|
Vol. 14, #52 - Dec 14, 2009 - Issue #757
|
|
Does Virtualization Help Compliance?
|
| This issue of WServerNews is sponsored by |
|---|
 |
|---|
- Editor's Corner
- Does Virtualization Help Compliance?
- SunPoll on Critical Alerts
- What Are Your Plans For 2010?
- Quotes Of The Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Webinars & Seminars
- Affordable, Enterprise Email Archiving - 12/15
- Live Desktop Virtualization Expert Webcast Wed, December 16
- Tech Briefing
- Is Your Database Doing Its Job?
- Cell Phone Subterfuge Produces Nation Of 270 Million Spies
- Seagate Announces Its First Solid-State Server Drive
- Microsoft Downplays Windows Bitlocker Attack Threat
- Improved Storage Handling With Microsoft Hyper-V R2
- Windows Server News
- Microsoft Forms Server & Cloud Division
- Top Virtualization Trends Of 2009
- A Guide To Terminal Server (Now RDS)
- Third Party News
- Sunbelt Tech Support ROCKS!
- Answer From: S.A.
- Latest List Of Network Vulnerabilities
- WServerNews Fave Links
- This Week's Links We Like. Tips, Hints And Fun Stuff.
- WServerNews - Product of the Week
- Instantly Recover Active Directory without Rebooting, Panic or Stress
|
|
Instantly Recover Active Directory without Rebooting, Panic or Stress
Instant recovery of Active Directory without rebooting, panic or stress.
Rebuild memberships and attributes on the fly. No one will ever know... Active
Administrator from ScriptLogic allows you to recover, audit, assign
permissions, make and track changes to Group Policy and set security
settings in Active Directory from the safety of an integrated management
console. Download now and see why Active Administrator was voted #1 in
systems management and group policy management:
http://www.wservernews.com/091214-ActiveAdministrator
|
|
 |
Editor's Corner |
|
Does Virtualization Help Compliance?
One of WServerNews readers and member of Sunbelt's NTSYSADMIN discussion
list, Daniel Schatz, asked himself this and decided to find out. He wrote
a research paper on this for his MSc Information Security dissertation.
He was so kind to share the results of the survey he did over several
IT specialist forums.
The survey aimed to provide a better understanding of security and regulatory
challenges organizations face during their virtualization programs. As you
might guess, some organizations are further along in the process of
virtualization than others, and their answers reflected this.
Overall, there is a general uncertainty as to how virtualization might
affect compliance with well known regulations like SOX, PCI, HIPAA and
others. Consequently more than 25% of the respondents mentioned some
architecture or timeframe issues during their virtualization program
due to compliance concerns.
A surprising 13% even mentioned these concerns as one reason not use
virtualization technology in at least one area of their business. In
response as to whether server virtualization had a positive impact on
the organizations compliance management process a solid 30% confirmed this
to be the case. According to the participants, the responsibility to
ensure compliance of virtualized environments mainly falls on the
Information Security department (73%), followed by Technology Operations
(53%) and General Management (46%) (multiple selection possible).
Even with the limited data gathered by this survey it becomes obvious that
there is a wide range of views as to how virtualized environments can
affect compliance requirements. Considering increasing regulatory
requirements and the growing popularity of virtualization, you should
do some homework on this topic of virtualization and compliance
management for your own organization.
SunPoll on Critical Alerts
Here is the next SunPoll: "How would you like to be warned in case of a
critical bug in Windows Server?" Here are the options:
- RSS feed from a Blog
- Tweet me
- Send me an email
- Facebook or MySpace alert
- Other
Here is the link, bottom right is where you vote:
http://www.wservernews.com/091214-SunbeltSoftware
What Are Your Plans For 2010?
2009 is nearly gone and 2010 is almost here. ITIC and Sunbelt Software want
to know how your organization's IT department and technology infrastructure
fared over the past 12 months and what your budget and technology deployment
plans are for the year ahead. We're running a new survey of multiple choice
questions and one essay question. It should only take about five minutes to
complete. All responses are kept confidential. And we're giving away two (2)
iPods to the persons who provide us with the most insightful comment to the
essay question. Remember to leave your email address in the space with your
essay comment so we can contact you if you win the iPod. Also anyone who
completes the survey is entitled to a complimentary copy of the final report.
Send me an Email directly at:
[email protected]. Here's the survey:
http://www.wservernews.com/091214-Survey
Quotes Of The Week
"Educate and inform the whole mass of the people... They are the only sure
reliance for the preservation of our liberty." -- Thomas Jefferson
"It is the duty of the patriot to protect his country from his government."
-- Thomas Paine
"On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into
the machine wrong figures, will the right answers come out?' I am not able
rightly to apprehend the kind of confusion of ideas that could provoke such
a question." -- Charles Babbage, (1791 - 1871) was an English mathematician,
philosopher, inventor and mechanical engineer who originated the concept
of a programmable computer.
Warm regards, and thank you for being a WServerNews subscriber. No trees
were killed in the sending of this message, but a large number of electrons
were terribly inconvenienced. Please tell your friends about us.
They can subscribe here:
http://www.wservernews.com/091214-Subscribe
PS: Did you know this newsletter has a sister publication for XP users
called WXPnews? You can subscribe here, and tell your friends:
http://www.wservernews.com/091214-WXPNews
PPS: And now we have our new Win7News! You can subscribe here, and tell
your friends:
http://www.wservernews.com/091214-Win7News
|
|
Heads-Up: VIPRE Enterprise 10$/Seat Competitive Upgrade Ends 12/31!
VIPRE received the VB100 award last week. That should put any last doubts
to rest. The independent Tolly Group said in their September 2009 Anti-virus
Performance Test Report: "Consumes up to 38% and 45% less memory, and offers
up to 2.6x and 3.6x scanning speed compared to Symantec and McAfee." It's
clearly time to kiss your antivirus bloatware goodbye. Sunbelt built VIPRE
Enterprise; total endpoint security designed by admins for admins. And that
means EASY DEPLOYMENT. Click on the 'Request Info' tab and ask for a quote:
http://www.wservernews.com/091214-VIPRE-Enterprise
|
|
<
|
Webinars & Seminars |
|
Affordable, Enterprise Email Archiving - 12/15
Exchange performance is suffering. Your users complain about email storage
and don't want any quotas. Your CEO requires legal compliance. Want a high-end,
feature-rich, admin-friendly product that solves all these issues at a very
affordable price? Then don't miss this Sunbelt Exchange Archiver webinar.
Tuesday, December 15, 2009, 2:00pm - 3:00pm EST
http://www.wservernews.com/091214-Enterprise-Email-Archiving
Live Desktop Virtualization Expert Webcast Wed, December 16
In this economic climate, improving management and increasing information
security while controlling (and minimizing) costs are no longer "business
best practices," they're essential to stay in the market. These challenges,
combined with an increasingly mobile workforce, mean IT pros like you are
left to find an efficient method of deploying and managing your desktop
and mobile computing infrastructure. In this free live expert webcast,
David Payne, Chief Technology Officer and Founder of Xcedex, discusses
how desktop virtualization can help you conquer these obstacles and key
considerations for adopting a successful VDI strategy. Register today!
http://www.wservernews.com/091214-Client-Virtualization
|
|
Tech Briefing |
|
Is Your Database Doing Its Job?
ITIC and Sunbelt are conducting another survey, this time on SQL Server
deployment trends and user satisfaction and we'd love to get your feedback.
The questions are straightforward and the survey should only take a few
minutes to complete. All responses are kept confidential. And as always
we're giving away two (2) free iPods to the individuals who provide us
with the most insightful comment in the final essay question. Be sure to
leave your Email address along with your remarks in the last question so
we can contact you if you're a winner. Just follow the link below to
take the survey.
http://www.wservernews.com/091214-SQL-Server-Survey
Cell Phone Subterfuge Produces Nation Of 270 Million Spies
Mobile phones are used to track tens of thousands of Americans each year,
says a leading privacy scholar. It's time telecoms and the feds told us
exactly whom they're spying on and why. Get the whole story here:
http://www.wservernews.com/091214-270-Million-Spies
Seagate Announces Its First Solid-State Server Drive
Seagate Technology announced its first solid-state disk drive and said the
product is aimed at the booming general server and blade server marketplace.
Seagate's new Pulsar SSD is a 2.5-in., enterprise-class drive that uses
single-level cell (SLC) NAND flash chips. The Pulsar will offer up to
240MB/sec. sequential read speeds and 200MB/sec. sequential write speeds
or peak performance of up to 30,000 read IOPS and 25,000 write IOPS,
according to Seagate. The company is backing the drive with a five-year
limited warranty. More at Computerworld:
http://www.wservernews.com/091214-Seagate-SSD
Microsoft Downplays Windows Bitlocker Attack Threat
Microsoft says research spelling out multiple attack scenarios to access
files protected by BitLocker presents a relatively low security risk to users.
Redmond dismissed recently disclosed threats to its BitLocker disk-encryption
technology as "relatively low risk," noting that attackers must not only have
physical access to a targeted PC, but must manipulate the machine two separate
times. The company's move was prompted by a paper published by five German
researchers at the Fraunhofer Institute for Secure Information Technology
(Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper,
the researchers spelled out multiple attack scenarios criminals could use
to access files protected by BitLocker. More at InfoWorld:
http://www.wservernews.com/091214-BitLocker-Attack
Improved Storage Handling With Microsoft Hyper-V R2
When Microsoft released Hyper-V for Windows Server 2008, it shook the
virtualization world with a cheap - and viable - hypervisor option.
Still, VMware remained the hypervisor leader in several technical areas,
including storage. With Windows Server 2008 R2, Microsoft made some
changes to Hyper-V (now Hyper-V R2) to make it a more worthy competitor.
While new features like live migration are getting a lot of hype, this
article discusses which storage enhancements are also noteworthy.
(registration required)
http://www.wservernews.com/091214-Storage-Handling
|
|
Windows Server News |
|
Microsoft Forms Server & Cloud Division
Redmond combined their Azure Cloud group with its Server & Solutions team to
form a new Server & Cloud Division (SCD). This combines on-premises and cloud
solutions inside its Server & Tools Business (STB) where the two teams can
share technologies.
This move puts Azure close up to WinServer, SQL Visual, Studio and System
Center. According to their blog post, Azure, (expected to go live in 2010) has
"moved beyond an advanced development project to an important and growing
business for Microsoft." It also means that the Azure dev team moves to the
Server & Tools Business run by Bob Muglia.
Top Virtualization Trends Of 2009
With the continuing adoption and success of virtualization, what were the
top virtualization trends for 2009? Are IT organizations gaining the benefits
promised? What are they virtualizing? What are they focused on for 2010? What
is needed to take the next step? This expert article presents the top
virtualization trends of 2009: (registration required)
http://www.wservernews.com/091214-Virtualization-Trends
A Guide To Terminal Server (Now RDS)
Windows Terminal Services (TS) is Microsoft's thin-client technology that
allows users to access desktops virtually. Renamed Remote Desktop Services
(RDS) in Windows 2008 R2, the component - built into Windows operating
systems - allows data to exist in a central location and simplifies
management for systems administrators. In this expert guide, learn how to
set up RDS on Windows 2008 R2, deploy TS Web Access, troubleshoot connection
problems and more.
http://www.wservernews.com/091214-Terminal-Services-Guide
|
|
Third Party News |
|
Sunbelt Tech Support ROCKS!
On Thu, Dec 10, 2009 at 8:53 AM, J.A wrote to: NTSYSADMIN list.
"I am in touch with Sunbelt Support right now due to an issue with my
desktop machine. I sent them an email and less than 10 minutes after I
fired off the email, I had a response from support and we're working on
the problem right now! I could never have gotten that level of support
from AVG! I would have been lucky to get an automated response back 2
hours after I fired off the email and would have been lucky to get a
response from someone in broken English the next day!"
Answer From: S.A.
Ditto. I'm in the midst of working on an issue with them that started while
I was on vacation last week. When I came in and started looking at things
I had input for support that had not been brought up yet, and sure enough,
they have had additional suggestions for me. That would never have been
the case with McAfee. We used the diagnostic tool from Vipre Admin to
send them logs & data, and even though their initial response was there's
nothing that we can see that is causing this issue, they kept coming back
with questions, and then suggestions of things to adjust on the OS side,
they didn't just drop the issue because the initial look didn't give them
an answer, they have kept digging and looking at it and working with us.
Yup, Kudos to your support team Stu! They ROCK!
Thanks guys. We are obsessive about having local, U.S.-based tech support
as I know good support is a major component of being a happy customer. Stu Sjouwerman
Latest List Of Network Vulnerabilities
SNSI uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list
of computer incidents. It also contains the latest SANS/FBI top 20
vulnerability list. SNSI also uses the latest CERT, CIAC Microsoft and
FedCIRC (Department of Homeland Security) advisories.
New Checks:
L218 Linux Kernel multiple vulnerabilities - Oracle Linux
L219 Linux Kernel multiple vulnerabilities - RHE
S324 Kernel/Sun Cluster Failfast Support/zpool import failures - Solaris 10
S556 Gnu tar Two Vulnerabilities - Solaris 9 - 10
W3781 Local Security Authority Subsystem ISAKMP flaw - W2K/XP/W2K3
W3782 Active Directory Federation Services laws - W2K/XP/W2K3
W3783 Internet Authentication Service PEAP error - W2K/XP/W2K3
W3785 Cumulative Security Update for IE 5.01/6/7/8 - W2K/XP/W2K3
W3787 Windows WordPad and Office Text Converters - W2K/XP/W2K3
W3788 Office XP SP3 WordPad & Text Converter memory flaw - W2K/XP/W2K3
W3792 Microsoft Office Project 2000 project file flaw - W2K/XP/W2K3
W3793 Microsoft Office Project 2002 SP1 project file flaw - W2K/XP/W2K3
L199 Kernel swiotlb jumbo frames & other flaws - Sci Linux
L200 Libvorbis runtime libraries Ogg file format error - Sci Linux
L201 Kernel swiotlb jumbo frames & other flaws - SciLinux
L202 4Suite malformed UTF-8 sequence handling error - SciLinux
L203 Ecryptfs-utils potential password exposure weakness - Sci Linux
L204 CUPS pdftops filter weakness as the "lp" user - SciLinux
L205 Nfs-utils hosts_ctl incorrect argument order flaw - SciLinux
L206 Graphviz DOT file Agraph flaw in parser push_subgr - SciLinux
L207 Apache SSL/TLS renegotiation handshake flaw - SciLinux
L208 Java openjdk multiple security errors Nov 2009 - SciLinux
L209 Java-1.6.0-sun multiple security flaws Nov 2009 - SciLinux
L210 CUPS HTML form content/file descriptor & other flaws - SciLinux
L211 KDELibs floating point conversion weakness - Sci Linux
L212 DStat Python module search path flaw - Sci Linux
L213 Xerces-j2 DTD SYSTEM identifier error - Sci Linux
L214 ISC BIND DNSSEC response validation caching error - Sci Linux
L215 Kernel swiotlb jumbo frames & other flaws - Oracle Linux
L216 Kernel swiotlb jumbo frames & other flaws - Oracle Linux
L217 Wget NULL character handling in X.509 certificates - Oracle Linux
L220 Libvorbis runtime libraries Ogg file format error - Oracle Linux
L221 4Suite malformed UTF-8 sequence handling error - Oracle Linux
L222 Apache SSL/TLS renegotiation handshake flaw - Oracle Linux
L223 Java openjdk multiple security errors Nov 2009 - Oracle Linux
L224 CUPS HTML form content/file descriptor & other flaws - SciLinux
L225 KDELibs floating point conversion weakness - Oracle Linux
L227 DStat Python module search path flaw - Oracle Linux
L228 ISC BIND DNSSEC response validation caching error - Oracle Linux
L229 PHP dba_replace/openssl_apply/& sanity check errors - MDV
L230 PHP tempnam/posix_mkfifo & temp file restriction errors - MDV
L231 Dovecot 0777 directory auth socket replacement weakness - MDV
M14 Java Multiple Vulnerabilities - Mac OS X 10.6
M15 Java Multiple Vulnerabilities - Mac OS X 10.5
S91 SSHd Timeout Mechanism Vulnerability - Solaris 10
S157 Libexpat XML Parsing Vulnerabilities - Solaris 9 - 10
S210 Wget Certificate Parsing Vulnerability - Solaris 9 - 10
S217 Python Multiple Vulnerabilities - Solaris
S306 Firefox 3.5 Multiple Vulnerabilities - OpenSolaris
S352 NSS TLS/SSL Handshake Renegotiation Vulnerability - Solaris
S487 Java Portal Server error page vulnerability - Solaris 8 - 10
W2794 IBM WebSphere AppServer Multiple Vulnerabilities
W3394 BlackBerry Attachment Server PDF Distiller Vulnerability
W3784 Internet Authentication Service PEAP errors - Vista/W2K8
W3786 Cumulative Security Update for IE8 - Vista/W2K8
W3789 Office '03 Text Converter memory flaw - W2K/XP/W2K3/Vista
W3790 Works 8.5 Text Converter memory flaw - W2K/XP/Vista
W3791 Office '03 Text Converter memory flaw - W2K/XP/W2K3/Vista
W3794 Microsoft Office Project 2003 project file flaw - W2K/XP/W2K3/Vista
Updated Checks:
W1142 Anti-virus signature outdated - McAfee
W1986 Anti-virus signature outdated - Symantec
W1999 Anti-virus signature outdated - Trend Micro
W2067 Anti-virus signature outdated - F-Secure
W2070 Anti-virus signature outdated - CA eTrust
W2493 Microsoft Windows Malicious Software Tool Not Updated
M76 ClamXav / ClamAV signatures not the latest - Mac OS X
M80 Virex signature file out of date - Mac OS X
S33 ClamAV signatures not updated - Solaris
S473 Rpc.nisd server vulnerability - Solaris
W2012 Anti-virus signature outdated - Avast! 4
W2013 Anti-virus signature outdated - AVG 8 - W2K/XP/W2K3
W2056 Anti-virus signature outdated - Norman
Sunbelt Network Security Inspector version 2.0.2670.0 Definition Set
207 was released December 9, 2009. Sunbelt Software recommends you
download the new SNSI Vulnerability Update Definitions 207, scan, and
patch your machines today. To get the latest SNSI version, visit:
http://www.wservernews.com/091214-SNSI
|
|
WServerNews Fave Links |
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
|
|
WServerNews - Product of the Week |
|
Instantly Recover Active Directory without Rebooting, Panic or Stress
Instant recovery of Active Directory without rebooting, panic or stress.
Rebuild memberships and attributes on the fly. No one will ever know... Active
Administrator from ScriptLogic allows you to recover, audit, assign
permissions, make and track changes to Group Policy and set security
settings in Active Directory from the safety of an integrated management
console. Download now and see why Active Administrator was voted #1 in
systems management and group policy management:
http://www.wservernews.com/091214-Active-Administrator
|
|
|
|
|
Email me: 