- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 15, 2001 (Vol. 6, #3 - Issue #237)
WIN NT: Hacker Target #1
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • New Version Alerting Improved / New SunPoll
  2. TECH BRIEFING
    • WIN NT: HACKER TARGET #1
  3. NT/2000 RELATED NEWS
    • Microsoft Launches Certified Partner Program
    • Steve Ballmer: Will Sell 10X More Windows Servers Than Sun
    • Have you registered yet for the SMS & W2K User Conference?
  4. NT/2000 THIRD PARTY NEWS
    • What Is The Difference Between W2K Quotas and QuotaAdvisor's?
    • What Is The Difference Between the W2K defrag and Diskeeper?
    • What was the December Sunbelt OnlineShop Best Seller?
    • Domain Security Auditing with Sunbelt Domain Reporter
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Peter Norton's Guide to Network Security
  SPONSOR: MKS Software
MKS: Automate and Control your Windows Environments The MKS Toolkit solution allows you to perform system administration,
network management tasks, and cross-platform development in an automated
environment. These powerful utilities help save time and increase the
productivity of your team on Windows platforms. Try a FREE 30 day
working demo at: http://www.mkssoftware.com/interop/eval
And, order your FREE Cross-Platform Development Guide at:
Visit MKS Software for more information.
  EDITORS CORNER

New Version Alerting Improved / New SunPoll

Hi NT/W2K-ers,

Many of you now have one or more tools you got from us. To improve our service to you, we have added another alerting function to our website. On the main page, and on the Alpha Search page it is now clearly indicated which tool has been updated in the last 30 days. That will make it easier for you to simply check *one* page once a month that shows if your fave admin tool has come out with some new cool features. This is the page you should inspect at least every 4 weeks:
http://www.sunbelt-software.com/search_alpha.cfm
Set yourself a repeating reminder in Outlook ! :-)

And the new SunPoll for this month is: We would like to know, once you start with it, which one of these W2K MCSE core exams will you be doing *first*?

  • Exam 70-210: Win2K Pro
  • Exam 70-215: Win2K Server
  • Exam 70-216: Win2K Network
  • Exam 70-217: Win2K Directory Services
  • None, I am too upset with Microsoft that they will nix my NT MCSE end of this year.

    Vote here! Left Column:
    http://www.sunbelt-software.com/index.htm
    (You can also check the results of all earlier polls)

    You may have seen this, but I thought it was funny enough to include this little bit of humor: "Dream Come True"

    There was once a young man who, in his youth, professed his desire to become one of the world's great writers. When asked to define "great" he said, "I want to write stuff that the whole world will read, stuff that people will react to on a truly emotional level, stuff that will make them scream, cry, howl in pain and anger!" He now works for Microsoft, writing error messages.

    Warm regards,

    Stu Sjouwerman
    (email me with feedback: [email protected])

  •   SPONSOR: CyberwallPLUS
    You Can't Attack What You Can't Access The #1 rule in security is "You can't attack what you can't access".
    CyberwallPLUS - World's best packet filter firewall for Win NT/2000.
    Fine-grain access controls for NT/2000 servers and workstations.
    Network intrusion detection & prevention identifies and stops hackers.
    Comprehensive traffic audit logs with real-time connection monitoring.
    For a free evaluation and white paper on host-based firewalls visit
    Visit CyberwallPLUS for more information.
      TECH BRIEFING

    WIN NT: HACKER TARGET #1

    This is fairly disconcerting news. I did not know it was that high! NT turns out to be the fave choice of hackers worldwide. The latest compiled figures over Y2000 show that NT is the Web server OS that is the most hacked. Ouch.

    NT was running on more than 50% of compromised Web servers between August 1999 and now. All the other OS-es were way lower, however W2K is rapidly rising. Since it is new, the vulnerabilities are not known yet but they are being discovered rapidly. If you look at the amount of so called 'defacements', meaning sites were messed with by intruders, here are the numbers that I got from at site that tracks these defacements called: http://www.attrition.org

    Obviously this is also a matter of whether the glass is half full or half empty. NT's enormous success in the marketplace since V 3.51 came out mid 1995 makes it an attractive target. Every OS gets exposed to a 'trial by fire' by the community. And since 'hackerdom' has been elevated to a national sport by now, and successful hackers are seen as a cult hero we have to be extra careful. Here's the numbers.

    Month NT Win2K % of NT
    Jan2000 255 0 0.0
    Feb2000 261 1 0.4
    Mar2000 321 4 1.2
    Apr2000 224 2 0.9
    May2000 300 1 0.3
    Jun2000 246 4 1.6
    Jul2000 225 7 3.0
    Aug2000 210 9 4.1
    Sep2000 168 13 7.2
    Oct2000 306 15 4.7
    Nov2000 411 61 12.9
    Dec2000 258 42 14.0

    Now, keep in mind that a good chunk of these are committed by the so called 'script kiddies'. Basically teenagers that use a lot of almost shrinkwrap scanners and point-and-click hacker tools. You need to be watchful for these though. Yes, firewalls are definitely needed but just by themselves are still inadequate. You need a full top-management supported security policy. Firewalls can be misconfigured and, hey, they DO let a bunch of stuff through like webtraffic, mail and DNS and that's just a start.

    Here's a great way to in trouble. You boss asks "What are we doing against hackers?" And you answer "Oh, we have a great firewall in place". And even if you have an IDS in place, a lot of Intrusion Detection Tools that monitor what is going on are like a 'video camera' that hackers *can* get around sometimes. You have to employ various technologies and staffing/training solutions to avert this risk.

    The authors of Hacking Exposed keep hammering it in: Security is a PROCESS, not a GOAL. Obviously you GOT to have the tools, but you also need to be trained. One of the certifications you should check out is CISSP. This is the acronym for Certified Information Systems Security Professional. Go look at this over at: http://www.isc2.org

    So, you have to have a layered defense and not rely on just one product alone. I have one example though that will help you to make a change today that will protect your behind tomorrow. The title of this true story explains exactly what happened.

    ...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE!

    A high school network administrator installed Event Log Monitor on classroom servers to evaluate system performance. The next day, ELM alerted him that a student was trying to break into the system. Within 15 minutes, the would-be hacker was in the Principal's office waiting for his parents to arrive. Use Event Log Monitor to keep tabs on your security perimeter. Because these aren't the only computers teenagers like to hack into. 30-day eval here:
    http://www.sunbelt-software.com/product.cfm?id=533

      NT/2000 RELATED NEWS

    Microsoft Launches Certified Partner Program

    Remember the old Microsoft Certified Solutions Provider MCSP program? It got canned pretty much like the NT MCSE program went. There are now new rules and requirements for MS partners. They also did away with a bunch of free licenses that came with the old MCSP program. As an example, to get the same level of free MS software as in the old MSP program where a partner only needed 2 MCSE's on staff, a new Certified Partner now needs 8 MCSE's on the payroll to get these goodies.

    MS also has different levels of Certified Partners, and just this week a bevy of Gold Partners were announced. It's now just waiting for the Platinum Partners and then the happy few that get the MS 'Centurion' Partner accolades. (I stole these last ones from the American Express Card program) [grin]. Oh yeah, Sunbelt is now also a MS Certified Partner (a lowly economy class one though) and we are proudly sporting the new logo on our revamped welcome page. More:
    http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=22903

    Steve Ballmer: Will Sell 10X More Windows Servers Than Sun

    Last Monday, MS CEO Steve Ballmer was his usual optimistic self at the Morgan Stanley Dean Witter Internet conference in Scottsdale, AZ. He claimed that MS remains strong and that 'the glass is half-full'. You would hardly expect something else from him though.

    Steve expects W2K sales to grow, and Office 10 to do well in 2001. Quote: "Almost everybody buys some Windows 2000 server for something, and the question is when do we crack the next application type. This year we?ll sell order of magnitude someplace between two and a half million, three million Windows 2000 servers or Windows servers, NT plus 2000. You know, if you take a look at Sun, Sun?s probably around 300,000 servers a year".

    Interestingly enough, he said that not AOL, Oracle or Sun are the biggest immediate threat to MS, but that it's Linux. That is the thing that does threaten the core business. The other guys are more competitors that MS is trying to take market share away from of course.

    An excellent example of this is the news from today, Monday Jan 15 in the Wall Street Journal. The main players of the team than started Compaq are staffing and funding a new outfit called RLX. They will come out with a super dense webserver based on the new Transmeta chip and it runs on Linux. Now *that* could be a threat to 'Wintel'.

    Keep in mind that it is practically impossible for outfits like IDC to keep track of Linux, as there are no registered licenses. It's kind of a sneak attack into the enterprise and difficult to quantify. I guess it's time for MS to fight back by providing super quality products at very affordable prices.

    Have you registered yet for the SMS & W2K User Conference?

    Space is filling up quickly, already surpassing the attendance of last year. Don't "press your luck," register today and secure your spot.

    Top 10 reasons to come to the 2001 SMS & W2K User Conference:

    10. Fun. You'll have a great time learning more about your job!
    9. Windows 2000 Migration. Best practices!
    8. Industry experts. Learn from the best in the industry in designing and managing your Windows environments.
    7. Hands-on Lab. Two concurrent sessions with (75) systems each.
    6. Breakout sessions. Select from numerous SMS and Windows 2000 topics presented by industry gurus.
    5. Keynote presentations. Microsoft, GartnerGroup, Altiris and Rod Trent present this year's keynotes.
    4. Network with your peers. SMS and IT Administrators from around the world.
    3. Microsoft Developers. Direct access to Microsoft Developers and Program Mangers. Get your questions answered!
    2. SMS & W2K. How do they relate? How do they differ?
    1. Vegas. MGM Grand Hotel. March 5 through Friday, March 9-2001.

    To register visit: http://www.altiris.com/sunbelt

      THIRD PARTY NEWS

    What Is The Difference Between W2K Quotas and QuotaAdvisor's?

    This is a storage related question that we get a lot. Many people think that when they move to W2K, that their user disk quota problems will be solved. Not exactly. Here is a comparison of Windows 2000 Quotas with QuotaAdvisor 4.1 and StorageCeNTral 4.1.

    Windows 2000 offers the ability to set disk quotas on users. However, there are several limitations in its implementation. The real question is: Will it be good enough for your organization? Read on and find out for yourself.

  • W2K only supports user quotas assigned at the volume level. When quotas are enabled on a volume, all users on the system are automa- tically learned and assigned the same quota.
  • W2K lacks directory quotas.
  • W2K can over-quota the disk quite easily. There is no way to set a quota to limit the size of a specific share or other directory structure.
  • There is no end user notification as users consume their disk allotment. There is only one notification that is generated as space is being consumed and that is sent to the event log at a predetermined percentage of the disk quota being used. The only end user notification the user will see is he/she gets a disk full error.
  • W2K does not allow you to use quotas with FAT drives, and W2K quotas can not be used on NT 4.0 or NT 3.51 servers.
  • W2K ignores compression when calculating disk space.
  • Users must recycle their deleted files to clear their quota of the files' disk-space usage.
  • Users can't save the last file they're working on when if the file exceeds quota.
  • W2K does not allow for the automatic execution of any valid Windows command or command procedure.
  • W2K does not offer email messaging or detailed disk reporting.
  • QuotaAdvisor offers hard or soft quotas on any User, Group, directory, and/or homeshare. These quotas can be mixed and matched in any combination based on the structure of the data being monitored.
  • QuotaAdvisor offers 5 threshold actions that support a variety of actions.
  • QuotaAdvisor offers automatic adjustment of quotas, execution of any valid Windows command or command procedure, and/or the generation of disk management reports that can identify the various causes of runaway disk usage.
  • QuotaAdvisor offers integration with DiskAdvisor and Active Reporting for automatic distribution of detailed disk space info via IE5.
  • QuotaAdvisor is designed to make rolling out disk management policies quick and easy. Many of our new features were developed to coincide with Microsoft's ZAW (Zero Administration Windows). Microsoft has entered into a three year license with developer W.Quinn to deploy QuotaAdvisor 4.1 on their own W2K servers worldwide. That demonstrates the need for the advanced capabilities of QuotaAdvisor 4.1 in any W2K environment. Test this out for yourself by downloading StorageCeNTral and while you're at it, give the DiskAdvisor module also a swing. I'm pretty sure you'll like it. 30-day eval:
    http://www.sunbelt-software.com/product.cfm?id=423

    What Is The Difference Between the W2K defrag and Diskeeper?

    And, as above here is an analysis of the O/S built-in bare-bones applet compared with the commercial version. Quite a bit of difference. I'll mention the feature and how each of the two handles it. You will see in short notice that you get what you pay for.

    FEATURE: Requires ADMIN Level Login:

  • W2Kdefrag: Mandatory
  • Diskeeper: Once scheduled by the admin, it runs as a service independent of user-level log-in.

    FEATURE: Mode of Operation

  • W2Kdefrag: Manual only. Only local defrag of one drive volume.
  • Diskeeper: Fully remote, automatic operation.

    FEATURE: Scheduling

  • W2Kdefrag: Cannot be scheduled unless you get a freeware tool.
  • Diskeeper: Full 'Set-it-and-forget-it' any number of volumes/ disks simultaneously across your domain. Smart Scheduling [tm] Just added in V6.0, dynamic configuration of when it runs.

    FEATURE: Networking

  • W2Kdefrag: Not available. No way to launch or control remotely.
  • Diskeeper: Powerful network features. Pretty much anything you need and then some.

    FEATURE: Speed of Operation

  • W2Kdefrag: Slow. Runs at normal priority and will compete for resources with any application running at the same time.
  • Diskeeper: Very fast execution, still with low overhead.

    FEATURE: System Resource Use

  • W2Kdefrag: High. System performance impacted when apps run.
  • Diskeeper: Low. Runs in background unnoticed by end-users. Does not lock the disk volume and by default runs as low-priority.

    FEATURE: Simultaneous Operation

  • W2Kdefrag: Nope
  • Diskeeper: Yup, can be run on one or more volumes at same time.

    FEATURE: Master File Table / PageFile defrag

  • W2Kdefrag: Nope
  • Diskeeper: Yup, can do both at boot time.

    I guess you already figured out how the land lies. A freebie is a freebie is a freebie. My verdict: usable for a W2K home system but not for the enterprise. Want to check out the real goods?
    http://www.sunbelt-software.com/product.cfm?id=455

    What was the December Sunbelt OnlineShop Best Seller?

    Easy: U-Promote. It is the only software utility that can promote your NT server to an NT Domain Controller (PDC or BDC) without re-installing the operating system. Don't make the wrong choice! When you installed Windows NT Server, you were asked if you wanted to create a domain controller (DC). Your choice was permanent. If you declined, you could never create one later (Q193219). U-Promote is available exclusively from our Sunbelt Software OnLineShop.

    With U-Promote you can:

  • Change a standalone NT server to a Primary Domain Controller (PDC).
  • Change a Primary Domain Controller to a standalone NT server.
  • Change a standalone NT server to a Backup Domain Controller (BDC).
  • Change a Backup Domain Controller to a standalone NT server.

    Get it at: http://www.sunbelt-software.com/product.cfm?id=700

    Domain Security Auditing with Sunbelt Domain Reporter

    Security auditing is a major concern in many organizations. Security of data contained in NT file systems can be challenging to evaluate as there simply are no native tools that can report on file system permissions. SDR's 2.61 NTFS reporting allows you to get specific info about where a particular user or users have been given explicit access - something which is not normally done outside of users' personal directories.

    Another security-related use pertains to employees leaving an organization - where did that employee have access and what data might they have taken when they left? If you use Sunbelt Domain reporter to assess you company network, the following point is important: Offline Reporting on Collected Data.

    Offline Reporting (enabled by offline Scopes) is a feature that will be very useful if you do network assessments as part of an inside or perhaps outside service offering. You want to be able to review the data you have collected after leaving the customer's site. Using "create offline scopes" in Scope Manager, it is now possible to create a stored copy of all the network objects to permit offline viewing of collected historical data.

    The Sunbelt Domain Reporter generates automated and customizable reports quickly and easily from historic and real-time data from multiple, enterprise-wide Windows NT domains, and Microsoft Exchange Server application directories. It's also a GREAT way to document your domains completely automatically. Eval for download:
    http://www.sunbelt-software.com/product.cfm?id=866

  •   FAVE LINKS

    This Week's Links We Like. Tips, Hints And Fun Stuff

    Two online computer user dictionaries that I found very useful:
    http://www.computeruser.com/resources/dictionary/
    http://whatis.techtarget.com/WhatIs_Home_Page/0,4324,,00.html

    What is a Public Key Infrastructure and how do I implement it?
    http://www.scmagazine.com/scmagazine/2001_01/survey/survey.html

    Looking for more high-quality IT related newsletters? Visit:
    http://www.FreeTechMail.org

      PRODUCT OF THE WEEK

    Peter Norton's Guide to Network Security

    Suggested Retail: $24.99. Book Club Price: $19.95.

    Peter Norton's Guide to Network Security provides an overview of common network types and then supplies the details necessary to build and implement a successful network security strategy. Because most commercial networks use a combination of new and legacy equipment and systems, Peter Norton's Guide to Network Security addresses the common network systems and protocols that network administrators use daily and describes the security measures necessary to keep the systems working smoothly and securely. Get it at:
    http://www.sunbelt-software.com/bookclub