Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Apr 8, 2002 (Vol. 7, #28 - Issue #359)
This issue of W2Knews contains:
- EDITORS CORNER
- Vulnerability Remediation
- TECH BRIEFING
- Exchange and AD Gotchas
- Server Port 80 Plagues Internet Security
- Companies, Colleges, Fail Computer Security
- NT/2000 RELATED NEWS
- "Don't Like, No Money" For MS Licensing 6.0
- NT/2000 THIRD PARTY NEWS
- Save With Top Security Bundle: Retina + UpdateEXPERT
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Check Point Next Generation Security Administration
Secure your Windows Environment, Decrease Costs - NetIQ White Paper!
Learn proven strategies to manage group policies in Windows
2000/Active Directory. This free white paper will reveal how to
EASILY manage Group Policies so you can unleash its power to
eliminate and address security holes as well as automate time-
consuming administrative tasks. Get the reporting and documentation
you need to feel comfortable with the security of your Windows
Visit NetIQ for more information.
"No IT guy ever got promoted for deploying a hotfix, but you can sure
get fired if your system gets hacked." - Anonymous System Admin.
At the RSA Security Conference in California last month the buzzword
was "Remediation". As you all know, a firewall is not the ultimate
protection you'd like to think it is. Web and email traffic goes right
through it. And Intrusion Detection Systems are generally based on
attack signatures. Guess what that means? They need updates. The
logical conclusion: IDS tools are often too late to stop attacks.
Accomplished hackers go through firewall and IDS products in minutes.
The first thing you need to do is to have an assessment of your network
to see how secure it is, and when you discover how secure it is, the
the next logical step is then to remediate it. Better yet, you need
a policy to keep that remediation up to date, which means policy for
patch management, and a tool to enforce these policies.
In the Windows management environment there are many different hats
to wear. One is the Security Admin, another one is the Network Admin.
The Security Admin sets policy, the Network Admin then enforces policy.
In many of the Windows shops, this is the same person. If you get into
the large enterprise area then of course you have a situation where
the Security- and Network Admin are different people.
This is where the problem starts. The Security Admin uses a scanner
and sends big lists with vulnerabilities to the network admin. The
Network Admin has a whole bunch of fires to put out and claims:
"I'm really busy, I've got to do a thousand other things" So, the
holes do not get fixed in time. One of the reasons the Network Admin
can't always deal with holes is because they do not have a bridge
between setting the policy and the enforcing of the policy.
Patch management is a major headache. For instance, it is extremely
important that you deploy patches in the proper sequence. It determines
success or failure. Other problems are that patches become obsolete,
patches supersede other patches, service pack releases do not include
all older hotfixes, sometimes patches require reinstallation but you
don't know about it, some combinations of patches must never be deployed,
and patches often require prerequisites before installation. See what
Two IT security companies have banded together and came up with a
bundled solution to bridge this gap and help you get and keep your
environment as secure as possible. Read the "Save With Top Security
Bundle" story below in Third Party Tools.
(email me with feedback: [email protected])
SPONSOR: "pcAnywhere Killer"
User Declares Sunbelt Remote Admin "pcAnywhere Killer"
You might want to give Remote Admin a try too. It's as if you are there,
with all the admin tools to control remote systems. This puppy was
"made-by-and-for" system administrators. Pricing is dirt cheap, especially
site- and company licenses. Now a "client & server" combo is available
via the online shop for just 35 bucks! Get yours here:
Visit "pcAnywhere Killer" for more information.
Exchange and AD Gotchas
Donzea Jordan sent these two:
Sid History Doesn't cure everything: By just migrating Users' SIDHistory
over to AD, you won't keep your legacy permissions if they were assigned
to a group. All the Groups have to be migrated as well (preferably before
the users) with SidHistory in order for the users to use old permissions
that are based on Groups. If you're doing a large gradual migration,
this is a big deal.
Exchange names flipped in Gal: The disabled accounts created by ADC
preserve the Display Name. However after migrating the actual NT account
and merging using ADClean or 3rd party tool, the Display name field becomes
populated with the Full Name field of the NT account name. Thus the GAL
gets updated to whatever the NT Full Name is. This may not match what
the display was. In our case, "Smith, John" became "John L. Smith" in
Server Port 80 Plagues Internet Security
The Internet has become a riskier place for businesses since the fall of
2001 and doesn't look to be any more secure in the near future, according
to security firm Internet Security Systems, which released its security
incident figures for the first quarter of 2002 Wednesday. The Sept. 11
terrorist attacks on the U.S. have not prompted any obvious cyberattacks,
ISS concluded. For the full story see this InfoWorld article:
Companies, Colleges, Fail Computer Security
Another interesting InfoWorld security article is this one. The security
holes exploited by Code Red and Nimda, worms that experts said had the
potential to knock the entire Internet offline, attacked long-standing
vulnerabilities in Microsoft's IIS (Internet Information Services) Web
server software caused by a type of error made through bad code writing:
the buffer overflow.
A buffer overflow occurs when the amount of memory assigned to a specific
application or task is flooded, often with unpredictable results. Frequently,
however, buffer overflows allow attackers to run any code they choose on a
target machine. How come? Colleges do not train students to write secure
code. For the full story:
NT/2000 RELATED NEWS
"Don't Like, No Money" For MS Licensing 6.0
Clearwater, Fla. - Four months before Microsoft Corp. launches its Licensing
6.0 Program, a new joint Sunbelt Software, Inc./ Information Technology
Intelligence Corp. (ITIC) survey indicates that 41 percent of businesses
say they lack the necessary funds to migrate to the new plan.
Those are the results of the latest Information Technology Intelligence Corp.
/Sunbelt Software, Inc. independent Web-based poll of 1,400 corporations
worldwide. Those polled included Windows 2000 network and systems admins,
Exchange and SQL administrators as well as Chief Technology Officers, Chief
Information Officers and Chief Operating Officers.
The findings of this latest survey closely mirror the results of the prior
October 2001 Sunbelt survey. In both surveys, the overwhelming majority
of corporations - nearly 80 percent - said they have a negative view of
the plan, while 90 percent believe that migrating to the Licensing 6.0
program will increase their licensing costs.
As with the earlier surveys the high response rate is a clear indication
that the Microsoft Licensing Program 6.0 is and will remain, an extremely
crucial and controversial issue for the majority of businesses.
The chief problems cited by businesses: uncertainty over the terms and
conditions of the new licensing scheme, complexity and lack of available
funds, appear to have worsened and not improved in the six months following
the initial Sunbelt October, 2001 survey.
"If anything corporations say they are more confounded and befuddled in
attempting to discern the business and cost advantages/disadvantages,
comprehending the new pricing provisions and true up costs and determining
the benefits of a Select vs. an Enterprise Agreement," noted Laura DiDio,
a principal at ITIC, which co-sponsored the survey. One aspect of the
upcoming licensing scheme that seems to be clear to users is their
overwhelming dislike for the Enterprise Subscription agreement, which is
akin to leasing not owning the software.
As a result, 36 percent of businesses said they will not upgrade to the
new Microsoft Licensing 6.0 scheme and another 38 percent of the respondents
said they are actively seeking alternatives to Microsoft products.
In summary, the overwhelming majority of corporations expressed outrage
and distaste at the high cost of both the new Licensing 6.0 terms and
conditions as well as the expense for the Software Assurance - 25 percent
of the list price of a server license and 29 percent of the list price
of a client license. It is a fact that these prices are the highest in
the industry and that fact has not gone unnoticed by corporations.
- Only 12 percent of organizations say their firms have the necessary funds
to migrate to the Licensing 6.0 program, compared with 41 percent of the
respondents that say they lack the necessary funds to move to the new
- Only 22 percent of respondents said they fully understood the terms and
provisions of the 6.0 Licensing Program; 45 percent said they understood
it "somewhat" and 24 percent responded that they did not comprehend it.
- The biggest areas of confusion identified by organizations comprehended
the pricing provisions and benefits of Select vs. Enterprise and determining
the actual true-up costs.
- Some 12 percent of businesses that have already migrated or are in the
midst of negotiating 6.0 licensing agreements said their experience was
a positive one; another 32 percent gave a "fair" rating to the negotiating
- However, 51 percent of organizations said their experience negotiating
a new 6.0 contract with Microsoft and/or their Large Account Resellers
- Nearly two-thirds of respondents -- 63 percent -- have not done a
comprehensive cost analysis of what it will cost to migrate to the new
- About 50 percent said their firms are unprepared to negotiate licensing
agreements Microsoft or their Large Account Resellers compared with only
16 percent said they were prepared for the negotiation process.
- And 50 percent of corporations said the confusion and uncertainty would
delay upgrades to new versions of Microsoft Office XP, Windows XP, Windows
2000 Server and the forthcoming Windows .NET Server - with at least half
saying there would be significant upgrade delays of one year or more.
[Disclaimer: This is a self-selecting Web-based survey undertaken to
identify corporate user trends, behavior and buying patterns. The findings
are not absolute and no one can predict with any certainty how any of us
will act in the future.]
THIRD PARTY NEWS
Save With Top Security Bundle: Retina + UpdateEXPERT
Use Retina to identify vulnerabilities and recommend security policies.
Use UpdateEXPERT to enforce policies for software patches: Scan and Fix!
Retina + UpdateEXPERT together are your total solution for system and
network vulnerabilities: Assessment and Remediation.
Any out-of-update system can be exploited, and errors in updating your
system can create new vulnerabilities and disastrous results. Remediation
is complex and requires specialized knowledge, and keeping settings and
patches up to date is an ongoing process to prevent your domains from
getting hacked into.
Product Features: Retina: Vulnerability Scanning and Policy Setting
Product Features: UpdateEXPERT: Patch Application and Management
- Retina is the best-of-class network vulnerability security scanner on
the market (Reference Network World Buyer?s Guide "Blue Ribbon" award
- Retina scans and audits all IP?s (servers, workstations, firewalls,
routers, desktops, Web interfaces, OS, etc.,) looking for security
- The result is a customized report listing all the vulnerabilities on
every IP and their threat level
- Make informed decisions
- Manage from a central console without agents
- Improved reliability without needing to install remote software
- Install only those updates that are missing and applicable:
- Worry-free installation
- Deploy worry-free using exclusive database
- Combine any patches, eliminate reboots
- Check all systems to make sure that patches are still installed and valid:
- Support on-going efforts to manage patch levels
- Define required list of patches
- Make all machines comply in 1 click
- Conformance report (odd-man-out) scans against list of required patches
- Check to see if exceptional systems do not comply and why
What Makes Retina Unique?
UpdateEXPERT ? Remediation and Policy Enforcement:
- Fastest - 2 to 10x faster than the competition
- Constant Updates - Often multiple dailies
- NMAP - Most comprehensive and accurate database available plus
eEye's daily research (discovered and named Code Red worm & XP- UPnP,
hundreds of advisories)
- Non-Intrusive - ID's vulnerabilities without exploit testing
- CHAM - Common Hacking Attack Methods (for "unknown" vulnerabilities
used by Sec Admin)
- Customized Audits - Admin can customize a check
- No IP restrictions - Scan ranges of IP?s
- Reports - Both "Executive" and "Technical"
UpdateEXPERT solves the challenges of keeping your systems patched correctly.
It is extremely important that you deploy patches in the proper sequence.
It determines success or failure.
- UpdateEXPERT installs security, system stability & private software
- Identifies what hotfixes are missing & applicable to your system
- Arranges hotfixes in proper order
- Schedules when to push out a hotfix
- Broadcasts hotfix from central console inside a wrapper
- Installs hotfix independently
- Way more complete, powerful and reliable than any free tool
Try this combination on your own domains now and save a bundle.
This Week's Links We Like. Tips, Hints And Fun Stuff
A site full of links to interesting articles
Into Digital Cameras? This is a pretty good resource
Google's this year's April First joke, pretty funny
PRODUCT OF THE WEEK
Check Point Next Generation Security Administration
The Check Point Next Generation suite of products provides the tools
necessary for easy development and deployment of Enterprise Security
Solutions. Check Point VPN-1/FireWall-1 has been beating out its
competitors for years, and the Next Generation software continues to
improve the look, feel, and ease of use of this software. Check Point
NG Security Administration will show you the ins and outs of the NG
product line. Here is the Amazon Link: