- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Mar 8, 2001 (Vol. 6, #15 - Issue #250)
Another NT site CRACKED!
  This issue of W2Knews™ contains:
    • W2Knews now comes from: W2K! We migrated.
    • Another NT Site Cracked: Bibliofind.com
    • What's Network Address Translation Got To Do With Security?
    • The things you have to TELL some people... (Humor)
    • Here Are the New NT4 Cert Specifics
    • Second Major Win for StorageCeNTral: Microsoft NAS License
    • Diskeeper V6.0 300 To 500% Faster Than W2K Defrag Applet.
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Exchange 2000 Server Administration: A Beginner's Guide
Users are calling in hot and heavy... things are slowing down. Why?
Quickly checking the server shows nothing wrong, CPU is humming at 20%,
memory usage is only 50%. What the heck is going on? Your network may
be hammered by a broadcast storm or users downloading BIG files.
You need to visualize what is going on inside the wire. The new NetBoy
Suite simplifies your task to troubleshoot and efficiently maintain
your networks with an innovative and powerful GUI. Try out the full
eval copy free for 30 days. This is the real thing, check it out.
Visit NETBOY for more information.

W2Knews now comes from: W2K! We migrated.

Hi All!

Last night we retired the two NT servers that had been faithfully serving the Sunbelt website for 3 years using the old Convoy IP load balancing software. They were replaced with a Dell dual 500 and Dell dual 333. They are running W2K Advanced Server with Network Load Balancing (NLB) which was called WLBS, and before Microsoft acquired that technology was named Convoy. We like this setup a lot for our webservers so we continued with a similar architecture in our new W2K environment. Both are hooked up to the same SQL70 back-end server.

The entire process only created about 10 minutes of total downtime. That was because of the way we were able to replace one server at a time using the NLB setup. Most of the outage was due to just having to make minor tweaks and rebooting. The only hassle we ran into was getting Double-Take to work with NLB, but we made it work after figuring out the correct settings.

We now have the data replicated from the source server to the target server so that both machines are identical. A change made on the source is at the target in less than a second. One dies, the other takes over, and you will never know it. So we have ELM monitoring these puppies to warn us if something is amiss. Fairly painless operation actually, and it's actually zippier too.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep tabs
on your security perimeter. Because school boxes aren't the only
computers teenagers like to hack into. Your 30-day eval is here:
Visit SWEET SECURITY SOLUTION for more information.

Another NT Site Cracked: Bibliofind.com

In Issue #237 I told you guys that NT was Hacker Target #1. And here is another horror story, dang! Just this Monday a subsidiary of Amazon.com came out with the news that crackers stole the company's customer records, including their credit card information. The Wall Street Journal Online and InfoWorld both broke this story. Biblio- find is a site for hard to find books based in Massachusetts.

The crackers have had access to customer data from Oct-2000 through Feb- 2001, said the report. Looks like Bibliofind sent an email to all its 98,000 customers last Monday, and notified the FBI and credit card companies. There has been no evidence of the credit cards being used fraudulently up to now. Bibliofind has removed all cc-date, phone and physical address data from their site. Too Late, Too Little!

When I read the news, it was not clear what OS they were running, but I suspected it would be NT. So I went to www.netcraft.com. They have a page that is called: What's that site running? And lo and behold: They came back with: The site http://www.bibliofind.com is running Microsoft-IIS/4.0 on NT4/.

It's not the first time and will not be the last. Every OS gets exposed to a 'trial by fire' by the ever growing IT community. And since 'hackerdom' has been elevated to a national sport, successful hackers/ crackers are seen as cult heroes so we have to be extra careful.

So, apart from your firewalls, you have to have a layered defense strategy in place. You have to employ various technologies and staffing/training solutions to manage this kind of risk. Security is a PROCESS, not a GOAL. Obviously you have to have the tools, but you also need to be trained.

The most basic security related tool you simply GOTTA have is an event log monitor like ELM. Being able to hack your own site from the 'outside- in' using the same techniques as crackers also helps to sleep at night. A good example of that is QualysGuard. And scanning for vulnerabilities on a regular basis from the inside out like STAT does is also a very good idea.

And to begin with, NEVER, NEVER, NEVER keep any complete credit card data for longer than a few seconds after the transaction completes. Lop off the last four digits or the middle ones to make sure that you do not run into exposing this kind of data EVER. Check out these tools:

ELM: http://www.sunbelt-software.com/product.cfm?id=533
QualysGuard: http://www.sunbelt-software.com/product.cfm?id=545
STAT: http://www.sunbelt-software.com/product.cfm?id=899

What's Network Address Translation Got To Do With Security?

IP addresses are getting scarce until we get to the next generation. So there are some short term solutions that have been thought up for this. The most popular of these is NAT. One description is: NAT is a standard method to map IP addresses from one domain to another. Example: from your private intranet to the Internet. NAT allows machines inside your firewall to reach boxes transparently outside your firewall without having to have their own unique IP address. More over, their IP addresses are hidden. From the outside, it looks as if all requests originate from just one IP address: that of the router that sits in the middle.

The router that sits in between your domain and the Internet does these translations on the fly. Your internal machines can access every Internet host this way. The are some limits, many Internet protocols require unmodified packets to travel from the source to the destination. IPsec for instance uses digital signatures with each original packet header so NAT won't work in an IPsec setup. You also have to watch it with reorganizations, as NAT systems can be nested by accident causing routing headaches.

NAT systems are often proposed as a security solution. (All the internal IP's are hidden) But the drawback of that is that if your NAT router has been compromised, your whole network is vulnerable. You definitely want a firewall, do not rely on NAT unless this is a home LAN or a (very) small office.


The things you have to TELL some people... (Humor)

The only item here is a link to the MS Knowledge Base. ROTFL

Here Are the New NT4 Cert Specifics

In issue #245 on Feb 19 I mentioned that NT would come back to the MCSE pool. Here are all the specifics for this new course 70-244. It's a fresh page on the MS Training and Services Page:


Second Major Win for StorageCeNTral: Microsoft NAS License

The market for NT/W2K Storage Management is showing the winners and losers now that the early years are over. Quite a few companies have made a stab at this market but only a few are now recognized leaders. One of the products that has made the grade is WQuinn's solution for storage management. StorageCeNTral's (SC) first big win was that Microsoft chose it for its internal quota and disk storage management.

The second major victory is that Microsoft decided to license SC for a interesting new offering they are coming out with shortly. MS is going to create a scaled down flavor of W2K for dedicated network-attached appliances that at least one well established hardware vendor that I know of will sell. Probably more will follow. It's one of those plug-and-play boxes you just attach to your network and VOILA you have another bunch of GIGs at your disposal in about 30 seconds.

All of this boils down to the fact that StorageCeNTral is now pretty much the acknowledged 'best-of-breed' in this category. So you know what tool to choose if you want to keep your storage under control.

Article at:

StorageceNTral 30-day eval at:

Diskeeper V6.0 300 To 500% Faster Than W2K Defrag Applet.

A recent NSTL Labs test found that Diskeeper dramatically out-performs the W2K utility. the findings are published in a report entitled, "Comparison Testing: Diskeeper vs. the Windows 2000 Disk Defragmenter."

NSTL first began benchmarking the impact of defragmentation on systems in 1999. In previous tests comparing fragmented to defragmented disks, NSTL discovered system performance gains of 56 to 81 percent on NT after defragmentation. Further tests in 2000 showed even greater performance increases of up to 200 percent on Windows 2000. Now, in its latest report, NSTL compares Diskeeper to the built-in, manual defragmentation utility included with the W2K OS itself.

"It was important to ensure that these tests were objective," said Lloyd Holder, President and CEO of NSTL. "As a result, testing was conducted to produce a thorough evaluation of each product in an enterprise environment."

This investigation covered two key areas of interest to corporate IT; speed and effectiveness. NSTL utilized single and dual processor systems, as well as a variety of large drives including software and hardware RAID arrays. In all, four configurations were used in the testing. In each case, Diskeeper performed a more thorough job of defragmentation and accomplished it significantly faster. "After extensive testing, NSTL found that Diskeeper was between three and five times faster than the Windows 2000 Disk Defragmenter," concludes the report.

Here are times for each defragmenter, in each type of storage configuration:

  1. 9 GB (single) drive:
    Diskeeper, 32 min., 15 sec.
    Windows 2000 Disk Defragmenter, 1 hr., 34 min., 9 sec.

  2. 30 GB RAID 5 (3-disk) array:
    Diskeeper, 3 hrs., 13 min., 30 Sec
    Windows 2000 Disk Defragmenter, 14 hrs., 42 min., 58 sec.

  3. 150 GB RAID 5 (10-disk) array:
    Diskeeper, 6 hrs.,19 min.,48 sec.
    Windows 2000 Disk Defragmenter, 21 hrs., 49 min., 44 sec.

    2 X 60 GB RAID 5 (10-disk) array:
    Diskeeper, 3 hrs., 9 min., 44 sec.
    Windows 2000 Disk Defragmenter, 9 hrs., 23 min., 30 sec.

It should be noted that in the 2 x 60 GB configuration, the W2K Disk Defragmenter could not defragment the two drives at the same time. Diskeeper, however, automatically defragmented both disks in less time then it took the W2K applet to defragment just one disk. As a result, using Diskeeper, systems can be returned to peak performance much more rapidly than ever before." 30-day eval is over here:

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Assure integrity with Tripwire. Get a FREE vulnerability poster.
  • Get certified with Wave's MCSE Boot Camp or your MONEY BACK. Guaranteed.
  • Data quality solutions for Windows users - FREE trial version with this link

    Exchange 2000 Server Administration: A Beginner's Guide

    Was written by Bill English and Nick Cavalancia. It's a comprehensive book targeting those who are new to the E2K product (which is darn near everyone ;-). Implement and manage Microsoft's leading messaging and collaboration system using this instructive guide. You'll quickly learn everything you need to deploy and administer E2K effectively, and learn about migration and coexistence with Exchange 5.5 Server. If you are a Windows administrator new to Exchange 2000 Server, this is the book for you. You can see more about the book over at Amazon: