Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, May 31, 2001 (Vol. 6, #39 - Issue #274)
This issue of W2Knews contains:
- EDITORS CORNER
- Nasty Viruses: Hoax [blush]
- TECH BRIEFING
- When Was Your Last CyberDisaster Drill?
- NT/2000 RELATED NEWS
- Insurer Considers Microsoft NT High-Risk
- NT/2000 THIRD PARTY NEWS
- Get StorageCeNTral Before The Price Hike!
- Cisco Router Software Flaws
- Testing Intrusion-Detection Systems
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Configuring ISA Server 2000
SPONSOR: Prism MicroSystems
Keep track of changes of critical servers and workstations!
Ever wonder why that computer that was working correctly till now is
suddenly acting strange? Want to know what changed? WhatChanged (TM)
for Windows is powerful but friendly software to let you track,
examine, understand and manage change. Use the Enterprise Edition to
implement centralized Change Management in your Intranet today. Must
have software for critical servers and desktops. Get your free copy
of the Windows 98/Me edition (a $29 value) at:
Visit Prism MicroSystems for more information.
Nasty Viruses: Hoax [blush]
Well, just ONCE (because I was in a hurry) I failed to check some
virus alerts if they perhaps were a hoax. And sure enough, as if the
devil played with it, they were hoaxes. Sorry 'bout that! However,
there still are a bunch of these nasties out there, so make sure
you protect your networks against them.
Let's have a look at the news!
UNDO Dept: We un-intentionally dropped the "Win98/ME" from our sponsors
text on 5/17. The free version was indeed for Win98/ME only. The same
download was a 7-day trial for NT/W2K users. This has now been upgraded
to 30-days for NT/W2K. WhatChanged is our sponsor again today.
(email me with feedback: [email protected])
SPONSOR: IS YOUR NETWORK SAFE?
GET EXPERT OUTSIDE HELP TO MAKE YOUR NETWORKS PENETRATION-PROOF
Few people have the time, expertise, and dedication to sweat the
tiniest details. But those are the ones that hackers find and exploit.
Get your network assessed by an external, high-level anti-hacker. A
three-day assessment will show you how bad it is, and what needs to
be done to fix it. It's something your management cannot afford not
to do. Check out the brand new Sunbelt Security Consulting Service:
Visit IS YOUR NETWORK SAFE? for more information.
When Was Your Last CyberDisaster Drill?
On ships they do them all the time: fire drills. The FEMA (Federal
Emergency Management Agency) does this for a living. When did your
users see black screens, networks down and no power for the last
time - just as a test?
Just a few days ago, attackers shut down the CERT site. This is a
site dedicated to tracking hacker attacks. CERT is short for Computer
Emergency Response Team, and is funded by the federal government.
The attack lasted 30 hours and denied access to practically everyone
trying to get to the site. This was a so called Distributed Denial
of Service attack (DDOS for short). There was even a USA Today
article about it. I have the link at the end.
One of the commercial providers of disaster recovery, an outfit called
Comdisco, said that the #1 cause for downtime is hardware and equipment
failure. The #2 reason is power outages and fires.
Steve Hunt from the Giga Information Group commented that it is "finally
dawning on people that computer disaster drills are important. You don't
want the firemen to show up at the fire without ever having seen one
before," he said.
So, what kind of disaster drills are done by what kind of companies?
So, having an infrastructure that allows you to get critical data off
site, and then testing to see if everything actually works is important.
It will help you (and your organization) to diagnose problems in both
the hard- & software and the procedures themselves. More importantly,
it will keep your data-recovery skills current. When was the last time
you tested if your backups are really able to be restored?
- IBM's consulting division conducted 10% more disaster drills in the
first quarter of this year over last year, the company says. Comdisco's
drills are up 10% to 15% in the last 12 months from a year earlier,
division President John Jackson says. Clients are asking for longer
tests, IBM manager Todd Gordon says.
- Software company SolutionInc recently held its first disaster drill.
Randy Currie, the company's technology director, tested his staff by
replacing a data-filled computer drive with a blank one. Five workers
recreated all the "lost" data in about 8 hours.
- Pharmaceutical company Abbott Laboratories has run twice-yearly drills
on its mainframe computers for more than 20 years. But it decided after
undergoing Y2K preparedness tests that employees could benefit from
additional training. Now, 20 to 25 workers are tested on computers of
all sizes every month.
- Texas Instruments has run mainframe drills since 1991. The company
began expanding its training program 2 years ago. Now, it tests a variety
of systems two or three times a year. The drills help TI identify "data
that is missing ... holes in the procedures ... and changes in the
environment that we may not have accounted for," says Greg Petersen,
manager of disaster recovery planning.
- Sophos Anti-Virus, a computer security software firm, holds monthly
classes in Europe that let technology workers test their skills on
computers infected with viruses. The courses are so popular that Sophos
hopes to start them in the USA.
USA Today article:
Video instruction for Disaster Recovery with intro by Small Business
NT/2000 RELATED NEWS
Insurer Considers Microsoft NT High-Risk
ZiffDavis' Interactive Week Mag had an article that is very interesting
indeed. It claims Microsoft's server software is easy to install, loaded
with features and fairly reliable, but may also be more costly to insure
against hack attacks.
J.S. Wurzler Underwriting Managers, one of the first companies to offer
hacker insurance, has begun charging its clients 5 percent to 15 percent
more if they use Microsoft's Windows NT software in their Internet
operations. Although several larger insurers said they won't increase
their NT-related premiums, Wurzler's announcement indicates growing
frustration with the ongoing discoveries of vulnerabilities in MS
Some industry observers believe other insurers may follow Wurzler's
lead, which could affect the overall hacker insurance market, a sector
that the Insurance Information Institute estimates may generate $2.5
billion in annual premiums by 2005. "We saw that our NT-based clients
were having more downtime" due to hacking, says John Wurzler, founder
and CEO of the Michigan company, which has been selling hacker insurance
Wurzler said the decision to charge higher premiums was not mandated
by the syndicates affiliated with Lloyd's of London that underwrite
the insurance he sells. Instead, the move was based on findings from
400 security assessments that his firm has done on small and midsize
businesses over the past three years.
Wurzler found that system administrators working on open source systems
tend to be better trained and stay with their employers longer than those
at firms using Windows software, where turnover can exceed 33 percent per
year. That turnover contributes to another problem: System administrators
are not implementing all the patches that have been issued for Windows NT,
Microsoft spokesman Jim Desler said the hacker insurance market is still
too young to declare Wurzler's move a trend. "There's not enough history
or business to draw conclusions about rate-setting practices," Desler
said. As the market matures, rates are likely to be based on best practices,
rather than on platforms or products, he predicted. "We provide unparalleled
support in the area of security."
American International Group, the country's largest insurance underwriter,
said it will not raise its rates for Windows NT-based systems. Nor will
Aon, the world's second largest insurance broker. The use of NT is "just
one factor in the overall assessment of risks. It can be an indicator of
other vulnerabilities, but you may also have other things in place to
counter that, like firewalls and intrusion-detection systems," said Kevin
Kalinich, a director in Aon's technology and telecommunications group.
However, Harry Croydon, CEO of Safeonline, a London risk analysis firm that
works with underwriters at Lloyd's, predicted that Wurzler's decision to
charge more for Windows NT machines is "a trend we will see increasing."
Just as drivers who own rare cars pay more to insure them, Croydon said,
"certain types of software expose you to different risks."
You should check with your own insurer if this is going to be an issue
or not. Are you insured for hacking in the first place? That might be a
novel idea! Rest of the article here: (and free subscriptions too)
Tools to protect your networks from hacking are over here:
THIRD PARTY NEWS
Get StorageCeNTral Before The Price Hike!
Through usually reliable sources I got word of the fact that Industry
leading Storage Resource Management tool StorageCeNTral is going to
get more expensive in July. So that opens up the possibility for you
to get hold of this award winning suite of tools before the deadline,
and still only pay the old price.
StorageCeNTral was recently chosen by Microsoft to be included in their
NAS Appliance Storage Management Kit. According to Microsoft: "Licensing
WQuinn's StorageCentral SRM software enables OEMs using the Windows 2000
Server Appliance Kit to deliver a richer NAS solution to their customers
and to get that solution to market quickly," said Keith White, senior
director of marketing for the Embedded and Appliance Platforms Group at
Microsoft. "The StorageCentral SRM software complements the proven
reliability, manageability and availability of Windows 2000 technologies."
Kelly Meagher, a product manager at Microsoft says, "In this case, we were
looking for the best technology to make available to our customers, and
W. Quinn had it, hands down." Well, who am I to quarrel with that. [grin]
Get your hands on the industry's best-of-breed tool to solve the storage
problem. For the old price of $ 895 for a single server license. Prices
in Europe may vary. Get your 30-day eval here:
Cisco Router Software Flaws
The SANS Newsbytes e-zine reported that Cisco Systems issued an alert
that acknowledged not one but four(!) security holes in CBOS. This is
the OS for its 600 series routers. Cisco advised their customers to
upgrade. The comment here is that these are not just ordinary bugs,
in this case defined as basically a good design but a small error in
the implementation. These flaws are really fairly gross, suggesting
that Cisco has had some newbie software engineers working on CBOS,
and insufficient code review done on their work.
The things they admitted to included passwords stored in clear text
in router memory, predictable TCP Initial Sequence Numbers, and the
possibility that the router will stop passing traffic when certain
ECHO REPLY and ECHO REQUEST packets are sent through. These are holes
you can drive a truck through when you are an experienced hacker.
Here is the link to Cisco's site for your upgrade:
Testing Intrusion-Detection Systems
ComputerWorld has a good article on IDS-testing. One of their columns
is called "The Security Manager", and this article explains how you
can separate product hype from reality. I'm quoting the first paragraph,
and if you are intrigued, you should just click on the link and read
the rest of the article. It's about 5 minutes work, and very instructive:
"When you buy a sports car, it's a no-brainer that you'll take it for a
test drive to make sure you like the way it handles, the comfort level
and its performance. And if you're like me, when purchasing a security
product for your company, you show the same due diligence to make sure
you're getting the performance you need.
My company recently tested and acquired a network-based intrusion-detection
system (IDS). Over the past few months, I've received many e-mails from
readers asking me to explain the performance-testing methodology I used,
so I've decided to share how I tested our network-based IDS. (A network-
based IDS server watches traffic destined for all host systems on a subnet
while a host-based IDS typically runs on each host system to be protected.)
Performance is only one possible criterion for choosing an IDS. Depending
on the level of expertise of you and your staff and the amount of resources
available, your requirements and testing criteria may be different from
mine. You might focus on ease of use and strong reporting, ease of creating
new attack signatures or price. Performance is critical to me because of
the high amount of bandwidth our site must sustain. I can't afford to miss
any potential events because of the performance limitations of the IDS
infrastructure". Interested? Continue to read here:
This Week's Links We Like. Tips, Hints And Fun Stuff
Paul Thurott's view on the Itanium announcement and what 64-bit means
Instead of Battery Backups: Try your own MicroTurbine @ the same cost
It's like the old times for MS. Here's an update on their current scene
PRODUCT OF THE WEEK
Configuring ISA Server 2000
If you are into building firewalls for W2K, this is a MUST-Have book.
This time, instead of a short dry description, one of the Amazon.com
Reader Reviews from May 17, 2001. Reviewer: James Glenn from Phoenix:
"One of the best computer books I've read. I bought this book after
having read the Shinders Windows 2000 TCP/IP book, and also several
of their MCSE study guides, and I'm very glad I did. Anyone who has
worked at all with ISA Server knows just how complex it really is.
This book will make you truly understand all of these complexities".