Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Aug 16, 2001 (Vol. 6, #62 - Issue #297)
Can We Really Be Secure?
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- MS Releases New Free Hotfix Scanner
- NT/2000 RELATED NEWS
- News About The New MS Certification: MCSA
- Latest SunPoll: Are You Going W2K MCSE?
- XBOX late?
- SANS Claims: Security Problems Caused By MCSE Training
- NT/2000 THIRD PARTY NEWS
- STAT Security Scanner Drops Prices Dramatically
- Now Free NT4 Mini-Network Admin Tools: NetApplets!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Server+ Certification Bible
SPONSOR: New Security List
A NEW (free) KEY WEAPON FOR YOUR NETWORK SECURITY
Being thoroughly security trained is a great way to keep your networks
tied down. But who has time for that? The next best thing is a large
group of security conscious colleagues you can talk to. Sunbelt Software
and W2Knews have just the ticket. We created a new free list server:
win-security. Already 1,000 subscribers and the threads are interesting.
If you are not the "security-responsible", please forward this to the
correct person in your organization? They will be grateful! List Charter:
Visit New Security List for more information.
Can We Ever Be Secure?
Well, err, [cough]... let me be brief: No. I'm aware that this is not
something that is popular but it's the hard truth. Management certainly
does not want to hear this, as they are the ones that are liable. But
there it is. You are always behind the hacker community, because you do
not know what they know and what they are up to now.
"Secure" implies your networks are watertight, and that simply is not
an attainable goal. Security is a process, not an end goal. You have
to continually work to quality check everything that can go wrong.
And there is a lot that can go wrong in many stages of the game.
Stuart McClure, one of the writers of Hacking Exposed puts it like this:
"We humans are cursed to roam the planet with human error: we write
flawed software, misconfigure computer systems, and use trivially
guessable passwords. These simple flaws in design, setup and usage
single-handedly perpetuate the security nightmare."
In other words, anyone claiming they can completely safeguard a network
is delusional. What you CAN and SHOULD do is a structured approach
that includes policy, management buy-in and layered defenses using
both tools and end-user training. And in a similar vein, any single
company promising you they will take care of ALL your security problems
is off their rocker. It's up to your top management to drive as much
"security consciousness" down in your full organization. And sometimes
it takes a wake-up call to get there, but unfortunately that is
playing Russian roulette.
I suggest you subscribe to the new win-security list server and fill
out the security survey we have for new subscribers. The results will
be shared with everyone. Here is the link:
(email me with feedback: [email protected])
SPONSOR: Event Log Monitor
GET NOTIFIED OF NETWORK PROBLEMS AS SOON AS THEY ARISE
With Event Log Monitor, you will be. ELM monitors Windows servers in
real-time, alerting you to security breaches, health problems, and
critical events but also network device problems that affect network
reliability and availability. Need to be monitor services and auto-
matically restart them when they go down? Whether you have one server
or a hundred, a LAN or a WAN, ELM will provide you maximum visibility
and uptime with minimal impact. For a 30-day eval, click:
Visit Event Log Monitor for more information.
MS Releases New Free Hotfix Scanner
If you manage security in an NT or W2K environment, this small command-
line tool allows you to check the patch status of all the machines in
a network from where you are. It's pretty rough, but useful to show
how many systems are not patched and then get the resources you need
to actually fix the situation. The applet was cooked up by MS Security
Program Manager Eric Schultze but actually developed by an MS Gold
partner called Shavlik.
This "micro-scanner" does whole networks, IP ranges, and supports NT4,
W2K, IIS 4.0 and 5.0, SQL 7 and 2000, plus IE5.01 and up. I just picked
one up and played with it a bit. Handy little tool since it does not
use any agents and you do not have to install it anywhere. Of course
it is not comparable with the commercial third party tools out there
and it does not fix anything, but does show you what patches are
missing and their KB references.
Just open a CMD-window, go to the spot where you extracted the .zip
to, type HFNetChk and run it with the command line switch " -? "
and it will show you its little repertoire of neat tricks. For example:
c:\program files\microsoft\tools> HFNetChk -?
-h hostname Specifies the NetBIOS machine name to scan.
Default is the localhost.
-i ipaddress Specifies the IP address of the machine to
-r range Specifies the IP address range to be scanned,
starting with ipaddress1 and ending with
-d domain_name Specifies the domain_name to scan. All
machines in the domain will be scanned.
-n network All systems on the local network will be
scanned. (i.e., all hosts in Network
-a action Displays (i)nstalled hotfixes,
(m)issing hotixes, (n)ecessary hotfixes or
(b)oth installed and missing. Default will
display necessary hotfixes.
-t threads Number of threads used for executing scan.
Possible values are from 1 to 128. Default
-o output Specifies the desired output format.
(tab) outputs in tab delimited format.
(wrap) outputs in a word wrapped format.
Default is wrap.
-x datasource Specifies the xml datasource containing the
hotfix information. Location may be an xml
filename, compressed xml cab file, or URL.
Default is mssecure.cab from the Microsoft
-z reg checks Do not perform registry checks.
-v verbose Display the reason a test failed
in wrap mode.
-? help Displays this menu.
As you see, it does registry checks by default, so your protocols
and settings need to allow this. (some people have no NetBios at
all anymore). The supporting documentation is supposed to show up
any day now (but was not here yet at the time we went to press).
NOTE: This puppy grabs an XML file from MS, which holds the data about
the correct patches, versions, checksums, the registry keys that the
hotfix changes, the correct sequence of installation of patches, and
the MS KB article numbers. You'll see a small DOS-box report if
anything does not match the data in the XML file. MS has apparently
committed to keep that XML file up-to date at all times.
If you are serious about security though, a more robust solution would
be recommended, varying from UpdateExpert to either STAT or Retina.
You can find all of those on the Sunbelt website. Here is the download
link on the MS-site: It's nshc.exe you want, which unzips into HFNetChk.
NT/2000 RELATED NEWS
News About The New MS Certification: MCSA
It's very early days, but here is the scoop. Remember, you heard it
here first. MS is taking the MCSA as a working title for the moment,
but I think they would be wise to stick with it. It will not see the
light of day before the end of this year, so it's not something you
can jump into when your NT MCSE expires. This is the preliminary
status of the MCSA-deal
There will be two exams in there, that are either 210 and 215 (WS
and Server) or their equivalents for Windows XP. Then there will
be a new one called 218, and an elective. They are mulling over
to make that elective something that can be replaced by another
third party cert, like A+ or CCNA. Their final goal is to have a
cert that shows some one can run and maintain an environment as
opposed to being able to -build- one which the "engineer" title is
supposed to communicate. I'll get you more detail when I have it.
Latest SunPoll: Are You Going W2K MCSE?
We ran this survey almost a year ago, when the W2K certification
was just available. Now that we are getting close to December 31-st
and your NT MCSE expires, are you going to upgrade to MCSE for
Win2000? The Poll sits on the Sunbelt Site, you can vote on the
leftmost column of the welcome page.
You will see instant results after you vote here:
- No, I am upset with MS and not motivated to redo the exams
- Perhaps, when I can create some time for it
- Yes, I am planning to do that
- Already cramming for my exams!
We're reporting on the XBOX because it runs a stripped version of W2K.
Today in the Wall Street Journal, MS said it expects to deliver the
much-anticipated video-game machine on time, that is November 8, and
have 1.5 million units ready by the end of the year. This despite the
fact that a report is doing the rounds claiming that Intel has problems
with the motherboard and/or the nvidia chipset.
Investment Banking firm Thomas Wiesel was the source of the report,
but MS vehemently denies any delays. Of course they would. You can
get away with a Service Pack being 6 months late, but a critical
consumer product missing Christmas would cut in their stock prices
like you would not believe. Both Intel and Flextronics that produce
the hardware said they would be on time. We'll see. In the mean time
I was sent some feedback by people visiting the official release of
the XBOX that the graphics could use improvement. It's interesting
to see how the final product will look.
SANS Claims: Security Problems Caused By MCSE Training
Or rather, the no-training MCSE's get relating to security. This item
has become a little storm, with ComputerWorld having it above the fold.
(This is a newspaper term for a headline that is the first thing you
see, even when the paper is still folded, hence "above the fold").
The SANS Institute, a research and security education organization for
systems admins last week sent an e-mail newsletter out to 96,000 members.
They urged MCSEs to take a free class offered by the institute on how
to reconfigure and patch Windows-based systems against the holes that
the Code Red worm exploited. Their opinion is that the core courses
required to attain MCSE certification don't provide the level of
security training engineers need to protect their systems.
They have a point, as the security exam is optional but should be part
and parcel of any system admin's training with the current virus weather.
The full ComputerWorld Article is over here. There was also a big
discussion about this same topic on the new win-security list. See
the Sponsor Message above. Time to show this article to your bosses,
and ask for budget to get Security trained! Article:
THIRD PARTY NEWS
STAT Security Scanner Drops Prices Dramatically
The developer of STAT, Harris Corp has revamped their prices for the
venerable STAT vulnerability scanner. Pricing has been simplified and
in some cases they were slashed up to 40%. Obviously they are now more
competitive. From what I understand of the Harris game plan is that
STAT is positioned to go after sites where ISS Scanner and Cybercop
licenses are installed, and offer a competitive upgrade. So here are
their new prices - all include 1 year maintenance. Call your Rep or
Reseller for competitive upgrade pricing.
Here is the STAT page for a download:
- 10 node: $990
- 100 node: $2,370
- 255 node: $4,370 (Class C license)
- Unlimited: $9,995.
Now Free NT4 Mini-Network Admin Tools: NetApplets!
Sunbelt NetApplets are a suite of small yet powerful utilities to help
you in your day-to-day administration of Windows NT (not W2K) networks.
All our NetApplets are FREE to download! Full Version, No expiration
date, run them on any machine and at any job.
You needed them, and we made them for you. Actually, we first planned
to sell them for $99 each, but since there will be no W2K versions
coming, we decided to give them away for free. Only thing is you need
to fill out the download form, but there is no cost involved. If you
are still running NT4 servers on your network (and who does not) these
small utilities are now available for your toolkit. Please tell all
your friends about it.
Sunbelt NetApplets are single-purpose executables for NT and Exchange
to assist NT Admins in dealing with common, time consuming tasks for
which no off the shelf or native tools exist. A very powerful, easy
to use, but inexpensive solution.
Sunbelt NetApplets are developed by Sunbelt using FastLane Technologies
DM/Developer (now owned by Quest), a cross directory SDK. DM/Developer
is a leading scripting/development solution designed for administrators
-- it's easy to use and Sunbelt has leveraged this technology to offer
these series of solutions. They come as-is. No support except for the
online Sunbelt Knowledge Base.
They are now yours... FREE. Not braindead, not crippled, the real deal.
But since they are free, we cannot spend time supporting them as you
will understand. You can take this with you from company to company,
and run them on as many machines as you'd like. Remember to tell your
friends! An offer like this does not come every year.
This Week's Links We Like. Tips, Hints And Fun Stuff
This guy has a few neat tools for free, we like Tesseract and Sysorb
A newly discovered flaw in NNTP allows an attacker to grab all your RAM
Samspade.org has a bunch of useful networking tools - free
PRODUCT OF THE WEEK
Server+ Certification Bible
If you are planning to take the CompTIA Server+ exam, this might be the
book you need. It's a very comprehensive and effective guide to train
for that Certification. The writer Trevor Kay is clearly a techie that
knows his stuff. There are a few technical and grammatical errors in
the book that should have been edited out though. However if you are
in the bizz of maintaining and upgrading servers in the field, this book
is recommended despite its shortcomings. You can check it out at Amazon: