- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Feb 23, 2004 (Vol. 9, #8 - Issue #464)
Finally, Windows Server Feedback!
  This issue of W2Knews™ contains:
    • Is The Big One Coming - Redux
    • Two New Interesting WebCasts
    • Simplify Branch Office Connectivity and Security with the ISA Server 2000 Branch Office Deployment Kit
    • VIP PASS InfoSec World Orlando: Gratis
    • Work with Schools And Donated Computers?
    • Establishing Secure AD Boundaries
    • Finally, Windows Server Feedback!
    • Run SMS, SUS or MOM?
    • MS Software Assurance -- Hidden Benefits
    • Windows Leak No Security Risk? Hah!
    • MS Virtual Server Goes to 15K Testers
    • Pharma Spam Soared In January
    • Is Your Industry Mandated "For Records Retention"?
    • New Super Light 'Always-On' XP-based NoteBook
    • Is Your Exchange Server Safe from Virus Attacks?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • The New iHateSpam V4.0 Supports More Platforms!
  SPONSOR: iPrism
Enterprise-class content filtering at a price you can afford.
iPrism is a hardware appliance that monitors, filters and reports
on inappropriate Internet access within businesses, schools and
government agencies. Minimize network bandwidth drain, increase
employee productivity and limit legal liabilities all with a
single appliance. Download up to 5 free tools from iPrism now!
Visit iPrism for more information.

Is The Big One Coming - Redux

Dang, you guys did not pull your punches in telling me I was a naive optimist regarding a killer virus. I got quite some flame mail that accused me of a total lack of historical knowledge regarding virii, electronic and biological. The message was clear: "While 'scorched earth' virii are relatively rare, they do exist.

Several people told me there was at least one of those in the nineties which inserted itself in CMOS and was quite difficult to remove. Several virii assumed IDE drives, and would render them useless without reflashing the drive firmware - not possible at the time outside of the factory. These artificial virii mimic a few quite successful biological diseases like AIDS and plague. Apparently there are people evil/stupid enough to write these things.

OK, OK, OK. I'll admit I'm an optimist. I guess we can all agree that thorough and layered defenses are more and more an absolute must.

Two New Interesting WebCasts

Topic: Intro to Sunbelt Network Security Inspector
Time: Tue, 24 Feb 2004, 1:00 PM (EST)
Meeting URL:
Call in at the numbers below and enter code 104764:
800-416-4956 USA
888-633-2105 Canada
302-709-8433 International

Topic: iHateSpam for Exchange 5.5, 2000, 2003
Time: Wed, 25 Feb 2004, 1:00 PM (EST)
Meeting URL:
Call in at the numbers below and enter code 104764:
800-416-4956 USA
888-633-2105 Canada
302-709-8433 International

Quotes of the Week:
"We are what we repeatedly do. Excellence, then, is not an act, but a habit."
-- Aristotle

UNDO Dept - The Japanese error messages were actually an early Internet contest run by Salon magazine in February of 1998. Too bad, would have been fun if it was true.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: iHateSpam Server
The New Version 1.5 of iHateSpam Server has all the features you
asked for.
It is now the best-selling anti-spam solution for MS
Exchange with over 2,600 enterprise licenses. Every week, 50 more
sites decide to protect their enterprise with iHateSpam Server.
It was designed by Exchange admins for Exchange admins. Very
smooth integration. V1.5 has a new, world-class detection engine
and a host of powerful features. Spam Sucks. Your life shouldn't.
Get 30 award-winning spam-free days here:
Visit iHateSpam Server for more information.

Simplify Branch Office Connectivity and Security with the ISA Server 2000 Branch Office Deployment Kit

ISA Server Guru Tom Shinder wrote this for us:

"With the world economy on the upswing, we can expect that in the coming year, more companies will be in the position of growing out of their current office locations and will require branch office setups. Inevitably, these branch offices will need access to information contained on the main office network. The first question you have to ask is: how are you going to connect the branch office to the main office in a cost effective and reliable fashion?

"Back in the day, the answer was to install a dedicated point-to-point connection. These "leased lines" (usually frame relay or T-1) were prohibitively expensive and weren't very fast compared to the local network connection. However, they were very reliable and besides, there weren't many alternatives. Some organizations tried to make a go of it with dial-up remote access solutions, but the inherent bandwidth limitations and the long distance costs made this even less attractive than leased lines.

"Today's solution of choice for branch office connectivity is virtual private networking (VPN). Branch offices can be connected over one or more low cost high speed broadband connections and access resources at the main office via a VPN site-to-site link. Just install one or more VPN routers at the branch offices and at the main offices. The VPN routers will route packets between the main and branch offices.

"Branch offices need more than just connectivity to the main office. Since they're connected to the main office using an Internet connection, they will need to be protected from attackers located not only on the Internet, but on the main and other branch office networks as well. Some additional requirements for branch offices include:

  • Fast and reliable Internet Access
  • Centralized Internet access control, logging and reporting
  • A cost effective solution
"In the full article we will look at these issues and VPN connectivity in more detail." See the PDF right here:

VIP PASS InfoSec World Orlando: Gratis

Below is a link to a PDF file of the Expo-Plus Pass for the InfoSec World Expo. This will allow you to visit the conference and enter the expo. This year there were many features to this pass, including access to specific sessions, panels and other exciting events at the conference. If anyone registers for this Expo-Only pass before March 12, 2004, admission does not cost you a penny.

Work with Schools And Donated Computers?

Since quite a few of you are volunteers for schools and/or non-profits, or are with a company that probably donates groups of computers to organizations, I thought I'd pass along this site with a link to international "fresh start" MS-licensing.

You could pass this link along to your computer advocate person, or the super-scrounge at your school, who is responsible for getting all of those computers donated. Or, if you know of something valuable that's being updated, replaced, unused, neglected or abused, give it a home. Here is how non-profits can benefit from (f)re(e)-licensing of Microsoft stuff, giving that donated hardware a fresh start:

Establishing Secure AD Boundaries

In creating trusts between two forests, two security concerns arise: SID spoofing for privilege escalation and rogue admins. The first issue, SID spoofing, creates a vulnerability -- although the attack is not an easy one. The second, rogue administrators, is more of an issue of AD management policy. Part three of a three-part series.


Finally, Windows Server Feedback!

Nobody ever gets frustrated with Windows Server, right? Right. Ever occurred to you it would be nice to be able to give some one in Redmond a piece of your mind? Guess what. You finally can. MS has created a separate site with a feedback form. You can use it for frustrations, suggestions and more. You can even use it to provide positive feedback! [grin] Obviously the MS development team like to get this kind of input to improve current and future versions of Windows. Make this a FAVORITE:

Run SMS, SUS or MOM?

Heard about the FAQShop? This is a cute little site that has specialized in these three environments. Good resource for you to get information on Systems Management technologies such as SMS, SUS and MOM. Check them out here.

MS Software Assurance -- Hidden Benefits

W2Knews subscriber Thomas Philo sent me this: "At our local users group meeting this past Tuesday (Feb 5) the head of MS training told us about a benefit I had never heard mentioned at all: Based on the number of licenses and types that you have, you may have FREE trainings days though a CTech.

"I checked into it for here at BPA and we have 45 days worth of training that we can send people to at no $ cost (except the payroll cost). That equates to $13,500 worth of training built into SA for BPA (3400 XP, 600 server licenses). Considering each office must fund its own training - and all training budgets have been cut - this allows us to send people to training that otherwise would not be allowed.

"They also launched a new eLearning setup that you get for free, based on numbers of licenses (I think we get around 200 classes over eLearning, our internal POC that deals with MS did not even know about this feature of SA!). Should pass that along as a benefit of SA."

Get a copy of the updated report on Software Licensing 6.0 and find out more about these benefits!

Windows Leak No Security Risk? Hah!

After the recent Service Pack source code leak, several security experts said that Windows users are unlikely to face any increased security risks. Their viewpoint was that it's a simple matter for hackers to find Windows vulnerabilities without recourse to the code. Bzzzz! Wrong answer.

Three days after the leak, the first IE 5 exploit came to light, directly based on the "lost source code". I have been hammering on security for years, so if you have your defenses in place, you should be reasonably OK, but stay alert.

A hacker that is gunning for Windows security holes, may very well be able to find holes by simply looking right in the source code. You can imagine the results. Times like these do call for a healthy dose of paranoia.

MS Virtual Server Goes to 15K Testers

Redmond announced last Wednesday it sent Virtual Server Beta to 15K brave souls that are not afraid to trash a test server. Virtual Server 2004 is built on the virtual machine code they acquired from Connectix in January 2003. It contains new support for a range of SCSI drives and two-node clustering that will allow failover from one virtual machine to another.

Eric Berg, a product manager in Microsoft's Windows Server group stated: "We have also improved and enhanced what we think is one of our biggest competitive differentiators, which is our COM API. We have a very rich, programmatic interface into Virtual Server. This will make it easier for administrators to script and automate a lot of the different capabilities". Hmmm. Scripting? I'm not so sure everyone likes to write scripts [grin]


Pharma Spam Soared In January

Getting sick and tired of pushy email trying to get you on drugs? We observe that spam comes in waves, and seems to migrate from one product to another. Spam moves in herds, like many other phenomena. The January spam index from Clearswift shows that pharmaceutical-related spam accounted for almost half (42.6 per cent) of unwanted messages during the month. Personally, I'm trying to stay off drugs. [grin] I'm glad iHateSpam traps all that stuff. More over, a lot of these drugs seem to actually be counterfeit. Did you know that this is a 20 Billion a year racket? No wonder they resort to spam to peddle their poison.

Is Your Industry Mandated "For Records Retention"?

Health Care, Insurance and some financial institutions may not mandated for "business continuity", but it is highly likely that they are mandated for "records retention".

In 1991 President Bush wanted increased efficiency in Healthcare, and in the year 1996 Clinton signed into Public Law 104-191. During the years of 2001-2003 the last of three sections were approved covering interoperability of Transactions and rules about disclosure of private data.

HIPAA's primary goal is not business continuity, or even data resiliency. There actually is some verbiage about data backup and disaster recovery, but it is not really HIPAA as much as referencing other standardized government data specifications.

Due to the broad reach of HIPAA - from the largest insurance corporations to the smallest healthcare provider, HIPAA is the standardization of B2B (Business to Business) within the Healthcare industry. You could really call it eCommerce.

As a System Admin, why should I care about HIPAA?

If it is B2B (or eCommerce), then it has a very low tolerance for inaccessibility for any reason. With standardized data fields (for a particular illness or treatment, for example), there will be more use of electronic records - since eventually all medical software will be aligned with them.

Data will have an even higher premium, as more correct data and more consistent data will yield not only faster processing, but better reporting. A survey of paid-for procedures and diagnoses is equally valid as a statistical overview of current health statistics and/or deficiencies. For example, lower numbers of prescriptions for a given illness can be an indicator that the illness is also occurring less frequently. Better data always results in change for how resources are utilized.

Consider if better statistics are tracked on paid-doctors' visits that result in a diagnosis of hearing-loss. Manufacturers who develop hearing aids will have a better understanding of needs and a stronger impetus to develop products for a particular niche of the population.

Every benefit associated with the results of HIPAA has a financial implication associated with the increased value of the data. As the value of data increases, so does the need for better backup, for ensured availability and productivity, and a more justifiable recognition of disaster recovery. So let's have a look at what's in the 142.308 Security standard.

  1. Administrative procedures to guard data integrity, confidentiality, and availability
    1. A contingency plan, a routinely updated plan for responding to a system emergency, that includes performing backups, preparing critical facilities that can be used to facilitate continuity of operations in the event of an emergency, and recovering from a disaster. The plan must include all of the following implementation features:
      1. An applications and data criticality analysis (an entity's formal assessment of the sensitivity, vulnerabilities, and security of its programs and information it receives, manipulates, stores, and/or transmits).
      2. Data backup plan (a documented and routinely updated plan to create and maintain, for a specific period of time, retrievable exact copies of information).
      3. A disaster recovery plan (the part of an overall contingency plan that contains a process enabling an enterprise to restore any loss of data in the event of fire, vandalism, natural disaster, or system failure).
      4. Emergency mode operation plan (the part of an overall contingency plan that contains a process enabling an enterprise to continue to operate in the event of fire, vandalism, natural disaster, or system failure).
      5. Testing and revision procedures (the documented process of periodic testing of written contingency plans to discover weaknesses and the subsequent process of revising the documentation, if necessary).
The civil penalties that HIPAA sets for violations are:
  • $100 per violation, up to $25,000 per person, per year for each requirement or prohibition violated.
The Criminal Penalties are even less palatable:
  • Up to $50,000 and 1 year in prison for obtaining or disclosing protected information.
  • Up to $100,000 and up to 5 years in prison for obtaining or disclosing protected information under false pretenses.
  • Up to $250,000 and up to 10 years in prison for obtaining or disclosing protected information with the intent to sell, transfer, or use it for commercial advantage, personal gain, or malicious harm.
The above shows it makes sense to seriously work on a DR plan, and get is tested and implemented. Here is the most sold tool to get disaster recovery plans in production environments. Double-Take:

New Super Light 'Always-On' XP-based NoteBook

FlipStart is a compact 14.8 x 10.1 x 2.6cm (5.8 x 4 x 1in) notebook that sports an unnamed 1GHz processor and runs Windows XP. Vulcan's idea is to offer a machine that has the compatibility, power and application base of the mainstream Microsoft OS with a form factor that's little bigger than a PDA yet features a full QWERTY keyboard.

Like a PDA, the device is designed to operate continuously, going to sleep when the lid is closed rather than shutting down completely. It weighs under 450g (1lb), Vulcan claims, and it runs WinXP. Check it out over here at The Register, they even have pictures!

Is Your Exchange Server Safe from Virus Attacks?

One thing I have learned from dealing with Panda is that your network has to be made secure at every level. They preach layered defense for a reason - today's virus writers look for every weak link and every opportunity to push their malicious code and create chaos and disruption. Since email is a major target of these hackers, the Microsoft Exchange Server is a favorite target. Panda ExchangeSecure scans and disinfects all inbound and outbound email and attachments in-memory. ExchangeSecure has central or remote administration in both local networks and WANs, and does it all swiftly and with lower resource usage, than many other antivirus product. ExchangeSecure provides seamless integration with all Exchange environments, automatic daily virus updates and is scalable to fit any size enterprise. Panda is providing W2Knews readers with a special download evaluation edition of ExchangeSecure if you click here.


This Week's Links We Like. Tips, Hints And Fun Stuff


The New iHateSpam V4.0 Supports More Platforms!

Eliminate Annoying Spam with iHateSpam?. It is a great spam filter that will dramatically reduce the junk email you find in your mailbox! Super simple installation, available for Outlook Express, Outlook 2000, 2002 and 2003. The new Version 4.0 also works for Hotmail, Incredimail and Eudora. Only $19.95 so this is a no-brainer. The Outlook Version is winner of the PC Magazine Best Buy Award, and their exclusive World Class 2003 Award.