- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 1, 2002 (Vol. 7, #26 - Issue #357)
Scan & Patch
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Ever Needed A Restore From Backup - And Did You Get It?
  2. TECH BRIEFING
    • Mysterious Terminal Server Problem Solved
  3. NT/2000 RELATED NEWS
    • Microsoft Releases New Security Operations Guide
    • Hotfix For Two IE Security Holes Released
    • Did You Sign Up Yet For The Management Summit?
  4. NT/2000 THIRD PARTY NEWS
    • Sunbelt Top 10 Best Seller List Updated!
    • More About Switching WS to Server And Back
    • How Does NMAP Fit In With eYe's Retina Network Scanner?
    • Free Interactive Demonstration of eEye's Top Line Products
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Windows 2000 Admin BLACK BOOK - Second Edition
  SPONSOR: ANNOTIS
Annotis Mail: A great MS-Outlook add-on to highlight, annotate,
sticky-note, or sign with a "pen". Integrates seamlessly with
Outlook and allows you to create emails with impact! Work with
electronic documents the way you've always worked with paper.
Rediscover the convenience of pens, highlighters, sticky notes
and much more. Harness the power of visual communication. Create
statements that have impact. Replying or commenting is a snap with
Annotis. Best thing, it makes email fun again and: Only $25 bucks!
Visit ANNOTIS for more information.
  EDITORS CORNER

Ever Needed A Restore From Backup - And Did You Get It?

Always Having Backups is the golden rule, and for good reason. Something bad happens, and you can always fall back on the backup is the theory. Well, I wonder if that really always comes true. Recently the (hosted) site of a friend of ours was cracked. They did not know exactly what happened but they did lose a lot of data. The crack was caused by an omission of the system administrator who should have secured a specific page better.

All right, they screwed up, but then there is always the backup, right? Sure! The webhosting company said: "Absolutely, we backup every 24 hours in a cycle of 14 days, so we always have a large amount of backups you can choose from".

That sounded reassuring, but after many and increasingly upset phone calls, the only backup they could produce turned out to be more than six(!) months old. The webhost turned out to be just a reseller for a very large webhosting datacenter that by contract they were not able to divulge. In short, my friend was really up the creek without a paddle: 6 months of data lost, and no clear answer why or how to get them back.

Obviously they contacted another webhost with the question how safe their backups were. These people were very open about it and said that it was very seldom that anyone asked for a backup of their site, and that it actually had happened that a backup could not be coughed up when needed. So, this is the item for the new SunPoll:

Q: Ever Needed A Restore From Backup - And Did You Get It?

  • Heck yes, this is priority one and I always run Restore to be sure
  • Occasionally I restore backups, but I always read the backups logs
  • I normally trust my backups but sometimes I'm looking at a dud
  • Once, I got completely wiped out by not having a reliable backup
  • I don't back up at all, I laugh in the face of job security!
Vote here: Leftmost column:
http://www.sunbelt-software.com

I'm not suggesting that all webhost companies are fly-by-night outfits, there are many that do a great job, and many W2Knews subscribers work at these kinds of companies. But what I do strongly recommend is that you take nothing for granted and ask them to run a Restore as part of your normal Disaster Recovery Plan that you are now testing!

This week's XBOX winner is Mike Hammes in Topeka. He works at the Kansas Department of Transportation. Want your own? Fill out your profile and refer up to three friends! Click here to do that:
http://www.W2Knews.com/lookup.cfm

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: SCAN AND PATCH
SCAN AND PATCH SECURITY HOLES WITH UPDATEEXPERT
Do you have a reliable tool to secure your network with the latest
updates? UpdateEXPERT is a software patch vulnerability assessment tool
that scans your network for missing hotfixes, and FIXES discovered
weaknesses for increased network protection. Supporting Windows
NT/2000/XP, SQL Server, IE and other mission critical applications,
UpdateEXPERT helps enforce software security policies, enables you to
scan for patches, validates your installations for peace of mind, and
installs updates to all networked machines without an agent.
Visit SCAN AND PATCH for more information.
  TECH BRIEFING

Mysterious Terminal Server Problem Solved

Having persistent problems with TS and getting error messages like these? You may receive one or more of the following error messages when multiple users on a Terminal Server work with the same files that are located on a network share:

  • Disk or Network Error
  • STATUS_UNEXPECTED_NETWORK_ERROR (0xc00000c4)
  • ERROR_UNEXP_NET_ERR (error 59 in decimal or 0x3b in hexadecimal)
  • STATUS_CONNECTION_DISCONNECTED (0xc000020c)
  • ERROR_NETNAME_DELETED (error 64 in decimal or 0x40 in hexadecimal)
It is a very difficult problem to find, after several weeks of trying it was finally possible to reproduce the "disk or network error" that had been coming up since the installation of Citrix/terminal server! Applying the patch resolved the problem. What I couldn't believe was that such a critical fix was so hard to find, even with the document in hand. No search that was run on Technet or the MS knowledge base on the web would find this article.
http://www.w2knews.com/rd/rd.cfm?id=020401TB-Problem_Solved
  NT/2000 RELATED NEWS

Microsoft Releases New Security Operations Guide

  • Are you looking for ways to lock down Windows 2000 Server and minimize vulnerabilities?
  • Are you looking for best practices on effectively managing patches?
  • Are you looking for guidance on auditing and intrusion detection?
If you answered yes to these questions, this resource is for you. The Security Operations Guide for Windows 2000 Server delivers the guidance necessary for IT Pros to securely operate a Windows 2000 environment while ensuring the right access to the right content by the right people. This guide delivers procedures and best practices for system administrators to lock down their Windows 2000-based servers and maintain secure operations once they're up and running.

Through effective use of Group Policy, proper patch management, and auditing and intrusion detection tactics, this guide provides admins with the key information to manage risk of attack from avoidable malicious code (such as viruses and Trojan horses), unauthorized access, and data theft. Cosponsored by the Windows group, this guide is part of the Windows Secure Technology Protection Program (STPP).

The STPP is split into two primary phases: "Get Secure" and "Stay Secure". This guide briefly discusses Get Secure with server lockdown roles, and then focuses on the Stay Secure aspects.
http://www.w2knews.com/rd/rd.cfm?id=020401RN-Security_Guide

Hotfix For Two IE Security Holes Released

MS just released a security hotfix to patch two security vulnerabilities in a lot of versions of Internet Explorer Web browser. One hole may allow a malicious script (embedded in a cookie) to be executed in an area of a user's PC known as the "local computer zone". It could alter or delete files on a user's PC. Scripts embedded in cookies are supposed to be run, in most cases, in an area known as the Internet zone, which places tighter restrictions on how programs can behave.

This is a good one to patch since all users are hitting IE all the time and that is a very weak link indeed. Here is the link:
http://www.w2knews.com/rd/rd.cfm?id=020401RN-IE_Hotfix

Did You Sign Up Yet For The Management Summit?

Have you signed up yet for the Microsoft Management Summit (formerly the SMS & W2K User Conference)? This is a can't miss event, sponsored by Altiris, Microsoft and NetIQ. This is the one show that is completely dedicated to management technologies. The hands-on lab training and breakout sessions on numerous technologies you work with every day is what makes this event a "must attend." Get your answers from Gartner, Microsoft developers and Program Managers, industry experts and your peers, they are all in Vegas April 29 - May 3, 2002! Register now:
http://www.w2knews.com/rd/rd.cfm?id=020401RN-Mgmt_Summit

  THIRD PARTY NEWS

Sunbelt Top 10 Best Seller List Updated!

Please check the TOP 10 Best Selling System Management Tools Page that has now been updated for the first quarter of 2002. The fastest climbing tool is PentaSafe.
http://www.w2knews.com/rd/rd.cfm?id=020401TP-Top10

More About Switching WS to Server And Back

The folks in Hungary that actually wrote this tool describe how it works here:
http://www.w2knews.com/rd/rd.cfm?id=020401TP-NTSwitch

They use the registry backup API to change the registry. It is a very imperfect process because I'm sure there are numerous other registry keys that need to be changed to convert every aspect of the operating system. The stuff they claimed about Sysinternals and NTTune is pretty interesting too.

Some one at the UK site TheRegister tried to change their WinXP Pro into a .Net server and did not get away with it. One of the legitimate uses though is to use a utility like this on a server in a development environment that needs a tool installed that limits itself to only the WS models. You can use NTSwitch to change the Server to WS, run setup, and then switch it back to Server. That seems to work fine. Here is the story about their adventures in the UK:
http://www.w2knews.com/rd/rd.cfm?id=020401TP-TheRegister

But actually, who cares if they are the same product under the hood? In fact, it is a really good idea and it means you are getting the robustness of the server product to run on your desktop. There are some differences in the registry, because a desktop product has to serve a different set of needs than a server does. Obviously, you are going to want a server to allocate more memory to file caching, give less preference to the foreground application (since most servers run services, not applications), and so on. It makes MUCH more sense to have one code base that is tweaked two different ways via the registry. Support becomes MUCH simpler.

How Does NMAP Fit In With eYe's Retina Network Scanner?

QUESTION:
How does Nmap fit in with eEye's Retina Network Scanner. Nmap is a Unix-based port scanner, so I have no idea how it maps up to Retina.

ANSWER:
Correct. Nmap is a Unix based software. Per www.Nmap.org:

"Nmap ("Network Mapper") is an open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

"Nmap runs on most types of computers, and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL."

The story behind eEye and Nmap came from the fact that eEye was the first company to port Nmap from Unix to NT. In this process, eEye developed a great deal of expertise in the workings of Nmap and many of these attributes were referenced in enhancing Retina's capabilities.

In addition, Retina is the first commercial scanner to license and incorporate the Nmap Fingerprint Database -- the most complete database of OS TCP/IP stack fingerprints available. This allows Retina to perform remote operating system detection for smarter scanning. As a result, Retina is able to more accurately identify and target the proper audits as they relate to each OS. At a very high level, this expertise and database which has developed been helps to make Retina faster and smarter than the other products available.
http://www.w2knews.com/rd/rd.cfm?id=020401TP-Retina

Free Interactive Demonstration of eEye's Top Line Products

Exclusive to Sunbelt clients - eEye Digital Security, a top security outfit and developer of best-of-breed security products is offering you the opportunity to view their main tools in an online webinar. Topics to be covered are:

  • Retina - Network Vulnerability Scanner
    • The need for vulnerability assessment
    • Key features and capabilities of Retina
    • Retina in action through a real-time scan
  • SecureIIS - Application Firewall
    • Overview of unique vulnerabilites in Microsoft Web Servers
    • Key features and capabilities of SecureIIS
    • How to deploy and configure SecureIIS
Several sessions are available. Each session is 45 minutes long. Space is limited. Click on the below link to register.
http://www.w2knews.com/rd/rd.cfm?id=020401TP-eEye
  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Geektools is a nice little site with a bunch of Net related useful tools similar to samspade.org.

  • http://www.w2knews.com/rd/rd.cfm?id=020401FA-Geek_Tools
  • Want to run MS Office on Linux? This new site and product might just do the trick:

  • http://www.w2knews.com/rd/rd.cfm?id=020401FA-Linux_MSOffice
  • Your cat is dragging in all kinds of stuff like killed rats and birds? Here's the advanced technology to automate that problem too. [grin].

  • http://www.w2knews.com/rd/rd.cfm?id=020401FA-Drug_In
  • Need to get into the cracker frame of mind? Sharpen your skills here:

  • http://www.w2knews.com/rd/rd.cfm?id=020401FA-Malware
      PRODUCT OF THE WEEK

    Windows 2000 Admin BLACK BOOK - Second Edition

    I'm one of the authors of this one. The topics covered are: MS W2K, explained mostly in a series of procedures, for installing, configuring, and managing the operating system for a medium-to-large organization; how to perform key work in disk management, Active Directory setup, Registry management, and print services provision; migration from NT 4.0 to W2K, IntelliMirror, and the Microsoft Management Console (MMC).

    Windows 2000 Systems Administrator's BLACK BOOK is a must-have reference for system administrators and IS professionals who install, configure, and support workstations and servers on Windows 2000 networks, and who require a detailed guide to Windows 2000 security, start-up and shut-down, disk and file systems management, networking, Internet Information Server, and the Active Directory. Windows 2000 Systems Administrator's BLACK BOOK provides details of the upgrade process from Windows NT 4.0. Amazon has a special at the moment, where they offer this one together with an Active Directory one for a special low price. Recommended! Link to Amazon:

    http://www.w2knews.com/rd/rd.cfm?id=020401BW-Black_Book