- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 17, 2003 (Vol. 8, #7 - Issue #413)
Why Layered Security Is A Must
  This issue of W2Knews™ contains:
    • More Additions To Your System Admin Vocabulary [grin]
    • Why Layered Security Is A Must!
    • Protecting Web Servers From Patching Downtime
    • I Have An Interesting IT Survey For You!
    • MS Competitors Now Complain To EU About WinXP
    • MS Reposts Windows NT Patch
    • Security's Future Looks Bright
    • QuotaAdvisor End Of Life Announcement
    • New Radmin V3.0 Coming Soon!
    • Router Management And Security At Its Best
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • BOOK: Web Services Security
Want To Prevent The Next SQL Slammer Worm Hitting You?
A U.K. security firm estimates the economic damage already over
$1 billion. UpdateEXPERT is a powerful service pack and hotfix
manager. You've got to do this to keep your networks secure.
Use UpdateEXPERT as your research, inventory, deployment and
validation tool that enables you to fix security vulnerabilities
and stability problems on your machines. And they TEST the patches
for you too.
Visit UpdateEXPERT for more information.

More Additions To Your System Admin Vocabulary [grin]

The little list in last week's issue turned out to be a hit. Many people sent me their new (or somewhat older) coined words that we need to keep highly confidential. For obvious reasons these terms must be kept within the IT inner-circle. ;-)

  • one-dee-ten-tee. The technical name for a computer problem caused by users without a clue (write it out: 1D10T)
  • PEBKAC (pronounced "peb-kack") = Problem Exists Between Keyboard And Chair, and some variations of it:
  • CKI issue - the problem was with the chair-keyboard interface
  • PICNIC - "Problem In Chair, Not In Computer"
And here are some other IT-inspired new words you might enjoy:
  • Permenary - Permanently temporary
  • Brokearound - A patch or work around that doesn't work
  • Piduction - Pilot project being run on production equipment
  • Administrative Engineer - A manager or director who insists he can engineer a solution or new technology for the business without consulting the actual engineers
Have fun!

Quotes Of The Day:

  • If you woke up breathing, congratulations. You have another chance!
  • Colt: The original point and click interface.
  • When you make a mistake, make amends immediately. It's easier to eat crow while it's still warm.
Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])
  SPONSOR: Double-Take
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. Double-Take is that
tool. Sold more than all other High-Availability tools combined.
It is even certified for W2K Datacenter. No other HA tool is. How
it works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit Double-Take for more information.

Why Layered Security Is A Must!

One of our subscribers sent me this:

"Stu, you always harp about having layered security. Slammer made me very glad that I follow that practice. My router is my first line of defense, and I do not expose my SQL Server ports to the outside world (at least, not normally). Recently we changed ISPs, and so I had to reconfigure my router. During the course of the reconfig, I accidentally left my SQL Server exposed, during the height of the Slammer infection. When I went back and double-checked all of my settings on the router, I discovered my error. I fully expected to find that my SQL Server had been compromised. Imagine my surprise and delight on discovering that it was still humming right along, no sign of infection anywhere. Why? Because I had applied all the needed patches, secured the Admin logon, and done all of the other 'best practices' kinds of things that I knew needed to be done. Moral of the story: Even when you know what you are doing, people make mistakes. Having a layered defense can protect you from yourself. Later, Chris"

Protecting Web Servers From Patching Downtime

And here is one of these tools that will allow you to get another piece of the layered security puzzle in place. This little promo-story was sent in by the developer of SecureIIS:

"With the recent outbreak of the SQL Sapphire/ Slammer worm and the pending danger that the next exploit could be malicious and propagate even faster, web server administrators are looking for ways to address patching while maintaining quality of service and server uptime. Suncor Energy is a perfect example of a company that has opted for "web server insurance" to guard its Microsoft servers from potential attack while the IT team implements patches properly.

"Until recently, Suncor, a world leader in the energy refining marketplace, relied on firewalls and intrusion detection systems as its primary layers of defense in guarding against web-based intrusion. After seeing how fast moving exploits could impact its business, Suncor quickly realized that Microsoft IIS web servers were consistently the weakest network link and therefore a security risk. To overcome the weaknesses of their Microsoft web servers, Suncor required application level protection to confidently safeguard its e-commerce, intranet, extranet, and corporate data assets. "It was a nightmare trying to do everything manually. Knowing that the firewall permitted Port 80 traffic, we had to immediately patch the web servers on a constant basis just to try and stay a step ahead of potential intruders. It was always a concern that we would miss a patch and be exposed," stated Michael Castro of Suncor's IT Security Group.

"Realizing Microsoft IIS was incapable of providing the level of security required, Suncor selected the SecureIIS Web Server Protection product to guard its Microsoft web servers from known and unknown attacks.

"By implementing SecureIIS on its servers, Castro estimates that the Suncor IT security team has realized a 30% savings in working hours that used to be dedicated to web-server related meetings, discussions, patching, and testing. Because SecureIIS protects against all classes of attack, Suncor is no longer rushed into updating their networks without adequately testing patches for potentially adverse affects. SecureIIS has enabled Suncor to feel confident that their Microsoft driven web servers will withstand even sophisticated, fast moving zero day attacks".

OK, so that was a developer promoting their product. Fair enough. But keep in mind that an "application firewall" to protect your web servers actually IS a good idea. And SecureIIS is only $995. Test it at:

I Have An Interesting IT Survey For You!

Readers of W2Knews are technology experts, and in many cases you are early adopters and trend setters as well. In other words, your viewpoints on technology are extremely interesting and valuable. Survey.com and SG Cowen have a survey we'd like you to fill out.

I just did this myself, and it was revealing to see what questions they are asking. Just by seeing what is requested, you see where they are going with this and you can draw your own conclusions. It took me less than 10 minutes to complete. To thank you for completing the survey, you will be entered into a drawing to win a cash prize of $500. But... the more interesting thing is that you will receive a complimentary summary of the results! That will certainly help you become an even greater opinion leader in your own organization.

Spend this little bit of time and you'll see that getting that data in your hot little hands is going to be worth it! (Sorry, this is USA only.) Click here and take the survey?


PS, the data you submit will remain confidential and will not be released, sold, or used in advertising. It will only be used to compile aggregate statistics for a summary report. Neither you nor your company will be identified in any way. So, do me a favor and fill out this survey? Thanks in advance! Stu Sjouwerman



MS Competitors Now Complain To EU About WinXP

So, since they did not get anywhere in the USA, the same computer industry lobby group filed a complaint about Windows XP to the European Commission antitrust department last Tuesday. They stated that important issues are at stake with regard to innovation and competition in the software industry. Who are these companies? They call themselves the Computer and Communications Industry Association (CCIA). Hmmm. I just keep repeating my mantra: "Compete with great products and service. Compete with great products and service. Compete with great products and service". For the story in InfoWorld:

MS Reposts Windows NT Patch

MS posted a fixed version of their flawed security patch that was released late December. That's the one that had been causing NT 4.0 systems to crash. The botched patch was contained in MS Security Bulletin MS02-071, which fixed what Microsoft called an "Important" security vulnerability allowing privilege elevation in Windows NT 4.0, Windows 2000 and Windows XP. There were no reported problems with the separate patches for W2K or XP. More:

Security's Future Looks Bright

Within the next four years, 80 percent of Global 2000 companies will have strategic security programs that include a dedicated budget and designated chief security officer, according to the META Group.

Networks, too, will change, with firewalls and intrusion prevention tools protecting individual servers, applications and databases, rather than just surrounding the perimeter.

"It's the movement from the walled city to individually locked houses," said META information security analyst Chris King during a presentation last week at METAmorphosis 2003, their annual conference and technology showcase in San Diego. A weak or absent security awareness program will be considered a major legal liability, according to the META security gurus.

Security management will fall under three functional areas: user, event and configuration, with user management--such as identity management and provisioning--maturing most rapidly. Security event management aggregation and security configuration consoles won't catch on until 2005, the group predicts.


QuotaAdvisor End Of Life Announcement

At the request of the developer, we'd like to inform you of the following new developments and support changes:

  1. Effective April 1, 2003, Sunbelt Software will discontinue sales of QuotaAdvisor with FileScreen.
  2. StorageCentral SRM 4.1 will be fulfilled on an as-requested basis and no longer included with StorageCentral SRM 5.0 CDs.
  3. StorageCentral SRM 4.1 will be fully supported on Windows NT systems with limited support on Windows 2000 beyond 12-31-2003.
  4. Support for QuotaAdvisor will discontinue on 12-31-2003.
Now until March 31st, 2003, you can upgrade QuotaAdvisor to the full benefits of StorageCentral SRM 5.0 at significant cost savings. Call your Sunbelt Representative or Reseller for the details.

New Radmin V3.0 Coming Soon!

The Sunbelt Remote Administrator tool is going great guns. If you are looking at renewing your maintenance for your existing remote control tool, and your budget is tight, you should really look at Radmin. The cost is ridiculously low compared to tools like pcAnywhere, but this is one powerful remote control product, made especially for administrators.

I can lift a bit of the veil here, and talk about some of the planned features. (of course, this is subject to change and it's not complete either, but quite a few of these features have been already implemented.) Here's how Radmin 3.0 may look. We hope to see it early April but plan on Q2.

  • New video hook driver for Win2000/XP
  • Compatibility with Windows XP multiple user sessions
  • Multiple monitor support
  • Disable keyboard, disable screen, disable mouse options
  • Blank monitor support
  • Back connect feature
  • Capability to bind to the network interfaces
  • Adding DNS and user names to the logfile
  • New NTauth support; new NTauth settings interface
  • 5 bad password sequence anti hacker delay
  • Mouse movements will be visible from Radmin viewer's side
  • Chat mode
  • Voice transfer mode
  • Mouse wheel support
  • Add other modes launch (file transfer, voice, telnet) using cached password
  • Full-screen text mode support
  • Remote install
  • Radmin viewer connection list subfolders, tree view support, drag&drop etc; up to 100,000 items support
  • Rescan computers-opportunity to set default updates/sec value
  • Interface changes
Get your copy now, because prices might go up for V3.0 but if you order before that time, you'll be "grandfathered" in. The Enterprise licenses are a steal. Download eval at:

Router Management And Security At Its Best

Network security is the main focus of every IT manager and security professional. So, why haven't we looked at the importance of the router as a means of first line defense against the devastating network attacks? The router, in its innocence, is helping along the malicious code that comes to your cyber-doorstep every day.

In many cases, the router can be the first point were traffic is being pushed through to your trusted network. The giants of today seem to overlook the importance of stopping the problems before they start. Even though most router companies have proprietary management software that help them configure and manage their routers they do not provide for security or countermeasures against the attacks of today. Now let's talk about a company out of Jupiter, Florida that has taken a good look at management, security and countermeasures and put all these key features and benefits into one software/hardware solution.

Security first. The product by Cyber Operations known as Pro-Defense, is an Anti Terrorism System that prevents DoS/DDoS attacks at the router. The product is designed to use heuristics to analyze and determine normal behavior from abnormal behavior. Unlike other competitive products, Pro-Defense can stop external attacks as well as attacks that have been generated from within your trusted network.

Pro-Defense can alert you in a fraction of a minute and actually identify the source or the actual machine/computer within your network that is generating an attack. If your attack is an external source, Pro-Defense would block or rate limit that IP address if you wish to monitor that particular attacking source from outside your network. This gives the you options as to how to deal with that particular malicious traffic. So now, along with many other features and benefits, your router can stop malicious traffic from coming into your trusted network, the performance of the router will not hamper normal network operations during an attempted attack, and your router is now immune to viruses, worms or Trojans. This is now your first line of defense.

On to countermeasures and management. First, during an attack situation Pro-Defense has the capabilities to deploy countermeasures to the router or routers under attack within seconds. With their on-the-fly rate limiting capabilities and ability to deploy countermeasure policies to any type router (all other products being proprietary to their make and model) an attack can be monitored and/or stopped within seconds.

On to management. Pro-Defense has the capability to merge and de-conflict access control lists that well exceed 75,000 lines. This process can be done, depending on size, within seconds or minutes. It has the capability to work in an automatic or manual mode. There is a hierarchy of protocols in router language that they already incorporated into the management scheme that allows this priority to take place for de-confliction, unlike other competitive products, Pro-Defense will work and deploy across router platforms.

So, this gives us a software/hardware combo that secures your routers at the most crucial points within your network. It can help you deploy countermeasures while under attack within seconds. You can manage, merge, deploy and de-conflict our router access control lists with flexible options like manual or automatic mode all through a central command and control console. Pretty cool. Check out this PDF:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Interesting project at NCSA:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-NCSA
  • Good research about what causes more spam and what cuts it down:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-Research
  • Imagine, after reading this, what one will be able to do when the file system for the OS (based on SQL) allows this type of cataloging and viewing for everything stored on the computer (pdf):

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-Stored
  • Lots of stuff for Windows.NET / 2003 (Whistler, RC1 & RC2):

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-WindowsNET
  • The USA House and Senate decide to NOT monitor citizens' email:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-Monitoring
  • Hackers break into Kevin Mitnick's site. Amusing:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-Mitnick
  • Great entertainment. Fire up and fly the guy with your arrow keys:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-FlyGuy
  • Be very, very careful with these intelligence test answers:

  • http://www.w2knews.com/rd/rd.cfm?id=030217FA-Intelligence

    BOOK: Web Services Security

    Minimize security risks in your system by successfully rolling out secure Web Services with help from this exceptional guide. Web Services Security covers everything network security professionals need to know, including details on Web Services architecture, SOAP, UDDI, WSDL, XML Signature, XML Encryption, SAML, XACML, XKMS, and more. You'll also get implementation techniques as well as case studies featuring global service-provision initiatives. Does a good job of covering a fast changing area, and features just about everything relevant to it's subject. Material is explained well, and the authors do a good job of putting things in context and not getting too hung up on any particular vendor or technology.