- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 4, 2002 (Vol. 7, #18 - Issue #349)
'Something Scary' Redux
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • "Something Scary" Redux
    • Somebody Out There Likes Us
  2. TECH BRIEFING
    • Three Fave "Gotchas" Migrating To W2K Active Directory
    • Q: Is Retina Licensing Really Unlimited?
  3. NT/2000 RELATED NEWS
    • Windows XP Service Pack: Second Half 2002
    • Bad Password Policy Allows New York Times Hack
  4. NT/2000 THIRD PARTY NEWS
    • A Really Powerful New StorageCentral SRM Release
    • Get A Free, time-saving Interactive Web-Demo of Retina
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Journey to the Center of the Internet: Now Showing in 3-D
  SPONSOR: GFI Software
Still Think 1 Anti-virus For Exchange Is Enough?
Get real! Proper Exchange Server security requires:
   * Multiple virus engines - Don't depend on 1 engine only
   * Email content/attachment checking - Quarantine dangerous emails
   * Exploit shield - Email intrusion detection & defense
   * Threats engine - Analyses/defuses HTML scripts, .exe files, etc
Get all this with Mail Security for Exchange 2000!
Visit GFI Software for more information.
  EDITORS CORNER

"Something Scary" Redux

(Just as an aside, for you that do not have American English as your mother tongue, "Redux" here means "more of, repeated, or brought back".)

That item was really hot! Some 25,000 of you clicked on that link, and many hundreds came up with suggestions to get rid of it. The results were mixed of course, depending on the environment you used to look at it. People with the IE security settings on high, or with other browsers did not get to see the DOS box and were not vulnerable.

Also, many reported that their Viruswall software picked up that this was a virus and were protected. In IE version 6.0, Select the Tools-Internet options, Security, Custom Settings-Select HIGH and reset. That will block this kind of thing out, but also may make some sites not work properly. Disabling "Active Scripts" is a way to prevent these critters too.

More over, several people reported that their pop-up killer tools did a good job of preventing this exploit. And one more way to foil this and other common attempts is really a preventative thing: install Windows NT/2000/XP to a directory other than WINNT or WINDOWS. That may cause some other headaches, but it certainly is an idea. One can also just disable or rename the command shell. Use C:\WINNT\SYSTEM32COMMAND. C O M instead of CMD.C O M . (I'm putting spaces in between because some virus filtering software might kill this email thinking it contains some malware).

Some people commented that tinysoftware.com has a little tool that will "sandbox" untrusted software, and I'm sure that there are more third party tools out there that would do the trick. The upshot of this whole thing is, that you need to have several layers of security protection in place. And since a few of you did not see the exploit due to the fact they turned off their scripting, try this one instead. The exploit itself is at the end of their page. It's IE oriented, so it will not run in either Netscape or Opera.
http://www.w2knews.com/rd/rd.cfm?id=020304ED-Exploit

Somebody Out There Likes Us

"Love Remote Admin, so far so good, rolling it out to our servers later this week. We had talked about purchasing some type of network security scanner, and I downloaded Retina for a quick eval. Not looking at purchasing a package until later this summer, so no big rush right now. Just wanted to give it a whirl and see if it was along the lines of what we are looking for. I will certainly recommend that Retina be evaluated further when the time comes. You guys have a lot of good products, whenever there is talk of a new package Sunbelt is the first site I check. Thanks for following up, look forward to doing business with you in the future."

-- Don Riegel
Systems Administrator
Lakeview Technology

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: SecureIIS
Thought A FireWall Would Protect Your Webserver?
Think again. In order to have your web server actually serving the
web you must punch holes in your firewall. That means your firewall
does not provide protection for your web server. Time to check out
SecureIIS. This is an application firewall that really protects
your IIS web server, even against whole classes of attacks. Prevent
getting hit with the next Nimda or Code Red.
Visit SecureIIS for more information.
  TECH BRIEFING

Three Fave "Gotchas" Migrating To W2K Active Directory

Phil Best from the University of Queensland, Brisbane, Australia sent this. He proposed: "How about we run a competition for "Windows 2000 Gotchas" - but we would need to keep each reply to three lines max. The best one wins (no pun intended) an x-box". I think that's a great idea, so here we go with his first "Gotchas". Send yours to me to my email above and we'll run this over the next three months.

Gotcha number one: lmhosts or hosts files with forced PDC definitions
This is guaranteed to make your hair turn gray as nothing you can do will convince existing NT servers to point to the new domain controllers. And then the penny drops... - oh Sh!t you feel like the greatest Dhead. But if you did it to somebody else's network then you would guarantee to have them all stumped.

Gotcha number two: W2K wins browsemaster battle on NT network
Yep if you bring up a W2K server on your precious NT network it will win the battle and become the browse master. If you then fiddle around with turning it on and off your phone begins to ring - funny thing that - Windows 2000 is really clever how it can make the phone ring.

Gotcha number three: Firewall client kills Exchange 2000
If you install the firewall client on an Exchange 2000 box, say good bye to internet traffic.

Pop your Fave Three Gotchas over to me and we'll run the best ones with credits in Q2,2002. Use the above format and do not make them too long? After they have all run we'll have YOU guys vote on them, and the winner gets an XBOX.

Q: Is Retina Licensing Really Unlimited?

A: There is in fact no limitations on the IPs scanned with Retina. The only restriction in scanning with Retina is in the licensing structure. For example, the Enterprise License allows unlimited number of scans of an unlimited number of IPs. In the case of the Professional Licenses, these licenses are designed for companies with smaller networks that don't have the need for unlimited IP scans.

For example, the 16-IP pack Professional License of Retina is intended for networks of 16 or less IPs. So the client is restricted in the total number of IPs that they can scan at one time (16 in this case). But even in the 16-IP pack, there is no limitation on scanning more than 16 IPs. They just have to be entered 16-IPs at a time. So in summary, if you wish to have absolutely no limitations on the IPs scanned, the Enterprise License is the way to go. No registration of IPs required, no questions asked.
http://www.w2knews.com/rd/rd.cfm?id=020304TB-Retina

  NT/2000 RELATED NEWS

Windows XP Service Pack: Second Half 2002

InfoWorld just reported that the first major batch of fixes for XP will be released somewhere during the second half of 2002. This news came from Microsoft product manager Charmaine Gravning.

Normally, large rollouts wait for SP1 to arrive and MS is always very anxious to get it out soon, so it can start selling more units. The WXPSP1 includes all of the security patches and software updates.

What will make this SP1 unique is that apart from the hotfixes it will include alterations that were imposed upon MS by the terms of its proposed antitrust settlement. Basically some API's will be disclosed.

Bad Password Policy Allows New York Times Hack

Well known 21-year old hacker Adrian Lamo did it again. This time he broke into the NYT systems through an open proxy and using a default password.

Here is a small section of the story from the SecurityFocus site, and the link to the full article is below:

[quote]
Lamo says he began his excursion at a proxy in the Times home delivery department and scanned the newspaper's IP address range for Web servers. "The proxy was on a different network, dealing with management of subscription information, but it was trusted by their internal network," says Lamo. He quickly found the intranet homepage, and an unprotected copy of a database that cataloged employees' names and Social Security numbers. "From what I've been able to tell, it was a backup database being used for research."

Armed with that information, the hacker could use the intranet account of any employee that hadn't changed their password from the default -- the last four digits of the person's Social Security number. One of those belonged to a worker that had the power to create new accounts, so Lamo set up his own account on the network with higher privileges. [end quote]

So, as I have said a few times recently, it is really important to get company wide password policy set, implemented and controlled. Here is the full article:
http://www.w2knews.com/rd/rd.cfm?id=020304RN-SecurityFocus

And here are some tools that will help you get this done:
http://www.w2knews.com/rd/rd.cfm?id=020304RN-SecurityTools

  THIRD PARTY NEWS

A Really Powerful New StorageCentral SRM Release

As you all know, StorageCentral is the best selling Storage Resource Management product out there. But they have outdone themselves with version 5.0. It's really good. They have enhanced into a new level of policy-based enterprise storage management. You are going to like what you see. And it now includes support for Active Directory too. Research firm Gartner Inc. estimates that for every dollar spent on disk storage, it actually costs $7 more to manage that data and here is your big chance to save some megadollars in your budget.

After you install this tool, you no longer have to endlessly purge corporate servers of Internet byproduct such MP3 files, games, movies, jokes, or offensive materials. Never again will you spend your weekend cleaning up file server damages caused by the latest worm virus that your anti-virus patch didn't pick up in time. Better yet, you can get unruly users to clean out their own gunked-up directories with fast and easy file grooming through intuitive, web-based management reports.

The storage boom consumes server network and SAN disk space at rates of 100% or more per year. Compounding the problem are users' sloppy storage habits, data sharing through e-mail and the Internet, and the digitization of media such as music, graphics and video. All this combines to a major drag on your time. Storage resources gone uncontrolled can cause server outages, waste network and capital resources, and backups extending into production time. Ouch.

StorageCentral SRM uses a unique and effective policy-based approach to controlling file and application server disk usage. Policies are centrally located and implemented through Microsoft's Active Directory standard. (but you can also use it without AD). These best practice storage management policies identify & control wasted space, block unwanted file types, allocate appropriate space limits for users, directories and applications.

You will get dozens of web-based storage management reports, file type blocking by name and header, and real-time storage pattern trending. In fact, Microsoft recently selected the technology in StorageCentral SRM to include in its Server Appliance Kit, a Windows-based operating system for server appliances.

This new version is far easier to use than V4.0. Check these features:

  • Web User Interface
  • Centralized Console
  • MMC-Based Interface
  • "Best Practice SRM Policies"
  • Published Program Interfaces
  • SNMP Integration (this is a really good one!)
  • Scalability
  • Multiple-Alarm Actions
  • RapidScan Reports run 700% faster than previous versions
  • Enhanced SRM Reporting: Reports include capacity planning, details trend analysis, reports by Active Directory hierarchy, integration with Active Directory user profiles, nightly backup capacity requirements, enhanced security reporting, reporting on extended attributes, and reporting on percentage of space allocations. Also, a robust custom-report generator enables users to narrow down the contents of an initial report by applying additional filtering and sorting criteria.
  • Chargeback Reporting
  • Drill-Down Reporting
So, what are the benefits according to people that already use SC?
  • Hours saved weekly by automating the tedious and mundane act of manual file server cleanup
  • Thousands of budget dollars reallocated to other IT projects besides adding more disks to the server network
  • Zero downtime previously caused by exceeded disk capacity
  • Users cleaning out their own gunk
  • Proactive protection against destructive worm viruses
  • Ultimate control over storage growth, resources and performance
Get your eval of this new V.5 here. This is not the Active Directory enabled version, as that modifies the AD-schema and you only want to do that after sufficient planning. Get in touch with your Rep or Reseller if you run AD. We will assist you in the planning of your eval, and get you the AD-enabled version of StorageCentral.
http://www.w2knews.com/rd/rd.cfm?id=020304TP-StorageCeNTral

Get A Free, time-saving Interactive Web-Demo of Retina

No time to install and run the eval? Here is a great solution. We told you that Sunbelt Software only carries the Best-of-Breed tools. The Retina Security Scanner V4.7 was just chosen as the best scanner in the market by Network World, beating out all other competitors. You can now see it live.

Exclusive to Sunbelt clients - eEye is offering the unique opportunity to learn first hand about Retina. Through this on-line interactive demo, you will have the opportunity to observe Retina in action. Learn how a network scanner fits within your overall security infrastructure and the features that make Retina the best tool on the market.

Through interaction with the eEye team, you will learn about:

  • The company behind the product
  • The role of a security scanning
  • Key features and capabilities of Retina
  • Retina in action through a real-time scan
Several sessions are available. Each session is 45 minutes long. Space is limited. Here are the dates: (all California Time)
  • Monday - March 11 10am
  • Tuesday - March 12 8am
  • Wednesday - March 13 10am
  • Thursday - March 14 8am
Click on this link register:
http://www.w2knews.com/rd/rd.cfm?id=020304TP-eEye_Register
  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • TrueLook lets you zoom in real time. Check out the new Harley! (warning, you may find someone else in your way after I send this)

  • http://www.w2knews.com/rd/rd.cfm?id=020304FA-TrueLook
  • Now here is a vehicle that transforms from a 2 seater to a 4-one. Really.

  • http://www.w2knews.com/rd/rd.cfm?id=020304FA-Rinspeed
  • MS tutorial how to better protect your "always-on" DSL or Cable connection.

  • http://www.w2knews.com/rd/rd.cfm?id=020304FA-Protect_Yourself
  • Still vaporware, but nice to know you'll be able to make calls with your PocketPC soon.

  • http://www.w2knews.com/rd/rd.cfm?id=020304FA-PocketPC
      PRODUCT OF THE WEEK

    Journey to the Center of the Internet: Now Showing in 3-D

    This time not for you, but for your kids, family and/or newbie users that you'd like to understand what you really do on the Net. This is not your typical computer book. It's fun! Stuff like:

    Who runs the Internet? How can you connect to a computer thousands of miles away? How does my email leave my computer and end up at my aunt's house, two states away? At any point in time, how many people are on the Net? What website has the most content on it -- and how did it all get there? How do search engines find and access all that information? This book demystifies the technology, allowing anyone to understand the "stuff" that makes the Internet run.
    http://www.w2knews.com/rd/rd.cfm?id=020304BW-Journey