Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 17, 2003 (Vol. 8, #7 - Issue #413)
Why Layered Security Is A Must
This issue of W2Knews contains:
- EDITORS CORNER
- More Additions To Your System Admin Vocabulary [grin]
- TECH BRIEFING
- Why Layered Security Is A Must!
- Protecting Web Servers From Patching Downtime
- I Have An Interesting IT Survey For You!
- NT/2000 RELATED NEWS
- MS Competitors Now Complain To EU About WinXP
- MS Reposts Windows NT Patch
- Security's Future Looks Bright
- NT/2000 THIRD PARTY NEWS
- QuotaAdvisor End Of Life Announcement
- New Radmin V3.0 Coming Soon!
- Router Management And Security At Its Best
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- BOOK: Web Services Security
Want To Prevent The Next SQL Slammer Worm Hitting You?
A U.K. security firm estimates the economic damage already over
$1 billion. UpdateEXPERT is a powerful service pack and hotfix
manager. You've got to do this to keep your networks secure.
Use UpdateEXPERT as your research, inventory, deployment and
validation tool that enables you to fix security vulnerabilities
and stability problems on your machines. And they TEST the patches
for you too.
Visit UpdateEXPERT for more information.
More Additions To Your System Admin Vocabulary [grin]
The little list in last week's issue turned out to be a hit. Many
people sent me their new (or somewhat older) coined words that we
need to keep highly confidential. For obvious reasons these terms
must be kept within the IT inner-circle. ;-)
And here are some other IT-inspired new words you might enjoy:
- one-dee-ten-tee. The technical name for a computer problem caused by users without a clue (write it out: 1D10T)
- PEBKAC (pronounced "peb-kack") = Problem Exists Between Keyboard And Chair, and some variations of it:
- CKI issue - the problem was with the chair-keyboard interface
- PICNIC - "Problem In Chair, Not In Computer"
- Permenary - Permanently temporary
- Brokearound - A patch or work around that doesn't work
- Piduction - Pilot project being run on production equipment
- Administrative Engineer - A manager or director who insists he can engineer a solution or new technology for the business without consulting the actual engineers
Quotes Of The Day:
- If you woke up breathing, congratulations. You have another chance!
- Colt: The original point and click interface.
- When you make a mistake, make amends immediately. It's easier to eat crow while it's still warm.
(email me with feedback: [email protected])
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. Double-Take is that
tool. Sold more than all other High-Availability tools combined.
It is even certified for W2K Datacenter. No other HA tool is. How
it works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit Double-Take for more information.
Why Layered Security Is A Must!
One of our subscribers sent me this:
"Stu, you always harp about having layered security. Slammer made
me very glad that I follow that practice. My router is my first
line of defense, and I do not expose my SQL Server ports to the
outside world (at least, not normally). Recently we changed ISPs,
and so I had to reconfigure my router. During the course of the
reconfig, I accidentally left my SQL Server exposed, during the
height of the Slammer infection. When I went back and double-checked all of my settings on the router, I discovered my error. I fully expected to find that my SQL Server had been compromised. Imagine my surprise and delight on discovering that it was still humming right along, no sign of infection anywhere. Why? Because I had applied all the needed patches, secured the Admin logon,
and done all of the other 'best practices' kinds of things that
I knew needed to be done. Moral of the story: Even when you know
what you are doing, people make mistakes. Having a layered defense
can protect you from yourself. Later, Chris"
Protecting Web Servers From Patching Downtime
And here is one of these tools that will allow you to get another
piece of the layered security puzzle in place. This little promo-story was sent in by the developer of SecureIIS:
"With the recent outbreak of the SQL Sapphire/ Slammer worm and
the pending danger that the next exploit could be malicious and
propagate even faster, web server administrators are looking for
ways to address patching while maintaining quality of service and
server uptime. Suncor Energy is a perfect example of a company
that has opted for "web server insurance" to guard its Microsoft
servers from potential attack while the IT team implements patches
"Until recently, Suncor, a world leader in the energy refining
marketplace, relied on firewalls and intrusion detection systems
as its primary layers of defense in guarding against web-based
intrusion. After seeing how fast moving exploits could impact
its business, Suncor quickly realized that Microsoft IIS web
servers were consistently the weakest network link and therefore
a security risk. To overcome the weaknesses of their Microsoft
web servers, Suncor required application level protection to
confidently safeguard its e-commerce, intranet, extranet, and
corporate data assets. "It was a nightmare trying to do everything
manually. Knowing that the firewall permitted Port 80 traffic,
we had to immediately patch the web servers on a constant basis
just to try and stay a step ahead of potential intruders. It
was always a concern that we would miss a patch and be exposed,"
stated Michael Castro of Suncor's IT Security Group.
"Realizing Microsoft IIS was incapable of providing the level
of security required, Suncor selected the SecureIIS Web Server
Protection product to guard its Microsoft web servers from known
and unknown attacks.
"By implementing SecureIIS on its servers, Castro estimates that
the Suncor IT security team has realized a 30% savings in working
hours that used to be dedicated to web-server related meetings,
discussions, patching, and testing. Because SecureIIS protects
against all classes of attack, Suncor is no longer rushed into
updating their networks without adequately testing patches for
potentially adverse affects. SecureIIS has enabled Suncor to feel
confident that their Microsoft driven web servers will withstand
even sophisticated, fast moving zero day attacks".
OK, so that was a developer promoting their product. Fair enough.
But keep in mind that an "application firewall" to protect your
web servers actually IS a good idea. And SecureIIS is only $995.
Test it at:
I Have An Interesting IT Survey For You!
Readers of W2Knews are technology experts, and in many cases
you are early adopters and trend setters as well. In other words,
your viewpoints on technology are extremely interesting and
valuable. Survey.com and SG Cowen have a survey we'd like you
to fill out.
I just did this myself, and it was revealing to see what questions
they are asking. Just by seeing what is requested, you see where
they are going with this and you can draw your own conclusions.
It took me less than 10 minutes to complete. To thank you for
completing the survey, you will be entered into a drawing to win
a cash prize of $500. But... the more interesting thing is that
you will receive a complimentary summary of the results! That
will certainly help you become an even greater opinion leader
in your own organization.
Spend this little bit of time and you'll see that getting that
data in your hot little hands is going to be worth it! (Sorry,
USA only.) Click here and take the survey?
PS, the data you submit will remain confidential and will not be
released, sold, or used in advertising. It will only be used to
compile aggregate statistics for a summary report. Neither you
nor your company will be identified in any way. So, do me a favor
and fill out this survey? Thanks in advance! Stu Sjouwerman
NT/2000 RELATED NEWS
MS Competitors Now Complain To EU About WinXP
So, since they did not get anywhere in the USA, the same computer
industry lobby group filed a complaint about Windows XP to the
European Commission antitrust department last Tuesday. They stated
that important issues are at stake with regard to innovation and
competition in the software industry. Who are these companies?
They call themselves the Computer and Communications Industry
Association (CCIA). Hmmm. I just keep repeating my mantra:
"Compete with great products and service. Compete with great
products and service. Compete with great products and service".
For the story in InfoWorld:
MS Reposts Windows NT Patch
MS posted a fixed version of their flawed security patch that
was released late December. That's the one that had been causing
NT 4.0 systems to crash. The botched patch was contained in MS
Security Bulletin MS02-071, which fixed what Microsoft called
an "Important" security vulnerability allowing privilege elevation
in Windows NT 4.0, Windows 2000 and Windows XP. There were no
reported problems with the separate patches for W2K or XP. More:
Security's Future Looks Bright
Within the next four years, 80 percent of Global 2000 companies
will have strategic security programs that include a dedicated
budget and designated chief security officer, according to the
Networks, too, will change, with firewalls and intrusion prevention
tools protecting individual servers, applications and databases,
rather than just surrounding the perimeter.
"It's the movement from the walled city to individually locked
houses," said META information security analyst Chris King during
a presentation last week at METAmorphosis 2003, their annual
conference and technology showcase in San Diego. A weak or absent
security awareness program will be considered a major legal
liability, according to the META security gurus.
Security management will fall under three functional areas: user,
event and configuration, with user management--such as identity
management and provisioning--maturing most rapidly. Security event
management aggregation and security configuration consoles won't
catch on until 2005, the group predicts.
THIRD PARTY NEWS
QuotaAdvisor End Of Life Announcement
At the request of the developer, we'd like to inform you of the
following new developments and support changes:
Now until March 31st, 2003, you can upgrade QuotaAdvisor to the
full benefits of StorageCentral SRM 5.0 at significant cost
savings. Call your Sunbelt Representative or Reseller for the
- Effective April 1, 2003, Sunbelt Software will discontinue
sales of QuotaAdvisor with FileScreen.
- StorageCentral SRM 4.1 will be fulfilled on an as-requested
basis and no longer included with StorageCentral SRM 5.0 CDs.
- StorageCentral SRM 4.1 will be fully supported on Windows NT
systems with limited support on Windows 2000 beyond 12-31-2003.
- Support for QuotaAdvisor will discontinue on 12-31-2003.
New Radmin V3.0 Coming Soon!
The Sunbelt Remote Administrator tool is going great guns. If
you are looking at renewing your maintenance for your existing
remote control tool, and your budget is tight, you should really
look at Radmin. The cost is ridiculously low compared to tools
like pcAnywhere, but this is one powerful remote control product,
made especially for administrators.
I can lift a bit of the veil here, and talk about some of the
planned features. (of course, this is subject to change and
it's not complete either, but quite a few of these features have
been already implemented.) Here's how Radmin 3.0 may look. We
hope to see it early April but plan on Q2.
Get your copy now, because prices might go up for V3.0 but if
you order before that time, you'll be "grandfathered" in. The
Enterprise licenses are a steal. Download eval at:
- New video hook driver for Win2000/XP
- Compatibility with Windows XP multiple user sessions
- Multiple monitor support
- Disable keyboard, disable screen, disable mouse options
- Blank monitor support
- Back connect feature
- Capability to bind to the network interfaces
- Adding DNS and user names to the logfile
- New NTauth support; new NTauth settings interface
- 5 bad password sequence anti hacker delay
- Mouse movements will be visible from Radmin viewer's side
- Chat mode
- Voice transfer mode
- Mouse wheel support
- Add other modes launch (file transfer, voice, telnet) using cached password
- Full-screen text mode support
- Remote install
- Radmin viewer connection list subfolders, tree view support, drag&drop etc; up to 100,000 items support
- Rescan computers-opportunity to set default updates/sec value
- Interface changes
Router Management And Security At Its Best
Network security is the main focus of every IT manager and security
professional. So, why haven't we looked at the importance of the
router as a means of first line defense against the devastating
network attacks? The router, in its innocence, is helping along
the malicious code that comes to your cyber-doorstep every day.
In many cases, the router can be the first point were traffic is
being pushed through to your trusted network. The giants of today
seem to overlook the importance of stopping the problems before
they start. Even though most router companies have proprietary
management software that help them configure and manage their
routers they do not provide for security or countermeasures against
the attacks of today. Now let's talk about a company out of Jupiter,
Florida that has taken a good look at management, security and
countermeasures and put all these key features and benefits into
one software/hardware solution.
Security first. The product by Cyber Operations known as Pro-Defense, is an Anti Terrorism System that prevents DoS/DDoS attacks at the router. The product is designed to use heuristics to analyze and determine normal behavior from abnormal behavior. Unlike other competitive products, Pro-Defense can stop external attacks as well as attacks that have been generated from within your trusted network.
Pro-Defense can alert you in a fraction of a minute and actually
identify the source or the actual machine/computer within your
network that is generating an attack. If your attack is an external
source, Pro-Defense would block or rate limit that IP address if
you wish to monitor that particular attacking source from outside
your network. This gives the you options as to how to deal with
that particular malicious traffic. So now, along with many other
features and benefits, your router can stop malicious traffic from
coming into your trusted network, the performance of the router
will not hamper normal network operations during an attempted attack,
and your router is now immune to viruses, worms or Trojans. This
is now your first line of defense.
On to countermeasures and management. First, during an attack
situation Pro-Defense has the capabilities to deploy countermeasures to the router or routers under attack within seconds. With their on-the-fly rate limiting capabilities and ability to deploy countermeasure policies to any type router (all other products being proprietary to their make and model) an attack
can be monitored and/or stopped within seconds.
On to management. Pro-Defense has the capability to merge and de-conflict access control lists that well exceed 75,000 lines. This
process can be done, depending on size, within seconds or minutes.
It has the capability to work in an automatic or manual mode.
There is a hierarchy of protocols in router language that they
already incorporated into the management scheme that allows this
priority to take place for de-confliction, unlike other competitive
products, Pro-Defense will work and deploy across router platforms.
So, this gives us a software/hardware combo that secures your
routers at the most crucial points within your network. It can
help you deploy countermeasures while under attack within seconds.
You can manage, merge, deploy and de-conflict our router access
control lists with flexible options like manual or automatic mode
all through a central command and control console. Pretty cool.
Check out this PDF:
This Week's Links We Like. Tips, Hints And Fun Stuff
Interesting project at NCSA:
Good research about what causes more spam and what cuts it down:
Imagine, after reading this, what one will be able to do when the
file system for the OS (based on SQL) allows this type of cataloging and viewing for everything stored on the computer (pdf):
Lots of stuff for Windows.NET / 2003 (Whistler, RC1 & RC2):
The USA House and Senate decide to NOT monitor citizens' email:
Hackers break into Kevin Mitnick's site. Amusing:
Great entertainment. Fire up and fly the guy with your arrow keys:
Be very, very careful with these intelligence test answers:
PRODUCT OF THE WEEK
BOOK: Web Services Security
Minimize security risks in your system by successfully rolling out
secure Web Services with help from this exceptional guide. Web
Services Security covers everything network security professionals
need to know, including details on Web Services architecture, SOAP,
UDDI, WSDL, XML Signature, XML Encryption, SAML, XACML, XKMS, and
more. You'll also get implementation techniques as well as case
studies featuring global service-provision initiatives. Does a
good job of covering a fast changing area, and features just about
everything relevant to it's subject. Material is explained well,
and the authors do a good job of putting things in context and
not getting too hung up on any particular vendor or technology.