Edition. You will have to be quick to get your hands on this exceptional offer.

    You can download and watch two clips from the CD's in the section "White Papers, Documents and Other Files" to get to know Ross. Having these 5 CD's will give you all you need to get and keep W2K up and running. The Black Book is a great resource and AutoPilot for W2K (or NT as you will get both) is a nice performance booster.

    Grab that Credit Card and get your copy via the Online Shop. The shipping & handling for the US is 15 dollars. If you live outside the USA, call your local reseller. The prices will be higher due to higher shipping costs, so make sure to check for this first.
    http://www.sunbelt-software.com/product.cfm?id=227

    New AutoPilot Gives Strong Performance Gain Results

    We have the new AP for W2K on the website now. Sometimes other people's words are more convincing than my own, so I'm going to let two AutoPilot users do the talking:

    "I have a "normal day job" as the system administrator for the Federal Emergency Management Agency web site, plus I work as a network consultant with my own small company, where I normally deal with small networks of 10 users or less. Some of the networks have just one server that is tasked with doing everything from logon validation to running SQL, Exchange, Backups you name it. Through the use of AutoPilot, I have seen these heavily tasked (and sometimes lower performance, older) servers suddenly begin to run as if they had no workload to speak of.

    Performance gains of 16 - 35% are quite common in my experience. I run it at home on my network there, also, which ought to show just how much I believe in this performance booster! I recommend AutoPilot wherever I find a network that has a heavily (over)worked server, but they can't afford an upgrade of the server. For less than 10% of the cost of a server upgrade, AutoPilot can optimize performance on an older server and give it a new lease on life, and it can make a newer server sing. I recommend this product wholeheartedly to everyone!"
    -- John A. Clawson, MCSE

    And:

    "Hey Stu,
    The performance increase that I have been able to determine is 22% running MSSQL 7. That's using OLE DB as the driver on the client side, pulling 500 record sets from the database. The server is W2k Advanced Server. I sure appreciate the performance gain from AutoPilot. Thanks!
    -- John Docster, Network and Server Architect

    AP 30-day eval at:
    http://www.sunbelt-software.com/product.cfm?id=222

    Read This QualysGuard Security Scan Success Story
    ~~~ How many holes in *your* LAN? Find out! ~~~

    Todd Baginsky is the Web Architect and Internet Security Manager for Cincinnati Bell Wireless, a division of Broadwing Communications. He recently learned first-hand about the power of proactive vulnerability management through QualysGuard.

    "A few weeks ago, a new hack was revealed," he said. "Qualys had obviously added it to their scanning engine. QualysGuard found some- thing on my site that could reveal all sorts of data. I fixed the problem in an hour. QualysGuard showed me why this occurred and how its history went back to an older version of my software. I checked a bunch of the big dot coms. They had the problem, and I didn?t anymore. I emailed all my friends: lock down your sites because you have problems".

    "I?ve been part of the computer culture all of my life. I?ve seen the hackers out there and know how smart and passionate they are. When I ran QualysGuard for the first time and saw all the security holes that existed on our site, I was really shocked".
    -- Todd Baginsky, Web Architect and Security Manager,

    Some people expressed concern about the QualysGuard report encryption & database security. Well we have some answers here: The Database used to store reports is Oracle. This DB is hosted on a dedicated Database server which only runs this database. The db server is protected from remote attacks by a dedicated firewall and an Intrusion Detection System. All this is located at the center of our security rings on a private network which is using non-routable addresses.

    The Qualys application servers can only request or create new reports. No remote connection (shell, web, whatever) is allowed from any point to this machine except Oracle. All Oracle connection are themselves protected with logins and password which differs from user's login & password.

    Even if the Qualys Application server can request a report, it will only be able to decrypt it if the user owning this report is connected and has rightfully provided his password. Since Qualys doesn't keep passwords, we won't be able to recover users' reports if the users lose their password. As soon as the report is generated, it is encrypted with the user's password using a IDEA encryption algorithm with a veeery long key length.

    In a nutshell, it's practically impossible for some one else to get at your own site's vulnerability reports. It's a very good idea to do this 'one time, one IP" scan of your own site. Fill out the fax form (for security) after you had a look at the canned web-demo and you'll get an account, username and password. Make sure you run it right away, as this account gets nixed after a few days! How many holes does your LAN show? Find out before a hacker does!
    http://www.sunbelt-software.com/product.cfm?id=545

      FAVE LINKS

    This Week's Links We Like. Tips, Hints And Fun Stuff

  • A good monthly newsletter about computer security and cryptography:
    http://www.counterpane.com/crypto-gram.html
  • The Windows 2000 Compatibility Update Site allows you to add app support after products ship.
    http://www.microsoft.com/WINDOWS2000/downloads/deployment/appcompat/default.asp
  • GigaWeb W2K Update: Complexity, third-party tools slow deployments. Laura DiDio from Giga did it again. A good survey & the results!
    www.gigaweb.com/Content/Adhoc/RAH-082000-00014.html
  •   PRODUCT OF THE WEEK

    Designing Security for a W2K Network

    Exam 70-220, Designing Security for a Windows 2000 Network tests the skills required to analyze the business requirements for security and design a security solution that meets business requirements. Security includes controlling access to resources, auditing access to resources, authentication, and encryption.

    Ideal for you, professionals looking for comprehensive self-study materials to get you through the exam successfully. Years of publishing in this category has shown us that the most asked-for type of study information comes in the comprehensive, study-at- your-own-pace package. New Riders Training Guides, with their objective coverage, emphasis on hands-on knowledge, and practice exams, are an ideal tool for this audience. List Price: $49.00 Buy online - Sunbelt BookClub Price: $37.50.
    http://www.sunbelt-software.com/bookclub/