- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 27, 2003 (Vol. 8, #43 - Issue #449)
Ballmer Trashes Open Source
  This issue of W2Knews™ contains:
    • It's "Awards Time" Again
    • Secure Remote Access to Microsoft Exchange Servers
    • MS First Quarter Earnings: UP
    • Extending AD's reach to Windows NT and 9x clients
    • Ballmer Trashes Open Source
    • MS Unleashes Exchange Server 2003
    • Independent Analysts Views On MS Security
    • MS Patches Get Better, Still No Relief Though
    • Panda's New GateDefender Gets Raves
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Active Directory Cookbook
  SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different
communication protocols, achieving optimum protection against
external attacks. Panda Antivirus GateDefender 7100 (25-500
seats) & Panda Antivirus GateDefender 7200 (500 seats) provide
the highest scalability including native load balancing that
transparently adapts to the traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.

It's "Awards Time" Again

Quite a few magazines, W2Knews included, are doing their yearly awards of best products per category. W2Knews will soon allow you to vote in our Target Awards in a whopping 24 categories. But other sites are working on their 'faves' too. This coming January, SearchWin2000.com will announce their first Product of the Year awards and they'd like a bit of help. They will consider products in six categories:

  • Enterprise desktop administration
  • Active Directory
  • Network and system management
  • Messaging
  • Server operating system administration
  • Security
To be eligible, a product must have been introduced or significantly upgraded between September 30, 2002 and October 1, 2003. Upgrades must incorporate new features and be designed to meet new or evolving needs in the marketplace. To nominate a particular product, contact [email protected] for an entry form. Deadline: Nov 5, 2003. (We'd love you to nominate iHateSpam server for 'messaging'!)

Last Week's SunPoll was definitely interesting. The question was: "Redmond now releases security patches on a monthly basis. What's the result for the security of your Windows domains?" Here is what you think the result will be:
Improve security: 23.56%
Makes little difference: 32.65%
Will hurt it: 43.77%

And here is your NEW SunPoll: What do you think is best way to fight spam in the enterprise, with a low level of false positives?

  • Heuristics / Rules Engines on a Server or Gateway
  • Server-based content filtering with a white list, plus data from blacklisting organizations.
  • Legislation coupled with landmark litigation.
  • Client-based content filtering with Bayesian technology and whitelisting/blacklisting.
  • A combination of the previous answers or 'Other'
Vote here:

Quotes Of The Day:

"Five second fuses only last three seconds."
-- Infantry Journal

"Any ship can be a minesweeper ...... once."
-- Admiral Hornblower

"Everyone seems normal until you get to know them."
-- Anonymous

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Are your servers protected?Disaster Recovery is #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security.
Visit Double-Take for more information.

Secure Remote Access to Microsoft Exchange Servers

This is a guest Column contributed by Tom Shinder

Microsoft made a big deal of "perimeter security" at the recent partner conference in New Orleans. Perimeter security is one of the cornerstones of the current Microsoft security initiative. There's no doubt that perimeter security is important. The rule of large numbers makes it clear that there are always going to be a lot more bad guys on the outside than on the inside and those bad guys on the outside have a lot more time and tend to be bolder with their exploits.

One thing Microsoft didn't make clear is where exactly does the perimeter begin? Does the perimeter begin at the Internet edge of the network? Does the perimeter begin on the LAN interface of the Internet connected router? Does it being on the external interface of the edge firewall? Is there only one perimeter, or can you have multiple perimeters on the corporate network?

It's important to be able to define your perimeter networks because the type and level of security provided by perimeter security devices varies based on the hosts directly and indirectly impacted by the perimeter devices in front of them. In fact, an excellent way to define your perimeters is by the "security zones" that they enclose.

Examples of security zones include:

  • The external network - the Internet and all other networks not under your administrative control
  • The DMZ segment - a security zone that does not contain proprietary or mission critical data. Public Web and FTP servers are included in the perimeter; these servers do not contain proprietary or mission critical data. These servers can be replaced quickly and easily.
  • The corporate backbone network - this network zone is under your administrative control but does not contain any mission critical servers or services. The corporate backbone security zone serves as a secure conduit between other security zones.
  • The internal network - this network security zone contains servers and clients that are under your complete administrative control. All corporate users and computers that belong to your corporate Active Directory domain are located in the internal network zone. Multiple LAN segments separated by the corporate backbone can belong to the same internal network zone.
  • Management network - a management network zone is dedicated to clients and servers required by network administrators to perform management tasks. This network must be tightly monitored because of the level of access given to users on this network.
The edge of each of these security zones represents the perimeter of that network. One of the most important network zones is the internal network. This network is behind the external network, the backbone network and sometimes the DMZ network. The internal network is the security zone needs to be the most highly fortified against external attack.

One of the most important servers that must be located on the internal network is the Exchange Server. Exchange Servers must be located in the same security zone as the Active Directory because Exchange depends on Active Directory for its user database and a number of other critical functions. This works great for users and computers on the internal network because the Exchange Servers are located within the same security perimeter as the users who connect to it.

Problems crop up when you need to allow remote users access to the Exchange Server. The concept of a "day off" from corporate email is fading into history. Corporate execs realize that just a single day away from Exchange email can make the difference between landing that "Big Deal" and getting ready for another resume fax broadcast session.

That's why the ISAServer.org community and I put together the ISA Server 2000 Exchange 2000/2003 Deployment kit. This kit contains 32 documents that give detailed step by step instructions on how to allow highly secure connections from remote Outlook Express, Outlook 2000 and Outlook 2003 clients to the Exchange Server on the internal network security zone.

The ISA Server 2000 Exchange 2000/2003 Deployment kit provides every detail you need to allow remote Outlook (and other email clients) very highly secured access to the following Exchange Service and protocols:

  • The Exchange SMTP service
  • The Exchange POP3 service
  • The Exchange IMAP4 service
  • Outlook Web Access
  • Secure Exchange RPC
  • RPC over HTTPS
  • Spam filtering SMTP relay on the ISA Server firewall or a dedicated relay on a DMZ or internal network
  • And lots more!
You don't even need to replace your current firewall infrastructure to leverage the unique protection that ISA Server firewalls provide. The details are in the kit. If you currently allow remote users access to your corporate Exchange Server, or if you're thinking about putting together a remote access solution for Exchange services, then check out the ISAServer.org ISA Server 2000 Exchange 2000/2003 Deployment Kit. Even if you don't end up using ISA Server, I guarantee you'll learn a ton about secure remote access to Exchange Server services and help bolster your perimeter defenses. For more info and download details for the ISA Server 2000 Exchange 2000/2003 Deployment Kit, check out:

MS First Quarter Earnings: UP

MS beat the analyst expectations just slightly with their financial results for the first quarter. They announced revenues of $8.22 billion for the quarter ended Sept. 30, a 6 percent increase from the $7.75 billion in the quarter a year ago.

However, Redmond reported a larger drop in unearned revenue from multi-year licensing agreements. That really means their Licensing 6.0. Expectations were a drop-off of $200 million to $300 million in unearned revenue, but the actual figure for the quarter was more than twice as bad. Consumer spending helped buffer the Licensing 6.0 shortage.

Microsoft CFO John Connors said they had been too optimistic on contracts from large customers and that sales people had been distracted helping customers cope with the Blaster virus. Relevant news for administrators is that their Server and Tools business grew 15 percent year-over-year to $1.87 billion this quarter. SQL Server and Exchange Server also saw double-digit revenue growth. Windows Server 2003 has sold two times as many licenses as Windows 2000 Server over the same period of time since the launch. The seats-sold count for Exchange is now at 120 million.

Extending AD's reach to Windows NT and 9x clients

Yes, you can use Active Directory to manage your Windows NT and 9X users and desktops. You can with a patch that extends some of AD's most popular management features to NT and 9x clients. Windows desktop administration expert Serdar Yegulalp maps out what the client extensions can and cannot do, and tells how and where to install them. Check out the article on SearchWin2000 at:

Ballmer Trashes Open Source

ENTMag just came out with an article, very timely indeed, just after last week 50% of you said you trust open source software. Perhaps MS CEO Steve Ballmer read the article in W2Knews, but he effectively closed the door on any MS involvement in open source initiatives, saying that the commercial approach to software development and sales provides the best security and value to enterprise customers.

In addition, Ballmer branded open source as a channel of last resort for software products that failed in the commercial marketplace. While distancing Microsoft from the open-source world, he half-jokingly replied "never say never" when asked if the software giant would support Linux if the market were large enough. Ballmer, known for his frank, no-holds-barred style, fielded questions about competition from open source software and other topics at this week's Gartner's Symposium/ ITxpo 2003 conference in Orlando, Florida. Read more at ENT:

MS Unleashes Exchange Server 2003

They officially threw it out there on October 21, 2003. Their main goal is to convert the 50% of Exchange users that are still on V5.5. There are around 120 Million seats sold for Exchange worldwide, and most of these waited upgrading because getting to AD was considered a major pain.

The Exchange Product Manager, Missy Stern, said that this time it's different. They took 3 years to look and listen, and came up with a relatively smooth upgrade path. About 200 have made the jump, with around 330K end users. There is one major benefit which is server consolidation. Looks like you can cut the needed servers in half. Pricing is the same as Exchange 2000. (PS, iHateSpam Server is supported on both Exchange V5.5 and 2003, the upgrade is free if you go from V5.5 to 2003).


Independent Analysts Views On MS Security

The AnalystViews site has some "helicopter-view" or "exterior viewpoint" remarks about the recent security announcements: "Steve Ballmer's announcement on October 9th of three new security initiatives is not a U-turn, but they are more than a touch on the tiller. Microsoft has been trying hard to find and then patch the security vulnerabilities in its products since it announced its Trustworthy Computing initiative two years ago. However its customers are still being hit hard by attacks and the publication of vulnerabilities increases the risk for organizations that do not keep up-to-date with the patches". Continue reading here:

MS Patches Get Better, Still No Relief Though

Facing increased scrutiny over major vulnerabilities in Windows applications, October saw Microsoft roll out a new security campaign to ease IT administrator headaches caused by flawed software. The company concurrently released seven patches on October 15 - five of them deemed critical.

If you haven't already installed Microsoft patches MS03-041 through MS03-047, we recommend that you do so immediately. MS is making security and patching of its software a top priority, recognizing it is also a chief concern among IT administrators.

At the same time, it is difficult to keep up with the frequency and increasing number of patches being released each month. Although Microsoft's raised commitment to improving the security of its software is positive, it also means more time and effort for administrators to install them.

UpdateEXPERT takes the guesswork out of the patch management process by advising you which patches are missing and allow you to automatically deploy those that are relevant to your Windows environment. Eval here:

Panda's New GateDefender Gets Raves

Looks like Panda Software is movin' and shakin'--satisfying the protection needs of even the most demanding users and companies, regardless of size or business. Their new GateDefender Appliance is a dedicated hardware device, installed at the gateway to block viruses before they contaminate your networks. Designed to be a perimeter AV defense, it scans 7 different communication protocols for ultimate protection against external attacks.

Here's what Nate Armstrong, an IT department head from City of Angola, Indiana had to say. "Since the install of Panda GateDefender (GDef), we have not had a single virus infection through email. In the short time we have had it, it has paid for itself already. I cannot even begin to quantify the amount of money this saved us during the last SoBig.F outbreak."

Pay attention to load balancing! - you know ... sharing the scanning of network traffic between several GDef units. Load balancing is used when a single GDef can't handle all the network traffic, or when it is critical that the communication line is available in the network where you want to install several devises. It optimizes AV protection of the network perimeter, speeds up the scan process, and is a good way to prevent saturation and delays. If one GDef goes down, others will carry on with the work.

W2KNews wants you to know about Panda's new freebie program - Panda IT V.I.P. We know that once you try Panda Antivirus with integrated firewall at home, you'll want the same Panda security on all your machines at work. Once you qualify, you'll get Panda Platinum(tm) 7.0 desktop antivirus product for your home computer, at no charge! It's a $69.95 value and they will grant a full one-year license. Get it here:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Music inspired by Spam. Check the lyrics:

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Spam_Music
  • The Concorde flies into history. Can I get a piece of one?

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Concorde
  • Very useful IP-to-Country website, type in the IP and it will give you the geographic location:

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-IP-to-Country
  • Racing meets logging: Chainsaws with a V8 engine! (1.5 Megs)

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-V8_Chainsaw
  • Racingfreaks.net has videos of hopped up cars racing on public roads. Do not try this at home. [grin]

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Racing
  • Fun with Jet Engines. Real ones. Staged demo how powerful they are (977 KB):

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Jet_Engines
  • And what are the worst names for servers? Here are the results:

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Server_Names
  • How To Turn a $175,000 High-End SGI Challenge DM Server into a Fridge:

  • http://www.w2knews.com/rd/rd.cfm?id=031027FA-Fridge

    Active Directory Cookbook

    Those of you who run networks on Windows 2000 know the benefits of using Active Directory for managing user information and permissions. You also know what a bear it can be. The newer version included with Windows Server 2003 has over 100 new and updated features to simplify deployment, but once it's in place many system admins still find Active Directory challenging. If you're among those looking for practical hands-on support, Check out this book.

    It contains hundreds of step-by-step solutions for both common and uncommon problems that you might encounter with AD on a daily basis --including recipes to deal with the Lightweight Directory Access Protocol (LDAP), multi-master replication, Domain Name System (DNS), Group Policy, the Active Directory Schema, and many other features.