- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Mar 29, 2001 (Vol. 6, #21 - Issue #256)
Let's Do Something About Cybercrime!
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Managing MS-Exchange
  2. TECH BRIEFING
    • Let's Do Something About Cybercrime!
  3. NT/2000 RELATED NEWS
    • WXP Has The Dreaded Windows Product Activation (WPA) Built In
    • W2K -> WXP Upgrade Clarified at WinHEC
  4. NT/2000 THIRD PARTY NEWS
    • Double-Take Supports IBM's New High End eServer xSeries
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • 40% off all Windows 2000 Books for W2Knews Subscribers
  SPONSOR: Windows 2000 Magazine
Windows 2000 Magazine
Every issue of Windows 2000 Magazine is packed with superb
coverage of security, Exchange, Active Directory, and more and
offers unrivaled solutions you can't find anywhere else. Get a
free sample issue now and without risk, and find out why your
peers think we're simply the best independent resource for
Windows NT/2000 professionals.
Visit Windows 2000 Magazine for more information.
  EDITORS CORNER

Managing MS-Exchange

Hi NT/W2K-ers,

Most of us are using Exchange 5.5, but almost all of us are planning to go to Exchange 2000 one of these coming months. E2K has many architectural improvements and is dramatically more flexible and scalable than ever before. But the learning curve is also daunting. Your admin tasks, file management and database maintenance are going to be a whole different animal.

E2K is now one of the building blocks of .NET and you'll be able to drive wireless devices with it. It also allows your company to implement knowledge management (permanent brain dumps), and have information available for co-workers at any time via any device. In other words, one of these "business critical" environments. I ran into a book that will help you get this new product (which now is almost a whole application development environment) under your belt. It's called 'Exchange 2000 Server Administration - A beginner's guide (ISBN: 0072131195) and you should be able to get it anywhere, but here is a link to Amazon where you can get it for $32. Good one.
http://www.sunbelt-software.com/redir.cfm?id=032901-EC-E2K

UNDO DEPT: TYPO in the last newsletter. The Microsoft web site says the bogus certificate dates were 29 and 30 Jan, not 30 and 31 like I wrote.

Warm regards,
Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: WIN NT = HACKER TARGET #1
WIN NT = HACKER TARGET #1
Ever had the feeling of ACUTE PANIC that a hacker has invaded your
network? Plug NT/2000's over 1,000 holes before they plug you. You_have_
to protect your LAN_before_it gets attacked. STAT comes with a responsive
web-update service and a dedicated Pro SWAT team that helps you to hunt
down and kill security holes. Built by anti-hackers for DOD sites.
Download a demo copy before you become a statistic.
Visit WIN NT = HACKER TARGET #1 for more information.
  TECH BRIEFING

Let's Do Something About Cybercrime!

It's bigger than just a worm or a virus. With the amount of people getting wired to the Net, so does the percentage of criminals. Statistically, there are now well over a million criminals on the Net. So, just like we lock our doors and windows, we need to take precautions. The problem is that everybody thinks: "Oh, that's not going to happen to ME", until the time it happens to them.

A good example is a bunch of cybercrim's that first set up a porn site, next hacked a series of companies and stole credit card data, and then made all these cards buy a subscription to their porn site. Fraudulent billing to the tune of $30 million bucks. Get the point? (And try explaining *that* to your spouse!)

One step further is information warfare, where you look at other countries taking out your telecom networks, airline reservation systems, or the power grids. If you work in one of these environments, creating contingency plans for these kinds of attacks is simply part and parcel of your daily routines (or should be).

But closer to home, the unfortunate reality is that many of us are still running networks that are vulnerable. The evidence is the recent SunPoll we held. The results scared the living daylights out of me. 72% of people responding only apply hotfixes when it looks like they are needed. That just 'aint good enough folks. Only 10% applies all hotfixes weekly. That number should be 90%!

Why? A very large number of these hotfixes are security related. They vary from Denial Of Service attacks to holes found that can allow 'buffer overflows' to a host of other ways your systems may be compromised. But fixing holes is starting at the low-end, and is not the end-all solution. Top management should get security conscious in a hurry, and make budgets available. We all need to develop a healthy dose of suspicion and paranoia. You need to take the cracker's viewpoint and think like "How would I try to crack my own networks?" Then try it, get redfaced, and fix the holes. The time is NOW to start acting and DO something about Cybercrime!

  NT/2000 RELATED NEWS

WXP Has The Dreaded Windows Product Activation (WPA) Built In

OK, let me start off that I'm biased regarding this matter. I don't like it. Never have, never will. Too much hassle & headache in a production environment. For consumers that do not mess with their machines, fine. But for techies like us this spells unnecessary time wasted and additional message traffic we do not need. So, having spelled out my distaste for WPA, what is it?

MS will implement a new feature in WXP against piracy. The WPA-scheme links the Windows XP Product Key to the machine ID of the first PC on which its installed. The MS euphemism is "product activation" but really it prevents copying the OS from one machine to another. You now need to activate either via the Internet or via the phone. Ugh.

MS claims that WPA creates a unique ID-code for any first time install. It uses the Product Key you enter at installation time, and some unnamed parts from the hardware you install it on. Now, if you try to install that copy of WXP on another box with the same Product Key, the installation won't work. (It looks a lot like the new Office XP way of product protection).

WPA does not register the type of PC and its model, or use the ID of your hard disk. They claim a random ID is generated for that installation. This unique number will be registered at MS. Yup, you read that right. MS is going to have this number of your WXP installation on that box stored somewhere on their systems.

They say that if you are worried about a change in that box's config, no worries. WPA can handle that kind of thing. But if you replace the system completely (like trashing the motherboard) You need to call MS to reactivate WXP when you re-register the OS. Yikes! The other thing they claim is that it will 'only' be included in copies sold via retail or through PC makers and other OEM's. That 'just' happens to be about 90% of their total sales. The only people that are excluded from this distasteful scheme are large corporations that buy MS stuff on their volume licenses. Like I said, I don't like it. MS may want to protect their products, but over the last 25 years they have grown successfully without using this kind of protection. Bill, I've been in this industry almost as long as you are. Take it from me, this is going to be a major headache, and your customers are NOT going to like it.

WXP itself is pretty good as OS-es go. Paul Thurrott has done the best write-up about Beta 2 that I have seen up to now. You can read his very complete review over here:
http://www.sunbelt-software.com/redir.cfm?id=032901-WXP-WPA

W2K -> WXP Upgrade Clarified at WinHEC

As reported by InfoWorld Magazine. At the WinHEC 2001 conference in Anaheim this week, some more of the WXP veil has been lifted. Greg Sullivan, a lead product manager for Microsoft, said the new OS will eventually replace all of the company's previous OS-es. What it looks like is that end of 2001, MS will make Windows XP Home Edition available. This version will replace Windows ME. Sullivan also said that 64-bit and embedded flavors will see the light in 2001. And the WXP's for servers are expected in 2002. I'm pretty sure that these are going to be the same as W2K now: Server, Advanced Server and Datacenter.

He further claimed that MS will continue to support W2K, but the upgrade path for W2K is WXP. However, if you are in the process to upgrade to W2K, keep on going. W2K and WXP are playing nice together. Obviously MS is pretty motivated to get to a unified code base for all platforms. It will make system admin's situation re support easier too.

MS claims that help desks will benefit from a WXP roll-out. It's got the "shared desktop". That allows the help desk to take control over a remote machine. Guess where we have heard THAT before. Another 3-rd party tools category that gets included with the OS. Say goodbye to Symantec pcAnywhere and another 10 or so developers in that particular space, unless this feature is so badly implemented nobody wants to use it. Full InfoWorld article over at:
http://www.sunbelt-software.com/redir.cfm?id=032901-WinHEC

  THIRD PARTY NEWS

Double-Take Supports IBM's New High End eServer xSeries

In the last Issue #255 I announced the new IBM high-end flavor machines. Double-Take now offers High Availability and Disaster Recovery for these new puppies. Double-Take will provide business continuity support, including high availability and disaster recovery capabilities, for IBM's new high-end eServer(a) xSeries(R) 4-way and 8-way Intel(R)-based servers. And Sunbelt will install it on-site for you if you want.

Double-Take is the first business continuance solution to meet the stringent requirements of IBM's Datacenter Solutions Platform by completing IBM's Microsoft Windows 2000 Datacenter testing. The IBM Datacenter Solutions Program is a comprehensive set of product and service offerings designed to deliver true enterprise computing solutions based on the W2K Datacenter Server OS to those of you that need greater processing requirements, greater scalability and the highest levels of uptime for your mission-critical environments.

As well as the IBM Datacenter Solutions Platform validation, Double-Take also received validation and registration as ServerProven(R) and ClusterProven(R) on IBM's Netfinity server platforms. IBM ServerProven and ClusterProven ensure product operability to provide the ultimate in total system availability and resiliency.

Jerry Gregory, NSI Software Vice President of Business Development said: "Regardless of size, today's enterprise requires the right tools to manage growth, risk and cost. Business continuity and scalability are crucial to keeping businesses alive and preventing negative financial impact. The new IBM eServer high-end 4 and 8 way servers coupled with NSI's Double-Take software have the built-in flexibility to enable companies to respond quickly and dynamically to sudden market changes without fear of data loss or downtime".

Nancy Williams, Director World Wide Solutions Marketing for IBM eServer xSeries stated: "Data availability and recovery are crucial to ensuring business continuance for large enterprise mission-critical environments,". "We are confident that Double-Take meets the enterprise requirements for ensuring uninterrupted data availability for our xSeries customers."

So, what is Double-Take?

Double-Take(R) is the first business continuance product for the IBM Datacenter Solutions Program. Capturing and replicating only byte-level changes as they occur, Double-Take replicates selected files or entire storage devices from one or more source servers to one or more target servers across existing IP local or wide area networks. DT's patented technology provides high availability for network servers, reduces or eliminates downtime and data loss with automatic failover, while enhancing the capabilities and performance of existing backup systems.

Double-Take's failover capabilities allow network operations to resume immediately after a disaster, without user intervention, disruption or the complexities of restoring from tape.

Double-Take's modular architecture is designed to take full advantage of topologies ranging from intermittent WAN connections to high speed Fibre Channel-based SANs. For local and campus environments with high- speed server connections such as virtual interface architecture (VIA),

Double-Take provides high-speed, real-time data replication with no impact on the production network. Sunbelt Software carries the Double- Take product, and we offer an on-site installation service that will take care of the full DT implementation process, any needed scripting, training of your staff on-site, and a successful demonstration of the replication, fail-over and fail-back mechanism after the install is done.

Get a 30-day eval here, and call us if you want an on-site install:
http://www.sunbelt-software.com/product.cfm?id=111

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • A good page that compares SQL 7.0 with SQL 2000
    http://www.sunbelt-software.com/redir.cfm?id=032901-FL1-SQL2K
  • Double-Click's NT-servers with IIS 4.0 were hacked. Story here:
    http://www.sunbelt-software.com/redir.cfm?id=032901FL-Dchack
  • SANS Intrusion Detection Course now available online
    http://www.sunbelt-software.com/redir.cfm?id=032901-IDTonline
  •   PRODUCT OF THE WEEK

    40% off all Windows 2000 Books for W2Knews Subscribers

    Syngress Publishing is offering 40% off all Windows 2000 and related books to subscribers of Sunbelt's W2Knews newsletter. You'll find books covering Active Directory, SQL 2000, Exchange 2000 Server, Network Services, and more. Also, for a limited time you can get copies of their Windows 2000 Configuration Wizards and Deploying Windows 2000 with Support Tools - an $80 value - for only $15.95.

    All books come with a FREE 1-YEAR Upgrade plan that provides you with two technology whitepapers, Ask the Author query forms, and downloadable HTML ebooks for your laptop. Check them out at:
    http://www.sunbelt-software.com/redir.cfm?id=032901-BW-Syngress