Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jun 14, 2001 (Vol. 6, #43 - Issue #278)
End Of Quarter Specials
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- NSA Releases FREE Batch Of W2K Security Guides
- NT/2000 RELATED NEWS
- What To Do When One Of Your NT/W2K Laptops Is Stolen
- Careful With That Exchange Patch!
- NT/2000 THIRD PARTY NEWS
- 2001 Target Awards Vote Coming Up Soon
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows NT Security Guide
SPONSOR: WIN NT = HACKER TARGET #1
Ever had the feeling of ACUTE PANIC that a hacker has invaded your
network? Plug NT/2000's 1,000+ holes before they plug you. You have to
protect your LAN before it gets attacked. STAT comes with a responsive
web-update service and a dedicated Pro SWAT team that helps you to hunt
down and kill security holes. Built by anti-hackers for DOD sites.
Download a your demo copy before you too become a statistic:
Visit WIN NT = HACKER TARGET #1 for more information.
End Of Quarter Specials
This is the time to get good deals for tools. Most IT vendors use the
end of the second quarter for special discounts, so they can get their
quarterly numbers up. So, you can now benefit from this all over the
place. Sunbelt is no exception. Tools like StorageCeNTral are still
cheap in June, but prices will go up in July. Other tools have end-
of-quarter deals as well, so ask your Rep or Reseller for extra good
offers. If you have some budget, now is the time to spend it and get
the most bang for your buck.
In the mean time, I will continue to sift through all the NT/2000 news
and just report the interesting and important items to you!
(email me with feedback: [email protected])
SPONSOR: Sunbelt Security Consulting
NEED HELP TO KEEP HACKERS OUT?
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks -really- are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Sunbelt Security Consulting for more information.
NSA Releases FREE Batch Of W2K Security Guides
This bit is from the SANS newsletter with some excellent news. The US
National Security Agency (NSA) just released seventeen guides (several
more will be added shortly) to help Department of Defense organizations
secure W2K. Many DoD organizations have adopted the guides as their
standards. Some of the Sample titles are:
And a bunch more are available, all in PDF format. This is definitely
a really good resource. Plug it in your favorites, as the total will
be something like 35 guides from what I understand. Normally, the NSA
treats this stuff as confidential, but the NSA is making these report
available to the security community outside DoD. SANS said it is a
fantastic gift and they are right. You may download them at
- Microsoft Windows 2000 Network Architecture Guide (161KB)
- Guide to Securing Microsoft Windows 2000 DNS (738KB)
- Guide to Securing Microsoft Windows 2000 Active Directory (430KB)
NT/2000 RELATED NEWS
What To Do When One Of Your NT/W2K Laptops Is Stolen
ComputerWorld.com has an interesting story about stolen laptops being
used for hacking attempts. The FBI comes to visit and ask a bunch of
interesting questions. I suggest you read this article. Mainly because
I recently got my Sony Vaio back from a couple of months on loan to
several employees, and no one remembered the password.
We had W2K pro installed and had a problem to get into the admin
account. This does not lock out, so we had some time to try. No luck,
so we went to www.lostpassword.com and bought a utility for about 90
bucks. Within 15 minutes we had W2K cracked and a new password on
the machine. This means that your data on laptops is not safe to
begin with, and that you need to have your laptop users chain these
puppies physically to something where ever they go.
Your IP address in that laptop may become a major pain in the neck
when this machine is used for a crime, and used to harvest credit
card info. Ouch. So, report any laptops stolen to the authorities as
early as possible and create a paper trail of any activity that
happens with that particular IP address after the theft. IMPORTANT.
Careful With That Exchange Patch!
The security patch that MS released last Wednesday to fix a security
hole in Exchange servers actually required a patching of its own.
It boils down to a vulnerability in Outlook Web Exchange. They thought
it was only a problem in W2K, but it also affected Exchange 5.5 boxes.
If you run Outlook Web Access, make sure you apply this patch. More:
THIRD PARTY NEWS
2001 Target Awards Vote Coming Up Soon
As you may know, once a year all the subscribers of W2Knews vote for
their fave tools. This is the third year we do this and open up
our website for everyone to vote in now almost 30 categories for the
products they like best. The finalists will all be visible and with
a simple click in each category you will be able to indicate which tool
you want to win. Think of this as the Golden Globes where the public
votes for their favorites, as opposed to the Oscars where the industry
gives awards to itself. W2Knews Target Awards are a good indicator of
who is a leader in their market category. A useful thing to know.
Vendors that make the grade usually proudly display the logo on their
websites, because it is a big thing to have your product actually
being chosen by the market and your customers, instead of by a panel
of a few editors of a magazine. The rule with the W2Knews Target
Awards is: "One IP, One Vote", so that we will not be swamped with
ballot-box stuffing scripts that some people think they can get away
with, or with large companies that have 300 of their staff vote for
their own product. We're making an effort to keep this as much as an
objective process as possible. We'll send you the invitation soon!
Want to see last year's winners? Here you go:
This Week's Links We Like. Tips, Hints And Fun Stuff
MS just announced they plugged a whopping 7(!) holes in Telnet.
MS signs a contract with McAfee for inclusion of security tools in .NET
There is a website dedicated to Active Directory only. Good resource!
PRODUCT OF THE WEEK
Windows NT Security Guide
Steve Sutton is the founder of Trusted Systems Services, Inc., a
computer-security consulting- and training company formed in 1986.
He has been a prominent designer and teacher of secure operating
systems and standards for almost two decades. He wrote Windows NT
Security Guide and it helps you to:
This book is accompanied by a complete set of on-line exercises
and many "pencil" questions (and answers) so that you can also
use it as a self-paced training tool. The price is only 28 bucks.
Check out the table of contents over here:
- Spot and protect against common threats, such as data snooping
and tampering, password misuse, and viruses
- Configure Windows NT against Internet and intranet security risks
- Build your Security Policy for user accounts and groups, domains,
Access Control Lists, and the security log
- Understand the basics of cryptography that play large roles
in today's global Internet environment
- Use some of NT's lesser-known secure installation practices
and cope with its inherent security soft spots
- Answer the basic question: Is Windows NT secure enough for me?