Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 11, 2002 (Vol. 7, #29 - Issue #360)
NO CHARGE Penetration Test
This issue of W2Knews contains:
- EDITORS CORNER
- Biometrics Could Be Painful [grin]
- TECH BRIEFING
- Microsoft Baseline Security Analyzer Released
- IE Vulnerability Workaround
- NT/2000 RELATED NEWS
- "FREE One-Time Penetration Test Of Your Network!"
- Somewhat Automated Patch Management
- W2K Servers Cheaper To Run Than Unix
- NT/2000 THIRD PARTY NEWS
- Save With Top Security Bundle: Retina + UpdateEXPERT [REPEAT]
- New Build Of ELM Products
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
Full Site Failover and Infrastructure Redundancy delivered by the #1
tool for data replication: Double-Take. Ensure that your data and
applications are always safe. Help your Company and Homeland Security
by protecting your most valuable resources at the source: Your Servers.
Double-Take will fail over if your source server goes down. 2001 Editor's
Choice of both Windows 2000 and Network Magazine. Download a 30-day
eval copy now and start protecting your data and apps.
Visit Double-Take for more information.
Biometrics Could Be Painful [grin]
A subscriber with some Biometrics experience in his back pocket sent me this:
"I was working for a South African owned company in Australia recently
and heard this story from a migrant out of Johannesburg about the
inclusion of ATMs in some of the mines over there, with the idea of
capitalizing on the number of workers and the lack of banks in the area.
(For people outside of the U.S., ATM means Automatic Teller Machines
that allow you to pull money out of the wall, usually with a Card and
a PIN code. Yes, I know you have them too but they are called differently
in every country).
"To make it simple they introduced thumb print identification. Within
weeks of the implementation they had to take the ATMs out because
there were a number of incidents of muggings and peoples thumbs being
cut off to steal their ID. Given the rise of crime generally in the US,
how long do you think before something like this starts happening in
America? Or certainly in other less lawful areas in the world."
My only response to this is that the biometrics companies better come
up with technology to identify if a thumb is alive or dead, and announce
that fact to the world at large. I'd like to see some proof of that,
but are you willing to be the guinea pig? Let me know by email!
This week's XBOX Winner is Marc Nadeau from St-Charles de Bellechasse, Canada! Congrats Marc and enjoy!
PS, the MS 6.0 Licensing survey we recently did certainly got noticed!
Quote of the Day: "There are 30 million telecommuters in the USA. Service
providers are going to be the next utility in the home".
(email me with feedback: [email protected])
SPONSOR: "pcAnywhere Killer"
User Declares Remote Admin "pcAnywhere Killer"
You might want to give Remote Admin a try too. It's as if you are there,
with all the admin tools to control remote systems. This puppy was
"made-by-and-for" system administrators. Pricing is dirt cheap, especially
site- and company licenses. Now a "client & server" combo is available
via the online shop for just 35 bucks! Get yours here:
Visit "pcAnywhere Killer" for more information.
Microsoft Baseline Security Analyzer Released
As you read in the W2Knews scoop, issue 347, Feb 25 this year, Microsoft
finally released their Microsoft Baseline Security Analyzer (MBSA).
It replaces the Microsoft Personal Security Advisor (MPSA). MBSA is a
standalone application that scans Windows NT 4.0, Windows 2000, and XP
systems for common security misconfigurations. MBSA includes the same
security checks as MPSA, but adds value by scanning local and remote
machines, as well as both Windows servers and workstations, it supports
Windows, IIS, and SQL Server.
For home machines and small LANs this may be useful, but essentially it is
a tool that combines HFNETCHK and the MS security page. It does not really
compare to the professional tools out there but then it is free. I guess you
get what you pay for. MBSA can be downloaded from the following location:
IE Vulnerability Workaround
If there is no particular fix for a hole, it is often still possible to use
a workaround to make sure some one does not use a (now) known vulnerability.
Workarounds are good and necessary until a hotfix arrives. For instance, I
would strongly recommend to disable the scripting of ActiveX objects and
obviously also disable Active Scripting as a simple solution to a few new
These recent issues are all due to a new feature of IE 6.0: the ability to
create lists of Administrator approved ActiveX controls. For the normal
end user this has no value what so ever, but an Admin could use this to
restrict which controls can be scripted. If you would apply this in all
zones, it can control quite a few of the new vulnerabilities.
It is normal to approach router and firewall configuration with the
tried-and-true DENY rule. Disallow everything and then specifically allow
only certain things. IE 6.0 offers you that feature too. I suggest you use
it and get no nasty surprises. Grateful acknowledgement to Russ Cooper, the
venerable NTBugtraq Editor.
NT/2000 RELATED NEWS
"FREE One-Time Penetration Test Of Your Network!"
Sunbelt Software and eEye offer you a free outside-in vulnerability
assessment of your network to see if hackers might be able to penetrate.
We will be using Retina to perform this penetration test of one
IP-address you will provide us. The results will be emailed to you.
Interested? Keep on reading.
We are obviously doing this to expose you to the power of Retina.
There is nothing like a white-hat external penetration test to show you
where the holes are. Note that we can only audit what we see from the
outside world. If you have an excellent firewall, chances are we won't
be able to get too far (which is good). You will be notified about that
too of course.
Safeguards will be in place so that the we know that the IP that you
give us is an IP you actually have authority over. This FREE Test is
limited to the first 500 respondees, 200 from Europe and 300 from the
USA and Canada. For logistics and legal reasons we cannot process
requests from other countries at this time.
Instructions: Click on the link below and click on Download Retina
Evaluation. Fill out the download form and as Promotional Code cut
and paste in this one: R3tIz4
Forms without the above code are not eligible for this limited time offer.
Somewhat Automated Patch Management
Got feedback from a reader about my earlier complaints about patch
management essentially being such a headache. He wrote back that MS
has had a tool out for a while called QChain that handles some of this:
"QChain.exe enables an NT 4.0 or W2K Administrator to install multiple
Hotfixes with only one reboot. MS Q296861 discusses this tool in good
detail. In Microsoft's own words: "...QChain.exe gives system admins
the ability to safely chain hotfixes together. Hotfix chaining involves
installing multiple hotfixes without rebooting between each installation.
Without this tool, the only supported method is to reboot after each
hotfix installation. The QChain.exe tool has the following benefits:
It is a solution that works on both Windows 2000 and Windows NT 4.0.
NOTE : The QChain.exe tool is not required on Windows XP and later.
The hotfix installer in Windows XP includes functionality to support
multiple hotfix installation."
- It increases uptime for servers because computers are not being rebooted between each hotfix installation.
- It allows faster installations of multiple hotfixes on a single computer.
W2K Servers Cheaper To Run Than Unix
A new survey has found that Intel-based servers running W2K and trusted
with key back-office applications are significantly cheaper than Unix
servers. The cost of running back-office servers on Windows and Intel
technology is around half that of Unix servers, a new report has found.
According to the survey of US medium and large sized enterprises, over
a three-year ownership period, companies can expect to see 46 per cent
lower costs associated with acquiring, maintaining and running a W2K
server over a Unix/Risc machine.
"We expected there to be a cost advantage, but not this high," said
Thomas Manter, research director at Aberdeen Group and author of the report.
So, we're not crazy after all. [grin] Here is the link.
THIRD PARTY NEWS
Save With Top Security Bundle: Retina + UpdateEXPERT [REPEAT]
[Last issue had some transmission problems so we are repeating this
important news here one more time]
Use Retina to identify vulnerabilities and recommend security policies.
Use UpdateEXPERT to enforce policies for software patches: Scan and Fix!
Retina + UpdateEXPERT together are your total solution for system and
network vulnerabilities: Assessment and Remediation.
Any out-of-update system can be exploited, and errors in updating your
system can create new vulnerabilities and disastrous results. Remediation
is complex and requires specialized knowledge, and keeping settings and
patches up to date is an ongoing process to prevent your domains from
getting hacked into.
Product Features: Retina: Vulnerability Scanning and Policy Setting
Product Features: UpdateEXPERT: Patch Application and Management
- Retina is the best-of-class network vulnerability security scanner on
the market (Reference Network World Buyer's Guide "Blue Ribbon" award
- Retina scans and audits all IP's (servers, workstations, firewalls,
routers, desktops, Web interfaces, OS, etc.,) looking for security
- The result is a customized report listing all the vulnerabilities on
every IP and their threat level.
- Make informed decisions
- Manage from a central console without agents:
- Improved reliability without needing to install remote software
- Install only those updates that are missing and applicable:
- Worry-free installation
- Deploy worry-free using exclusive database:
- Combine any patches, eliminate reboots
- Check all systems to make sure that patches are still installed and valid:
- Support on-going efforts to manage patch levels
- Define required list of patches:
- Make all machines comply in 1 click
- Conformance report (odd-man-out) scans against list of required patches:
- Check to see if exceptional systems do not comply and why
What Makes Retina Unique?
UpdateEXPERT - Remediation and Policy Enforcement:
- Fastest - 2 to 10x faster than the competition
- Constant Updates - Often multiple dailies
- NMAP - Most comprehensive and accurate database available plus
eEye's daily research (discovered and named Code Red worm & XP- UPnP,
hundreds of advisories)
- Non-Intrusive - ID's vulnerabilities without exploit testing
- CHAM - Common Hacking Attack Methods (for "unknown" vulnerabilities
used by Sec Admin)
- Customized Audits - Admin can customize a check
- No IP restrictions - Scan ranges of IP's
- Reports - Both "Executive" and "Technical"
UpdateEXPERT solves the challenges of keeping your systems patched correctly.
It is extremely important that you deploy patches in the proper sequence. It
determines success or failure. Try this combination on your own domains now
and save a bundle.
- UpdateEXPERT installs security, system stability & private software patches
- Identifies what hotfixes are missing & applicable to your system
- Arranges hotfixes in proper order
- Schedules when to push out a hotfix
- Broadcasts hotfix from central console inside a wrapper
- Installs hotfix independently
- Way more complete, powerful and reliable than any free tool
New Build Of ELM Products
We are pleased to announce the immediate availability of Build 22.214.171.1248 of:
ELM Enterprise Manager(tm) 3.0
ELM Log Manager(tm) 3.0
ELM Performance Manager(tm) 3.0
ELM Enterprise Manager is now Certified for Windows 2000 Server and Windows
2000 Advanced Server.
A comparison of these three products can be found at in the White Papers
section of this page, and you can also download your new version from
Instructions for upgrading from a prior release can be found at:
Instructions for upgrading from Beta 2 can be found at:
Instructions for upgrading from Event Log Monitor can be found at:
Added: You can now use Boolean characters and wildcard characters in the
Message Contains field within the Event Alarm, Event Collector and Event
Filter criteria. Several bugs were fixed in this new build.
This Week's Links We Like. Tips, Hints And Fun Stuff
Top 10 Active Directory Bloopers at the SearchWin2000.com site:
A very controversial PowerPoint show that was sent to me. It's about how
Palestinian children are being raised to become killers. This is pretty
heavy to watch and not fun, but impressive. Not for the weak of heart!
ViewSonic's First Wireless Monitor, the ViewSonic airpanel 100:
Fly the space shuttle virtually:
Always thought that wireless networks have a perfect circle in signal
strength? Think again!
PRODUCT OF THE WEEK
MCSE Consulting Bible
According to the 1999 Salary Survey conducted by MCP Magazine, the average
MCSE has 6.8 years of experience. The average self-employed MCSE consultant
with 6 - 9 years of experience earns $85,000 - that's over $8,000 more than
the average salary +bonus and benefits package of other MCSEs. There is a
demand for MCSEs who can offer a variety of technical expertise and services,
and this book will show you how to create a successful consulting business.
MCSE CONSULTING BIBLE walks you through the issues to consider when making
the decision to start their own consulting business and then offers key
advice on each aspect of the business from deciding what services to offer,
to marketing, to maintaining customer relationships.