- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Oct 18, 2004 (Vol. 9, #41 - Issue #497)
Stop Using Passwords Completely!?
  This issue of W2Knews™ contains:
    • Stop Using Passwords Completely!?
    • SunPoll: Google For The Desktop - Allow It?
    • Admin Tools We Think You Shouldn't Be Without
    • The 12 Commandments of Exchange Deployments
    • Eight Exchange 2003 Security Tips In 8 Minutes
    • "Dog Fooding" Lessons: MS IT Group Deploys SQL Beta 2
    • Restoring Deleted Or 'tombstoned' Objects In AD
    • Learning Center: Kerberos
    • Whoa Nellie! A Deluge Of Patches
    • MS Customers Get Domain Wide Fix For JPEG Hole
    • New V4.4 Double-Take Has Exciting New Features
    • SANS Unveils Top 20 Security Vulnerabilities
    • iHateSpam For Exchange: Unedited User Feedback
  6. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • BOOK: Wireless Hacking: Projects for Wi-Fi Enthusiasts
  SPONSOR: Double-Take
Introducing: Double-Take Version 4.4! This New Version has:
  • Intelligent Data Compression
  • Email Notifications
  • Management Console Server Filtering
  • Web Software Updates
  • Improved performance and scalability
    Prevent Downtime and deploy Disaster Recovery in-one. Check the
    new Double-Take Version 4.4 here:
    Visit Double-Take for more information.

    Stop Using Passwords Completely!?

    Microsoft techie guys have started to blog in a big way. The very first blog of Robert Hensing, a senior member of the PSS Security Incident Response team, certainly does have its points. It's a very interesting article. His claim is that it's best to stop using passwords all together. What? Yup. What else then? OK, I'll give you a hint, but you'll have to read his blog to get the background why. Here is the hint, think "Pass phrase". Read here what he means:

    SunPoll: Google For The Desktop - Allow It?

    Google came out today with a search engine that indexes your user's hard disks and provides a screen very similar to the Google website. It does not do network share search, but checks Office, Outlook, AOL chat, and web pages previously visited. PDF's are not supported yet but will be in the future. Google does not require registration, but will receive periodic reports on problems with the software and general data how a consumer uses it. This would mean data about your users leaving the building. If you want to see how it works, check it out at:

    So now, what do you think, are you going to allow your users to install this software? Vote here and find out what your peers are thinking. Third column:

    Quote of the week:
    "The difference between theory and practice is larger in practice than it is in theory." -- unknown.

    Warm regards,
    Stu Sjouwerman (email me with feedback: [email protected])


    Admin Tools We Think You Shouldn't Be Without


    The 12 Commandments of Exchange Deployments

    Rolling out an Exchange Server deployment can be a complicated task. Need some help? SearchExchange.com contributor Brien Posey offers a list of 12 commandments to follow when you find yourself heading an Exchange 2000 or 2003 deployment. Find it here (free registration may be required):

    Eight Exchange 2003 Security Tips In 8 Minutes

    Are you looking to firm up your Exchange server and client side security? Then look no further than these 8 tips from a book by David McAmis and Don Jones, "Microsoft Exchange Server 2003 Delta Guide." Topics include SSL, Kerberos, RPC over HTTP, cross-forest SMTP authentication, Windows rights management and S/MIME. Free registration may be required.

    "Dog Fooding" Lessons: MS IT Group Deploys SQL Beta 2

    There is an interesting article at the MS PressPass site. This is a site for journalists, and now and then they throw out a goodie that is fun enough to spend a few minutes on. This time it's the story of a senior internal technology architect that shares insight Microsoft has gained from deploying and testing the latest beta release of Microsoft SQL Server 2005 as part of the company's SAP R/3 enterprise resource planning system. Here is the link:

    Restoring Deleted Or 'tombstoned' Objects In AD

    When an object is deleted from Active Directory, it is not immediately erased but marked for future deletion. The marker used to designate an AD object scheduled to be destroyed is called, appropriately enough, a "tombstone." Tombstoned objects are deleted whenever the Active Directory database is defragmented, typically twice a day, but it's not easy to get them back. This tip tells you how (free registration may be required).

    Learning Center: Kerberos

    In Greek mythology Kerberos is a three-headed dog guarding the gates of Hades. In Microsoft terminology it's the authentication and authorization protocol guarding access to Windows. This excerpt from Jan De Clercq's book "W2K Server 2003 security infrastructures" walks you through Kerberos protocol, authentication and authorization methods. Free registration may be required.

      NT/2000 RELATED NEWS

    Whoa Nellie! A Deluge Of Patches

    That was a bit of a shocker, a whopping 10 MS patches, and of these, seven being qualified as critical and three as important. "Black Tuesday", as the second Tuesday of the month is now being called, promises a lot of work. A quick count showed over 20 vulnerabilities are being plugged by these patches. Affected are Windows, IE, Excel and Exchange. And MS re-issued the big jpeg hole of last month as well. Most of these are already in SP2. Unless you have rolled out XP SP2, I guess you have your work cut out for you... again. Which does prompt the question: "if they knew about these for two months, how come we did not see them earlier?" It's a mystery to me. Oh well. Talking about SP2, here are some interesting statistics about deployment, problems and projections:

    MS Customers Get Domain Wide Fix For JPEG Hole

    If you do not use SMS, finding all the applications that are vulnerable due to the JPEG hole can be a challenge. MS released a scan/fix tool for a full enterprise. It's called the MS04-028 Enterprise Scanning Tool. A MS spokesperson said that they issued the new tool in response to enterprise customer feedback. I can imagine the loud screaming and hollering about this.

    The MS04-028 Enterprise Scanning Tool allows you to scan your networks to identify potentially vulnerable machines. It will then automatically apply the appropriate MS04-028 updates from a share. Get it here:


    New V4.4 Double-Take Has Exciting New Features

    The release of Double-Take 4.4 has a number of cool new features. It's for sure these help increase Double-Take's lead in the market. Below is a description of these new features along with their benefits. The main thing really is increased scalability and performance. These features provide for a much greater ability to handle large environments, not only in terms of servers but also in terms of the size of the data and the amount of data being changed in the users' environment. If you looked at Double- Take before but there was too much data to replicate, it's time to revisit that now! Significant new features in V 4.4 include:

    • Intelligent Data Compression
    • Email Notifications
    • Management Console Server Filtering
    • Web Software Updates
    • Improved performance and scalability
    More About Intelligent Data Compression

    Double-Take now allows users to choose whether they want to compress the data being transmitted between source and target servers and also to select the level of compression they need. This will allow Double-Take to transmit larger amounts of data over smaller networks while having a reduced impact on the users' production network. By reducing the amount of bandwidth needed to transmit data, implementation is now possible with reduced network requirements. By default, compression is disabled, and 3 levels of compression are available.

    Built in intelligence allows Double-Take to not compress data that will result in a negative gain in performance and/or compression rate. With certain data, compression can actually increase the amount of data that gets transmitted, resulting in a greater use of bandwidth, hence a negative gain. Without intelligence in this area, both the source and target servers will see an impact on system performance without realizing any gains intended by the compression. Double-Take will always send the least amount of data possible, regardless of the data type, and always utilize system resources in the most efficient manner possible.

    Check out the new Double-Take V4.4 here:

    SANS Unveils Top 20 Security Vulnerabilities

    The SANS Institute released its annual Top-20 list of Internet security vulnerabilities. The list is compiled by looking at the from recommendations from leading security researchers and companies around the world. The Top-20 is really two lists of 10 most commonly exploited vulnerabilities in Windows, one for Windows and one for Linux/Unix. Here is the list:

    And if you want to scan for all of these on a regular basis, get SNSI. It's licensed per admin (not IP) and uses a mil-spec database with well over 3,000 vulnerabilities. This database is kept up to date by a team of highly trained security experts. Hundreds of system admins now use SNSI. Test it out and you'll see why. It's only $1,495 per admin seat and a 4-star product. The difference with freebies? Multi-platform, also scans for popular third party tool vulnerabilities, and detailed links and instructions to fix holes quickly. With SNSI you will not have a false sense of security. Test it out here:

    iHateSpam For Exchange: Unedited User Feedback

    Thought you'd all like to see something Sunbelt received this week:

    Time Stamp: 10/12/04 2:27PM Tuesday
    "What genius software iHateSpam for Exchange
    is. I have nearly TOTALLY eliminated spam
    from my org. We had McAfee Spamkiller
    previously and after an Exchange server HW
    crash, we had to rebuild. A reinstall of SK
    just didn't work and after 3 hours of tech
    support our IT consultant said 'just get

    "I love the white/blacklists that are in the
    User folders and love that IT JUST WORKS.

    "Keep up the great work. You have a GREAT
    product on your hands and I wish you the

    "Eric McDougall
    McDougall Creative Inc."

    We can say no more. Try it out for yourself, there are 4,500 sites out there now running it. And get ready for integrated anti-virus in V2.0. That code is SO COOL and is being built now.


    This Week's Links We Like. Tips, Hints And Fun Stuff


    BOOK: Wireless Hacking: Projects for Wi-Fi Enthusiasts

    Hardware Hacking is not just a slogan--it's a way of life for a huge group of technology enthusiasts who are mechanically inclined, but need that extra little help from a book in order to give them the confidence to roll up their sleeves and tackle a project. This book covers 802.11("Wi-Fi") projects. In addition, it covers techniques for building outdoor enclosures and working with Linux and BSD to build, deploy, and manage wireless networks. This book includes coverage of: Wireless Hacking, Indoor/Outdoor Deployment Considerations, Wireless Network Models, 802.11 Access Points, 802.11 Client Cards, Wireless Operating Systems, Monitoring the Network, Low-Cost Commercial Options, Mesh Networks, Antennas and Outdoor Enclosure Projects, Antennas, and much more. $39.95 US