Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, May 21, 2001 (Vol. 6, #36 - Issue #271)
MS Twisting Your Arm?
This issue of W2Knews contains:
- EDITORS CORNER
- New Survey: Are You Going To Buy An Xbox?
- TECH BRIEFING
- Free Open Software W2K Intrusion Detection System
- NT/2000 RELATED NEWS
- NT/2000 THIRD PARTY NEWS
- Free Active Directory Chapter Out Of My New Book and
How To Get Your Free AutoPilot
- SPQuery Renamed to UpdateEXPERT - New Version 5.0
- New Version 4.01 of STAT Security Scanner
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hack Proofing Your E-Commerce Site
ALERT: Networks bottleneck & costs climb as workers squander
hours online, surfing, listening to the radio over the 'Net,
downloading MP3s, video & other bandwidth hogs. Install Super-
Scout Web Filter on your network & in 20 min you'll know exactly
WHO is doing WHAT, WHEN & WHERE on the Internet. Monitor, record
& manage all TCP/IP protocols. You've got responsibility for the
network, download an easy way to manage it. *FREE* 30-day trial:
Visit SurfControl for more information.
New Survey: Are You Going To Buy An Xbox?
First, the results of our earlier survey. That was about the
new Windows Product Activation feature in WXP. Well, 60% of you
hated the idea, and wouldn't want to buy it. 32% Said they could
see problems in production environments. MS, are you listening?
Next is the question of the XBOX. Some people sent me email back
and asked why I was reporting on this box. Well, it runs on a
stripped version of W2K, so that's easy. I'm going to get one. Why?
The game quality. MS knows what it takes to get the hardware sold.
They actually sell these boxes at a loss. Selling good games is
where the money is coming from, and that is why they are acquiring
games makers at a rapid clip at the moment. The Xbox will be released
November 8-th. As an example, just look at this section out of
the game, and you'll know what I mean. (You need some bandwidth
for this puppy)
More over, the Xbox is of course MS' trojan horse toward the smart,
hooked-up, micropayment enabled, interactive, automated home. Another
step forward toward a subscription model instead of just selling
boxes. Think "MS-tone".
So, whaddaYOUgonnado regarding the XBOX?
Vote here: http://www.w2knews.com
- Yes! I've been holding out for this baby!
- Looks interesting. I'm seriously considering.
- Nah. Just bought a PS2, can't justify the expense.
- Nope. I don't do games.
(email me with feedback: [email protected])
SICK AND TIRED OF MESSING WITH LOGON SCRIPTS?
ScriptLogic solves your problem by delivering the configuration
created for each user wherever they log in. Security policies,
drive mappings, folder redirection, printers, Internet config,
Microsoft Office paths, and Outlook/Exchange mail profiles are
automatically configured during the logon process. Users can log
in from any PC, running any Windows 32-bit OS, over any LAN, dial-
up or VPN connection -- and instantly have access to their unique
desktop configuration. 30-day Full Function Eval here:
Visit SCRIPTLOGIC for more information.
Free Open Software W2K Intrusion Detection System
If you do not get the Security Update e-zine from Windows 2000 Mag,
well, you should. Their Editor Mark Joseph Edwards knows his stuff,
and I'm quoting a few paragraphs that I thought were particularly
interesting from this week's issue. They discuss freeware, for security.
A rare combination indeed. I'm going to let Mark talk for a bit, and
at the end of this section I'll show you where to get it, and how to
subscribe to Mark's e-zine. This is a "Stu's Warmly Recommended"!
"The third security product I've been playing with is an intrusion-
detection system (IDS) called Snort, which is provided free to
everyone under the GNU General Public License scheme (as published
by the Free Software Foundation.) Snort was originally designed by
Martin Roesch to run on UNIX systems; however, Michael Davis has
graciously ported Snort to the Win32 platform so now it runs on Windows.
"Like other IDS systems, Snort works by comparing network traffic to a
database of known attack types and traffic patterns. Snort is very
flexible; users can write their own rules using fairly simple syntax,
or they can download any of several predefined attack signature databases
(called rules) for use within the product. The ability to define your
own attack signatures means that you don't have to wait for your IDS
vendor to produce them for you; you can protect yourself as soon as you
discover a new risk by writing your own rules.
"No IDS can detect attack types it doesn't know about, so the rules are
crucial. And because Snort is freeware (and open source at that), the
tool has a tremendous amount of community support, and as a result, new
rules are created about as fast as hackers and crackers discover new
exploits. So in most cases, instead of writing your own rules, you can
simply go to a site that maintains Snort rules and quickly download any
"Developers have created many Snort add-ons that make the tool easier to
use. Snort is command-line-based, so remembering the command switches is
cumbersome. Snort users realized this and created Windows-based GUIs for
Snort. The GUIs help automate command-line switch configurations through
the use of simple dialogs. Other add-ons include log analyzers that help
make sense of Snort logs. Logs can be written in Snort's native ASCII
log format or to a familiar TCPDump-style binary format. In addition,
Snort can send its output to a Posix-compliant syslog daemon (which
typically runs on UNIX systems), to the Win2K/NT Event Log, or to a SQL
database--all of which help you take advantage of existing technology
"Setting up Snort takes a little work, but its setup isn't beyond the
capability of any network administrator who understands basic networking
concepts. The real work comes from the need to download Snort along with
other required components that might not be present on your system
(e.g., WinPcap, which provides the packet driver--DLL file--that the
Win32 version of Snort uses).
"I installed Snort, a GUI-based configuration tool, and a log analyzer/
alerter in less than an hour. I installed the software on a honey pot
I leave running on my network as bait, and in the first 3 days, it
caught crackers' port scans as well as their attempts to break into
the honey pot's Web service, mail server, and DNS server.
"Snort is easy to use, good at detecting attacks, runs on a variety of
OSs, and comes with a plethora of snap-ins and add-ons that further
extend its abilities. If you thought you couldn't afford a good IDS
system for your network, Snort is just what you need--and it's free!
You can thank the open-source community for that fact. You can get
Snort and the required WinPcap packet driver at the following URL:"
Subscriptions for your Security Update:
Grateful Acknowledgements to Mark Joseph Edwards, News Editor
NT/2000 RELATED NEWS
MS Twisting Your Arm?
If you have not heard it yet, you did not read my last newsletter.
(issue 269). But it's a good idea to take notice. MS is changing
it's license terms and there is this whole firestorm going on, where
a lot of people in the press complain about extortion and monopolist
Well, MS indeed is asking all of us to upgrade to W2K before the
deadline of Oct 1, 2001. What they basically offer is to buy out the
'perpetual license" clause in existing volume contracts. Currently,
once the agreement expires, you own the software. MS is changing
that, so that when your contract expires, you must either re-up
or take the software off your systems.
You need to do the math, to find out if this is all that bad.
In some cases it can actually save money. The right approach to take
in this situation, would be to study the issue, do your homework in
Excel, and then decide if you are going to be happy or mad. No use
jumping on the "screaming bandwagon" unless you did the calculations
as they would be for your environment. In other words: stay cool,
calm, collected until the evidence shows otherwise. Then you can
explode or not. [grin]
THIRD PARTY NEWS
Free Active Directory Chapter Out Of My New Book and
How To Get Your Free AutoPilot
I got my copy of Windows 2000 Power Toolkit yesterday from Amazon,
so if you have ordered it, you should see it drop in your mailbox
any time now. For the few of you that did not order your copy yet ;-)
I have a free chapter that explains Active Directory fundamentals.
It's 16 pages and in PDF format.
You can order the book from the Sunbelt OnlineShop if you are in
the USA, for the same price as it is sold at Amazon.com. If you
are outside of the US, we still recommend Amazon, but you can order
it at any of your fave local bookstores. Within a few weeks, you
will have worldwide access to the online shop as well.
And if you did get your book, and now want your free copy of AutoPilot,
the instructions to download your full copy are on this same page,
so I guess everyone will now go here and download like mad to get
their freebies! We have a T3 over fiber, so go right ahead. [grin]
SPQuery Renamed to UpdateEXPERT - New Version 5.0
SPQuery was renamed to UpdateEXPERT because that new name covers
the dramatically expanded functionality much better. It's not just
service packs anymore. Apart from the database enhancements, the
new version 5.0 of UpdateEXPERT now supports Windows XP and the
following MS applications:
In addition to installing the updates, UpdateEXPERT will ensure
that the update is correctly installed. This validation can be
performed at any time and as part of the deployment process.
- SQL Server
- Exchange Server
- Internet Explorer
- Media Player
- Windows Media Services
- Net Meeting
- Office (Summer 2001)
- Outlook (Summer 2001)
Users can designate updates as required. This enables users to manage
hotfixes by policy. Users will define what updates are required with
a click of the mouse. The sum of required updates equals the user's
policies. Policies are used for many configuration parameters. Security
and staging are just a couple of policy factors. Therefore, you will
not confuse customers by narrowing the scope of policy management to
these two factors.
Users can run reports to verify policy adherence. This report makes it
easy for users to see how the inventory matches up against what updates
are required. Policy management is enforced by defining policy (with
required Updates) and managing by exception those machines that are
For Existing SPQuery Users
You will receive all functions that SPQuery 4.2 offered. You will be
able to research for applications updates. Plus, you will be able to
mark OS updates as required and run the Conformance Report for the OS
updates. Finally, you will be able to use the Validation feature
when applicable for the OS updates.
SPQuery maintenance/subscription entitles you to the latest updates for
the OS. SPQuery is an OS only program. As a courtesy, we are offering
an OS only version of UpdateEXPERT for our current SPQuery 4.x customers.
Check with your Reseller or Rep for upgrade details:
New Version 4.01 of STAT Security Scanner
You all know STAT by now. It is one of the most tried-and-true tools
that will help you to scan for holes and alert you with priorities
indicated. It has many domain-wide autofix options and is one of the
anti-hacker precautions you just have to take. The brand new V4.01
eval is out which allows you to test STAT against your domain. This
version scans for and finds over a 1,000 known vulnerabilities. If
you do not have a hole scanner like this, you should check out STAT.
This Week's Links We Like. Tips, Hints And Fun Stuff
Want to make your car unique? Get a message across? W2Knews suggests:
Here's the official SP2 Jump page. The Pack has not changed. This is it:
Security: Want to know what software is using which port on your box?
PRODUCT OF THE WEEK
Hack Proofing Your E-Commerce Site
This book shows you - whether you work for a Fortune 500 company or
run your own small Web-based store - how to protect yourself and your
business from the ever-increasing threat of hackers. It provides
insights into the tools and techniques that hackers use to compromise
sites and gives Web architects and engineers instructions on how to
use those insights to design and implement better security measures.
Beginning with the story of how one hacker managed to cripple the Web,
it covers secure credit card transactions, content networking, redundancy
and reliability, and security secrets, as well as configuring Cisco's
LocalDirector and DistributedDirector.