Manage your WServerNews profileWServerNews privacy policy
WServerNews (formerly W2Knews)
Vol. 12, #40 - Oct 15, 2007 - Issue #646
Sell To Public Companies? You Should Be Archiving Too

  1. Editor's Corner
    • Webinar: Powerful Email Archiving for Exchange Made Easy
    • And Another Site Replaced GFI with Ninja...
    • New SunPoll
    • Quotes of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Tech Briefing
    • Info Security Spending On The Rise, CompTIA Survey Reveals
    • XP SP3 Beta Goes to Testers
    • Presidential Candidates Face Phishing Threat In '08
    • October Patches Fix Four Threats
    • Tip: How To Design Monitoring Controls To Manage Mistakes
    • How To Use Powershell To Build A Disk Cleanup Utility
  4. Windows Server News
    • Sell To Public Companies? You Should Be Archiving Too
  5. WServer Third Party News
    • New Sunbelt Network Security Inspector Update
  6. WServerNews Fave Link
    • This Week's Links We Like. Tips, Hints And Fun Stuff.
  7. WServerNews - Product of the Week
    • Instantly Reduce Every Message In The Exchange Store to 2-5!
Instantly Reduce Every Message In The Exchange Store to 2-5K!

Sunbelt Exchange Archiver improves performance, productivity and allows you
to comply with legal and regulatory retention requirement, within budget!
Also, note that the following 'Archiving Myths' are BUSTED:
  • "Our 'archive' is really our backups."
  • "We purge email frequently in order to have no 'smoking guns.'"
  • "The courts will let us off the hook if we can't produce data because
    of our 90-day deletion policy"
  • "We don't need to archive because we're not in a regulated industry"

http://www.wservernews.com/071015-Sunbelt-Exchange-Archiver

Editor's Corner

Webinar: Powerful Email Archiving for Exchange Made Easy

Join us for a sneak preview of Sunbelt Software's new Exchange email archiving and compliance solution, Sunbelt Exchange Archiver(tm), scheduled for release the first week in November.

If you need a powerful, easy to use, enterprise-class email archiving tool that automatically enables you to comply with all requirements, and allows you or your end-users to transparently retrieve any archived email, then don't miss this webinar!

The webinar will be hosted by Alex Eckelberry, CEO and Greg Kras, VP of Product Management for Sunbelt Software on Tuesday, October 16th at 2:00pm EDT and will explain the features and benefits of implementing a powerful email archiving solution on your Exchange Server at an affordable price.

Learn how Sunbelt Exchange Archiver can help you:
  • Improve Exchange performance
  • Eliminate PST headaches
  • Dramatically reduce backup times
  • Use up to 80% smaller message store
  • Meet compliance requirements
  • And more
When: Tuesday, October 16, 2007 2:00 PM EDT
To register for this event please visit:
http://www.wservernews.com/071015-SEA-Webinar

Hurry, space is limited!

And Another Site Replaced GFI with Ninja...

Galen Counselman from the Covenant Hospice sent us this: "Ninja is working fantastically! We are very happy with our purchase and it is proving to be much more effective than GFI ever was. We just finished our Exchange 2007 migration over the weekend and are now working on post-migration tasks."
http://www.wservernews.com/071015-Ninja-Email-Security


New SunPoll

Which of these 'Magic Five' do you think is the -most- important reason to archive Exchange email?
  • Storage / Performance
  • Compliance
  • Migration
  • Disaster Recovery
  • Backup
Vote here: http://www.sunbelt-software.com/

Quotes of the Week

"Your children need your presence more than your presents." -- Jesse Jackson
"We must BE the change we wish to see in the world" -- Gandhi

Thank you for being a WServerNews subscriber.

Hope you enjoy this issue of WServerNews! Warm regards, Stu Sjouwerman  |   Email me: [email protected]

Double-Take Software - Recovery Made Easy

Double-Take(r) provides a unique solution protecting data, systems and
applications, for physical and virtual server environments, integrating
seamlessly into your IT system with no additional resources required.
  • Guarantee the High Availability of all your Windows servers
  • Replicates on any site, irrespective of the distance
  • Protect your data, without exceeding your IT budgets
  • Evolve to virtual server environments in complete security

http://www.wservernews.com/071015-Double-Take

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Get a Quote to see how cheap the new Sunbelt Exchange Archiver (SEA) would be for your environment. SEA is equivalent to Symantec Enterprise Vault:
http://www.wservernews.com/071015-SEA-Quote

This is a "Gotta Have" - a free web-based employee directory that you can have operational in 35.9 seconds. No kidding. Download it today.
http://www.wservernews.com/071015-rDirectory

For loads of laughs visit John Cleese's Friendly Advice Machine:
http://www.wservernews.com/071015-Friendly-Advice-Machine

Reclaim up to 95% of your .pst files with PSTCompress 3. Download your trial copy today!
http://www.wservernews.com/071015-PSTCompress-3


Tech Briefing

Info Security Spending On The Rise, CompTIA Survey Reveals

One-fifth of tech budgets now allocated for security.

Oakbrook Terrace, Ill., October 9, 2007-Spending on security technology, training, assessments, and certification now accounts for one-fifth of total technology budgets, according to research from the Computing Technology Industry Association (CompTIA). A survey of 1,070 organizations found that on average, they spent 20 percent of their total technology budget in 2006 on security-related expenses. That's up from 15 percent in 2005, and 12 percent in 2004.

Organizations also expect to increase spending across all areas related to security in the next 12 months. Nearly one-half of respondents to the CompTIA survey said they intend to increase spending on security-related technologies; and one-third of respondents expect to increase spending on security training. Among those expecting to increase spending, the average increase is in the range of 19-23 percent, regardless of area.

The survey also showed that for each dollar spent on security, about 42 cents is allocated for technology product purchases; 17 cents for security-related processes; 15 cents for training; 12 cents for assessments; 9 cents for certification; and the balance on other items. For more information on the study please visit:
http://www.wservernews.com/071015-Security-Budgets


XP SP3 Beta Goes to Testers

According to the NeoSmart website, Windows XP SP3 build 3205, which was released to beta testers on Sunday, includes four new features among the 1,000-plus individual hot fixes and patches.

Features backported from Vista, they claim, include Network Access Protection, (only security policy-abiding devices can connect to a network) a kernel module containing several encryption algorithms that can be accessed by third-party developers, a new Windows activation model that doesn't require product keys, and "Black Hole Router" protection against rogue routers that discard data. Expect XP SP3 early 2008.

It looks like this extends the lifespan of XP, and note that Redmond intro'd a new "get-legal" program that lets you purchase large amounts of WinXP Pro through your usual reseller. More specifics at NeoSmart:
http://www.wservernews.com/071015-XP-SP3


Presidential Candidates Face Phishing Threat In '08

Presidential candidates seeking contributions online could face a rather specific threat from phishers: Attacks that harvest donors' credit card numbers or divert contributions to an opponent's campaign. More at:
http://www.wservernews.com/071015-Phishing-Threat


October Patches Fix Four Threats

Of the nasties unveiled in Microsoft's October Windows patch security summary, four of them stand out in particular since they pose the broadest range of threats. A memory corruption problem that allows arbitrary code to run is one of the big issues addressed in this monthly patch parade.
http://www.wservernews.com/071015-Windows-Patches


Tip: How To Design Monitoring Controls To Manage Mistakes

Plagued by calls from angry users? Using workarounds regularly to do your job? Then it's time to design and implement controls that will address potential failures. Find out how in this tip!
http://www.wservernews.com/071015-Controls


How To Use Powershell To Build A Disk Cleanup Utility

In this Scripting School on SearchWinComputing.com, expert Christa Anderson explains how to use Windows PowerShell cmdlets to build a useful but potentially destructive utility for disk cleanup, and how to reduce the risk of using it.
http://www.wservernews.com/071015-Powershell


Windows Server News

Sell To Public Companies? You Should Be Archiving Too

Something you perhaps did not know. I for sure didn't until I started reading up on the legal retention requirements! There are an increasing number of government compliance mandates, take Sarbanes/Oxley (SOX) for instance. But their repercussions are not always visible for everyone. A lot of these regulations require archiving as an important part of compliance. Osterman Research names just a few highlights:

Financial: SEC 17a; NASD 3010; HIPAA; SOX; GLBA; SB1386
Healthcare: HIPAA; SOX; SB1386
Government: HIPAA
Life Sciences: HIPAA; 21 CFR11; SOX; SB1386
Other industries: HIPAA; SOX; SB1386

Two well-known compliance regulations are the most far-reaching: the Health Insurance Portability and Accountability Act (HIPAA) and SOX. As an illustration of how far these can reach, HIPAA not only applies to healthcare organizations, but also to health insurance providers and their claims processing services, and furthermore to (and did you know this) employers that are self-insured or that provide health services to employees.

And then the infamous SOX has an effect on all organizations that publicly report financial results, or that issue U.S.-traded securities. More over, if you are a private company that does business with a publicly traded company, you must also follow SOX guidelines. Why? So your business partner can get requested information from you, in the event of an audit. If your CEO is planning to go public at one point in the future, you'd -better- start to follow SOX IT guidelines as early as possible. Here are some official legal words:
"To comply with SOX, public companies should apply these internal controls to their information management practices-which may include, among other things, a thorough and ongoing evaluation of the organization's information management programs, policies and procedures to ensure that company records are retained in an accurate and trustworthy manner. In addition, company records need to be readily accessible to ensure timely cooperation should the organization find itself under investigation. Additionally, it has become essential that organizations not only have record keeping policies and practices in place but that they also have a Legal Hold or Records Hold mechanism that supersedes the organization's regular record keeping rules, and ensures that company records and information are preserved for SEC investigations or other formal proceedings."
And do not forget two other interesting laws that might apply at the worst possible moment: The Patriot Act and Freedom of Information (FOI) Act. Both of these require organizations to retain and maintain records so that they can be produced when regulators send requests for them.

'Firing-Offense': Omitted Software

So much for laws and recent regulation. The second important reason driving the need for any organization to have policy, procedure and software in place for e-mail retention and management is litigation and its inevitable ugly result called e-discovery. The Direct Archiving feature in SEA is compliant because as it comes into the Exchange Store its immediately archived. Even if the user has deleted email, it is already stored in archive and can be easily restored into an audit or legal mailbox.

Not only must you retain critical data, but you have to be able to query data for the purpose of legal discovery and do it pronto. Not having this in place is truly an incredible headache. I've been there, and done that a long time ago. I took the IT team -weeks- of almost full-time work. It is not hard to see that you are opening yourself up to critical risk if you are not able to meet regulatory mandates or e-discovery subpoenas, even as a third party in a lawsuit. Ever did the math how much it costs to process and restore a single backup tape? You'd be surprised.

Better To Act Right Now

It's one of these things you cannot afford not to address, and the Sunbelt surveys showed that 40% of you are going to deploy archiving in the next 12 months. That is a sea change in the market. But let me help you a bit with some ammo to get budget pushed through right away.

There are a LOT of benefits that make it a no-brainer to implement ASAP, from small to large:
  1. Avoid compliance-related fines
  2. Significant savings on both IT time and attorney staff time
  3. Very fast ROI, usually 3 to 6 months
  4. Immediate, 100% ROI if you get hit with an e-discovery
  5. Significant savings every 2 years on additional Exchange servers and storage
  6. 60-80% faster backups
Email has become mission critical and archiving needs to be a front burner issue, for all the above reasons. Now, HOW to archive is crucial. Getting a journaling-based system lacks a wealth of features you really need, and does not give you the performance and space benefits. So if you are running one of these, we provide a 50% Competitive Upgrade Discount until the end of the year. That becomes an instant complete no-brainer. Check out SEA:
http://www.wservernews.com/071015-SEA


WServer Third Party News

New Sunbelt Network Security Inspector Update

SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer incidents. It also contains the latest SANS/FBI top 20 vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and FedCIRC (Department of Homeland Security) advisories.

New vulnerability updates for this release include:
W3204 Kodak Image Viewer Could Allow Remote Code Execution
W3210 MS Word 2000 Could Allow Remote Code Execution
W3211 Microsoft Word 2002 Could Allow Remote Code Execution
N0069 Cisco 127/8 IP addressing error
L0117 Elinks POST request https URL error - FC
L0127 T1lib GetCompletePath vulnerability - MDV
L0128 Libsndfile FLAC crafted PCM error - MDV
L0129 OpenSSL BN_from_montgomery error - MDV
L0130 Pidgin libpurple mSN nudge error - FC
L0131 Ruby connect method commonName error - FC
L0132 Nfs-utils RPC library and nfsidmap errors - RHE
L0133 Xen warn.php URL bypass flaw - RHE
L0134 Elinks POST request https URL error - RHE
L0135 KDElibs multiple vulnerabilities - RHE
L0136 KDEBase URL spoofing errors - RHE
S0515 System panic upon SAN Fiber Channel disruptions - Solaris 10
S0513 Svc.startd libc patch induces hang - Solaris 10
S0512 Named pipes leak information - Solaris 8-10
Sunbelt Network Security Inspector version 1.6.79.0 was released October 10, 2007). Sunbelt Software recommends you download the new SNSI version 1.6.79.0, scan, and patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/071015-SNSI


WServerNews Fave Link

This Week's Links We Like. Tips, Hints And Fun Stuff.



WServerNews - Product of the Week

Instantly Reduce Every Message In The Exchange Store to 2-5!

Sunbelt Exchange Archiver improves performance, productivity and allows you to comply with legal and regulatory retention requirement, within budget! Also, note that the following 'Archiving Myths' are BUSTED:
  • "Our 'archive' is really our backups."
  • "We purge email frequently in order to have no 'smoking guns.'"
  • "The courts will let us off the hook if we can't produce data because of our 90-day deletion policy"
  • "We don't need to archive because we're not in a regulated industry"

http://www.wservernews.com/071015-Sunbelt-Exchange-Archiver