Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 8, 2001 (Vol. 6, #77 - Issue #312)
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- Microsoft Unveils New Security Initiative
- NT/2000 RELATED NEWS
- Forget W2K Service Pack 3 In 2001
- NT/2000 THIRD PARTY NEWS
- Veritas Manage Exec Scared By MOM
- Free Hotfix Management ROI Calculator
- New Security Tool Now Supports RollOut Patches
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
FREE ACTIVE DIRECTORY AUDIOCAST FROM NETIQ
Need to ensure that your Active Directory deployment has a positive
bottom-line impact on your business critical applications? Get the
expert advice you need now during NetIQ's FREE audiocast, "Active
Directory Advantages: Exploring AD, an Essential IT Asset." Register
today and you'll receive a free Windows security white paper.
Visit NetIQ for more information.
Here are the results of the last SunPoll. Double votes have been
eliminated of course. It looks like the golden 80-20 rule strikes
again. We will see how the NetCraft surveys over time reflect this
choice. For the moment, IIS is still going up but Gartner's advice
is only a few weeks old. If I were you I would do some research on
the total cost of switching over before actually doing the switch.
You might be surprised by hidden cost factors. Another remark is
that when admins do not manage their IIS well, what makes Gartner
think they will manage another web server better? To illustrate
the point, over the same time frame of about a month, 16 holes
were found in IIS and 13 in Apache.
So, here are the numbers after your 1405 votes were counted.
Q: Are you going to do what Gartner proposes and trash your IIS?
And since we are getting forced to pay more attention to security,
here is another issue: password strength. After all the security
measures you took to make your network impenetrable, there is one
liability that could still undermine your entire operation.
- Yup! Moving away to another one: 19%
- Seriously thinking about it: 16.65%
- Not so likely: 23.7%
- No Way! We standardized on IIS and like it, holes and all: 40.64%
It's your users' passwords. Simply put, passwords are the weakest
link that hackers prey upon. Also, passwords are the most neglected
security hole. Hackers use "dictionary attacks" to compare common
words from several wordlists to crack weak passwords. L0phtcrack
is a good example of a Target Award winning password cracking tool
that administrators often also use to test the strength of their
users' passwords. We run this in house regularly and even here
people get caught red handed with passwords even the company dog
could guess. [grin] This SunPoll asks how you are handling the
password strength issue in your org.
And here is the NEW SunPoll:
As you know, passwords are very important to network security.
In your company have you implemented:
Vote in the leftmost column, scroll down a bit. You will quickly
see how your colleagues are approaching this problem:
- Strong password policy, enforced by AD and Group Policy
- Strong password policy, implemented via the NT Resource Kit
- Written policy about password strength
- No written policy and no additional tools implemented
- We do not use passwords at all for our users
And some good news from High Tech for a change: Both Cisco and
Dell told Wall Street their quarters are going to look good.
Share prices went straight up.
UNDO Dept. We had a little error in the NT4.0 retirement article,
but all the correct termination dates are in the table at the end.
(email me with feedback: [email protected])
SPONSOR: Vulnerability Is Over!
PROTECT YOUR DATA WITH RETINA...VULNERABILITY IS OVER!
In order to thoroughly protect your network from cyber crime,
traditional security measures such as firewalls and intrusion
detection systems are not enough. Retina, the Network Security
Scanner, prevents penetration of your networks by scanning,
monitoring, alerting, and automatically fixing network security
vulnerabilities with a touch of a button. Protect your data with
the best digital security solution. Free 15-day trial available at:
Visit Vulnerability Is Over! for more information.
Microsoft Unveils New Security Initiative
About time... and it could be better, but this is at least a start.
It's called "STPP" (Strategic Technology Protection Program), and
if you are a MS customer in the U.S. you can get free, virus-related
tech support if you call 1-866-PC SAFETY.
If you are an system or a network admin, they also threw all the
existing tools together on a CD. This free kit has a bunch of
security guides, product updates, and tools for protecting NT/W2K.
Most of these were already available via downloads, but it's nice
to have it all together:
Their website claims that the STPP "represents an unprecedented
mobilization of Microsoft's people and resources." From my perspective,
MS has been pinched by first Code Red, next Nimda, woke up and realized
they have not made it easy enough to patch systems, and for sure have
not insisted enough to get users to actually do it.
- Latest Service Packs for OS, IIS, and IE.
- Security Checklists for NT, W2K, and IIS.
- A W2K-SP2 Deployment guide (Run AD? read the Update.msi section)
- An NT 4.0-SP6a Deployment guide for SMS.
- IE Deployment guides.
- Several individual Hotfixes required for NT 4.0 Terminal Server
- IIS Lockdown Tool
- Critical Update Notification 3.0
MS also promised a series of "security readiness events" for its
users, will create auto-update functionality via Windows Update,
and produce bi- monthly product roll-up patches. It is also a good
idea to have security consultants to help you secure your networks.
I'm sure that MS is going to push that idea as well. More information
on the Microsoft Strategic Technology Protection Program is at
And from our perspective, sitting in the trenches ourselves, I have
the following suggestions:
- Impress on all your users under the pain of death by torture that
they only open up attachments THEY ASKED FOR. If they get one from
some one they know but was not asked for, send an email back to
check what it is. Violation is asking for a pink slip.
- Religiously patch all your systems. Servers of course are much more
important than workstations, but still. Security is more important
than the inevitable downtime that patching your systems generates.
- Monitor your systems for normal performance. Establish a baseline,
and program in alerts so that you get warned if things start to
peak suddenly. Good chance these machines are being hit by something,
or worse, are already infected and are now trying to penetrate other
machines. A good tool to set this kind of thing up is ELM. For
instance, you can make ELM ping you if CPU is over, say, 75% for 3
minutes or of RAM utilization gets over 1Gig. Over at:
- If you have people working from home or hotels, make sure that
they use personal firewalls on their machines. Especially if they
have either a cable modem or DSL. Make sure that these firewalls
are also stopping hackers to get out of that machine into your
corporate systems by using something like ZoneAlarm.
- You should start looking at your own firewalls and make them
block traffic that uses spoofed IP addresses. You can do that with
the so called egress and ingress filtering.
- Enlighten your management that budgets should be made available
with high priority for two flashpoint areas: Security and High
NT/2000 RELATED NEWS
Forget W2K Service Pack 3 In 2001
With the whole new STPP going on, and the massive resources that MS
is throwing into the security fray, this also means is that W2K
Service Pack 3 will very likely not make it out the door this year.
Well, that's one thing less to worry about and deploy in the usually
hectic Q4. Just as well.
THIRD PARTY NEWS
Veritas Manage Exec Scared By MOM
It looks like High-end tools vendor Veritas is departing the segment
of applications monitoring. They have started talking to NetIQ, and
agreed to migrate the current Manage Exec installed base to NetIQ's
suite of tools. This is of course a very interesting development.
There was no public policy statement for Veritas' move to terminate
Manage Exec. It is also still on their website, and has not been
moved yet to the section "discontinued products". It looks like the
real reason why Veritas decided to drop it was not wanting to compete
with Microsoft Operations Manager (MOM). For people new to W2Knews,
NetIQ sold some code to MS, which slapped its label on it and called
NetIQ announced that together with Veritas they started to warn the
existing Manage Exec users about the migration and how this thing
will go down. There is also one other loose end that is not clear:
Manage Exec is a multi platform (read NetWare) health monitor, and
NetIQ only runs on Windows. Somebody going to be left in the lurch?
Source: Client Server News, a paid-for zine that I recommend BTW:
Free Hotfix Management ROI Calculator
A humongous amount of you downloaded UpdateEXPERT in the last few
weeks. Just as a reminder, this was the header of that article:
"Been hit by viruses lately? Need to keep IIS up to snuff? The new
version 5.1 of UpdateExpert adds a tremendous amount of value to
overworked and underpaid system- and security administrators. Just
ask yourself if any of these statements apply to you. Microsoft just
released the latest security hotfixes for IIS and W2K but unfortunately...
You now are probably looking at what the cost is, and how you can
get budget. Well, we just put up a Return On Investment Calculator
that will help you get budget approval for UpdateEXPERT. It's for
free and now sits in the section White Papers, Documents and
Other files. You don't even have to fill out a form [grin].
- I don't have time to write scripts and test them.
- I'm too busy cleaning up after Nimda.
- I need to know if the hotfix installations I deployed last month are
- Since Microsoft's updates are not regular, I am forced to
reprioritize my day, as well as figure out which ones apply to
- I need to define what hotfixes are required and detect what
machines conform to my policies".
New Security Tool Now Supports RollOut Patches
As you all know, Microsoft developed some security tools
together with Shavlik. As part of their relationship with
the security teams at Microsoft they came out with a new
release of the Shavlik Admin Suite. Here are some key
points of the new code:
The two most critical needs in security are strong passwords
and keeping all systems update with critical security patches.
All the systems that were well patched and used strong
passwords were not effected by neither the Code Red or the
The problem is of course how to find the machines with weak
passwords and missing patches. For example, test servers under
the desk of your key software development team's desk are
just as critical to security as those running your business
critical systems. How do you find these systems? How do you
know if they are properly patched?
Do they have Everyone in the Administrators Group? Do they
have a blank administrator password? How do you know? You can
easily find out by running the new Shavlik AdminSuite which
provides the full set of tools need to find those machines
that are not secure, no matter where they are.
Security is also time sensitive. You must get the latest
patches as soon as they are out, because the entire world
knows how to break into systems the moment a security patch
is released. HfNetChkPro is tied DIRECTLY into Microsoft's
security teams to provide up date security information to all
Shavlik and Microsoft customers using the Shavlik security tools.
You must also always be on the look out for new admin accounts
that have passwords added in as a result of someone installing
a new application, or for a password set to "password" and then
never changed after a user requested an account reset after a
password was forgotten. The list goes on and things happen every
day. They happen 5 minutes after your last, and expensive,
security audit. This is why Shavlik Technologies created the
AdminSuite - it allows everyone to easily, and often, check for
security problems in real time from one central location.
Security is more about the people using the technology and less
about the technology itself. As a result there is no "set and
forget" in the security world. Tools in the Shavlik Technologies'
AdminSuite are here to help.
Shavlik has released version 3.2 of its well know HfNetChckPro
that includes the following updates:
- Full support for command line file input, see the -? help for
- 100% support of Microsoft's rollout patches for IIS and all
other HfNetChkPro supported platforms in both the GUI and the
- Added support to clearly identify systems that cannot allow
checking due tight security settings in both the GUI and the
- Command line patch history reporting
- The command line ability to not check for patches that have
no information that can be scanned
- The command line -nosum flag that prevents the checking of files
This Week's Links We Like. Tips, Hints And Fun Stuff
Here is a great Swiss Army Knife for system admins. Really, check it
out. It's the ultimate cybertool.
Into Home Automation? This puppy is pretty cool. Drives all your X-10
The Microsoft Windows Online Crash Analysis site looks pretty handy to
plug into your favorites list...
PRODUCT OF THE WEEK
Defend your system against the real threat of computer viruses with
help from this comprehensive resource. Up-do-date and informative,
this book presents a full-scale analysis on computer virus protection.
Through use of case studies depicting actual virus infestations, this
guide provides both the technical knowledge and practical solutions
necessary to guard against the increasing threat of virus attacks.
From the publishers of "Hacking Exposed". Here's a link to it: