1. EDITORS CORNER
   • Biometrics Could Be Painful [grin]
2. TECH BRIEFING
   • Microsoft Baseline Security Analyzer Released
   • IE Vulnerability Workaround
3. NT/2000 RELATED NEWS
   • "FREE One-Time Penetration Test Of Your Network!"
   • Somewhat Automated Patch Management
   • W2K Servers Cheaper To Run Than Unix
4. NT/2000 THIRD PARTY NEWS
   • Save With Top Security Bundle: Retina + UpdateEXPERT [REPEAT]
   • New Build Of ELM Products
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • MCSE Consulting Bible

Biometrics Could Be Painful [grin]

A subscriber with some Biometrics experience in his back pocket sent me this:

"I was working for a South African owned company in Australia recently and heard this story from a migrant out of Johannesburg about the inclusion of ATMs in some of the mines over there, with the idea of capitalizing on the number of workers and the lack of banks in the area. (For people outside of the U.S., ATM means Automatic Teller Machines that allow you to pull money out of the wall, usually with a Card and a PIN code. Yes, I know you have them too but they are called differently in every country).

"To make it simple they introduced thumb print identification. Within weeks of the implementation they had to take the ATMs out because there were a number of incidents of muggings and peoples thumbs being cut off to steal their ID. Given the rise of crime generally in the US, how long do you think before something like this starts happening in America? Or certainly in other less lawful areas in the world."

My only response to this is that the biometrics companies better come up with technology to identify if a thumb is alive or dead, and announce that fact to the world at large. I'd like to see some proof of that, but are you willing to be the guinea pig? Let me know by email!

This week's XBOX Winner is Marc Nadeau from St-Charles de Bellechasse, Canada! Congrats Marc and enjoy!

PS, the MS 6.0 Licensing survey we recently did certainly got noticed!
http://www.w2knews.com/rd/rd.cfm?id=020411ED-MS60

Quote of the Day: "There are 30 million telecommuters in the USA. Service providers are going to be the next utility in the home".

Microsoft Baseline Security Analyzer Released

As you read in the W2Knews scoop, issue 347, Feb 25 this year, Microsoft finally released their Microsoft Baseline Security Analyzer (MBSA). It replaces the Microsoft Personal Security Advisor (MPSA). MBSA is a standalone application that scans Windows NT 4.0, Windows 2000, and XP systems for common security misconfigurations. MBSA includes the same security checks as MPSA, but adds value by scanning local and remote machines, as well as both Windows servers and workstations, it supports Windows, IIS, and SQL Server.

For home machines and small LANs this may be useful, but essentially it is a tool that combines HFNETCHK and the MS security page. It does not really compare to the professional tools out there but then it is free. I guess you get what you pay for. MBSA can be downloaded from the following location:
http://www.w2knews.com/rd/rd.cfm?id=020411TB-MBSA

IE Vulnerability Workaround

If there is no particular fix for a hole, it is often still possible to use a workaround to make sure some one does not use a (now) known vulnerability. Workarounds are good and necessary until a hotfix arrives. For instance, I would strongly recommend to disable the scripting of ActiveX objects and obviously also disable Active Scripting as a simple solution to a few new known holes.

These recent issues are all due to a new feature of IE 6.0: the ability to create lists of Administrator approved ActiveX controls. For the normal end user this has no value what so ever, but an Admin could use this to restrict which controls can be scripted. If you would apply this in all zones, it can control quite a few of the new vulnerabilities.

"FREE One-Time Penetration Test Of Your Network!"

Sunbelt Software and eEye offer you a free outside-in vulnerability assessment of your network to see if hackers might be able to penetrate. We will be using Retina to perform this penetration test of one IP-address you will provide us. The results will be emailed to you. Interested? Keep on reading.

We are obviously doing this to expose you to the power of Retina. There is nothing like a white-hat external penetration test to show you where the holes are. Note that we can only audit what we see from the outside world. If you have an excellent firewall, chances are we won't be able to get too far (which is good). You will be notified about that too of course.

Safeguards will be in place so that the we know that the IP that you give us is an IP you actually have authority over. This FREE Test is limited to the first 500 respondees, 200 from Europe and 300 from the USA and Canada. For logistics and legal reasons we cannot process requests from other countries at this time.

Instructions: Click on the link below and click on Download Retina Evaluation. Fill out the download form and as Promotional Code cut and paste in this one: R3tIz4
Forms without the above code are not eligible for this limited time offer.
http://www.w2knews.com/rd/rd.cfm?id=020411RN-PENTEST

Somewhat Automated Patch Management

Got feedback from a reader about my earlier complaints about patch management essentially being such a headache. He wrote back that MS has had a tool out for a while called QChain that handles some of this:

"QChain.exe enables an NT 4.0 or W2K Administrator to install multiple Hotfixes with only one reboot. MS Q296861 discusses this tool in good detail. In Microsoft's own words: "...QChain.exe gives system admins the ability to safely chain hotfixes together. Hotfix chaining involves installing multiple hotfixes without rebooting between each installation. Without this tool, the only supported method is to reboot after each hotfix installation. The QChain.exe tool has the following benefits:

• It increases uptime for servers because computers are not being rebooted between each hotfix installation.
• It allows faster installations of multiple hotfixes on a single computer.

W2K Servers Cheaper To Run Than Unix

A new survey has found that Intel-based servers running W2K and trusted with key back-office applications are significantly cheaper than Unix servers. The cost of running back-office servers on Windows and Intel technology is around half that of Unix servers, a new report has found.

According to the survey of US medium and large sized enterprises, over a three-year ownership period, companies can expect to see 46 per cent lower costs associated with acquiring, maintaining and running a W2K server over a Unix/Risc machine.

Save With Top Security Bundle: Retina + UpdateEXPERT [REPEAT]

[Last issue had some transmission problems so we are repeating this important news here one more time]

Use Retina to identify vulnerabilities and recommend security policies. Use UpdateEXPERT to enforce policies for software patches: Scan and Fix! Retina + UpdateEXPERT together are your total solution for system and network vulnerabilities: Assessment and Remediation.

Any out-of-update system can be exploited, and errors in updating your system can create new vulnerabilities and disastrous results. Remediation is complex and requires specialized knowledge, and keeping settings and patches up to date is an ongoing process to prevent your domains from getting hacked into.

Product Features: Retina: Vulnerability Scanning and Policy Setting

• Retina is the best-of-class network vulnerability security scanner on the market (Reference Network World Buyer's Guide "Blue Ribbon" award for excellence).
• Retina scans and audits all IP's (servers, workstations, firewalls, routers, desktops, Web interfaces, OS, etc.,) looking for security vulnerabilities.
• The result is a customized report listing all the vulnerabilities on every IP and their threat level.

• Make informed decisions
• Manage from a central console without agents:
• Improved reliability without needing to install remote software
• Install only those updates that are missing and applicable:
• Worry-free installation
• Deploy worry-free using exclusive database:
• Combine any patches, eliminate reboots
• Check all systems to make sure that patches are still installed and valid:
• Support on-going efforts to manage patch levels
• Define required list of patches:
• Make all machines comply in 1 click
• Conformance report (odd-man-out) scans against list of required patches:
• Check to see if exceptional systems do not comply and why

What Makes Retina Unique?

• Fastest - 2 to 10x faster than the competition
• Constant Updates - Often multiple dailies
• NMAP - Most comprehensive and accurate database available plus eEye's daily research (discovered and named Code Red worm & XP- UPnP, hundreds of advisories)
• Non-Intrusive - ID's vulnerabilities without exploit testing
• CHAM - Common Hacking Attack Methods (for "unknown" vulnerabilities used by Sec Admin)
• Customized Audits - Admin can customize a check
• No IP restrictions - Scan ranges of IP's
• Reports - Both "Executive" and "Technical"

• UpdateEXPERT installs security, system stability & private software patches
• Identifies what hotfixes are missing & applicable to your system
• Arranges hotfixes in proper order
• Schedules when to push out a hotfix
• Broadcasts hotfix from central console inside a wrapper
• Installs hotfix independently
• Way more complete, powerful and reliable than any free tool

New Build Of ELM Products

We are pleased to announce the immediate availability of Build 3.0.0.268 of:
ELM Enterprise Manager(tm) 3.0
ELM Log Manager(tm) 3.0
ELM Performance Manager(tm) 3.0

ELM Enterprise Manager is now Certified for Windows 2000 Server and Windows 2000 Advanced Server.

A comparison of these three products can be found at in the White Papers section of this page, and you can also download your new version from this location:
http://www.w2knews.com/rd/rd.cfm?id=020411TP-newELM

Instructions for upgrading from a prior release can be found at:
http://www.tntsoftware.com/products/ELM3/Common/Release_Upgrade.asp
Instructions for upgrading from Beta 2 can be found at:
http://www.tntsoftware.com/products/ELM3/Common/Beta_Upgrade.asp
Instructions for upgrading from Event Log Monitor can be found at:
http://www.tntsoftware.com/products/ELM3/Common/2x_Upgrade.asp

This Week's Links We Like. Tips, Hints And Fun Stuff

MCSE Consulting Bible

According to the 1999 Salary Survey conducted by MCP Magazine, the average MCSE has 6.8 years of experience. The average self-employed MCSE consultant with 6 - 9 years of experience earns $85,000 - that's over $8,000 more than the average salary +bonus and benefits package of other MCSEs. There is a demand for MCSEs who can offer a variety of technical expertise and services, and this book will show you how to create a successful consulting business. MCSE CONSULTING BIBLE walks you through the issues to consider when making the decision to start their own consulting business and then offers key advice on each aspect of the business from deciding what services to offer, to marketing, to maintaining customer relationships.