Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 17, 2001 (Vol. 6, #71 - Issue #306)
Target Awards 2001 Winners
This issue of W2Knews contains:
- EDITORS CORNER
- Target Awards 2001 Winners
- TECH BRIEFING
- NT/2000 RELATED NEWS
- 430,000 IIS Sites Are "Owned". Is Yours?
- MS Comes Out With URLScan To Further Lock Down IIS
- NT/2000 THIRD PARTY NEWS
- NEW: High Availability Management for Windows
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
In a recent poll on Brainbuzz.com, Transcender's exam simulations were
overwhelmingly picked as the Best Practice Exams by a ratio of 4 to 1.
Transcender's team of certification experts have created the most
thorough and realistic exam simulations available for Microsoft, CompTIA,
Prosoft CIW and Cisco exams. Prepare to pass with TranscenderCert exam
simulations! We guarantee* it! Find out more at:
Visit Transcender for more information.
Target Awards 2001 Winners
The voting is done and the winners are now known! The number of people
that voted for Year 2001's Target Awards was again larger than the year
before. NT/W2K Admins, MIS Managers, and IT professionals from around
the world indicated their preferences. Twenty eight categories of products
(or services) were judged on three different criteria to select a winner
in each category: Price, Features and Overall Quality.
The Awards will be presented at the Microsoft Exchange Conference
on October 1, 2001 in Orlando Florida. The 2001 Winners and Finalists
are listed on a new Awards Page that you'll find by clicking below.
Congratulations to all finalists and winners. In the future, if you
are looking for a system admin tool and need a shortlist of tools
to select out of, here is the page that will save you a lot of time:
(email me with feedback: [email protected])
GoToMyPC allows employees to securely access & control their computers
from any Web browser-anytime, anywhere. It's a revolutionary solution
for your teleworkers, travelers and work extender that need remote access.
The New York Times calls GoToMyPC "Ingenious" & the Wall Street Journal
says, "The system worked flawlessly" Avoid time-consuming and expensive
solutions like VPNs, RAS or pcAnywhere. GoToMyPC lets you roll out a
corporate telecommuting solution in minutes for as little as $250 per
month. If you have 10 or more employees who need remote access click here:
Visit GoToMyPC for more information.
21st Century Warfare
President Bush this week proclaimed that the country is now engaged
in the first 21st-century war. This campaign will be much different
from conventional bombs and missiles. It will be fought on three
fronts: conventional, psychological- and info-warfare. For the first
time on a large scale, it is expected that Operating System, Network
and Application vulnerabilities will be exploited to cause disruption
and damage to terrorist networks.
Sustained bombing for several weeks could be an option, simply to drive
terrorist morale down and for direct military gain. Targets would
include terrorist training camps in Afghanistan and other countries
such as Yemen.
A large U.S. ground invasion, like that during the Persian Gulf War
in 1990-91 is for now unlikely. Far more likely is the employment
of computers to conduct what's loosely called "information warfare."
For the first time ever, American forces engaged in a limited amount
of cyber-combat during the war over Kosovo when they blitzed Yugoslav
Serb computer systems to disrupt their air-defense command-and-control
Since then, the Pentagon formally adopted cyber-warfare as part of
its armament, establishing within the U.S. Space Command an operation
dedicated to this revolutionary method of fighting. Adding to the
likelihood is the fact that the man who will ascend at the end of
the month to be the next chairman of the Joint Chiefs of Staff is
Air Force Gen. Richard Myers, a former Space Command head and one
of the strongest proponents of cyber-warfare tactics in the military.
Bin Laden's network has been documented to use the Internet extensively
to communicate, organize and plan. U.S. capability extends far beyond
the simple hacking that bedevils the Internet. Instead, the Pentagon
can not only disrupt an enemy's ability to communicate, but also to
feed false data to bin Laden's network, as well as to implant viruses,
erase computer memory and even redirect the flow of money out of his
Similarly, the United States could wreak the same electronic havoc on
countries deemed too friendly to terrorists, attacking the operation
of everything from telephone networks, electric production and
distribution and water supply to financial systems, railways and
Terrorism is of course a form of psychological warfare that tries to
drive populations into fear and give up their freedoms for security.
The attacks this week were the worst and most horrible example of it.
They are committed by extremist fringe groups that are far from the
Islam mainstream. If we truly want to handle terrorism, we need to
address those who create terrorists by feeding them the lies that make
them think that these evil acts will be rewarded. For example, Osama
Bin Laden's right hand man Ayman al-Zawahiri is such a man. He's a
former psychiatrist condemned to death in absentia in Egypt, and
provides the psych-ammo for terrorists. Western democracy needs to
counter this kind of warfare and a man like him needs to be brought
before justice. See ABCnews.com article of 09/25/2000 as a backgrounder.
FBI and CIA loosened up
A loosening of legal restrictions on domestic and other surveillance
by the FBI. The bureau has asked Congress for more latitude for
intercepting e-mail, cell-phone conversations and other electronic
communications, and the Senate Thursday night voted to make it easier
for agents to get warrants for such surveillance.
Also likely to be debated by Congress is a relaxing of prohibitions
that keep the CIA and other agencies from engaging unsavory characters
as intelligence tools, and the erasing of a 20-year ban on using
assassination as a covert method.
So, what does info-warfare mean for us in the IT-trenches? IT-security
will rapidly become an even higher priority than before. So, if you are
asking yourself what you can do about this, here is a road I strongly
suggest. Get trained on how to get your networks and servers tied down,
and start working on an IT security Certification NOW. That will become
a major job-qualifier and added value you can offer. The SANS organization
is where I recommend you start. This is a good outfit to team up with.
(Pick up the book of the week as well. It's not for the faint of heart)
Here are the SANS courses:
NT/2000 RELATED NEWS
430,000 IIS Sites Are "Owned". Is Yours?
Netcraft is a UK outfit that for years has had spiders running on
the Net and has done very interesting research. They surveys show
a variety of server related stuff, like what OS but now also which
holes are still not fixed in percentages. (A true heaven for crackers
that only need to check which holes to scan for).
So, you should be even more than before aware of unfixed security
vulnerabilities and trojans. Netcraft's last survey scanned servers
running IIS, and indeed many are locked down a lot better than before.
But since the recent code red worm outbreak, a new threat has shown
its ugly face.
More than 430K servers running IIS can now be "owned". That means
remotely controlled by crackers, using the trojan that code red and
the Sadmind/IIS installed. It is very likely that you THINK your
systems are safe, but you had been infected already before you made
the patch. That means a back-door was installed on your IIS box,
and still is there.
This trojan is called root.exe. The worms rename an NT's cmd.exe to
root.exe and place it in a folder that is accessible from the Web.
With that in place, a cracker using just a Web browser can send a
range of commands to the server. That server is no longer secure
and any sensitive data can be pulled off. Actually, nothing new here,
this is all known data. But the number of infected systems was the
big news. We in Sunbelt have SecureIIS running, and its logs show that
our servers still are touched dozens of times every day by infected
servers. Time to double check for that file root.exe! The latest
Netcraft survey results are here:
MS Comes Out With URLScan To Further Lock Down IIS
Scott Culp, Manager of the Microsoft Security Response Center recently
sent the following message out, and Marc Maiffret from eEye responded
to it. Interesting to see these two quite contrasting views:
"Hi All -
And here is the response of eEye, the developer of SecureIIS which
is a commercial tool that locks down IIS:
"Wanted to let you know about a new security tool for IIS that we've
released today. The tool is called URLScan, and can be used on web
servers running IIS 4.0, 5.0 or 5.1. It's a great complement to the
IIS Lockdown Tool that we released two weeks ago. Where the IIS
Lockdown Tool ensures that a web server is configured for secure
operation, URLScan protects the server while it's in operation.
"Most attacks against web servers involve the use of a request that's
unusual in some sense. It might be extremely long, contain special
characters, use an alternate character set, and so forth. URLScan
protects a server by giving the administrator a way to prevent such
requests from reaching the server. When installed and running,
URLScan intercepts all incoming requests, compares them to a ruleset,
and drops them if they doesn't meet the specifications of the ruleset.
"The tool comes with a default ruleset that is appropriate for most
servers. The ruleset can be customized to meet the needs of a particular
web server. (We do recommend that the tool be used by experienced web
administrators, as it could be possible to set the restrictions so
tight that they could interfere with normal operation of the server).
More information on the tool and a download are available at
"We are not worried about the new MS tool. Its cool to see MS finally
take some steps towards security. The tool is _very_ lacking compared
to SecureIIS though. One example would be that their handed edited
policy is not specific per web. Also the fact that the MS tool will
break a lot of server functionality and not give you the ability to
really fine tune things to make it work with your custom environment.
SecureIIS is a fully featured, supported, and proven security product,
not a freeware unsupported security 'tool'".
Here is the link to SecureIIS:
And a little word of warning from your editor. Neither of these two
tools are a replacement for hotfixes. You still need to keep those
updated on IIS, despite the fact you may use an IIS lockdown tool.
A best-of-breed selection of security tools can be found on the
Sunbelt web site:
THIRD PARTY NEWS
NEW: High Availability Management for Windows
Want to prevent downtime? All automatic, 24/7 by 365? Add a smart
little system admin to every mission critical box? Here is a new way
to do that. Availant Manager for Windows extends your current systems
management by adding predictive capabilities and carefully conceived
automated responses to anticipated (or current) problems. The Availant
Manager product comprises a core technology component and a collection
of plug-in agents each designed for a specific application or component.
The current version of Availant Manager has Availant Manager Agents for:
The Windows Server Agent manages both Windows NT 4.0 server and W2K
server systems providing advanced management of your:
- Windows Server
- Microsoft Exchange
- Microsoft SQL*Server
- Microsoft IIS
The disk agent corrects disk capacity problems by removing (admin-
specified) low priority files (such as temporary files or .mp3
files). It assures that mission critical applications have the
disk space they need to continue to function optimally.
- Disk Capacity
- Network Connectivity
- CPU and Memory Utilization
The network connectivity agent can detect and repair networking
problems due to local software or configuration failures. It also
monitors and detects network performance problems.
The CPU and Memory utilization agents detect run away or failed
apps by analyzing their CPU and memory usage problems. It can then
recover the failed app and prevent run away applications from
consuming excess server resources and degrading server performance.
The Exchange agents advanced analysis can detect and prevent the
conditions that lead to Exchange information store corruption.
Internet connectivity is automatically restored by restarting a
failed Internet Mail Connector. The agent also automatically and
safely performs period maintenance tasks.
For SQL*Server, the Availant Manager agent accurately predicts
disk usage patterns and when appropriate can optimize SQL*Servers
use of disk. Further, it monitors queries to insure that SQL*Server
is performing correctly and at appropriate performance levels. Its
advanced data analysis engine adapts its rules automatically to
your changing business needs.
For IIS, the Availant Manager agent can detect and respond to
web site failure. It prevents page unavailable errors without
disrupting any other IIS operations. The agent also tunes IIS
to meet your current business needs, no matter how fast your
business is growing.
There is a lot more information on the Sunbelt website: screenshots,
white papers, quickstart guides, prices, user guides, and of course
eval copies you can download and test.
This Week's Links We Like. Tips, Hints And Fun Stuff
Good warning about criminals that try to scam people with "disaster help"
If you want to contribute any IT goods or services in the wake of NY:
Here is where you can schedule blood donations with the Red Cross:
PRODUCT OF THE WEEK
This book has now suddenly become of present interest. It was Book of
The Week in the August 6, 2001 issue, and I'm bringing it back. The
western democracies will now use these methodologies to wage war on
terrorism. Information Warfare - How to Survive Cyber Attacks - explains
the methods behind hacks and cyber attacks and provides defensive
strategies and counter measures designed to help companies survive
infrastructure attacks, military conflicts, competitive intelligence
gathering, economic warfare, and corporate espionage. The authors are
renowned industry experts. It will pay off to know this stuff. I know
what I'm going to read in my spare time. 21 bucks you won't regret.