Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 4, 2002 (Vol. 7, #18 - Issue #349)
'Something Scary' Redux
This issue of W2Knews contains:
- EDITORS CORNER
- "Something Scary" Redux
- Somebody Out There Likes Us
- TECH BRIEFING
- Three Fave "Gotchas" Migrating To W2K Active Directory
- Q: Is Retina Licensing Really Unlimited?
- NT/2000 RELATED NEWS
- Windows XP Service Pack: Second Half 2002
- Bad Password Policy Allows New York Times Hack
- NT/2000 THIRD PARTY NEWS
- A Really Powerful New StorageCentral SRM Release
- Get A Free, time-saving Interactive Web-Demo of Retina
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Journey to the Center of the Internet: Now Showing in 3-D
SPONSOR: GFI Software
Still Think 1 Anti-virus For Exchange Is Enough?
Get real! Proper Exchange Server security requires:
* Multiple virus engines - Don't depend on 1 engine only
* Email content/attachment checking - Quarantine dangerous emails
* Exploit shield - Email intrusion detection & defense
* Threats engine - Analyses/defuses HTML scripts, .exe files, etc
Get all this with Mail Security for Exchange 2000!
Visit GFI Software for more information.
"Something Scary" Redux
(Just as an aside, for you that do not have American English as your
mother tongue, "Redux" here means "more of, repeated, or brought back".)
That item was really hot! Some 25,000 of you clicked on that link,
and many hundreds came up with suggestions to get rid of it. The
results were mixed of course, depending on the environment you used
to look at it. People with the IE security settings on high, or with
other browsers did not get to see the DOS box and were not vulnerable.
Also, many reported that their Viruswall software picked up that this
was a virus and were protected. In IE version 6.0, Select the Tools-Internet options, Security, Custom Settings-Select HIGH and reset. That will block this kind of thing out, but also may make some sites not work properly. Disabling "Active Scripts" is a way to prevent these critters too.
More over, several people reported that their pop-up killer tools did
a good job of preventing this exploit. And one more way to foil this
and other common attempts is really a preventative thing: install
Windows NT/2000/XP to a directory other than WINNT or WINDOWS. That
may cause some other headaches, but it certainly is an idea. One can
also just disable or rename the command shell. Use C:\WINNT\SYSTEM32COMMAND. C O M instead of CMD.C O M . (I'm putting spaces in between
because some virus filtering software might kill this email thinking
it contains some malware).
Some people commented that tinysoftware.com has a little tool that
will "sandbox" untrusted software, and I'm sure that there are more
third party tools out there that would do the trick. The upshot of this
whole thing is, that you need to have several layers of security
protection in place. And since a few of you did not see the exploit
due to the fact they turned off their scripting, try this one instead.
The exploit itself is at the end of their page. It's IE oriented, so
it will not run in either Netscape or Opera.
Somebody Out There Likes Us
"Love Remote Admin, so far so good, rolling it out to our servers later
this week. We had talked about purchasing some type of network security
scanner, and I downloaded Retina for a quick eval. Not looking at
purchasing a package until later this summer, so no big rush right now.
Just wanted to give it a whirl and see if it was along the lines of
what we are looking for. I will certainly recommend that Retina be
evaluated further when the time comes. You guys have a lot of good
products, whenever there is talk of a new package Sunbelt is the first
site I check. Thanks for following up, look forward to doing business
with you in the future."
-- Don Riegel
(email me with feedback: [email protected])
Thought A FireWall Would Protect Your Webserver?
Think again. In order to have your web server actually serving the
web you must punch holes in your firewall. That means your firewall
does not provide protection for your web server. Time to check out
SecureIIS. This is an application firewall that really protects
your IIS web server, even against whole classes of attacks. Prevent
getting hit with the next Nimda or Code Red.
Visit SecureIIS for more information.
Three Fave "Gotchas" Migrating To W2K Active Directory
Phil Best from the University of Queensland, Brisbane, Australia
sent this. He proposed: "How about we run a competition for "Windows
2000 Gotchas" - but we would need to keep each reply to three lines
max. The best one wins (no pun intended) an x-box". I think that's
a great idea, so here we go with his first "Gotchas". Send yours to
me to my email above and we'll run this over the next three months.
Gotcha number one: lmhosts or hosts files with forced PDC definitions
This is guaranteed to make your hair turn gray as nothing you can
do will convince existing NT servers to point to the new domain
controllers. And then the penny drops... - oh Sh!t you feel like
the greatest Dhead. But if you did it to somebody else's network
then you would guarantee to have them all stumped.
Gotcha number two: W2K wins browsemaster battle on NT network
Yep if you bring up a W2K server on your precious NT network it
will win the battle and become the browse master. If you then fiddle
around with turning it on and off your phone begins to ring - funny
thing that - Windows 2000 is really clever how it can make the phone
Gotcha number three: Firewall client kills Exchange 2000
If you install the firewall client on an Exchange 2000 box, say
good bye to internet traffic.
Pop your Fave Three Gotchas over to me and we'll run the best ones
with credits in Q2,2002. Use the above format and do not make them
too long? After they have all run we'll have YOU guys vote on them,
and the winner gets an XBOX.
Q: Is Retina Licensing Really Unlimited?
A: There is in fact no limitations on the IPs scanned with Retina.
The only restriction in scanning with Retina is in the licensing
structure. For example, the Enterprise License allows unlimited
number of scans of an unlimited number of IPs. In the case of the
Professional Licenses, these licenses are designed for companies
with smaller networks that don't have the need for unlimited IP
For example, the 16-IP pack Professional License of Retina is intended
for networks of 16 or less IPs. So the client is restricted in the
total number of IPs that they can scan at one time (16 in this case).
But even in the 16-IP pack, there is no limitation on scanning more
than 16 IPs. They just have to be entered 16-IPs at a time. So in
summary, if you wish to have absolutely no limitations on the IPs
scanned, the Enterprise License is the way to go. No registration
of IPs required, no questions asked.
NT/2000 RELATED NEWS
Windows XP Service Pack: Second Half 2002
InfoWorld just reported that the first major batch of fixes for
XP will be released somewhere during the second half of 2002.
This news came from Microsoft product manager Charmaine Gravning.
Normally, large rollouts wait for SP1 to arrive and MS is always
very anxious to get it out soon, so it can start selling more
units. The WXPSP1 includes all of the security patches and software
What will make this SP1 unique is that apart from the hotfixes it
will include alterations that were imposed upon MS by the terms of
its proposed antitrust settlement. Basically some API's will be
Bad Password Policy Allows New York Times Hack
Well known 21-year old hacker Adrian Lamo did it again. This time
he broke into the NYT systems through an open proxy and using a
Here is a small section of the story from the SecurityFocus site,
and the link to the full article is below:
Lamo says he began his excursion at a proxy in the Times home delivery
department and scanned the newspaper's IP address range for Web servers.
"The proxy was on a different network, dealing with management of
subscription information, but it was trusted by their internal network,"
says Lamo. He quickly found the intranet homepage, and an unprotected
copy of a database that cataloged employees' names and Social Security
numbers. "From what I've been able to tell, it was a backup database
being used for research."
Armed with that information, the hacker could use the intranet account
of any employee that hadn't changed their password from the default --
the last four digits of the person's Social Security number. One of
those belonged to a worker that had the power to create new accounts,
so Lamo set up his own account on the network with higher privileges.
So, as I have said a few times recently, it is really important to get
company wide password policy set, implemented and controlled. Here is
the full article:
And here are some tools that will help you get this done:
THIRD PARTY NEWS
A Really Powerful New StorageCentral SRM Release
As you all know, StorageCentral is the best selling Storage Resource
Management product out there. But they have outdone themselves with
version 5.0. It's really good. They have enhanced into a new level
of policy-based enterprise storage management. You are going to like
what you see. And it now includes support for Active Directory too.
Research firm Gartner Inc. estimates that for every dollar spent on
disk storage, it actually costs $7 more to manage that data and here
is your big chance to save some megadollars in your budget.
After you install this tool, you no longer have to endlessly purge
corporate servers of Internet byproduct such MP3 files, games, movies,
jokes, or offensive materials. Never again will you spend your weekend
cleaning up file server damages caused by the latest worm virus that
your anti-virus patch didn't pick up in time. Better yet, you can
get unruly users to clean out their own gunked-up directories with
fast and easy file grooming through intuitive, web-based management
The storage boom consumes server network and SAN disk space at rates
of 100% or more per year. Compounding the problem are users' sloppy
storage habits, data sharing through e-mail and the Internet, and
the digitization of media such as music, graphics and video. All this
combines to a major drag on your time. Storage resources gone
uncontrolled can cause server outages, waste network and capital
resources, and backups extending into production time. Ouch.
StorageCentral SRM uses a unique and effective policy-based approach
to controlling file and application server disk usage. Policies are
centrally located and implemented through Microsoft's Active Directory
standard. (but you can also use it without AD). These best practice
storage management policies identify & control wasted space, block
unwanted file types, allocate appropriate space limits for users,
directories and applications.
You will get dozens of web-based storage management reports, file type
blocking by name and header, and real-time storage pattern trending.
In fact, Microsoft recently selected the technology in StorageCentral
SRM to include in its Server Appliance Kit, a Windows-based operating
system for server appliances.
This new version is far easier to use than V4.0. Check these features:
So, what are the benefits according to people that already use SC?
- Web User Interface
- Centralized Console
- MMC-Based Interface
- "Best Practice SRM Policies"
- Published Program Interfaces
- SNMP Integration (this is a really good one!)
- Multiple-Alarm Actions
- RapidScan Reports run 700% faster than previous versions
- Enhanced SRM Reporting: Reports include capacity planning, details
trend analysis, reports by Active Directory hierarchy, integration with
Active Directory user profiles, nightly backup capacity requirements,
enhanced security reporting, reporting on extended attributes, and
reporting on percentage of space allocations. Also, a robust custom-report
generator enables users to narrow down the contents of an initial report
by applying additional filtering and sorting criteria.
- Chargeback Reporting
- Drill-Down Reporting
Get your eval of this new V.5 here. This is not the Active Directory
enabled version, as that modifies the AD-schema and you only want to do that
after sufficient planning. Get in touch with your Rep or Reseller if you
run AD. We will assist you in the planning of your eval, and get you the
AD-enabled version of StorageCentral.
- Hours saved weekly by automating the tedious and mundane act of manual
file server cleanup
- Thousands of budget dollars reallocated to other IT projects besides
adding more disks to the server network
- Zero downtime previously caused by exceeded disk capacity
- Users cleaning out their own gunk
- Proactive protection against destructive worm viruses
- Ultimate control over storage growth, resources and performance
Get A Free, time-saving Interactive Web-Demo of Retina
No time to install and run the eval? Here is a great solution. We told you
that Sunbelt Software only carries the Best-of-Breed tools. The Retina
Security Scanner V4.7 was just chosen as the best scanner in the market
by Network World, beating out all other competitors. You can now see it
Exclusive to Sunbelt clients - eEye is offering the unique opportunity to
learn first hand about Retina. Through this on-line interactive demo, you
will have the opportunity to observe Retina in action. Learn how a network
scanner fits within your overall security infrastructure and the features
that make Retina the best tool on the market.
Through interaction with the eEye team, you will learn about:
Several sessions are available. Each session is 45 minutes long. Space is
limited. Here are the dates: (all California Time)
- The company behind the product
- The role of a security scanning
- Key features and capabilities of Retina
- Retina in action through a real-time scan
Click on this link register:
- Monday - March 11 10am
- Tuesday - March 12 8am
- Wednesday - March 13 10am
- Thursday - March 14 8am
This Week's Links We Like. Tips, Hints And Fun Stuff
TrueLook lets you zoom in real time. Check out the new Harley!
(warning, you may find someone else in your way after I send this)
Now here is a vehicle that transforms from a 2 seater to a 4-one. Really.
MS tutorial how to better protect your "always-on" DSL or Cable connection.
Still vaporware, but nice to know you'll be able to make calls with your PocketPC soon.
PRODUCT OF THE WEEK
Journey to the Center of the Internet: Now Showing in 3-D
This time not for you, but for your kids, family and/or newbie users
that you'd like to understand what you really do on the Net. This is
not your typical computer book. It's fun! Stuff like:
Who runs the Internet? How can you connect to a computer thousands of
miles away? How does my email leave my computer and end up at my aunt's
house, two states away? At any point in time, how many people are on
the Net? What website has the most content on it -- and how did it all
get there? How do search engines find and access all that information?
This book demystifies the technology, allowing anyone to understand
the "stuff" that makes the Internet run.