Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 15, 2003 (Vol. 8, #37 - Issue #443)
Season of Fury
This issue of W2Knews contains:
- EDITORS CORNER
- September 11 Anniversary: Cyberattacks and Hurricanes?
- TECH BRIEFING
- Another Major Security Bulletin
- ISA/VPN Deployment Kit Available
- Server 2003 Provides Two Deployment Methods, But Which Should You Choose?
- NT/2000 RELATED NEWS
- Far East Governments Creating Alternative Operating System?
- Windows Storage Server 2003 is Released
- Will There Be An Interim SP for XP?
- NT/2000 THIRD PARTY NEWS
- California Law Mandating Security Could Go National
- iHateSpam Server WON!
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- SPECIAL Q3 OFFER: LanHound
Are your servers protected? Disaster Recovery is #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security.
Visit DoubleTake for more information.
September 11 Anniversary: Cyberattacks and Hurricanes?
As the anniversary of the September 11 terrorist attacks
approached, warnings came from security experts that the date
could be a trigger for the release of new viruses and the launch
of full scale cyberattacks on U.S. systems. Well, obviously
nothing happened, and the media made the environment seem more
dangerous (again) than it really is . Here are some examples:
CNN reported two new viruses that contain references to
September 11, masquerading as emails and photos commemorating the
event. One, called Neroma, can delete files on the computers it
infects and propagates by emailing itself to addresses in the
Outlook Express address book. Another, Vote.K, can also delete
files. As if the real viruses weren't enough, a number of virus
hoaxes are also making the rounds, such as the one that makes
reference to a non-existent virus called WTC Survivor:
Federal Computer Week conducted a survey, results of which were
published by USA Today on September 2, showing that about half of
Americans are worried about the possibility of terrorist attacks
on important network infrastructures, such as those on which the
banking industry and electrical grids depend. The survey was done
prior to the recent electrical blackout and the problems that
occurred due to the Blaster worm, so it's safe to say that the
percentage might have increased since then.
And then to make things even more happy, the hurricane season is
in full swing, and we have the first perfect storm called Isabel
raging through the Atlantic. It's a true beaut of a monster
Category 5, moving toward South East Coast. It will probably
never make the land, but... How can you prepare for events such
as these? Just because we made it through the 11th without a
massive attack, that doesn't mean the network can't be brought
down at any time - anyone from dedicated terrorists to kids
writing viruses "just for fun" could cause irreparable damage to
your data. Sure, you've got backups (you do have current backups,
right?), but how much time and money will be lost before you're
able to restore everything? That's assuming you can restore it at
all. If your backups are stored on site, a flood, fire or tornado
will destroy them along with the original data, so you're out of
luck unless you've taken the extra step of storing your backups
offsite or backing up across the WAN to remote location.
That's the beauty of replication software like DoubleTake. Data
is copied in real time, so there is no gap of hours after its
creation before data is protected. Failover is so seamless that
most of those using the affected network might not even know
anything has happened, because the data on the source server
is automatically replicated to the target server, which takes
over if the source server fails for any reason. By placing the
source and target servers in different physical locations, you
can even ensure that the show (and your business) will go on even
if a physical disaster destroys the source server and the
building in which it is located. Peace of mind doesn't get any
better than that.
QUOTE OF THE DAY:
I used to have an open mind but my brains kept falling out.
- Steven Wright
(email me with feedback: [email protected])
NEW ScriptLogic Version 5.0 Now Available
Reduce help desk support calls by 50%, simplify desktop administration,
eliminate redundant tasks and reduce other time-consuming activities
- without writing or debugging a single line of code!
Check out all the new features and DOWNLOAD a 45 day trial verison.
NEW - Supports Windows Server 2003, Office 2003, Outlook 2003
NEW - Enhanced performance NEW - Multi-threaded and COM
NEW - 'Friendly' labels for network drives...And Much More
Visit ScriptLogic for more information.
Another Major Security Bulletin
This week, Microsoft announced three new Remote Procedure Call
(RPC) related vulnerabilities in Windows business-class operating
systems (NT 4.0, Windows 2000, XP and Server 2003). These are
similar to the exploit used by the Blaster worm and can result in
a buffer overrun in the RPCSS service. The new vulnerabilities can
allow an attacker to execute code on the attacked system or be
used to create Denial of Service (DoS) attacks. An attacker could
potentially view, modify or delete data, install programs, or
perform administrative tasks on the system. The severity rating
for this group of exploits is critical.
Many of those who put off patching the vulnerability used by
Blaster learned the hard way to take these announcements
seriously, so we recommend that you hurry to download and apply
the new patch.
ISA/VPN Deployment Kit Available
Microsoft's firewall and web caching server, ISA, is becoming a
popular security solution in small, medium and enterprise-level
businesses because it integrates so well with Microsoft operating
systems and server applications. At the same time, virtual private
networking has become the number one way for these companies to
provide secure connectivity to their networks by employees who
work from home or on the road. Thus, one of the first questions
that comes up when a company is considering deploying ISA
firewalls is "do ISA and VPN play well together?" The answer is
yes - if you know how to properly configure both.
Until recently, there has been no definitive source of
documentation that administrators could rely upon to ensure that
their deployments would work. Tom Shinder's ISA Server VPN
Deployment Kit changes all that, providing a compilation of 30
documents that address almost every aspect of installing and
configuring an ISA firewall/VPN Server or VPN Gateway. The kit
contains detailed screenshots to guide you through the process
and answers the most commonly encountered questions and issues
that arise in conjunction with ISA/VPN deployment. It's available
for download on the isaserver.org web site at:
Server 2003 Provides Two Deployment Methods, But Which Should You Choose?
Deploying Microsoft operating systems and applications to "bare
metal" computers can be time consuming for IT professionals in
large organizations, and some type of automated process is a must.
Windows Server 2003 gives you not one but two ways to do this:
the familiar Remote Installation Services (RIS) that was introduced
with Windows 2000, and the new Automated Deployment Services
(ADS). Which one you choose depends on your particular deployment
situation, as the two are not interchangeable. For example, ADS
doesn't support the deployment of client operating systems, only
servers, while RIS can be used to deploy desktop machines.
For a detailed discussion of the differences to help you evaluate
which solution is best for you, see:
NT/2000 RELATED NEWS
Far East Governments Creating Alternative Operating System?
Paul Thurrott's WinInfo site reported this week that several far
eastern governments, including China and Japan, are funding the
creation of an open source OS to serve as an alternative to
Windows. Japan has allocated $85.5 million for the effort and the
ministers of trade for the participating countries are expected
to get together later this month to move forward with the plan.
This raises a lot of questions over whether governments should
be in the software business, and what the impact will be on
Microsoft's sales in those areas.
Windows Storage Server 2003 is Released
Yet another new Windows server version was released this week:
the latest incarnation of WSS, Microsoft's dedicated Network
Attached Storage (NAS) file server solution that now integrates
better with Storage Area Networks (SANs) and supports Volume
Shadow Copy Services, which is one of the most exciting new
features in Windows Server 2003. WSS 2003 also includes a web
based interface to make it easier for administrators to manage
storage devices. Check out the other improvements and new
features on the WSS web site.
Will There Be An Interim SP for XP?
Several sources reported this week that Microsoft plans to put out
an interim service pack release for Windows XP in the near future,
which would contain a "rollup" of a number of security fixes that
have been released, making it more convenient for users to apply
them all in one fell swoop. There have been rumors of such a
release going around for several weeks, and the interim SP still
hasn't been officially confirmed by Microsoft, but
Microsoft-watch.com reports that an invitation has been sent to
THIRD PARTY NEWS
California Law Mandating Security Could Go National
California recently sent a strong message to businesses nationwide,
"Beef up your network security...or else!" Effective July 1, The
Database Security Breach Notification Act requires prompt
notification when databases containing Social Security numbers or
similar information are breached. Because the act includes any
enterprise transacting business in the state, practically every
business in the country needs to take heed.
Now, Sen. Dianne Feinstein (D-Calif.) has introduced a bill in
the U.S. Senate based on the California law. If passed, the bill
would require prompt notification of breaches. It establishes fines
of up to $5,000 per violation, which means for each individual
victim, or $25,000 per day for each breach as long as the violation
persists. Regardless of the outcome, the trend is clear.
Businesses large and small, including yours, can suffer serious
financial and market consequences if customer's data is
compromised. For some companies, the results could be disastrous.
One of the greatest threats to data security is spyware. These
programs sneak onto your network, collect data, then send it to
other parties anxious to use it for their own ends. You know what
happens then. They use the data themselves, sell it to others, or
make it public. The theft might not be known for days, weeks, or
even months. Even with firewalls, anti virus software, and
intrusion detection systems in place, spyware is free to enter
your network and steal information without sounding any alarms.
Right now, every desktop on your network is an open door to a
hacker with spyware.
The only way to stop spyware is with anti spyware. PestPatrol is
the leading anti spyware software on the market. It detects
spyware, adware, browser helper objects, hacker tools, even
commercial cookies. PestPatrol works with your firewalls and
anti virus software to protect your system from intrusion. The
risks, as well as the consequences, are greater than ever. You
need to make sure you own your data, not some hacker. Download
the PestPatrol eval version for small business or corporate users
and find out who's watching you.
iHateSpam Server WON!
Windows .Net Magazine, one of the preeminent magazines for our
business, just gave us two stellar awards for our corporate
anti-spam solution, iHateSpam Server. We won Best New Product
and Best AntiSpam tool in their Reader's Choice awards!
Best New Product:
Best Messaging Products / Antispam Tool:
And more kudos: VAR Business listed Sunbelt as one of the top 10 ISVs
(ISV means Independent Software Vendor). We're up there with some
pretty good company, so it's a wonderful compliment:
You can check out iHateSpam Server here:
This Week's Links We Like. Tips, Hints And Fun Stuff
Really cool new toy:
Love aviation photos?:
Complete Dictionary of Tongue Twisters:
For Space Travelers Only:
What Song was Number One on This Day in 1977?:
Name that Candy Bar:
Flattery will get you on the Web:
PRODUCT OF THE WEEK
SPECIAL Q3 OFFER: LanHound
This is a great new sniffer-type product, for almost one fifth of
the cost of similar products. It supports switched networks and
comes with three free agents. WOW.
SPECIAL Q3 OFFER: The normal price for LanHound is $595 for user
with three agents. But if you buy in the third quarter 2003, you'll
get an extra 2 remote agents thrown in for a total of 5 remote agents.
Single remote agents are $149 each so this allows you to monitor
five segments. Killer deal: Get The Hound.