Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 11, 2002 (Vol. 7, #20 - Issue #351)
More About Telephone Hacking
This issue of W2Knews contains:
- EDITORS CORNER
- More About Telephone Hacking
- TECH BRIEFING
- W2K GPO's on XP Box: Just One Little Problem
- Three More Fave W2K/AD Gotchas
- NT/2000 RELATED NEWS
- New Important Microsoft Licensing Program 6.0 Survey
- Microsoft Management Summit 2002: Gotta See This One
- MS Releases NT Patch Available for SNMP Vulnerability
- NT/2000 THIRD PARTY NEWS
- Users Violating Company Policies, The Law And Common Sense?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed Version 3
SPONSOR: Microsoft Management Summit
THE management event of the year! If you are into management, you
cannot miss the Microsoft Management Summit to be held April 29-
May 3 in Las Vegas. Get the latest on SMS, MOM, App. Center, Altiris,
Net IQ, Garter and more. Hands-on labs, breakout sessions on numerous
technologies and keynotes from the industry leaders including Microsoft
and Gartner. Early bird ends March 15.
Visit Microsoft Management Summit for more information.
More About Telephone Hacking
In the mean time I got a lot of feedback about our phone hacking
"event" and also learned a lot more. Thank you all for your feedback.
I have combined some of it in the section below.
There are systems designed to stop this kind of hacking. They are
called TIDS (Telephone Intrusion Detection Systems.) They not only
will stop this kind of activity (and track it including information
like the dialing number) but can also detect rogue modems configured
on potentially networked systems. Some systems can even track any
dial-up or VPN accounts you may have. An example of this is:
Even worse is that many companies still have analog lines that they
have long forgotten about, with modems on the other end, and some of
these systems are networked. So why try to come in through a firewall?
This article is a little old but still relevant and explains more
technical detail how cracking phone systems works:
One of the authors of Hacking Exposed reminded me that in both HE2
and HE3 the entire phone hacking process is documented complete with
ProComm Plus Aspect scripts that automate this "attended" voicemail
hack for penetration testing purposes. The best offense is a strong
defense they say. He said that his website details the fact that phone
systems and dial up systems are constantly a source of entry for them,
primarily because they have gone the way of the dinosaur in the eyes
of many, but I ask you at this point have they? Hacking Exposed 3 here:
Bottom line, Low tech is in these days. Regardless of whether it is
War Dialing, Voice Mailbox (VMB) hacking, PBX hacking, X.25 hacking,
or simply installing KeyGhost. This is a neat little hardware-based
keystroke logger that you can get in NZ for 99 bucks. (Warning, it
can cause major damage on a KVM switch).
On his website he documents the fact that existing old school tech like
ProComm Plus, QBASIC and programs like ToneLoc still reign in many White
and Black Hat tool boxes.
And the XBOX this week goes to: Alfred Rieger from Marathon, FL
To make a chance in winning yours, refer up to three friends here:
Keep Secure! Warm regards,
(email me with feedback: [email protected])
LIMIT DOWNTIME AND DATA LOSS WITH DOUBLE-TAKE
Failure to protect your mission critical data can sink your business.
Double-Take delivers real-time protection for your NT/W2K Servers. A
whole department sitting on their hands is extremely expensive. With
Double-Take you can mirror critical data to a target server, and
Double-Take will fail over if your source server goes down. 2001 Editor's
Choice of both Windows 2000 and Network Magazine. Download a
30-day eval copy now and start protecting your data and apps.
Visit DOUBLE-TAKE for more information.
W2K GPO's on XP Box: Just One Little Problem
Derek Melber at Braincore wrote this, thanks for your contribution Derek.
"I think the IT community agrees that your newsletter is very good
and contributes excellent information to the IT community.
"In your latest W2K News, you mention that updating you Windows 2000
GPOs with an XP box is a great thing and refer to a Microsoft article
to back that up. I don't deny that doing this is a great thing, but
something extremely important is left out of your recommendation and
their article. These ADM templates are actually copied from the
computer that edits the GPO. So, if you import the ADM from an
XP/.NET system or just open it with a XP Pro system, the new ADMs
come to life.
"However, if someone modifies the GPO with a non XP client, the XP/.NET
ADMs are overwritten and bad things could happen. Of course, Microsoft
would never mention this, since someone could look at it as a flaw.
However, you might want to do some investigation on this (or I could
help you write it) "Watch Out" portion of the article. Regardless, I
just wanted to point this out to you, since I got bit with this exact
thing while working with a client moving to AD and XP Pro".
Three More Fave W2K/AD Gotchas
Gotcha number one: The problem is always DNS
Permissions, logons, domain controller replication, domain controller
creation, and just about everything else relies on functioning DNS.
Quadruple check that DNS is configured correctly on clients and
servers. Always suspect that DNS is not configured correctly if
something is not working.
Gotcha number two: Group policies are sneaky
Group policies at multiple levels can affect a single user. Before
implementing or changing them, manually sketch out what policies will
be in affect, how they will be ACL'd, and how they will be inherited
throughout the AD structure.
Gotcha number three: Don't leave time sync to chance
The W32 time service has rules that control how time service clients
sync with domain controllers. Understand these rules, and plan out
a time server hierarchy. If the time on clients and servers drifts
by more than 10 minutes, users may not be able to authenticate against
the domain--this is a built-in security feature.
NT/2000 RELATED NEWS
New Important Microsoft Licensing Program 6.0 Survey
You will probably know that coming August 1, 2002 is the deadline for Microsoft's new Licensing Program 6.0. The new licensing scheme, which favors a subscription-based "leasing model, " will introduce sweeping changes to the way corporations will do business with Microsoft. It will potentially have a large financial as well as technology impact on your business. To date, many customers have voiced concern and confusion over the new terms and conditions of the Licensing Program 6.0, what it means to their company in terms of value and whether or not their firms can afford it.
Sunbelt and Information Technology Intelligence Corp. (ITIC is our new Analyst Partner) have an important survey for you that you can complete in less than 5 minutes. We need to know how far you are in getting prepared for your new licensing. I'd like you to go to this link and answer these questions. Most of them are just a "one click". Thanks very much in advance!
Microsoft Management Summit 2002: Gotta See This One
If you are interested in systems management, including clients and
servers, you will not want to miss this conference. This is the
management event of the year. Sponsored by Microsoft, NetIQ and
Altiris, attendees will participate in hands-on training, breakout
sessions and keynotes from some of the top industry experts,
This was formerly the SMS & W2K User Conference that was hosted by
Altiris. The conference has been expanded to include sessions and
labs on numerous Microsoft technologies, including SMS, MOM and
Application Center. Conference dates are April 29 - May 3, 2002 at
the MGM Grand Hotel in Las Vegas. For more information and registration
(including early bird incentives) go to:
MS Releases NT Patch Available for SNMP Vulnerability
ENTMag reported that Microsoft continues to work on bringing out patches
for all versions of Windows affected by the industry-wide security hole
in SNMP. Microsoft alerted subscribers to its Security Bulletin service
Wednesday night that an SNMP patch was available for Windows NT 4.0 users.
THIRD PARTY NEWS
Users Violating Company Policies, The Law And Common Sense?
At Computerworld's annual Premier 100 conference, NT/W2K storage was
discussed. Users and applications constantly demand more server storage
capacity, which often prompts companies to buy more disk arrays. But at
least one IT administrator has found that the disk space is already
inside the data center -- it's just poorly managed. That's what David
Reimer, project lead at Dallas-based Excel Communications Inc., argued.
"In reality, we have a lot of [disk] space already," he said. "We just
need to know how to manage it."
He was in the midst of a server consolidation effort while concurrently
designing a $3 million 40TB storage-area network to cut costs and improve
capacity. They ran StorageCentral and what he discovered was eye-opening.
By using the auditing features in StorageCentral, Reimer found that
users had violated company policies, the law and common sense. For
example, users were storing pornography on server disks, as well as
copyrighted MP3 music files. Users had also squirrelled away unlicensed
software. In addition, some had backed up the entire content of their
PC desktop drives.
That knowledge convinced Reimer that storage capacity management was a
better path to trod than adding disk arrays that can cost up to $17,000
apiece. "We know storage is going to grow. It used to be megabytes, then
gigabytes, and now it's terabytes. Tomorrow, it will be petabytes,"
Reimer said. "Just adding more, expensive disks by themselves is not
the answer." Full article is at:
The new StorageCentral V5 30-day eval copies can be had at:
This Week's Links We Like. Tips, Hints And Fun Stuff
Yup. Hacking wireless networks with a Pringles tube. No kidding.
Latest And Greatest Network Security Tool Right Here:
Seems one of these "unbelievable but true" kinda articles. Could it be
an early April 1st joke?
PRODUCT OF THE WEEK
Hacking Exposed Version 3
"Still the best for vulnerability assessment and penetration testing"
Reviewer: Richard Bejtlichfrom Texas, USA.
I am a senior engineer for managed network security operations,
which includes conducting vulnerability assessments against client
networks. I read this edition to gain insights into ways to better
assess a client's security posture, and also to understand some of
the attacks I see while monitoring intrusion detection systems.
Of the books I've read, Hacking Exposed remains the best guide to
systematically assess and (if necessary) compromise hosts. By
understanding black hat methods, defenders can better prepare for
the tidal wave of exploits washing upon the networking shore.