- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 10, 2003 (Vol. 8, #45 - Issue #451)
A Whole New Way To Get W2Knews
  This issue of W2Knews™ contains:
    • Underground Explosion Knocks Out Clearwater Power
    • SunPoll Results
    • A Whole New Way To Get W2Knews. It's called RSS
    • Administrator's Problems with Email Spam Filtering
    • Everything You Wanted To Know About WinXP SP2
    • Funny Ballmerism
    • Redmond Puts Up A $5 Million Hacker Reward
    • New: Directory Inspector Now ONLY $495 Per Admin Seat
    • LanHound Sounds Alarm At Network Intrusions
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hacking Exposed: Windows Server 2003
  SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200
(500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.

Underground Explosion Knocks Out Clearwater Power

Like I continue saying, you need a Disaster Recovery solution in place. It's not a matter of if disaster strikes, it's a matter of when that disaster is going to hit. Sunday night, November third, a large chunk of downtown Clearwater was out of power starting from 4am onward. Our building was smack in the middle of that outage. The server room has backup batteries, and they kicked in nicely. But of course we had just asked you to check if you could find any broken links. Well, we delivered in spades: some of you got a whole broken site! [grin]

We ran on backup power for about 5 hours before they were starting to get low. But since the AC units were also out of power, the server room was getting awfully hot, so we started to shut down servers at about 08:30. Luckily enough the emergency power crews got a bunch of stuff rerouted and their systems back up at about 9am, so our downtime was limited to only 30 minutes before the working day started. Lesson learned: we also need backup generators in place because Murphy's law dictates: "outages will last longer than your battery power". And of course we have a secondary site in Texas, replicated in real time with Double-Take, so we could flip a few switches and be up and running over there. Here is the Clearwater power story in a local news site:

SunPoll Results

And here are the results of the last SunPoll. The question was: "Remember Windows 2000? One of the buzzwords was "less reboots!" But now with every patch you need to reboot your systems for the glory of security. What do you think?" And here is where you're at:

  • Hotfixes and Service Packs have priority. I'll reboot as much as needed, even if it costs me my weekends: 13.34%
  • Not so happy with all these boots, I'm already stretched as it is: 23.84%
  • My systems are mission critical, I need an architecture that allows me to apply these without rebooting all the time! 59.86%
And the next SunPoll is: "Do You Archive Your Email?"
  • Nope, not at all
  • We keep it 0-6 months
  • We keep it 6 months to a year
  • We keep it 1-5 years
  • We keep our email 5 years or longer
And you can vote on these options, rightmost column:

Quotes Of The Day:
"E-mail is like Crack. Once you use it you can't get rid of it."

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Double-Take
Are your servers protected? Disaster Recovery is #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security.
Visit Double-Take for more information.

A Whole New Way To Get W2Knews. It's called RSS

RSS is used all over the web. W2Knews has its own RSS feed too now. RSS stands for Really Simple Syndication or Rich Site Summary. Why RSS? Here is a "nutshell history":

E-mail was the first good way to exchange ideas on the Internet, it's fine for one-to-one or one-to-many distribution, but it has its limits. The Web was the Next Big Thing. But it takes a lot of time to find the good stuff. Here comes RSS. It's more recent and delivers the content you want right to an RSS Reader. Having your own RSS Reader allows you to keep track of new content from your favorite sites.

Using these RSS readers, (you'll have to download a free one) you can view an aggregation of headlines and blurbs from dozens of different Websites. You add these Websites as channels. Every headline, in every channel, is linked back to the full article on the originating site.

RSS allows web site owners to make their content available in the RSS format, written in lightweight XML. That's why you often see an orange XML button indicating the RSS-feed option. Making web content available is also called "content syndication".

How does it work? You get a free RSS reader and you point it to the sites you know have good stuff. It checks them regularly and updates your RSS reader. Voila! No more web surfing for the data you need. Very smart and simple, you just check your RSS reader on a regular basis. RSS was originally designed for news sites (like us) to make their content available. Nowadays it's also heavily utilized by bloggers.

Here is just one example of an RSS Reader, but there are many you can choose from:

Some examples of MS-related RSS Feeds, there are thousands more!

And if you are interested, here is a link to the history of RSS:

Have at it, it's fun and saves time!!

Administrator's Problems with Email Spam Filtering

Take a look at this week's featured White Paper, "Addressing the Administrator's Problems with Email Spam Filtering."

Spam has reached epidemic levels. Companies are now seriously looking at anti-spam solutions. New products arrive with alarming rates, but are these designed with the administrator in mind? Many of them are not. And while these new anti-spam product are released, it has also pushed spammers to evolve their techniques as rapidly as the weapons deployed against them.

The anti-spam solutions that succeed in today's marketplace must address the end users' growing concerns about the spam problem without placing excessive demands on system administrators. Even in a technical environment, products requiring a lot of admin attention are likely to fail.

This paper discusses the issues involved in designing products that meet these concerns. It then examines the features of Sunbelt Software's iHateSpam Server and Gateway Editions, products designed for ease of administration as well as spam filtering efficiency. Here is the link (562KB PDF):


Everything You Wanted To Know About WinXP SP2

Found this page on the MS website. VERY interesting.

"Summary: With Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms. The technologies include:

  • Network protection
  • Memory protection
  • Safer email
  • Safer browsing
This paper discusses the first two elements on this list. Together, these security technologies will help make it more difficult to attack Windows XP, even if the latest patches or updates aren't applied. These security technologies together are particularly useful mitigation against worms and viruses.

This paper reflects early thinking about SP2 and its implications for developers. As we progress further, we will make more information available for developers on the Microsoft Developer Network (MSDN) Security Developer Center. The goal for SP2 is to build on our Trustworthy Computing efforts that have previously been applied to Windows Server 2003."

Here is the link:

Funny Ballmerism

After Steve Ballmer's speech at the Churchill Club, he answered questions from Roger McNamee and the audience.

McNamee: What does Oracle and PeopleSoft mean to you?

Ballmer: One big, big, strong company.

McNamee [To audience]: Okay, does anybody believe that? Should I do a follow-up here?

Ballmer: No, it's truthful. Come on, the fact that we're big doesn't make other people not big. There are other big guys -- SAP is a big guy, we are a big guy, IBM is a big guy. Oracle and PeopleSoft? Oracle by itself is a big guy. Big guy plus anything equals big guy -- that's a law of mathematics you heard here first.

Redmond Puts Up A $5 Million Hacker Reward

MS is getting serious in catching the miscreants that write worms. They raised the stakes on Wednesday and put $5 million into a reward fund for data leading to the arrest of malware writers. Specific Wild West-type bounties of $250,000 were promised that would lead to catching the authors of the MSBlastA worm and the Sobig virus. Law enforcement people were all smiles and gung-ho about the initiative, but IT experts said that MS should continue to focus on security. Anonymous virus writers said it would not deter them as they know very well it is illegal to release these things in the wild. More at SearchWin2000:


New: Directory Inspector Now ONLY $495 Per Admin Seat

After surveying system administrators, they told us they wanted a tool like this licensed per system admin seat. So, it was repriced to ONLY $495 per admin seat, (remember to add 25% maintenance to that). This is a dramatic price reduction, so you now are able to get your Active Directory secure, at an incredible price.

Check out the updated product page if you have finally got Active Directory rolled out, but now you're stuck with having to keep it secure and pass the Security Audits. And if besides AD, you have other directories to manage as well... this is your salvation:

LanHound Sounds Alarm At Network Intrusions

LanHound allows you to set up alerts for specific ports or protocols, like POP3 and peer-to-peer services. Mail passwords are often sent through the network in clear text, and Lanhound will notify you when it sees these. It can also flag an alarm if you have a burst of high utilization on the segment or even duplicate IP addresses. Protocol analyzers like LanHound are to a system admin as a debugger is to a developer. They will help you to see things that are normally invisible.

You can for instance make LanHound watch a specific port and watch unexpected and/or unwanted traffic coming through these ports, and alert you when there is suspicious traffic.

Just by viewing the Traffic Matrix and sorting it by Octet Ratio you will be able to see the top communications by hosts on your network. Very useful to see the top users of the segments that you are monitoring and also spotting unknown hosts and IP addresses that may be creating a problem on your network, by first of all bringing it to your attention that they even exist on your network at all! Awareness that a problem exists is 90% of the battle and LanHound takes care of this for you. The remaining 10% is getting a solution in place.

LanHound also has the ability to show you the different protocols that are in use on your network. This comes in very handy when you are looking at the TCP/UDP Port Table of LanHound and realize that you have an unknown protocol on your network that isn't supposed to be there. With a little investigation of where the protocol is coming from you can focus in on the offending host. For instance, were you aware that your printers may be generating unwanted IPX traffic on your network unless it's disabled?

You can easily find hosts using protocols that they really shouldn't be using on a normal day-to-basis. With LanHound you may find yourself asking, "Why is this host from this unknown IP address using 80% of my segment with FTP traffic with my DC?". A Whois search which shows you the host is located out of the country and a quick packet capture can show you lots about the traffic between these host. So much traffic that you'll discover this unknown host is uploading files to your DC! Do a search on that DC and it may show that you've unexpectedly been hosting a Warez site and your DC has been listed on one of the top Hacker sites replete with Usernames and Passwords. It does happen and LanHound can easily point this out and help you shut it down.

These are just some of the network monitoring activities LanHound allows you to do. Suddenly see things that you may never have known existed previously. There are of course many more ways you can use the tool. With LanHound and a common-sense approach you can really begin to focus in on the problems that exist on your network and get them resolved sooner rather than later. So remember, when you really want to know: Sick the Hound on 'em! 30-day eval copy here, and it's now also available via the OnLine Shop:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Remember these horrible pop-under ads by X-10? All that advertising killed that company. They are now bankrupt.

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-X-10_bankrupt
  • The (new) color of Money. How the new $20 was made. One of the rare products that really sell themselves...

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-New_Money
  • I'm getting sick and tired of the mass media only continuing their dreary death count about Iraq. There are also positive things being done there:

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Iraq
  • The Meatrix!!! (yup, typo intended)

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-The_Meatrix
  • The Guy's Guide to Geek Girls - Illustrated!

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Geek_Girls
  • Test your geekness, and compare to the Ubergeeks who already did the test:

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Inner_Geek
  • And who said only MS has problems? Panther glitch erases some hard drives:

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Panther
  • The stuff you find when getting lost at Microsoft:

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Longhorn
  • A way to tell time in a very modern, super old fashioned way.

  • http://www.w2knews.com/rd/rd.cfm?id=031110FA-Sun_Dial

    Hacking Exposed: Windows Server 2003

    I was just sent my review copy of this book. Had a quick glance at it and already saw it's just as good as the original ones, but now focused on just one OS: W2K3. This is a must-read if you want to keep your 2003 servers safe. You'll learn, step-by-step, how to defend against the latest attacks by understanding how intruders enter and pilfer compromised networks and weaknesses. All the new security features and exploits in Windows Server 2003 are covered.