Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jan 15, 2001 (Vol. 6, #3 - Issue #237)
WIN NT: Hacker Target #1
This issue of W2Knews contains:
- EDITORS CORNER
- New Version Alerting Improved / New SunPoll
- TECH BRIEFING
- NT/2000 RELATED NEWS
- Microsoft Launches Certified Partner Program
- Steve Ballmer: Will Sell 10X More Windows Servers Than Sun
- Have you registered yet for the SMS & W2K User Conference?
- NT/2000 THIRD PARTY NEWS
- What Is The Difference Between W2K Quotas and QuotaAdvisor's?
- What Is The Difference Between the W2K defrag and Diskeeper?
- What was the December Sunbelt OnlineShop Best Seller?
- Domain Security Auditing with Sunbelt Domain Reporter
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Peter Norton's Guide to Network Security
SPONSOR: MKS Software
MKS: Automate and Control your Windows Environments
The MKS Toolkit solution allows you to perform system administration,
network management tasks, and cross-platform development in an automated
environment. These powerful utilities help save time and increase the
productivity of your team on Windows platforms. Try a FREE 30 day
working demo at: http://www.mkssoftware.com/interop/eval
And, order your FREE Cross-Platform Development Guide at:
Visit MKS Software for more information.
New Version Alerting Improved / New SunPoll
Many of you now have one or more tools you got from us. To improve
our service to you, we have added another alerting function to our
website. On the main page, and on the Alpha Search page it is now
clearly indicated which tool has been updated in the last 30 days.
That will make it easier for you to simply check *one* page once a
month that shows if your fave admin tool has come out with some
new cool features. This is the page you should inspect at least
every 4 weeks:
Set yourself a repeating reminder in Outlook ! :-)
And the new SunPoll for this month is: We would like to know, once
you start with it, which one of these W2K MCSE core exams will you
be doing *first*?
Exam 70-210: Win2K Pro
Exam 70-215: Win2K Server
Exam 70-216: Win2K Network
Exam 70-217: Win2K Directory Services
None, I am too upset with Microsoft that they will nix my NT
MCSE end of this year.
Vote here! Left Column:
(You can also check the results of all earlier polls)
You may have seen this, but I thought it was funny enough to include
this little bit of humor: "Dream Come True"
There was once a young man who, in his youth, professed his desire
to become one of the world's great writers. When asked to define
"great" he said, "I want to write stuff that the whole world will
read, stuff that people will react to on a truly emotional level,
stuff that will make them scream, cry, howl in pain and anger!"
He now works for Microsoft, writing error messages.
(email me with feedback: [email protected])
You Can't Attack What You Can't Access
The #1 rule in security is "You can't attack what you can't access".
CyberwallPLUS - World's best packet filter firewall for Win NT/2000.
Fine-grain access controls for NT/2000 servers and workstations.
Network intrusion detection & prevention identifies and stops hackers.
Comprehensive traffic audit logs with real-time connection monitoring.
For a free evaluation and white paper on host-based firewalls visit
Visit CyberwallPLUS for more information.
WIN NT: HACKER TARGET #1
This is fairly disconcerting news. I did not know it was that high!
NT turns out to be the fave choice of hackers worldwide. The latest
compiled figures over Y2000 show that NT is the Web server OS that
is the most hacked. Ouch.
NT was running on more than 50% of compromised Web servers between
August 1999 and now. All the other OS-es were way lower, however
W2K is rapidly rising. Since it is new, the vulnerabilities are not
known yet but they are being discovered rapidly. If you look at the
amount of so called 'defacements', meaning sites were messed with
by intruders, here are the numbers that I got from at site that
tracks these defacements called: http://www.attrition.org
Obviously this is also a matter of whether the glass is half full or
half empty. NT's enormous success in the marketplace since V 3.51 came out mid 1995 makes it an attractive target. Every OS gets exposed to a 'trial by fire' by the community. And since 'hackerdom' has been elevated to a national sport by now, and successful hackers are seen as a cult hero we have to be extra careful. Here's the numbers.
||% of NT
Now, keep in mind that a good chunk of these are committed by the
so called 'script kiddies'. Basically teenagers that use a lot of
almost shrinkwrap scanners and point-and-click hacker tools. You
need to be watchful for these though. Yes, firewalls are definitely
needed but just by themselves are still inadequate. You need a
full top-management supported security policy. Firewalls can be
misconfigured and, hey, they DO let a bunch of stuff through like
webtraffic, mail and DNS and that's just a start.
Here's a great way to in trouble. You boss asks "What are we doing
against hackers?" And you answer "Oh, we have a great firewall in
place". And even if you have an IDS in place, a lot of Intrusion
Detection Tools that monitor what is going on are like a 'video
camera' that hackers *can* get around sometimes. You have to employ
various technologies and staffing/training solutions to avert this
The authors of Hacking Exposed keep hammering it in: Security is a
PROCESS, not a GOAL. Obviously you GOT to have the tools, but you
also need to be trained. One of the certifications you should check
out is CISSP. This is the acronym for Certified Information Systems
Security Professional. Go look at this over at: http://www.isc2.org
So, you have to have a layered defense and not rely on just one
product alone. I have one example though that will help you to
make a change today that will protect your behind tomorrow. The
title of this true story explains exactly what happened.
...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE!
A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep
tabs on your security perimeter. Because these aren't the only
computers teenagers like to hack into. 30-day eval here:
NT/2000 RELATED NEWS
Microsoft Launches Certified Partner Program
Remember the old Microsoft Certified Solutions Provider MCSP program?
It got canned pretty much like the NT MCSE program went. There are
now new rules and requirements for MS partners. They also did away
with a bunch of free licenses that came with the old MCSP program.
As an example, to get the same level of free MS software as in the
old MSP program where a partner only needed 2 MCSE's on staff, a
new Certified Partner now needs 8 MCSE's on the payroll to get
MS also has different levels of Certified Partners, and just this
week a bevy of Gold Partners were announced. It's now just waiting
for the Platinum Partners and then the happy few that get the MS
'Centurion' Partner accolades. (I stole these last ones from the
American Express Card program) [grin]. Oh yeah, Sunbelt is now also
a MS Certified Partner (a lowly economy class one though) and we
are proudly sporting the new logo on our revamped welcome page. More:
Steve Ballmer: Will Sell 10X More Windows Servers Than Sun
Last Monday, MS CEO Steve Ballmer was his usual optimistic self at the
Morgan Stanley Dean Witter Internet conference in Scottsdale, AZ. He
claimed that MS remains strong and that 'the glass is half-full'. You
would hardly expect something else from him though.
Steve expects W2K sales to grow, and Office 10 to do well in 2001.
Quote: "Almost everybody buys some Windows 2000 server for something,
and the question is when do we crack the next application type. This
year we?ll sell order of magnitude someplace between two and a half
million, three million Windows 2000 servers or Windows servers, NT
plus 2000. You know, if you take a look at Sun, Sun?s probably around
300,000 servers a year".
Interestingly enough, he said that not AOL, Oracle or Sun are the
biggest immediate threat to MS, but that it's Linux. That is the
thing that does threaten the core business. The other guys are more
competitors that MS is trying to take market share away from of
An excellent example of this is the news from today, Monday Jan 15 in
the Wall Street Journal. The main players of the team than started
Compaq are staffing and funding a new outfit called RLX. They will
come out with a super dense webserver based on the new Transmeta chip
and it runs on Linux. Now *that* could be a threat to 'Wintel'.
Keep in mind that it is practically impossible for outfits like IDC
to keep track of Linux, as there are no registered licenses. It's
kind of a sneak attack into the enterprise and difficult to quantify.
I guess it's time for MS to fight back by providing super quality
products at very affordable prices.
Have you registered yet for the SMS & W2K User Conference?
Space is filling up quickly, already surpassing the attendance of last
year. Don't "press your luck," register today and secure your spot.
Top 10 reasons to come to the 2001 SMS & W2K User Conference:
10. Fun. You'll have a great time learning more about your job!
9. Windows 2000 Migration. Best practices!
8. Industry experts. Learn from the best in the industry in designing and managing your Windows environments.
7. Hands-on Lab. Two concurrent sessions with (75) systems each.
6. Breakout sessions. Select from numerous SMS and Windows 2000 topics presented by industry gurus.
5. Keynote presentations. Microsoft, GartnerGroup, Altiris and Rod Trent present this year's keynotes.
4. Network with your peers. SMS and IT Administrators from around the world.
3. Microsoft Developers. Direct access to Microsoft Developers and Program Mangers. Get your questions answered!
2. SMS & W2K. How do they relate? How do they differ?
1. Vegas. MGM Grand Hotel. March 5 through Friday, March 9-2001.
To register visit: http://www.altiris.com/sunbelt
THIRD PARTY NEWS
What Is The Difference Between W2K Quotas and QuotaAdvisor's?
This is a storage related question that we get a lot. Many people
think that when they move to W2K, that their user disk quota problems
will be solved. Not exactly. Here is a comparison of Windows 2000
Quotas with QuotaAdvisor 4.1 and StorageCeNTral 4.1.
Windows 2000 offers the ability to set disk quotas on users. However,
there are several limitations in its implementation. The real question
is: Will it be good enough for your organization? Read on and find out
W2K only supports user quotas assigned at the volume level. When
quotas are enabled on a volume, all users on the system are automa-
tically learned and assigned the same quota.
W2K lacks directory quotas.
W2K can over-quota the disk quite easily. There is no way to set
a quota to limit the size of a specific share or other directory
There is no end user notification as users consume their disk
allotment. There is only one notification that is generated as space
is being consumed and that is sent to the event log at a predetermined
percentage of the disk quota being used. The only end user notification the user will see is he/she gets a disk full error.
W2K does not allow you to use quotas with FAT drives, and W2K quotas can not be used on NT 4.0 or NT 3.51 servers.
W2K ignores compression when calculating disk space.
Users must recycle their deleted files to clear their quota of the
files' disk-space usage.
Users can't save the last file they're working on when if the file
W2K does not allow for the automatic execution of any valid Windows command or command procedure.
W2K does not offer email messaging or detailed disk reporting.
QuotaAdvisor offers hard or soft quotas on any User, Group, directory, and/or homeshare. These quotas can be mixed and matched
in any combination based on the structure of the data being monitored.
QuotaAdvisor offers 5 threshold actions that support a variety of
QuotaAdvisor offers automatic adjustment of quotas, execution of
any valid Windows command or command procedure, and/or the generation
of disk management reports that can identify the various causes of
runaway disk usage.
QuotaAdvisor offers integration with DiskAdvisor and Active Reporting for automatic distribution of detailed disk space info via IE5.
QuotaAdvisor is designed to make rolling out disk management policies quick and easy. Many of our new features were developed to coincide with Microsoft's ZAW (Zero Administration Windows).
Microsoft has entered into a three year license with developer W.Quinn to deploy QuotaAdvisor 4.1 on their own W2K servers worldwide. That demonstrates the need for the advanced capabilities of QuotaAdvisor 4.1 in any W2K environment. Test this out for yourself by downloading StorageCeNTral and while you're at it, give the DiskAdvisor module also a swing. I'm pretty sure you'll like it. 30-day eval:
What Is The Difference Between the W2K defrag and Diskeeper?
And, as above here is an analysis of the O/S built-in bare-bones applet compared with the commercial version. Quite a bit of difference. I'll mention the feature and how each of the two handles it. You will see in short notice that you get what you pay for.
FEATURE: Requires ADMIN Level Login:
Diskeeper: Once scheduled by the admin, it runs as a service
independent of user-level log-in.
FEATURE: Mode of Operation
W2Kdefrag: Manual only. Only local defrag of one drive volume.
Diskeeper: Fully remote, automatic operation.
W2Kdefrag: Cannot be scheduled unless you get a freeware tool.
Diskeeper: Full 'Set-it-and-forget-it' any number of volumes/
disks simultaneously across your domain. Smart Scheduling [tm]
Just added in V6.0, dynamic configuration of when it runs.
W2Kdefrag: Not available. No way to launch or control remotely.
Diskeeper: Powerful network features. Pretty much anything you
need and then some.
FEATURE: Speed of Operation
W2Kdefrag: Slow. Runs at normal priority and will compete for
resources with any application running at the same time.
Diskeeper: Very fast execution, still with low overhead.
FEATURE: System Resource Use
W2Kdefrag: High. System performance impacted when apps run.
Diskeeper: Low. Runs in background unnoticed by end-users. Does
not lock the disk volume and by default runs as low-priority.
FEATURE: Simultaneous Operation
Diskeeper: Yup, can be run on one or more volumes at same time.
FEATURE: Master File Table / PageFile defrag
Diskeeper: Yup, can do both at boot time.
I guess you already figured out how the land lies. A freebie is
a freebie is a freebie. My verdict: usable for a W2K home system
but not for the enterprise. Want to check out the real goods?
What was the December Sunbelt OnlineShop Best Seller?
Easy: U-Promote. It is the only software utility that can promote
your NT server to an NT Domain Controller (PDC or BDC) without
re-installing the operating system. Don't make the wrong choice!
When you installed Windows NT Server, you were asked if you wanted
to create a domain controller (DC). Your choice was permanent. If
you declined, you could never create one later (Q193219). U-Promote
is available exclusively from our Sunbelt Software OnLineShop.
With U-Promote you can:
Change a standalone NT server to a Primary Domain Controller (PDC).
Change a Primary Domain Controller to a standalone NT server.
Change a standalone NT server to a Backup Domain Controller (BDC).
Change a Backup Domain Controller to a standalone NT server.
Get it at: http://www.sunbelt-software.com/product.cfm?id=700
Domain Security Auditing with Sunbelt Domain Reporter
Security auditing is a major concern in many organizations.
Security of data contained in NT file systems can be challenging
to evaluate as there simply are no native tools that can report
on file system permissions. SDR's 2.61 NTFS reporting allows you
to get specific info about where a particular user or users have
been given explicit access - something which is not normally
done outside of users' personal directories.
Another security-related use pertains to employees leaving an
organization - where did that employee have access and what
data might they have taken when they left? If you use Sunbelt
Domain reporter to assess you company network, the following
point is important: Offline Reporting on Collected Data.
Offline Reporting (enabled by offline Scopes) is a feature that
will be very useful if you do network assessments as part of an
inside or perhaps outside service offering. You want to be able
to review the data you have collected after leaving the customer's
site. Using "create offline scopes" in Scope Manager, it is now
possible to create a stored copy of all the network objects to
permit offline viewing of collected historical data.
The Sunbelt Domain Reporter generates automated and customizable
reports quickly and easily from historic and real-time data from
multiple, enterprise-wide Windows NT domains, and Microsoft
Exchange Server application directories. It's also a GREAT way
to document your domains completely automatically. Eval for
This Week's Links We Like. Tips, Hints And Fun Stuff
Two online computer user dictionaries that I found very useful:
What is a Public Key Infrastructure and how do I implement it?
Looking for more high-quality IT related newsletters? Visit:
PRODUCT OF THE WEEK
Peter Norton's Guide to Network Security
Suggested Retail: $24.99. Book Club Price: $19.95.
Peter Norton's Guide to Network Security provides an overview of
common network types and then supplies the details necessary to
build and implement a successful network security strategy.
Because most commercial networks use a combination of new and
legacy equipment and systems, Peter Norton's Guide to Network
Security addresses the common network systems and protocols that
network administrators use daily and describes the security
measures necessary to keep the systems working smoothly and
securely. Get it at: