- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jun 14, 2001 (Vol. 6, #43 - Issue #278)
End Of Quarter Specials
  This issue of W2Knews™ contains:
    • End Of Quarter Specials
    • NSA Releases FREE Batch Of W2K Security Guides
    • What To Do When One Of Your NT/W2K Laptops Is Stolen
    • Careful With That Exchange Patch!
    • 2001 Target Awards Vote Coming Up Soon
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Windows NT Security Guide
Ever had the feeling of ACUTE PANIC that a hacker has invaded your
Plug NT/2000's 1,000+ holes before they plug you. You have to
protect your LAN before it gets attacked. STAT comes with a responsive
web-update service and a dedicated Pro SWAT team that helps you to hunt
down and kill security holes. Built by anti-hackers for DOD sites.
Download a your demo copy before you too become a statistic:
Visit WIN NT = HACKER TARGET #1 for more information.

End Of Quarter Specials

Hi NT/W2K-ers,

This is the time to get good deals for tools. Most IT vendors use the end of the second quarter for special discounts, so they can get their quarterly numbers up. So, you can now benefit from this all over the place. Sunbelt is no exception. Tools like StorageCeNTral are still cheap in June, but prices will go up in July. Other tools have end- of-quarter deals as well, so ask your Rep or Reseller for extra good offers. If you have some budget, now is the time to spend it and get the most bang for your buck.

In the mean time, I will continue to sift through all the NT/2000 news and just report the interesting and important items to you!

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Sunbelt Security Consulting
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks -really- are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Sunbelt Security Consulting for more information.

NSA Releases FREE Batch Of W2K Security Guides

This bit is from the SANS newsletter with some excellent news. The US National Security Agency (NSA) just released seventeen guides (several more will be added shortly) to help Department of Defense organizations secure W2K. Many DoD organizations have adopted the guides as their standards. Some of the Sample titles are:

  • Microsoft Windows 2000 Network Architecture Guide (161KB)
  • Guide to Securing Microsoft Windows 2000 DNS (738KB)
  • Guide to Securing Microsoft Windows 2000 Active Directory (430KB)
And a bunch more are available, all in PDF format. This is definitely a really good resource. Plug it in your favorites, as the total will be something like 35 guides from what I understand. Normally, the NSA treats this stuff as confidential, but the NSA is making these report available to the security community outside DoD. SANS said it is a fantastic gift and they are right. You may download them at

What To Do When One Of Your NT/W2K Laptops Is Stolen

ComputerWorld.com has an interesting story about stolen laptops being used for hacking attempts. The FBI comes to visit and ask a bunch of interesting questions. I suggest you read this article. Mainly because I recently got my Sony Vaio back from a couple of months on loan to several employees, and no one remembered the password.

We had W2K pro installed and had a problem to get into the admin account. This does not lock out, so we had some time to try. No luck, so we went to www.lostpassword.com and bought a utility for about 90 bucks. Within 15 minutes we had W2K cracked and a new password on the machine. This means that your data on laptops is not safe to begin with, and that you need to have your laptop users chain these puppies physically to something where ever they go.

Your IP address in that laptop may become a major pain in the neck when this machine is used for a crime, and used to harvest credit card info. Ouch. So, report any laptops stolen to the authorities as early as possible and create a paper trail of any activity that happens with that particular IP address after the theft. IMPORTANT.

Careful With That Exchange Patch!

The security patch that MS released last Wednesday to fix a security hole in Exchange servers actually required a patching of its own. It boils down to a vulnerability in Outlook Web Exchange. They thought it was only a problem in W2K, but it also affected Exchange 5.5 boxes. If you run Outlook Web Access, make sure you apply this patch. More:


2001 Target Awards Vote Coming Up Soon

As you may know, once a year all the subscribers of W2Knews vote for their fave tools. This is the third year we do this and open up our website for everyone to vote in now almost 30 categories for the products they like best. The finalists will all be visible and with a simple click in each category you will be able to indicate which tool you want to win. Think of this as the Golden Globes where the public votes for their favorites, as opposed to the Oscars where the industry gives awards to itself. W2Knews Target Awards are a good indicator of who is a leader in their market category. A useful thing to know.

Vendors that make the grade usually proudly display the logo on their websites, because it is a big thing to have your product actually being chosen by the market and your customers, instead of by a panel of a few editors of a magazine. The rule with the W2Knews Target Awards is: "One IP, One Vote", so that we will not be swamped with ballot-box stuffing scripts that some people think they can get away with, or with large companies that have 300 of their staff vote for their own product. We're making an effort to keep this as much as an objective process as possible. We'll send you the invitation soon!

Want to see last year's winners? Here you go:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • MS just announced they plugged a whopping 7(!) holes in Telnet.
  • MS signs a contract with McAfee for inclusion of security tools in .NET
  • There is a website dedicated to Active Directory only. Good resource!

    Windows NT Security Guide

    Steve Sutton is the founder of Trusted Systems Services, Inc., a computer-security consulting- and training company formed in 1986. He has been a prominent designer and teacher of secure operating systems and standards for almost two decades. He wrote Windows NT Security Guide and it helps you to:

    • Spot and protect against common threats, such as data snooping and tampering, password misuse, and viruses
    • Configure Windows NT against Internet and intranet security risks
    • Build your Security Policy for user accounts and groups, domains, Access Control Lists, and the security log
    • Understand the basics of cryptography that play large roles in today's global Internet environment
    • Use some of NT's lesser-known secure installation practices and cope with its inherent security soft spots
    • Answer the basic question: Is Windows NT secure enough for me?
    This book is accompanied by a complete set of on-line exercises and many "pencil" questions (and answers) so that you can also use it as a self-paced training tool. The price is only 28 bucks. Check out the table of contents over here: