- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 8, 2001 (Vol. 6, #2 - Issue #236)
Year 2001: Security and Storage!
  This issue of W2Knews™ contains:
    • Year 2001: Security and Storage!
    • When The Hacker IS On The Inside
    • Two New Free Sunbelt Lists: 'MAC-NT' and 'FireWalls'
    • Novell On The Ropes
    • W2K In MS Game Console At Consumer Electronics Show (CES)
    • Windows 2000 Magazine Tests Major Quota Management Tools
    • Thanks Very Much OpalisRobot (Domo arigato)
    • NetIQ's AppManager First to get W2K Datacenter Certified
    • Customer Explains How QualysGuard Helps Against Hackers
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • MCSE Training Guide (70-219): Designing W2K Directory Services Infrastructure
  SPONSOR: Trancender
Get Transcender. Get Certified
Hurry! Get $99 TranscenderCerts for the NT 4.0! Complete your NT
4.0 certification by Feb. 28, and you'll be on the fast track to
upgrading your certification to the 2000 MCSE via the 70-240
Accelerated exam. With top-rated TranscenderCerts, you'll be ready
to pass the real thing. Order now and download online at:
Visit Trancender for more information.

Year 2001: Security and Storage!

Well, it's incredible but another year has passed. Welcome to 2001. Looking at where we are in the IT market generally, the state of NT/W2K development and how the Internet is expanding, it is fairly easy to see what the two big areas of headache are going to be this year: Security and Storage.

Apart from normal uptime concerns, these two are the areas where you will *have* to spend a lot of time. Security is obvious, with your company veins hooked up to the Internet IV you gotta keep viruses, worms and Black Hats out. But Storage is also one of the main points of worry as it's exploding. New technologies spring forward like mushrooms and more and more time goes into making sure your corporate data is safe. A company without its data does not have its memory. Translated to a person that means being psychotic. Hardly a way to survive and get that paycheck.

I suggest all of you to create new 2001 plans for both Security and Storage (or revise and update your existing ones). First begin with defining GOALS (mission statements) and work from general to specific. Next steps are POLICY and then more detailed PLANS. This takes a bit of time and discipline but is an absolute 'must' if you want to prevent things like the true story down in Tech Briefing.

Let's make this our System Administration 2001 goal. Sunbelt will help you with our user communities, tech support, and tools.

Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

Now it's easy to schedule automatic defragmentation of the native
Windows defragmenters you already own! Winternals Software's Defrag
Commander NE schedules Windows 2000/ME/9x defragmenters throughout
your network from a single Windows 2000 console, so it's a snap to
install, manage, secure, and support. Try it free for 30 days at

Visit WINTERNALS.COM for more information.

When The Hacker IS On The Inside

I found this story on the BusinessWeek Online site, and I think you should send the URL at the end of this story to your IT/MIS manager, who can use it as ammo for the CFO or CEO. This is an excellent illustration what can happen if you keep your NT/W2K networks full of vulnerabilities. What follows are the events, next the links to the BusinessWeek site and the solutions that I suggest. Here goes:

By Dennis Blank in Orlando / Edited by Alex Salkever
DECEMBER 13, 2000

Thousands of attacks each year come from current or former employees -- and companies are only now beginning to step up their defenses

For Elite Web Hosting in Orlando, Fla., September, 2000, was a nightmare. A disgruntled former employee allegedly hacked into the company's computer system without authorization. He then allegedly sent e-mails that contained vulgar language and implying that Elite was moving into the Web porn business to every Elite customer. The missives further claimed that the company's majority owner, Augustino Mireles, had been raiding Elite's coffers for personal use.

The impact on Elite was immediate. Thirty steady customers jumped ship, each taking $5,000 per month in revenue from Elite's cash flow. Elite owner Mireles brought in Advanced Computer Investigations (ACI), a computer-security company. Its assignment was to bolster the company's defenses against hackers and ensure that the former employee could not get back into the system.

BLOOD FROM A STONE. But the exodus of longtime customers was so great that Elite folded, says ACI President Kellie Carlisle. Mireles decided not to sue because you "can't get blood out of a stone." The ex-employee is now on probation after pleading guilty to assault charges arising from a physical altercation he had with Mireles.

Elite's sad tale is far more common than you might imagine. Experts say insider hacking represents about 70% of all malicious attacks and causes $1 billion in damages each year to U.S. businesses. And it appears to be on the rise as more companies come to rely on computer networks and e-mail. "I have seen a lot of cases of a systems administrator gone bad," says Bill Spernow, security-research director for technology-industry consultancy Gartner.

Pinning down the exact number and nature of transgressions by once-trusted workers remains more art than science, but they likely number in the thousands each year. The motivation in most cases is simple. "Most of them are doing it for revenge, because they felt they were harmed in some way," says Diana Neuman, a computer analyst with information-security company EnGarde Systems in Albuquerque, N.M.

ALL BARK, NO BITE. However, justice is rarely meted out. "Most of these cases never go to court," notes Karen Worstell, a computer investigator for consultancy AtomicTangerine in Tacoma, Wash. Companies don't want their trade secrets publicly examined and the negative publicity court cases generate, she says.

Once in court, a company will have to show that an employee violated policies to break into the system. That can be trickier than it sounds, particularly for many small and midsize companies: "There seldom is a corporate policy that addresses this issue," says Spernow. Businesses that do maintain such policies often have difficulty enforcing them. "Even when there is one, it's always in a gray area, and you end up with one that has no teeth."

Elite found out how hard it is to make charges stick. "It's interesting, but one of the defenses being used was that [the former employee] was authorized to do what he was doing and that companies were frequently negligent in defining the level of access," says Bill Cook, a former U.S. Justice Dept. prosecutor who now represents companies that have suffered inside hacks. Cook says a company's first legal action should be to get a temporary restraining order preventing the former employee from using internal security and other information. That can at least set a clear date beyond which incursions are illegal.

BUILDING DEFENSES. According to Cook and others, more insider-hacking complaints are being filed with the FBI. And companies have been more successful in getting their cases prosecuted without suffering public-relations black eyes. But the best way to avoid such a catastrophe is to plan for it before it happens. Gartner's Spernow says using new filtering and blocking systems from reputable software makers can frustrate errant employees.

That may sound like a simple solution. But companies are only now beginning to acknowledge that security is a major concern. Gartner says most of the companies it has surveyed spend only 1% to 3% of their budget to tackle this problem.

To be sure, most of them plan to boost such spending in the near future, Gartner notes. But the majority of security providers and consultants continue to emphasize defending against external intruders. The far stickier issue of inside hacks is usually not addressed. That will have to change if business owners like Mireles will be able to sleep easy at night.

Here is the original article, with grateful acknowledgement:

Plugging security vulnerabilities from the inside out: STAT
Plugging security vulnerabilities from the outside in: QualysGuard


Two New Free Sunbelt Lists: 'MAC-NT' and 'FireWalls'

Many of you are members of one of the Sunbelt Sponsored communities. Especially the NTSYSADMIN, Exchange and MCSE lists are popular with many thousands of active contributors. We're happy to announce two more lists. One is a list that has been in existence for a while already and was migrated to our lyris server. It's called the Mac-NT list and you can discuss all the issues related to using Mac clients with NT/2000 servers.

1) Like I said this is an already active list with over 900 people on it and moderated by the expert Daniel L. Schwartz from Dan's Mac OS Consulting. Here is the List Charter where you can read about the list and subscribe / unsubscribe. Run Macs? This list is for you! http://sunbelt-software.com/mac-nt-list_charter.htm

2) What is the Firewalls List Charter? Sunbelt Software hosts this list to invite the free and open discussion of NT/2000 Firewalls Administration Issues. This list is intended to be a forum to discuss how to keep firewalls up & running in a production environment, discuss firewall-related security issues, and as help to pass any Firewall Certification Exams. What does that include? Anything you can think of (tools, scripts, hints & tips, firewalls of knowledge and experience, suggestions to solve problems, compati- bility issues) to make firewalls run better in your environment and keep your IT infrastructure secure. Here's where to subscribe http://sunbelt-software.com/firewalls_list_charter.htm

Novell On The Ropes

Client/Server News 2000 just reported that a few more Execs at Novell are jumping ship. Their senior VP of worldwide marketing, and Senior Veep/General Manager of Novell Customer Services are leaving. Too bad really as the software is actually pretty good, and is still running in tons of companies. But the management is not cutting it. I just had a look at Novell's stock that I had not checked for a while.

Dang! This company's stock just 'upped and died' during the April 2000 dot-com meltdown. Which is not really logical as Novell is far from a dot-com but was dragged down in the vortex of tech stocks anyway. They are now trading at about 5 bucks and if they are not careful they willbe kicked off NASDAQ (1 month of your stock trading below one dollar and you're out). This may be a bit over the top but you get my drift ;-)

Netware has a few years more life in it, but it's dying and you need to start planning for migration sooner or later. Just have a look at their stock and you will see what I mean (link to NASDAQ below). Has anybody seen/used really high quality 3-rd party utilities to migrate NetWare to NT/2000? (I'm aware of the MS-tools) Email me with your experience at [email protected]. Thanks!

W2K In MS Game Console At Consumer Electronics Show (CES)

The CES just started Friday Jan 5, 2001 in Las Vegas. This is the ultimate gadget show. It is expected the MS Xbox will be announced with a bang at the show. They might even have the largest presence at the whole CES. Bill Gates is doing the keynote on Saturday the 6-th at the time I'm writing this. Officially MS is supposed to roll out the Xbox North America and Japan in fall 2001 but who knows how long it really is going to take. Vaporware can both be 'soft' or 'hard'. As you all know, the Xbox runs on a stripped version of W2K.

There are some rumors flying around about MS having changed the specs of the Xbox but MS spokespeople deny this. They also said that there were no plans to start the Xbox ad campaign. One of the reports was that MS would kick off its TV ad campaign during the Super Bowl. Two special spots were planned, with one of them mocking Sony by showing a PlayStation 2 console being destroyed.

Microsoft is working hard to make the Xbox a hit, and invests or outright acquires both game publishers and hardware suppliers. A game box without killer games will fail to sell. MS just bought up Digital Anvil, which joins other game companies outfits that MS snapped up: Access Software, Bungie Software, and FASA Interactive. Electronic Arts also recently endorsed the Xbox ad will come out with 10 titles for it.

Stuff like the above games need powerful hardware. The Xbox will have 64MB of 200MHz system memory (rumors are they might bump it up to 128). It will give gamers 6.4GB per second of bandwidth, which is two times more compared to Sony's PlayStation 2.

The box itself is based on a PIII 733MHz processor with Streaming SIMD Extensions (providing enhanced handling for graphic processing instructions), an NVIDIA graphics-processing unit, and an NVIDIA media communications processor (MCPX). Strictly from a hardware perspective, the Xbox MCPX pulls an impressive 4 billion operations per second which gets you theater-quality video and audio.

The box comes with a built-in 10/100 for playing networked games over a broadband connection to the Internet. It will have a Seagate 8GB drive, a 5X DVD movie playback drive, four game controller ports, an expansion port, and an audio/video connector.

It looks like MS will produce all the Xbox machines via Flextronics starting in Hungary and Mexico. It will be a significant enterprise if you look at the total systems that this will comprise. In the mean time, MS is looking for game testers of about 13 years and older in its Washington area. More specs on the Xbox and the 'game console war' and the latest news over at


Windows 2000 Magazine Tests Major Quota Management Tools

Win2K Mag has bent over backwards and in its January 2001 issue has done a very, very thorough article about the 4 existing Disk Quota Management tools on the market at the moment. They did an in-depth analysis of the features, ease of use, and many other factors including the reasons why you would use this kind of tool to begin with. I'm quoting the first paragraph of Ed Roth's article, which I warmly recommend:

"Network and systems administrators constantly fight the disk-space battle for network storage. Although disk space is fairly inexpensive, the administrative cost of managing large volumes of data can sneak up on an organization. When a file system becomes full, some level of administrative involvement?adding more storage, finding and deleting unnecessary files, or rebuilding a crashed volume?is inevitable. In addition to fixing the immediate problem, the administrator typically needs to identify individuals who consume more than their share of disk space. Quota-management software takes a proactive approach to space allocation and removes the administrator from the enforcer role when users attempt to use more than their allotted storage."

There is a clear winner in the article. You should check it out. Windows 2000 Mag Lab Tester Ed Roth gives it the 'best-of-breed' endorsement. I have two links for you. One to the article, and one to the winning product. Which tool was deemed the best? Find out!

Article: http://www.sunbelt-software.com/redir.cfm?id=010801win2kquot
Best-of-Breed Tool: http://www.sunbelt-software.com/product.cfm?id=421

Thanks Very Much OpalisRobot (Domo arigato)

In Japan, they say 'Domo Arigato' for 'Thanks Much'. There is a really excellent review of OpalisRobot in InfoWorld which in my eyes is one of the most trustworthy magazines on the market. The title they gave the article is "Domo arigato OpalisRobot for intelligent, flexible network assistance".

I think you should read the article if you are looking for a powerful tool that will help you to automate and schedule a bunch of your routine system admin tasks. Especially the ones that need to be run at midnight [grin]. Here is a Quote from the InfoWorld article: "But be forewarned: OpalisRobot is an addictive tool. Once you've used it, you'll want to automate more and more tasks. The tool is reasonably easy to learn, powerful, and flexible. As a result, we gave OpalisRobot a score of Very Good."

Article: http://www.sunbelt-software.com/redir.cfm?id=010801opalis
Here's the tool: http://www.sunbelt-software.com/product.cfm?id=585

NetIQ's AppManager First to get W2K Datacenter Certified

NetIQ Corp is probably by now the largest player in the original NT/ W2K developer scene. They started out as an NT-only house and did pretty much everything right. Then they acquired the Mission Critical people and became the 800-pound gorilla in the NT/W2K infrastructure management tools.

This week they announced that its AppManager Suite was the first systems management software awarded the "Certified for Windows 2000 Datacenter Server" logo. To obtain this pretty exclusive logo, AppManager passed stringent compliance testing requirements set by MS in their Application Specification for W2K Datacenter Server.

These Certs establish highest technical standards for apps so you can count on these apps being secure and manageable and run reliably on the W2K platform. The MS W2K Datacenter Server certification also is the final and most demanding piece of the new W2K certification.

Tom Kemp, Senior Veep of products at NetIQ said: "And, it is apparent to us that certification for Windows 2000 Datacenter raises the bar significantly. Microsoft's latest application specification introduces enterprise-level disciplines such as 24x7 customer support, stringent application compatibility and stability, as well as clearly defined processes for interaction with hardware vendors."

Background: The NetIQ AppManager Suite is a pretty complete solution for monitoring the performance and availability of more than 30 distributed Windows NT- and Windows 2000-based systems servers and apps, such as Microsoft Exchange, Microsoft SQL Server, Citrix WinFrame/MetaFrame, Oracle, SAP R/3 and Lotus Domino. You can find them over at http://www.netiq.com

Customer Explains How QualysGuard Helps Against Hackers

Literally thousands of you were interested in how you could hack your own network from the outside in. Well, here is the story of a customer that followed up on this:

"We started using QualysGuard about two weeks ago. I'm pleased to report it is just what we were looking for. We are a national bank that launched an Internet banking service in recent weeks. As you know, security is a major concern of any financial institution and the thought of allowing a link to the public Internet makes bank executives nervous. The ability to run vulnerability assessments on our Internet banking service as well as our corporate Internet connection have relieved some of our management's fears".

"I believe your product is an excellent fit for all financial institutions involved in Internet services. This is particularly true for the small to medium-size community bank that may not have in-house network and network security support. You don't have to be an expert to run QualysGuard scans, but the ability to have almost instantaneous, first-hand knowledge of the company's network security goes a long way in helping managers and executives sleep better at night."

Ed Elliott, Ed.D.
Vice President and Manager, Computer Services
National Bank of Commerce, Mississippi

You can still subscribe to this new kind of service, the amount of users is steadily climbing! Here is a web-based canned demo for a quick overview. After that, you can get a scan of one IP on your own network. Yes, it will cost a bit of time and paperwork but we have to make sure you are who you say you are when we OK an IP scan for vulnerabilities. We're dealing with your and other companies' security after all.


This Week's Links We Like. Tips, Hints And Fun Stuff

PurePerformance is a site that only looks at squeezing the most our of your hardware. Useful.

IT people are very mobile. Looking for a USA nationwide calculator that shows how much you need to make to survive in another state and/ or city? Check out:

Independent review of my Windows 2000 System Admin's Black Book at:
http://windows2000.about.com/library/reviews/blbookreview011.htm :-)

Been wondering what a particular file extension means and what app it belongs to?
http://www.cknow.com/ckinfo/acronyms/fileextensions.htm and


MCSE Training Guide (70-219): Designing W2K Directory Services Infrastructure

Publisher: New Riders. Normal List Price: 49.99 - Sunbelt Bookclub Price: $35.99.

This exam measures your ability to analyze the business requirements and design a directory service architecture, including: unified directory services such as Active Directory and Windows NT domain; connectivity between and within systems, system components & apps, and data replication such as directory replication and data repli- cation. Keep in mind if you already have MCSE certification on Win NT 4.0 you can update your certification by just taking two exams- the Accelerated Exam (70-240) and their choice of Designing Directory Services Infrastructure (70-219), Designing Security for a Windows 2000 Network 970-220), or Designing Network Infrastructure (70-221). You must also choose one of the three core electives-ICA Windows 2000 Professional (70-210), ICA Windows 2000 Server (70-215), I & A Win 2000 Network Infrastructure (70-216), I & A Windows 2000 Directory Services Infrastructure (70-217).