Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 8, 2002 (Vol. 7, #48 - Issue #379)
8-Node Clustering Coming in Windows .NET
This issue of W2Knews contains:
- EDITORS CORNER
- Palladium // The Acronym Jungle, It's Not Just In IT
- TECH BRIEFING
- 8-Node Clustering Coming in Windows .NET Enterprise Server
- NT/2000 RELATED NEWS
- Major Government Cyber Attack? Naaah.
- Linux Instead of W2K On Your XBOX? Ouch.
- NT/2000 THIRD PARTY NEWS
- Next Threat To Corporate Networks
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
FREE Active Directory e-Seminar Series! Register now for "The
Real World with Active Directory." In this two-part online
seminar event sponsored by Net and Full Armor, you'll learn
how to simplify AD deployment and maximize security procedures.
Register now and you'll receive by email a FREE white paper,
"Securely Managing Your Group Policies".
Visit NetIQ for more information.
Palladium // The Acronym Jungle, It's Not Just In IT
Looking at what the Palladium technology is planned to be, I cannot
say I'm hopeful. Despite the fact that it will definitely make IT
more secure, the problem of who controls it has not been solved.
There will be quite a bit of resistance to this one. Read the FAQ
in the fave links below, and you'll get a good picture of it.
And here is some light entertainment in the Editors Corner
for a change. You know that in IT we are bombarded with acronyms,
but we are not the only ones with our own lingo. Accounting also
has their slang. Per this week's Barron's, this is what some
popular financial acronyms really mean:
- EBITDA = Earnings before I tricked the dumb auditor.
- EBIT = Earnings before irregularities and tampering.
- CEO = Chief Embezzlement Officer.
- CFO = Corporate Fraud Officer.
- NAV = Normal Andersen valuation.
- EPS = Eventual prison sentence.
And here is a very conclusive list of IT acronyms:
PS, we got a couple of cool Fave Links too this week.
(email me with feedback: [email protected])
SPONSOR: Quest Software
Diagnose Root Causes of Performance Problems at a Glance!
Keep your end users productive. Diagnose and resolve congestion
FAST! Realize ROI in minutes. Quest Software?s Spotlight lets
you take the pulse of your Microsoft infrastructures with one
glance, letting you see and respond to bottlenecks and outages
before they shut you down. Spotlights are available for Windows,
Exchange, Active Directory and SQL Server. Get TEN FREE LICENSES
of Spotlight on Windows NOW!
Visit Quest Software for more information.
8-Node Clustering Coming in Windows .NET Enterprise Server
ENTmag just reported this exciting news. MS will support eight-node
failover clusters in Windows .NET Enterprise Server. Microsoft made
the post-Beta 3 change to support Exchange Server and multi-site,
disaster tolerance scenarios.
The decision came months after the Beta 3 release of the .NET Server
family editions back in November, when Microsoft announced that only
four-node clusters would be supported in Windows .NET Enterprise Server,
while eight-node failover clusters would be reserved for Windows .NET
Datacenter Server customers.
A Microsoft spokesman told ENT that customer demand led to the change.
"Making eight-node clustering exclusive to Datacenter Server does not
fit within our focus of scalability and reliability [for Datacenter
Server]," the spokesman said.
Market demand for greater than two-node clusters has been slow to
develop. All demand for Microsoft failover clustering has pretty much
been satisfied by two-node clustering up until now.
Microsoft first introduced its Microsoft Cluster Services (MSCS), or
"Wolfpack", in the operating system in 1997 with the rollout of Windows
NT Server 4.0, Enterprise Edition. The two-node limit inherent in the
initial version carried through to W2K Advanced Server, released in
February 2000. When W2K Datacenter Server launched in September 2000,
it ratcheted up the capability to four nodes.
However, some customers suffered from sticker shock when they realized
how much more expensive W2K 2000 Datacenter Server was than W2K Advanced
Server. For a loose comparison, on fairly recent audited benchmarks, HP
listed a cost of about $20,000 for W2K Advanced Server running on eight
servers, while IBM listed an operating system cost of about $440,000
for four servers running Datacenter Server. Full article at:
NT/2000 RELATED NEWS
Major Government Cyber Attack? Naaah.
Greg Filter sent in this letter, and he certainly has a point.
"A Major Cyber Government Attack? Where DOES this stuff come from?
Does anybody think about this drivel?
When did the BSA become some sort of authority on security? They
are nothing but a paid bunch of hit men. In fact I challenge you
to go back and look at old copies of their web site. The addition
of security to their alleged mission is new. (OK a Google search
for the Wayback Machine or www.archive.org if you come up empty).
It is inconclusive, as I believe that there is a problem with the
way the pages were archived, and sometimes you will get an extra
image that seems to show discussion of security. Nonetheless,
they started alleging security involvement sometime in 2001. That
said, just saying so does not make it so. You and I both know
what the mission is and how they are paid. (editor's note, the BSA
is funded by the software industry and has anti-piracy as its goal)
Now let's turn to the 395 IT managers that were alleged to have
been polled. These people are not inside the government. What
could they possibly know about the state of affairs? What gives
them or the BSA the right to make such claims? In my estimation
it is NOTHING but speculation. Frankly the entire press report is
I spent 15 years as a civilian in the military. Several years of
that was in IT security. I will be the first to tell you that things
are not perfect. However things are not a whole lot better in the
other sectors of the computing world. Got a firewall? Look at the
logs for the last day or two. Assuming that you block inbound 1433
attempts, you will discover dozens of attempts to connect to a SQL
Server. Those attacks are coming from unpatched machines. Start
looking up the IP assignments, and you will discover that the
percentage of government machines is not good.
The government will never be perfect. But until you can get the
budgeting cycle out of the hands of politicians, it can never have
a chance. Find a dozen folks that have served in the government,
and listen to their stories about what it is like to work in their
environment. You will be amazed. It is my opinion that EVERYONE
should spend 4 years working for the government. Once that tour
is over you will vote differently at the polls.
I think this story is trash, and should never have been published,
much less reprinted. Not because I believe that there is not a
problem with government security, but because I don't think people
who are not involved should be voting on it. They should be voting
on their OWN vulnerability, assuming that they even know where
they are vulnerable."
Linux Instead of W2K On Your XBOX? Ouch.
Now here is something pretty controversial. I'm sure that Microsoft
"ain't gonna be happy" to put it mildly. The XBOX Linux project is
an initiative that wants to develop a legal Linux flavor that will
work on the XBOX. An anonymous donor has provided $200,000 US for
the people that make it a reality.
The project has been split in several parts, and those again were
split in different tasks. The first project takes the premise that
Linux will replace the stripped down version of W2K that currently
drives the XBOX. The four required tasks are a new BIOS, drivers,
kernel and bootloader.
The second challenge is a Linux port for an unmodified XBOX. Like I
said, MS is not going to be happy with a hacked XBOX running the OS
of the competition as they are selling the hardware at significant
losses. The profits are projected to come out of the software. But
those software sales might not be realized is a significant percentage
of XBOXen will never run the MS-games to begin with.
THIRD PARTY NEWS
Next Threat To Corporate Networks
If you are responsible for your network, email is one of the mission
critical elements. This communication line threatens to be overwhelmed
by unsolicited email of a more and more graphic nature. I can pretty
much predict that companies that allow porn into user's mailboxes are
going to be forced to do something about that, some time in the future.
Unsolicited e-mail from adult-oriented Web sites has increased 450
percent since June 2001, according to anti-spam technology firm
BrightMail. They actually found that adult spam now comprises 8 percent
of all unsolicited messages -- double last year's 4 percent figure.
Measurement and analysis from BrightMail found that unsolicited e-mail
fit into eight different categories:
Miscellaneous messages not pertaining to any of the above categories
made up 15 percent. Another result was that adult-content spam is becoming
more graphic, possibly creating a legal liability to corporations. Current
solutions being utilized include mail filters and rules; software and
blocking systems from anti-spam vendors; and of course, the delete key.
- Product-oriented messages that advertised general goods or services accounted for 27 percent of the spam.
- 20 percent were financial marketing messages.
- Internet- or computer-related e-mails were responsible for 13 percent.
- The afore-mentioned porn spam, defined as offerings for offensive or inappropriate material for persons over the age of 18, comprised 8 percent.
- Scams, such as the infamous "Nigerian Urgent Business Letter," accounted for 6 percent.
- The health category accounted for 4 percent of the spam.
- Spiritually oriented messages (including offerings for psychics and organized religion) weighed in at 4 percent.
- Leisure-related messages -- those advertising prizes, awards, discounted travel, online games and casinos -- were responsible for 3 percent of the total spam received.
Marketers are working diligently with governmental agencies to preserve
e-mail as one of the Internet's killer apps, and establish guidelines
for legitimate, and permission-based, e-mail marketing. A recent study
found that marketers using permission e-mail programs face significant
challenges in preserving e-mail as a viable customer communications
70 percent of respondents say they are receiving more e-mail this year
than last year; spam was cited as a cause by 74 percent of those who
said their e-mail volume grew. Permission e-mail was cited by only 28
percent of respondents as a cause of e-mail volume growth. Two-thirds
of respondents feel they get "too much" e-mail.
There are free solutions out there, like mailwasher.com but freeware
is usually not appropriate for corporate environments. Sunbelt Software
just released iHateSpam, which was designed specifically for Outlook
(as an add-in instead of a proxy) for the professional networks. See:
This Week's Links We Like. Tips, Hints And Fun Stuff
The best FAQ about the new Palladium Security initiative yet. Chilling.
Article in The Register about Palladium and its influence on Linux
And now for something completely different. Kleptomaniac Birds.
Google has a page that shows the "signs of the times".
Parody of the new Mac ad that apparently got pulled. Funny stuff.
[warning: occasional f-word - no nudity]
These guys sell the latest hot stuff not even on the US market yet.
PRODUCT OF THE WEEK
Who doesn't remember the rapid spread of Code Red, which infected one
server and from there automatically launched attacks on other nearby
Web servers, eventually spreading to thousands and thousands of
Microsoft Web servers. Code Red was designed to flood Web servers with
data, which it did so successfully that it caused the virtual shutdown
of large portions of the Internet, as Web servers became overloaded
with more data than they could handle. A worm such as Code Red is just
one of dozens of known methods used to hamper, damage, or steal from
Web sites. Because these threats are a fact of life, you must prepare
yourself to guard your sites against them or suffer the consequences.
IIS Security by Marty Jost does just that.