- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 2, 2001 (Vol. 6, #49 - Issue #284)
Upgrade To XP?
  This issue of W2Knews™ contains:
    • New SunPoll: Upgrade to WXP?
    • Great New Security Initiative: Internet Storm Center
    • Here's An Interesting W2K Password Issue
    • At 1 Billion, They Might As Well Give It To Us
    • NetIQ Ready To Attack Network Security Market
    • Useful FreeWare Tool: Registry Explorer
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • First .NET Book At O'Reilly & Associates
SecureIIS: The application firewall - protects Microsoft IIS (Internet
Information Services) Web servers from known and unknown attacks.

SecureIIS wraps around IIS and works within it, verifying and analyzing
incoming and outgoing Web server data for any possible security breaches.
SecureIIS combines the best features of Intrusion Detection Systems and
conventional Network Firewalls all into one. Supports NT/IIS4 & W2K/IIS5
Visit SecureIIS for more information.

New SunPoll: Upgrade to WXP?

Hi All,

We have a new SunPoll. Since Windows XP RC1 (build 2505) was recently released to beta users, this time the question is: "Are you planning to upgrade your users' machines to Windows XP?" In this poll we are assuming you work in a corporate environment, and you are facing the choice if you should move hundreds of users to WXP.

Read this first though, and remember these words: "We're not forcing anybody into changing from Windows 2000. If you're currently running Windows 2000, we're not recommending you upgrade." - David Weeks, Windows XP marketing manager.

The options:

  • Sure, first thing when it comes out in October
  • We'll plan it in for 6 months after release or after SP1 whichever comes first
  • Still evaluating whether we will deploy, or stick with W2K
  • No Way, this is not for end-users in a business environment
You can vote here (Left column) and immediately see what your system admin colleagues think about it:

While you are there, you can also to check out the earlier SunPolls and the most recent XBOX poll.

Warm regards,
Stu Sjouwerman

PS: Get ready to vote in the W2Knews annual TARGET AWARDS for your fave tools, and now also Best and Worst Tech Support in the industry.
(email me with feedback: [email protected])

  SPONSOR: Security Consulting
Sunbelt provides On-site Security Consulting that will help you batten
down the hatches against hackers. The people that will do this for you
are very hard-to-find security experts. If you would like to know how
vulnerable your networks really are, and what will be needed to fix
it, get one of our experts on-site for your "3-Day Security Assessment".
They will do a very thorough scan and report on your security posture.
Click on the link below to find out how this would work for you:
Visit Security Consulting for more information.

Great New Security Initiative: Internet Storm Center

SANS just sent this item to me, and I really like it. Check it out!

The best new security initiative of 2001 is the early warning system created by Incidents.Org. It is called Internet Storm Center and has been surprisingly effective in discovering new worms as they are launched. It is like the weather service where sensors (more than 2,000 in 45 countries) feed data to analysis centers. Individuals with Zone Alarm and McAfee and PIX and IPChains and Snort and several other systems all send log data that provides a real-time map of attacks on the Internet.

You can go and see it in operation at www.incidents.org, www.dshield.org (the movie is interesting) or www.mynetwatchman.com.

One of the best features is that they aggregate attack data and "fight back" by pushing ISPs to inform people whose machine are being used in attacks. They've had phenomenal success in fixing these sites.

If you want to be part of the program, go to one of the sites, download a client for your IDS or firewall, and you can be operating today and getting feedback on who is attacking you and who else they are attacking. Congratulations to Lawrence Baldwin of MyNetWatchamn and Johannes Ullrich of dshield.org for creating this extraordinary service to the community.


Here's An Interesting W2K Password Issue

A college student in Argentina today released a program designed to perform brute force password attacks on W2K that run the Lightweight Directory Access Protocol (LDAP).

There is a bit of a flaw in W2K's method of accessing LDAP databases over secure socket layer (SSL) connections. Using that hole, attackers could change the passwords of other users, including the administrator. (LDAP is a protocol that enables users to access data in a directory such as Microsoft's Active Directory service).

Not too many people actually use the LDAP over SSL feature, and default W2K installations are not at risk. Normally as an Admin, you can stop password guessing attempts by limiting the number of times a user can provide an incorrect password and locking the user out after the limit has been exceeded, but in this case that feature could block legitimate users if his program rapidly runs through accounts and incorrectly guesses passwords. Microsoft's bulletin is at:

At 1 Billion, They Might As Well Give It To Us

Like I said in the Editor's Corner, Windows XP RC1 (release candidate 1) is out. And, brace yourself for a flood of hype. If you count the total amount of money that all the launch partners will spend to promote WXP, it's a Billion Bucks! Microsoft has been claiming that the Windows XP launch will be bigger than W95. Jeez, for that money they could give everyone of us a copy for free... [grin]

With WXP, MS has combined the code bases of NT, W2Kpro and W9x/Me. So we are now looking at a hybrid that is meant for both consumer and business markets. It will come in three flavors: WXP Home Edition, WXP Pro, and 64-bit Windows XP Professional. And as we know, the server version will come next year and will be called Windows .NET.


NetIQ Ready To Attack Network Security Market

Today, NetIQ will unveil an enterprise security kit that brings together pieces of its core technology with software it spent more than $2.4 billion buying. They think that they are ready to take on the 800-pound gorillas in the Windows network security market. They have built it around the same software that MS licensed for their Microsoft Operations Manager (MOM).

NetIQ's new Security Suite includes software that it acquired last January when it bought WebTrends for $1 billion in stock, and has other modules that they snagged in May 2000 when they bought Mission Critical Software for a whopping $1.4 billion in stock. Not that their stock is worth as much today. Just like almost any other Tech outfit, NetIQ's stock is now about 40% of what it was roughly half a year ago.

The suite is built around NetIQ's own Security Manager (SM). That module does real-time security monitoring and intrusion detection, alerting and automated incident response. SM uses an engine that was derived from the same technology as Microsoft's MOM.

Two modules are originally from Mission Critical. One is a File and Storage Administrator that handles centralized file security administration for Win2K/NT. The other does policy-based directory content management. Last year, NetIQ started integrating these with Security Manager last year, and that was their first security kit.

They are now integrating the WebTrends Security Analyzer multi-platform vulnerability scanning and assessment tool with their existing modules. Merging all this stuff together with a single console begets a bundle that does firewall monitoring and file and storage security admin, real-time monitoring, host-based intrusion detection, and vulnerability assessment. Kind of like STAT, with Security Explorer, SecureIIS, and ELM all in one. (You can get that bundle from Sunbelt by the way).

NetIQ believes its suite will allow it to compete with the big dogs like ISS and Computer Associates as they think they have a new generation of technology that beats the old guard and that does not need a lot of consulting. I'm sure you'll hear more about this from NetIQ themselves.

Useful FreeWare Tool: Registry Explorer

One of you, a W2Knews subscriber called Henk Devos, sent me this:

"Hi Stu,

After being a reader of your newsletter for years, now I can finally give something back. I thought you might want to check out my new freeware. It's a shell extension that puts the registry in windows explorer. Registry Explorer is a freeware program that is intended to replace regedit. This free software is a system tool that puts itself into Windows Explorer.


  • Total integration in Windows Explorer
  • Drag and Drop
  • Copy and Paste
  • Multiple selection for export to file
  • Create shortcuts to registry keys
  • Add registry keys to your favorites
Current limitations are that 'Find' is not working yet, and the Back button is not always working"

I had a look at it and thought it was useful. Here you go:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Recent study on passwords & what types of PW's your users choose: Ouch.
  • This is a blow-by-blow account of the OSDN website outage. Instructive!
  • MS put one page together with Active Directory links. Make this a Fave.

    First .NET Book At O'Reilly & Associates

    These guys pushed out one of the first .NET books. You will learn how to use the .NET framework, or at what is known about it up to now. The two authors Thuan Thai and Hoang Lam played enough with it to create 320 pages (relatively small for a computer book) called ".NET Framework Essentials."

    It's supposed to be current up until last week when .NET beta 2 came out. Topics cover MS' Common Language Runtime (CLR) as well as Redmond's new C-sharp and the new .NET version of Visual Basic and Managed C++. I have to admit that I have not seen it myself yet, but I think if you want to get into .NET, you want a copy of this puppy.