Good Evening Members, Visitors and Friends!
QuickStart Intelligence
Offers Windows Server 2003 FREE Training SeminarsHere are the course outlines to choose from:
Course 2664B - Windows 2003 Server Seminar for Windows NT IT Professional
http://www.quickstart.com/html/myqs/my_training/enrollment/coursedescription.asp?productnumber=2664B
Course 2665B - Windows 2003 Server Seminar for Windows 2000 IT professionals
http://www.quickstart.com/html/myqs/my_training/enrollment/coursedescription.asp?productnumber=2665B
We have already arranged and conducted quite a few of these events for other organizations we work with and the response so far has been very positive. In fact QuickStart has two of the top ten Instructors in the U.S. according to Microsoft for teaching these events.
I am also arranging a few dates for open enrollment classes at Microsoft in Irvine in late August. These will be limited in size and number and on a first-come, first-serve basis. I am finalizing the dates soon. Anyone who wants to either have a private training event at their company (25 attendees required) or would like to see if they can snag a seat in one of the open enrollment classes should email me ASAP. FIFO for the OE classes.
QuickStart Intelligence
Microsoft warns of critical Windows flaw and announces new Patch
Excerpted from an Article by Robert Lemos, CNET News.com, July 16, 2003, 1:09 PM PT
"The software giant issued a patch Wednesday morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME. "
"A group of Polish hackers and independent security consultants, known as the Last Stage of Delirium, discovered the flaw and worked with Microsoft to fix it."
" 'It should be emphasized that this vulnerability poses an enormous threat, and appropriate patches provided by Microsoft should be immediately applied,' the group said in an advisory posted to its Web site. The group said that programs designed to exploit the vulnerability will likely be available on the Internet soon."
"The flaw is in a component of the operating system that allows other computers to request the Windows system perform an action or service. The component, known as the remote procedure call (RPC) process, facilitates such activities such as sharing files and allowing others to use the computer's printer."
"By sending too much data to the RPC process, an attacker can cause the system to grant full access to the system."
" 'This would give the attacker the ability to take any action on the server that they want,' Microsoft stated in its advisory. 'For example, an attacker could change Web pages, reformat the hard disk, or add new users to the local administrators group.'"
"Jeff Jones, senior director for Microsoft's Trustworthy Computing effort, said that, in addition to applying the patch, users and systems administrator should close down any unused communications channels, or ports."
" 'Customers should protect their network with a firewall,' he said. 'Individual users should use the Internet Connection Firewall or some other personal firewall.' The Internet Connection Firewall is a feature of Windows XP and Windows 2003 that limits the ways that a potential intruder could attack from the network."
"Ports are standardized software addresses that allow applications to exchange data. Firewalls routinely prevent access to such services from the Internet by blocking the specific port used by a computer to offer those services."
Download your Windows Operating System Patches from Microsoft
Clearly, you're going to need to download the patch from Microsoft, if you haven't already done so. If you're using a more recent version of Windows, such as XP or 2000, or 2003, while you are online, use the Start button, and select Windows Update, and you will be magically whisked to the necessary web page for locating the download(s) you require. If you are using an older version of Windows, go to http://www.microsoft.com, look down the left hand navigation bar and click on Windows Update. Their system will determine which operating system version you are using, and suggest the correct files to download and install.
Be sure to update your system soon. Leaving your system vulnerable to intruders can be less than fun when you end up reinstalling the entire setup. I've been there. Gee, I did back up that directory, didn't I? Now where are those floppies?
--Editor
Meeting Announcement: August 14, 2003
At our next meeting, we will have two presentations:
CitrixTo preview the products and services of these vendors, be sure to check out their web sites at www.citrix.com, www.agile360.com, and www.vlsystems.com. Watch your email for meeting notices.
- MetaFrame Secure Access Manager (Aggregates Web, Windows and UNIX apps into a single, role based browser interface)
- MetaFrame Conference Manager (like Web-ex, but on your network)
- MetaFrame Password Manager (single sign-on)
Microsoft
- SharePoint Portal Server
Hosted by Microsoft and Agile360 with a special guest technical speaker from VL Systems
Agile360 provides information technology services and solutions to enable the “agile” business. Offering scalable computing, networking and security solutions to meet objectives and ongoing changes, Agile360 is known for their design and technical expertise. Their mission is centered around three basic actions: to Simplify, Secure, and Manage IT infrastructure and operations.
VL Systems is a systems integration, systems engineering and software development firm providing enterprise technology solutions since 1978.
Previous Meeting Events
At the July 10 meeting both CommVault Systems and PowerQuest delivered presentations for differing types of enterprise-level backup solutions. First, Josh Berezin, CommVault's Southwest District Manager (jberezin@commvault.com), and Gary Cook, presented CommVault's QiNETiX solution for data protection, Galaxy Backup and Recovery. Galaxy offers data protection for medium to large data centers, where a large number of servers and workstations must be serviced with zero downtime. Galaxy can be managed completely from a single console, works with tape, disk, or optical backup devices, runs entirely without work stoppage, and offers block or file level granularity of retrieval. For more information, go to www.commvault.com.
Next, Tim Chappell (tim.chappell@powerquest.com) described PowerQuest's enterprise-level backup solution, the V2I Protector, based on PowerQuest's well-know, powerful disk imaging technology. This solution is ideal for smaller shops, because it can be purchased on a per machine basis, and is, therefore a less expensive backup and recovery solution. Because the Protector images the entire disk partition, system and application services must be temporarily stopped during the imaging process, and restarted afterward. However, the imaging process is extremely fast, backups could be run during a pre-scheduled downtime cycle, or when and in such a way that it is possible to recover missed transactions. The advantage of disk imaging technology is in both the speed and accuracy of the image. V2I Protector can be managed from a single console, and offers the ability to rapidly recover block-level or file-level data. Bare-metal recovery is easy with Protector. PowerQuest also offers V2I Builder, for rapid deployment of disk images. For more information, go to www.powerquest.com.
Random Access Department: Firewalls, Ports and the Internet
The announcement by Microsoft (see news above) of another hole in the Windows operating system, leaving your systems open to hacker attack, serves to underscore the need for firewalls and a clear understanding of TCP/IP ports. The method of attack in this particular case is through remote procedure calls, port 135. When this port is overloaded with calls, it reverts to granting administrative access to the system, something you really don't want. Obviously, if you allow remote access through HTTP, but you don't want anonymous users sending rpcs to your system, port 135 should be closed.
It is recommended that there always be at least two firewalls in place. Windows Server 2003 offers its own built-in firewall, as does Windows XP through its Internet Connection Sharing service. Of course good routers on your primary Internet access lines should always have a functioning firewall in place (and don't forget to change their access passwords, frequently). However, even Microsoft recommends having additional firewall software on each system, and this goes double for wireless access systems. In fact, Ed Roberts mentioned that wireless access is available at our User Group meetings, for those of you with wireless laptops, but he also stressed that you should have firewall software in place if you use it (because if something nasty happened to your system, you might become very stressed!).
Hackers may use port scanning software to determine which of your system's ports are open and vulnerable to attack. Good firewall software will let you manually adjust the ports according to the needs of your applications, closing all ports except those required. For example, if you are allowing remote access to your SQL Server, port 1433 must remain open, unless you only allow SQL access through XML documents, in which case 1433 should be closed, and only HTTP port 80 remains open. However if you don't want some clown telneting into your system, port 23 had better be closed. Of course, everybody reading this is a pro and knows all this stuff, right?
Famous Ports of Call to remember: 20,21 FTP service; 23 Telnet; 25 SMTP & 110 POP3 (for regular email); 53 DNS; 80 HTTP; 119 NNTP (for newsgroup access); 135 RPC; 137,138,139 NetBIOS; 143 IMAP4 (for better email control); 161,162 SNMP (for network management); 389 LDAP (for Active Directory); 993 IMAP4/SSL & 995 POP3/SSL (for secure email); 1433 SQL Server; 1434 SQL Monitor. For more information on Well-Known Ports, go to http://www.iana.org/assignments/port-numbers
Favorite Third Party Tools Department: Firewalls
Everybody has their favorite third-party firewall software. ZoneAlarm offers both a free version for personal use, and a professional version, which is not expensive. McAfee and Norton offer excellent firewalls with their anti-virus software packages, which cost a little more, but still are not classed as expensive. Sygate offers a personal firewall, and there are several others to be found at www.download.com, www.hotfiles.com, or www.simtel.net. Most of these firewalls operate mostly automatically, however, and do not permit you to close specific ports. A really nice, basic application is Tiny Personal Firewall, which does permit you to tinker directly with port numbers, allowing or denying access.
Tiny Personal Firewall 2.0 does have automation, asking you when an application requests access, and allowing you to make a filter rule for that app on the spot. However, it gives you further control, permitting creation of specific filter rules for any port number. For instance, for the Internet, you could block all ports, with the exception of the most important ones, 25, 80, and 110 (and 119 if you get a newsgroup). This would give a reasonably high level of protection, but might not work with all needed applications. Some ISP's use other port numbers for specific functions, so your connection might fail if their desired port is blocked. Notice in the example below, I have blocked, not only Telnet, and RPC calls, but also all of the high port numbers above 1023, ports often attacked.
The version I used, 2.0, was freeware that I found on Simtel.net. However, I have been unable to find this version in recent years. Tiny Personal Firewall 5.0 is now available from Tiny Software, www.tinysoftware.com, and is shareware. For those who would like it, I will have version 2.0 available on floppy disk at the meeting, and I will email it to any who requests it.
Final Notes...
Corrections to the last Newsletter:
1. Edson Leh, email should be: eleh@icarian.biz
2. Apparently, I should have thanked Microsoft's Steve Balmer, rather than Bill Gates, as the new marketing scheme was Steve's idea. Well, thanks, Steve!
New Event Planning Consultant
We have hired a new Event Planning Consultant, Lisa M. Mendiaz of
A Social Affair
2604-D Tustin Av.
Santa Ana, CA 92705
asocialaffair@adelphia.net
714-532-9855
Don't forget to download your Windows Operating System Patches from Microsoft.
Call for Articles
Once again, I'd like to request that any writers, either professional or aspiring writers, among the membership, who would like to contribute informational articles to the OCNTUG Newsletter, please forward them to me, rholtzman@netzero.net, in either .rtf or plain text format. Thank you!
See you at the next meeting!
Robert Holtzman, Editor
OCNTUG Newsletter Volume 1 No. 2 07/24/03