Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 23, 2004 (Vol. 9, #8 - Issue #464)
Finally, Windows Server Feedback!
This issue of W2Knews contains:
- EDITORS CORNER
- Is The Big One Coming - Redux
- Two New Interesting WebCasts
- TECH BRIEFING
- Simplify Branch Office Connectivity and Security with the ISA Server 2000 Branch Office Deployment Kit
- VIP PASS InfoSec World Orlando: Gratis
- Work with Schools And Donated Computers?
- Establishing Secure AD Boundaries
- NT/2000 RELATED NEWS
- Finally, Windows Server Feedback!
- Run SMS, SUS or MOM?
- MS Software Assurance -- Hidden Benefits
- Windows Leak No Security Risk? Hah!
- MS Virtual Server Goes to 15K Testers
- NT/2000 THIRD PARTY NEWS
- Pharma Spam Soared In January
- Is Your Industry Mandated "For Records Retention"?
- New Super Light 'Always-On' XP-based NoteBook
- Is Your Exchange Server Safe from Virus Attacks?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- The New iHateSpam V4.0 Supports More Platforms!
Enterprise-class content filtering at a price you can afford.
iPrism is a hardware appliance that monitors, filters and reports
on inappropriate Internet access within businesses, schools and
government agencies. Minimize network bandwidth drain, increase
employee productivity and limit legal liabilities all with a
single appliance. Download up to 5 free tools from iPrism now!
Visit iPrism for more information.
Is The Big One Coming - Redux
Dang, you guys did not pull your punches in telling me I was
a naive optimist regarding a killer virus. I got quite some flame
mail that accused me of a total lack of historical knowledge
regarding virii, electronic and biological. The message was clear:
"While 'scorched earth' virii are relatively rare, they do exist.
Several people told me there was at least one of those in the
nineties which inserted itself in CMOS and was quite difficult
to remove. Several virii assumed IDE drives, and would render
them useless without reflashing the drive firmware - not possible
at the time outside of the factory. These artificial virii mimic
a few quite successful biological diseases like AIDS and plague.
Apparently there are people evil/stupid enough to write these
OK, OK, OK. I'll admit I'm an optimist. I guess we can all agree
that thorough and layered defenses are more and more an absolute
Two New Interesting WebCasts
Topic: Intro to Sunbelt Network Security Inspector
Time: Tue, 24 Feb 2004, 1:00 PM (EST)
Call in at the numbers below and enter code 104764:
Topic: iHateSpam for Exchange 5.5, 2000, 2003
Time: Wed, 25 Feb 2004, 1:00 PM (EST)
Call in at the numbers below and enter code 104764:
Quotes of the Week:
"We are what we repeatedly do. Excellence, then, is not an act, but a habit."
UNDO Dept - The Japanese error messages were actually an early Internet contest run by Salon magazine in February of 1998. Too bad, would have been fun if it was true.
(email me with feedback: [email protected])
SPONSOR: iHateSpam Server
The New Version 1.5 of iHateSpam Server has all the features you
asked for. It is now the best-selling anti-spam solution for MS
Exchange with over 2,600 enterprise licenses. Every week, 50 more
sites decide to protect their enterprise with iHateSpam Server.
It was designed by Exchange admins for Exchange admins. Very
smooth integration. V1.5 has a new, world-class detection engine
and a host of powerful features. Spam Sucks. Your life shouldn't.
Get 30 award-winning spam-free days here:
Visit iHateSpam Server for more information.
Simplify Branch Office Connectivity and Security with the ISA Server 2000 Branch Office Deployment Kit
ISA Server Guru Tom Shinder wrote this for us:
"With the world economy on the upswing, we can expect that in
the coming year, more companies will be in the position of
growing out of their current office locations and will require
branch office setups. Inevitably, these branch offices will need
access to information contained on the main office network. The
first question you have to ask is: how are you going to connect
the branch office to the main office in a cost effective and
"Back in the day, the answer was to install a dedicated point-to-point connection. These "leased lines" (usually frame relay
or T-1) were prohibitively expensive and weren't very fast
compared to the local network connection. However, they were
very reliable and besides, there weren't many alternatives.
Some organizations tried to make a go of it with dial-up remote
access solutions, but the inherent bandwidth limitations and
the long distance costs made this even less attractive than
"Today's solution of choice for branch office connectivity is
virtual private networking (VPN). Branch offices can be connected
over one or more low cost high speed broadband connections
and access resources at the main office via a VPN site-to-site link. Just install one or more VPN routers at the branch
offices and at the main offices. The VPN routers will route
packets between the main and branch offices.
"Branch offices need more than just connectivity to the main
office. Since they're connected to the main office using an
Internet connection, they will need to be protected from
attackers located not only on the Internet, but on the main
and other branch office networks as well. Some additional
requirements for branch offices include:
"In the full article we will look at these issues and VPN
connectivity in more detail." See the PDF right here:
- Fast and reliable Internet Access
- Centralized Internet access control, logging and reporting
- A cost effective solution
VIP PASS InfoSec World Orlando: Gratis
Below is a link to a PDF file of the Expo-Plus Pass for the
InfoSec World Expo. This will allow you to visit the conference
and enter the expo. This year there were many features to this
pass, including access to specific sessions, panels and other
exciting events at the conference. If anyone registers for this
Expo-Only pass before March 12, 2004, admission does not cost
you a penny.
Work with Schools And Donated Computers?
Since quite a few of you are volunteers for schools and/or non-profits, or are with a company that probably donates groups of
computers to organizations, I thought I'd pass along this site
with a link to international "fresh start" MS-licensing.
You could pass this link along to your computer advocate person,
or the super-scrounge at your school, who is responsible for
getting all of those computers donated. Or, if you know of
something valuable that's being updated, replaced, unused,
neglected or abused, give it a home. Here is how non-profits can
benefit from (f)re(e)-licensing of Microsoft stuff, giving that
donated hardware a fresh start:
Establishing Secure AD Boundaries
In creating trusts between two forests, two security concerns
arise: SID spoofing for privilege escalation and rogue admins.
The first issue, SID spoofing, creates a vulnerability --
although the attack is not an easy one. The second, rogue
administrators, is more of an issue of AD management policy.
Part three of a three-part series.
NT/2000 RELATED NEWS
Finally, Windows Server Feedback!
Nobody ever gets frustrated with Windows Server, right? Right.
Ever occurred to you it would be nice to be able to give some
one in Redmond a piece of your mind? Guess what. You finally can.
MS has created a separate site with a feedback form. You can
use it for frustrations, suggestions and more. You can even
use it to provide positive feedback! [grin] Obviously the MS
development team like to get this kind of input to improve
current and future versions of Windows. Make this a FAVORITE:
Run SMS, SUS or MOM?
Heard about the FAQShop? This is a cute little site that has
specialized in these three environments. Good resource for you
to get information on Systems Management technologies such as
SMS, SUS and MOM. Check them out here.
MS Software Assurance -- Hidden Benefits
W2Knews subscriber Thomas Philo sent me this: "At our local users
group meeting this past Tuesday (Feb 5) the head of MS training
told us about a benefit I had never heard mentioned at all:
Based on the number of licenses and types that you have, you
may have FREE trainings days though a CTech.
"I checked into it for here at BPA and we have 45 days worth of
training that we can send people to at no $ cost (except the
payroll cost). That equates to $13,500 worth of training built
into SA for BPA (3400 XP, 600 server licenses). Considering each
office must fund its own training - and all training budgets have
been cut - this allows us to send people to training that
otherwise would not be allowed.
"They also launched a new eLearning setup that you get for free,
based on numbers of licenses (I think we get around 200 classes
over eLearning, our internal POC that deals with MS did not even
know about this feature of SA!). Should pass that along as a
benefit of SA."
Get a copy of the updated report on Software Licensing 6.0 and
find out more about these benefits!
Windows Leak No Security Risk? Hah!
After the recent Service Pack source code leak, several security
experts said that Windows users are unlikely to face any
increased security risks. Their viewpoint was that it's a simple
matter for hackers to find Windows vulnerabilities without
recourse to the code. Bzzzz! Wrong answer.
Three days after the leak, the first IE 5 exploit came to light,
directly based on the "lost source code". I have been hammering
on security for years, so if you have your defenses in place, you
should be reasonably OK, but stay alert.
A hacker that is gunning for Windows security holes, may very well
be able to find holes by simply looking right in the source code.
You can imagine the results. Times like these do call for a
healthy dose of paranoia.
MS Virtual Server Goes to 15K Testers
Redmond announced last Wednesday it sent Virtual Server Beta to
15K brave souls that are not afraid to trash a test server.
Virtual Server 2004 is built on the virtual machine code they
acquired from Connectix in January 2003. It contains new support
for a range of SCSI drives and two-node clustering that will
allow failover from one virtual machine to another.
Eric Berg, a product manager in Microsoft's Windows Server group
stated: "We have also improved and enhanced what we think is one
of our biggest competitive differentiators, which is our COM API.
We have a very rich, programmatic interface into Virtual Server.
This will make it easier for administrators to script and
automate a lot of the different capabilities". Hmmm. Scripting?
I'm not so sure everyone likes to write scripts [grin]
THIRD PARTY NEWS
Pharma Spam Soared In January
Getting sick and tired of pushy email trying to get you on drugs?
We observe that spam comes in waves, and seems to migrate from
one product to another. Spam moves in herds, like many other
phenomena. The January spam index from Clearswift shows that
pharmaceutical-related spam accounted for almost half (42.6 per
cent) of unwanted messages during the month. Personally, I'm
trying to stay off drugs. [grin] I'm glad iHateSpam traps all
that stuff. More over, a lot of these drugs seem to actually be
counterfeit. Did you know that this is a 20 Billion a year racket?
No wonder they resort to spam to peddle their poison.
Is Your Industry Mandated "For Records Retention"?
Health Care, Insurance and some financial institutions may not
mandated for "business continuity", but it is highly likely
that they are mandated for "records retention".
In 1991 President Bush wanted increased efficiency in Healthcare,
and in the year 1996 Clinton signed into Public Law 104-191.
During the years of 2001-2003 the last of three sections were
approved covering interoperability of Transactions and rules
about disclosure of private data.
HIPAA's primary goal is not business continuity, or even data
resiliency. There actually is some verbiage about data backup
and disaster recovery, but it is not really HIPAA as much as
referencing other standardized government data specifications.
Due to the broad reach of HIPAA - from the largest insurance
corporations to the smallest healthcare provider, HIPAA is the
standardization of B2B (Business to Business) within the
Healthcare industry. You could really call it eCommerce.
As a System Admin, why should I care about HIPAA?
If it is B2B (or eCommerce), then it has a very low tolerance for
inaccessibility for any reason. With standardized data fields
(for a particular illness or treatment, for example), there will
be more use of electronic records - since eventually all medical
software will be aligned with them.
Data will have an even higher premium, as more correct data and
more consistent data will yield not only faster processing, but
better reporting. A survey of paid-for procedures and diagnoses
is equally valid as a statistical overview of current health
statistics and/or deficiencies. For example, lower numbers of
prescriptions for a given illness can be an indicator that the
illness is also occurring less frequently. Better data always
results in change for how resources are utilized.
Consider if better statistics are tracked on paid-doctors' visits
that result in a diagnosis of hearing-loss. Manufacturers who
develop hearing aids will have a better understanding of needs
and a stronger impetus to develop products for a particular niche
of the population.
Every benefit associated with the results of HIPAA has a
financial implication associated with the increased value of the
data. As the value of data increases, so does the need for better
backup, for ensured availability and productivity, and a more
justifiable recognition of disaster recovery. So let's have a
look at what's in the § 142.308 Security standard.
The civil penalties that HIPAA sets for violations are:
- Administrative procedures to guard data integrity,
confidentiality, and availability
- A contingency plan, a routinely updated plan for responding
to a system emergency, that includes performing backups,
preparing critical facilities that can be used to facilitate
continuity of operations in the event of an emergency, and
recovering from a disaster. The plan must include all of the
following implementation features:
- An applications and data criticality analysis (an entity's
formal assessment of the sensitivity, vulnerabilities, and
security of its programs and information it receives,
manipulates, stores, and/or transmits).
- Data backup plan (a documented and routinely updated plan to
create and maintain, for a specific period of time, retrievable
exact copies of information).
- A disaster recovery plan (the part of an overall
contingency plan that contains a process enabling an enterprise
to restore any loss of data in the event of fire, vandalism,
natural disaster, or system failure).
- Emergency mode operation plan (the part of an overall
contingency plan that contains a process enabling an enterprise
to continue to operate in the event of fire, vandalism, natural
disaster, or system failure).
- Testing and revision procedures (the documented process of
periodic testing of written contingency plans to discover
weaknesses and the subsequent process of revising the
documentation, if necessary).
The Criminal Penalties are even less palatable:
- $100 per violation, up to $25,000 per person, per year for each
requirement or prohibition violated.
The above shows it makes sense to seriously work on a DR plan,
and get is tested and implemented. Here is the most sold tool to
get disaster recovery plans in production environments.
- Up to $50,000 and 1 year in prison for obtaining or disclosing
- Up to $100,000 and up to 5 years in prison for obtaining or
disclosing protected information under false pretenses.
- Up to $250,000 and up to 10 years in prison for obtaining or
disclosing protected information with the intent to sell,
transfer, or use it for commercial advantage, personal gain, or
New Super Light 'Always-On' XP-based NoteBook
FlipStart is a compact 14.8 x 10.1 x 2.6cm (5.8 x 4 x 1in)
notebook that sports an unnamed 1GHz processor and runs Windows
XP. Vulcan's idea is to offer a machine that has the
compatibility, power and application base of the mainstream
Microsoft OS with a form factor that's little bigger than a PDA
yet features a full QWERTY keyboard.
Like a PDA, the device is designed to operate continuously, going
to sleep when the lid is closed rather than shutting down
completely. It weighs under 450g (1lb), Vulcan claims, and it
runs WinXP. Check it out over here at The Register, they even
Is Your Exchange Server Safe from Virus Attacks?
One thing I have learned from dealing with Panda is that your
network has to be made secure at every level. They preach layered
defense for a reason - today's virus writers look for every weak
link and every opportunity to push their malicious code and
create chaos and disruption. Since email is a major target of
these hackers, the Microsoft Exchange Server is a favorite
target. Panda ExchangeSecure scans and disinfects all inbound and
outbound email and attachments in-memory. ExchangeSecure has
central or remote administration in both local networks and WANs,
and does it all swiftly and with lower resource usage, than many
other antivirus product. ExchangeSecure provides seamless
integration with all Exchange environments, automatic daily virus
updates and is scalable to fit any size enterprise. Panda is
providing W2Knews readers with a special download evaluation
edition of ExchangeSecure if you click here.
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
The New iHateSpam V4.0 Supports More Platforms!
Eliminate Annoying Spam with iHateSpam?. It is a great spam filter
that will dramatically reduce the junk email you find in your
mailbox! Super simple installation, available for Outlook
Express, Outlook 2000, 2002 and 2003. The new Version 4.0 also
works for Hotmail, Incredimail and Eudora. Only $19.95 so this is
a no-brainer. The Outlook Version is winner of the PC Magazine
Best Buy Award, and their exclusive World Class 2003 Award.