Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 2, 2001 (Vol. 6, #49 - Issue #284)
Upgrade To XP?
This issue of W2Knews contains:
- EDITORS CORNER
- New SunPoll: Upgrade to WXP?
- TECH BRIEFING
- Great New Security Initiative: Internet Storm Center
- NT/2000 RELATED NEWS
- Here's An Interesting W2K Password Issue
- At 1 Billion, They Might As Well Give It To Us
- NT/2000 THIRD PARTY NEWS
- NetIQ Ready To Attack Network Security Market
- Useful FreeWare Tool: Registry Explorer
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- First .NET Book At O'Reilly & Associates
SecureIIS: The application firewall - protects Microsoft IIS (Internet
Information Services) Web servers from known and unknown attacks.
SecureIIS wraps around IIS and works within it, verifying and analyzing
incoming and outgoing Web server data for any possible security breaches.
SecureIIS combines the best features of Intrusion Detection Systems and
conventional Network Firewalls all into one. Supports NT/IIS4 & W2K/IIS5
Visit SecureIIS for more information.
New SunPoll: Upgrade to WXP?
We have a new SunPoll. Since Windows XP RC1 (build 2505) was recently
released to beta users, this time the question is: "Are you planning
to upgrade your users' machines to Windows XP?" In this poll we are
assuming you work in a corporate environment, and you are facing the
choice if you should move hundreds of users to WXP.
Read this first though, and remember these words: "We're not forcing
anybody into changing from Windows 2000. If you're currently running
Windows 2000, we're not recommending you upgrade." - David Weeks,
Windows XP marketing manager.
You can vote here (Left column) and immediately see what your system
admin colleagues think about it:
- Sure, first thing when it comes out in October
- We'll plan it in for 6 months after release or after SP1 whichever
- Still evaluating whether we will deploy, or stick with W2K
- No Way, this is not for end-users in a business environment
While you are there, you can also to check out the earlier SunPolls
and the most recent XBOX poll.
PS: Get ready to vote in the W2Knews annual TARGET AWARDS for your
fave tools, and now also Best and Worst Tech Support in the industry.
(email me with feedback: [email protected])
SPONSOR: Security Consulting
NEED HELP TO KEEP HACKERS OUT?
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks really are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Security Consulting for more information.
Great New Security Initiative: Internet Storm Center
SANS just sent this item to me, and I really like it. Check it out!
The best new security initiative of 2001 is the early warning system
created by Incidents.Org. It is called Internet Storm Center and has
been surprisingly effective in discovering new worms as they are
launched. It is like the weather service where sensors (more than 2,000
in 45 countries) feed data to analysis centers. Individuals with Zone
Alarm and McAfee and PIX and IPChains and Snort and several other
systems all send log data that provides a real-time map of attacks on
You can go and see it in operation at www.incidents.org, www.dshield.org (the movie is interesting) or www.mynetwatchman.com.
One of the best features is that they aggregate attack data and "fight
back" by pushing ISPs to inform people whose machine are being used in
attacks. They've had phenomenal success in fixing these sites.
If you want to be part of the program, go to one of the sites, download
a client for your IDS or firewall, and you can be operating today and
getting feedback on who is attacking you and who else they are
attacking. Congratulations to Lawrence Baldwin of MyNetWatchamn and
Johannes Ullrich of dshield.org for creating this extraordinary service
to the community.
NT/2000 RELATED NEWS
Here's An Interesting W2K Password Issue
A college student in Argentina today released a program designed to
perform brute force password attacks on W2K that run the Lightweight
Directory Access Protocol (LDAP).
There is a bit of a flaw in W2K's method of accessing LDAP databases
over secure socket layer (SSL) connections. Using that hole, attackers
could change the passwords of other users, including the administrator.
(LDAP is a protocol that enables users to access data in a directory
such as Microsoft's Active Directory service).
Not too many people actually use the LDAP over SSL feature, and default
W2K installations are not at risk. Normally as an Admin, you can stop
password guessing attempts by limiting the number of times a user can
provide an incorrect password and locking the user out after the limit
has been exceeded, but in this case that feature could block legitimate
users if his program rapidly runs through accounts and incorrectly
guesses passwords. Microsoft's bulletin is at:
At 1 Billion, They Might As Well Give It To Us
Like I said in the Editor's Corner, Windows XP RC1 (release candidate 1)
is out. And, brace yourself for a flood of hype. If you count the total
amount of money that all the launch partners will spend to promote WXP,
it's a Billion Bucks! Microsoft has been claiming that the Windows XP
launch will be bigger than W95. Jeez, for that money they could give
everyone of us a copy for free... [grin]
With WXP, MS has combined the code bases of NT, W2Kpro and W9x/Me.
So we are now looking at a hybrid that is meant for both consumer and
business markets. It will come in three flavors: WXP Home Edition, WXP
Pro, and 64-bit Windows XP Professional. And as we know, the server
version will come next year and will be called Windows .NET.
THIRD PARTY NEWS
NetIQ Ready To Attack Network Security Market
Today, NetIQ will unveil an enterprise security kit that brings together
pieces of its core technology with software it spent more than $2.4
billion buying. They think that they are ready to take on the 800-pound
gorillas in the Windows network security market. They have built it
around the same software that MS licensed for their Microsoft Operations
NetIQ's new Security Suite includes software that it acquired last
January when it bought WebTrends for $1 billion in stock, and has other
modules that they snagged in May 2000 when they bought Mission Critical
Software for a whopping $1.4 billion in stock. Not that their stock is
worth as much today. Just like almost any other Tech outfit, NetIQ's
stock is now about 40% of what it was roughly half a year ago.
The suite is built around NetIQ's own Security Manager (SM). That module
does real-time security monitoring and intrusion detection, alerting and
automated incident response. SM uses an engine that was derived from the
same technology as Microsoft's MOM.
Two modules are originally from Mission Critical. One is a File and Storage
Administrator that handles centralized file security administration for
Win2K/NT. The other does policy-based directory content management. Last
year, NetIQ started integrating these with Security Manager last year, and
that was their first security kit.
They are now integrating the WebTrends Security Analyzer multi-platform
vulnerability scanning and assessment tool with their existing modules.
Merging all this stuff together with a single console begets a bundle
that does firewall monitoring and file and storage security admin,
real-time monitoring, host-based intrusion detection, and vulnerability
assessment. Kind of like STAT, with Security Explorer, SecureIIS, and ELM
all in one. (You can get that bundle from Sunbelt by the way).
NetIQ believes its suite will allow it to compete with the big dogs like
ISS and Computer Associates as they think they have a new generation of
technology that beats the old guard and that does not need a lot of
consulting. I'm sure you'll hear more about this from NetIQ themselves.
Useful FreeWare Tool: Registry Explorer
One of you, a W2Knews subscriber called Henk Devos, sent me this:
After being a reader of your newsletter for years, now I can finally
give something back. I thought you might want to check out my new
freeware. It's a shell extension that puts the registry in windows
explorer. Registry Explorer is a freeware program that is intended
to replace regedit. This free software is a system tool that puts
itself into Windows Explorer.
Current limitations are that 'Find' is not working yet, and the Back
button is not always working"
- Total integration in Windows Explorer
- Drag and Drop
- Copy and Paste
- Multiple selection for export to file
- Create shortcuts to registry keys
- Add registry keys to your favorites
I had a look at it and thought it was useful. Here you go:
This Week's Links We Like. Tips, Hints And Fun Stuff
Recent study on passwords & what types of PW's your users choose: Ouch.
This is a blow-by-blow account of the OSDN website outage. Instructive!
MS put one page together with Active Directory links. Make this a Fave.
PRODUCT OF THE WEEK
First .NET Book At O'Reilly & Associates
These guys pushed out one of the first .NET books. You will learn
how to use the .NET framework, or at what is known about it up to now.
The two authors Thuan Thai and Hoang Lam played enough with it to
create 320 pages (relatively small for a computer book) called
".NET Framework Essentials."
It's supposed to be current up until last week when .NET beta 2 came
out. Topics cover MS' Common Language Runtime (CLR) as well as Redmond's
new C-sharp and the new .NET version of Visual Basic and Managed C++.
I have to admit that I have not seen it myself yet, but I think if
you want to get into .NET, you want a copy of this puppy.