qtslogo10.gif (7142 bytes)
 ad1.gif (2831 bytes)
hvl_home.gif (1239 bytes) hvl_about.gif (1244 bytes) hvl_techres.gif (1285 bytes) hvl_customers.gif (1285 bytes)
hvl_stay.gif (1256 bytes) hvl_contact.gif (1236 bytes) hvl_sitemap.gif (1230 bytes) hvl_jobs.gif (1261 bytes)

Quality Technology Solutions, Inc.

QTS QuikNews – February 2003 – Issue 2003.2  February 26, 2003

**************************************************************************

Welcome to the February edition of QTS QuikNews, our Monthly E-Mail newsletter.  In this monthly e-mail, you will receive an update of what's new at QTS - new products we support, new patches and upgrades, solution ideas and promotions to save you money, and information about our company and our clients.

As a QTS client, a prospective client we have had discussions with, or a “friend of QTS,” you have been automatically added to our newsletter distribution list.  To unsubscribe from this mailing please see the instructions at the bottom of this page, or call your QTS Account Manager.  Please do not respond to this e-mail.  This is an unmonitored account.

**************************************************************************

IN THIS ISSUE

**************************************************************************

1.        QTS News

2.        Events

3.        Patches & Upgrades

4.        President’s Corner

5.        Special Offers & Featured Solutions

 

**************************************************************************

QTS NEWS

**************************************************************************

 

NOVELL PRODUCT SUPPORT LIFECYCLE

Manufacturer support for software offerings typically runs a 3 year lifecycle from initial product release these days – sometimes sooner, sometimes later, depending on the frequency of interim updates.  The following Novell products are coming up on their end-of-life date:

05/01/03 – Novell BorderManager 3.6
05/01/03 – Novell Client 4.81 and 4.82
07/19/03 – Novell GroupWise 5.5 Enhancement Pack
12/09/03 – Novell ZENworks for Desktops 3.2

See http://support.novell.com/lifecycle/forecast.html for more information.  Note that support for NetWare 4.11 was discontinued effective 12/31/01, NetWare 5.0 was discontinued effective 3/31/02, and BorderManager 3.5 and GroupWise 5.5 were discontinued on 8/1/02.

+++ FROM THE WEB +++

 

QTS AND RAZORPOINT SECURITY TECHNOLOGIES ANNOUNCE STRATEGIC PARTNERSHIP

2/26/2003: QTS and Razorpoint Security Technologies today announced a strategic partnership to deliver security services to their customers.  Through the partnership, QTS will offer Razorpoint's Penetration and Attack Testing ("PAT") services to QTS' clients.

Read more at http://www.QTSnet.com/stayinformed/l3_stay_pr38.htm

 

**************************************************************************

EVENTS

**************************************************************************

No customer events are presently scheduled.

**************************************************************************

PATCHES & UPGRADES

**************************************************************************

Call the Customer Support Center to have us apply QTS-standard patches and keep your systems current.  The following patches have been recently released and are generally recommended by QTS:

* Microsoft ISA Server Feature Pack 1
* Microsoft SharePoint Portal Server 2001 Service Pack 2a

Also, please check http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp for applicability of Microsoft Security Bulletins to the products in use at your environment.  Contact your QTS Account Manager if you would like our Customer Support Center to monitor these bulletins for you and advise with recommendations for your environment upon release of new bulletins.

Symantec (formerly Norton) Antivirus Corporate Edition signature files are currently at version 50225c (2/25/2003).  CA InoculateIT 4.x signature files are currently at version 42.07 (2/25/2003) and 6.x signature files are currently at version 23.60.07 (2/25/2003).  McAfee VirusScan/NetShield signature files are currently at version 4249 (2/24/2003).  Please keep your antivirus signatures, and your scan engines, current!  If you do not have your system set up to automatically distribute updates from your server to your PCs, please call your QTS Account Manager or the Customer Support Center.

Some patches can cause problems, especially in combination with other software programs or patch levels.  Please talk to us to verify whether we see any possible problems in your environment before patching your systems independently.  We make best efforts to test patch combinations but cannot guarantee compatibility between software and hardware manufacturers’ products.

**************************************************************************

PRESIDENT’S CORNER

**************************************************************************

I was a History major in college – how I got into the field of computers and information technology is a long story, and I shall spare you the details.  This is relevant today in that there is an old expression I am reminded of as a student of history – “he who does not learn from the mistakes of the past is doomed to repeat them.”  These are words of wisdom, for historians, for leaders, for businesspeople and for IT managers.

I am reminded of how true this is based on last month’s SQL Slammer worm.  Positively, none of our customers where QTS had implemented and configured the firewall were affected by this problem.  Some of our newer customers were affected, though, in cases where we had not set up their security infrastructure, and I know many other organizations that were affected as well.  Their firewalls were not blocking UDP port 1434, and they had not applied the hotfix for SQL Server 2000 and/or MSDE (which is a slimmed-down version of SQL Server), but the number of QTS customers affected was relatively limited even though the impact on those customers was high.  Clearly, this was the biggest Security event since NIMDA.

What I think is remarkable about this situation is two things, both of which state how far we have to go, as IT managers and potentially as a society, in taking security seriously.

First, the worm only affected systems that allowed port 1434 in through the firewall.  Ignoring for the moment those handful of businesses that do not have a firewall protecting the perimeter of their network, it is fair to say that a firewall that allows unauthenticated inbound traffic on a “high port” like this, to any internal resource, is of little value.  It is clear that anyone who was compromised in this manner needs to review their firewall’s rule base and tighten up their policies.

Second, and even more frustrating, the patch that eliminates this vulnerability in SQL Server has been available since last summer.  It was a hotfix released by Microsoft promptly after the discovery of the vulnerability, and the hotfix was built into SQL Server 2000 Service Pack 3.  Although it is always good practice with SQL Server to verify that a service pack is compatible and tested with the applications you are running on your SQL Server, and therefore you may not apply all service packs immediately until this verification is done, it seems reasonable that a hotfix that has been out over 6 months should generally be OK.  Clearly, Slammer exploited a known vulnerability that many people did not bother to take the time to address.

The fascinating thing is that in the summer of 2001 the Code Red worm swept across the Internet, exploiting a vulnerability in Microsoft’s Internet Information Server that had been patched long ago, and hardly a web server on the Internet (or on Internal networks) was running the patch.  When NIMDA swept through the Internet months later, it successfully exploited the same vulnerability, causing billions of dollars of damage worldwide.  Here we are now, a year and a half later, and we are experiencing a redux of the same situation – just a different product and different vulnerability.  The issue is not about product defects, which will always exist – it is about security management, and more specifically vulnerability management.  It is a people issue.

Today, even after Code Red, NIMDA, Slammer and a virtual plethora of dangerous and damaging viruses have swept through corporate networks and over the Internet, most businesses still do not have a process for reviewing, applying and managing security patches.  Some do – a number of our customers take the time to subscribe to applicable vendors’ security bulletin mailing lists and review vendor-neutral security sites to see what patches apply to their environments.  Several of our customers, who recognize the problem but don’t have the time to deal with it, have QTS do this for them.   But most businesses wait – and are exposed.

An article appeared in Network World the week after Slammer hit, and said exactly what I feared – that many industry analysts expect another worm to exploit the same vulnerability as Slammer, but this time with a destructive payload.  All Slammer did was cause utilization spikes and slow down affected networks to a crawl – it did not harm data.  Imagine the same worm, but this time imagine it deleting tables of data from every infected server, or worse yet, corrupting the data so the extent of the problem is unclear.  All of this is possible, and some would say likely.  It is clearly do-able.  The vulnerability is well-known, and exploitable on unpatched systems.  Next time, the worm will probably use a different port, so some firewalls that had 1434 plugged but with other high ports open will again be compromised.

The solution is to implement a process for Vulnerability Management.  This starts with taking this element of security seriously – either you, your staff or your vendor (with a strong knowledge of your environment and applications) taking the time to check for new patches and vulnerabilities on a regular (ideally daily) basis for all of your vendors’ products.  When patches are identified, the tediously long and complicated technical bulletins need to be reviewed and understood, to determine if they affect your environment, or not.  The patches then need to be tested, on a limited subset of your network, to ensure they don’t “break” key applications.  Then, the patches need to be rolled out – to your servers, AND to your desktops.  Microsoft’s Software Update Service is an excellent tool for managing this process, and it is free from Microsoft as part of their “Trustworthy Computing” initiative.  If you wait for only the major Service Packs, there is a good chance you will be too late, and be the next victim of a future worm like Slammer.

Another element of the process is minimizing the “footprint” of your systems’ exposure.  If you have not already done so, a Vulnerability Assessment should be performed on your systems to identify and shut down all unnecessary services and all “standard” vulnerabilities.  By minimizing the exposure of your systems, it reduces the points of attack.  No unnecessary service or software should be running that can then be used to compromise your systems.  This includes open ports on your firewall, and far too many of those I have seen look more like a block of swiss cheese than they do a protective device.

This process is time consuming, and requires focus and commitment.  But it does not have to be unduly painful or even expensive, if done properly.  For those of you who work with us, or those who would like to, we welcome the opportunity to help you.

 

Neil Rosenberg
President & CEO
Quality Technology Solutions

**************************************************************************

SPECIAL OFFERS & FEATURED SOLUTIONS

**************************************************************************

SYMANTEC SECURITY SOFTWARE

Symantec is offering a 10% discount on many of its security software programs (Intrusion Detection, Vulnerability Management, etc.) to customers who purchase a Vulnerability Assessment utilizing Symantec’s NetRecon software, from QTS.  Contact your QTS Account Manager for more details.

**************************************************************************

To Comment on this newsletter, send an email to QuikNews@QTSnet.com.

**************************************************************************

To Remove yourself from this mailing list please send a reply to this message with the word UNSUBSCRIBE in the subject field.  Or call or email your QTS Account Manager.

**************************************************************************

To Subscribe to this Newsletter, tell your friends and colleagues to go to http://www.QTSnet.com/QuikNews.

**************************************************************************

To View an archive of all QTS QuikNews editions, please visit http://www.QTSnet.com/stayinformed/QuikNews/QuikNews_Index.htm.  **************************************************************************
ă 2003 Quality Technology Solutions, Inc.

This site last updated 02/26/03
© 1999 Quality Technology Solutions, Inc.
201 Littleton Road, Morris Plains, New Jersey 07950
telephone: 973.984.7600       fax: 973.984.7650
 email: info@qtsnet.com