March 29, 1997
Sunbelt Windows NToolstm Electronic
Newsletter
Vol. 2, #7
USA:
www.ntsoftdist.com
EUROPE:
www.sunbelt.co.uk
Sunbelt Windows NTools E-News Sunbelt
Windows NTools E-News is the world's largest E-newsletter
designed for NT System Managers that have the job of getting and
keeping WinNT up & running in a production environment.
Sunbelt launched this electronic newsletter so that we could keep
members of the Windows NT community informed and aware of what is
happening with 3-rd party NT System Management Tools, and to
provide hints and tips that will enable you to better understand
and utilize Windows NT. You'll find general Windows NTools
related and third party news, technical information, and 3-rd
party beta and release information. By subscribing to NTools
E-News, you are
also a charter member of the Sunbelt Field Test Bonus Program.
Sunbelt Software is the first and largest distributor worldwide
of Third Party System Management Tools for Windows NT.
This Issue of Windows NToolstme-news contains:
1. "EDITORS CORNER"
2. "TECH
BRIEFINGS"
* GOOD NT WEB SERVER ATTACK TOOL
* SUDDENLY NT LOCKS OUT NETSCAPE USERS?
* LAX SECUTITY PRACTICES AT ALMOST 50% OF FORTUNE 500
* MAKING A CONTIGUOUS PAGEFILE
3.
"NT RELATED NEWS"
* RELIEF: NO NEW O/S RELEASES FROM
MICROSOFT THIS YEAR
* NT BECOMES MULTI-USER VERY SOON !!!
4.
"THIRD PARTY NEWS"
* FREE DOWNLOAD: FILE RULES "DISK
VIEW"
* NEW PRODUCT ANNOUNCEMENT: ULTRABAC
* POWERFUL NEW NT SPECIFIC COMMAND LANGUAGE: XLNT
* ANNOUNCING NEW NT BURGLAR ALARM: SHADOWARE [tm]
* NEW SYSTEM ADMIN UTILITY:
* ETHERPEEK FOR WIN NT RELEASED
5. "HINTS
AND TIPS"
"APRIL COOL DEAL OF THE MONTH"
6. "HOW
TO USE THE MAILING LIST"
*Instructions on how to subscribe, sign off
and change addresses.
"EDITORS
CORNER"
This time another NTools E-News loaded with goodies and new
available downloads. NT is moving rapidly and the whole
third party market is throwing themselves into this market
with abandon. It's going to be a task in itself to have to
choose between 10 different tools that are all competing
in the same marketspace. A good example is Performance
Management, there are already 6 or 7 players there.
Sunbelt will keep you informed about the newcomers and
provide you with new useful products in new categories.
Usually we choose the Best Of Breed product to provide you,
after thorough analysis of the market, and today we have
TWO NEW PRODUCTS for you that we find are the best to be
found.
Have a look and tell me what you think.
Warm regards,
Stu
*************************************************************************
2. "TECH
BRIEFINGS"
* GOOD NT WEB SERVER ATTACK TOOL
Looking for a SATAN like tool to attempt to break NT webserver
security?
Have a look at SafeSuite: a powerful internet security scanner
that does a lot of what SATAN does plus it probes for NT
vulnerabilities: http://www.iss.net
-------------------------------
* SUDDENLY NT LOCKS OUT NETSCAPE USERS?
Here is the problem:
In the User manager:
For the User: Internet Guest Account
Under User Properties and Account Information:
You may have changed Account Type from Global Account to
Local Account for Users from Untrusted Domains.
This will not allow Netscape users to view the site!
Change it back, that will do the trick.
-------------------------------
* LAX SECUTITY PRACTICES AT ALMOST 50% OF FORTUNE 500
NEW YORK, NY -- A national survey of computer networks which
included 247 of the Fortune 500 companies disclosed that an
alarming
number of the nations largest companies are vulnerable to
computer
break-ins that could result in the devastating loss of data.
Conducted
for the third year by Intrusion Detection Inc., a security and
software
development firm, the survey examined actual usage of passwords,
users
with unlimited access and the use of network circumvention
programs.
A total of 272 companies were examined.
"The Internet provides increasing opportunity to break into
networks, yet
companies are not doing any more to protect their security
systems than
they did three years ago," said Robert Kane, CEO of
Intrusion Detection.
"Despite widespread recognition that the use of passwords
and user IDs
is the first line of defense against unauthorized access, our
examination
found that password and user ID management was surprisingly
lax," he said.
"For example, 27 percent of users were not required to use
passwords or
they were easily guessed, and 22 percent of users had unlimited
access
to the network."
The number of users with unlimited access is far more than is
necessary
to administer the number of file servers installed at the survey
sites.
"With unlimited privileges, users are free to roam the
network with
unrestricted access to sensitive information that could be read,
tampered
with or improperly handled. In effect, they control the keys to
the
kingdom," Kane said.
Other security lapses related to password and user ID practices
included:
. 16 percent of user IDs were inactive, providing intruders the
opportunity
to enter a system undetected
. 14 percent of LANs were running tools that could circumvent
security
. 13 percent of users were not required to use passwords
. 82 percent of users were not required to change their passwords
. 44 percent were not required to use long enough passwords
Although some network tools are commercial products intended for
legitimate purposes, the firm also uncovered utilities such as
Netcrack, a
hacking program that exposes passwords by brute force.
"There are several
utilities marketed as shareware and freeware that are readily
available to
members of the computer underground or a disgruntled employee
that could
be used to breach network security," Kane said. "In our
surveys, we are
finding more cracking tools are being deployed on corporate
intranets.
Network administrators should carefully weigh the benefits of
using these
tools against the risks that they may fall into the wrong
hands," Kane
said. Internet and Intranet access has also become a security
concern as
organizations allow users to dial into corporate networks using
the Net as
access medium. Some companies offer their employees world
Internet access
through a stand alone file server, protecting critical
information.
However, many allow outside access directly to the network
architecture
without sound internal security. For protection, they have relied
entirely
on firewall products. However, even the best firewall cannot
protect
against a determined hacker. It is the internal controls, such as
requiring
IDs with passwords, that ultimately makes the difference between
a protected
and vulnerable network, Kane cautioned.
The Intrusion Detection survey found a large increase in
organizations
deploying Microsoft Windows NT networks. While NT has very robust
security
features, the lack of experienced administrators allows for
mistakes that
might leave a network wide-open for attack, Kane said. For
example, NT
includes the user ID "guest" which has no password. The
security survey
found several instances where administrators had not renamed the
ID or
created a password, the recommended security solution.
The survey found that NT can become very complicated to
administer in a
multiple domain model with several trust relationships. For
example, a ten
domain network can have up to 100 trust relationships to manage.
Not only
can these trust relationships be confusing, they also enlarge the
number of
administrator users that have access to the global network.
As another example, in the standard master domain model, an
administrator
in the London office domain would typically have administrator
rights
to the entire U.S. domain. With wider access, there is a strong
increase in the chance of a successful or accidental security
incident.
In addition, any one of the administrators in this group could
potentially
read sensitive files on the CEO NT workstation. Network security
at 272
sites examined in the survey was assessed using the Kane Security
Analyst
(KSA), a security tool designed to speedily evaluate security of
networks
running Novell NetWare 3.X, 4.x NDS or Windows NT operating
systems.
KSA examines an extensive range of security attributes including
user ID
and password security, access control, user account restrictions,
system
monitoring, data integrity and data confidentiality. The results
of a KSA
evaluation are compared against KSA's knowledge-base of industry
best
practices to determine whether the site�s LAN security
policies and
procedures are in line with those of other organizations in the
same
industry.
More info: http://www.ntsoftdist.com/ksa.htm
--------------------------------------
* MAKING A CONTIGUOUS PAGEFILE
Note: Microsoft recommends reserving a single NFTS partition for
the
pagefile. Additionally, Executive Software recommends setting the
initial
size and the maximum size of the pagefile to be the same.
Although this
method potentially uses more disk space, it prevents the pagefile
from
extending, and thus from becoming fragmented over time.
However, for those of you who have not been able to do either of
these
steps, here are some suggestions for reducing or eliminating the
fragmentation of your pagefile:
Method 1: Without a defragmenter
This is the easiest method, and the only one that works without a
defragmenter. The drawbacks are, you have to reformat your disk
to
create a new partition, and you can't extend your pagefile beyond
the
preset partition size.
If you do not have a defragmenter or you are not going to change
the
size of your pagefile in the foreseeable future, the easiest
method is
to create a partition of the size you want the pagefile to be,
then
fill it completely with your pagefile.
1. Create the partition.
2a. For Windows NT 3.51, go to Control Panel, choose System, then
Virtual
Memory.
2b. For Windows NT 4.0, go to Control Panel, choose System, then
Performance, and click on Change.
3. Select the new partition.
4. Set the initial and maximum sizes of the pagefile to the same
value
(so the pagefile will not grow and thus fragment) and click on
Set.
5. Select the partition which has the existing pagefile.
6. Set the initial and maximum sizes of the pagefile to zero,
then
click on Set.
7. Now reboot, and you will have just the new pagefile on the new
partition.
Method 2: With a defragmenter
This method requires at least two partitions, and enough free
space to
install a second (temporary) boot of Windows NT.
1. Install a second, temporary boot of Windows NT, preferably on
a
partition other than the one where your original, fragmented
pagefile
exists.
2. Perform these steps while running under your temporary Windows
NT boot:
A. Set the pagefile on the temporary boot to reside on a
partition
other than the one where your original, fragmented pagefile
exists.
B. Install Diskeeper.
C. Rename the original, fragmented PAGEFILE.SYS file to any other
name
(PAGEFILE.OLD, for example).
D. Defragment the partition where your original pagefile resides.
E. Rename the (now defragmented) original pagefile back to
PAGEFILE.SYS.
3. Reboot your computer, using your original boot. Windows NT
will
automatically locate and use the freshly-defragmented pagefile.
If you have any problems or questions, please send them to
dknt_support@executive.com.
(c) Copyright 1997 Executive Software International, Inc. All
rights
reserved.
**********************************************************************
3. "NT RELATED NEWS"
* RELIEF: NO NEW O/S RELEASES FROM MICROSOFT THIS YEAR!
Microsoft Corp.'s Memphis, until recently known as Windows 97,
has
become a 1998 product, according to OEM and other industry
sources.
The Bottom line: Microsoft will not ship any new O/S releases in
1997.
This gives overloaded System Administrators some time to catch
their
breath and create a more stable environment, this is good news.
Microsoft officials privately have begun warning hardware
partners
not to expect to preload Memphis on systems this year, said OEM
sources.
Also MS has officially rechristened Memphis "Windows
9x." Until the
past week or so, Microsoft and its partners commonly referred to
Memphis as "Windows 97."
Memphis is the first full-fledged upgrade to Windows 95, and will
be
about 90 bucks, this is not a free upgrade! It is slated to
include
an optional FAT32 file system, support for new PC Plug and Play
stuff,
and a "Live-Update" capability enabling it to
automatically find,
download and install operating system updates and add-ons.
Microsoft Chairman Bill Gates said last week that NT 5.0 would
ship
by midyear 1998, up to a quarter later than Microsoft officials
were
predicting earlier this month. OK Guys, we bought some time,
let's take
this chance to catch up :-)
--------------------------------
* NT BECOMES MULTI-USER VERY SOON !!!
Microsoft hits back and fires off a solid round in PC <->
NC war.
Their plans to add multiuser functionality to Windows NT will be
revealed fully "sometime in the next few months,"
according to Bill Gates.
At a news conference last week detailing Microsoft's new alliance
with
Hewlett-Packard, Gates also said that future versions of MS
Office
applications would have an option of leaving most of the
application
logic on a network server. Such server-based applications fit
into a
plan that lets Windows NT support multiple users off a single
box,
so that very light workstations can be used.
-------------------------------
* MICROSOFT ANNOUNCED MORE SECURE WEB SERVER PLATFORMS
Last Wednesday Microsoft unveiled its new Internet platform,
called
Marble, aimed at financial institutions that want to make their
sites
on the World Wide Web more secure, but you and I can use it too I
guess :-)
Marble will help developers create Web sites that allow customers
to view
statements, transfer funds and pay bills online. The platform is
based on an
open systems approach to financial software programming known as
the Open
Financial Exchange specification. Marble is expected to be
available in
September. Pricing has yet to be announced.
Marble is part of the company's strategy of expanding its
software
business for banking and other financial concerns. It will join
other
financial products such as Investor, which allows users to access
information about public companies and the stock market.
4."THIRD
PARTY NEWS"
* FREE DOWNLOAD: FILE RULES "DISK VIEW"
We have a free download available for you: On the File Rules
product webpage http://www.ntsoftdist.com/filerule.htm you
are able to get the 1 Meg free DISK VIEW Tool. This nifty
free utility goes out on the net for you and shows the space
on all drives it can find, and allows you to drill down into
them to see what files take up a lot of space. Very useful
and does not expire. It's for you to use!
----------------------------------
NEW PRODUCT ANNOUNCEMENT: ULTRABAC
After quite a thorough analysis of the NT Backup market Sunbelt
has again decided for the best technical and most useful product
on the market. This does not necessarily mean we have taken the
market leader, but we chose the product that is the fastest and
comes with the most powerful features that we feel system admin's
need to get their job done. Have a good look at the features!
UltraBac incorporates Image Backup Technology with Boot Floppy
Restore for Windows NT version 4.0. UltraBac is a high
performance
backup software for Expedited Disaster Recovery. Now both image
and file based backups can be scheduled together during the same
session to tape. UltraBac is NT 4.0 compliant and supports all
O/S versions. Other major enhncements include: Optional
Microsoft Exchange & SQL Agents which allow either full or
incremental backup of active databases, media rotation &
password
protection and an upgraded ULTRAVUE network backup administration
module.
Have a look and answer this question: "How does your backup
software
compare to this"?
- Fastest Windows NT backup software as tested by Communications
Week and Windows NT Magazines (April 96' Editor's Choice Award).
- Image backup and system boot recovery diskette option.
- "Open Shared" files are automatically backed up with
an open
status entry written to the backup report.
- "Disk-to-Disk" backup option for fixed &
removable disks including
magneto optical drives. Disk incremental with full tape backup
provides 2nd level of data security for nightly unattended
backups:
exclusive "Fault Tolerant" mode of operation.
- Software compression feature for maximizing backup storage
space
on disk, magneto optical and tape drives that do not offer
hardware
compression.
- Disk De-fragmentation option (backup, verify, clear or
reformat,
and restore) for both attended and unattended modes of operation.
- Full 32bit multi-tasking, multi-threaded program design for
fast,
efficient and reliable operation.
- Network security is maintained through the use of Windows
NT’s
Service function and an operator need not be left logged on to
perform an unattended backup.
- Fully featured "Scheduler" module for launching
unattended backups.
- Scheduled backups across the network can be monitored and
administered
using the ULTRAVUE Network Administration module.
- Scheduled backups can be dynamically created, enabled, disabled
and
deleted through simple programming.
- Dynamically connects and disconnects client disk resources for
network
backup operations during either attended or unattended backups.
- Supports simultaneous backup sessions on up to 32 output
devices.
- Reroutes a backup to an alternate output device if the primary
device
fails due to a media problem or hardware error.
- Cascades the backup in sequence to the next designated output
device
when the media in each successive device becomes full.
- Optional tape duplication module enables a mirror copy of an
input
tape or disk to be made concurrently on up to 32 similar output
devices.
This option allows creating a "morning after" backup
copy for off-site
storage, conversion from one media format to another (4-8mm), or
creation
of multiple software update copies. Works with most third party
tape
program formats.
- Autoloader support for sequential access mode of operation.
- Optional autoloader support for random access mode of
operation.
- Optional driver to enable full 40gb capability for
Quantum’s DLT4000.
- Operators can easily create and save reusable backup control
sets for
repetitive backup operations.
- Supports Full, Incremental, Differential and Archive Bit logic
for a
flexible array of backup strategies.
- Autmatic program logic for including modified files from the
"Begin of
Day", "Begin of Week", "Begin of Month"
or the "Last ‘NN’ Days".
- Allows prioritization of the backup sequence. Strategic files,
directories
and disks can be selected in a prioritized order for backup
processing to
insure that critical files are backed up first.
- User exits are available before and after each backup
operation. Multiple
backup operations can be chained together using this function or
the
ULTRACOPY media duplication utility can be invoked after the
backup
finishes.
- User exits are available before and after each backup set.
These exits are
designed to be used for the execution of command line prompts of
batch
files, such as those required to open and close a database
application
before and after backup.
- Backup control sets are ASCII files that can be optionally
created or
modified with any standard text editor.
- Backup control sets can be dynamically created and run through
the command
line interface. This allows backup sets to be programmatically
created
based
on real time variables derived prior to execution.
- Automatic output media verification option using industry
standard 32bit
CRC logic immediately after attended or unattended backups.
- Media verification can be performed on a previous backup
anytime to verify
the media’s integrity and confirm the ability to restore its
files.
- Every backup creates a complete index (catalog) of files which
is written
to
both the output media (tape or disk) and to an online directory.
The latter
allows file retrievals without first searching an output media
for its
content.
- Global Search function for locating files across indexes stored
on disk. As
an option, the search can be limited to date(s) of backup.
- Restores are performed by either using the index located in the
online disk
directory or by reading the backup media and retrieving the index
- Option to invoke automatic purging of backup indexes written to
disk after
"NNN" number of days.
- Restores files to any disk with or without the original
directory structure.
- Individual registry files can be restored selectively. This
feature
simplifies
hardware replacement by permitting the restoration of specific
registry
files
containing information such as shares and permissions.
- Fastest possible tape positioning logic for file retrievals
(30-180
seconds,
varies according to OEM specifications).
- A separate report is generated for each Backup, Restore and
Verification
operation performed.
- Media monitoring system alerts the operator when a tape has
exceeded a set
number of uses. This feature serves as a warning to replace a
tape before
it
can cause a backup to fail.
- Media monitoring system can be enabled to either prohibit or
warn when the
re-use of an unexpired output target is attempted. The
prohibition feature
will prevent accidental over-write operations.
- Media monitoring system option to append, over-write or abort
when a
scheduled
backup discovers an unexpired tape mounted for use.
- Media monitoring system requires an operator to correctly enter
a password
when restoring files from password protected media.
- Network management option allows an operator to enable,
disable, modify or
create a scheduled backup from any remote NT Client.
- Network viewer module allows an operator to check the backup
status
throughout
the enterprise from any NT station.
- E-Mail interface via MAPI allows both the delivery of backup
status reports
to a wide range of E-Mail platforms and can be used to initiate
an alarm
page
to an after-hours operator in the event of a failed backup.
- Writes key backup "way points" into the Application
Event Log.
- Optional Microsoft SQL Agent which allows the backup of an
open, active
online database (either full or incremental).
- Optional Microsoft Exchange Agent which allows the backup of an
open,
active
online database (either full or incremental).
- Comprehensive user manual which is provided as both online help
and written
documentation.
- Tape and Disk Catalog Management systems and much more...
You want to have a copy of this puppy to give a spin and
test out: http://www.ntsoftdist.com/ultrabac.htm
-----------------------------
* POWERFUL NEW NT SPECIFIC COMMAND LANGUAGE: XLNT
XLNT, the eXtended Language for Windows NT/95, provides a
powerful,
easy to use advanced scripting language to facilitate command
line and
batch interfaces for Windows NT. XLNT is perfect for describing,
testing, and implementing repetitive tasks without reliance on
traditional programming languages.
XLNT is a powerful tool to deal with the everyday requirements of
implementing, running and maintaining Windows NT systems. XLNT is
ideal for:
1. System Administration for Local and Remote Systems
2. Automating Repetitive tasks
3. NTFS Maintenance
4. Scheduling and Administering events on Local and Remote
Systems
5. Simplify Ad-Hoc Program Generation
6. Internet and Intranet CGI scripting
System Administrators will find XLNT an ideal solution to ensure
a
secure link, via TCP/IP or pipes to a remote system(s) to perform
such
tasks as registry manipulation, installing, starting and stopping
services and the validation of system resources.
Power Users will truly appreciate XLNT's abilities to search for
files
across the network, show services and shares on all systems and
the
ability to automate repetitive tasks while notification is
provided as
to all transactions.
Webmasters can more easily create and maintain both Internet and
Intranet files, systems and CGI functions.
Everyday Users will value the power of our command and scripting
language that provides advanced programming functions such as
"for,
while, if " not found in NT/DOS. Unique capabilities such as
wildcards, date and time options
XLNT makes tedious, repetitive tasks easy to script and
implement.
More on XLNT:
XLNT is ideal for:
System Administration for Local and Remote Systems
Monitor and Modify Processes
Log-in Scripting for Security
Look-up and Modify Registry Items
Install, Start and Stop Services
Secure Login to other NT systems via pipes or TCP/IP
Automating Repetitive tasks
Run batch jobs
Create utilities and procedures
System Housekeeping is simplified
File Maintenance
Manipulate files on both local and remote systems
Supports wildcards and UNC specifications
Commands can reference dates for automating repetitive tasks
Search for string data or files on local or remote systems
Delete/Copy/Move temporary or seldom used files
Supports Windows NT Security
Schedule and Administer events on Local and Remote Systems
Schedule jobs for off-hours for better system utilization
Logging for tracking operations and results
Simplify Ad-Hoc Program Generation
Powerful commands such as "while, for, until")
Integrate XLNT and DOS commands for more powerful BAT files and
scripts
Internet and Intranet CGI Scripting
Collect Data
Parse Data
Create Interactive forms for the web
XLNT's Strengths:
XLNT has powerful features and functions
Built-in functions for file and text handling
XLNT is "Easy to Use"
"English-like" commands
Simple to use syntax
Instant familiarity to DCL (Digital Command Language) users
Remote Login to another Windows NT system via "Set
Host"
Integrated with WinNT (cmd) command set
Invoke System and User API's
Fast development of Command Procedures
Effective Batch Capabilities
XLNT makes it easy to:
Automate repetitive tasks
Manage and Support Local and Remote Systems
Simplify Ad-hoc program creation
Schedule and Administer Events on Local and Remote Systems
Supports Windows NT 3.51 and 4.0 plus Windows 95.
Supported on Intel and Alpha platforms
Download your eval copy NOW at:
http://www.ntsoftdist.com/xlnt.htm
----------------------------------
* ANNOUNCING NEW NT BURGLAR ALARM: SHADOWARE [tm]
Sunbelt will shortly be able to provide this interesting new
tool:
The first and only real-time network security monitor for
Microsofts
Windows NT will be released this month by Intrusion Detection
Inc.
The new Kane Security Monitor(TM) KSM) using SHADOWARE technology
makes it possible to identify both subtle and obvious security
violations caused by outside hackers or even inside authorized
users.
"The KSM serves as a 24-hour burglar alarm that constantly
watches NT
networks for suspicious activity, like excessive bad password
attempts or
efforts to invade a CEOs desktop computer," said Robert
Kane, CEO of IDI.
When the KSM detects a potential break-in, it automatically
alerts the
companys security personnel.
"NT is the worlds best selling server operating system and
is rapidly
becoming the leading platform for intranets and the Internet. Now
companies
will have the ability to thwart the hackers who have become
increasingly
bold in attacks on corporate networks," he said.
The KSM uses SHADOWARE(TM) technology and is integrated into IDIs
award-
winning Kane Security Analyst (KSA) products which assess
potential
security exposures in networks. The KSM for Windows NT
immediately alerts
company security officers of a break-in as it is occurring.
The KSM analyzes NT security event logs on thousands of NT
servers and
workstations in a corporate network. Using artificial
intelligence from
IDIs proprietary technology, the KSM detects security abuse
patterns. The
KSM provides a centralized collection of audit information of
suspicious
activity, utilizing NTs event reporting capability, which can
indicate
potential vulnerabilities in the network that need to be
addressed.
The KSM identifies the following types of security break-ins:
-- Browsing
-- Ghost IDs
-- Curious users
-- Masquerading users
-- Denial of services
-- Password cracking
-- Excessive privilege granting
-- Administrative ID abuse
-- Failed file access attempts
-- Supervisor abuse
-- Failed login attempts
-- and more
The KSM can be configured to watch for a particular event over
the
network, such as repeated bad password attempts on a user ID, or
an attempt
to access highly sensitive classified information. When a
security breach
occurs, the KSM will immediately notify the appropriate security
officers
through e-mail, fax or pager.
"No matter how high companies build security firewalls
around their
networks, determined individuals will still try to break
in," Mr. Kane
said. "The KSM is the next frontier of security solutions.
Even if a hacker
gets over the wall, the KSM with SHADOWARE will catch them before
they can
do any damage."
The KSM uses artificial intelligence to filter through security
and audit
data to create digital signature fingerprints of all network
users. As
network data is monitored, both subtle and obvious unauthorized
activities
can be identified and tracked to outside hackers or inside users.
As
individual users access the network on a daily basis, the KSM
takes a
digital signature fingerprint. As time passes, the KSM creates a
unique
usage pattern for each user. For example, a user almost always
logs on to
the network during normal business hours. If that user suddenly
logs on to
the network at an odd time or tries to access classified data,
the KSM
would recognize this as unusual activity and notify a security
officer or
administrator.
Features of the KSM include:
-- Automatically identifies security violations before they
occur.
Attack patterns monitored include: Uncovering password guessers,
curious
users, file browsers, compromised user IDs, password cracking
attempts,
network doorknob attacks, privileged ID abuse, data flooding and
packet
browsing.
-- Provides a psychological deterrent against system abuse by
insiders
and tighter control over privileged user IDs.
-- Focuses special attention on the most sensitive users,
workstations
and files.
-- Minimizes setup time by using a self-populating database of
expert
security information.
-- Provides centralized security monitoring of all NT file
servers and
workstations.
-- Integrates with the KSA network security assessment product.
We will keep you up to date on delivery date and have eval's
ready for you.
-------------------------------
* NEW SYSTEM ADMIN UTILITY:
While you are roaming the web, have a look at this one, seems
interesting. It's called FileAdmin and might be useful...
Key features of the FileAdmin:
- Friendly graphics user interface.
- Add, Remove, Change, Clone, Replace of individual account's
permissions on NTFS without affecting other accounts'
permissions.
- Works within a single directory as well as on all subtrees.
- Accepts asterisks (*.*, *.exe, *.dll etc.)
- Works on UNC names
- Works on NT 3.51 and NT 4.0
- Some useful security tips included in the help file
Demo version of the program is available at:
http://www.ntsecurity.com/Products/FileAdmin/index.html
----------------------------------
* SYSTEM AND APPLICATIONS MANAGEMENT BY NETIQ
NetIQ announced the release of the NetIQ(TM) AppManager(TM)
Suite, the
industry's most comprehensive systems and application management
solution
for Microsoft(R) Windows NT(R) and Microsoft BackOffice(TM)
environments.
Using NetIQ's integrated product line, MIS personnel can optimize
performance, ensure availability through automated problem
detection and
correction, and reduce support costs associated with managing
distributed
Windows NT-based systems and Microsoft BackOffice server
applications such
as Microsoft Exchange Server(TM), Microsoft SQL Server(TM) and
Internet
Information Server (IIS).
"The NetIQ AppManager Suite is the kind of robust management
system that
we were looking for to help us manage our growing worldwide
deployment of
Windows NT servers," said Kurt Guerrero, Senior Network
Analyst at Northern
Trust Corporation, a Chicago-based multi-bank holding company
with locations
in the U.S. and abroad. "AppManager gives us not only
pro-active
notification of potentially serious problems in our environment
but in many
cases can make the corrective fix automatically, saving us
significant time
and effort."
The NetIQ AppManager Suite 1.0 is available today. NetIQ
AppManager's
pricing is based on the number and type of managed systems and
applications.
Software for managed systems start at $600 and consoles start at
$2,500.
Volume pricing and specially priced starter kits are also
available. The
NetIQ AppManager Suite supports Windows NT 3.51 and 4.0 Server
and
Workstation; Microsoft SQL Server 6.0 and 6.5; Exchange 4.0 and
5.0; Systems
Management Server 1.1 and 1.2; Internet Information Server 2.0
and 3.0; and
Microsoft Commercial Internet System News Server 1.0.
NetIQ can be reached at 408-556-0888; or via e-mail at
info@netiq.com;
or via the World Wide Web at http://www.netiq.com.
------------------------------
* ETHERPEEK FOR WIN NT RELEASED
I'd like you to tell me if you would like to source this product
through
Sunbelt. This is one of thos network tools you gotta have sooner
or later.
The AG Group releases EtherPeek for Windows 1.1 with
compatibility for
Windows NT in addition to W95.
The Ethernet network and protocol analyzer has real-time and
post-
capture packet analysis, powerful packet decoding, intuitive
address,
protocol and offset filtering capabilities, network monitoring
graphs, Automatic Name Resolution for IP addresses, and much
more.
EtherPeek software offers all the superior diagnostic and
analysis
capabilities expected of a full-featured analyzer at an
affordable price,
and is designed to make the complex task of troubleshooting
mixed-platform,
multi-protocol networks easy.
EtherPeek for Windows Main Features
-- Flexible, Intuitive Display
EtherPeek's main packet capture window, decoders, traffic graphs
and
charts provide users with easily accessible, relevant and
readable network
information. Flexible display options include setting colors,
flags, name-
for-address substitution, hiding and unhiding, selecting related
packets,
and more.
-- Powerful Event Trigger & Filtering Mechanism
EtherPeek's powerful event trigger and filtering mechanism helps
locate
and remedy network problems quickly by limiting captures to data
of
interest (i.e., specific node traffic, specific protocol packets,
specific
packets between communication partners). EtherPeek ships with
hundreds of
pre-defined filters which can be easily imported and applied
during or
after packet capture.
Users can also employ the simple "Make Filter" command
to readily create
and define filters to capture packets meeting address, protocol,
subprotocol
or data offset capture criteria. In addition, AG Group's
SmartDecoder(TM)
threading technology identifies conversational threads buried in
the
overall stream of network traffic for intelligent analysis of
network
communications.
-- Hundreds of Built-in Packet Decoders
EtherPeek decodes an extensive array of protocols and
sub-protocols
including TCP/IP, UDP, ICMP, IPv6, ICMPv6, IGRP, OSI, DECnet,
NetWare IPX,
NetBEUI/NetBIOS, XNS, SNMP, SNA, ARP/RARP, Banyan VINES, and
more. As new
decoders are added, they are made available free of charge.
-- User-Definable Decodes
EtherPeek users can add their own packet decoder specifications
to the
program. A decoder definition document and source samples are
available to
all registered EtherPeek owners.
-- Real-time Traffic Statistics
EtherPeek's real-time traffic graphs depict network traffic
patterns
since packet capture began in packets per second, bytes per
second or as a
percentage of utilization. Users can monitor overall utilization
as well
as focus on specific nodes, protocols or network conversations.
-- IP Name Resolution
With Domain Name Services, EtherPeek can map IP logical addresses
to
corresponding device names and automatically build Name Table
entries for
resolved names. This feature provides familiar, identifiable
names for
easier packet and device analysis.
-- Name Table Name-for-Address Substitution
EtherPeek's Name Table has the capacity to hold and translate an
unlimited number of device and protocol names and addresses.
EtherPeek
ships with Vendor ID and Protocol ID lists that are formatted for
easy
importing into the Name Table. Once imported, Protocol names can
be
substituted for hexadecimal IDs, and the first six bytes of a
device's
physical address can be translated to the Vendor name associated
with the
device.
EtherPeek also features a simple "Add to Name Table"
command that allows
the user to highlight specified packets, type in names to
associate with the
logical and physical addresses of the packets, and add them to
the Name
Table.
-- 100 MBit "Fast Ethernet" Support
In addition to 10 Base-T networks, EtherPeek for Windows also
analyzes
100 Base-T "Fast Ethernet."
EtherPeek for Windows Pricing
SRP: US $995.00 (Includes EtherPeek for WinNT & 95)
Site licenses and group discounts available.
http://www.aggroup.com/
*********************************************************************
5."HINTS
AND TIPS"
"COOL DEAL OF THE MONTH"
extended from March due to great interest:
Sunbelt Security Suite: KSA / Fortress-NT / TEM
This month we have a special offer where we combine 3 useful
tools in a package that covers all your basic NT security needs.
1) KSA is a terrific tool that allows you to run an audit and
get a report card where the vulnerabilities in your network are
exposed so you can correct them.
2) Fortress-NT allows you to automatic log-off idle users
and set log-on and log-off times for each nt-workstation. This
ensures internal security policies are complied with. Now
with REMOTE INSTALL.
3) TEM allows you to delegate tasks to trusted local system
admins to perform security related jobs like resetting
passwords and creating new users.
The three bought together gets you a very attractive discount.
Call your Account Rep and ask for the Security Suite!
Sunbelt Software 1-800-688-8404
6. "HOW TO
USE THE MAILING LIST"
Instructions on how to subscribe, sign off
and change addresses
TO SUBSCRIBE TO THE LIST
send the command 'subscribe nt-list firstname lastname'
as the first line of your message to listproc@intnet.net
_____________________________________________________
TO QUIT THE LIST
send the command 'signoff nt-list' or 'unsubscribe nt-list'
as the first line of your message to listproc@intnet.net
_____________________________________________________
TO CHANGE YOUR ADDRESS
First unsubscribe and then resubscribe as per the
procedure above.
*************************************************
FOR MORE INFORMATION
On the World Wide Web point your browser to:
For the newsletter:
http://www.ntnews.com
Back Issue Vol1
#13
Back Issue Vol1
#14
Back Issue Vol1
#15
Back Issue Vol1
#16
Back Issue Vol1
#17
Back Issue Vol1
#18
Back Issue Vol1
#19
Back Issue Vol2 #1
Back Issue Vol2 #2
Back Issue Vol2 #3
Back Issue Vol2 #4
Back Issue Vol2#5
Back Issue Vol2#6
USA:
http://www.ntsoftdist.com
EUROPE: http://www.sunbelt.co.uk
Email for US sales information to:
ntsales@ntsoftdist.com
Email for US Tech support to:
daved@pssi.com
Email for European Sales to:
chris@sunbelt.fr
Email for European Tech support to:
robdixon@sunbelt.demon.co.uk
webmaster
Legal Stuff:
This document is provided for informational purposes only. The
information contained in this document represents the current
view of Sunbelt Software Distribution on the issues discussed as
of the date of publication. Because Sunbelt must respond to
changes in market conditions, it should not be interpreted to be
a commitment on the part of Sunbelt and Sunbelt cannot guarantee
the accuracy of any information presented after the date of
publication.
INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS
IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM
FROM INFRINGEMENT.
The user assumes the entire risk as to the accuracy and the use
of this document. This document may be copied and distributed
subject to the following conditions: 1) All text must be copied
without modification and all pages must be included; 2) All
copies must contain Sunbelt's copyright notice and any other
notices provided therein; and 3) This document may not be
distributed for profit. All trademarks acknowledged.
Copyright Sunbelt Software Distribution, Inc. 1996.
[Back to Homepage] [Back to Top] Last Mod Date: Feb 24-1997 kgw: 04:00pm