- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Aug 16, 2001 (Vol. 6, #62 - Issue #297)
Can We Really Be Secure?
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Can We Ever Be Secure?
  2. TECH BRIEFING
    • MS Releases New Free Hotfix Scanner
  3. NT/2000 RELATED NEWS
    • News About The New MS Certification: MCSA
    • Latest SunPoll: Are You Going W2K MCSE?
    • XBOX late?
    • SANS Claims: Security Problems Caused By MCSE Training
  4. NT/2000 THIRD PARTY NEWS
    • STAT Security Scanner Drops Prices Dramatically
    • Now Free NT4 Mini-Network Admin Tools: NetApplets!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Server+ Certification Bible
  SPONSOR: New Security List
A NEW (free) KEY WEAPON FOR YOUR NETWORK SECURITY
Being thoroughly security trained is a great way to keep your networks
tied down. But who has time for that? The next best thing is a large
group of security conscious colleagues you can talk to. Sunbelt Software
and W2Knews have just the ticket. We created a new free list server:
win-security. Already 1,000 subscribers and the threads are interesting.
If you are not the "security-responsible", please forward this to the
correct person in your organization? They will be grateful! List Charter:
Visit New Security List for more information.
  EDITORS CORNER

Can We Ever Be Secure?

Well, err, [cough]... let me be brief: No. I'm aware that this is not something that is popular but it's the hard truth. Management certainly does not want to hear this, as they are the ones that are liable. But there it is. You are always behind the hacker community, because you do not know what they know and what they are up to now.

"Secure" implies your networks are watertight, and that simply is not an attainable goal. Security is a process, not an end goal. You have to continually work to quality check everything that can go wrong. And there is a lot that can go wrong in many stages of the game.

Stuart McClure, one of the writers of Hacking Exposed puts it like this: "We humans are cursed to roam the planet with human error: we write flawed software, misconfigure computer systems, and use trivially guessable passwords. These simple flaws in design, setup and usage single-handedly perpetuate the security nightmare."

In other words, anyone claiming they can completely safeguard a network is delusional. What you CAN and SHOULD do is a structured approach that includes policy, management buy-in and layered defenses using both tools and end-user training. And in a similar vein, any single company promising you they will take care of ALL your security problems is off their rocker. It's up to your top management to drive as much "security consciousness" down in your full organization. And sometimes it takes a wake-up call to get there, but unfortunately that is playing Russian roulette.

I suggest you subscribe to the new win-security list server and fill out the security survey we have for new subscribers. The results will be shared with everyone. Here is the link:
http://www.w2knews.com/rd/rd.cfm?id=081601-NewSecList

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Event Log Monitor
GET NOTIFIED OF NETWORK PROBLEMS AS SOON AS THEY ARISE
With Event Log Monitor, you will be. ELM monitors Windows servers in
real-time, alerting you to security breaches, health problems, and
critical events but also network device problems that affect network
reliability and availability. Need to be monitor services and auto-
matically restart them when they go down? Whether you have one server
or a hundred, a LAN or a WAN, ELM will provide you maximum visibility
and uptime with minimal impact. For a 30-day eval, click:
Visit Event Log Monitor for more information.
  TECH BRIEFING

MS Releases New Free Hotfix Scanner

If you manage security in an NT or W2K environment, this small command- line tool allows you to check the patch status of all the machines in a network from where you are. It's pretty rough, but useful to show how many systems are not patched and then get the resources you need to actually fix the situation. The applet was cooked up by MS Security Program Manager Eric Schultze but actually developed by an MS Gold partner called Shavlik.

This "micro-scanner" does whole networks, IP ranges, and supports NT4, W2K, IIS 4.0 and 5.0, SQL 7 and 2000, plus IE5.01 and up. I just picked one up and played with it a bit. Handy little tool since it does not use any agents and you do not have to install it anywhere. Of course it is not comparable with the commercial third party tools out there and it does not fix anything, but does show you what patches are missing and their KB references.

Just open a CMD-window, go to the spot where you extracted the .zip to, type HFNetChk and run it with the command line switch " -? " and it will show you its little repertoire of neat tricks. For example:

c:\program files\microsoft\tools> HFNetChk -?



-h      hostname        Specifies the NetBIOS machine name to scan.

                        Default is the localhost.

-i      ipaddress       Specifies the IP address of the machine to

                        scan.

-r      range           Specifies the IP address range to be scanned,

                        starting with ipaddress1 and ending with

                        ipaddress2 inclusive.

-d      domain_name     Specifies the domain_name to scan.  All

                        machines in the domain will be scanned.

-n      network         All systems on the local network will be

                        scanned.  (i.e., all hosts in Network

                        Neighborhood)

-a      action          Displays (i)nstalled hotfixes,

                        (m)issing hotixes, (n)ecessary hotfixes or

                        (b)oth installed and missing.  Default will

                        display necessary hotfixes.

-t      threads         Number of threads used for executing scan.

                        Possible values are from 1 to 128. Default

                        is 64

-o      output          Specifies the desired output format.

                        (tab) outputs in tab delimited format.

                        (wrap) outputs in a word wrapped format.

                        Default is wrap.

-x      datasource      Specifies the xml datasource containing the

                        hotfix information. Location may be an xml

                        filename, compressed xml cab file, or URL.

                        Default is mssecure.cab from the Microsoft

                        website.

-z      reg checks      Do not perform registry checks.

-v      verbose         Display the reason a test failed

                        in wrap mode.

-?      help            Displays this menu.

As you see, it does registry checks by default, so your protocols and settings need to allow this. (some people have no NetBios at all anymore). The supporting documentation is supposed to show up any day now (but was not here yet at the time we went to press).
http://support.microsoft.com/support/kb/articles/q303/2/15.asp

NOTE: This puppy grabs an XML file from MS, which holds the data about the correct patches, versions, checksums, the registry keys that the hotfix changes, the correct sequence of installation of patches, and the MS KB article numbers. You'll see a small DOS-box report if anything does not match the data in the XML file. MS has apparently committed to keep that XML file up-to date at all times.

If you are serious about security though, a more robust solution would be recommended, varying from UpdateExpert to either STAT or Retina. You can find all of those on the Sunbelt website. Here is the download link on the MS-site: It's nshc.exe you want, which unzips into HFNetChk.
http://www.w2knews.com/rd/rd.cfm?id=081601TB-MScanner

  NT/2000 RELATED NEWS

News About The New MS Certification: MCSA

It's very early days, but here is the scoop. Remember, you heard it here first. MS is taking the MCSA as a working title for the moment, but I think they would be wise to stick with it. It will not see the light of day before the end of this year, so it's not something you can jump into when your NT MCSE expires. This is the preliminary status of the MCSA-deal

There will be two exams in there, that are either 210 and 215 (WS and Server) or their equivalents for Windows XP. Then there will be a new one called 218, and an elective. They are mulling over to make that elective something that can be replaced by another third party cert, like A+ or CCNA. Their final goal is to have a cert that shows some one can run and maintain an environment as opposed to being able to -build- one which the "engineer" title is supposed to communicate. I'll get you more detail when I have it.

Latest SunPoll: Are You Going W2K MCSE?

We ran this survey almost a year ago, when the W2K certification was just available. Now that we are getting close to December 31-st and your NT MCSE expires, are you going to upgrade to MCSE for Win2000? The Poll sits on the Sunbelt Site, you can vote on the leftmost column of the welcome page.

  • No, I am upset with MS and not motivated to redo the exams
  • Perhaps, when I can create some time for it
  • Yes, I am planning to do that
  • Already cramming for my exams!
You will see instant results after you vote here:
http://www.w2knews.com/rd/rd.cfm?id=081601-SunPoll

XBOX late?

We're reporting on the XBOX because it runs a stripped version of W2K. Today in the Wall Street Journal, MS said it expects to deliver the much-anticipated video-game machine on time, that is November 8, and have 1.5 million units ready by the end of the year. This despite the fact that a report is doing the rounds claiming that Intel has problems with the motherboard and/or the nvidia chipset.

Investment Banking firm Thomas Wiesel was the source of the report, but MS vehemently denies any delays. Of course they would. You can get away with a Service Pack being 6 months late, but a critical consumer product missing Christmas would cut in their stock prices like you would not believe. Both Intel and Flextronics that produce the hardware said they would be on time. We'll see. In the mean time I was sent some feedback by people visiting the official release of the XBOX that the graphics could use improvement. It's interesting to see how the final product will look.

SANS Claims: Security Problems Caused By MCSE Training

Or rather, the no-training MCSE's get relating to security. This item has become a little storm, with ComputerWorld having it above the fold. (This is a newspaper term for a headline that is the first thing you see, even when the paper is still folded, hence "above the fold").

The SANS Institute, a research and security education organization for systems admins last week sent an e-mail newsletter out to 96,000 members. They urged MCSEs to take a free class offered by the institute on how to reconfigure and patch Windows-based systems against the holes that the Code Red worm exploited. Their opinion is that the core courses required to attain MCSE certification don't provide the level of security training engineers need to protect their systems.

They have a point, as the security exam is optional but should be part and parcel of any system admin's training with the current virus weather. The full ComputerWorld Article is over here. There was also a big discussion about this same topic on the new win-security list. See the Sponsor Message above. Time to show this article to your bosses, and ask for budget to get Security trained! Article:
http://www.w2knews.com/rd/rd.cfm?id=081601-MCSEFault

  THIRD PARTY NEWS

STAT Security Scanner Drops Prices Dramatically

The developer of STAT, Harris Corp has revamped their prices for the venerable STAT vulnerability scanner. Pricing has been simplified and in some cases they were slashed up to 40%. Obviously they are now more competitive. From what I understand of the Harris game plan is that STAT is positioned to go after sites where ISS Scanner and Cybercop licenses are installed, and offer a competitive upgrade. So here are their new prices - all include 1 year maintenance. Call your Rep or Reseller for competitive upgrade pricing.

  • 10 node: $990
  • 100 node: $2,370
  • 255 node: $4,370 (Class C license)
  • Unlimited: $9,995.
Here is the STAT page for a download:
http://www.w2knews.com/rd/rd.cfm?id=081601-StatNewPrices

Now Free NT4 Mini-Network Admin Tools: NetApplets!

Sunbelt NetApplets are a suite of small yet powerful utilities to help you in your day-to-day administration of Windows NT (not W2K) networks. All our NetApplets are FREE to download! Full Version, No expiration date, run them on any machine and at any job.

You needed them, and we made them for you. Actually, we first planned to sell them for $99 each, but since there will be no W2K versions coming, we decided to give them away for free. Only thing is you need to fill out the download form, but there is no cost involved. If you are still running NT4 servers on your network (and who does not) these small utilities are now available for your toolkit. Please tell all your friends about it.

Sunbelt NetApplets are single-purpose executables for NT and Exchange to assist NT Admins in dealing with common, time consuming tasks for which no off the shelf or native tools exist. A very powerful, easy to use, but inexpensive solution.

Sunbelt NetApplets are developed by Sunbelt using FastLane Technologies DM/Developer (now owned by Quest), a cross directory SDK. DM/Developer is a leading scripting/development solution designed for administrators -- it's easy to use and Sunbelt has leveraged this technology to offer these series of solutions. They come as-is. No support except for the online Sunbelt Knowledge Base.

They are now yours... FREE. Not braindead, not crippled, the real deal. But since they are free, we cannot spend time supporting them as you will understand. You can take this with you from company to company, and run them on as many machines as you'd like. Remember to tell your friends! An offer like this does not come every year.
http://www.w2knews.com/rd/rd.cfm?id=081601-NetApplets

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • This guy has a few neat tools for free, we like Tesseract and Sysorb
    http://www.w2knews.com/rd/rd.cfm?id=081601FL-Adamant
  • A newly discovered flaw in NNTP allows an attacker to grab all your RAM
    http://www.w2knews.com/rd/rd.cfm?id=081601FL-NNTPFlaw
  • Samspade.org has a bunch of useful networking tools - free
    http://www.w2knews.com/rd/rd.cfm?id=081601FL-SamSpade
  •   PRODUCT OF THE WEEK

    Server+ Certification Bible

    If you are planning to take the CompTIA Server+ exam, this might be the book you need. It's a very comprehensive and effective guide to train for that Certification. The writer Trevor Kay is clearly a techie that knows his stuff. There are a few technical and grammatical errors in the book that should have been edited out though. However if you are in the bizz of maintaining and upgrading servers in the field, this book is recommended despite its shortcomings. You can check it out at Amazon:
    http://www.w2knews.com/rd/rd.cfm?id=081301BOW-ServerPlus