- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Feb 7, 2002 (Vol. 7, #11 - Issue #342)
The Best Security Scanner Revealed
  This issue of W2Knews™ contains:
    • The Best Security Scanner Revealed
    • Warning: SRP1 Problems
    • Transcender Releases New Pak For MCSD Track
    • MS Software Development Stops For A Month
    • The Best Security Scanner Revealed
    • SANS Institute Announces Five New Security Certification Courses
    • NEW TOOL: UDeploy Breaks The W2K 120 Day Eval Period!
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Windows 2000 Security
  SPONSOR: Prism Pack
"In Need Of Software Deployment, But Hate Scripting?"
Prism Pack is a graphical tool that allows you to create packs that
you can then deploy using Microsoft's SMS, Novell ZENworks, Tivoli,
or LANDesk. Prism Pack packages any software for deployment to any
PC or laptop anywhere in the world. Prism Pack revolutionizes software
packaging by making it fast, easy, and above all else RELIABLE.
Visit Prism Pack for more information.

The Best Security Scanner Revealed

Hi All,

Sunbelt Software gets asked at least a few times a week if we'd like to sell a new product. We look carefully if it fits in our line-up and what the quality of the tool is. We always try to get the best-of-breed only. It means that 95% of these requests are politely declined.

But this time around I'm happy to say that this strategy again has shown to work very well, and really provide you with the best tools around. As you remember, three years ago we started selling STAT, which was a new vulnerability scanner by Harris. Last year we added another vulnerability scanner called Retina, by eEye. And guess what?

Network World just did a very thorough test of the market-leading vulnerability scanners and put them on the torture bench. I'm sure you are already getting where I'm heading. [grin] STAT came out second, and Retina came out first! Boy, were we ever made right.

These tools are definite MUST HAVE "point solutions", to secure your environment and as a part of a much larger security posture. If you have STAT, I suggest you read the item below: "The Best Security Scanner Revealed" and do a comparison. Actually, if you own ANY current scanner, you should read this article.

Retina comes out as the clear winner and in the wake of this "major win" the Retina developer eEye has announced a very competitive upgrade plan. You should check this out. Not having the very best security tools could cost you dearly. The link to the Network World article is here:

Warm regards,
Stu Sjouwerman

PS: Make sure to also check out the new security courses that SANS just announced, see notice below.
(email me with feedback: [email protected])

2001 Best Seller Double-Take provides real-time (and open file) data
replication. You can use it for either High Availability and/or
Disaster Recovery. It is your main job to prevent downtime for NT and
W2K networks. Double-Take is the industry leading product that will help
you do just that. Because it is not a matter of "if" disaster strikes.
Fires, floods and other mayhem always happens when you least expect it.
Visit DOWNTIME PREVENTION for more information.

Warning: SRP1 Problems

SRP1 is not without its flaws it appears. I have been receiving a good many problem reports and ran into some myself as well. I'm just giving you a quick overview of the current incidents, without having had the chance to investigate any of them in depth. Looks like this puppy has not been beta tested as thoroughly as Service Packs are nowadays. The choice now is to deploy SRP1 or wait for SP3 which will likely be more reliable.

  • Not a bug per se, rather a report of behavior in the installation of this patch which is not documented in the Security Bulletin. Once the w2KSP2SRP1.exe patch has been installed, Terminal Server connections to the server in question are disabled until the server has been rebooted. If an Administrator is unaware of this issue and disconnects the Terminal Server session after installing the patch, he is then unable to reconnect to the server to initiate the required reboot. Additionally, if the server is an Application mode Terminal server, users are no longer able to connect to the server.

  • I installed SRP1 on my test PC and now Windows reports an invalid paging file, and it won't let me fix it. I guess I will be reinstalling the OS; needless to say I won't be installing the patch on any of our other PC's. The machine I installed on is an HP Vectra with SP2 installed.

  • I personally tried to install SRP1 on a W2KPro with SP2 and the installation failed, both the download and the express ones, and repeated attempts came up with a Setup Error: Failed To Install Catalog Files.

  • Test, test, test. Got it, installed it, witnessed crash after crash without even the benefit of a blue screen, deinstalled it and system works fine. Did a full backup and a regback as well before I tried it as I have had bad experience before with MS' "fixes"...

    I am sure there will be more, and the percentage problems will be low, but it certainly reinforces the rule you HAVE to apply with these things: Test, test, test. Always make sure you can roll back/uninstall. Never roll it out "wholesale" without a week of experience in a limited environment which is representative for the vast majority of your users and apps. Ignore these rules at your peril. And here are a few more do's and don'ts from Winnet Mag:

  •   NT/2000 RELATED NEWS

    Transcender Releases New Pak For MCSD Track

    Transcender just released a new Pak, the Deluxe MCSD Pak, for the MS Certified Solutions Developer (MCSD) exams. Single-user licenses for the Deluxe MCSD Pak, which includes SolutionCert 3.0 and a choice of three single-user license TranscenderCerts among VB-Cert Desktop 6.0 VB-Cert Distributed 6.0, C++ Cert/Desktop 6.0, C++ Cert/Distributed 6.0, CommerceCert 3.0, SQL-DesignCert 2000, SQL-DesignCert 7.0, SQL-DataCert 7.0, VBA-Cert 6.0 and DevCert6.0, are available for $389. The Deluxe MCSD Pak also includes SolutionFlash 3.0 plus three other Transcender-Flash among VB-Flash Desktop.

    "With the release of SolutionFlash, we are now offering a Deluxe version of our MCSD Pak. Now customers can prepare for all of their MCSD exams with the most comprehensive test prep available - TranscenderFlash and TranscenderCert," says Kelly Mansfield, product manager. Check them out:

    MS Software Development Stops For A Month

    What? Yes. But they are not sitting on their hands. They decided to do a code review. This is something that is actually very customary in the software bizz. Except that this one is done with an exclusive security viewpoint in mind. They basically are going over all code with a fine tooth comb to find any buffer overflow errors. It's just a matter of coding discipline to not have any buffer overflow "holes". So, next versions of MS products should be more secure. [famous last words].

    It is somewhat unreal though to expect that the zillions of lines of code in MS products could be reviewed in just a month. It's a discipline that needs to be acquired and then kept "in" as it were. It will take MS at least 10 years to get and keep all code trustworthy.


    The Best Security Scanner Revealed

    Network World, in their 02/04/02 issue, started out like this:

    "In the past, there hasn't been much good news about the state of vulnerability-assessment scanners. Their reputation has been plagued with false positive reports, lack of scalability, lagging updates and inadequate reporting tools.

    "While some areas still need a bit of improvement, vulnerability scanners have useful tools for helping network professionals identify potential vulnerabilities and security. However, we also found that many of these products may have trouble scaling to fit the requirements of enterprise networks.

    "In our testing, we reviewed products from eEye Digital Security, Nessus, Symantec, Internet Security Systems, NetIQ, Network Associates, PatchLink and Harris. Cisco and BindView declined to participate.

    "We evaluated how each identified our network vulnerabilities; what resources it required to run and then scale to a larger network; its reporting tools; what it offered as security recommendations and autofix features; and installation and ease of use.

    "eEye Digital Security's Retina is the Blue Ribbon Award winner. Harris' Security Threat Avoidance Technology (STAT) Scanner was a close second, but it fell a bit short in the ease-of-use category." End quote. The complete article is definitely worth it.

    Make sure you check their Scorecard and Net Results chart. Here is the link to the Retina page and the full Network World article:

    SANS Institute Announces Five New Security Certification Courses

    SANS Institute announces five new training and certifications for security people. Auditing Systems and Networks, Certified Information Security Officer, and System Forensics to add to their programs on Windows 2000/XP Security, Intrusion Detection, and Firewalls? Check these out at:

    NEW TOOL: UDeploy Breaks The W2K 120 Day Eval Period!

    UDeploy 2000/NT is the only software utility that can upgrade the Evaluation Edition of Windows 2000/NT to the Retail Edition without forcing you to re-install Windows 2000/NT.

    It can remove the 120 day evaluation period or the 10 user limit from Windows 2000/NT. It preserves all of your service packs, hotfixes, device drivers, user preferences, and applications.

    Product Features

    • Only UDeploy 2000/NT will upgrade Windows 2000/NT without re-installing the operating system. There is no difference between the editions of Windows 2000/NT except for a handful of DLL files (related to licensing) and a few registry keys. Otherwise they are the same. There is no reason to force you to re-install all of your system DLLs and drivers.
    • UDeploy 2000/NT copies only a minimal set of DLLs from the retail CD and modifies a few registry keys. It takes less than 15 seconds. The result is indistinguishable from re-installing Windows 2000/NT. There is literally no way to tell the difference.
    • UDeploy 2000/NT will require you to insert the CD to perform the upgrade. It will perform several tests to verify that you indeed possess a valid Retail CD. It will prompt you to enter the product key on the back of the jewel case and verify it. Finally, you must agree to a legal license where you indicate you own a valid Windows 2000/NT license (with an indemnification clause). UDeploy 2000/NT will then use the retail CD to upgrade your PC to the retail version of Windows 2000/NT.
    Check these scenarios:

    A junior consultant installs NT Server for a client. Not knowing any better he installs the Microsoft Developer Network (MSDN) version without realizing it has a 10 user limit. After the client complains (sometimes months later) he calls Microsoft Tech Support. About half of the time the tech rep tells him there is nothing he can do, per http://support.microsoft.com/support/kb/articles/q142/3/91.asp.

    The other half of the time he gets a smart tech rep who "unofficially" refers him to UDeploy. Lose none of your applications or preferences. Avoid days of downtime. Make minimal changes to your Windows 2000/NT system. Activate licenses for Terminal Services "Roll back" the upgrade.

    Assume you have a PC running Windows 2000/NT Retail that you want to retire. Your in-house developers need another PC for development. Insert the Not-for-Resale (NFR) CD-ROM and use UDeploy 2000 to roll back your Windows 2000 PC to the NFR version or use UDeploy NT to re-apply the 10 user limit and change the license keys back to the Developer Edition.

    Deploy in-house software. Many developers subscribe to the Microsoft Developer Network (MSDN). The version of NT provided by MSDN is marked "NFR" (not for resale) and is hobbled by a 10 user limit. If you are an in-house developer, you want to be able to roll out your application. For example, you can use Ghost to clone a "production" PC for use by your organization. But the 10 user limit stops you. Use UDeploy to remove the 10 user limit from the production PC.

    UDeploy NT also works with NT Server Enterprise Edition. UDeploy NT and UDeploy 2000 are only available on the Sunbelt OnLineShop. Check:


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Use Outlook? Here's Highlights, Post-it's, cool stamps and other goodies.
  • SHOW your company is not pirating software. Here's the steps how.
  • Drive a motorbike? Ride a bike in rush hour? From Zero to Safety in 30MS:
  • Want to know your Hobbit Name? Well here's the site to find out:

    Windows 2000 Security

    Bored hackers looking for a new playground. Digital marauders destroying a carefully planned network infrastructure. These and other security nightmares keep network administrators awake at night. Knowledge is the best way to combat these fears, and Windows 2000 Security does its part to help you protect your systems against intruders. The book speaks to an audience of network administrators and support personnel. Previous knowledge of Windows 2000 and Active Directory is recommended, but not required, to find this book useful.