- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jan 24, 2002 (Vol. 7, #7 - Issue #338)
More On Passwords and Security
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Never A Dull Moment In IT
  2. TECH BRIEFING
    • Active Directory Deployment Plans Lockstep With W2K
  3. NT/2000 RELATED NEWS
    • More On Passwords and Security
    • OK, What ARE The MCSA Requirements Exactly?
  4. NT/2000 THIRD PARTY NEWS
    • Another Winner Company In The Security Space: PentaSafe
    • Ecora Software Surges In 2001 Despite Recession
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Windows XP Troubleshooting
  SPONSOR: Aelita Software
Migrating to Active Directory?
Don't do it without ERDisk for Active Directory!
It is the ideal solution for keeping business
critical AD and Exchange 2000 up and running.
ERDisk for AD offers full backup and 10-minute
restore, as well as advanced AD troubleshooting
capabilities. Download your FREE trial today!

Visit Aelita Software for more information.
  EDITORS CORNER

Never A Dull Moment In IT

Hi All,

First things first: Here is another happy XBOX winner.

"Stu,
I received the new XBOX, and want to thank you and Sunbelt Software. I LOVE IT. It's my first venture in the gaming scene, and now I'm hooked. My girls probably won't get a chance to play now that I have used it!
Thanks again,
Daniel Silverman"

This week's winner is:

Lenin Lopez, Los Angeles, CA, USA. Lenin works as a Web Designer at Provider Gateway, a network management solutions company for human services based out of Lakewood, California.

I saw a lot of entries where people (who were referred) but had not updated their profiles. A good time to complete your profile and refer more friends. Scroll all the way down, go to your profile page, update it and "Recommend A Friend" to win an XBOX.

It's been some week! First the rumors fly around that AOL Time Warner Is going to buy Red Hat, then that gets quashed, but next thing you know, they now sue Microsoft for alleged illegally harming Netscape during the browser wars in the late 1990's. (AOL bought Netscape three years ago).

So now you can expect years of fireworks of AOL Time Warner and MS legal battles. I'm not going to cover all of that, as it's essentially off topic for this e-zine and just more noise. My perspective is that companies should "do competitive battle" in the marketplace and not in the courts. And again, as always, it's going to be business as usual.

AOL is not getting anywhere with this because MS is going to counter that they dropped the ball after the acquisition, which in my eyes they actually did. Netscape virtually disappeared from view after the acquisition. And now for some good news:

Manny Sandhu, Managing Director of Business Britain, presented Ian Masters, UK & Ireland Country Manager for Sunbelt Software UK, with the award of Excellence and Recommendation 2002, for their services to Business Continuity.

Recently, Business Continuity and Data Storage and Recovery are issues that have become the number one priority for companies across the UK. "It's like car insurance", commented Ian Masters, "you cannot afford not to have it. If a company experiences downtime for any amount of time, then the chances are that they are going to lose not only mission critical data, but also vital customer information and statistics". Congrats for our colleagues in the U.K.!

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: DOWNTIME PREVENTION
DISASTER WILL STRIKE, NOT IF... BUT WHEN?
2001 Best Seller Double-Take provides real-time (and open file) data
replication. You can use it for either High Availability and/or
Disaster Recovery. It is your main job to prevent downtime for NT and
W2K networks. Double-Take is the industry leading product that will help
you do just that. Because it is not a matter of "if" disaster strikes.
Fires, floods and other mayhem always happens when you least expect it.
Visit DOWNTIME PREVENTION for more information.
  TECH BRIEFING

Active Directory Deployment Plans Lockstep With W2K

This is the third and last part of a set of results of a survey that was done by Sunbelt and IDC, in Q4, 2001:

Much of Microsoft?s .NET vision revolves around a single authentication, directory-enabled environment of Windows servers. While Windows .NET Server is not necessarily a mandatory component of this mix, in most cases, Active Directory will be.

Following Microsoft?s product roadmap, the majority of users deploying Windows 2000 plan to coordinate a rollout of Active Directory at the same time, an IDC study of Windows 2000 Server deployment plans concludes. According to the study, conducted in September 2001, 85% of the survey participants plan to use Active Directory with their Windows 2000 networks. Less than 3 percent have no plans to use a directory service with Windows 2000, while almost half of the remainder is undecided about their plans for using a directory service.

The study found the top two anticipated benefits of a directory-enabled environment are better total cost of ownership, particularly for client systems; and easier server management. Hopes for improved security was the third anticipated benefit, while supporting Exchange 2000 was cited as the fourth most important benefit expected by survey participants.

While having Active Directory installed is generally perceived as a benefit, it also continues to be an impediment to Windows 2000 rollouts, with 36% of survey participants citing Active Directory as a factor in delaying Windows 2000 server installations.
? Al Gillen

Study name is:
Active Directory Goes Hand in Hand with Windows 2000 Server (IDC #25860, Nov. 2001)

  NT/2000 RELATED NEWS

More On Passwords and Security

Subscriber Ron Bradley, from BradleyConsulting.com sent me an email with some comments that I highly value, so I'm copying an extract below. Also, a lot of people sent me feedback about how to create passwords. It's by using a so called mnemonic. Take a sentence that is easy to remember and use the first letters of the words. Then transpose some of these for a number or a special character. Example: "We like to walk in the August woods" translates to a password this way - [email protected]

And why is it necessary to continue to focus on security? The total security incidents nearly doubled in 2001 compared to the prior year, according to statistics released last week by the federally funded computer and network security body, the Computer Emergency Response Team (CERT) Coordination Center. While 2000 saw 21,756 security incidents, 52,658 such incidents were reported in 2001, as per CERT.

Here are Ron's comments:

"Once again, thanks for an excellent issue with pertinent information. I'm teaching a CIW Security Professional course this week, and the password issue is always a lively topic, especially after I show them how to run l0pht crack.

"Obviously it only takes a single bad password to make the security chain weak, so it's futile to chase the "strong password" model. Network sniffers and SMB packet captures are like 15,000 lb. daisy cutters to most corporate password policies.

"Passwords need only be "strong enough" with more stringent requirements for users with elevated privileges. Biometrics and one-time-passwords (such as the SecureID card) should be used by administrators and in critical applications.

"Enforcing user profiles with password protected screen savers; putting a password on your outlook.pst file, encrypted email, and encrypted data storage are also major factors. Check out www.jetico.com for an excellent way to protect your data. It's an awesome product that I have used for close to 5 years.

(Editor's Note: See the Fortress product for protected screen savers:)
http://www.w2knews.com/rd/rd.cfm?id=020124-Fortress

"I'm using a digital certificate on an Exchange 2000 server to encrypt traffic to Outlook Web Access clients. I also utilize POPS/SMTPS for yet another layer of protection. Security is like an onion, you need to set it up in layers." - end quote.

OK, What ARE The MCSA Requirements Exactly?

We recently closed the SunPoll that asked who was interested in the new MCSA certification. Out of 1517 respondees, here are the (non-scientific but de-duped) results.

  • Naah, I'm still upset with Microsoft. 34.27% - 520 votes
  • Perhaps, when I get time for that. 30.45% - 462 votes
  • I'm sure I'm going to do that in 2002. - 23.86% - 362 votes
  • Absolutely! I'm already cramming for the exams. 11.4% - 173 votes
Well, you need to be aware that you need to pass four exams. Out of these, three are core, and one is elective. It's a jungle of different tests and I'll try to make some sense out of it and keep it simple.

To begin with, you need to pass one of these two exams: W2K Pro (#70-210) or WinXP Pro (#70-270). Next, you have to ace either the W2K Server exam, or the Win .NET Server exam. (#70-215 and #70-275 respectively). As the next step, you also have to complete either the Managing a W2K Server Network Environment (#70-218) or the .NET equivalent (#70-278).

Now, you can start thinking about your one elective. You can pick and choose out of stuff like NT Server 4.0 Network Support and Maintenance (which I do not recommend), but you can also take applications like SQL, or Exchange, ISA, Proxy server, or perhaps the W2K Network Infrastructure which makes a whole lot more sense, since everyone is now finally getting to migrate to W2K and AD. Even Sunbelt moves to AD this month, finally. (You'll get a detailed write-up about that)

All the MCSA detail is at the MS website over at:
http://www.w2knews.com/rd/rd.cfm?id=020124RN-MCSA

  THIRD PARTY NEWS

Another Winner Company In The Security Space: PentaSafe

Why Sunbelt Software has selected PentaSafe as a best-of-breed security solution:

PentaSafe Security Technologies, Inc., announced that the company has again shown another strong quarter of growth and achieved designated quarterly sales goals despite a challenging corporate IT spending environment. PentaSafe closed their Q4 with revenues up 53% from the previous year. PentaSafe added over 40 new customers this quarter including Williams Energy, Gucci, and Perry Homes.

"PentaSafe's 35 security management software products are redefining the security software market," said Doug Erwin, President and CEO of PentaSafe. "Our solutions are built around the philosophy that a successful IT security program must include a combination of people, policies and technology. We're continually meeting our sales goals because we not only provide unsurpassed vulnerability assessment and intrusion detection technology, we also provide solutions that help companies more effectively manage and implement security policies and awareness -- from a central point of control."

PentaSafe's position is backed up by Computerworld, which recently selected PentaSafe as one of the Top 100 Emerging Technology Companies for 2002. Quoted from the December 2001 issue: "What sets PentaSafe apart, say users and analysts, is the company's focus on user awareness and product compatibility -- all from a single console." Check it out!
http://www.w2knews.com/rd/rd.cfm?id=020124TP-PentaSafe

Ecora Software Surges In 2001 Despite Recession

And as another example that not everything is doom and gloom, the sales of Ecora's change management software were up 91% as companies seek to shore up network security, address disaster recovery, and reduce IT infrastructure costs. Ecora finished the year with the best quarter in its three-year history.

"Whether a company has 300 employees or 300,000, every IT department struggles to address increased concerns (security, audits, disaster recovery) with fewer resources," said Ecora founder and CEO Alex Bakman. "Our success is testimony to our ability to deliver products that make managing IT simple and cost effective."

Ecora products automate documentation of IT information and track configuration changes that have security implications for a company.

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Interview with Cliff Reeves, the MS VP Windows.Net product management, Talks about the new security effort. Interesting reading.
    http://www.w2knews.com/rd/rd.cfm?id=020124FA-SecurityInterview
  • Microsoft's Best Security Practices Checklist:
    http://www.w2knews.com/rd/rd.cfm?id=020124FA-BestPractices
  • And the last one is just pure for fun. It's amazing how they can emulate human movement now, with this "wire-guy" you can move.
    http://www.w2knews.com/rd/rd.cfm?id=020124FA-FunWithWireGuy
  • Portable, broadcast quality satellite system in a suitcase. Pretty cool!
    http://www.w2knews.com/rd/rd.cfm?id=020124FA-Swe-Dish
  •   PRODUCT OF THE WEEK

    Windows XP Troubleshooting

    This is what one of the authors said promoting his book. I have a copy and it's good! One of the other authors is Tom Shinder, who happens to be the editor of our WinXPnews.com. This is a "warmly recommended" Book Of The Week.

    "When I first saw Windows XP in the early beta versions, I was astonished by the number of additions and improvements that Microsoft had incorporated into it. Windows XP is the most feature-rich and useful desktop operating system yet. Because Windows XP includes so many new and useful features, the prospect of mastering it may appear daunting. However, many will find that using Windows XP will make using a computer more enjoyable, and that mastering XP is more a matter of play, rather than work. To put it simply: XP rocks. I found both myself and the other contributors with whom I worked on this book sharing a common enthusiasm for the product. It is our hope that we also communicate this enthusiasm to you, and that you will find this book informative and enjoyable."
    http://www.w2knews.com/rd/rd.cfm?id=020121BW-WXPtroubleshooting