Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 25, 2002 (Vol. 7, #16 - Issue #347)
New Microsoft Security Freeware
This issue of W2Knews contains:
- EDITORS CORNER
- MS Tracks Media Player User Habits
- TECH BRIEFING
- Even Better Tech Support From Sunbelt
- More About The Cisco Security Audit Tool
- NT/2000 RELATED NEWS
- New Microsoft Security Freeware Scans For Windows Holes
- NT/2000 THIRD PARTY NEWS
- The Human Factor in Security Management
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Configuring ISA Server 2000
FREE EXCHANGE GUIDE from NetIQ
Is your e-mail traffic growing? What routes are messages taking?
Do you experience delays in e-mail delivery? Get answers now with
NetIQ's free guide, "The Top Reports Every Exchange Administrator
Lives For." This free guide explores ten critical indicators that
leading Exchange Administrators are monitoring and explains how
to put this valuable data to work.
Visit NetIQ for more information.
MS Tracks Media Player User Habits
This is just a heads-up. The latest version of MS's Media Player
creates a list of the digital songs and movies that you have played.
This can have some interesting consequences to say the least. The
first thing I personally would do is find out where the heck that
list sits and blow it away. It's nobody's business what I do in
my free time in my own house. Whether that is visiting websites of
competitors, do health research, or roam freely over the web.
The first person that emails me the way to empty this log without
breaking Media Player will get an honorable mention in the coming
Files like this, uncontrolled by any specific company that is
responsible for their use, are goldmine for marketing companies,
lawyers, even snooping spouses. And what if that WinXP machine
gets cracked, a backdoor gets installed, and that trojan reports
in real time what you are doing on the web? Yikes!
Associated Press reported that MS is now telling people Media
Player does this, pretty much after the fact. Oh, and this latest
version of MP comes free with WinXP: 73 million users this year
alone. MS claims it has no plans to sell the data they collected.
Yeah, right. They SHOULD have disclosed this up front.
Microsoft's original privacy statement informed customers that
they were downloading the information about CDs but never stated
the information was being stored in a log file on each computer.
Read the entire Associated Press article on Yahoo:
XBOX Winner: Alphonse Lemieux, Québec, Canada!
To win your own, go here and fill out this form:
(email me with feedback: [email protected])
Regain 30% Of Your Server Space...
And save hundreds of hours in file cleanup. Maximizing uptime is a top
priority. But without control of the data on your servers, achieving
this priority can be nearly impossible. Servers crammed with obsolete
and non-business related files can jeopardize uptime, drag down backups
and slow down real-time access to what's really important. Adding more
disk space only compounds the problem - soon you'll have twice as many
junk files. That's why Microsoft and 80 of the Fortune 100 insist on
StorageCeNTral. Download your free 30 day evaluation copy, and you'll be
surprised at what StorageCeNTral finds wasting space on your servers.
Visit StorageCentral for more information.
Even Better Tech Support From Sunbelt
In the recent "download" SunPoll we did, it turned out that a large
majority of you downloaded products that seem interesting and potential
time savers, but had trouble finding the time to actually install them.
We looked at that, and tried to find a way to help you. It is usually
a matter of getting to an install and finishing it quickly. For some
products that is easy. For others it can take a bit more work.
We found a solution in two tools that will help you get things moving
faster. First, we are investing in an application that allows us to
show you over the web how to do things. It allows us to share a desktop
on our end, and show you the application in real-time, plus solve any
problems that way. Second, for a few of the higher-end tools, we have
installed a small add-on that will warn our tech guys that you started
your install. That way they will be able to jump in faster with support.
With these new tools we hope to save you time in getting your system
management tools set up faster, and start using these utilities to make
your life easier. We're always trying to improve on the "mainframe-quality"
tech support that we offer. And if you have suggestions, please let us
More About The Cisco Security Audit Tool
Karl Levinson sent me this: Essentially it goes through your router's
config file looking for certain lines as recommended by the [NSA?]
router config guide. The http://www.cisecurity.org web site has some data, and you can hear the 1-hour audio of the webcast that went with the
slide show at http://www.sans.org.
The Router Audit Tool is Perl based and so far it only runs on Unix/Linux, but a Windows port is in the works. I'm not sure this tool was developed by Cisco, in fact UUnet appeared to get more acknowledgement for input. The benchmark/audit tool is available for download at http://www.cisecurity.org and they also have a tool to audit Windows 2000 computers, based somewhat on the Shavlik/Microsoft HFNETCHK tool, so one thing that tool must do is check for patches.
NT/2000 RELATED NEWS
New Microsoft Security Freeware Scans For Windows Holes
MS announced a freeware vulnerability-scanner this week at the RSA
Conference 2002. This freebie is called Microsoft Baseline Security
Advisor (MBSA). It's not available yet. ComputerWorld announced it in
an article but they simply got it wrong, and also pointed people to
the wrong link. They must have misunderstood the existing HotFixNet-Check for the new MBSA.
When I looked over the features, it looks like this is a very low-end,
pretty much end-user oriented tool. It does help though to get more
user security awareness though. MBSA checks for good password policy,
and warns users for any insecure settings.
But compared to commercial scanners, MBSA falls way behind. It does
not look at networks from the viewpoint of a cracker and scans for
all possible holes. Instead, this mini-scanner looks for problems
that are on the Microsoft security checklists.
How it works is that MBSA grabs the MS XML file (about 700K) from the
MS-website. MS maintains this database for free, and security tools
can grab this file and run scans. MBSA does just that. The advantage
is that the holes in MS-stuff are maintained close to real-time. The
drawback is the fact that there are MANY more holes in networks than
just MS-created products. MBSA could create a false sense of security.
It also does not apply any hotfixes, but just reports if they are
installed or not. Up to now MS has co-developed these tools with
Shavlik Technologies. MS is of course being pressured to have the
whole bugfix process fully automated, and invisible for the end user.
This may be a good solution for an end-user with DSL or cable, but
an enterprise domain being auto-fixed by MS is a recipe for disaster!
The MBSA is a first step in this direction, said Lara Soskonsky, a
Microsoft security program manager. She was demonstrating it at the
RSA conference. "We don't push out the patches, but we may add that
feature as an option in Version 2.0. In future versions, we'll also
add more applications, such as Internet Information Server 4.0, 5.0,
SQL 7, Internet Explorer 5.0 and up, Office 97 and Office 2000, among
others, and we'll add .Net [support] to Version 2.0."
MBSA really is a stripped-down version of Shavlik's own HFNetChk Pro
AdminSuite 3.6, which can push out software patches and remotely install
them in a scheduled fashion. It can check for weak passwords and weak
administrative accounts. The latest version 3.6 of this tool became
available this week.
If you run a larger environment, and want to do a detailed analysis
across all your machines, Shavlik released EnterpriseInspector. This
version really takes the high-end, full-fledged approach. Check:
THIRD PARTY NEWS
The Human Factor in Security Management
This is an article about the first and only software that puts you in
control of security policy creation, distribution, education and
tracking for compliance.
Security studies show that humans are consistently the weakest link in
any security program. Your company can spend hundreds of thousands of
dollars on firewalls, virus scanners and Network intrusion detection,
but if users don't understand and comply with your security policies
your data is at risk. A recent Information Week survey showed that
only 9% of corporate employees understand their security policies,
and that 75% of companies do not keep their policies up to date.
Are your security policies up to date with the latest risks and recent
industry regulations? Can you be sure that every one of your employees,
contractors and business partners has read and actually understands
your security policy? If you have to update your Email policy, how
long would it take you to verify that everyone has read it?
The VigilEnt Policy Center (VPC) from PentaSafe Security Technologies
is the only security tool that addresses both the technical and human
side of information security policies. This new web-based tool follows
a life-cycle approach to policy management and automates each step in
the process. VPC comes with industry leading practices from Charles
Cresson Wood, and is expandable to include custom industry content
for HIPAA or GLBA. VPC also provided incident reporting and tracking
through a central database, making it an ideal tool for tracking
compliance against security standards such as ISO 1-7799.
VPC addresses the 5 major Policy Management challenges you face today:
THE VIGILENT POLICY CENTER ADDRESSES THESE CHALLENGES:
- Creating and updating Policy,
- Distributing Policy,
- Users reading current Policy,
- User awareness and retention of Policy information and
- Tracking status and awareness level.
ADDRESSING BOTH PEOPLE AND TECHNICAL POLICY
- Creating and Updating Policy:
VPC is an automated policy tool that provides leading practice security
content from Charles Cresson Wood. Wizards and templates in a browser
(HTML) interface allow users to easily create policies or import their
own. Built-in workflow and tracking allow policy authors to track each
document through review, approval/publish and archive stages.
- Distributing Policy:
VPC enables the quick and easy publishing of policies to an intranet
that users can access via their web browser. Policy distribution is based
on the user's role in the organization so that each employee receives only
the relevant policies for their job function. Companies can easily integrate
VPC to use existing users and groups from directories such as Active
Directory, NT, Exchange, Lotus Notes, iPlanet, etc. so that users do not
have to learn a new ID and password.
- Users reading current Policy:
VPC enables users to login to a secure web site where they can see new
policies/quizzes and read them with a click of the mouse. They can accept/reject the policies and their response is kept in a tamper-evident log
file. The VPC user site supports multiple languages and can be customized
easily to the style of a corporate intranet. A simple web form allows
users to submit policy violations to a central database for tracking and
- User awareness and retention of Policy information:
VPC enables the quick and easy creation of policy quizzes in multiple-choice format that assess a user's knowledge of the recently published policy. Both administrators and users are given quick feedback via quiz scores. VPC comes with a library of sample quizzes and a web-based editor for easy customization. Companies can integrate existing CBT modules into VPC and distribute them via hyperlinks on the user site.
- Tracking status and awareness level:
VPC provides out of the box compliance/tracking reports that enable
an administrator to see who has read the policies or taken the quizzes
and, more importantly, see who has not. Reports can be run at an
organization level, or down to individual users and groups. Compliance
and exception reports can be exported to Excel, HTML files or printed
in management reports.
Adding to the people issues are the technical challenges of policy
management. A common problem is ensuring that your technology is
actually enforcing what your policies specify. For example, are our
NT, AS/400 and Unix machines all enforcing our password policy? By
integrating with the VigilEnt Security Manager and Pentasafe auditing
agents, security policies and standards can automatically be translated
into instructions for auditing the compliance of your machines.
Summary reports give you graphs of policy compliance across hundreds
or thousands of different servers. By combining VPC and the other
integrated Pentasafe tools, the security officer gets a first-time
snapshot of both technical and machine compliance in one solution.
The function and role of information security has changed dramatically
in the past year alone as the challenge of creating and implementing
proper security policies becomes more complex. VPC has returned the
definition of policy to its rightful place and provided a tool that
recognizes the unique requirements of an ongoing, policy-based security
management program. If you have an upcoming audit, or are trying to
establish compliance with a security management program such as ISO
1-7799, VPC is indispensable.
If you want a 15-minute Live web-demo of this tool, read this product
page and fill out the form at the end:
This Week's Links We Like. Tips, Hints And Fun Stuff
With DCPC you can change all the passwords of local NT/W2K account,
one or many WS and SV:
How to "rice" your computer. Or, how to overclock from 88 to a 9000
mhz dream machine:
Fool-proof, solid as concrete way to secure your computer:
Yup, they are going to be available in April. Resistance is futile:
[PUBLIC SERVICE ANNOUNCEMENT] This site is against drugging school kids:
PRODUCT OF THE WEEK
Configuring ISA Server 2000
If you are into building firewalls for W2K, this is a MUST-Have book.
This time, instead of a short dry description, one of the Amazon.com
Reader Reviews from May 17, 2001. Reviewer: James Glenn from Phoenix:
"One of the best computer books I've read. I bought this book after
having read the Shinders Windows 2000 TCP/IP book, and also several
of their MCSE study guides, and I'm very glad I did. Anyone who has
worked at all with ISA Server knows just how complex it really is.
This book will make you truly understand all of these complexities".