- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 4, 2002 (Vol. 7, #27 - Issue #358)
Biometrics Are Penetrating Fast
  This issue of W2Knews™ contains:
    • Backups Redux
    • More Fave GOTCHAS
    • Biometrics Are Penetrating Fast
    • NT/W2K Enterprise Security Requires Careful Analysis
    • Disaster Recovery Planning Continues To Lag
    • eEye Announces Release Of SecureIIS version 1.2.6.
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Check Point Next Generation Security Administration
  SPONSOR: Double-Take
Full Site Failover and Infrastructure Redundancy delivered by the #1
tool for data replication: Double-Take. Ensure that your data and
applications are always safe. Help your Company and Homeland Security
by protecting your most valuable resources at the source: Your Servers.
Double-Take will fail over if your source server goes down. 2001 Editor's
Choice of both Windows 2000 and Network Magazine. Download a 30-day eval
copy now and start protecting your data and apps.
Visit Double-Take for more information.

Backups Redux

Seven and-a-half percent of you, got once completely wiped out because of a problem with backups. That's a scary number! Check the results here:

I got several responses from professional web hosting outfits that said they specifically make the customers responsible for backups, as they are simply not able to make full backups of all their data all the time. The important question is what do you back up and does the back up work. Losing six months worth of data is bad, but I just heard that some cracked web sites could not be restored because the METADATA base was not backed up either.

How often does anyone backup their IIS installation might be a better question. Complete systems have been trashed, (the NIMDA virus come to mind) and although the system was current and backed up with a leading backup tool, a complete restore did not restore all applications.

For example Office, Oracle and other apps had to be re-installed as well as some services that had to be re-installed. I have spoken with many backup administrators who claim that their backup strategy will restore a complete system, but some people say that the only thing that will really work in a windows environment is a full disk image. Tell me what you think?

PS, I was recently interviewed for a Canadian IT site about our fast growth and getting into the Inc 500. One of the questions was which 10 areas I saw for future (IT career) study. Interested? It's over here:

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: "pcAnywhere Killer"
User Declares Sunbelt Remote Admin "pcAnywhere Killer"
You might want to give Remote Admin a try too. It's as if you are there,
with all the admin tools to control remote systems. This puppy was
"made-by-and-for" system administrators. Pricing is dirt cheap, especially
site- and company licenses. Now a "client & server" combo is available
via the online shop for just 35 bucks! Your 30-day eval:
Visit "pcAnywhere Killer" for more information.


Here are more favorite gotchas contributed by Doug Belford, Kevin Fletcher and Barry Martin:

  • When adding W2k Pro to a domain, by default the Domain Admins group is added to their local Administrators group...How about Server Operators instead... or creating a built in group called Workstation Admins and adding it.
  • When creating a DC within a domain, by default you have to be a Domain Admin to run DCPROMO... Why not have a built in group called DC Creators so that I don't have to give those permissions to all of my remote administrators.
  • Assigning OU administrator rights. Just you try to delegate a complete set of administrator rights to an OU admin. Bet you forgot about the ability to become an OU computer administrator or just gave up.
  • Using loopback policies in an OU to control security on OU PCs. Theoretically possible, but a trust relationship with a mixed mode domain appears to cause problems. AD prune and Graft? Multi User selection for management? Forget it.
  • Here is my "Gotcha" Migrating To W2K Active Directory: Disjointed DNS Namespace. If you are upgrading the NT4 PDC to W2K you must have the correct DNS domain configured in the TCP-IP properties or have nothing typed in it at all or you will have a disjointed DNS namespace if you install AD with a different DNS name.

    For example, on NT4 if you have company.com and during DCPROMO you type in company.net. Then a disjointed namespace occurs and the only way to fix it is you uninstall AD. Ouch!!! Here is a link to the MS KB that goes into this.


Biometrics Are Penetrating Fast

All over the place, especially after 9/11, both pilot and full scale biometric deployments are popping up in various configurations and markets. Facial recognition is being used to track lost children and protection of medical data. Banks are now testing and deploying these tools to identify customers and replace PIN codes at ATM's.

Companies are using it to secure employee access to buildings and/or networks. Some already use voice scan technology for telephone account access. The International Biometric Group forecasts growth rates of more than 70 percent for the next two years. I think they are right. Why? I now have access with my fingerprint to my W2K WS in the office. No more passwords for yours truly, except perhaps once a month.

The costs are of course the drawback. These devices are still somewhat costly, especially if you have thousands of users. The other "stop" are the civil liberties organizations that are fighting tooth and nail against nationwide initiatives like facial recognition in airports. In our own backyard here in Tampa this technology is also in a popular nightclub area to catch offenders, and the press has been all over that. The technology has the potential to be an extremely intrusive, privacy invasive part of life.

And despite the high expectations regarding biometrics, there are a series of pitfalls. The cost mentioned above is not the only thing. We're talking lack of standardization, potential management headaches, concerns about reliability and uneasiness about privacy concerns must be handled correctly before this technology will really take off.

This stuff needs to be properly planned, implemented and managed. Only then biometrics will deliver on reduced costs, better security and more end-user convenience. So, I'm sure you want to know what device I'm using. They are called UareU Pro and two of them are about 360 bucks. It installs on a machine in about 3 minutes and it has been recognizing my fingerprint logons without fail for more than a week now. I almost wish we would sell this thing ourselves.

NT/W2K Enterprise Security Requires Careful Analysis

InfoWorld just mentioned a report just released by Gartner about Enterprise Security. The upshot: Poorly planned security could result in a case of too little or too much for many enterprises. Many companies will underassess their risk, resulting in wasted spending or preventable security incidents. Other companies could overreact with bottom-up spending that fails to comprehend the overall security needs of the company.

The Gartner report is called, "Prioritizing Security Efforts: Create Structure from Disorder," and it claims that determining "security threats and needs" starts with a careful examination of a company's profile to help determine how and where to make the most effective security investments. This includes such things as core information, nature of the company's assets, the culture, key technologies, outside relationships, and the existing security arrangements. Gartner offers a "Security Rationalization Model" that will help get you there. The complete report is available here:

If you are looking for a high-end, comprehensive, top-down security solution that covers both technology and people, you should really check out PentaSafe over here:


Disaster Recovery Planning Continues To Lag

ComputerWorld just finished a global survey of CIO's that reveals a dangerous level of apathy toward security and disaster recovery in the wake of the Sept. 11 attacks. Unbelievable but true. I guess it is not their job that is on the line when significant downtime occurs. Consulting firm Ernst & Young did this survey and polled 459 CIOs and IT directors from companies of various sizes worldwide in November last year. The survey results were only released late this March.

They found that only 53% of those companies had business continuity plans to keep operations going in the event of a major disaster and that less than half had IT security awareness and training programs for employees. Dang!

Nathaniel Meyer, a spokesman for New York-based Ernst & Young, said the survey targeted midsize to large companies in all economic sectors throughout 17 regions of the world, including the U.S. and Europe. None of the companies surveyed were small businesses, Meyer said.

You can read the full article over at:

Here is a set of tools to get DR actually implemented:

eEye Announces Release Of SecureIIS version 1.2.6.

This latest version provides protection against new classes of attacks discovered by the eEye Digital Security research team, as well as various minor bug fixes.

Download SecureIIS on the following page:

You may be required to login using your eEye username and password. If you have misplaced your account information, you can request a copy by submitting your email address on the same page as the login.

What's New in SecureIIS v1.2.6?

  • Introduced protection against new classes of attack researched by eEye.
  • Fixed application crash when SecureIIS HTML error files were not found.
  • Fixed possible minor corruption of log file.
  • Log file format now defaults to "\Logs" rolling file format.
  • Modified default keywords list.
  • Fixed small memory leak in filter.

This Week's Links We Like. Tips, Hints And Fun Stuff

This week we took the all-time-high click thrus of WinXPnews, which is focused on the consumer end of things:

  • Want to see something scary? Look at this picture and focus on the painting on the wall for a while. (Oh, turn the sound on high!)

  • http://www.w2knews.com/rd/rd.cfm?id=020404FA-Scary
  • The perfect wallpaper for the default Windows XP interface:

  • http://www.w2knews.com/rd/rd.cfm?id=020404FA-NewWallPaper
  • Cool Microsoft Pics!

  • http://www.w2knews.com/rd/rd.cfm?id=020404FA-Cheekies

    Check Point Next Generation Security Administration

    The Check Point Next Generation suite of products provides the tools necessary for easy development and deployment of Enterprise Security Solutions. Check Point VPN-1/FireWall-1 has been beating out its competitors for years, and the Next Generation software continues to improve the look, feel, and ease of use of this software. Check Point NG Security Administration will show you the ins and outs of the NG product line. Here is the Amazon Link: