Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 12, 2001 (Vol. 6, #25 - Issue #260)
Please Check Your Profile!
This issue of W2Knews contains:
- EDITORS CORNER
- Please Check Your Profile!
- TECH BRIEFING
- Fiduciary Responsibility. Whazzat??
- NT/2000 RELATED NEWS
- NT 4 Service Pack 7 Expected Late Q3 2001
- WPA in Windows XP resolved?
- NT/2000 THIRD PARTY NEWS
- RemotelyAnywhere v3.5 Released
- STAT Version 4.0 Available
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The Practical Intrusion Detection Handbook.
SPONSOR: Guarantee Your Business Continuity
Everyone in IT knew that the Y2K problem could cause them two major
problems: Downtime and Lawsuits. But since then, apathy has set in.
Senior Execs and IT Managers often do not have Business Continuity
as a top priority. But the impact of system outage is greater than
ever before. Example: eBay's 22-hour downtime cost them $3-5 Million
revenues and a 20% drop in stock. Find out how to keep bizz afloat:
Visit Guarantee Your Business Continuity for more information.
Please Check Your Profile!
Well, we are finally here. You can now indicate via our web interface
if you want TXT or HTML from here on out, (for both Monday and Thursday).
Keep in mind that the Monday TXT version (the old nt-list) will go away,
and that you need to TELL us if you want TXT or HTML. In other words,
you need to opt-in for the TXT version. Please check the profile we
have for you now, and make sure it is the way you want it to be. There
is a personalized link at the bottom of each newsletter we send you, or
you can use this following link:
(email me with feedback: [email protected])
SPONSOR: SWEET SECURITY SOLUTION
...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE!
A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep tabs
on your security perimeter. Because school boxes aren't the only
computers teenagers like to hack into. Your 30-day eval is here:
Visit SWEET SECURITY SOLUTION for more information.
Fiduciary Responsibility. Whazzat??
And why am I even mentioning it? Well, last week I was handed a recent
white paper written by the Consulting arm of the Gartner Group. It was
commissioned by NSI Software (the makers of Double-Take), and is for
NSI's use so I cannot quote it. But it made me aware of an issue that
I had not fully realized before.
The Barron's Dictionary of Finance and Investment Terms defines the word
'fiduciary' as the person charged with the responsibility to wisely
invest money for the benefit of others (the beneficiary). Most US States
have laws about what a fiduciary may or may not do. You would think that
in companies this is only applicable to the Chief Financial Officer. Not
so. All Officers of the Corporation share this responsibility, and not
just for the wise investment of company money.
This so called 'Fiduciary Responsibility' goes a lot further than that.
It boils down to something like this. "If it's your job to make sure
the company keeps on going, and you fail to do what it takes, you are
liable and can get sued. So, CxO's (this is a shortcut for a whole gaggle
of abbreviations like CEO, CIO, COO, CSO and the like) can legally
be made responsible for major downtime. And in their fall, (not even
intending to do this) they can easily drag down the MIS director as well.
Especially CxO's in public companies are vulnerable for this. There is a
certain brand of lawyer that looks for sudden drops in stock price, and
then files class-action lawsuits 'on behalf of' the shareholders. Often
that is caused by companies not making the numbers they promised, but
not performing up to snuff is often caused by increasing operational
expenses and unexpected downturns. I'm sure you see where I'm getting at.
I think you would do your management a big favor by giving them a heads-
up about this issue. The two areas that need a lot more awareness at the
Top Exec level are IT Security and Business Continuity. CxO's level of
necessity to solve problems in these two areas needs to come way up.
Higher priority needs to be given, and budgets need to be made available.
It's up to you to fight for that. Hope the ammo above helps you get it!
NT/2000 RELATED NEWS
NT 4 Service Pack 7 Expected Late Q3 2001
MS told everyone in Nov '99 when SP6 came out, that they would
continue to support NT with a new Service pack. But they apparently
have been so busy with W2K that his has been backburnered. Everyone
hopes it has not fallen off the stove since it's now more than 18
months later, and we're still waiting. Not that this is anything
strange. MS took as long as this with SP5 for NT 3.51, which came
out after 4.0.
Some of us would like the features that SP7 should bring,
like AD support, but also a whole slew of security hotfixes
that are VERY necessary. If these can all be rolled into
one SP that would save time, instead of having to pull them
from here and there like IE5.5 and separate AD clients.
WPA in Windows XP resolved?
Several people sent me information that might indicate the Windows Product Activation is less of a headache than expected. But this is not conclusive so I'm going to dig in this issue a little further until I have proven evidence it will not be the incredible pain in the neck I'm afraid it will be. I'll keep you in the loop!
THIRD PARTY NEWS
RemotelyAnywhere v3.5 Released
RemotelyAnywhere v3.5 has been released and includes some very useful
improvements you NT'ers should like. This remote administration and
control utility works over the web, provides secure connections and does
not require any special client software. The new version includes a
full-featured FTP Server, Secure Telnet Server and a Port Forwarding
Server, which gives secure access to computers located behind your
firewall. More information and a trial are available at
STAT Version 4.0 Available
The very successful STAT Scanner 4.0 Professional Edition has a bunch
of nice new goodies in it, apart from the ever increasing list of tests
for new vulnerabilities. STAT is an NT/W2K network defense system, that
allows you to quickly identify and eliminate security deficiencies.
STAT Scanner 4.0 now features a Command Line Interface (CLI) that lets
you run the STAT from a simple prompt. The CLI makes it possible to
conduct automated, unattended vulnerability scanning using administrative
scripts or batch files. In addition, enhanced icons make it easy to
recognize high-, medium-, and low-warning risks. A new report now
available sorts the risk listing by vulnerability name, enabling you
to quickly identify and react to threats.
"We are constantly seeking ways to make network security management
easier to accomplish and comprehend, so that customers can continuously
protect their organizations from ever-increasing threats," said
Lilo X. Newberry, director, STAT Operations. "STAT Scanner 4.0
delivers the highest number of NT/2000 vulnerability checks with an
easy-to-use interface which maximizes the efficiency of network
STAT Scanner 4.0 now assesses and automatically repairs 1,050 different
types of Windows NT/2000 security vulnerabilities - the largest number
of such vulnerabilities detected and fixed by a single software product,
industry-wide. All STAT Scanner vulnerability checks are mapped to
MITRE's Common Vulnerabilities and Exposures (CVE) dictionary.
STAT Scanner 4.0 also tests for the presence of the very latest software
patches for Windows NT 4.0 and Windows 2000; Internet Information Server
(IIS) 4 and IIS 5; and Media Player, Outlook and Event Viewer. These
patches are key to preventing denial of service attacks, unauthorized
access or privilege elevation.
The STAT product family arms you with the ability to eliminate network
security risks before they can be exploited, providing design, analysis,
and test solutions that address the security life-cycle requirements
of computer networks. You should really think about licensing this tool
as one of those: Cannot-Afford-Not-To-Use-It type tools. Download here:
This Week's Links We Like. Tips, Hints And Fun Stuff
If you have a lost password on an Outlook PST File, here's a tool:
Good Open Letter to Microsoft about Service Packs, patches & more
Pretty cool Natural Language Interface for the MS-KB. Good results!
PRODUCT OF THE WEEK
The Practical Intrusion Detection Handbook.
A pretty good book that goes into the details of product selection,
planning and operations of Intrusion Detection (ID). It's filled with
a bunch of real-life cases and stories of ID systems in action. It
covers both host-based and network-based intrusion detection. The
author Paul Proctor is Director of Technology with Cybersafe.com
and has been active in Security for over 15 years. This is a useful
one. ISBN 0-13-025960-8 - over at