- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Aug 18, 2003 (Vol. 8, #33 - Issue #439)
What's New in Win2003: Part 3
  This issue of W2Knews™ contains:
    • What's New in Win2003: Part 3
    • Blaster Worm Update and Fixes
    • Windows Server 2003 Tip: Find Out What Process is Using a Port
    • Server 2003's Software Restriction Policies: Another Weapon for your Defense Arsenal
    • Are Businesses Dumping Linux Web Servers for Windows Server 2003?
    • Will Microsoft's New Security Exams Revive Interest in Certification?
    • Server Security: Optional or By Default?
    • Scanning for Security
    • NT to 2003 Migration: You Don't Have to Go it Alone
    • Keeping Tabs on your Network when You're on the Road
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • PestPatrol
  SPONSOR: ScriptLogic
Cut Your Help Desk Support Calls by 50%
"Every once in a while a product comes along that just seems to get
the pieces right, providing both simplicity and power. ScriptLogic
fits the bill on both counts." - MCP Magazine
  • Logon, logoff and shutdown scripting
  • Install/update software packages
  • Create Outlook mail profiles
  • Create/remove shortcuts
  • Enforce security policies
    ... And Much More
  • Fully functional 45 day DOWNLOAD
    Caffeine-free Desktop Administration T-shirt offer is available to US residents only.
    Visit ScriptLogic for more information.

    What's New in Win2003: Part 3

    This marks our third issue re Windows 2003. Lots to cover but most specifically nasty worms and security patches. So get your systems patched if you haven't already!

    QUOTE OF THE DAY: "Competition is a by-product of productive work, not its goal. A creative man is motivated by the desire to achieve, not by the desire to beat others." - Ayn Rand (1905-1982)

    Warm regards,
    Stu Sjouwerman
    (email me with feedback: [email protected])

      SPONSOR: Double-Take
    New surveys show: Disaster Recovery and Security are #1 priority!
    This means you have to have a tested plan and reliable tools in place
    for the moment your site goes down. DOUBLE-TAKE is that tool. Sold
    more than all other High-Availability tools combined. It is even certified
    for W2K Datacenter. No other HA tool is. How it works? "Server A goes
    down--Server B takes over". Get the eval copy here, this is your ultimate
    Visit Double-Take for more information.

    Blaster Worm Update and Fixes

    Unless you've been completely out of the loop for the last week, you're probably already aware that the Blaster worm is wrecking havoc on corporate networks and end user systems all over the world. It's a real shame, because this was preventable; the worm came as a surprise to nobody who pays any attention at all to Microsoft security issues. Microsoft even issued a patch for it that we reported in the Aug 4th edition of W2Knews (/?id=437). We said:

    "...This is not a drill. You must, without a doubt, immediately install this security patch..."

    How does the worm attack a network? An infected machine scans network address blocks searching for machines that accept incoming connection requests to TCP 135. If the machine accepts the connection, the worm payload is delivered. Of course, no one allows inbound TCP 135 inbound from the Internet unless they're using an ISA Server 2000 firewall, which completely protects your network from external attack by this exploit:

    The problem is that users who connect their laptops directly to the Internet can be infected if they don't use a personal firewall. Even worse, VPN users connecting from their laptops that are also directly connected to the Internet, or home based workers on unsecure home LANs can also poison the well. These hosts infect other hosts on the corporate network after they connect to the internal network and are not subjected to firewall policy.

    You MUST patch your systems now. This is not an optional patch, or one of those patches you install only if you think it'll fix a problem you have. This patch fixes a problem that everyone who runs Windows NT 4.0, Windows 2000, Windows XP or Windows Server 2003 has. For more details on the worm and Microsoft's recommendations for fixes, check out:

    We also highly recommend that you check out eEye's analysis and recommendations. They have released a free vulnerability scanner that you can download and scan your network for vulnerable hosts. Find the info you need here:

    Windows Server 2003 Tip: Find Out What Process is Using a Port

    We see a lot of questions from readers who want to know what process is using a particular port on a server or firewall. You can use third party shareware and freeware solutions to find out, but Windows Server 2003 includes the -o switch in the netstat command that allows you to figure out the answers without installing any extra software:

    • Open a command prompt, type the following command: Netstat -nao
    • You'll see a list of local addresses and ports. If you see a local address of, that means that port is listening on all addresses on all interfaces. Find the TCP or UDP port number you're curious about. Then go to the end of that line and check the value in the PID column. This is the process ID of the application or service using the port.
    • Press CTRL+SHIFT+ESC to bring up the Task Manager. Click the Processes tab. Click the View menu and then click the Select Columns command.
    • Put a checkmark in the PID checkbox and click OK. Click the PID column header to sort the entries by PID. Match up the PID that you discovered using the netstat command with the process owning the PID.
    Now you can easily find out which process is responsible for using a port.
      NT/2000 RELATED NEWS

    Server 2003's Software Restriction Policies: Another Weapon for your Defense Arsenal

    Microsoft's initiative to make their operating systems more secure has resulted in a number of new features. Software restriction policies, a new Group Policy feature, was first introduced in Windows XP and reaches its greater potential in Server 2003, giving admins the ability to control what software can be run on a computer, identifying programs by hash, certificate, file path or Internet zone. You can set the default policy either to define specific programs that are to be allowed to run, or to define specific programs (or file types) that are disallowed. This is done by setting a default rule to either Unrestricted or Disallowed, and then creating rules that define the exceptions to the default.

    This new features gives you one more way to combat viruses, control the running of scripts and ActiveX controls, and otherwise lock down both servers and workstations to the degree that's appropriate for your organization.

    Are Businesses Dumping Linux Web Servers for Windows Server 2003?

    Despite Microsoft's "monopoly" status when it comes to desktop operating systems, IIS has long played second fiddle to the Apache/Linux combination - at least in part due to the much lower cost of the latter. No one would call Windows Server 2003 cheap, but ZDNet recently published figures showing that Microsoft's new OS has been giving Linux a run for its money when it comes to web services. According to Netcraft's server usage monitoring, there has been a 300 percent increase in the number of sites hosted on Server 2003 over a recent three month period, and surveys indicate many of the migrations to Microsoft's new OS are coming from former Linux sites.

    Microsoft still has a very long way to go before it catches up - Apache still runs on over 13 million sites as opposed to under 5 million running on IIS - but hey, Internet Explorer came from behind, too.

    Will Microsoft's New Security Exams Revive Interest in Certification?

    We noticed that a lot of Windows NT 4.0 MCPs and MCSEs didn't bother to get certified in Windows 2000. There were undoubtedly a lot of reasons for that: the downtown in the tech industry meant that no longer could a "rookie" networker with a shiny new cert go out and get a $50K job without experience. And a lot of experienced admins just plain didn't have the time (or the need) to study and take a long series of exams to prove their worthiness.

    As the Microsoft and other vendor specific certificates lost some ground in popularity, though, the "hot" certs became those related to security, from the entry level CompTIA Security+ exam to the prestigious CISSP. This summer, Microsoft introduced their security specialization track for the Windows 2000 MCSE, and plan to do the same for the Windows Server 2003 MCSE. A new exam, 70-299 ("Implementing and Administering Security in a Windows 2003 Network) is in the works for the latter track. And you don't have to go all the way to MCSE to become an MS certified security specialist; there is also a security specialization track for the MCSA.

    Since security is the number one buzzword in IT these days, will this new focus revive interest in the Microsoft certifications? Certainly those in the certification industry (vendors of study guides, practice exams and training classes) hope so:

    Server Security: Optional or By Default?

    A big criticism of NT and Windows 2000 was the fact that, although they contained security features, many or most of these were not enabled by default. A good example: the default share and NTFS permissions, which gave the Everyone group full control. Of course, you could (and in most cases, should) change those defaults to lock down your sensitive resources, but the philosophy of allowing all by default and then making exceptions to control access is less secure than the opposite tactic of disallowing everything by default and then making exceptions only where access is needed (often called the principle of least privilege).

    Security has been beefed up in many ways in Server 2003. Now, when you create a new share, the Everyone group has only Read permission, and the default NTFS permissions on new files give Users only Read and Read & Execute permissions. The Everyone group no longer includes members of the Anonymous group. IIS default security has been vastly improved, too. It's no longer installed by default on Windows Server 2003 (except for the Web Server Edition), and when you do install it, it is installed in a "locked down" state in which active content features (ASP, ASP.NET, SSI, WebDAV and Frontpage extensions are not enabled.)

    Some administrators believe Microsoft hasn't taken default security far enough. They point out that file and print sharing is enabled by default and that if you want to enforce password complexity policies or use encryption, you must configure the server to do so; these features aren't turned "on" automatically. Others have been frustrated by the new defaults, spending hours troubleshooting access problems that represent normal behavior under these security settings.

    Perhaps the question is: how far should an operating system vendor go in forcing security on you? Do you prefer that the OS provide the security features as options and then let you decide which ones you want to use, or do you think Microsoft should do it all for you, making the OS maximally secure "out of the box" and letting you loosen security if you choose? There are advantages and disadvantages to both approaches!


    Scanning for Security

    It seems as if we get news of a new security vulnerability every day (sometimes more than once a day). It's great that vendors and the security community are on the ball and quick to publish warnings as each new exploit hits, but if you have a whole company full of computers - perhaps running many different operating systems - how are you supposed to know whether your machines are suffering from any of these problems and which computers are vulnerable to which exploits?

    Security scanning software has been in vogue for a while now, and the wealth of scanning tools available from numerous software vendors can get downright confusing. Sunbelt's Retina is one that's received great reviews for its scope (it scans not only Microsoft operating systems, but UNIX machines, applications and even hardware devices such as routers and switches), its flexibility (reports can be customized to give you exactly the information that you want), and its performance (installation is quick and easy and scans can be performed in record time).

    NT to 2003 Migration: You Don't Have to Go it Alone

    Although you might not know it by listening to the marketing hype, we know from the many admins on this list that a large number of companies never made the upgrade from NT 4.0 to Windows 2000. There are a lot of reasons for that, cost, comfort level and the time (a commodity almost always in short supply) required to learn a whole new product. Now, however, NT is beginning to look a little long in the tooth, even to its most steadfast proponents. Sticking with it prevents you from benefiting from some exciting new components such as Active Directory, EFS, and myriad other technologies that are built into the newer server operating systems. Besides, being one generation behind the cutting edge doesn't seem like a big deal, but being two generations behind can make you a little antsy.

    Making the leap from NT to 2003 might seem like a nerve-racking proposition, though. However, there is help available. Microsoft has provided a number of migration tools, and third party vendors have jumped into the fray with software designed to more easily get you through the process.

    The Windows Server 2003 Migration eBook provides checklists, recommendations and example scenarios that can make the migration a bit less scary:

    Keeping Tabs on your Network when You're on the Road

    Busy network admins are always on the go. If you manage a multi- site network, you might have to travel from one location to another to keep tabs on what's going on. Even when you're supposedly "off duty," whether it's home snoozing, taking a well deserved night off to go out to dinner with the spouse or friend you don't get to see nearly often enough, or on vacation in some exotic location that was supposed to be "away from it all," chances are that Murphy's law will kick in and the folks back at the IT department will track you down when problems occur. After all, you are the only person who could possibly coax the network back into a stable condition, right? It's great for the ego to know you're indispensable, but it can also be inconvenient as heck to get the call when you're nowhere near a computer. You can't take a laptop everywhere you go - but how can you manage the network if you can't connect?

    Well, believe it or not, there is a way. In today's world of integrated communications, you can use your Mobile phone, Blackberry, wireless-equipped Pocket PC or Palm Pilot, even two- way pagers to manage Windows servers, SQL, IIS and third party tools like Tivoli and Openview. Worried about security? No problem. New mobile administration packages ensure that only authorized personnel can avail themselves of their many features.

    The only problem is: which mobile administration package is the harassed and harried admin to choose? It's not as if you have lots of spare time to check them all out. We suggest you go with the best: ASG-MobileControl Administrator. It's the wireless management tool that goes a step further, giving you the control you need even when you're traveling light:


    This Week's Links We Like. Tips, Hints And Fun Stuff

  • Arnold for Governator!

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-Arnold
  • Robot Guard Dog sniffs out Wi-Fi holes

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-Robot-WiFi
  • The party's over for Outlook Express (and a reprieve!)

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-OutlookExpress
  • Whacking a Segway Thief

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-Segway
  • Stopping the American IT Jobs Hemorrhage - Michigan tries to lead the way

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-AmericanIT
  • Photographic evidence that Moon landing never took place

  • http://www.w2knews.com/rd/rd.cfm?id=030818FA-MoonLanding
  • And if you really do believe, then get Apollo on DVD:


    "Think You're Fully Protected? Think Again"

    PestPatrol finds what your firewall and anti-virus don't. Who knows what pests might be lurking on your users' workstations. The amount of these can be astonishing: Trojans, Spyware, Keyloggers, Hostile Java code and about 40,000+ other pests that get through your normal defenses. Usually caused by clueless users surfing the Web. Install PestPatrol on your PDC and clean your whole domain via Logon Scripts every day! Grab the eval and you'll see for yourself: