Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Mar 14, 2002 (Vol. 7, #21 - Issue #352)
High Availability And Security Software
This issue of W2Knews contains:
- EDITORS CORNER
- High Availability And Security Software
- TECH BRIEFING
- The State Of Home Automation
- NT/2000 RELATED NEWS
- New Important Microsoft Licensing Program 6.0 Survey
- How Is Microsoft Planning To Keep Your Systems Secure?
- NT/2000 THIRD PARTY NEWS
- Alternatives for the Computer Associates Admin Suite?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed Version 3
SPONSOR: Aelita Software
An on-time, under budget, ZeroIMPACT Active Directory migration?
You bet! The award-winning Aelita Domain Migration Wizard can
save you time, money and aggravation, while providing a faster
ROI. Users see only the benefits of Windows 2000. Use a product
that was designed with your enterprise requirements in mind, one
that performs in the real world. But don't believe us, put us in
your lab. Get a free evaluation copy today for a limited time.
Visit Aelita Software for more information.
High Availability And Security Software
Well, Goldman Sachs decided to do some research about what IT outfits
are spending money on. Guess what. They came out with exactly the
same numbers 1 and 2 that the Sunbelt Survey recently showed. IT is
mainly investing in high availability/business continuity and of
course security software. No real news there. But I do have a bit
of other news about some of the tools Sunbelt selected. The attached
is an "anonymized" version of an email we received today. We cannot
print which very large organization this is, (but perhaps you can
ask your Rep) [grin].
"Just wanted to let you know that I'm sending your name to a lot
of people out here to order the Update Expert and Retina software.
The word is spreading across our organization in Europe how I manage
to deploy patches to all my computers in a matter of minutes the same
day they are released. We had a high level inspection team come
through and they said I had the highest maintained and secure network
"I showed them the software and configurations I use and when I showed
them the Update Expert portion they were amazed. So amazed that they
want to send an advisor to the "Highest IT Boss" to come to my office and
see how I have the LAN and WAN networks setup and managed. I recommended
to them that the organization should make the Update Expert mandatory
and get a Company Wide license. (which I think will happen by the way
"As they are going across Europe on their inspections, they are giving
System Admins my name and number to call and ask me about how I run my
network. Of course I mention Update Expert, explaining its features
and ease of use and they immediately want to order it. So I am forwarding
them your email and phone. I also recommended Retina to the inspection
team and showed them why it outperforms the current network scanners
we currently use and blows away a different one they want to buy a
company wide license for in the near future".
You can find both of these tools in the Sunbelt Top 10 Best Sellers here:
(email me with feedback: [email protected])
LIMIT DOWNTIME AND DATA LOSS WITH DOUBLE-TAKE
Failure to protect your mission critical data can sink your business.
Double-Take delivers real-time protection for your NT/W2K Servers.
A whole department sitting on their hands is extremely expensive.
With Double-Take you can mirror critical data to a target server,
and Double-Take will fail over if your source server goes down. 2001
Editor's Choice of both Windows 2000 and Network Magazine. Download
a 30-day eval copy now and start protecting your data and apps.
Visit DOUBLE-TAKE for more information.
The State Of Home Automation
Last week I went to Orlando and visited the Electronic House Expo.
Very interesting. It reminded me of the early PC shows in the
eighties -- small, just a few large and lots of small players,
and no standards to be found. A telling tale was the guide I found
for a coming expo in Seattle, the www.connectionsconference.com
guide had a standard for every letter in the Alphabet.
A whopping 26 different "industry standard" organizations have
thrown themselves in the alphabet soup fray, varying from Bluetooth
to HomePlug, HomePNA, UPnP, WAP to X10. It's dizzying! But everyone
agrees it will soon become an 8 Zillion dollar industry. Sound
familiar? MS-Dos, CP/M or DR-Dos, anyone?
There are a few big names trying to establish some sort of order,
like for instance the UPnP (Universal Plug and Play) Forum promotes
TCP/IP-based seamless proximity networking for the home and the
office. They have their mission statement on a website and are
backed by an impressive list of 450 outfits including Microsoft,
General Electric, Intel and practically all major hardware
manufacturers. I learned at the show that GE is building Windows
XP embedded in their intelligent home devices.
But there are also many other groups, take the HomePlug Alliance
as an example. These people are committed to making home networks
using your existing powerlines are reality. They compete head-to-head with the HomePNA that tries to do exactly the same thing over your existing phone lines!
This new market looks like a large roulette table at the moment.
There are a lot of players from different industries (IT, Power
companies, Telecom, Appliances) that have all different starting
points and agendas. All of them are placing their bets on the
table, with many players betting on more than one number and
signing up for several of these standards alliances. The problem
is of course that all this stuff needs to interface with each
other and there lies the rub. Faites vos jeux! The issue is that
there is no real "killer app" that will drive this industry.
Entertainment comes close but just by itself is not cutting it,
and Home Office is a second potential killer app but also not
powerful enough to drive full home automation.
You can also compare it with a bunch of rivals that all eye a
large chunk of loot, and everyone is positioning, weaving and
bobbing to be in the best spot to start reaping those zillions.
The divergence of all these different technologies has been
closely followed by Microsoft and obviously they want to play
a major role in this whole game. However, there are some other
powerful (pun intended) players that are opposing that with
all their might and hate to see MS move into their turf.
Admittedly it is a challenge to make all this work together:
And have all of that available from one console and a non-tech enduser that needs to control all of that. Can you see the potential support nightmare?
- Wired and wireless networking
- Distributed Audio and Video
- Home Theater
- Security / Closed Circuit TV
- Secure internet access
- Lighting control
- Heating, Ventilation and Air Conditioning control
- A whole bunch of other stuff that will be here "Real Soon Now"
So, what does a techie do who wants to start automating their home?
Well, from what I see, there are a few options. The low-end is
X10 which if you implement it well will work fine but is slooow.
There are a few other standards, LONworks and CEBus. These are
faster and definitely more advanced. Simplifying it big-time, they
are 2-way as opposed to X10 which is just one-way. X10 devices
cannot answer back after they receive a command.
And then there is UPnP. Think local network neighborhood on your
home server, and ALL your home devices show up, from the fridge
to the air conditioner to all the lights to the garage door as
well as the other PCs, printers and wireless devices you may have.
Sounds cool doesn't it? Too bad it is still a while before we
will see it, for the moment it is vaporware. The stacks are not
even released but are supposed to see the light in Q2. I would
not expect any consumer devices until 2003.
At the Expo, the latest thing that everyone seemed to push was
video over CAT5E. In other words, the sales reps were saying,
"you do not need that cumbersome and expensive coax anymore".
There may be a point to that, but you don't know what killer
app will emerge which would need mega-bandwidth. Not having the
coax would be a real problem at that point. So, the solution
is to "flood-wire" (a term I picked up at the show) your home
with structured wiring so that you are prepared for any kind of
thing that will surface.
You can start with X10 if you want, and upgrade later to a new
standard which will certainly come. From what I understand,
they will be backward compatible. I would stick with the large
players as these have the best chance to survive the coming
consolidation and inevitable shake-out period. The largest and
oldest player in the home security bizz is HAI, and their OmniPro
II is a pretty powerful piece of gear which even comes with an
Ethernet port. I decided I'm going to get one myself. For
structured wiring and X10 stuff I would check out Leviton at:
NT/2000 RELATED NEWS
New Important Microsoft Licensing Program 6.0 Survey
DUE TO SOME TECHNICAL DIFFICULTY AT THE BACK END OF THE SURVEY PROVIDER, SOME OF YOU COULD NOT GET THE SURVEY COMPLETED. PLEASE TAKE 5 MINUTES TO FILL OUT THIS IMPORTANT SURVEY, THE PROBLEMS ARE FIXED NOW.
You will probably know that coming August 1, 2002 is the deadline for Microsoft's new Licensing Program 6.0. The new licensing scheme, which favors a subscription-based "leasing model", will introduce sweeping changes to the way corporations will do business with Microsoft. It will potentially have a large financial as well as technology impact on your business. To date, many customers have voiced concern and confusion over the new terms and conditions of the Licensing Program 6.0, what it means to their company in terms of value and whether or not their firms can afford it.
Sunbelt and Information Technology Intelligence Corp. (ITIC is our new Analyst Partner) have an important survey for you that you can complete in less than 5 minutes. We need to know how far you are in getting prepared for your new licensing. I'd like you to go to this link and answer these questions. Most of them are just a "one click". Thanks very much in advance!
How Is Microsoft Planning To Keep Your Systems Secure?
Windows & .NET Magazine has a good article about that on their web
site that you might like to read. It gives a good summary of all
the initiatives. This is a short quote from that page:
"Last October, Brian Valentine, senior vice president of Microsoft's
Windows Division, previewed the company's Strategic Technology
Protection Program (STPP), a new six-pronged initiative that MS
hopes will simplify and expedite the arduous security update process.
In February 2002, Valentine reaffirmed that the STPP initiative is
alive and well but, predictably, behind schedule. I've prepared a
progress report on each component of the STPP vision and a brief
description of how each initiative will help keep systems current
and secure." To read the document, visit the following URL:
THIRD PARTY NEWS
Alternatives for the Computer Associates Admin Suite?
This was a recent question on the Sunbelt NTSYSADMIN forum. You might
be interested to see the answer I cooked up:
OK, I've seen all the Anti-CA messages as well as the web-page...
So what do you guys ('n gals) recommend for managing a site of about
120 (Dell) users and 10 servers (1 x AIX, 1 OS2 (Voicemail))?
a nice suite would be nice & neat. Tivoli? HPOpenView? ???"
For a site like yours, best-of-breed is the answer. Big (and expensive)
frameworks like Tivoli and Openview are overkill. Microsoft's SMS is
also too heavy for your environment.
The tools you need/want are so diverse that a "suite" does not give
you much more benefit such as perceived "integration" over simply the
best tools to get the job done. Best-of-breed tools will cost you a
little more time up front to select, but save you enormous amounts
of time and headaches on a daily basis once you get going.
in place of AIMIT = ? Someone mentioned Peregrine...
There are several good Asset Management packages out there, all
to a large extent equivalent. However I would first have a look
at Altiris (see link). Their people know what they are talking
about, especially from a system administration perspective, which
is their background. Not the only ones but a good candidate:
in place of ControlIT = ? VNC?
From my perspective VNC is free, but not secure enough. Yes there
is a commercial "secure" version, but that does not compare with
Sunbelt Remote Admin which was written for-and-by system admins.
Keep in mind that hackers are continually scanning for the existence
of VNC on systems because it is widespread, and the ports it uses
are known. Hence VNC is an inviting backdoor for hackers. Have a
look at Radmin instead. They call it "the pcAnywhere killer":
in place of NetworkIT = ?
Network Health Monitors are plentiful. The CA tool you are looking
at is geared to larger networks. You can probably get away with a
lower cost tool that does just as well. eEye's Iris and Network
Instrument's Observer are two very popular packages. Iris is a
next-generation network protocol analyzer or "sniffer" that will
give you everything you need:
in place of ShipIT = ?
Automated Software Delivery is something Microsoft SMS does well
but that needs its own server and if you only have 10, this may not
be the best solution. For just 120 users I would recommend Prism Deploy.
It is simple, easy, powerful, and IT WORKS. You would be surprised to
see the amount of software deployment tools that break all the time,
and/or literally take days messing with scripts. Not this one:
in place of ArcServeIT = ? BUExec or NetBUPro?
In last year's Target Awards, Veritas Backup Exec won out with
a landslide over all other tools in popularity, so I guess that
is a safe bet. As an alternative you could look at UltraBac which
is not bad either. You can get those anywhere.
And for good measure, I would throw in one of these "Swiss army knives"
of system administration like Hyena, Dameware or UltraAdmin.
This Week's Links We Like. Tips, Hints And Fun Stuff
Want to know what your IP Address is without running ipconfig from the
DOS box? This cute 'lil site will tell you.
Just for some balance, Linux also has its problems. If you actually
compare them, the amount of vulnerabilities found in Windows and all Linux
flavors combined are almost the same on a yearly basis. So just choose
the best OS platform for the application and PRACTICE SECURE COMPUTING.
How the British automate their homes and hook 'em up to the Net.
Thorough write-up on Win2K Operation Masters, aka FSMO (to be pronounced as
'fismo') roles in Active Directory migration, done by a mega roll-out team.
MS is building new a file system that will begin to form the underpinnings
of the next major version of its OS. Interesting article.
PRODUCT OF THE WEEK
Hacking Exposed Version 3
"Still the best for vulnerability assessment and penetration testing"
Reviewer: Richard Bejtlichfrom Texas, USA.
I am a senior engineer for managed network security operations,
which includes conducting vulnerability assessments against client
networks. I read this edition to gain insights into ways to better
assess a client's security posture, and also to understand some of
the attacks I see while monitoring intrusion detection systems.
Of the books I've read, Hacking Exposed remains the best guide to
systematically assess and (if necessary) compromise hosts. By
understanding black hat methods, defenders can better prepare for
the tidal wave of exploits washing upon the networking shore.