Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jun 18, 2001 (Vol. 6, #44 - Issue #279)
New Security Tool: Protect IIS
This issue of W2Knews contains:
- EDITORS CORNER
- Where Are We Heading? The Big Picture
- TECH BRIEFING
- Virus Scanners and M: drives
- What NTFS Version Is This?
- NT/2000 RELATED NEWS
- SP1 For SQL 2000 Released Today
- IDC Adjusts Linux Marketshare Numbers
- NT/2000 THIRD PARTY NEWS
- New Security Tool: Protect IIS From Unknown Attacks!
- Legato Clustering Kit Released for Win2K
- Transcender Voted Best Practice Exams
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- CISCO Certification Preparation: Internetwork Design
FREE ACTIVE DIRECTORY AUDIOCAST:
Join industry experts, including the Gartner Group's John Enck, for
NetIQ's FREE audiocast, "Tackling Active Directory: Successful AD
Deployment and Management Strategies" on June 28. Get the answers
you need and step-by-step advice on planning, deploying and managing
Active Directory. Register now at:
Visit NetIQ for more information.
Where Are We Heading? The Big Picture
Economies are always cycle-driven. It's sputtering just a bit at the
moment but will likely run on all cylinders again next year. High Tech
is also a very cyclical area and should be one of the first to quickly
turn around when Greenspan's rate cuts jump start the economy.
UBS Warburg stated that software should continue to grow at 2 times
the rate of hardware for the next decade if not even more than that.
Hardware accounted for 50% of corporate IT spending in 1990. We are
now down to 38%. This trend will continue to go down. The focus is
on software, and the problems companies are trying to solve at the
moment are security- and storage software, integration of enterprise
apps, CRM, enabling B2B e-commerce and application server software.
That shows you in what direction you need to think for your own
certification as well: Security, Cisco, Linux and MCSE W2K.
(email me with feedback: [email protected])
SPONSOR: Sunbelt Security Consulting
NEED HELP TO KEEP HACKERS OUT?
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks -really- are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Sunbelt Security Consulting for more information.
Virus Scanners and M: drives
Brian Styles sent me the following after having spent a whole weekend
repairing his Exchange server with MS Tech support on the phone:
"If you have real-time file system anti-virus software running on your
exchange server, be sure to specifically exclude the EXIFS (typically
the M: drive). This is commonly known as the web store. The Anti-Virus
software can interfere with normal operation (not to mention degrade
performance). Let the specialized Exchange Gateway virus protection
take care of the e-mail stores & mailboxes. NAV-CE is the product we
use internally, and by default, it protects all drives, physical
and logical (I'm sure other packages may exhibit similar behavior).
I just confirmed this with Microsoft and they even indicated that they
may do away with the EXIFS (M: drive) with service pack 2, because of
this and other similar problems."
What NTFS Version Is This?
This story was written by Executive Software, the developer of Diskeeper.
I thought you'd like it, as sometimes it is really important to know
which version of NTFS is running.
"A user who had recently installed Diskeeper called in to Tech Support
claiming that Diskeeper had done something to his Windows NT4 system
that rendered CHKDSK unusable on his NTFS drives. The rep had reviewed
with this user that installing Windows 2000 would have just this effect:
Windows 2000 does a "conversion" of NT4-type NTFS volumes to Windows
2000-type NTFS volumes.
The user remained unconvinced, however. He'd never installed Windows
2000 on this machine, or even brought Windows 2000 near the machine.
He was insistent on this and basically refused to believe the rep. Now
baffled, the rep wanted a way to find out what version of NTFS was
running on this system, and came to me for help.
So I dragged out the Windows NT4 Resource Kit, and found the tool DSKPROBE.
Here's the procedure we came up with to examine a volume's NTFS version:
Anyway, it turned out when we gave the user the procedure, the value
he saw was "03 00". Somehow, Windows 2000 *had* seen the machine,
but we had no explanation for how it got that way. Neither did the
user, but he swore he'd get to the bottom of it. A few days later,
the user called back in and, embarrassed, told us that his kid had
tried to install Windows 2000 on the machine one Saturday morning when
he was in bed fast asleep. The kid apparently didn't finish the
installation but did leave the evidence behind.... Sorry, kid. You'
have been busted.
- Drag out your Resource Kit and put DSKPROBE somewhere you can run it.
A diskette is fine if it'll fit. There's no "installation procedure".
All you need is the .exe.
- Make sure you're logged on as an Administrator and that the drive
you want to examine is local (not networked).
- Make sure you know what volume you're going to examine. (X:)
- Run DSKPROBE.EXE.
- Select DRIVE->LOGICAL VOLUME
- Double-click on the volume you're examining. This will open handle
zero to that drive.
- Click on SET ACTIVE in the HANDLE 0 area. LEAVE THE READ-ONLY BOX
- Click "OK".
- Select SECTORS->READ and read in sector 0 for length 1.
- Select VIEW->NTFS BOOT SECTOR
- Click the "GO" button next to "Clusters to MFT"
- Select VIEW->BYTES.
- Select SECTORS->READ
- Leave the "STARTING SECTOR" value alone.
- Make "Number of Sectors" be 8, and click on READ.
- You have just read in the first 4 MFT records. We're looking for
MFT record number 3, so we must click on the right arrow in the tool
bar six times.
- You will end up looking at the first half of MFT record 3, the
MFT record for $Volume. You will see the text "$Volume" in the display.
- There are 16 columns of hex digits. Looking down column 0 or 8,
you will find a hex "70". Here's where I found it on my machine:
1B0 70 00 00 00 28 00 00 00 00 00 18 00 00 00 05 00
1C0 0C 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00
1D0 03 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00
(You may have to go to the next sector to see the "70".)
- At the line starting with 1D0 is a "03 00". This value is 32 bytes
past the "70". "03 00" means this volume is running NTFS version 3.0.
- If you're running NT4 you'll usually see "01 02". This is NTFS
- If, perchance, you're running an XP beta, you'll most likely see
the value "03 01", meaning this volume is running NTFS version 3.1.
Well, in our case, that might have been a user with a bit too much
self confidence but insufficient knowledge to pull his own upgrade
off. And you wondering what the heck happened!
NT/2000 RELATED NEWS
SP1 For SQL 2000 Released Today
MS will make the first service pack for SQL Server 2000 available
at the Microsoft TechEd 2001 show in Atlanta. As opposed to SP's for
NT and/or W2K, this one is not positioned to be an upgrade that is
required. Meaning, there are no -major- bugs that this SP will
remedy, but it does contain 240 various fixes.
It might be a good idea to test it thoroughly and then implement it
anyway. (Or, what many people have done, now take the time to upgrade
your SQL 7 to SQL2K, and include the new SP1. This SP came 10 months
after the original release. The least product manager for SQL2K
Jeff Ressler said: "I can't point to one thing where we say we recommend
this is something to fix, it's not something that we insist that all
customers install. Full descriptions for many of the fixes included
in SP1 will be posted on MS sites today."
This SP1 is broken up in three components. The core database chunk is
45 MB, the Analysis Services bit 38.2 MB and the Microsoft Data Engine
component is 22.5 MB. Here is where to get it:
IDC Adjusts Linux Marketshare Numbers
Several news sources reported that IDC is eating crow regarding their
originally high numbers that claimed Linux owned something like 20%
of the market. They came out with a new set of numbers that are a lot
lower, and are in fact completely consistent with the recent new Dataquest
Dataquest was asked by its customers (Microsoft is one of them) to count
up the amount of Linux in actual use. Looks like they came back and said
that it will be about 8-10% of the server market this year. That's a far
cry from IDC's 20-something figure.
IDC's high numbers seem to stem from counting every copy of Linux that
was shipped. Of course a whole lot of them were never actually deployed.
But IDC actually has two sets of numbers. One is units shipped, the
other is "server usage". The latter estimate Linux at 7% in 2000 and 8.5%
this year. IDC also tracks OEM's and these numbers seem to show a flat
Client Server News recently spun off its Linux reporting and in their new
LinuxGram they commented: "The Linux companies went public on the back of
its [IDC} conjectures, they say, and now they're in trouble and scrambling
to find a viable business model." Next they went on quoting Red Hat which
put the following disclaimer in its latest SEC Filing:
"We have not demonstrated the success of our open source business model,
which gives our customers the right to freely copy and distribute our
software. No other company has built a successful open source business."
Mind you, I'm not bashing Linux like I did a few years ago. You need to
choose the OS that is most appropriate for the application and the hard-
ware environment. And if that's Linux, that's the right business decision.
But if you are thinking about investing a lot of your time getting Linux
certified, then these marketshare numbers are worth considering seriously.
And to end off, Microsoft's recent loud attacks on Linux really only have
caused the fragmented Linux community to band together and become stronger.
THIRD PARTY NEWS
New Security Tool: Protect IIS From Unknown Attacks!
Hi all, there is a new tool out that is kind of a category in itself.
It's called SecureIIS (SIIS) and it protects from vulnerabilities
in Microsoft's web server code that are yet to be discovered. It is
an insurance policy to protect against the chance that you may be
sleeping/on vacation/too busy to keep up with the constant flow of
holes found in IIS.
SecureIIS protects Microsoft IIS (Internet Information Services) Web
servers from known and unknown attacks. SecureIIS looks for classes of
attacks such as buffer overflows, format string attacks, file path attacks
and does not look for specific attack signatures. Most security products
rely on vulnerability databases and signatures to detect attacks. This
leaves the server susceptible to new undocumented vulnerabilities.
By looking for classes of attack, SecureIIS is able to provide protection
from known as well unknown vulnerabilities. With vulnerabilities being
discovered on a daily basis, it's really difficult to keep your servers
continuously patched and updated. This is where SecureIIS becomes a powerful
insurance policy against unknown attacks.
The power for SecureIIS to stop known and unknown attacks is provided
by its use of CHAM (Common Hacking Attack Methods) technology. CHAM gives
SecureIIS the capability to understand Web server protocol and also
various classes of attacks that Web servers are vulnerable to. SecureIIS
protects against various classes of attacks, and has the ability to
give your Web server up-to-the-minute security that is unmatched by any
other product in the market.
SecureIIS wraps around IIS and works within it, verifying and analyzing
incoming and outgoing Web server data for any possible security breaches.
By working as a module loaded into IIS, SecureIIS does not degrade the
performance of the Web Server and does not add overhead. The best news is
that this puppy's normal price is $495, but the intro price (limited time)
is only $295 per server! The kind of new tool you cannot afford not to get.
Legato Clustering Kit Released for Win2K
Legato just came out with a W2K version of its long standing high-
availability clustering kit Co-StandbyServer (It's abbreviated to Co-SBS).
This was originally Vinca's flagship product that Legato acquired more
than a year ago.
Legato's new version of Legato's Co-SBS 2000 for W2K, includes partition-
level mirroring and they claim major improvements to their mirroring
engine. A new GUI was introduced that featured single console management
of multiple instances of Co-SBS. Also, a new thing was revealed called
"intelligent resources" that allows you to configure different computer
resources to trigger the fail-over process.
Transcender Voted Best Practice Exams
In a recent poll on the Brainbuzz.com IT Career Network Web site,
Transcender's exam simulations were voted the Best Practice Exams.
Out of 1,096 votes and a choice of seven practice test vendors, 65.5 %
of the votes went to Transcender, with the next highest company getting
only 14.1 % of the vote.
"We at Transcender are happy that our quality is recognized as the
best by the people who matter the most - the IT professionals who are
actually taking the exams," says Transcender president Mark Stollar.
"These exams are important to their careers, which is why we work so
hard to provide the best practice tests. And that is why we stand
behind our test prep products with a money-back guarantee."
The poll ran on the Cramsession section of the Brainbuzz.com site
for the week of June 3. This site is used by an estimated 500,000 IT pros.
The Cramsession section offers users certification study information.
According to the site, "BrainBuzz.com offers quality IT jobs, skills
training, professional certification, career enhancement and peer tech
You will soon be able to vote for your fave System Management Utilities
at the 2001 Sunbelt/W2Knews Target Awards.
This Week's Links We Like. Tips, Hints And Fun Stuff
C2C provides Exchange Disaster Recovery Consulting. Check that list.
MS muffed up their latest patch for Exchange twice. Three's a charm?
Hey guys, check out this moving billboard I put on my car. Really cool:
PRODUCT OF THE WEEK
CISCO Certification Preparation: Internetwork Design
CCDP Certification Preparation. Presents the fundamental, technical, and
design issues associated with campus LANs; TCP/IP networks; IPX, AppleTalk,
and Windows-based networks; WANs; and SNA networks. You will be able to
identify internetwork requirements, determine appropriate infrastructure
and routing issues within an internetwork, and construct a viable plan to
deploy or upgrade to a more effective network topology. Filled with
invaluable foundation information on various internetworking technologies
and supported with useful design examples. Self-assessment through chapter-
ending questions starts the student down the path for attaining CCDP
certification. Cisco-recommended training for CCDP Exam #640-025.