- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 25, 2002 (Vol. 7, #16 - Issue #347)
New Microsoft Security Freeware
  This issue of W2Knews™ contains:
    • MS Tracks Media Player User Habits
    • Even Better Tech Support From Sunbelt
    • More About The Cisco Security Audit Tool
    • New Microsoft Security Freeware Scans For Windows Holes
    • The Human Factor in Security Management
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Configuring ISA Server 2000
Is your e-mail traffic growing? What routes are messages taking?
Do you experience delays in e-mail delivery? Get answers now with
NetIQ's free guide, "The Top Reports Every Exchange Administrator
Lives For." This free guide explores ten critical indicators that
leading Exchange Administrators are monitoring and explains how
to put this valuable data to work.
Visit NetIQ for more information.

MS Tracks Media Player User Habits

This is just a heads-up. The latest version of MS's Media Player creates a list of the digital songs and movies that you have played. This can have some interesting consequences to say the least. The first thing I personally would do is find out where the heck that list sits and blow it away. It's nobody's business what I do in my free time in my own house. Whether that is visiting websites of competitors, do health research, or roam freely over the web.

The first person that emails me the way to empty this log without breaking Media Player will get an honorable mention in the coming issue.

Files like this, uncontrolled by any specific company that is responsible for their use, are goldmine for marketing companies, lawyers, even snooping spouses. And what if that WinXP machine gets cracked, a backdoor gets installed, and that trojan reports in real time what you are doing on the web? Yikes!

Associated Press reported that MS is now telling people Media Player does this, pretty much after the fact. Oh, and this latest version of MP comes free with WinXP: 73 million users this year alone. MS claims it has no plans to sell the data they collected. Yeah, right. They SHOULD have disclosed this up front.

Microsoft's original privacy statement informed customers that they were downloading the information about CDs but never stated the information was being stored in a log file on each computer.

Read the entire Associated Press article on Yahoo:

XBOX Winner: Alphonse Lemieux, Québec, Canada!
To win your own, go here and fill out this form:

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: StorageCentral
Regain 30% Of Your Server Space...
And save hundreds of hours in file cleanup. Maximizing uptime is a top
priority. But without control of the data on your servers, achieving
this priority can be nearly impossible. Servers crammed with obsolete
and non-business related files can jeopardize uptime, drag down backups
and slow down real-time access to what's really important. Adding more
disk space only compounds the problem - soon you'll have twice as many
junk files. That's why Microsoft and 80 of the Fortune 100 insist on
StorageCeNTral. Download your free 30 day evaluation copy, and you'll be
surprised at what StorageCeNTral finds wasting space on your servers.
Visit StorageCentral for more information.

Even Better Tech Support From Sunbelt

In the recent "download" SunPoll we did, it turned out that a large majority of you downloaded products that seem interesting and potential time savers, but had trouble finding the time to actually install them. We looked at that, and tried to find a way to help you. It is usually a matter of getting to an install and finishing it quickly. For some products that is easy. For others it can take a bit more work.

We found a solution in two tools that will help you get things moving faster. First, we are investing in an application that allows us to show you over the web how to do things. It allows us to share a desktop on our end, and show you the application in real-time, plus solve any problems that way. Second, for a few of the higher-end tools, we have installed a small add-on that will warn our tech guys that you started your install. That way they will be able to jump in faster with support.

With these new tools we hope to save you time in getting your system management tools set up faster, and start using these utilities to make your life easier. We're always trying to improve on the "mainframe-quality" tech support that we offer. And if you have suggestions, please let us know.

More About The Cisco Security Audit Tool

Karl Levinson sent me this: Essentially it goes through your router's config file looking for certain lines as recommended by the [NSA?] router config guide. The http://www.cisecurity.org web site has some data, and you can hear the 1-hour audio of the webcast that went with the slide show at http://www.sans.org.

The Router Audit Tool is Perl based and so far it only runs on Unix/Linux, but a Windows port is in the works. I'm not sure this tool was developed by Cisco, in fact UUnet appeared to get more acknowledgement for input. The benchmark/audit tool is available for download at http://www.cisecurity.org and they also have a tool to audit Windows 2000 computers, based somewhat on the Shavlik/Microsoft HFNETCHK tool, so one thing that tool must do is check for patches.


New Microsoft Security Freeware Scans For Windows Holes

MS announced a freeware vulnerability-scanner this week at the RSA Conference 2002. This freebie is called Microsoft Baseline Security Advisor (MBSA). It's not available yet. ComputerWorld announced it in an article but they simply got it wrong, and also pointed people to the wrong link. They must have misunderstood the existing HotFixNet-Check for the new MBSA.

When I looked over the features, it looks like this is a very low-end, pretty much end-user oriented tool. It does help though to get more user security awareness though. MBSA checks for good password policy, and warns users for any insecure settings.

But compared to commercial scanners, MBSA falls way behind. It does not look at networks from the viewpoint of a cracker and scans for all possible holes. Instead, this mini-scanner looks for problems that are on the Microsoft security checklists.

How it works is that MBSA grabs the MS XML file (about 700K) from the MS-website. MS maintains this database for free, and security tools can grab this file and run scans. MBSA does just that. The advantage is that the holes in MS-stuff are maintained close to real-time. The drawback is the fact that there are MANY more holes in networks than just MS-created products. MBSA could create a false sense of security.

It also does not apply any hotfixes, but just reports if they are installed or not. Up to now MS has co-developed these tools with Shavlik Technologies. MS is of course being pressured to have the whole bugfix process fully automated, and invisible for the end user. This may be a good solution for an end-user with DSL or cable, but an enterprise domain being auto-fixed by MS is a recipe for disaster!

The MBSA is a first step in this direction, said Lara Soskonsky, a Microsoft security program manager. She was demonstrating it at the RSA conference. "We don't push out the patches, but we may add that feature as an option in Version 2.0. In future versions, we'll also add more applications, such as Internet Information Server 4.0, 5.0, SQL 7, Internet Explorer 5.0 and up, Office 97 and Office 2000, among others, and we'll add .Net [support] to Version 2.0."

MBSA really is a stripped-down version of Shavlik's own HFNetChk Pro AdminSuite 3.6, which can push out software patches and remotely install them in a scheduled fashion. It can check for weak passwords and weak administrative accounts. The latest version 3.6 of this tool became available this week.

If you run a larger environment, and want to do a detailed analysis across all your machines, Shavlik released EnterpriseInspector. This version really takes the high-end, full-fledged approach. Check:


The Human Factor in Security Management

This is an article about the first and only software that puts you in control of security policy creation, distribution, education and tracking for compliance.

Security studies show that humans are consistently the weakest link in any security program. Your company can spend hundreds of thousands of dollars on firewalls, virus scanners and Network intrusion detection, but if users don't understand and comply with your security policies your data is at risk. A recent Information Week survey showed that only 9% of corporate employees understand their security policies, and that 75% of companies do not keep their policies up to date.

Are your security policies up to date with the latest risks and recent industry regulations? Can you be sure that every one of your employees, contractors and business partners has read and actually understands your security policy? If you have to update your Email policy, how long would it take you to verify that everyone has read it?

The VigilEnt Policy Center (VPC) from PentaSafe Security Technologies is the only security tool that addresses both the technical and human side of information security policies. This new web-based tool follows a life-cycle approach to policy management and automates each step in the process. VPC comes with industry leading practices from Charles Cresson Wood, and is expandable to include custom industry content for HIPAA or GLBA. VPC also provided incident reporting and tracking through a central database, making it an ideal tool for tracking compliance against security standards such as ISO 1-7799.

VPC addresses the 5 major Policy Management challenges you face today:

  1. Creating and updating Policy,
  2. Distributing Policy,
  3. Users reading current Policy,
  4. User awareness and retention of Policy information and
  5. Tracking status and awareness level.
  1. Creating and Updating Policy:
    VPC is an automated policy tool that provides leading practice security content from Charles Cresson Wood. Wizards and templates in a browser (HTML) interface allow users to easily create policies or import their own. Built-in workflow and tracking allow policy authors to track each document through review, approval/publish and archive stages.
  2. Distributing Policy:
    VPC enables the quick and easy publishing of policies to an intranet that users can access via their web browser. Policy distribution is based on the user's role in the organization so that each employee receives only the relevant policies for their job function. Companies can easily integrate VPC to use existing users and groups from directories such as Active Directory, NT, Exchange, Lotus Notes, iPlanet, etc. so that users do not have to learn a new ID and password.
  3. Users reading current Policy:
    VPC enables users to login to a secure web site where they can see new policies/quizzes and read them with a click of the mouse. They can accept/reject the policies and their response is kept in a tamper-evident log file. The VPC user site supports multiple languages and can be customized easily to the style of a corporate intranet. A simple web form allows users to submit policy violations to a central database for tracking and response.
  4. User awareness and retention of Policy information:
    VPC enables the quick and easy creation of policy quizzes in multiple-choice format that assess a user's knowledge of the recently published policy. Both administrators and users are given quick feedback via quiz scores. VPC comes with a library of sample quizzes and a web-based editor for easy customization. Companies can integrate existing CBT modules into VPC and distribute them via hyperlinks on the user site.
  5. Tracking status and awareness level:
    VPC provides out of the box compliance/tracking reports that enable an administrator to see who has read the policies or taken the quizzes and, more importantly, see who has not. Reports can be run at an organization level, or down to individual users and groups. Compliance and exception reports can be exported to Excel, HTML files or printed in management reports.

Adding to the people issues are the technical challenges of policy management. A common problem is ensuring that your technology is actually enforcing what your policies specify. For example, are our NT, AS/400 and Unix machines all enforcing our password policy? By integrating with the VigilEnt Security Manager and Pentasafe auditing agents, security policies and standards can automatically be translated into instructions for auditing the compliance of your machines.

Summary reports give you graphs of policy compliance across hundreds or thousands of different servers. By combining VPC and the other integrated Pentasafe tools, the security officer gets a first-time snapshot of both technical and machine compliance in one solution.

The function and role of information security has changed dramatically in the past year alone as the challenge of creating and implementing proper security policies becomes more complex. VPC has returned the definition of policy to its rightful place and provided a tool that recognizes the unique requirements of an ongoing, policy-based security management program. If you have an upcoming audit, or are trying to establish compliance with a security management program such as ISO 1-7799, VPC is indispensable.

If you want a 15-minute Live web-demo of this tool, read this product page and fill out the form at the end:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • With DCPC you can change all the passwords of local NT/W2K account, one or many WS and SV:
  • How to "rice" your computer. Or, how to overclock from 88 to a 9000 mhz dream machine:
  • Fool-proof, solid as concrete way to secure your computer:
    http://www.w2knews.com/rd/rd.cfm?id=020225FA-SecureYour PC
  • Yup, they are going to be available in April. Resistance is futile:
  • [PUBLIC SERVICE ANNOUNCEMENT] This site is against drugging school kids:

    Configuring ISA Server 2000

    If you are into building firewalls for W2K, this is a MUST-Have book. This time, instead of a short dry description, one of the Amazon.com Reader Reviews from May 17, 2001. Reviewer: James Glenn from Phoenix: "One of the best computer books I've read. I bought this book after having read the Shinders Windows 2000 TCP/IP book, and also several of their MCSE study guides, and I'm very glad I did. Anyone who has worked at all with ISA Server knows just how complex it really is. This book will make you truly understand all of these complexities".