Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 1, 2002 (Vol. 7, #26 - Issue #357)
Scan & Patch
This issue of W2Knews contains:
- EDITORS CORNER
- Ever Needed A Restore From Backup - And Did You Get It?
- TECH BRIEFING
- Mysterious Terminal Server Problem Solved
- NT/2000 RELATED NEWS
- Microsoft Releases New Security Operations Guide
- Hotfix For Two IE Security Holes Released
- Did You Sign Up Yet For The Management Summit?
- NT/2000 THIRD PARTY NEWS
- Sunbelt Top 10 Best Seller List Updated!
- More About Switching WS to Server And Back
- How Does NMAP Fit In With eYe's Retina Network Scanner?
- Free Interactive Demonstration of eEye's Top Line Products
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Windows 2000 Admin BLACK BOOK - Second Edition
Annotis Mail: A great MS-Outlook add-on to highlight, annotate,
sticky-note, or sign with a "pen". Integrates seamlessly with
Outlook and allows you to create emails with impact! Work with
electronic documents the way you've always worked with paper.
Rediscover the convenience of pens, highlighters, sticky notes
and much more. Harness the power of visual communication. Create
statements that have impact. Replying or commenting is a snap with
Annotis. Best thing, it makes email fun again and: Only $25 bucks!
Visit ANNOTIS for more information.
Ever Needed A Restore From Backup - And Did You Get It?
Always Having Backups is the golden rule, and for good reason. Something
bad happens, and you can always fall back on the backup is the theory.
Well, I wonder if that really always comes true. Recently the (hosted)
site of a friend of ours was cracked. They did not know exactly what
happened but they did lose a lot of data. The crack was caused by an
omission of the system administrator who should have secured a specific
All right, they screwed up, but then there is always the backup, right?
Sure! The webhosting company said: "Absolutely, we backup every 24 hours
in a cycle of 14 days, so we always have a large amount of backups you
can choose from".
That sounded reassuring, but after many and increasingly upset phone
calls, the only backup they could produce turned out to be more than
six(!) months old. The webhost turned out to be just a reseller for a
very large webhosting datacenter that by contract they were not able to
divulge. In short, my friend was really up the creek without a paddle:
6 months of data lost, and no clear answer why or how to get them back.
Obviously they contacted another webhost with the question how safe
their backups were. These people were very open about it and said that
it was very seldom that anyone asked for a backup of their site, and that
it actually had happened that a backup could not be coughed up when
needed. So, this is the item for the new SunPoll:
Q: Ever Needed A Restore From Backup - And Did You Get It?
Vote here: Leftmost column:
- Heck yes, this is priority one and I always run Restore to be sure
- Occasionally I restore backups, but I always read the backups logs
- I normally trust my backups but sometimes I'm looking at a dud
- Once, I got completely wiped out by not having a reliable backup
- I don't back up at all, I laugh in the face of job security!
I'm not suggesting that all webhost companies are fly-by-night outfits,
there are many that do a great job, and many W2Knews subscribers work
at these kinds of companies. But what I do strongly recommend is that
you take nothing for granted and ask them to run a Restore as part of
your normal Disaster Recovery Plan that you are now testing!
This week's XBOX winner is Mike Hammes in Topeka. He works at the
Kansas Department of Transportation. Want your own? Fill out your
profile and refer up to three friends! Click here to do that:
(email me with feedback: [email protected])
SPONSOR: SCAN AND PATCH
SCAN AND PATCH SECURITY HOLES WITH UPDATEEXPERT
Do you have a reliable tool to secure your network with the latest
updates? UpdateEXPERT is a software patch vulnerability assessment tool
that scans your network for missing hotfixes, and FIXES discovered
weaknesses for increased network protection. Supporting Windows
NT/2000/XP, SQL Server, IE and other mission critical applications,
UpdateEXPERT helps enforce software security policies, enables you to
scan for patches, validates your installations for peace of mind, and
installs updates to all networked machines without an agent.
Visit SCAN AND PATCH for more information.
Mysterious Terminal Server Problem Solved
Having persistent problems with TS and getting error messages like
these? You may receive one or more of the following error messages
when multiple users on a Terminal Server work with the same files
that are located on a network share:
It is a very difficult problem to find, after several weeks of trying
it was finally possible to reproduce the "disk or network error" that
had been coming up since the installation of Citrix/terminal server!
Applying the patch resolved the problem. What I couldn't believe was
that such a critical fix was so hard to find, even with the document
in hand. No search that was run on Technet or the MS knowledge base
on the web would find this article.
- Disk or Network Error
- STATUS_UNEXPECTED_NETWORK_ERROR (0xc00000c4)
- ERROR_UNEXP_NET_ERR (error 59 in decimal or 0x3b in hexadecimal)
- STATUS_CONNECTION_DISCONNECTED (0xc000020c)
- ERROR_NETNAME_DELETED (error 64 in decimal or 0x40 in hexadecimal)
NT/2000 RELATED NEWS
Microsoft Releases New Security Operations Guide
If you answered yes to these questions, this resource is for you. The
Security Operations Guide for Windows 2000 Server delivers the guidance
necessary for IT Pros to securely operate a Windows 2000 environment
while ensuring the right access to the right content by the right
people. This guide delivers procedures and best practices for system
administrators to lock down their Windows 2000-based servers and
maintain secure operations once they're up and running.
- Are you looking for ways to lock down Windows 2000 Server and minimize vulnerabilities?
- Are you looking for best practices on effectively managing patches?
- Are you looking for guidance on auditing and intrusion detection?
Through effective use of Group Policy, proper patch management, and
auditing and intrusion detection tactics, this guide provides admins
with the key information to manage risk of attack from avoidable
malicious code (such as viruses and Trojan horses), unauthorized
access, and data theft. Cosponsored by the Windows group, this guide
is part of the Windows Secure Technology Protection Program (STPP).
The STPP is split into two primary phases: "Get Secure" and "Stay
Secure". This guide briefly discusses Get Secure with server
lockdown roles, and then focuses on the Stay Secure aspects.
Hotfix For Two IE Security Holes Released
MS just released a security hotfix to patch two security vulnerabilities
in a lot of versions of Internet Explorer Web browser. One hole may
allow a malicious script (embedded in a cookie) to be executed in an
area of a user's PC known as the "local computer zone". It could alter
or delete files on a user's PC. Scripts embedded in cookies are supposed
to be run, in most cases, in an area known as the Internet zone, which
places tighter restrictions on how programs can behave.
This is a good one to patch since all users are hitting IE all the time
and that is a very weak link indeed. Here is the link:
Did You Sign Up Yet For The Management Summit?
Have you signed up yet for the Microsoft Management Summit (formerly
the SMS & W2K User Conference)? This is a can't miss event, sponsored
by Altiris, Microsoft and NetIQ. This is the one show that is completely
dedicated to management technologies. The hands-on lab training and
breakout sessions on numerous technologies you work with every day is
what makes this event a "must attend." Get your answers from Gartner,
Microsoft developers and Program Managers, industry experts and your
peers, they are all in Vegas April 29 - May 3, 2002! Register now:
THIRD PARTY NEWS
Sunbelt Top 10 Best Seller List Updated!
Please check the TOP 10 Best Selling System Management Tools Page that
has now been updated for the first quarter of 2002. The fastest climbing
tool is PentaSafe.
More About Switching WS to Server And Back
The folks in Hungary that actually wrote this tool describe how it works
They use the registry backup API to change the registry. It is a very
imperfect process because I'm sure there are numerous other registry
keys that need to be changed to convert every aspect of the operating
system. The stuff they claimed about Sysinternals and NTTune is pretty
Some one at the UK site TheRegister tried to change their WinXP Pro
into a .Net server and did not get away with it. One of the legitimate
uses though is to use a utility like this on a server in a development
environment that needs a tool installed that limits itself to only
the WS models. You can use NTSwitch to change the Server to WS, run
setup, and then switch it back to Server. That seems to work fine.
Here is the story about their adventures in the UK:
But actually, who cares if they are the same product under the hood?
In fact, it is a really good idea and it means you are getting the
robustness of the server product to run on your desktop. There are
some differences in the registry, because a desktop product has to
serve a different set of needs than a server does. Obviously, you are
going to want a server to allocate more memory to file caching, give
less preference to the foreground application (since most servers run
services, not applications), and so on. It makes MUCH more sense to
have one code base that is tweaked two different ways via the registry.
Support becomes MUCH simpler.
How Does NMAP Fit In With eYe's Retina Network Scanner?
How does Nmap fit in with eEye's Retina Network Scanner. Nmap is a
Unix-based port scanner, so I have no idea how it maps up to Retina.
Correct. Nmap is a Unix based software. Per www.Nmap.org:
"Nmap ("Network Mapper") is an open source utility for network exploration
or security auditing. It was designed to rapidly scan large networks,
although it works fine against single hosts. Nmap uses raw IP packets
in novel ways to determine what hosts are available on the network,
what services (ports) they are offering, what operating system (and
OS version) they are running, what type of packet filters/firewalls
are in use, and dozens of other characteristics.
"Nmap runs on most types of computers, and both console and graphical
versions are available. Nmap is free software, available with full source
code under the terms of the GNU GPL."
The story behind eEye and Nmap came from the fact that eEye was the
first company to port Nmap from Unix to NT. In this process, eEye
developed a great deal of expertise in the workings of Nmap and many
of these attributes were referenced in enhancing Retina's capabilities.
In addition, Retina is the first commercial scanner to license and
incorporate the Nmap Fingerprint Database -- the most complete database
of OS TCP/IP stack fingerprints available. This allows Retina to perform
remote operating system detection for smarter scanning. As a result,
Retina is able to more accurately identify and target the proper audits
as they relate to each OS. At a very high level, this expertise and
database which has developed been helps to make Retina faster and smarter
than the other products available.
Free Interactive Demonstration of eEye's Top Line Products
Exclusive to Sunbelt clients - eEye Digital Security, a top security
outfit and developer of best-of-breed security products is offering
you the opportunity to view their main tools in an online webinar.
Topics to be covered are:
Several sessions are available. Each session is 45 minutes long.
Space is limited. Click on the below link to register.
- Retina - Network Vulnerability Scanner
- The need for vulnerability assessment
- Key features and capabilities of Retina
- Retina in action through a real-time scan
- SecureIIS - Application Firewall
- Overview of unique vulnerabilites in Microsoft Web Servers
- Key features and capabilities of SecureIIS
- How to deploy and configure SecureIIS
This Week's Links We Like. Tips, Hints And Fun Stuff
Geektools is a nice little site with a bunch of Net related useful tools
similar to samspade.org.
Want to run MS Office on Linux? This new site and product might just
do the trick:
Your cat is dragging in all kinds of stuff like killed rats and birds?
Here's the advanced technology to automate that problem too. [grin].
Need to get into the cracker frame of mind? Sharpen your skills here:
PRODUCT OF THE WEEK
Windows 2000 Admin BLACK BOOK - Second Edition
I'm one of the authors of this one. The topics covered are: MS W2K,
explained mostly in a series of procedures, for installing,
configuring, and managing the operating system for a medium-to-large
organization; how to perform key work in disk management, Active
Directory setup, Registry management, and print services provision;
migration from NT 4.0 to W2K, IntelliMirror, and the Microsoft
Management Console (MMC).
Windows 2000 Systems Administrator's BLACK BOOK is a must-have
reference for system administrators and IS professionals who install,
configure, and support workstations and servers on Windows 2000
networks, and who require a detailed guide to Windows 2000 security,
start-up and shut-down, disk and file systems management, networking,
Internet Information Server, and the Active Directory. Windows 2000
Systems Administrator's BLACK BOOK provides details of the upgrade
process from Windows NT 4.0. Amazon has a special at the moment,
where they offer this one together with an Active Directory one for
a special low price. Recommended! Link to Amazon: