Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Mar 8, 2001 (Vol. 6, #15 - Issue #250)
Another NT site CRACKED!
This issue of W2Knews contains:
- EDITORS CORNER
- W2Knews now comes from: W2K! We migrated.
- TECH BRIEFING
- Another NT Site Cracked: Bibliofind.com
- What's Network Address Translation Got To Do With Security?
- NT/2000 RELATED NEWS
- The things you have to TELL some people... (Humor)
- Here Are the New NT4 Cert Specifics
- NT/2000 THIRD PARTY NEWS
- Second Major Win for StorageCeNTral: Microsoft NAS License
- Diskeeper V6.0 300 To 500% Faster Than W2K Defrag Applet.
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Exchange 2000 Server Administration: A Beginner's Guide
Users are calling in hot and heavy... things are slowing down. Why?
Quickly checking the server shows nothing wrong, CPU is humming at 20%,
memory usage is only 50%. What the heck is going on? Your network may
be hammered by a broadcast storm or users downloading BIG files.
You need to visualize what is going on inside the wire. The new NetBoy
Suite simplifies your task to troubleshoot and efficiently maintain
your networks with an innovative and powerful GUI. Try out the full
eval copy free for 30 days. This is the real thing, check it out.
Visit NETBOY for more information.
W2Knews now comes from: W2K! We migrated.
Last night we retired the two NT servers that had been faithfully
serving the Sunbelt website for 3 years using the old Convoy IP
load balancing software. They were replaced with a Dell dual 500
and Dell dual 333. They are running W2K Advanced Server with
Network Load Balancing (NLB) which was called WLBS, and before
Microsoft acquired that technology was named Convoy. We like this
setup a lot for our webservers so we continued with a similar
architecture in our new W2K environment. Both are hooked up to
the same SQL70 back-end server.
The entire process only created about 10 minutes of total downtime.
That was because of the way we were able to replace one server at
a time using the NLB setup. Most of the outage was due to just
having to make minor tweaks and rebooting. The only hassle we ran
into was getting Double-Take to work with NLB, but we made it work
after figuring out the correct settings.
We now have the data replicated from the source server to the target
server so that both machines are identical. A change made on the
source is at the target in less than a second. One dies, the other
takes over, and you will never know it. So we have ELM monitoring
these puppies to warn us if something is amiss. Fairly painless
operation actually, and it's actually zippier too.
(email me with feedback: [email protected])
SPONSOR: SWEET SECURITY SOLUTION
...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE!
A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep tabs
on your security perimeter. Because school boxes aren't the only
computers teenagers like to hack into. Your 30-day eval is here:
Visit SWEET SECURITY SOLUTION for more information.
Another NT Site Cracked: Bibliofind.com
In Issue #237 I told you guys that NT was Hacker Target #1. And here
is another horror story, dang! Just this Monday a subsidiary of
Amazon.com came out with the news that crackers stole the company's
customer records, including their credit card information. The Wall
Street Journal Online and InfoWorld both broke this story. Biblio-
find is a site for hard to find books based in Massachusetts.
The crackers have had access to customer data from Oct-2000 through Feb-
2001, said the report. Looks like Bibliofind sent an email to all its
98,000 customers last Monday, and notified the FBI and credit card
companies. There has been no evidence of the credit cards being used
fraudulently up to now. Bibliofind has removed all cc-date, phone and
physical address data from their site. Too Late, Too Little!
When I read the news, it was not clear what OS they were running, but
I suspected it would be NT. So I went to www.netcraft.com. They have a
page that is called: What's that site running? And lo and behold:
They came back with: The site http://www.bibliofind.com is running Microsoft-IIS/4.0 on NT4/.
It's not the first time and will not be the last. Every OS gets exposed
to a 'trial by fire' by the ever growing IT community. And since
'hackerdom' has been elevated to a national sport, successful hackers/
crackers are seen as cult heroes so we have to be extra careful.
So, apart from your firewalls, you have to have a layered defense strategy
in place. You have to employ various technologies and staffing/training
solutions to manage this kind of risk. Security is a PROCESS, not a GOAL.
Obviously you have to have the tools, but you also need to be trained.
The most basic security related tool you simply GOTTA have is an event
log monitor like ELM. Being able to hack your own site from the 'outside-
in' using the same techniques as crackers also helps to sleep at night.
A good example of that is QualysGuard. And scanning for vulnerabilities
on a regular basis from the inside out like STAT does is also a very
And to begin with, NEVER, NEVER, NEVER keep any complete credit card
data for longer than a few seconds after the transaction completes.
Lop off the last four digits or the middle ones to make sure that you
do not run into exposing this kind of data EVER. Check out these tools:
What's Network Address Translation Got To Do With Security?
IP addresses are getting scarce until we get to the next generation. So
there are some short term solutions that have been thought up for this.
The most popular of these is NAT. One description is: NAT is a standard
method to map IP addresses from one domain to another. Example: from
your private intranet to the Internet. NAT allows machines inside your
firewall to reach boxes transparently outside your firewall without
having to have their own unique IP address. More over, their IP
addresses are hidden. From the outside, it looks as if all requests
originate from just one IP address: that of the router that sits in
The router that sits in between your domain and the Internet does
these translations on the fly. Your internal machines can access every
Internet host this way. The are some limits, many Internet protocols
require unmodified packets to travel from the source to the destination.
IPsec for instance uses digital signatures with each original packet
header so NAT won't work in an IPsec setup. You also have to watch it
with reorganizations, as NAT systems can be nested by accident causing
NAT systems are often proposed as a security solution. (All the internal
IP's are hidden) But the drawback of that is that if your NAT router has
been compromised, your whole network is vulnerable. You definitely want a
firewall, do not rely on NAT unless this is a home LAN or a (very) small
NT/2000 RELATED NEWS
The things you have to TELL some people... (Humor)
The only item here is a link to the MS Knowledge Base. ROTFL
Here Are the New NT4 Cert Specifics
In issue #245 on Feb 19 I mentioned that NT would come back to the
MCSE pool. Here are all the specifics for this new course 70-244. It's
a fresh page on the MS Training and Services Page:
THIRD PARTY NEWS
Second Major Win for StorageCeNTral: Microsoft NAS License
The market for NT/W2K Storage Management is showing the winners and
losers now that the early years are over. Quite a few companies have
made a stab at this market but only a few are now recognized leaders.
One of the products that has made the grade is WQuinn's solution for
storage management. StorageCeNTral's (SC) first big win was that
Microsoft chose it for its internal quota and disk storage management.
The second major victory is that Microsoft decided to license SC for
a interesting new offering they are coming out with shortly. MS is going
to create a scaled down flavor of W2K for dedicated network-attached
appliances that at least one well established hardware vendor that I
know of will sell. Probably more will follow. It's one of those
plug-and-play boxes you just attach to your network and VOILA you
have another bunch of GIGs at your disposal in about 30 seconds.
All of this boils down to the fact that StorageCeNTral is now pretty
much the acknowledged 'best-of-breed' in this category. So you know
what tool to choose if you want to keep your storage under control.
StorageceNTral 30-day eval at:
Diskeeper V6.0 300 To 500% Faster Than W2K Defrag Applet.
A recent NSTL Labs test found that Diskeeper dramatically out-performs
the W2K utility. the findings are published in a report entitled,
"Comparison Testing: Diskeeper vs. the Windows 2000 Disk Defragmenter."
NSTL first began benchmarking the impact of defragmentation on systems
in 1999. In previous tests comparing fragmented to defragmented disks,
NSTL discovered system performance gains of 56 to 81 percent on NT after
defragmentation. Further tests in 2000 showed even greater performance
increases of up to 200 percent on Windows 2000. Now, in its latest report,
NSTL compares Diskeeper to the built-in, manual defragmentation utility
included with the W2K OS itself.
"It was important to ensure that these tests were objective," said Lloyd
Holder, President and CEO of NSTL. "As a result, testing was conducted
to produce a thorough evaluation of each product in an enterprise
This investigation covered two key areas of interest to corporate IT;
speed and effectiveness. NSTL utilized single and dual processor systems,
as well as a variety of large drives including software and hardware
RAID arrays. In all, four configurations were used in the testing. In each
case, Diskeeper performed a more thorough job of defragmentation and
accomplished it significantly faster. "After extensive testing, NSTL
found that Diskeeper was between three and five times faster than the
Windows 2000 Disk Defragmenter," concludes the report.
Here are times for each defragmenter, in each type of storage configuration:
It should be noted that in the 2 x 60 GB configuration, the W2K Disk Defragmenter could not defragment the two drives at the same time.
Diskeeper, however, automatically defragmented both disks in less
time then it took the W2K applet to defragment just one disk. As a
result, using Diskeeper, systems can be returned to peak performance
much more rapidly than ever before." 30-day eval is over here:
- 9 GB (single) drive:
Diskeeper, 32 min., 15 sec.
Windows 2000 Disk Defragmenter, 1 hr., 34 min., 9 sec.
- 30 GB RAID 5 (3-disk) array:
Diskeeper, 3 hrs., 13 min., 30 Sec
Windows 2000 Disk Defragmenter, 14 hrs., 42 min., 58 sec.
- 150 GB RAID 5 (10-disk) array:
Diskeeper, 6 hrs.,19 min.,48 sec.
Windows 2000 Disk Defragmenter, 21 hrs., 49 min., 44 sec.
2 X 60 GB RAID 5 (10-disk) array:
Diskeeper, 3 hrs., 9 min., 44 sec.
Windows 2000 Disk Defragmenter, 9 hrs., 23 min., 30 sec.
This Week's Links We Like. Tips, Hints And Fun Stuff
Assure integrity with Tripwire. Get a FREE vulnerability poster.
Get certified with Wave's MCSE Boot Camp or your MONEY BACK. Guaranteed.
Data quality solutions for Windows users - FREE trial version with this link
PRODUCT OF THE WEEK
Exchange 2000 Server Administration: A Beginner's Guide
Was written by Bill English and Nick Cavalancia. It's a comprehensive
book targeting those who are new to the E2K product (which is darn
near everyone ;-). Implement and manage Microsoft's leading messaging
and collaboration system using this instructive guide. You'll quickly
learn everything you need to deploy and administer E2K effectively,
and learn about migration and coexistence with Exchange 5.5 Server.
If you are a Windows administrator new to Exchange 2000 Server, this
is the book for you. You can see more about the book over at Amazon: