Networking UPDATE--brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies.
~~~~ THIS ISSUE SPONSORED BY ~~~~
RECOVER ACTIVE DIRECTORY IN MINUTES, NOT HOURS www.aelita.com/winnetup021903
~~~~ SPONSOR: RECOVER ACTIVE DIRECTORY IN MINUTES, NOT HOURS ~~~~
Cut your workload and increase your Active Directory! Aelita's unique ERDisk™ for Active Directory already protects 1,200,000 user accounts. Automatically back up and granularly restore AD without taking AD offline. Evaluate a trial version today and get a FREE "I Recovered in 10 minutes" t-shirt. Click here to begin protecting your Active Directory TODAY!
February 19, 2003--In this issue:
- A Slammer Worm Postmortem
- Join the HP & Microsoft Network Storage Solutions Road Show!
- Try Windows & .NET Magazine!
- Tip: Stock Your Toolbox
- Hot Thread: Enabling and Disabling Network Connections
4. NEW AND IMPROVED
- Take Full Control of Your IP Traffic
- Protect Your Network from Server Failures
5. CONTACT US
- See this section for a list of ways to contact us
(contributed by Alan Sugano, firstname.lastname@example.org)
* A SLAMMER WORM POSTMORTEM
A few weeks have passed since the Slammer worm exploited a vulnerability in Microsoft SQL Server 2000 and brought large segments of the Internet to its knees. Although the crisis has subsided, the worm's rapid and destructive spread left many network administrators feeling anxious. The Slammer worm capitalized on a vulnerability that Microsoft released a patch for in July 2002. However, because many administrators hadn't yet applied the patch, their systems remained vulnerable, which emphasizes the importance of staying current with service packs and patches. Microsoft included the patch in SQL Server 2000 Service Pack 3 (SP3). Before you apply SP3, back up your databases and the entire server. I also recommend that you install the latest OS service pack.
The Slammer worm spreads through UDP port 1434, which the SQL Server Resolution Service uses. To prevent the spread of the worm on your network, block this port. If you must maintain a public SQL Server presence, I suggest that you use a VPN to maintain a connection to a remote SQL Server machine, as I discuss later.
None of our SQL Server clients fell prey to the Slammer worm because we had used our firewall to block UDP port 1434 and TCP port 1433, which SQL Server typically uses. (To check your firewall configuration, run a port scan against your firewall to determine which ports are open to the outside. Be sure to keep your firewall firmware and software current.) Nevertheless, we decided to install SP3 for SQL Server on our client machines.
If you maintain a Web site that needs access to SQL Server, place the Web server in the demilitarized zone (DMZ) and let Internet traffic access the server only through port 80. Next, create a rule on your firewall to permit SQL Server access through port 1433 from the Web server. Be sure to specify the Web server's IP address and the media access control (MAC) address of the Web server's NIC. Under this configuration, the Web server acts as a front end to the SQL Server database.
If you must access SQL Server directly from the outside, establish a VPN connection between the remote location and the SQL server. Make sure the Web server is running Microsoft IIS only, that it isn't a domain controller (DC), and that it isn't running other services, such as DHCP and DNS. You should also run the IIS lockdown tool against the Web server to identify any vulnerabilities you might have missed.
Recently, disturbing legal buzz has emerged about the concept of "downstream liability." A common example of downstream liability is when a court holds a bar owner legally responsible for a patron who later drives under the influence of alcohol and causes an accident. This legal concept can now apply to computers. For more information about downstream liability, see "Downstream Liability for Attack Relay and Amplification."
The article mentions that you might face downstream liability if you don't have the proper patches in place and a Denial of Service (DoS) or other attack on another computer from your network results. To protect yourself from such scenarios, configure a firewall between your network and any persistent external connections, including connections to the Internet, other companies, and government agencies. Doing so provides two-way protection that keeps your organization safe from the outside and prevents anyone from making inappropriate connections to outside machines from your network.
(brought to you by Windows & .NET Magazine and its partners)
* JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
* TRY WINDOWS & .NET MAGAZINE!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Microsoft Exchange Server, and more. Our expert authors deliver how-to content you simply can't find anywhere else. Try a sample issue today, and find out what more than 100,000 readers know that you don't!
(contributed by Alan Sugano, email@example.com)
* TIP: STOCK YOUR TOOLBOX
Be proactive in stocking your toolbox with utilities that will help you prevent problems, keep your network running smoothly, and bail you out when disaster strikes. Perhaps you can find one Swiss Army knife of a utility that lets you perform port vulnerability tests, DNS queries, port scans, trace routes, pings, OS fingerprinting, spam relay testing, and speed tests. Perhaps you'll find several tools to accomplish these tasks. Either way, make sure you're prepared.
* HOT THREAD: ENABLING AND DISABLING NETWORK CONNECTIONS
In this thread, Matbor wonders whether a command exists that lets you enable and disable network connections in Windows 2000.
(contributed by Jason Bovberg, firstname.lastname@example.org)
* TAKE FULL CONTROL OF YOUR IP TRAFFIC
LastBit Software announced TrafMeter 3.40, a traffic reporting and monitoring utility. TrafMeter lets you set up an unlimited number of filters for captured traffic. You can create and use filter rulesets for different monitoring purposes (e.g., single hosts, subnets, specific groups, all hosts not in your LAN). TrafMeter also lets you use a filter engine to count custom IP packets by any IP protocol (e.g., Internet Control Message Protocol--ICMP, TCP, UDP, Open Shortest Path First--OSPF) or by any TCP/UDP port and provides realtime visual presentation of traffic activity. The software is compatible with most popular databases. TrafMeter runs on Windows XP, Windows 2000, Windows NT 4.0, Windows Me, and Windows 9x and costs $49.95 for a single-user license. For more information, contact Last Bit Software on the Web.
* PROTECT YOUR NETWORK FROM SERVER FAILURES
Alchemy Lab announced Alchemy Eye 4.4, a network-monitoring tool that continuously monitors network server availability and performance and alerts you to network errors before they get out of hand. Compatible with any server type, Alchemy Eye uses a variety of protocols and services to monitor a server's work. This tool can also perform user-defined monitoring by executing custom VBScript programs or external Windows applications and batch files. The software runs on Windows XP, Windows 2000, Windows NT 4.0, Windows Me, and Windows 9x. A limited version of Alchemy Eye 4.4 is available as shareware, and a full version is available on CD-ROM for $199. For more information, contact Alchemy Lab on the Web.
Here's how to reach us with your comments and questions:
* ABOUT THE COMMENTARY -- email@example.com
* ABOUT THE NEWSLETTER IN GENERAL -- firstname.lastname@example.org (please mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
* PRODUCT NEWS -- email@example.com
* QUESTIONS ABOUT YOUR WINDOWS & .NET MAGAZINE UPDATE SUBSCRIPTION? Customer Support -- firstname.lastname@example.org
* WANT TO SPONSOR WINDOWS & .NET MAGAZINE UPDATE? email@example.com
******************** This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-|
Thank you for reading Networking UPDATE.
You are subscribed as firstname.lastname@example.org
MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on, and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email
Thank you! _________________________________________________________ Copyright 2003, Penton Media, Inc.