- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 18, 2001 (Vol. 6, #44 - Issue #279)
New Security Tool: Protect IIS
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Where Are We Heading? The Big Picture
  2. TECH BRIEFING
    • Virus Scanners and M: drives
    • What NTFS Version Is This?
  3. NT/2000 RELATED NEWS
    • SP1 For SQL 2000 Released Today
    • IDC Adjusts Linux Marketshare Numbers
  4. NT/2000 THIRD PARTY NEWS
    • New Security Tool: Protect IIS From Unknown Attacks!
    • Legato Clustering Kit Released for Win2K
    • Transcender Voted Best Practice Exams
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • CISCO Certification Preparation: Internetwork Design
  SPONSOR: NetIQ
FREE ACTIVE DIRECTORY AUDIOCAST:
Join industry experts, including the Gartner Group's John Enck, for
NetIQ's FREE audiocast, "Tackling Active Directory: Successful AD
Deployment and Management Strategies" on June 28. Get the answers
you need and step-by-step advice on planning, deploying and managing
Active Directory. Register now at:
Visit NetIQ for more information.
  EDITORS CORNER

Where Are We Heading? The Big Picture

Hi NT/W2K-ers,

Economies are always cycle-driven. It's sputtering just a bit at the moment but will likely run on all cylinders again next year. High Tech is also a very cyclical area and should be one of the first to quickly turn around when Greenspan's rate cuts jump start the economy.

UBS Warburg stated that software should continue to grow at 2 times the rate of hardware for the next decade if not even more than that. Hardware accounted for 50% of corporate IT spending in 1990. We are now down to 38%. This trend will continue to go down. The focus is on software, and the problems companies are trying to solve at the moment are security- and storage software, integration of enterprise apps, CRM, enabling B2B e-commerce and application server software.

That shows you in what direction you need to think for your own certification as well: Security, Cisco, Linux and MCSE W2K.

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Sunbelt Security Consulting
NEED HELP TO KEEP HACKERS OUT?
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks -really- are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Sunbelt Security Consulting for more information.
  TECH BRIEFING

Virus Scanners and M: drives

Brian Styles sent me the following after having spent a whole weekend repairing his Exchange server with MS Tech support on the phone:

"If you have real-time file system anti-virus software running on your exchange server, be sure to specifically exclude the EXIFS (typically the M: drive). This is commonly known as the web store. The Anti-Virus software can interfere with normal operation (not to mention degrade performance). Let the specialized Exchange Gateway virus protection take care of the e-mail stores & mailboxes. NAV-CE is the product we use internally, and by default, it protects all drives, physical and logical (I'm sure other packages may exhibit similar behavior).

I just confirmed this with Microsoft and they even indicated that they may do away with the EXIFS (M: drive) with service pack 2, because of this and other similar problems."

What NTFS Version Is This?

This story was written by Executive Software, the developer of Diskeeper. I thought you'd like it, as sometimes it is really important to know which version of NTFS is running.

"A user who had recently installed Diskeeper called in to Tech Support claiming that Diskeeper had done something to his Windows NT4 system that rendered CHKDSK unusable on his NTFS drives. The rep had reviewed with this user that installing Windows 2000 would have just this effect: Windows 2000 does a "conversion" of NT4-type NTFS volumes to Windows 2000-type NTFS volumes.

The user remained unconvinced, however. He'd never installed Windows 2000 on this machine, or even brought Windows 2000 near the machine. He was insistent on this and basically refused to believe the rep. Now baffled, the rep wanted a way to find out what version of NTFS was running on this system, and came to me for help.

So I dragged out the Windows NT4 Resource Kit, and found the tool DSKPROBE. Here's the procedure we came up with to examine a volume's NTFS version:

  1. Drag out your Resource Kit and put DSKPROBE somewhere you can run it. A diskette is fine if it'll fit. There's no "installation procedure". All you need is the .exe.
  2. Make sure you're logged on as an Administrator and that the drive you want to examine is local (not networked).
  3. Make sure you know what volume you're going to examine. (X:)
  4. Run DSKPROBE.EXE.
  5. Select DRIVE->LOGICAL VOLUME
  6. Double-click on the volume you're examining. This will open handle zero to that drive.
  7. Click on SET ACTIVE in the HANDLE 0 area. LEAVE THE READ-ONLY BOX CHECKED.
  8. Click "OK".
  9. Select SECTORS->READ and read in sector 0 for length 1.
  10. Select VIEW->NTFS BOOT SECTOR
  11. Click the "GO" button next to "Clusters to MFT"
  12. Select VIEW->BYTES.
  13. Select SECTORS->READ
  14. Leave the "STARTING SECTOR" value alone.
  15. Make "Number of Sectors" be 8, and click on READ.
  16. You have just read in the first 4 MFT records. We're looking for MFT record number 3, so we must click on the right arrow in the tool bar six times.
  17. You will end up looking at the first half of MFT record 3, the MFT record for $Volume. You will see the text "$Volume" in the display.
  18. There are 16 columns of hex digits. Looking down column 0 or 8, you will find a hex "70". Here's where I found it on my machine:
        1B0 70 00 00 00 28 00 00 00 00 00 18 00 00 00 05 00
        1C0 0C 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00
        1D0 03 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00
    
    (You may have to go to the next sector to see the "70".)
  19. At the line starting with 1D0 is a "03 00". This value is 32 bytes past the "70". "03 00" means this volume is running NTFS version 3.0.
  20. If you're running NT4 you'll usually see "01 02". This is NTFS version 1.2.
  21. If, perchance, you're running an XP beta, you'll most likely see the value "03 01", meaning this volume is running NTFS version 3.1.
Anyway, it turned out when we gave the user the procedure, the value he saw was "03 00". Somehow, Windows 2000 *had* seen the machine, but we had no explanation for how it got that way. Neither did the user, but he swore he'd get to the bottom of it. A few days later, the user called back in and, embarrassed, told us that his kid had tried to install Windows 2000 on the machine one Saturday morning when he was in bed fast asleep. The kid apparently didn't finish the installation but did leave the evidence behind.... Sorry, kid. You' have been busted.

Well, in our case, that might have been a user with a bit too much self confidence but insufficient knowledge to pull his own upgrade off. And you wondering what the heck happened!

  NT/2000 RELATED NEWS

SP1 For SQL 2000 Released Today

MS will make the first service pack for SQL Server 2000 available at the Microsoft TechEd 2001 show in Atlanta. As opposed to SP's for NT and/or W2K, this one is not positioned to be an upgrade that is required. Meaning, there are no -major- bugs that this SP will remedy, but it does contain 240 various fixes.

It might be a good idea to test it thoroughly and then implement it anyway. (Or, what many people have done, now take the time to upgrade your SQL 7 to SQL2K, and include the new SP1. This SP came 10 months after the original release. The least product manager for SQL2K Jeff Ressler said: "I can't point to one thing where we say we recommend this is something to fix, it's not something that we insist that all customers install. Full descriptions for many of the fixes included in SP1 will be posted on MS sites today."

This SP1 is broken up in three components. The core database chunk is 45 MB, the Analysis Services bit 38.2 MB and the Microsoft Data Engine component is 22.5 MB. Here is where to get it:
http://www.w2knews.com/rd/rd.cfm?id=061801-SQL2KSP1

IDC Adjusts Linux Marketshare Numbers

Several news sources reported that IDC is eating crow regarding their originally high numbers that claimed Linux owned something like 20% of the market. They came out with a new set of numbers that are a lot lower, and are in fact completely consistent with the recent new Dataquest reports.

Dataquest was asked by its customers (Microsoft is one of them) to count up the amount of Linux in actual use. Looks like they came back and said that it will be about 8-10% of the server market this year. That's a far cry from IDC's 20-something figure.

IDC's high numbers seem to stem from counting every copy of Linux that was shipped. Of course a whole lot of them were never actually deployed. But IDC actually has two sets of numbers. One is units shipped, the other is "server usage". The latter estimate Linux at 7% in 2000 and 8.5% this year. IDC also tracks OEM's and these numbers seem to show a flat 10%-11% range.

Client Server News recently spun off its Linux reporting and in their new LinuxGram they commented: "The Linux companies went public on the back of its [IDC} conjectures, they say, and now they're in trouble and scrambling to find a viable business model." Next they went on quoting Red Hat which put the following disclaimer in its latest SEC Filing:

"We have not demonstrated the success of our open source business model, which gives our customers the right to freely copy and distribute our software. No other company has built a successful open source business."

Mind you, I'm not bashing Linux like I did a few years ago. You need to choose the OS that is most appropriate for the application and the hard- ware environment. And if that's Linux, that's the right business decision. But if you are thinking about investing a lot of your time getting Linux certified, then these marketshare numbers are worth considering seriously. And to end off, Microsoft's recent loud attacks on Linux really only have caused the fragmented Linux community to band together and become stronger.

  THIRD PARTY NEWS

New Security Tool: Protect IIS From Unknown Attacks!

Hi all, there is a new tool out that is kind of a category in itself. It's called SecureIIS (SIIS) and it protects from vulnerabilities in Microsoft's web server code that are yet to be discovered. It is an insurance policy to protect against the chance that you may be sleeping/on vacation/too busy to keep up with the constant flow of holes found in IIS.

SecureIIS protects Microsoft IIS (Internet Information Services) Web servers from known and unknown attacks. SecureIIS looks for classes of attacks such as buffer overflows, format string attacks, file path attacks and does not look for specific attack signatures. Most security products rely on vulnerability databases and signatures to detect attacks. This leaves the server susceptible to new undocumented vulnerabilities.

By looking for classes of attack, SecureIIS is able to provide protection from known as well unknown vulnerabilities. With vulnerabilities being discovered on a daily basis, it's really difficult to keep your servers continuously patched and updated. This is where SecureIIS becomes a powerful insurance policy against unknown attacks.

The power for SecureIIS to stop known and unknown attacks is provided by its use of CHAM (Common Hacking Attack Methods) technology. CHAM gives SecureIIS the capability to understand Web server protocol and also various classes of attacks that Web servers are vulnerable to. SecureIIS protects against various classes of attacks, and has the ability to give your Web server up-to-the-minute security that is unmatched by any other product in the market.

SecureIIS wraps around IIS and works within it, verifying and analyzing incoming and outgoing Web server data for any possible security breaches. By working as a module loaded into IIS, SecureIIS does not degrade the performance of the Web Server and does not add overhead. The best news is that this puppy's normal price is $495, but the intro price (limited time) is only $295 per server! The kind of new tool you cannot afford not to get.
http://www.w2knews.com/rd/rd.cfm?id=061801-SecureIIS

Legato Clustering Kit Released for Win2K

Legato just came out with a W2K version of its long standing high- availability clustering kit Co-StandbyServer (It's abbreviated to Co-SBS). This was originally Vinca's flagship product that Legato acquired more than a year ago.

Legato's new version of Legato's Co-SBS 2000 for W2K, includes partition- level mirroring and they claim major improvements to their mirroring engine. A new GUI was introduced that featured single console management of multiple instances of Co-SBS. Also, a new thing was revealed called "intelligent resources" that allows you to configure different computer resources to trigger the fail-over process.

Transcender Voted Best Practice Exams

In a recent poll on the Brainbuzz.com IT Career Network Web site, Transcender's exam simulations were voted the Best Practice Exams. Out of 1,096 votes and a choice of seven practice test vendors, 65.5 % of the votes went to Transcender, with the next highest company getting only 14.1 % of the vote.

"We at Transcender are happy that our quality is recognized as the best by the people who matter the most - the IT professionals who are actually taking the exams," says Transcender president Mark Stollar. "These exams are important to their careers, which is why we work so hard to provide the best practice tests. And that is why we stand behind our test prep products with a money-back guarantee."

The poll ran on the Cramsession section of the Brainbuzz.com site for the week of June 3. This site is used by an estimated 500,000 IT pros. The Cramsession section offers users certification study information. According to the site, "BrainBuzz.com offers quality IT jobs, skills training, professional certification, career enhancement and peer tech support."

You will soon be able to vote for your fave System Management Utilities at the 2001 Sunbelt/W2Knews Target Awards.

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • C2C provides Exchange Disaster Recovery Consulting. Check that list.
    http://www.w2knews.com/rd/rd.cfm?id=061801-ExchangeDR
  • MS muffed up their latest patch for Exchange twice. Three's a charm?
    http://www.w2knews.com/rd/rd.cfm?id=061801-Xpatch3
  • Hey guys, check out this moving billboard I put on my car. Really cool:
    http://www.w2knews.com/rd/rd.cfm?id=061801FL-SYSADMINPLATES
  •   PRODUCT OF THE WEEK

    CISCO Certification Preparation: Internetwork Design

    CCDP Certification Preparation. Presents the fundamental, technical, and design issues associated with campus LANs; TCP/IP networks; IPX, AppleTalk, and Windows-based networks; WANs; and SNA networks. You will be able to identify internetwork requirements, determine appropriate infrastructure and routing issues within an internetwork, and construct a viable plan to deploy or upgrade to a more effective network topology. Filled with invaluable foundation information on various internetworking technologies and supported with useful design examples. Self-assessment through chapter- ending questions starts the student down the path for attaining CCDP certification. Cisco-recommended training for CCDP Exam #640-025.
    http://www.w2knews.com/rd/rd.cfm?id=061801BOW-CiscoCERT