Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Jan 24, 2002 (Vol. 7, #7 - Issue #338)
More On Passwords and Security
This issue of W2Knews contains:
- EDITORS CORNER
- Never A Dull Moment In IT
- TECH BRIEFING
- Active Directory Deployment Plans Lockstep With W2K
- NT/2000 RELATED NEWS
- More On Passwords and Security
- OK, What ARE The MCSA Requirements Exactly?
- NT/2000 THIRD PARTY NEWS
- Another Winner Company In The Security Space: PentaSafe
- Ecora Software Surges In 2001 Despite Recession
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows XP Troubleshooting
SPONSOR: Aelita Software
Migrating to Active Directory?
Don't do it without ERDisk for Active Directory!
It is the ideal solution for keeping business
critical AD and Exchange 2000 up and running.
ERDisk for AD offers full backup and 10-minute
restore, as well as advanced AD troubleshooting
capabilities. Download your FREE trial today!
Visit Aelita Software for more information.
Never A Dull Moment In IT
First things first: Here is another happy XBOX winner.
I received the new XBOX, and want to thank you and Sunbelt Software.
I LOVE IT. It's my first venture in the gaming scene, and now I'm
hooked. My girls probably won't get a chance to play now that I
have used it!
This week's winner is:
Lenin Lopez, Los Angeles, CA, USA. Lenin works as a Web Designer
at Provider Gateway, a network management solutions company for
human services based out of Lakewood, California.
I saw a lot of entries where people (who were referred) but had not
updated their profiles. A good time to complete your profile and refer
more friends. Scroll all the way down, go to your profile page,
update it and "Recommend A Friend" to win an XBOX.
It's been some week! First the rumors fly around that AOL Time Warner
Is going to buy Red Hat, then that gets quashed, but next thing you
know, they now sue Microsoft for alleged illegally harming Netscape
during the browser wars in the late 1990's. (AOL bought Netscape
three years ago).
So now you can expect years of fireworks of AOL Time Warner and MS
legal battles. I'm not going to cover all of that, as it's essentially
off topic for this e-zine and just more noise. My perspective is that
companies should "do competitive battle" in the marketplace and not in
the courts. And again, as always, it's going to be business as usual.
AOL is not getting anywhere with this because MS is going to counter
that they dropped the ball after the acquisition, which in my eyes
they actually did. Netscape virtually disappeared from view after
the acquisition. And now for some good news:
Manny Sandhu, Managing Director of Business Britain, presented Ian
Masters, UK & Ireland Country Manager for Sunbelt Software UK, with
the award of Excellence and Recommendation 2002, for their services
to Business Continuity.
Recently, Business Continuity and Data Storage and Recovery are issues
that have become the number one priority for companies across the UK.
"It's like car insurance", commented Ian Masters, "you cannot afford
not to have it. If a company experiences downtime for any amount of
time, then the chances are that they are going to lose not only mission
critical data, but also vital customer information and statistics".
Congrats for our colleagues in the U.K.!
(email me with feedback: [email protected])
SPONSOR: DOWNTIME PREVENTION
DISASTER WILL STRIKE, NOT IF... BUT WHEN?
2001 Best Seller Double-Take provides real-time (and open file) data
replication. You can use it for either High Availability and/or
Disaster Recovery. It is your main job to prevent downtime for NT and
W2K networks. Double-Take is the industry leading product that will help
you do just that. Because it is not a matter of "if" disaster strikes.
Fires, floods and other mayhem always happens when you least expect it.
Visit DOWNTIME PREVENTION for more information.
Active Directory Deployment Plans Lockstep With W2K
This is the third and last part of a set of results of a survey that
was done by Sunbelt and IDC, in Q4, 2001:
Much of Microsoft?s .NET vision revolves around a single authentication,
directory-enabled environment of Windows servers. While Windows .NET
Server is not necessarily a mandatory component of this mix, in most
cases, Active Directory will be.
Following Microsoft?s product roadmap, the majority of users deploying
Windows 2000 plan to coordinate a rollout of Active Directory at the
same time, an IDC study of Windows 2000 Server deployment plans
concludes. According to the study, conducted in September 2001, 85%
of the survey participants plan to use Active Directory with their
Windows 2000 networks. Less than 3 percent have no plans to use a
directory service with Windows 2000, while almost half of the
remainder is undecided about their plans for using a directory
The study found the top two anticipated benefits of a directory-enabled environment are better total cost of ownership, particularly
for client systems; and easier server management. Hopes for improved
security was the third anticipated benefit, while supporting Exchange
2000 was cited as the fourth most important benefit expected by
While having Active Directory installed is generally perceived as
a benefit, it also continues to be an impediment to Windows 2000
rollouts, with 36% of survey participants citing Active Directory
as a factor in delaying Windows 2000 server installations.
? Al Gillen
Study name is:
Active Directory Goes Hand in Hand with Windows 2000 Server
(IDC #25860, Nov. 2001)
NT/2000 RELATED NEWS
More On Passwords and Security
Subscriber Ron Bradley, from BradleyConsulting.com sent me an email with
some comments that I highly value, so I'm copying an extract below.
Also, a lot of people sent me feedback about how to create passwords.
It's by using a so called mnemonic. Take a sentence that is easy to
remember and use the first letters of the words. Then transpose some
of these for a number or a special character. Example: "We like to walk
in the August woods" translates to a password this way - [email protected]
And why is it necessary to continue to focus on security? The total
security incidents nearly doubled in 2001 compared to the prior year,
according to statistics released last week by the federally funded
computer and network security body, the Computer Emergency Response
Team (CERT) Coordination Center. While 2000 saw 21,756 security
incidents, 52,658 such incidents were reported in 2001, as per CERT.
Here are Ron's comments:
"Once again, thanks for an excellent issue with pertinent information.
I'm teaching a CIW Security Professional course this week, and the
password issue is always a lively topic, especially after I show them
how to run l0pht crack.
"Obviously it only takes a single bad password to make the security chain
weak, so it's futile to chase the "strong password" model. Network
sniffers and SMB packet captures are like 15,000 lb. daisy cutters to
most corporate password policies.
"Passwords need only be "strong enough" with more stringent requirements
for users with elevated privileges. Biometrics and one-time-passwords
(such as the SecureID card) should be used by administrators and in
"Enforcing user profiles with password protected screen savers; putting
a password on your outlook.pst file, encrypted email, and encrypted
data storage are also major factors. Check out www.jetico.com for an
excellent way to protect your data. It's an awesome product that I
have used for close to 5 years.
(Editor's Note: See the Fortress product for protected screen savers:)
"I'm using a digital certificate on an Exchange 2000 server to encrypt
traffic to Outlook Web Access clients. I also utilize POPS/SMTPS for
yet another layer of protection. Security is like an onion, you need
to set it up in layers." - end quote.
OK, What ARE The MCSA Requirements Exactly?
We recently closed the SunPoll that asked who was interested in the
new MCSA certification. Out of 1517 respondees, here are the (non-scientific but de-duped) results.
Well, you need to be aware that you need to pass four exams. Out of
these, three are core, and one is elective. It's a jungle of different
tests and I'll try to make some sense out of it and keep it simple.
- Naah, I'm still upset with Microsoft. 34.27% - 520 votes
- Perhaps, when I get time for that. 30.45% - 462 votes
- I'm sure I'm going to do that in 2002. - 23.86% - 362 votes
- Absolutely! I'm already cramming for the exams. 11.4% - 173 votes
To begin with, you need to pass one of these two exams: W2K Pro (#70-210)
or WinXP Pro (#70-270). Next, you have to ace either the W2K Server
exam, or the Win .NET Server exam. (#70-215 and #70-275 respectively).
As the next step, you also have to complete either the Managing a W2K
Server Network Environment (#70-218) or the .NET equivalent (#70-278).
Now, you can start thinking about your one elective. You can pick and
choose out of stuff like NT Server 4.0 Network Support and Maintenance
(which I do not recommend), but you can also take applications like SQL,
or Exchange, ISA, Proxy server, or perhaps the W2K Network Infrastructure
which makes a whole lot more sense, since everyone is now finally getting
to migrate to W2K and AD. Even Sunbelt moves to AD this month, finally.
(You'll get a detailed write-up about that)
All the MCSA detail is at the MS website over at:
THIRD PARTY NEWS
Another Winner Company In The Security Space: PentaSafe
Why Sunbelt Software has selected PentaSafe as a best-of-breed
PentaSafe Security Technologies, Inc., announced that the company has
again shown another strong quarter of growth and achieved designated
quarterly sales goals despite a challenging corporate IT spending
environment. PentaSafe closed their Q4 with revenues up 53% from the
previous year. PentaSafe added over 40 new customers this quarter
including Williams Energy, Gucci, and Perry Homes.
"PentaSafe's 35 security management software products are redefining
the security software market," said Doug Erwin, President and CEO of
PentaSafe. "Our solutions are built around the philosophy that a
successful IT security program must include a combination of people,
policies and technology. We're continually meeting our sales goals
because we not only provide unsurpassed vulnerability assessment and
intrusion detection technology, we also provide solutions that help
companies more effectively manage and implement security policies
and awareness -- from a central point of control."
PentaSafe's position is backed up by Computerworld, which recently
selected PentaSafe as one of the Top 100 Emerging Technology Companies
for 2002. Quoted from the December 2001 issue: "What sets PentaSafe
apart, say users and analysts, is the company's focus on user awareness
and product compatibility -- all from a single console." Check it out!
Ecora Software Surges In 2001 Despite Recession
And as another example that not everything is doom and gloom, the sales
of Ecora's change management software were up 91% as companies seek to
shore up network security, address disaster recovery, and reduce IT
infrastructure costs. Ecora finished the year with the best quarter
in its three-year history.
"Whether a company has 300 employees or 300,000, every IT department
struggles to address increased concerns (security, audits, disaster
recovery) with fewer resources," said Ecora founder and CEO Alex
Bakman. "Our success is testimony to our ability to deliver products
that make managing IT simple and cost effective."
Ecora products automate documentation of IT information and track
configuration changes that have security implications for a company.
This Week's Links We Like. Tips, Hints And Fun Stuff
Interview with Cliff Reeves, the MS VP Windows.Net product management,
Talks about the new security effort. Interesting reading.
Microsoft's Best Security Practices Checklist:
And the last one is just pure for fun. It's amazing how they can emulate
human movement now, with this "wire-guy" you can move.
Portable, broadcast quality satellite system in a suitcase. Pretty cool!
PRODUCT OF THE WEEK
Windows XP Troubleshooting
This is what one of the authors said promoting his book. I have
a copy and it's good! One of the other authors is Tom Shinder, who
happens to be the editor of our WinXPnews.com. This is a "warmly
recommended" Book Of The Week.
"When I first saw Windows XP in the early beta versions, I was
astonished by the number of additions and improvements that
Microsoft had incorporated into it. Windows XP is the most
feature-rich and useful desktop operating system yet. Because
Windows XP includes so many new and useful features, the
prospect of mastering it may appear daunting. However, many
will find that using Windows XP will make using a computer
more enjoyable, and that mastering XP is more a matter of
play, rather than work. To put it simply: XP rocks. I found
both myself and the other contributors with whom I worked
on this book sharing a common enthusiasm for the product.
It is our hope that we also communicate this enthusiasm to you,
and that you will find this book informative and enjoyable."