| This Month:
Straight Talk on Windows Migration
NetIQ senior product manager Ronnie Blewer explains
how the right training and smart planning can
simplify Windows migration, keeping it from
becoming an overwhelming and intimidating prospect.
Source: .Net Magazine
What You Need to Know About the Interim WinPE
Microsoft is planning
to release an interim version of the Windows
Preinstallation Environment (WinPE). This
stripped-down OS, which will be available for
Windows 2003 and XP, will cut down installation
time and complexity. Source: Windows & .NET
Magazine
Chapter of the Week: Ultimate Windows Server
2003 System Administrator's Guide -- Chapter 8,
'Group Policies'
The Ultimate Windows
.NET Server System Administrator's Guide is an
essential resource for planning, deploying, and
administering a Windows .NET enterprise system. The
authors draw on years of experience designing and
administering Windows NT and UNIX systems in order
to guide you through the varied tasks involved in
real-world system administration. There are
detailed discussions of key Windows .NET Server
administrative functions, and descriptions of many
advanced tools and optional components. In addition
the authors have included a comprehensive and
convenient command reference. You can download this
sample chapter in .PDF format by
clicking here Free registration may be
required. Source: TechTarget
Active Directory Migration Gets Easier:
Microsoft©s recently
released Active Directory Migration Tool v2 offers
important enhancements over the first version. One
of Hewlett-Packard©s top AD experts briefs us on
the improvements. Source:MCPMagazine
Attack Of The World Wide Worms
How a series
of prolific viruses clogged computer networks,
bared the vulnerability of the Internet and showed
the cracks in Windows. Source: Time
Slow Down Internet Worms With Tarpits
This timely article discusses how to slow the
spread of Internet worms using a tarpit and
IPtables on Linux. A similar approach could
potentially be used with tarpits on Windows
platforms, Solaris, OpenBSD, and others. Source:
SecurityFocus.com
Microsoft Revises 2 Security Bulletins
"Microsoft updated and reissued two
security bulletins on Wednesday -- one from last
year and one from last month.
The older security
bulletin addressed what Microsoft originally
believed was a flaw in a SQL Server command.
Microsoft recently determined that the flaw is in a
Windows component and that all versions of Windows
except for Windows Server 2003 are vulnerable to
this critical problem. In the worse case, the
vulnerability could allow an attacker to take
control of a system. Microsoft's other bulletin
revision on Wednesday updated a July 23 bulletin
that fixed a critical flaw in DirectX that could
allow an attacker to execute code on a user's
system." Source: ENT Online (Aug 20, 2003)
Book Excerpt: TCP/IP for Windows 2000: Introduction
to TCP/IP
Running TCP/IP on Windows 2000 presents unique
challenges and opportunities that simply don't
apply in other environments. This book explains
TCP/IP from a Windows 2000 point of view. TCP/IP
for Windows 2000 explains fundamental TCP/IP
concepts with exceptional detail and clarity, and
it delivers practical, hands-on guidance for
planning and deploying TCP/IP using Windows 2000
and Active Directory. From addressing to routing,
architecture to troubleshooting, this book's
step-by-step procedures and exercises will give the
skill you need to deploy and maintain any Windows
2000 TCP/IP network. (Chapter is in .PDF format and
requires Adobe Acrobat Reader. Free Registration
may be required) Source: Search WIn2000.com
The Bright Side of Blaster
"The Blaster worm has infected
hundreds of thousands of Windows machines, shut
down the Maryland state DMV, put network
administrators on overtime, crashed countless
consumer's home computers, and on Saturday it will
attempt a denial-of-service attack on Microsoft's
Windows Update site. But that doesn't make it all
bad. As nasty as that is, security experts say it
could have been much worse: the worm is hampered by
clumsy construction, and it does not contain a
malicious payload to damage victim's files.
Moreover, in its reckless tear through cyberspace
Blaster is accomplishing what a month of warnings
from the security community, an unprecedented
mass-e-mail campaign by Microsoft, and two
advisories from the Department of Homeland Security
all failed to do: it's forcing companies and
consumers to install the patch for the serious RPC
DCOM vulnerability, shutting down computer
intruders who've had their pick of these systems
for weeks." Source:
SecurityFocus.com
KB 823980 Scanning Tool
If you're still trying
to secure your workstations and servers against
W32.Blaster and variants that exploit the RPC
vulnerability, Microsoft has released a free tool
that network administrators can use to identify
host computers on their network that do not have
the
823980 security patch (MS03-026) installed. The
KB823980scan.exe tool can scan remote host
computers without requiring authentication (that
is, you do not have to supply valid credentials on
the remote host computer). Use of the
KB823980scan.exe tool does not affect the stability
of the target operating system that is scanned. You
can use the KB823980scan.exe tool from a Windows
Server 2003-based, Windows XP-based, or Windows
2000-based computer to scan your network. Source:
Microsoft.com
Disaster recovery follows US blackout
Time to put those
processes to the test...
Source:
Silicon.com
Fast Path to Security Incident Response and
Recovery
Every
network will eventually be the victim of a computer
security incident. System administrators need to be
prepared for security incidents and respond quickly
to minimize and repair the damage. For the busy
administrator, this article provides a quick
overview of the steps involved in an incident
response, with links to more in depth resources if
required. Source: Microsoft Technet
Sample Chapter of the Week: "Setting up and using a
network"
Networking is at the forefront
of today's push for improved productivity. The
first part of this chapter from Windows XP
Professional: A Beginner's Guide provides a
foundation for networking, by describing the
schemes, hardware and protocols or standards that
can be used to make it function. The rest of the
chapter describes how networking is set up and
managed in Windows XP. (Free registration may be
required) Source: SearhWin2000.com
W32.Blaster.Worm
If you're having
problems with Windows NT/2000/XP/2003 computers
shutting down every few minutes with the error "The
RPC service terminated unexpectedly", chances are
your systems have been infected with the
W32.Blaster.Worm. Also known as "Mblast" this bug
doesn't require any user interaction to infect host
systems. It simply scans available networks for
machines with an unpatched
vulnerability in Microsoft's RPC service,
installs itself, and repeats the process to infect
new systems. In addition to causing instabilities
that will repeatedly shut down the host system, the
worm also launches a denial of service attack
against the Microsoft Update website. Infected machines will
also have the "Mblast.exe"
file in the windows/system32 folder and the Mblast
process will be visible in Task Manager.
Fast Path to Intrusion Detection and Event Logging
Most network administrators will face a computer
security intrusion event sometime during their
careers. Having an intrusion detection plan will
result in earlier intrusion notification, minimize
the consequences, and allow a quicker recovery.
Microsoft provides several tools for intrusion
detection, including event logging. This document
will discuss intrusion detection and some of the
Microsoft tools that you can use as part of an
intrusion detection plan. Source:
Microsoft Technet
Through the Looking Glass: Raises and How to Get
One
This year's
Microsoft Certified Professional Magazine
salary survey, states that 56 percent of MCPs
expect to receive an increase in compensation this
year. What it doesn't provide is information by
certification about what size of raise that equates
to. Here, we'll provide details about the size of
those raises by certification title as well as
additional information we couldn't squeeze into the
original report. Shortly, we'll follow up with
information about salaries by size of company. What
you don't know about compensation can cost you!
Source: MCP Magazine
SAN Security by Obscurity
"Many IT managers are
unaware of the security risks associated with their
Storage Area Networks (SANs). According to Himanshu
Dwivedi, managing security architect of @stake, a
digital-security consulting firm, "Fibre Channel
networks lack authentication, encryption, and
authorization normally found in IP networks."
According to @stake, most companies feel secure
with their SAN security; however, a growing number
of SANs connected to the Internet are increasingly
exposed to potential security breaches. Dwivedi
said, "90 percent of all SANs have been set up with
soft-zoning, a technique that relies on World Wide
Name to determine LUN access. However, World Wide
Names can be changed on the fly if you can gain
access to the host bus adapter device driver."
Source: Windows & .NET Magazine
Sample Chapter: Windows Server 2003: The Complete
Reference
-- 'Tweaking and optimizing performance'
This chapter will
give you a solid understanding of why you need to
adhere to performance optimization and capacity
planning procedures. It's common for administrators
to pay little attention to tweaking and optimizing
performance. After all, maintaining a Windows
Server 2003 environment is challenging enough
without having to consider performance aspects. But
performance optimization and capacity planning does
affect you, your environment and users'
perceptions.
Click here to download the PDF file
Free registration may be required
Source: SearchWIn2000.com
Panel Probes the Half-life of Bugs
Researchers find that software
vulnerabilities have a predictable decay rate, and
the Microsoft RPC hole is currently the most
prevalent on the net. Source: SecurityFocus.com
Finding Bad Spam Delights Geeks
SpamAssassin, the popular antispam
service, has spawned a new geek sport: finding the
most egregious examples of junk e-mail. The more
blatant the come-on, the higher the score.
Enthusiasts say it's fun to see how stupid spammers
can be. Source: Wired
Past Archives
|
