- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 17, 2001 (Vol. 6, #71 - Issue #306)
Target Awards 2001 Winners
  This issue of W2Knews™ contains:
    • Target Awards 2001 Winners
    • 21st Century Warfare
    • 430,000 IIS Sites Are "Owned". Is Yours?
    • MS Comes Out With URLScan To Further Lock Down IIS
    • NEW: High Availability Management for Windows
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Information Warfare
  SPONSOR: Transcender
In a recent poll on Brainbuzz.com, Transcender's exam simulations were
overwhelmingly picked as the Best Practice Exams by a ratio of 4 to 1.

Transcender's team of certification experts have created the most
thorough and realistic exam simulations available for Microsoft, CompTIA,
Prosoft CIW and Cisco exams. Prepare to pass with TranscenderCert exam
simulations! We guarantee* it! Find out more at:
Visit Transcender for more information.

Target Awards 2001 Winners

The voting is done and the winners are now known! The number of people that voted for Year 2001's Target Awards was again larger than the year before. NT/W2K Admins, MIS Managers, and IT professionals from around the world indicated their preferences. Twenty eight categories of products (or services) were judged on three different criteria to select a winner in each category: Price, Features and Overall Quality.

The Awards will be presented at the Microsoft Exchange Conference on October 1, 2001 in Orlando Florida. The 2001 Winners and Finalists are listed on a new Awards Page that you'll find by clicking below. Congratulations to all finalists and winners. In the future, if you are looking for a system admin tool and need a shortlist of tools to select out of, here is the page that will save you a lot of time:

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

GoToMyPC allows employees to securely access & control their computers
from any Web browser-anytime, anywhere. It's a revolutionary solution
for your teleworkers, travelers and work extender that need remote access.
The New York Times calls GoToMyPC "Ingenious" & the Wall Street Journal
says, "The system worked flawlessly" Avoid time-consuming and expensive
solutions like VPNs, RAS or pcAnywhere. GoToMyPC lets you roll out a
corporate telecommuting solution in minutes for as little as $250 per
month. If you have 10 or more employees who need remote access click here:
Visit GoToMyPC for more information.

21st Century Warfare

President Bush this week proclaimed that the country is now engaged in the first 21st-century war. This campaign will be much different from conventional bombs and missiles. It will be fought on three fronts: conventional, psychological- and info-warfare. For the first time on a large scale, it is expected that Operating System, Network and Application vulnerabilities will be exploited to cause disruption and damage to terrorist networks.

Conventional Warfare

Sustained bombing for several weeks could be an option, simply to drive terrorist morale down and for direct military gain. Targets would include terrorist training camps in Afghanistan and other countries such as Yemen.

A large U.S. ground invasion, like that during the Persian Gulf War in 1990-91 is for now unlikely. Far more likely is the employment of computers to conduct what's loosely called "information warfare." For the first time ever, American forces engaged in a limited amount of cyber-combat during the war over Kosovo when they blitzed Yugoslav Serb computer systems to disrupt their air-defense command-and-control network.

Information Warfare

Since then, the Pentagon formally adopted cyber-warfare as part of its armament, establishing within the U.S. Space Command an operation dedicated to this revolutionary method of fighting. Adding to the likelihood is the fact that the man who will ascend at the end of the month to be the next chairman of the Joint Chiefs of Staff is Air Force Gen. Richard Myers, a former Space Command head and one of the strongest proponents of cyber-warfare tactics in the military.

Bin Laden's network has been documented to use the Internet extensively to communicate, organize and plan. U.S. capability extends far beyond the simple hacking that bedevils the Internet. Instead, the Pentagon can not only disrupt an enemy's ability to communicate, but also to feed false data to bin Laden's network, as well as to implant viruses, erase computer memory and even redirect the flow of money out of his bank accounts.

Similarly, the United States could wreak the same electronic havoc on countries deemed too friendly to terrorists, attacking the operation of everything from telephone networks, electric production and distribution and water supply to financial systems, railways and airports.

Psychological Warfare

Terrorism is of course a form of psychological warfare that tries to drive populations into fear and give up their freedoms for security. The attacks this week were the worst and most horrible example of it. They are committed by extremist fringe groups that are far from the Islam mainstream. If we truly want to handle terrorism, we need to address those who create terrorists by feeding them the lies that make them think that these evil acts will be rewarded. For example, Osama Bin Laden's right hand man Ayman al-Zawahiri is such a man. He's a former psychiatrist condemned to death in absentia in Egypt, and provides the psych-ammo for terrorists. Western democracy needs to counter this kind of warfare and a man like him needs to be brought before justice. See ABCnews.com article of 09/25/2000 as a backgrounder.

FBI and CIA loosened up

A loosening of legal restrictions on domestic and other surveillance by the FBI. The bureau has asked Congress for more latitude for intercepting e-mail, cell-phone conversations and other electronic communications, and the Senate Thursday night voted to make it easier for agents to get warrants for such surveillance.

Also likely to be debated by Congress is a relaxing of prohibitions that keep the CIA and other agencies from engaging unsavory characters as intelligence tools, and the erasing of a 20-year ban on using assassination as a covert method.

So, what does info-warfare mean for us in the IT-trenches? IT-security will rapidly become an even higher priority than before. So, if you are asking yourself what you can do about this, here is a road I strongly suggest. Get trained on how to get your networks and servers tied down, and start working on an IT security Certification NOW. That will become a major job-qualifier and added value you can offer. The SANS organization is where I recommend you start. This is a good outfit to team up with. (Pick up the book of the week as well. It's not for the faint of heart) Here are the SANS courses:


430,000 IIS Sites Are "Owned". Is Yours?

Netcraft is a UK outfit that for years has had spiders running on the Net and has done very interesting research. They surveys show a variety of server related stuff, like what OS but now also which holes are still not fixed in percentages. (A true heaven for crackers that only need to check which holes to scan for).

So, you should be even more than before aware of unfixed security vulnerabilities and trojans. Netcraft's last survey scanned servers running IIS, and indeed many are locked down a lot better than before. But since the recent code red worm outbreak, a new threat has shown its ugly face.

More than 430K servers running IIS can now be "owned". That means remotely controlled by crackers, using the trojan that code red and the Sadmind/IIS installed. It is very likely that you THINK your systems are safe, but you had been infected already before you made the patch. That means a back-door was installed on your IIS box, and still is there.

This trojan is called root.exe. The worms rename an NT's cmd.exe to root.exe and place it in a folder that is accessible from the Web. With that in place, a cracker using just a Web browser can send a range of commands to the server. That server is no longer secure and any sensitive data can be pulled off. Actually, nothing new here, this is all known data. But the number of infected systems was the big news. We in Sunbelt have SecureIIS running, and its logs show that our servers still are touched dozens of times every day by infected servers. Time to double check for that file root.exe! The latest Netcraft survey results are here:

MS Comes Out With URLScan To Further Lock Down IIS

Scott Culp, Manager of the Microsoft Security Response Center recently sent the following message out, and Marc Maiffret from eEye responded to it. Interesting to see these two quite contrasting views:

    "Hi All -

    "Wanted to let you know about a new security tool for IIS that we've released today. The tool is called URLScan, and can be used on web servers running IIS 4.0, 5.0 or 5.1. It's a great complement to the IIS Lockdown Tool that we released two weeks ago. Where the IIS Lockdown Tool ensures that a web server is configured for secure operation, URLScan protects the server while it's in operation.

    "Most attacks against web servers involve the use of a request that's unusual in some sense. It might be extremely long, contain special characters, use an alternate character set, and so forth. URLScan protects a server by giving the administrator a way to prevent such requests from reaching the server. When installed and running, URLScan intercepts all incoming requests, compares them to a ruleset, and drops them if they doesn't meet the specifications of the ruleset.

    "The tool comes with a default ruleset that is appropriate for most servers. The ruleset can be customized to meet the needs of a particular web server. (We do recommend that the tool be used by experienced web administrators, as it could be possible to set the restrictions so tight that they could interfere with normal operation of the server). More information on the tool and a download are available at

And here is the response of eEye, the developer of SecureIIS which is a commercial tool that locks down IIS:
    "We are not worried about the new MS tool. Its cool to see MS finally take some steps towards security. The tool is _very_ lacking compared to SecureIIS though. One example would be that their handed edited policy is not specific per web. Also the fact that the MS tool will break a lot of server functionality and not give you the ability to really fine tune things to make it work with your custom environment. SecureIIS is a fully featured, supported, and proven security product, not a freeware unsupported security 'tool'".
Here is the link to SecureIIS:

And a little word of warning from your editor. Neither of these two tools are a replacement for hotfixes. You still need to keep those updated on IIS, despite the fact you may use an IIS lockdown tool.

A best-of-breed selection of security tools can be found on the Sunbelt web site:


NEW: High Availability Management for Windows

Want to prevent downtime? All automatic, 24/7 by 365? Add a smart little system admin to every mission critical box? Here is a new way to do that. Availant Manager for Windows extends your current systems management by adding predictive capabilities and carefully conceived automated responses to anticipated (or current) problems. The Availant Manager product comprises a core technology component and a collection of plug-in agents each designed for a specific application or component.

The current version of Availant Manager has Availant Manager Agents for:

  • Windows Server
  • Microsoft Exchange
  • Microsoft SQL*Server
  • Microsoft IIS
The Windows Server Agent manages both Windows NT 4.0 server and W2K server systems providing advanced management of your:
  • Disk Capacity
  • Network Connectivity
  • CPU and Memory Utilization
The disk agent corrects disk capacity problems by removing (admin- specified) low priority files (such as temporary files or .mp3 files). It assures that mission critical applications have the disk space they need to continue to function optimally.

The network connectivity agent can detect and repair networking problems due to local software or configuration failures. It also monitors and detects network performance problems.

The CPU and Memory utilization agents detect run away or failed apps by analyzing their CPU and memory usage problems. It can then recover the failed app and prevent run away applications from consuming excess server resources and degrading server performance.

The Exchange agents advanced analysis can detect and prevent the conditions that lead to Exchange information store corruption. Internet connectivity is automatically restored by restarting a failed Internet Mail Connector. The agent also automatically and safely performs period maintenance tasks.

For SQL*Server, the Availant Manager agent accurately predicts disk usage patterns and when appropriate can optimize SQL*Servers use of disk. Further, it monitors queries to insure that SQL*Server is performing correctly and at appropriate performance levels. Its advanced data analysis engine adapts its rules automatically to your changing business needs.

For IIS, the Availant Manager agent can detect and respond to web site failure. It prevents page unavailable errors without disrupting any other IIS operations. The agent also tunes IIS to meet your current business needs, no matter how fast your business is growing.

There is a lot more information on the Sunbelt website: screenshots, white papers, quickstart guides, prices, user guides, and of course eval copies you can download and test.


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Good warning about criminals that try to scam people with "disaster help"
  • If you want to contribute any IT goods or services in the wake of NY:
  • Here is where you can schedule blood donations with the Red Cross:

    Information Warfare

    This book has now suddenly become of present interest. It was Book of The Week in the August 6, 2001 issue, and I'm bringing it back. The western democracies will now use these methodologies to wage war on terrorism. Information Warfare - How to Survive Cyber Attacks - explains the methods behind hacks and cyber attacks and provides defensive strategies and counter measures designed to help companies survive infrastructure attacks, military conflicts, competitive intelligence gathering, economic warfare, and corporate espionage. The authors are renowned industry experts. It will pay off to know this stuff. I know what I'm going to read in my spare time. 21 bucks you won't regret.