- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 4, 2002 (Vol. 7, #69 - Issue #400)
Security Tool Definitions
  This issue of W2Knews™ contains:
    • Microsoft Is Not Alone In The Patch World
    • Interview With A SysAdmin Colleague
    • MS Asks for W2K SP4 Beta Testers
    • Security Tool Definitions
    • NEW: ExRay for Exchange
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Killer Black Alum Gamer Case
  SPONSOR: Altiris
Fast. Easy. Painless. With Altiris Migration Suite, you will
experience a simplified migration to Windows 2000 or XP. The
Migration Suite provides pre-migration hardware and software
assessment, OS deployment, software installation, personality
restoration, and post-migration reporting in a single tool.
Download a free 30-day evaluation of Network Magazine's 2002
"Product of the Year" for Systems and Desktop Management today.
Visit Altiris for more information.

Microsoft Is Not Alone In The Patch World

Hi All, This is issue #400, so we decided to dress it up in Halloween style for this festive occasion, and send it one day earlier than normal. The main part will be the definitions of security products you asked for. And as a comment on the constant patching problems, some one wrote me this:

"I work with PeopleSoft HRMS enterprise software and am in the process of upgrading from version 7.51 to 8.3. They have released 82 patches that are listed as "Required for Upgrade" since the release in December 2001 of their upgrade software. To upgrade from 7.51 to version 8 SP1 they have issued 156 patches from February 2001 to date. Microsoft is not alone in this patch world."

Quote of the Day:
IRS: We've got what it takes to take what you've got.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Your #2 headache is High Availability. It's your job to keep
mission critical data available for your users. Double-Take is
the World's Number One tool for data replication and disaster
recovery. Verified for all W2K Platforms. How it works? "Server
A dies, Server B takes over transparently". Your users won't even
know there was downtime. Double-Take outsells all other solutions
for W2K combined. It's time you check it out too. This is the
ultimate job security tool:
Visit Double-Take for more information.

Interview With A SysAdmin Colleague

  1. What does your company Capture Resource do?
    We are a leading provider of integrated image and data capture services. We run a 24/6 work schedule for now, and are adding a second facility within the month.

  2. Sean, what are your own job specs?
    I am VP of IT. All systems issues, changes, etc., go through me for approval and installation.

  3. How do you guys keep your own networks protected?
    We use several utilities, mostly provided by Sunbelt Software.
    • IRIS 4.0
    • Secure IIS 2.0
    • Retina
    • Security Explorer
    • Service Explorer
    • UltraAdmin 3.0
    • PasswordBouncer 2.0
    • Ultrabac 7.x
    • Sonicadmin 2.5
    • iHateSpam

  4. Which security problems do you generally find when you work with your customers?
    These are the common ones:
    • Password control and policy
    • IDS software in place
    • Internet connectivity
    • Dial-in capabilities
    • Anti-Virus

  5. What would you recommend to your fellow W2Knews subscribers to keep their networks safe?
    I would recommend that they visit the site daily for additional software that is added or updated, or whatever, because the 'Best of the Breed' slogan is not just a slogan, but words to live by. I was skeptical at first too, but after Fred [Editor's note: Fred is a Sunbelt sales rep] got the first sale to me (Retina), it has been a downhill ride ever since.

    Although we have installed software from other distributors, these were products that target very specific areas, which is not what your company is about. Apart from those specific ones, we have relied 100% on the legwork of your staff to provide us with the latest, greatest, and 'Best of Breed' software solutions to fill those security audits with nothing but good, solid answers, so we can keep our networks safe, and running 24/7.

    Definite recommendations:

    • Secure IIS 2.0 (if you IIS for anything!)
    • Retina
    • Sonicadmin
Sean Sliwinski

MS Asks for W2K SP4 Beta Testers

"The Windows Sustained Engineering team is currently taking nominations for the Windows 2000 Service Pack 4 (SP4) beta program. Our goal is to have a well targeted group of testers willing to actively participate and provide useful feedback to our development team throughout the beta program. Would you like the opportunity to make your feedback visible in the next service pack and, to help improve Windows 2000 SP4?" Check here:

Security Tool Definitions

Hundreds of you asked me about the definitions of the security software categories I mentioned in the last issue. First off, I need to tell you I got these from an email that I received from SANS. I have been a real proponent of SANS since 1998 when I first heard of them. Go to W2Knews and type SANS in the search box:

They are a GREAT organization and I recommend them strongly for all your security training needs. SANS also recently came out with a cool poster of security tools and which vendors have white papers. The definitions that I'm giving you here are off that poster, with grateful acknowledgement to SANS. You should check them out here:

So here are the definitions. Study them well.

    Definition: Once connected to the Internet an individual undertakes a degree of risk from computer viruses, malicious Java or ActiveX, and more. Tools that perform active content monitoring examine material entering a computer/network for potentially damaging content, cross-referencing what they scan with continuously updated definition libraries. The impact of allowing malicious content to enter a networked unchallenged can vary form suffering mild annoyances to extended network downtime and loss of stored material.
    Definition: Authentication asks the question of "Who are you?" whereas Authorization addresses the question of "Are you allowed to do that?" Policy-based authorization servers allow applications, usually web servers, an ability to centralize authentication and authorization tasks. A Security Manager defines authentication methods (e.g. passwords) users and access controls. Each time a user wishes to access a resource the application queries the authorization server which refers to the policies and the rules to answer the query.
    Definition: A firewall is a system or group of systems that enforces an access control policy between two networks.
    Definition: A host-based intrusion detection system is software that monitors a system or applications log files. It responds with an alarm or a countermeasure when a user attempts to gain access to unauthorized data, files or services.
    Definition: Risk is a combination of the likelihood that an incident will occur and the damage that will result. Risk Assessment provides an understanding and analysis of these two factors using processes and tools. Organizations usually face an insurmountable number of potential vulnerabilities. Risk Management determines which risks should be accepted, assigned or avoided (mitigated).
    Definition: These hardware/software combinations offer firewall and sometimes other services such as network load management in a single purpose offering. Because they have very limited operating system function, they are generally easier to manage, cheaper, and less subject to common hacker attacks than firewalls installed on general purpose UNIX or Windows NT computers.
    Definition: Consulting organizations simulate real-word hacking and social engineering attacks on an enterprises' network and systems to determine where weaknesses lie, and offer advice on how those weaknesses may be addressed in order to beef-up security.
    Definition: These tools take several approaches to improving the ability of your systems to differentiate between people who should and should not have access.
    Definition: A network-based intrusion detection system monitors network traffic and responds with an alarm when it identifies a traffic pattern that it deems to be either a scanning attempt or a denial of service or other attack. It is quite useful in demonstrating that "bad guys" are actually trying to get into your computers.
    Definition: Authentication is the process of determining whether something or someone is who or what it is declared to be. The most common form of authentication is the use of logon passwords, the weakness of which is the passwords can often be forgotten, stolen or accidentally revealed. The tokens in this category offer more stringent forms of authentication so that users need to have both something (the token) and know something (the PIN or password) to gain access.
    Definition: Software that identifies security attributes within relational databases including logins/accounts, passwords, roles, and privileges. Requisite functionality includes vulnerability assessment, security administration, and enhanced auditing. These products may optionally provide real-time detection and alerting capabilities for unauthorized access or changes to the underlying data base on pre-defined rules.
    Definition: A CA (Certificate Authority) is an organization that issues and manages security credentials and public keys for message encryption and decryption. This is an essential part of a public key infrastructure (PKI) because it manages the process of issuing and verifying the certificates used to grant people and systems access to other systems. These certificates include keys that help to strengthen authentication, privacy and non-repudiation.
    Definition: Encryption is a process through which data is transferred into a form whereby it cannot easily be intercepted and understood by unauthorized persons. Sophisticated computer algorithms are used to encrypt the files, then decrypt them when they are needed.
    Definition: A VPN or Virtual Private Network allows secure communications over the public internet. It saves money in organizations with large mobile workforces or many satellite offices reducing the need to use expensive private telephone networks.
    Definition: These tools offer web services in environments that have been engineered to minimize the number of security holes.
    Definition: ESPI enables security managers to automate each step of security policy management from a central console including creating, editing, approving, publishing, distribution, education, compliance, reporting and maintenance. These tools enforce awareness, assess employee understanding, track incidents and measure compliance, which helps organizations improve management of IT risks without overburdening limited staff.
    Definition: These software packages allow users to get access to multiple computer and applications without learning many different passwords. Single sign-on tools generally do not change the underlying applications, but hide their differences through a layer of software.
    Definition: Web application security is the protection of your web application and its resources from threats coming from the Internet, such as stealing company assets, falsifying buy/sell transactions, getting private customer data and defacing the site. This is done by detecting and/or preventing the hacking techniques applicable to this domain, i.e. those which can be performed in the presence of firewalls and encryption.
    Definition: Tools providing enterprise-wide security administration apply a given security policy across an entire organization, ensuring all users of that enterprise's network will be subjected to the same rights and restrictions. These systems are especially valuable in granting new users access to all appropriate systems and, more importantly, removing users from all systems if they are terminated.
    Definition: Software that simulates the behavior of attackers to learn which of as many as 600 possible weaknesses are present on the system being attacked.
    Definition: Vendors providing managed security services assume a percentage of the security administration tasks for an enterprise's network, allowing administrators to concentrate on other job responsibilities.
    Definition: Because all other security mechanisms rely on the operating system, they can be disabled or circumvented by a successful attack on the o/s. Trusted o/s technology provides the only mechanism to protect the o/s itself from successful attack.
    Definition: These tools check the settings on our systems to determine whether they are consistent with corporate security policies. They are often used by auditors.
    Definition: Consulting organizations that have worked with many organizations have templates with which they can quickly establish for all aspects of computer security from acceptable use to email to extranets to PKI.
  25. ANTI D.D.o.S. TOOLS
    Definition: Anti D.D.o.S. (Distributed Denial of Service) Tools identify baseline network usage and monitor for anomalies indicative of D.D.o.S. attacks. Once an anomaly is reported, the tool attempts to determine if the upsurge in usage is legitimate or the result of an attack and recommends preventative measures.
    Definition: RTSA allows the security manager to see what is happening across the enterprise among multiple vendor security products and sources in near real-time from a central console. RTSA helps reduce the number of personnel whose time must be devoted to monitoring multiple security products and sources.
For White Papers about products in these categories, check the SANS Site at:

For all the Sunbelt Security tools together in one place, click:


NEW: ExRay for Exchange

ExRay for Exchange is a new email health monitoring and reporting solution that helps organizations to prevent email problems, measure email performance and reliability, and improve the productivity of IT staff managing email. ExRay continually tests the availability of all Exchange routes, sends alerts to IT staff about any slow or broken routes, and provides web-based reports about system health, uptime, message delivery times, and Service Level Agreements (SLA's).

Key features include:

  • Monitor all EX routes 24 x 7, including internal/external, EX 5.5/2000, Legacy system/EX system. All email routes are tested for problems to provide peace of mind that critical emails are being delivered. Improves IT productivity. IT spends time on more critical projects.
  • Send alerts to email, pager or cell phone when route is slow or broken. IT knows about problems before end-users, reducing overall downtime because problems are fixed more quickly. Many problems are avoided in "slow" stage before a full-blown problem occurs.
  • Web-based reporting interface. Interface is intuitive, easy to use; reporting can be accessed from multiple locations by multiple IT staff.
  • Exchange Dashboard Screen. Checks status of all key EX routes with one glance. Email admins, help desk staff knows what's happening with email at all times.
  • Service Level Agreement (SLA) Reporting. Measures whether SLA's are being met. Reports to management on performance vs. SLA's.
  • Uptime/Downtime Reporting. Measures system uptime, reliability over time, sets benchmarks, and accurately reports on the performance of your mission critical email system.
  • Route Grouping (internal vs. external; 5.5 vs. 2000; legacy mail vs. EX) and Comparison Reporting. Compares performance across groups of routes. Provides protection in distributed environments, legacy mail systems, and during course of upgrades or migrations.
  • Graphing. Analyzes performance trends over time; create management-level reports.
  • Public Reports. Allows public access to selected reports to reduce help desk calls by keeping end-users, executives and IT managers aware of email system status.
  • Agent-less architecture. Monitoring is independent of email system. Impact of ExRay for EX is the same as 1 ? 2 additional email users at medium usage.
  • Install/setup wizard. Begins monitoring and receiving benefits in 15 minutes. Don't spend time "managing the management tools".
No exterior expertise required. Check it out at:

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Site with a bunch of freebie hacker tools you can use yourself to test your networks as well:

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-Tools
  • Get an email that you think is a hoax or an Internet Urban Legend?

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-Hoaxes
  • Got pets and need to know where you can take them on vacation?

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-Pets
  • Love seeing buildings collapse? Here are the professional demo-guys:

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-Implosions
  • Think FILTERS, not Blacklists. Good article about s~pam:

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-FalsePositives
  • Unfortunately, human beings are easy to fool. Last time I sent you an ad that played tricks on your mind. This time it's a trick with your senses. Look at this picture. The squares marked A and B have the same color!! If you don't believe it, load the picture into a graphic application and check the color values. I did it myself and I still can't believe my eyes:

  • http://www.w2knews.com/rd/rd.cfm?id=021104FA-Senses

    Killer Black Alum Gamer Case

    Pretty cool black alum computer case for a built-it-yourself box. This is one of the nicest cases we have seen in a long time, Super quality in the construction, an absolute steal considering the 420 watt dual fan power supply that comes with it. Lots of expansion room, also comes with 2, 80mm clear case fans in rear. $140.