Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 27, 2003 (Vol. 8, #43 - Issue #449)
Ballmer Trashes Open Source
This issue of W2Knews contains:
- EDITORS CORNER
- TECH BRIEFING
- Secure Remote Access to Microsoft Exchange Servers
- NT/2000 RELATED NEWS
- MS First Quarter Earnings: UP
- Extending AD's reach to Windows NT and 9x clients
- Ballmer Trashes Open Source
- MS Unleashes Exchange Server 2003
- NT/2000 THIRD PARTY NEWS
- Independent Analysts Views On MS Security
- MS Patches Get Better, Still No Relief Though
- Panda's New GateDefender Gets Raves
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Active Directory Cookbook
SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different
communication protocols, achieving optimum protection against
external attacks. Panda Antivirus GateDefender 7100 (25-500
seats) & Panda Antivirus GateDefender 7200 (500 seats) provide
the highest scalability including native load balancing that
transparently adapts to the traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
It's "Awards Time" Again
Quite a few magazines, W2Knews included, are doing their yearly
awards of best products per category. W2Knews will soon allow you
to vote in our Target Awards in a whopping 24 categories. But
other sites are working on their 'faves' too. This coming
January, SearchWin2000.com will announce their first Product of
the Year awards and they'd like a bit of help. They will consider
products in six categories:
To be eligible, a product must have been introduced or
significantly upgraded between September 30, 2002 and October 1,
2003. Upgrades must incorporate new features and be designed to
meet new or evolving needs in the marketplace. To nominate a
particular product, contact [email protected] for an entry
form. Deadline: Nov 5, 2003. (We'd love you to nominate iHateSpam
server for 'messaging'!)
- Enterprise desktop administration
- Active Directory
- Network and system management
- Server operating system administration
Last Week's SunPoll was definitely interesting. The question was:
"Redmond now releases security patches on a monthly basis.
What's the result for the security of your Windows domains?"
Here is what you think the result will be:
Improve security: 23.56%
Makes little difference: 32.65%
Will hurt it: 43.77%
And here is your NEW SunPoll: What do you think is best way to
fight spam in the enterprise, with a low level of false
- Heuristics / Rules Engines on a Server or Gateway
- Server-based content filtering with a white list, plus data from blacklisting organizations.
- Legislation coupled with landmark litigation.
- Client-based content filtering with Bayesian technology and whitelisting/blacklisting.
- A combination of the previous answers or 'Other'
Quotes Of The Day:
"Five second fuses only last three seconds."
-- Infantry Journal
"Any ship can be a minesweeper ...... once."
-- Admiral Hornblower
"Everyone seems normal until you get to know them."
(email me with feedback: [email protected])
Are your servers protected?Disaster Recovery is #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security.
Visit Double-Take for more information.
Secure Remote Access to Microsoft Exchange Servers
This is a guest Column contributed by Tom Shinder
Microsoft made a big deal of "perimeter security" at the recent
partner conference in New Orleans. Perimeter security is one of
the cornerstones of the current Microsoft security initiative.
There's no doubt that perimeter security is important. The rule
of large numbers makes it clear that there are always going to
be a lot more bad guys on the outside than on the inside and
those bad guys on the outside have a lot more time and tend to
be bolder with their exploits.
One thing Microsoft didn't make clear is where exactly does the
perimeter begin? Does the perimeter begin at the Internet edge
of the network? Does the perimeter begin on the LAN interface
of the Internet connected router? Does it being on the external
interface of the edge firewall? Is there only one perimeter, or
can you have multiple perimeters on the corporate network?
It's important to be able to define your perimeter networks
because the type and level of security provided by perimeter
security devices varies based on the hosts directly and
indirectly impacted by the perimeter devices in front of them.
In fact, an excellent way to define your perimeters is by the
"security zones" that they enclose.
Examples of security zones include:
The edge of each of these security zones represents the
perimeter of that network. One of the most important network
zones is the internal network. This network is behind the external
network, the backbone network and sometimes the DMZ network. The
internal network is the security zone needs to be the most highly
fortified against external attack.
- The external network - the Internet and all other networks not under your administrative control
- The DMZ segment - a security zone that does not contain proprietary or mission critical data. Public Web and FTP servers are included in the perimeter; these servers do not contain proprietary or mission critical data. These servers can be replaced quickly and easily.
- The corporate backbone network - this network zone is under your administrative control but does not contain any mission critical servers or services. The corporate backbone security zone serves as a secure conduit between other security zones.
- The internal network - this network security zone contains servers and clients that are under your complete administrative control. All corporate users and computers that belong to your corporate Active Directory domain are located in the internal network zone. Multiple LAN segments separated by the corporate backbone can belong to the same internal network zone.
- Management network - a management network zone is dedicated to clients and servers required by network administrators to perform management tasks. This network must be tightly monitored because of the level of access given to users on this network.
One of the most important servers that must be located on the
internal network is the Exchange Server. Exchange Servers must
be located in the same security zone as the Active Directory
because Exchange depends on Active Directory for its user
database and a number of other critical functions. This works
great for users and computers on the internal network because
the Exchange Servers are located within the same security
perimeter as the users who connect to it.
Problems crop up when you need to allow remote users access
to the Exchange Server. The concept of a "day off" from
corporate email is fading into history. Corporate execs realize
that just a single day away from Exchange email can make the
difference between landing that "Big Deal" and getting ready for
another resume fax broadcast session.
That's why the ISAServer.org community and I put together the
ISA Server 2000 Exchange 2000/2003 Deployment kit. This kit
contains 32 documents that give detailed step by step
instructions on how to allow highly secure connections from
remote Outlook Express, Outlook 2000 and Outlook 2003 clients
to the Exchange Server on the internal network security zone.
The ISA Server 2000 Exchange 2000/2003 Deployment kit provides
every detail you need to allow remote Outlook (and other email
clients) very highly secured access to the following Exchange
Service and protocols:
You don't even need to replace your current firewall
infrastructure to leverage the unique protection that ISA Server
firewalls provide. The details are in the kit. If you currently
allow remote users access to your corporate Exchange Server, or
if you're thinking about putting together a remote access
solution for Exchange services, then check out the ISAServer.org
ISA Server 2000 Exchange 2000/2003 Deployment Kit. Even if you
don't end up using ISA Server, I guarantee you'll learn a ton
about secure remote access to Exchange Server services and help
bolster your perimeter defenses. For more info and download
details for the ISA Server 2000 Exchange 2000/2003 Deployment
Kit, check out:
- The Exchange SMTP service
- The Exchange POP3 service
- The Exchange IMAP4 service
- Outlook Web Access
- Secure Exchange RPC
- RPC over HTTPS
- Spam filtering SMTP relay on the ISA Server firewall or a dedicated relay on a DMZ or internal network
- And lots more!
NT/2000 RELATED NEWS
MS First Quarter Earnings: UP
MS beat the analyst expectations just slightly with their
financial results for the first quarter. They announced revenues
of $8.22 billion for the quarter ended Sept. 30, a 6 percent
increase from the $7.75 billion in the quarter a year ago.
However, Redmond reported a larger drop in unearned revenue from
multi-year licensing agreements. That really means their
Licensing 6.0. Expectations were a drop-off of $200 million to
$300 million in unearned revenue, but the actual figure for the
quarter was more than twice as bad. Consumer spending helped
buffer the Licensing 6.0 shortage.
Microsoft CFO John Connors said they had been too optimistic on
contracts from large customers and that sales people had been
distracted helping customers cope with the Blaster virus.
Relevant news for administrators is that their Server and Tools
business grew 15 percent year-over-year to $1.87 billion this
quarter. SQL Server and Exchange Server also saw double-digit
revenue growth. Windows Server 2003 has sold two times as many
licenses as Windows 2000 Server over the same period of time
since the launch. The seats-sold count for Exchange is now at
Extending AD's reach to Windows NT and 9x clients
Yes, you can use Active Directory to manage your Windows NT and
9X users and desktops. You can with a patch that extends some of
AD's most popular management features to NT and 9x clients.
Windows desktop administration expert Serdar Yegulalp maps out
what the client extensions can and cannot do, and tells how and
where to install them. Check out the article on SearchWin2000 at:
Ballmer Trashes Open Source
ENTMag just came out with an article, very timely indeed, just
after last week 50% of you said you trust open source software.
Perhaps MS CEO Steve Ballmer read the article in W2Knews, but
he effectively closed the door on any MS involvement in open source initiatives, saying that the commercial approach to
software development and sales provides the best security and
value to enterprise customers.
In addition, Ballmer branded open source as a channel of last
resort for software products that failed in the commercial
marketplace. While distancing Microsoft from the open-source
world, he half-jokingly replied "never say never" when asked
if the software giant would support Linux if the market were
large enough. Ballmer, known for his frank, no-holds-barred
style, fielded questions about competition from open source
software and other topics at this week's Gartner's Symposium/
ITxpo 2003 conference in Orlando, Florida. Read more at ENT:
MS Unleashes Exchange Server 2003
They officially threw it out there on October 21, 2003. Their
main goal is to convert the 50% of Exchange users that are
still on V5.5. There are around 120 Million seats sold for
Exchange worldwide, and most of these waited upgrading
because getting to AD was considered a major pain.
The Exchange Product Manager, Missy Stern, said that this time
it's different. They took 3 years to look and listen, and came
up with a relatively smooth upgrade path. About 200 have made
the jump, with around 330K end users. There is one major benefit
which is server consolidation. Looks like you can cut the needed
servers in half. Pricing is the same as Exchange 2000.
(PS, iHateSpam Server is supported on both Exchange V5.5 and
2003, the upgrade is free if you go from V5.5 to 2003).
THIRD PARTY NEWS
Independent Analysts Views On MS Security
The AnalystViews site has some "helicopter-view" or "exterior
viewpoint" remarks about the recent security announcements:
"Steve Ballmer's announcement on October 9th of three new
security initiatives is not a U-turn, but they are more than a
touch on the tiller. Microsoft has been trying hard to find and
then patch the security vulnerabilities in its products since it
announced its Trustworthy Computing initiative two years ago.
However its customers are still being hit hard by attacks and the
publication of vulnerabilities increases the risk for
organizations that do not keep up-to-date with the patches".
Continue reading here:
MS Patches Get Better, Still No Relief Though
Facing increased scrutiny over major vulnerabilities in Windows
applications, October saw Microsoft roll out a new security
campaign to ease IT administrator headaches caused by flawed
software. The company concurrently released seven patches on
October 15 - five of them deemed critical.
If you haven't already installed Microsoft patches MS03-041
through MS03-047, we recommend that you do so immediately. MS
is making security and patching of its software a top priority,
recognizing it is also a chief concern among IT administrators.
At the same time, it is difficult to keep up with the frequency
and increasing number of patches being released each month.
Although Microsoft's raised commitment to improving the security
of its software is positive, it also means more time and effort
for administrators to install them.
UpdateEXPERT takes the guesswork out of the patch management
process by advising you which patches are missing and allow
you to automatically deploy those that are relevant to your
Windows environment. Eval here:
Panda's New GateDefender Gets Raves
Looks like Panda Software is movin' and shakin'--satisfying the
protection needs of even the most demanding users and companies,
regardless of size or business. Their new GateDefender
Appliance is a dedicated hardware device, installed at the
gateway to block viruses before they contaminate your networks.
Designed to be a perimeter AV defense, it scans 7 different
communication protocols for ultimate protection against external
Here's what Nate Armstrong, an IT department head from City of
Angola, Indiana had to say. "Since the install of Panda
GateDefender (GDef), we have not had a single virus infection
through email. In the short time we have had it, it has paid for
itself already. I cannot even begin to quantify the amount of
money this saved us during the last SoBig.F outbreak."
Pay attention to load balancing! - you know ... sharing the
scanning of network traffic between several GDef units. Load
balancing is used when a single GDef can't handle all the
network traffic, or when it is critical that the communication
line is available in the network where you want to install
several devises. It optimizes AV protection of the network
perimeter, speeds up the scan process, and is a good way to
prevent saturation and delays. If one GDef goes down, others
will carry on with the work.
W2KNews wants you to know about Panda's new freebie program -
Panda IT V.I.P. We know that once you try Panda Antivirus with
integrated firewall at home, you'll want the same Panda security
on all your machines at work. Once you qualify, you'll get Panda
Platinum(tm) 7.0 desktop antivirus product for your home
computer, at no charge! It's a $69.95 value and they will grant
a full one-year license. Get it here:
This Week's Links We Like. Tips, Hints And Fun Stuff
Music inspired by Spam. Check the lyrics:
The Concorde flies into history. Can I get a piece of one?
Very useful IP-to-Country website, type in the IP and it will
give you the geographic location:
Racing meets logging: Chainsaws with a V8 engine! (1.5 Megs)
Racingfreaks.net has videos of hopped up cars racing on public
roads. Do not try this at home. [grin]
Fun with Jet Engines. Real ones. Staged demo how powerful they
are (977 KB):
And what are the worst names for servers? Here are the results:
How To Turn a $175,000 High-End SGI Challenge DM Server into a
PRODUCT OF THE WEEK
Active Directory Cookbook
Those of you who run networks on Windows 2000 know the benefits
of using Active Directory for managing user information and
permissions. You also know what a bear it can be. The newer
version included with Windows Server 2003 has over 100 new and
updated features to simplify deployment, but once it's in place
many system admins still find Active Directory challenging. If
you're among those looking for practical hands-on support, Check
out this book.
It contains hundreds of step-by-step solutions for both common
and uncommon problems that you might encounter with AD on a daily
basis --including recipes to deal with the Lightweight Directory
Access Protocol (LDAP), multi-master replication, Domain Name System
(DNS), Group Policy, the Active Directory Schema, and many other