- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 21, 2002 (Vol. 7, #67 - Issue #398)
Support Deadlines Loom For NT, SQL and Exchange
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • Remote Control Phones / SunPoll: MS LifeCycle Policy
  2. TECH BRIEFING
    • Locking Down an IIS Box
  3. NT/2000 RELATED NEWS
    • Ballmer Owns Up to Licensing 6.0 Flap
    • Microsoft Net Profit Doubles As Sales Rise
    • Support Deadlines Loom For NT, SQL and Exchange
    • Instant Messaging Going Into The OS
  4. NT/2000 THIRD PARTY NEWS
    • TWICE the patches in 2002 compared to 2001. Ouch!
    • New Product Version: Retina 4.9
    • Retina: Designed to Meet HIPAA Regulations
    • PestPatrol Version 4.0: Great Security Tool
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Windows 2000: Group Policy, Profiles, and IntelliMirror
  SPONSOR: BindView
Is your organization like many others: facing security issues con-
cerning configuration and change management in the IDC/EDC? A white
paper written by one of Microsoft's elite security team members is
now available for free. "Security in the IDC/EDC Scenario: How
BindView's Security can help" assists IT personnel learn how to
improve security within their Internet/ Extranet Data Centers.
Please Visit:
Visit BindView for more information.
  EDITORS CORNER

Remote Control Phones / SunPoll: MS LifeCycle Policy

Well, it seems that the votes are split. There are strong proponents for both options, many like the Palm OS, and many like the Pocket PC option. Here is some one that really likes the Pocket Phone. Gary Long wrote:

"Hi Stu,

I was just at MEC last week and had the opportunity to try out the pocket phone for the entire week by AT&T Wireless. The guy you mentioned in this weeks column is absolutely right. It is an amazing product.

Now I'm not the type of person who carries around a PDA all day. I have an iPAQ that I use rarely, but helps me synch my work Outlook with home. Also I use it to wireless browse etc. After trying out the pocket phone, I could really use one. It was so nice and easy to have all of my info right there at MEC. Browsing, chatting with IM, terminal server etc. All from anywhere I was at. The connection was good, speed totally acceptable and quality was great. And with the GSM technology, I could take my SIM card out of my current Nokia 8290 (small phone) and put it into the BIG pocket phone and still have all my programming. It would be great for me to switch between the 2 depending on where I need each one. Give it a try. You will become dependent on it. I was and I generally hate carrying them around."

This concludes the saga of the cell phones for the moment. Looks like they are a matter of taste and features. But more and more you will be able to run your servers from where ever you are, which really is a good thing for us admins. Here are the best wireless software admin tools we could find for these kinds of applications:
http://www.w2knews.com/rd/rd.cfm?id=021021ED-Wireless_Tools

I suggest you read the articles below about the new MS Software Lifecycle Policy, and then answer our new SunPoll about it. The link brings you to our home page and you can vote in the leftmost column.

Q: What is your opinion about MS's new Software Lifecycle policy?

  • Been waiting for that for a while, it's a good thing.
  • Does not make any difference to me.
  • Just one more way to drive MS revenues.
http://www.w2knews.com/rd/rd.cfm?id=021021ED-SunPoll

PS: We sometimes send out direct email for companies we think have relevant offers for you. They basically rent our list. We send it for them, they never get your address. But you can opt out of third party mailers by changing your profile. See the link at the very end of each issue.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Mark Minasi's Web Site!
Become A Network Genius With Mark Minasi!
Millions have read his bestselling guides to Microsoft networking,
attended his classes, heard his talks, and enjoyed his popular
magazine columns. Mark makes NT, 2000, XP and .NET easy and
entertaining. "Take George Carlin, clean up the language and make
him techie, and you've got Minasi," a recent attendee says.
Don't miss our free tech newsletter!
Visit Mark Minasi's Web Site! for more information.
  TECH BRIEFING

Locking Down an IIS Box

Microsoft released the Latest IIS Lockdown tool last week, here:
http://www.w2knews.com/rd/rd.cfm?id=021021TB-Lockdown_Tool

On that note we thought we could help you out with some info on securing an IIS box. Credit Mark Burnett and also eEye's Mark Maiffret for the following info on Locking down IIS.

Hardened configurations are a GREAT start, but not the end of it all, NOR is only one good security configuration or product the total end. And your environment will dictate what you do. You need everything, and then still need to pray to the server gods at night. This prayer includes having the SecureIIS god on your side.

Most of these preventions are common steps that are on many security checklists. In fact, there are nine basic steps that prevent most attacks:

  1. Put IIS on its own partition.
  2. Use packet filtering to block unused ports.
  3. Do not use FrontPage Server Extensions or WebDav on a production server.
  4. Disable all unused services or Windows components.
  5. Remove all unused ISAPI script mappings.
  6. Set the minimum required IIS permissions (do not allow script/executables if you are not using them).
  7. Set proper NTFS permissions.
  8. Do not put sensitive information in ASP files.
  9. Use the MaxClientRequestBuffer (see Q260694).
Of course, it is important to install service packs and hotfixes and it does help to have 3rd party add-ons for an additional layer of protection. We can help you manage the hotfixes too with UpdateEXPERT:
http://www.w2knews.com/rd/rd.cfm?id=021021TB-UpdateEXPERT

You want to follow the recommended best practices and hardening checklists for windows and IIS found at:
http://www.w2knews.com/rd/rd.cfm?id=021021TB-Security

A streaming video of SecureIIS, setup and config, 10 minutes, WM8: and click on the QUICKDEMO Icon. Eval downloads available too.
http://www.w2knews.com/rd/rd.cfm?id=021021TB-SecureIIS

  NT/2000 RELATED NEWS

Ballmer Owns Up to Licensing 6.0 Flap

ENT magazine (used to be in print but is now only online) reported that Microsoft CEO Steve Ballmer had a lot of explaining to do about their new licensing and Software Assurance policies Wednesday morning at Gartner's ITXpo/Symposium, being held in Orlando, Florida.

Owning up to customer disenchantment with Licensing 6.0, Ballmer admitted that the process and ensuing customer pushback resulted in a "lot of learning for us." The CEO also gave more explanation about the MS.NET approach, stating that the intention of the new MS architecture is introducing XML into Microsoft's products.

Personally, I think "learning" is a weak excuse. They have been looking at this for at least 4 years and have been trying to get into a regular subscription revenue stream for at least that long or even longer. I warned about this in W2Knews in 1998! See this link here, and you will find my reference in the Editor's Corner:
http://www.w2knews.com/rd/rd.cfm?id=021021RN-Revenue

They cannot really hide behind "it's a learning experience" since they had ample time to do their homework. It would have been better to simply state: "Sorry guys, we're making software more like the power company, and you pay us per month. Our shareholders and Wall Street like it better that way". Microsoft reported this week that its first-quarter earnings were up 26% over last year. I think these numbers speak for themselves. Read the ENT article at:
http://www.w2knews.com/rd/rd.cfm?id=021021RN-ENTMag

Microsoft Net Profit Doubles As Sales Rise

The rest of the technology world (or most of it) isn't doing so well. Some examples are Intel and Sun Microsystems. But MS is shining at the moment. Both sales and profits are up this quarter, which is the first of their fiscal year. A whopping 26% increase in sales over Q1 last year. MS even outpaced IBM, which reported stabilizing revenues but an 18% drop in profit.

It is obvious though what this sudden money rush is all about: Licensing 6.0, as the deadline was July 31. Another reason for MS doing well is that they did not have a lot of investment losses like they had last year. Revenues were 7.75 Billion, up from 6.13 Billion in last year's first period. Next quarter the results will not be as stellar, overall PC shipments should be flat to slightly up. Most of their revenue increase is due to selling higher cost WinXP licenses, (compared to W98), and server software sales going up 14%.

Support Deadlines Loom For NT, SQL and Exchange

Well it's official. Now you know. MS finally normalized the way their stuff is supported and the first Lifecycle policy is here now. Your regular support ends in December 2003 for Exchange 5.5, March 2004 for SQL Server 7.0 and March 2005 for Windows 2000.

The new support plan means that mainstream support for W2K Pro will run until March 31, 2005, and extended support will last until March 31, 2007.

"Through our customer focus groups, Microsoft learned that customers do not have a clear understanding of vendor lifecycle plans. Instead they rely on expectations of how often new releases occur, and react to retirement announcements," Lori Moore, corporate vice president of Microsoft product support services, said in a Q&A on Microsoft's Web site explaining the new policy. In other words, it was a mess and everyone was in "reactive mode" when a product was retired.

Microsoft also decided to make support consistent across all of its product lines, except for consumer products such as Money and Encarta, which have new versions released each year. Those products will receive three years of mainstream support.

In general, mainstream support includes the various options and programs you have access to today, such as no-charge and paid incident support, support for warranty claims and hot-fix support to address specific problems, which is sometimes referred to as quick-fix engineering. Extended support can include support charged on an hourly basis or paid hot-fix support. In order for you to be eligible for paid hot-fix support, you must buy an extended hot-fix support contract within 90 days after the mainstream support period ends.

In addition to mainstream and extended support, an online self-help option will be available for at least eight years from the general availability date for most products. The general availability date will be determined by adding three months to the date that MS releases a product to manufacturing.

So, how is this whole thing going to pan out for NT 4.0? Your mainstream support for 4.0 will last through Dec. 31, 2002. That is six years and not five years after the general availability of 4.0.

But the extended support for 4.0 will only be one year instead of two and lasts until Dec. 31, 2003. This is consistent with the dates they gave in 2001, and complies with the seven years of combined mainstream and extended support MS promises in its new plan. Now, keep in mind that hotfixes are another story all together. It is now clear that NT 4.0 will have free security hotfixes until the end of 2003. No more hotfixes for a platform will be an immediate invitation for hackers to start attacking that platform ferociously. So, you have to plan with this! The message is: "move over to W2K before Dec. 2003 or start paying for hotfixes".

Voice your opinion about Licensing 6.0 over here, leftmost column:
Q: What is your opinion about MS's new Software Lifecycle policy?

  • Been waiting for that for a while, it's a good thing.
  • Does not make any difference to me.
  • Just one more way to drive MS revenues.
http://www.w2knews.com/rd/rd.cfm?id=021021RN-SunPoll

Instant Messaging Going Into The OS

Network World had a piece of news I did not want to withhold from you. IM is pulled out of Exchange and pushed into the OS!

They started like this: "The sands are shifting again at Microsoft as highlighted by its Greenwich project that pulls instant messaging support from Exchange and transfers it to the base operating system. Also, Microsoft just announced its Jupiter project to consolidate three .Net business servers, and XSO an API for accessing Exchange features. Paul Flessner, senior vice president of .Net enterprise servers at Microsoft, sat down with Network World senior editor John Fontana during the Microsoft Exchange Conference this week to discuss how and why all these changes are going on." Rest of the article here:
http://www.w2knews.com/rd/rd.cfm?id=021021RN-IM_into_OS

  THIRD PARTY NEWS

TWICE the patches in 2002 compared to 2001. Ouch!

MS came out with three security bulletins late Wednesday. One of these was a patch for a critical flaw in SQL Server. The other two warnings included hotfixes for threats that were tagged "moderate" for WinXP Help and Support Center and for a little-used feature of Word and Excel. If you look at the number of hotfixes, they are going up rapidly. MS released 61 bulletins so far in 2002, one more than Redmond issued for all of last year.

Meaning, you have TWICE the amount of work this year compared to last year keeping your domains patched. It gets (very) high time to automate this. Patching is not a simple task. They need to be tested, applied in the right sequence, and deploying hotfixes has become a whole art by itself. There is one product that does it all, and one of the largest users in the World has just standardized on UpdateEXPERT: All of US ARMY Europe, (being a major and very critical segment of the US ARMY), plus their support networks. Here is their viewpoint:

"After looking at a number of alternatives, US ARMY Europe (USAREUR) has purchased St. Bernard's UpdateEXPERT security software through Sunbelt Software Inc. as its research, inventory, deployment and validation tool that will enable USAREUR to fix security vulnerabilities and stability problems on its Windows NT/2000/XP machines while significantly reducing the administrative work-load associated with the on-going endeavor of making these networks the most secure and efficient networks in all of Europe."
-- Brad Howard, Chief, RCERT-Europe

Well, there you have it from one of the largest and expert users around. You can download and test UpdateEXPERT yourself over here:
http://www.w2knews.com/rd/rd.cfm?id=021021TP-UpdateEXPERT

New Product Version: Retina 4.9

Retina 4.9 has been released. It is available to clients either via a full installer or via the Auto-Update functionality. The following changes were made in Retina 4.9:

  • Improved OS Detection/Fingerprinting: Retina can now detect even more operating systems and devices on networks.
  • One-Click Scan All Ports: Retina now has the ability to scan all ports on target machines by checking one box.
  • File Auditing: Retina will allow for remote and local file auditing
  • IP Timestamping/IPID Sequence Prediction: Retina will tell users the last time target machines were rebooted and how long they have been up and running.
  • Verbose Port Write-Back: Retina now displays the port information for each vulnerability.
  • Improved Registry Auditing: Developers of vulnerability checks can now use "Regex" capabilities within registry auditing.
  • Improved SNMP Auditing: The ability to audit SSL "aware" services, and also improved SSL protocol detection for SSL services.
Remember, you can still get a no-charge outside-in scan of your network, done by Sunbelt engineers to show you what vulnerabilities you have. We are obviously doing this to expose you to the power of Retina. There is nothing like a white-hat external penetration test to show you where the holes are. Note that we can only audit what we see from the outside world. If you have an excellent firewall, chances are we won't be able to get too far (which is good). You will be notified about that too of course.

Safeguards will be in place so that we know that the IP that you give us is an IP you actually have authority over. This test is free, but limited to the first 500 respondees, 200 from Europe and 300 from the USA and Canada. For logistics and legal reasons we cannot process requests from other countries at this time.

Instructions: Click on the link below and click on Download Retina Evaluation. Fill out the download form and as Promotional Code cut and paste in this one: 965134. Forms without the above code are not eligible for this limited time offer.
http://www.w2knews.com/rd/rd.cfm?id=021021TP-Retina

Retina: Designed to Meet HIPAA Regulations

HIPAA (Health Insurance Portability and Accountability Act of 1996) will require healthcare providers to prove that they are on top of their security practices. One of the new requirements states that vulnerability assessments must be regularly performed on their networks. Retina, eEye's vulnerability assessment tool, can be used in several ways to help the healthcare provider comply with these new security regulations.

Retina can formalize and simplify the vulnerability assessment and remediation process. Retina's main benefits are ease-of-use, scanning speed, and accuracy. In addition, Retina has reporting tools that can identify previous scan results and show both improvements and elimination of vulnerabilities. It provides the client with the necessary data to support their HIPAA IT security compliancy.

Under the new regulations, any healthcare provider that electronically sends one of the transactions covered in the Final Rules (claims, remittances, claim status inquiries, eligibility, certification) must comply with HIPAA requirements. In addition, organizations that electronically store or transmit individually identified healthcare information must also comply with the new security regulations.

The penalties for non-compliance are severe. Under HIPAA, firms not meeting network security compliancy by April, 2003 are subject to severe penalties. Given this, there are thousands of businesses urgently seeking qualified vendors to bring their networks into a secure state both externally and internally.

Your organization can get involved early by providing HIPAA planning, assessment, and implementation. Retina can be used as a consultant's tool for penetration testing and baseline vulnerability assessments. As part of the healthcare provider's security policy, Retina Pro can be installed across the enterprise and easily configured to provide ongoing assessments with scheduled scans. By providing additional consulting and training, your clients will rely on your organization as their partner in meeting HIPAA compliance requirements. (HIPAA applies to US healthcare clients only, but is no bad idea for anyone with a mission critical infrastructure.
http://www.w2knews.com/rd/rd.cfm?id=021021TP-Retina_HIPAA

PestPatrol Version 4.0: Great Security Tool

It's been proven time and time again ? the hard way ? that surfing the web exposes you to all kinds of malicious code that can invade your privacy, track your activity, and allow hackers to control your PC. It's not getting any better, and your anti-virus and firewall aren't enough to protect you or your users.

PestPatrol has just released an updated version, and it goes even further than the last version in detecting spyware and other destructive pests like hacker tools and trojans. It has a new Intelligent Reporting feature that indicates the threat level of the pests it detects, and advises you on the right actions to take. You can even custom-select what types of pests to detect, so you can focus on specific vulnerabilities on your PC or network. Their pest database has grown to over 57,000 pests in over 11,000 pest families ? yes, there are that many threats lurking out there.

Here are a few bullet points on the new features. More and more security specialists have PestPatrol in their kit to scan for Trojans and a host of other nasties.

New in Version 4:

  • Separate spyware database - offers improved spyware detection
  • Intelligent Reporting - indicates threat levels of pests detected, and advises on appropriate action
  • Custom selection of what pests to detect - allows focused detection on specific vulnerabilities
  • Control Terminal - provides easy access to all modules via System Tray Updated interface - offers increased usability and user-friendly look and feel
  • Now detects more than 57,000 pests - in over 11,000 pest families
Check out PestPatrol over here:
http://www.w2knews.com/rd/rd.cfm?id=021021TP-PestPatrol
  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • One hundred years of Coffee Machines. When will the first one with a chip show up? IS it already here perhaps?

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-Coffee_Machine
  • The Crazy (silly) Putty World. Get it in fun colors. Itsss Playtime!

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-PuttyWorld
  • Windows Messenger being used for s^pam, breaking in via NetBIOS:

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-Messenger
  • The NEW NIST Security guides are out, here:

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-Nist
  • No More Silly Putty, this is Pumpkin Chucking time

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-Pumpkin
  • How to fry an egg on a PC CPU. Really.

  • http://www.w2knews.com/rd/rd.cfm?id=021021FA-Fry_an_Egg
      PRODUCT OF THE WEEK

    Windows 2000: Group Policy, Profiles, and IntelliMirror

    This groundbreaking book is part of the Mark Minasi Windows 2000 Series and written by Jeremy Moskowitz, a well known W2K Guru. It's received thousands of accolades. Check it out at Amazon:

    http://www.w2knews.com/rd/rd.cfm?id=021021PW-Windows_2000