Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 10, 2003 (Vol. 8, #45 - Issue #451)
A Whole New Way To Get W2Knews
This issue of W2Knews contains:
- EDITORS CORNER
- Underground Explosion Knocks Out Clearwater Power
- SunPoll Results
- TECH BRIEFING
- A Whole New Way To Get W2Knews. It's called RSS
- Administrator's Problems with Email Spam Filtering
- NT/2000 RELATED NEWS
- Everything You Wanted To Know About WinXP SP2
- Funny Ballmerism
- Redmond Puts Up A $5 Million Hacker Reward
- NT/2000 THIRD PARTY NEWS
- New: Directory Inspector Now ONLY $495 Per Admin Seat
- LanHound Sounds Alarm At Network Intrusions
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed: Windows Server 2003
SPONSOR: Panda's GateDefender Stands Guard!
Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware
device installed at the Internet gateway to block viruses before
they contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda
Antivirus GateDefender 7200 (500 seats+) provide the highest
scalability with native load balancing that transparently adapts
to traffic volume.
Visit Panda's GateDefender Stands Guard! for more information.
Underground Explosion Knocks Out Clearwater Power
Like I continue saying, you need a Disaster Recovery solution in
place. It's not a matter of if disaster strikes, it's a matter
of when that disaster is going to hit. Sunday night, November
third, a large chunk of downtown Clearwater was out of power
starting from 4am onward. Our building was smack in the middle
of that outage. The server room has backup batteries, and they
kicked in nicely. But of course we had just asked you to check
if you could find any broken links. Well, we delivered in spades:
some of you got a whole broken site! [grin]
We ran on backup power for about 5 hours before they were starting
to get low. But since the AC units were also out of power, the
server room was getting awfully hot, so we started to shut down
servers at about 08:30. Luckily enough the emergency power crews
got a bunch of stuff rerouted and their systems back up at about
9am, so our downtime was limited to only 30 minutes before the
working day started. Lesson learned: we also need backup
generators in place because Murphy's law dictates: "outages will
last longer than your battery power". And of course we have a
secondary site in Texas, replicated in real time with Double-Take,
so we could flip a few switches and be up and running over
there. Here is the Clearwater power story in a local news site:
And here are the results of the last SunPoll. The question was:
"Remember Windows 2000? One of the buzzwords was "less reboots!"
But now with every patch you need to reboot your systems for the
glory of security. What do you think?" And here is where you're
And the next SunPoll is: "Do You Archive Your Email?"
- Hotfixes and Service Packs have priority. I'll reboot as much as needed, even if it costs me my weekends: 13.34%
- Not so happy with all these boots, I'm already stretched as it is: 23.84%
- My systems are mission critical, I need an architecture that allows me to apply these without rebooting all the time! 59.86%
And you can vote on these options, rightmost column:
- Nope, not at all
- We keep it 0-6 months
- We keep it 6 months to a year
- We keep it 1-5 years
- We keep our email 5 years or longer
Quotes Of The Day:
"E-mail is like Crack. Once you use it you can't get rid of it."
(email me with feedback: [email protected])
Are your servers protected? Disaster Recovery is #1 priority!
This means you have to have a tested plan and reliable tools in
place for the moment your site goes down. DOUBLE-TAKE is that tool.
Sold more than all other High-Availability tools combined. It is
even certified for W2K Datacenter. No other HA tool is. How it
works? "Server A goes down--Server B takes over". Get the eval
copy here, this is your ultimate job-security.
Visit Double-Take for more information.
A Whole New Way To Get W2Knews. It's called RSS
RSS is used all over the web. W2Knews has its own RSS feed too
now. RSS stands for Really Simple Syndication or Rich Site
Summary. Why RSS? Here is a "nutshell history":
E-mail was the first good way to exchange ideas on the Internet,
it's fine for one-to-one or one-to-many distribution, but it has
its limits. The Web was the Next Big Thing. But it takes a lot of
time to find the good stuff. Here comes RSS. It's more recent and
delivers the content you want right to an RSS Reader. Having your
own RSS Reader allows you to keep track of new content from your
Using these RSS readers, (you'll have to download a free one) you
can view an aggregation of headlines and blurbs from dozens of
different Websites. You add these Websites as channels. Every
headline, in every channel, is linked back to the full article
on the originating site.
RSS allows web site owners to make their content available in the
RSS format, written in lightweight XML. That's why you often see
an orange XML button indicating the RSS-feed option. Making web
content available is also called "content syndication".
How does it work? You get a free RSS reader and you point it to
the sites you know have good stuff. It checks them regularly and
updates your RSS reader. Voila! No more web surfing for the data
you need. Very smart and simple, you just check your RSS reader
on a regular basis. RSS was originally designed for news sites
(like us) to make their content available. Nowadays it's also
heavily utilized by bloggers.
Here is just one example of an RSS Reader, but there are many you
can choose from:
Some examples of MS-related RSS Feeds, there are thousands more!
And if you are interested, here is a link to the history of RSS:
Have at it, it's fun and saves time!!
Administrator's Problems with Email Spam Filtering
Take a look at this week's featured White Paper, "Addressing the
Administrator's Problems with Email Spam Filtering."
Spam has reached epidemic levels. Companies are now seriously
looking at anti-spam solutions. New products arrive with alarming
rates, but are these designed with the administrator in mind?
Many of them are not. And while these new anti-spam product are
released, it has also pushed spammers to evolve their techniques
as rapidly as the weapons deployed against them.
The anti-spam solutions that succeed in today's marketplace must
address the end users' growing concerns about the spam problem
without placing excessive demands on system administrators. Even
in a technical environment, products requiring a lot of admin
attention are likely to fail.
This paper discusses the issues involved in designing products
that meet these concerns. It then examines the features of
Sunbelt Software's iHateSpam Server and Gateway Editions,
products designed for ease of administration as well as spam
filtering efficiency. Here is the link (562KB PDF):
NT/2000 RELATED NEWS
Everything You Wanted To Know About WinXP SP2
Found this page on the MS website. VERY interesting.
"Summary: With Windows XP Service Pack 2 (SP2), Microsoft is introducing
a set of security technologies that will improve Windows XP-based
computers' ability to withstand malicious attacks from viruses
and worms. The technologies include:
This paper discusses the first two elements on this list.
Together, these security technologies will help make it more
difficult to attack Windows XP, even if the latest patches or
updates aren't applied. These security technologies together
are particularly useful mitigation against worms and viruses.
- Network protection
- Memory protection
- Safer email
- Safer browsing
This paper reflects early thinking about SP2 and its implications
for developers. As we progress further, we will make more
information available for developers on the Microsoft Developer
Network (MSDN) Security Developer Center. The goal for SP2 is to
build on our Trustworthy Computing efforts that have previously
been applied to Windows Server 2003."
Here is the link:
After Steve Ballmer's speech at the Churchill Club, he answered
questions from Roger McNamee and the audience.
McNamee: What does Oracle and PeopleSoft mean to you?
Ballmer: One big, big, strong company.
McNamee [To audience]: Okay, does anybody believe that? Should I
do a follow-up here?
Ballmer: No, it's truthful. Come on, the fact that we're big
doesn't make other people not big. There are other big guys --
SAP is a big guy, we are a big guy, IBM is a big guy. Oracle and
PeopleSoft? Oracle by itself is a big guy. Big guy plus anything
equals big guy -- that's a law of mathematics you heard here
Redmond Puts Up A $5 Million Hacker Reward
MS is getting serious in catching the miscreants that write worms.
They raised the stakes on Wednesday and put $5 million into a
reward fund for data leading to the arrest of malware writers.
Specific Wild West-type bounties of $250,000 were promised that
would lead to catching the authors of the MSBlastA worm and the
Sobig virus. Law enforcement people were all smiles and gung-ho
about the initiative, but IT experts said that MS should continue
to focus on security. Anonymous virus writers said it would not
deter them as they know very well it is illegal to release these
things in the wild. More at SearchWin2000:
THIRD PARTY NEWS
New: Directory Inspector Now ONLY $495 Per Admin Seat
After surveying system administrators, they told us they wanted a
tool like this licensed per system admin seat. So, it was
repriced to ONLY $495 per admin seat, (remember to add 25%
maintenance to that). This is a dramatic price reduction, so you
now are able to get your Active Directory secure, at an
Check out the updated product page if you have finally got Active
Directory rolled out, but now you're stuck with having to keep it
secure and pass the Security Audits. And if besides AD, you have
other directories to manage as well... this is your salvation:
LanHound Sounds Alarm At Network Intrusions
LanHound allows you to set up alerts for specific ports or
protocols, like POP3 and peer-to-peer services. Mail passwords
are often sent through the network in clear text, and Lanhound
will notify you when it sees these. It can also flag an alarm if
you have a burst of high utilization on the segment or even
duplicate IP addresses. Protocol analyzers like LanHound are to a
system admin as a debugger is to a developer. They will help you
to see things that are normally invisible.
You can for instance make LanHound watch a specific port and
watch unexpected and/or unwanted traffic coming through these
ports, and alert you when there is suspicious traffic.
Just by viewing the Traffic Matrix and sorting it by Octet Ratio
you will be able to see the top communications by hosts on your
network. Very useful to see the top users of the segments that
you are monitoring and also spotting unknown hosts and IP
addresses that may be creating a problem on your network, by
first of all bringing it to your attention that they even exist
on your network at all! Awareness that a problem exists is 90%
of the battle and LanHound takes care of this for you. The
remaining 10% is getting a solution in place.
LanHound also has the ability to show you the different protocols
that are in use on your network. This comes in very handy when
you are looking at the TCP/UDP Port Table of LanHound and realize
that you have an unknown protocol on your network that isn't
supposed to be there. With a little investigation of where the
protocol is coming from you can focus in on the offending host.
For instance, were you aware that your printers may be generating
unwanted IPX traffic on your network unless it's disabled?
You can easily find hosts using protocols that they really
shouldn't be using on a normal day-to-basis. With LanHound you
may find yourself asking, "Why is this host from this unknown IP
address using 80% of my segment with FTP traffic with my DC?". A
Whois search which shows you the host is located out of the
country and a quick packet capture can show you lots about the
traffic between these host. So much traffic that you'll discover
this unknown host is uploading files to your DC! Do a search on
that DC and it may show that you've unexpectedly been hosting a
Warez site and your DC has been listed on one of the top Hacker
sites replete with Usernames and Passwords. It does happen and
LanHound can easily point this out and help you shut it down.
These are just some of the network monitoring activities LanHound
allows you to do. Suddenly see things that you may never have
known existed previously. There are of course many more ways you
can use the tool. With LanHound and a common-sense approach you
can really begin to focus in on the problems that exist on your
network and get them resolved sooner rather than later. So
remember, when you really want to know: Sick the Hound on 'em! 30-day eval copy here, and it's now also available via the OnLine
This Week's Links We Like. Tips, Hints And Fun Stuff
Remember these horrible pop-under ads by X-10? All that
advertising killed that company. They are now bankrupt.
The (new) color of Money. How the new $20 was made. One of the
rare products that really sell themselves...
I'm getting sick and tired of the mass media only continuing
their dreary death count about Iraq. There are also positive
things being done there:
The Meatrix!!! (yup, typo intended)
The Guy's Guide to Geek Girls - Illustrated!
Test your geekness, and compare to the Ubergeeks who already did
And who said only MS has problems? Panther glitch erases some
The stuff you find when getting lost at Microsoft:
A way to tell time in a very modern, super old fashioned way.
PRODUCT OF THE WEEK
Hacking Exposed: Windows Server 2003
I was just sent my review copy of this book. Had a quick glance
at it and already saw it's just as good as the original ones,
but now focused on just one OS: W2K3. This is a must-read if
you want to keep your 2003 servers safe. You'll learn, step-by-step, how to defend against the latest attacks by understanding
how intruders enter and pilfer compromised networks and
weaknesses. All the new security features and exploits in Windows
Server 2003 are covered.