Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 8, 2003 (Vol. 8, #36 - Issue #442)
[email protected] Blocking Methods
This issue of W2Knews contains:
- EDITORS CORNER
- Spam Blocking Methods: Which is Best?
- TECH BRIEFING
- Rights Management Finally Becoming a Reality
- URLScan: No Longer Needed?
- SMS 2003 Soon to Go Gold
- NT/2000 RELATED NEWS
- Patch Management Webcast from Microsoft
- Business Plans for Microsoft's "Magnificent Seven"
- New Certification Exam for Small Business Server Pros
- Another Critical Flaw Discovered in Office
- NT/2000 THIRD PARTY NEWS
- St. Bernard Software: Patching is more than a Technology Issue
- Print Manager Plus Saves You Money by Tracking and Controlling Printer Usage
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Extremely Low-Cost Packet Sniffer: LanHound
NEW ScriptLogic Version 5.0 Now Available
Reduce help desk support calls by 50%, simplify desktop administration,
eliminate redundant tasks and reduce other time-consuming activities
- without writing or debugging a single line of code!
Check out all the new features and DOWNLOAD a 45 day trial verison.
NEW - Supports Windows Server 2003, Office 2003, Outlook 2003
NEW - Enhanced performance NEW - Multi-threaded and COM
NEW - 'Friendly' labels for network drives...And Much More
T-shirt offer is available to US residents only.
Visit ScriptLogic for more information.
Spam Blocking Methods: Which is Best?
In a recent post from Slashdot, ariehk writes "As of today,
Osirusoft, distributer of the SPEWS and open relay blocklists,
among others, is no longer operational. Servers using these
lists (including the FTC) are currently rejecting ALL email.
This shutdown seems to be in response to a several-week-long
DDoS attack on Osirusoft, SPEWS and others, resulting in both
sites being down. This has caused much discussion on n.a.n-a.e,
including the suggestion that the attack is somehow related to
the SoBig worm. The spammers must be hurting if they can devote
these kinds of resources to attacking blacklists."
Ouch! If you were one of many companies using one of these
blacklists, we feel your pain. Spam is, for many individual
Internet users and businesses, high on the list of biggest
annoyances these days. Consequently, a number of different
methods have been developed to try to cut down on the amount
of unsolicited advertising that reaches users' mailboxes. There
are software programs to block spam at the ISP level, at the
internal mail server, or at the client machine. The challenge is
in determining exactly what mail is spam - probably the second
most frequent spam-related annoyance is that of "false positives,"
when the filtering software filters out mail that you do want to
Different software programs have different ways of doing this.
Some flag key words in the subject line or content, while others
rely on blacklists (or blocklists) that contain the IP addresses
and/or domain names of suspected or verified spammers. Services
such as SPEWS compile these lists and distribute them, saving
admins the time and effort of putting together their own.
However, one of the problems inherent in using a blacklist
service is that it's vulnerable to attacks such as the one
discussed above. Another is the fact that no one really knows
exactly what criteria is used to build the lists, and innocent
non-spammers end up getting blacklisted.
That's why we believe user-controlled spam filtering software,
such as Sunbelt's iHateSpam, offers a better solution. You get
all the same convenience and ease of use, without the problems
and vulnerabilities. The Outlook/OE version of iHateSpam uses
sophisticated analysis technology to determine whether a
particular message is likely to be spam and quarantining those
that come up suspicious. But mail sent by people who are in your
address book will always get through - eliminating one of the
most frustrating problems associated with spam filtering. The
Server Edition is designed for Exchange/Active Directory and
uses policy based filtering with parameters that you can fine
tune. Why leave the decisions in someone else's hands when you
can achieve better results using a robust spam busting software
package that leaves you in control?
Here's what IHateSpam user Michael J. Stone has to say:
"Honestly I was skeptical at first. I reluctantly uninstalled
GFI Mail Essentials, which I was quite happy with at the time,
and installed iHateSpam. I now see the ease with which individual
users can control messages they want to receive, by just dragging
and dropping. The reporting feature has also won me over. I can
see which addresses are really getting hammered. Just wanted to
let you know that I'm now a true believer!"
QUOTE OF THE DAY:
I find the great thing in this world is not so much where we
stand, as in what direction we are moving.
- Oliver Wendell Holmes (1809-1894)
(email me with feedback: [email protected])
New surveys show: Disaster Recovery and Security are #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security:
Visit DoubleTake for more information.
Rights Management Finally Becoming a Reality
Those of us who create copyrighted and/or sensitive content have
been looking forward to the release of Microsoft's Windows Rights
Management Services (RMS) software that will run on Windows
Server 2003 and integrate with Office 2003's Information Rights
Management (IRM) feature. This is a solution that will let you
share protected documents with others but retain control over
their ability to copy and redistribute those documents, or even
set a date on which their access to the document will expire.
Microsoft took a step forward last Tuesday when they put the
rights management client software up on their download web site
It runs on Windows 2000 (with SP3), XP, Server 2003, ME and
W98 SE (the last two must have the Active Directory Client
extension, DSClient, installed for full functionality).
For more info on RMS, see the white paper titled Microsoft Rights
Management Solutions for the Enterprise: Persistent Policy
Expression and Enforcement for Digital Information, at:
URLScan: No Longer Needed?
URLScan is a familiar tool to web server administrators running
IIS 4 and 5. It's a security tool from Microsoft that lets you
restrict and define what kind of HTTP requests are processed by
IIS. You can block specific request types, an important element
of securing your web servers and protecting them from attack.
If you run either of these versions of IIS, you'll find URLScan
to be invaluable, and you can download it at:
But what if you've upgraded to Server 2003 and IIS 6.0? Do you
still need URLScan, or will IIS 6.0's new security enhancements
do away with the need for this venerable utility? Here's a good
article that compares the features of URLScan to IIS 6.0's
security features and helps you to answer that question:
SMS 2003 Soon to Go Gold
Systems Management Server is Microsoft's change and configuration
management package for Windows clients and servers, used by many
enterprise level businesses for asset management, software
distribution, remote troubleshooting and more. The next version,
SMS 2003, is expected to be released to manufacturing sometime
prior to November 11th, when it is scheduled to debut during
the Microsoft IT Forum 2003 in Denmark.
The new version of SMS promises better support for mobile users,
better ability to track application usage, integration with
Active Directory and simplified administration.
NT/2000 RELATED NEWS
Patch Management Webcast from Microsoft
We've been hitting hard on the issues related to patch management
recently, because it's a topic that's of vital importance to
anyone who's responsible for maintaining a secure business
network. We obviously aren't the only ones who think so. On
August 28th, Microsoft's Senior Technology Specialist Mark
Mortimore held a live webcast on TechNet addressing this problem
and outlining Microsoft's long term plans for simplifying the
patching process. According to Mortimore, enhanced versions of
both the TechNet Web Bulletin security page and the Microsoft
Business Security Analyzer (MBSA) are in the works and should
be available soon. You can view a recording of the webcast at:
Warning: it's a 14MB download, but well worth watching if
patching demands have you dazed and confused.
Business Plans for Microsoft's "Magnificent Seven"
As those who follow the industry news know, Microsoft is divided
into seven business units: Client (desktop client operating
systems), Information Worker (Office, SharePoint, Project and
other business productivity software), Server Platforms (server
operating systems and server applications such as Exchange and
SQL), Business Solutions (business management software), Home
and Entertainment (consumer entertainment products such as Xbox),
Mobility and Embedded (CE/Pocket PC and embedded operating
systems), MSN (MSN services and web sites).
Here's an interesting look at the business plans for each unit
for fiscal year 2004, from Directions on Microsoft, a research
firm that focuses on Microsoft's strategies and technology. It
provides some insight into expectations for each area of the
business, as the units become more autonomous and Microsoft
matures as a company.
New Certification Exam for Small Business Server Pros
Until now, there has been no Microsoft certification exams for
those who want proof of their knowledge and skill related to
Small Business Server, but that's about to change. Microsoft has
announced the beta of Exam 70-282, Designing, Deploying and
Managing a Network Solution for a Small and Medium Sized
Business, set to go later this month. The SBS exam will serve
as an elective for the Server 2003 MCSE track.
Another Critical Flaw Discovered in Office
Users of Microsoft Office 97, 2000 and XP (2002) applications
may be vulnerable to buffer overflow attacks due to a critical
flaw in Visual Basic for Applications (VBA), and Microsoft put
out several security alerts this week to notify customers.
Patches are available to address the problem. For more
information, see Security Bulletin MS03-037.
THIRD PARTY NEWS
St. Bernard Software: Patching is more than a Technology Issue
In evaluating the latest threats to our networks, you might chalk
up the success of Sobig.F to naive users clicking on attachments.
However, Blaster and its many variants were preventable by
installing a Microsoft patch that was released a month before
the attack. This is another example of how a patch management
policy can help prevent organizations from attacks.
The success of Blaster, despite its preventability (and flawed
code), is indicative of a larger problem - the widespread view
of patch management as purely a function of network
administration, instead of as a business critical process. In
fact, St. Bernard Software, makers of the patch remediation tool
UpdateEXPERT(r), openly assert that a technology solution alone
isn't always enough. St. Bernard advises that an effective patch
management solution should be accompanied by an executive level
commitment to the patch management process. This commitment
requires defined policies, established responsibilities for
ensuring network security and assistive technology tools. Without
this commitment, St. Bernard maintains that organizations will
continue to fall victim to preventable attacks.
SBS's UpdateEXPERT plays perfectly into a structured policy for
patch management, as it gives you the tools to quickly assess
patch levels throughout the network, and then deploy the
necessary patches for your unique IT environment. Until virus
attacks can be stopped indefinitely, patch management will
continue to remain a critical business process. Get your 15
day eval right here:
Print Manager Plus Saves You Money by Tracking and Controlling Printer Usage
Remember the paperless office? Despite the increase in the amount
of digital data, it's a concept that hasn't happened and isn't
likely to happen in the near future. Printed documents are still
an integral part of doing business and printing costs make up a
large portion of most companies' budgets. The capital expenditure
for the printer is only the beginning; it's the "hidden" costs -
maintenance, toner, ink cartridges, paper and other supplies -
that really add up fast.
Although workers need to print, some of those costs could be
averted by better management of printing resources. For example,
some employees might be using more expensive color printers when
it's not necessary.
While companies have, for a long time, imposed tracking and even
limitations on copy machine usage, many don't have any kind of
controls when it comes to use of their network printers. But
there is an easy, cost-effective way to keep track of who's
using the printers and enforce quotas on users. Software from
Software Shelf International makes it easy to do cost accounting
with Print Manager Plus v5.0, which provides admins with a user-
friendly console that centralizes the control of printers and
lets you restrict usage, saving money in the process. It's well
worth checking out if your printing budget is out of control.
This Week's Links We Like. Tips, Hints And Fun Stuff
Doing Nothing - and Doing it Well:
Save the Servers!
IRS Loses in Court!
Don't Just Remember the Alamo - see it on Webcam:
Build your own Roller Coaster:
Feeling smart? Join MENSA:
Coming up soon: Talk Like a Pirate Day!
PRODUCT OF THE WEEK
Extremely Low-Cost Packet Sniffer: LanHound
LANHOUND has become very popular very fast. It's a great packet
sniffer at extremely low cost. We asked system- and network admins
who bought it what they are using it for: Slow response times:
See traffic congestion quickly. Broadcast or multicast storms:
Set an alarm for unusually high traffic of these types. Traffic
by station: View traffic generated by each station and server to
see which stations are consuming the most bandwidth. Hanging network
sessions: Find who sent the last packet, and which system failed
to respond. User can't logon: Capture login negotiations, retransmits
and response times to determine where the problem is, and where to
focus your attention. Security Lapses: Find out if users are checking
POP3 email or going to FTP sites using unencrypted passwords.
Duplicate IP numbers: See if there are duplicate IP addresses on
a monitored segment. Try it out for yourself over here: