Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 11, #34 - Aug 21, 2006 - Issue #590
"Dude, Your Laptop Is On Fire"

  1. EDITORS CORNER
    • Physical Security Alert
    • "Dude, Your Laptop Is On Fire"
    • Quotes Of The Week
  2. ADMIN TOOLBOX
    • Admin Tools We Think You Shouldn't Be Without
  3. TECH BRIEFING
    • Consumer Group Slammed For Creating 'test' Viruses
    • Top Ten Active Directory Tips
    • FAQ: Exchange Server Non-delivery Reports
    • Step-by-Step Guide: Laptop Hacking
    • VMware Users Worry About VM Sprawl
    • SQL Server 2005 Upgrade Hurdles
  4. WINDOWS SERVER NEWS
    • Gartner: Top 5 Steps to Dramatically Limit Data Loss
    • Preventing Users from Disabling a Screen Saver
  5. WINDOWS SERVER THIRD PARTY NEWS
    • Why Are GFI MailEssentials Users Switching To Ninja?
    • Protecting Virtual Systems with Double-Take Software
  6. WServerNews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  7. WServerNews - PRODUCT OF THE WEEK
    • "GFI MES To Ninja" Competitive Upgrade Offer
TechMentor Conference, October 9-13, Las Vegas

Microsoft will be unleashing a new wave of technologies: Will
you be ready? Join IT managers and network administrators
for TechMentor's real-world training by expert instructors.
Tracks include Security, Exchange/SQL Server, Scripting and
Automation, System and Network Troubleshooting, MCSA and MCSE.
Register by September 1 and save $200.
http://www.wservernews.com/060821-TechMentor

EDITORS CORNER

Physical Security Alert

We're often so concerned about IT security we forget to "close the front door". There is a way to hack cylinder locks with so called "bump keys" that are becoming more and more available. Click this link, see the 07:41 minute video (Dutch with English subtitles) and prepare to be flabbergasted. Next, get yourself a biometric lock (not key-based) for the actually important real estate like server rooms that you need to secure. I only heard about it this week, but the data is from Jan, 2005. All the more reason to take action. Here is the video:
http://www.wservernews.com/060821-Bumping

They also have a PDF where they describe the process (PDF):
http://www.wservernews.com/060821-Bumping_PDF


"Dude, Your Laptop Is On Fire"

It looks like the Sony battery problems could go beyond Dell laptops. "Dude, your laptop is on fire" might be not only Dell's problem. More Laptop vendors have used the Sony batteries. Takashi Uehara, a spokesman for Sony in Tokyo said: "Under certain rare conditions there is an elevated risk that the battery may overheat or catch fire as a result of the presence of metallic particles in a critical area of the battery cell". The batteries in question were produced between January 2004 and February 2006. The risk apparently depends on how the laptop is configured. A short-circuit inside the battery normally just trashes the battery, but in certain cases it can cause fires.
Dell is doing the right thing and does an expensive recall. I hope other vendors that may have the same problem soon follow suit. Here is the dedicated Dell battery program website, with the specifics:
http://www.wservernews.com/060821-Dell_Battery

In the mean time, what should you do to protect your laptop users? Inform these users, but prevent any sensationalizing. If you buy a lot of these devices, ask your supplier for sufficient heat-testing data. Last but not least, check with your insurance company to confirm you are covered for liabilities due to device-overheating causing burns.

Quotes Of The Week

"I handed in a script last year and the studio didn't change one word. The word they didn't change was on page 87."-- Steve Martin
I've slightly misquoted Edmund Burke last week. He actually said: "All that is necessary for the triumph of evil is that good men do nothing."

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected].com


ADMIN TOOLBOX

Admin Tools We Think You Shouldn't Be Without

Must-have FREE software. Web Employee Directory + Secure Self Service - rDirectory for Microsoft Active Directory.
http://www.wservernews.com/060821-NameScape

Perhaps you were not aware of the new Speedtest beta that works like a charm, looks wicked cool, and you can share the results!
http://www.wservernews.com/060821-SpeedTest

Setting up more Wireless Access Points and need to test signal strength on a "g" network with a Pocket PC or Laptop? Try NetStumbler:
http://www.wservernews.com/060821-NetStumbler

Russian Veeam Software developed an app to monitor the performance and resource usage of all the virtual machines running on VMware SV or WS.
http://www.wservernews.com/060821-Veeam

Microsoft just put up their Exchange 2007 Beta Wiki. They called it... "ExchangeNinjas". I guess we should be flattered [grin]
http://www.wservernews.com/060821-ExchangeNinjas


TECH BRIEFING

Consumer Group Slammed For Creating 'test' Viruses

Consumer Reports created 5,500 new virus variants derived from six categories of known viruses to pit AV software against novel threats not identified on signature lists. A lot of people in the Industry have issues with that. Their spyware test was also a bit murky, and we have asked them to get more data about their testing procedures. Our Prez Alex blogged about this as well:
http://www.wservernews.com/060821-Consumer_Reports


Top Ten Active Directory Tips

The inner workings of Active Directory can get so complex, it can drive an admin crazy. Not to fear, though. No one is more adept at the technical side of AD than SearchWinIT.com expert, Gary Olsen. Here we have gathered Gary's ten best tips from the past year, as rated by SearchWinIT readers. (free registration required)
http://www.wservernews.com/060821-AD


FAQ: Exchange Server Non-delivery Reports

Exchange Server non-delivery reports (NDRs) indicate e-mail delivery issues due to non-existent, inactive or expired accounts, misspelled e-mail addresses, poor spam filter configuration, and other causes. Get tips on enabling and disabling NDRs, and learn how to decipher and troubleshoot NDR messages in this collection of expert advice. (free registration required)
http://www.wservernews.com/060821-Exchange_NDR


Step-by-Step Guide: Laptop Hacking

It's no longer just an inconvenience to lose a laptop. Being careless in today's overly governed society now leads to business contracts being dishonored, laws being broken, and industry regulations being violated. Above all, it's putting a lot of sensitive information at risk -- both trade secrets and, more importantly, personal livelihoods. Read this guide and learn how to keep your laptops secure! At SearchWindowsSecurity.com (free registration required)
http://www.wservernews.com/060821-Laptop_Hacking


VMware Users Worry About VM Sprawl

Server virtualization makes it easy as pie to deploy a new system -- maybe a little bit too easy, say industry observers. Can you ever have too much of a good thing? Server virtualization fans are wildly enthusiastic, but even some true believers are worried about how quickly scads of virtual machines (VMs) are being added to corporate IT environments. "We love VMware," said Tom Dugan, director of technical services at Recovery Networks, an outsourced business continuity provider in Philadelphia. Even so, he's worried about managing an ever-increasing sprawl of VMs. More at...
http://www.wservernews.com/060821-VMWare


SQL Server 2005 Upgrade Hurdles

Before upgrading to SQL Server 2005, consider this collection of potential migration hurdles and pitfalls, from parameters that may cause blocking to default settings that are no longer supported in the new DBMS.
http://www.wservernews.com/060821-SQL2005_Upgrade


WINDOWS SERVER NEWS

Gartner: Top 5 Steps to Dramatically Limit Data Loss

Public exposure of private data is becoming a regular occurrence, but the majority of these incidents can be prevented if companies implement the proper security best practices, according to Gartner, Inc. Gartner analysts have identified the top 5 steps to prevent data loss and information leaks. The top 5 steps to prevent data loss and information leaks are the following:
  1. Deploy Content Monitoring and Filtering (CMF). A CMF solution monitors all outbound network traffic and generates alerts regarding (or sometimes blocks) activity based on inspecting the data in network sessions. CMF tools monitor common channels, including e-mail, IM, FTP, HTTP and Web mail (interpreting the HTTP for specific Web mail services) and look for policy violations based on a variety of techniques. (Sunbelt Messaging Ninja will have a content filtering plug-in before the end of the year)
  2. Encrypt Backup Tapes and (Possibly) Mass Storage. Gartner analysts highly doubt that many of the reported lost backup tapes containing consumer records eventually result in fraud. However, because there is no way to know for sure, companies have to assume exposure anyway. Encryption can ensure that the data will still be safe.
  3. Secure Workstations, Restrict Home Computers and Lock Portable Storage. Workstations and laptops can be a major source of loss, especially when a poorly configured or out-of-date enterprise or home computer is compromised by a virus or worm, and by losing portable storage media, such as a Universal Serial Bus (USB) drive or CD-ROM. "There's really no excuse for not keeping an enterprise system up-to-date with the latest patches, a personal firewall, antivirus and anti-spyware software," Mr. Mogull said. "These precautions alone will prevent the vast majority of commonly encountered Internet attacks."
  4. Encrypt Laptops. If organizations give employees portable computers, employees will store sensitive data on it. Policies don't matter: Users will always use the tools they acquire, and sensitive data will always end up in unexpected places.
  5. Deploy Database Activity Monitoring. Most organizations struggle to secure existing databases that are rarely designed with effective security controls. While companies eventually need to encrypt some of the data in their databases, database activity monitoring is a powerful security control that's easier to implement and more viable than encryption for many types of data.


Preventing Users from Disabling a Screen Saver

I ran into a really useful hint from Randy Franklin Smith's newsletter from the UltimateWindowsSecurity site!

Q: How can I prevent my users from disabling the password-protected screensaver that I configure when setting up new systems?

A: If your computers and user accounts are part of an Active Directory (AD) domain, you can use one Group Policy Object (GPO) to deploy a policy to all your users that prevents them from disabling the screen saver. If you don't use AD, you'll need to configure the setting in the local GPO of each computer.

Whether editing a GPO in AD or a computer's local GPO, maneuver to the User Configuration\Administrative Templates\Control Panel\Display folder in the Microsoft Management Console (MMC) Group Policy Object Editor and enable the "Hide Screen Saver tab" policy. Now when users open the Display applet in Control Panel, the Screen Saver tab just won't be there for them to access. Note that the Display folder also contains other policies that enable you to configure the screen saver itself as well as its timeout value and other parameters.

This Security Q&A originally appeared in the Windows IT Security newsletter's Access Denied column, you can subscribe here:
http://www.wservernews.com/060821-Newsletter


WINDOWS SERVER THIRD PARTY NEWS

Why Are GFI MailEssentials Users Switching To Ninja?

We have found that quite a few GFI MailEssentials (MES) users are making the move to Ninja. We asked them what their main reason was to upgrade. The first answer we got back from basically all of them was that the new Attachment Filter in Ninja was something they really needed and did not have in MES. But also, they complained about the "spam catch" ratios being not acceptable anymore.

Our perspective on this is that Bayesian filtering works fine for an individual workstation. It indeed "fine-tunes" for the end user. However, using it on a general mail server is less optimum. Bayesian filtering as a technology depends upon being taught what items are spam and what items are not spam. In a single user environment this concept works fairly well but in server environment, no as much. Ask one user what is spam and you'll get a lot of items that are agreed upon, but you will also get items which are not agreed upon such as newsletters and special offers. At that point the learning engine gets confused.

Another point is the diversity of email in a server environment. It can teach the engine to allow too many types of email to be accepted. Creating separate Bayesian repositories (individual scanning engines) for each user on a server would work to make things better but at that point you'll be putting too much load on the server. Toss in problems like Bayesian poisoning and you've got an engine that won't get you far. Our prez Alex just blogged about Bayesian poisoning and how it foils that engine:
http://www.wservernews.com/060821-Bayesian_Poisioning

Sunbelt Software offers all existing MES users a 50% Competitive Upgrade Discount so they can afford to move from their second-generation product to the latest third-gen (policy-based) messaging security platform. Download the 30-day Ninja eval, see for yourself how good it works, and ask your Rep or Reseller for a Competitive Upgrade quote. You'll be pleasantly surprised:
http://www.wservernews.com/060821-Ninja


Protecting Virtual Systems with Double-Take Software

Virtualization is one of the fastest-growing technologies in mainstream Information Technology (IT) today. Market-leaders like VMWare and Microsoft are pushing this growth by placing increasing focus on providing customers with the ability to consolidate servers and easily deploy development and test environments. The benefit of virtualization technologies such as these is clearly evident - they allow businesses to improve their IT efficiency while continuing to drive down costs.

As you evolve your IT infrastructures and leverage virtualization to help address your scalability and manageability needs, it is important that you also evolve your data protection strategy as well. Double-Take meets this challenge by providing proven, reliable data replication and high availability capabilities that work just as well in virtual systems as they do on their physical counterparts.

When you combine the accessible data protection capabilities of Double-Take with the flexibility and efficiency of virtual systems, you have no excuse for not keeping your company's most valuable asset - it's data - safe:

Double-Take can protect data from either the Host OS (protecting all of the virtual systems on a server) or the Guest OS (protecting the same way as physical servers). Double-Take can provide continuous data protection of the virtual systems and fail them over to another physical host within minutes. Leveraging virtual systems at the disaster recovery site, one can deploy fewer physical servers and provide autonomous virtual targets for each client / business. Due to its patented architecture and feature set, Double-Take is the proven leader in real-time data protection for virtual systems.
http://www.wservernews.com/060821-Double-Take


WServerNews 'FAVE' LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff



WServerNews - PRODUCT OF THE WEEK

"GFI MES To Ninja" Competitive Upgrade Offer

Sunbelt Software offers all existing GFI MailEssentials (MES) users a 50% Competitive Upgrade Discount so they can afford to move from their second-generation product to the latest third-gen (policy-based) messaging security platform: Ninja. Download the 30-day Ninja eval, see for yourself how good it works, and ask your Rep or Reseller for a Competitive Upgrade quote. You'll be pleasantly surprised:
http://www.wservernews.com/060821-Ninja_Competitive_Upgrade