Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 4, 2002 (Vol. 7, #69 - Issue #400)
Security Tool Definitions
This issue of W2Knews contains:
- EDITORS CORNER
- Microsoft Is Not Alone In The Patch World
- TECH BRIEFING
- Interview With A SysAdmin Colleague
- NT/2000 RELATED NEWS
- MS Asks for W2K SP4 Beta Testers
- Security Tool Definitions
- NT/2000 THIRD PARTY NEWS
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Killer Black Alum Gamer Case
Fast. Easy. Painless. With Altiris Migration Suite, you will
experience a simplified migration to Windows 2000 or XP. The
Migration Suite provides pre-migration hardware and software
assessment, OS deployment, software installation, personality
restoration, and post-migration reporting in a single tool.
Download a free 30-day evaluation of Network Magazine's 2002
"Product of the Year" for Systems and Desktop Management today.
Visit Altiris for more information.
Microsoft Is Not Alone In The Patch World
This is issue #400, so we decided to dress it up in Halloween style
for this festive occasion, and send it one day earlier than normal.
The main part will be the definitions of security products you
asked for. And as a comment on the constant patching problems,
some one wrote me this:
"I work with PeopleSoft HRMS enterprise software and am in the
process of upgrading from version 7.51 to 8.3. They have released
82 patches that are listed as "Required for Upgrade" since the
release in December 2001 of their upgrade software. To upgrade
from 7.51 to version 8 SP1 they have issued 156 patches from
February 2001 to date. Microsoft is not alone in this patch world."
Quote of the Day:
IRS: We've got what it takes to take what you've got.
(email me with feedback: [email protected])
Your #2 headache is High Availability. It's your job to keep
mission critical data available for your users. Double-Take is
the World's Number One tool for data replication and disaster
recovery. Verified for all W2K Platforms. How it works? "Server
A dies, Server B takes over transparently". Your users won't even
know there was downtime. Double-Take outsells all other solutions
for W2K combined. It's time you check it out too. This is the
ultimate job security tool:
Visit Double-Take for more information.
Interview With A SysAdmin Colleague
- What does your company Capture Resource do?
We are a leading provider of integrated image and data capture
services. We run a 24/6 work schedule for now, and are adding a
second facility within the month.
- Sean, what are your own job specs?
I am VP of IT. All systems issues, changes, etc., go through me
for approval and installation.
- How do you guys keep your own networks protected?
We use several utilities, mostly provided by Sunbelt Software.
- IRIS 4.0
- Secure IIS 2.0
- Security Explorer
- Service Explorer
- UltraAdmin 3.0
- PasswordBouncer 2.0
- Ultrabac 7.x
- Sonicadmin 2.5
Which security problems do you generally find when you work with your customers?
These are the common ones:
- Password control and policy
- IDS software in place
- Internet connectivity
- Dial-in capabilities
What would you recommend to your fellow W2Knews subscribers to keep their networks safe?
I would recommend that they visit the site daily for additional
software that is added or updated, or whatever, because the 'Best
of the Breed' slogan is not just a slogan, but words to live by.
I was skeptical at first too, but after Fred [Editor's note: Fred
is a Sunbelt sales rep] got the first sale to me (Retina), it has
been a downhill ride ever since.
Although we have installed software from other distributors, these
were products that target very specific areas, which is not what
your company is about. Apart from those specific ones, we have
relied 100% on the legwork of your staff to provide us with the
latest, greatest, and 'Best of Breed' software solutions to fill
those security audits with nothing but good, solid answers, so we
can keep our networks safe, and running 24/7.
- Secure IIS 2.0 (if you IIS for anything!)
NT/2000 RELATED NEWS
MS Asks for W2K SP4 Beta Testers
"The Windows Sustained Engineering team is currently taking
nominations for the Windows 2000 Service Pack 4 (SP4) beta program.
Our goal is to have a well targeted group of testers willing to
actively participate and provide useful feedback to our development
team throughout the beta program. Would you like the opportunity
to make your feedback visible in the next service pack and, to
help improve Windows 2000 SP4?" Check here:
Security Tool Definitions
Hundreds of you asked me about the definitions of the security
software categories I mentioned in the last issue. First off, I
need to tell you I got these from an email that I received from
SANS. I have been a real proponent of SANS since 1998 when I
first heard of them. Go to W2Knews and type SANS in the search
They are a GREAT organization and I recommend them strongly for
all your security training needs. SANS also recently came out
with a cool poster of security tools and which vendors have white
papers. The definitions that I'm giving you here are off that
poster, with grateful acknowledgement to SANS. You should check
them out here:
So here are the definitions. Study them well.
For White Papers about products in these categories, check the
SANS Site at:
- ACTIVE CONTENT MONITORING/FILTERING
Definition: Once connected to the Internet an individual undertakes
a degree of risk from computer viruses, malicious Java or ActiveX,
and more. Tools that perform active content monitoring examine
material entering a computer/network for potentially damaging
content, cross-referencing what they scan with continuously updated
definition libraries. The impact of allowing malicious content to
enter a networked unchallenged can vary form suffering mild
annoyances to extended network downtime and loss of stored material.
Definition: Authentication asks the question of "Who are you?"
whereas Authorization addresses the question of "Are you allowed
to do that?" Policy-based authorization servers allow applications,
usually web servers, an ability to centralize authentication and
authorization tasks. A Security Manager defines authentication
methods (e.g. passwords) users and access controls. Each time a
user wishes to access a resource the application queries the
authorization server which refers to the policies and the rules
to answer the query.
Definition: A firewall is a system or group of systems that
enforces an access control policy between two networks.
- INTRUSION DETECTION ? HOST BASED
Definition: A host-based intrusion detection system is software
that monitors a system or applications log files. It responds
with an alarm or a countermeasure when a user attempts to gain
access to unauthorized data, files or services.
- RISK ASSESSMENT
Definition: Risk is a combination of the likelihood that an
incident will occur and the damage that will result. Risk
Assessment provides an understanding and analysis of these two
factors using processes and tools. Organizations usually face
an insurmountable number of potential vulnerabilities. Risk
Management determines which risks should be accepted, assigned
or avoided (mitigated).
- SECURITY APPLIANCES
Definition: These hardware/software combinations offer firewall
and sometimes other services such as network load management in
a single purpose offering. Because they have very limited operating
system function, they are generally easier to manage, cheaper,
and less subject to common hacker attacks than firewalls installed
on general purpose UNIX or Windows NT computers.
- SECURITY SERVICES: PENETRATION TESTING
Definition: Consulting organizations simulate real-word hacking
and social engineering attacks on an enterprises' network and
systems to determine where weaknesses lie, and offer advice on
how those weaknesses may be addressed in order to beef-up
- NETWORK AUTHENTICATION
Definition: These tools take several approaches to improving the
ability of your systems to differentiate between people who
should and should not have access.
- INTRUSION DETECTION ? NETWORK BASED
Definition: A network-based intrusion detection system monitors
network traffic and responds with an alarm when it identifies
a traffic pattern that it deems to be either a scanning attempt
or a denial of service or other attack. It is quite useful in
demonstrating that "bad guys" are actually trying to get into
Definition: Authentication is the process of determining whether
something or someone is who or what it is declared to be. The
most common form of authentication is the use of logon passwords,
the weakness of which is the passwords can often be forgotten,
stolen or accidentally revealed. The tokens in this category
offer more stringent forms of authentication so that users need
to have both something (the token) and know something (the PIN
or password) to gain access.
- DATABASE SECURITY
Definition: Software that identifies security attributes within
relational databases including logins/accounts, passwords,
roles, and privileges. Requisite functionality includes
vulnerability assessment, security administration, and enhanced
auditing. These products may optionally provide real-time detection
and alerting capabilities for unauthorized access or changes to
the underlying data base on pre-defined rules.
- CERTIFICATE AUTHORITY
Definition: A CA (Certificate Authority) is an organization that
issues and manages security credentials and public keys for message
encryption and decryption. This is an essential part of a public
key infrastructure (PKI) because it manages the process of issuing
and verifying the certificates used to grant people and systems
access to other systems. These certificates include keys that
help to strengthen authentication, privacy and non-repudiation.
- FILE & SESSION ENCRYPTION
Definition: Encryption is a process through which data is transferred into a form whereby it cannot easily be intercepted and understood by unauthorized persons. Sophisticated computer algorithms are used to encrypt the files, then decrypt them when they are needed.
- VPNs & CRYPTOGRAPHIC COMMUNICATIONS
Definition: A VPN or Virtual Private Network allows secure communications over the public internet. It saves money in organizations with large mobile workforces or many satellite offices reducing the need to use expensive private telephone networks.
- SECURE WEB SERVERS
Definition: These tools offer web services in environments that
have been engineered to minimize the number of security holes.
- ENTERPRISE SECURITY POLICY IMPLEMENTATION
Definition: ESPI enables security managers to automate each step
of security policy management from a central console including
creating, editing, approving, publishing, distribution, education,
compliance, reporting and maintenance. These tools enforce awareness, assess employee understanding, track incidents and measure compliance, which helps organizations improve management of IT risks without overburdening limited staff.
- SINGLE SIGN-ON
Definition: These software packages allow users to get access to
multiple computer and applications without learning many different
passwords. Single sign-on tools generally do not change the underlying applications, but hide their differences through a layer of software.
- WEB APPLICATION SECURITY
Definition: Web application security is the protection of your
web application and its resources from threats coming from the
Internet, such as stealing company assets, falsifying buy/sell
transactions, getting private customer data and defacing the site.
This is done by detecting and/or preventing the hacking techniques
applicable to this domain, i.e. those which can be performed in
the presence of firewalls and encryption.
- ENTERPRISE SECURITY ADMINISTRATION
Definition: Tools providing enterprise-wide security administration
apply a given security policy across an entire organization,
ensuring all users of that enterprise's network will be subjected
to the same rights and restrictions. These systems are especially
valuable in granting new users access to all appropriate systems
and, more importantly, removing users from all systems if they
- VULNERABILITY SCANNERS ? NETWORK BASED
Definition: Software that simulates the behavior of attackers to
learn which of as many as 600 possible weaknesses are present on
the system being attacked.
- MANAGED SECURITY SERVICES
Definition: Vendors providing managed security services assume
a percentage of the security administration tasks for an enterprise's network, allowing administrators to concentrate on other job responsibilities.
- TRUSTED OPERATING SYSTEMS
Definition: Because all other security mechanisms rely on the
operating system, they can be disabled or circumvented by a
successful attack on the o/s. Trusted o/s technology provides
the only mechanism to protect the o/s itself from successful
- VULNERABILITY SCANNERS ? HOST BASED
Definition: These tools check the settings on our systems to
determine whether they are consistent with corporate security
policies. They are often used by auditors.
- SECURITY SERVICES: POLICY DEVELOPMENT
Definition: Consulting organizations that have worked with many
organizations have templates with which they can quickly establish
for all aspects of computer security from acceptable use to email
to extranets to PKI.
- ANTI D.D.o.S. TOOLS
Definition: Anti D.D.o.S. (Distributed Denial of Service) Tools
identify baseline network usage and monitor for anomalies
indicative of D.D.o.S. attacks. Once an anomaly is reported, the
tool attempts to determine if the upsurge in usage is legitimate
or the result of an attack and recommends preventative measures.
- REAL-TIME SECURITY AWARENESS/INCIDENT RESPONSE
Definition: RTSA allows the security manager to see what is
happening across the enterprise among multiple vendor security
products and sources in near real-time from a central console.
RTSA helps reduce the number of personnel whose time must be
devoted to monitoring multiple security products and sources.
For all the Sunbelt Security tools together in one place, click:
THIRD PARTY NEWS
NEW: ExRay for Exchange
ExRay for Exchange is a new email health monitoring and reporting
solution that helps organizations to prevent email problems,
measure email performance and reliability, and improve the
productivity of IT staff managing email. ExRay continually tests
the availability of all Exchange routes, sends alerts to IT staff
about any slow or broken routes, and provides web-based reports
about system health, uptime, message delivery times, and Service
Level Agreements (SLA's).
Key features include:
No exterior expertise required. Check it out at:
- Monitor all EX routes 24 x 7, including internal/external,
EX 5.5/2000, Legacy system/EX system. All email routes are tested
for problems to provide peace of mind that critical emails are
being delivered. Improves IT productivity. IT spends time on more
- Send alerts to email, pager or cell phone when route is slow or
broken. IT knows about problems before end-users, reducing overall
downtime because problems are fixed more quickly. Many problems
are avoided in "slow" stage before a full-blown problem occurs.
- Web-based reporting interface. Interface is intuitive, easy to
use; reporting can be accessed from multiple locations by multiple
- Exchange Dashboard Screen. Checks status of all key EX routes
with one glance. Email admins, help desk staff knows what's
happening with email at all times.
- Service Level Agreement (SLA) Reporting. Measures whether SLA's
are being met. Reports to management on performance vs. SLA's.
- Uptime/Downtime Reporting. Measures system uptime, reliability
over time, sets benchmarks, and accurately reports on the performance of your mission critical email system.
- Route Grouping (internal vs. external; 5.5 vs. 2000; legacy
mail vs. EX) and Comparison Reporting. Compares performance
across groups of routes. Provides protection in distributed
environments, legacy mail systems, and during course of upgrades
- Graphing. Analyzes performance trends over time; create
- Public Reports. Allows public access to selected reports to
reduce help desk calls by keeping end-users, executives and IT
managers aware of email system status.
- Agent-less architecture. Monitoring is independent of email
system. Impact of ExRay for EX is the same as 1 ? 2 additional
email users at medium usage.
- Install/setup wizard. Begins monitoring and receiving benefits
in 15 minutes. Don't spend time "managing the management tools".
This Week's Links We Like. Tips, Hints And Fun Stuff
Site with a bunch of freebie hacker tools you can use yourself to
test your networks as well:
Get an email that you think is a hoax or an Internet Urban Legend?
Got pets and need to know where you can take them on vacation?
Love seeing buildings collapse? Here are the professional
Think FILTERS, not Blacklists. Good article about s~pam:
Unfortunately, human beings are easy to fool. Last time I sent you
an ad that played tricks on your mind. This time it's a trick with
your senses. Look at this picture. The squares marked A and B have
the same color!! If you don't believe it, load the picture into a
graphic application and check the color values. I did it myself
and I still can't believe my eyes:
PRODUCT OF THE WEEK
Killer Black Alum Gamer Case
Pretty cool black alum computer case for a built-it-yourself box.
This is one of the nicest cases we have seen in a long time, Super
quality in the construction, an absolute steal considering the 420
watt dual fan power supply that comes with it. Lots of expansion
room, also comes with 2, 80mm clear case fans in rear. $140.