QuikNews July 2004 E-Mail Newsletter

July 2004

Volume 4 Issue 7

July 26, 2004

To view this update as a Web page, copy this link into your browser: http://www.qtsnet.com/stayinformed/quiknews/quiknews_july2004.htm.

To subscribe or unsubscribe, please follow instructions at the bottom of this page.

Welcome to the July edition of QTS QuikNews, our monthly e-mail newsletter. In this monthly e-mail, you will receive an update of what's new at QTS - new products we support, new patches and upgrades, solution ideas and promotions to save you money, and information about our company and our clients.

In this issue:

QTS and Partner News
Events
President's Corner
QuikSecure Tip of the Month
Patches and Upgrades
Product Support Lifecycle Watch
Solution Spotlight
Special Offers
Partner Spotlight

QTS AND PARTNER NEWS

WELCOME TO NEW CUSTOMERS
QTS offers a “welcome aboard” to the following new customers:

· Key Handling Systems

· Lakeland Bank

· Lifetime Television

· Shiseido Corporation

SURFCONTROL RELEASES “END USER SPAM MANAGEMENT” UTILITY FOR MAIL FILTER
SurfControl has released a utility, free to SurfControl Mail Filter Customers, to allow users to receive an email listing all “spam” mail being held by the filter, so individual messages can be released or deleted. The utility gives users complete control of their spam mail, removing the burden from system administrators. Contact your QTS Account Manager for more information.

2004 CSI/FBI COMPUTER CRIME WHITE PAPER AVAILABLE
The Computer Security Institute and the Federal Bureau of Investigation have released the 9^th annual CSI/FBI Computer Crime and Security Survey, an extremely informative survey of IT managers from across a broad spectrum of organizations. The 2004 study presents very useful information on security trends and patterns, and is available at no charge at GoCSI.com.

QTS OFFERS FREE SYSTEMS STRATEGY CHECK-UPS
Having developed this unique engagement jointly with Microsoft, QTS is now offering Systems Strategy Check-Up engagements to qualified customers and prospects throughout New Jersey and New York. This high-value, half-day consulting engagement helps businesses evaluate how they are using Microsoft technologies and identifies best practices and recommendations for how to best deploy Microsoft technologies in a business. For more information on this no-charge engagement, contact your QTS Account Manager.

QTS IS HIRING!
QTS is recruiting for senior level technical personnel, as well as entry and senior level sales staff/telemarketers. If you know anyone who might be a good fit, please have them submit their resume to Liz Meechan, our Office Manager. Liz can be reached at lmeechan@QTSnet.com, or (973)984-7600 x223.

SUCCESS STORIES

CHILTON MEMORIAL HOSPITAL
QTS implemented Microsoft SMS and SUS to help this rapidly growing hospital comply with HIPAA and manage its growing desktop environment.
http://www.qtsnet.com/about/success stories/chilton memorial success story.pdf

CITY OF NEW YORK DEPARTMENT OF FINANCE
QTS helped the New York City Department of Finance to improve network reliability, security and performance by conducting a comprehensive network assessment and engaging in strategic planning to help the organization.
http://www.qtsnet.com/about/success stories/nyc dof success story.pdf

PRESS RELEASES

QTS WINS “WINNING CUSTOMERS” AWARD AT MICROSOFT WORLDWIDE PARTNER CONFERENCE
7/21/2004: QTS and Microsoft today announced that QTS was a winner of the Winning Customers award at the 2004 Worldwide Partner Conference. The awards recognize Microsoft Certified Partners that delivered exemplary solutions for their customers during the past year. Award winners were chosen from a group of finalists from around the world. Read more at http://www.QTSnet.com/stayinformed/l3_stay_pr53.htm

EVENTS

No events are scheduled for August.

PRESIDENT'S CORNER

I’ve recently returned from Microsoft’s Worldwide Partner Conference in Toronto last weekend, an event that I find extraordinarily helpful in understanding where Microsoft is going and how to best align my business with them. This year’s conference was again extremely valuable to me in that regard.

A few key themes ran through the presentations (aside from a strong ongoing commitment from Microsoft to enhance its relationship with its partners), and I think it would be helpful to share some of this information with you.

First, multiple presentations all concurred in the fact that security is the number one priority for CIOs and IT leaders now and in the future. This is supported by numerous market research studies. Organizations are investing heavily in this area to prevent future exploits – I was pleased to see a much better response this year when the audience was asked about SUS deployment than I did last year. Microsoft remains critically focused on security – not just reactively, but to move into a leadership role in this space and turn it into a product advantage.

Windows XP Service Pack 2 (largely a security enhancement release) is the company’s overriding product focus right now, and many efforts are queued up behind SP2 pending its release. SP2 will include a number of important new features – memory protection (which may cause compatibility problems with some programs, so it will be able to be turned on and off), an attachment manager to reduce the likelihood of users opening inappropriate email attachments, a popup blocker and script controls for IE6, and a built-in firewall that is turned on by default. There is also Windows Security Center, an applet that brings patch management, antivirus and personal firewall status information together into one easy to use location. Network Defense (the ability to deny network access to computers that don’t meet specific criteria for patches, antivirus software, etc.) was initially positioned as part of SP2, but is now planned be part of Windows 2003 Service Pack 1 which is targeted for late this year or 2005.

After security, CIOs noted the top priorities as web services (which we cover through our partnership with Econium) and mobility (which we’ve built a practice around, leveraging GoodLink, Cisco wireless technology and other offerings). So overall, I felt good that QTS was well-positioned to align with IT organizations’ top needs and areas of focus.

The conference also focused heavily on Microsoft Office 2003 as a “smart client” and on “Integrated Innovation” between Microsoft products – Office, server platforms, and other applications including Microsoft Business Solutions products (Microsoft CRM and accounting/ERP platforms). There was a strong focus on the knowledge worker, and the ability of this solution stack to help them make better decisions faster, with realtime data. Numerous examples were shown of Microsoft SharePoint Portal Server and Microsoft InfoPath as an integrated platform for workflow applications and knowledge worker productivity.

One of the more interesting demos was of the Information Bridge Framework – a new technology to allow for even tighter integration between Office and BackOffice applications, leveraging XML to make data elements “smarter” and to allow for even more efficient workflows. In the example Microsoft demonstrated, a customer service environment, Office was used as a front-end to pull data from a third-party ERP system and from Microsoft CRM to make it easy for customer service letters to be generated based on a fictional service problem. The integration was smooth, and for a mid-size business with some level of repetition and consistency in its workflows, the payback potential on this technology would seem to be truly significant.

Microsoft SQL Server 2005 will be released next year, and attention was paid to the improvements in performance and scalability, but also to enhancements in SQL Server as an analytical and reporting platform. Microsoft improvements in this area show a strong focus on Business Intelligence, to help customers make better decisions with the data in their systems.

The Office Accelerators still remain one of Microsoft’s best-kept secrets, though this isn’t intentional. Microsoft is continuing to release new Accelerators – including one they demonstrated to help organizations deploy Windows/Office. Look for this to appear tied to a QTS service offering in the upcoming months as an enhancement to our QuikWin methodology for Windows platform migrations.

Microsoft ISA Server 2004 was released concurrent with the conference, and Microsoft Operations Manager 2005 and Virtual Server 2005 are targeted for release later this year. Look for QTS to be ramped up on these products concurrent with or shortly after their release.

In addition, Microsoft made several announcements about its partner program, including its new Competency structure and the need for partners to pick a limited number of specializations and focus on delivering excellent service and a strong value add in those areas. This was a positive to me and is an area where “we get it” – our approach of focusing on Network Infrastructure (and Advanced Infrastructure) and Security was validated, and our partnership with other best-of-class Microsoft partners such as AKA Enterprise Solutions (Microsoft Business Solutions) and Econium (Microsoft Collaborative/Information Worker Solutions and Application Development) was strongly validated.

Finally, it was a pleasure to accept on behalf of QTS Microsoft’s Winning Customers Award, as one of only a small group of global partners to win this recognition in 2004. This was the first year for this award, which recognizes exceptional effort to help drive Microsoft customer “wins” and satisfaction, and our Systems Strategy Check-Up initiative was selected as an award-winner.

All in all, it was quite a few days. The amount of information that was presented was fairly overwhelming, and the pace of the days (and evenings) was exhausting. But I feel we are well aligned with Microsoft in our strategic partnership, and we will work together to help our customers maximize the benefits they receive from their investments in Microsoft technologies.

As always, feel free to email me your comments or thoughts at nrosenberg@QTSnet.com. Thank you.

Neil Rosenberg
President & CEO
Quality Technology Solutions

PARTNER SPOTLIGHT

This month QTS is spotlighting its network security and penetration test partner, Razorpoint Security Technologies, Inc. Based in New York City, Razorpoint Security specializes in researching and analyzing security vulnerabilities and conducting comprehensive security testing. Razorpoint Security’s testing goes well beyond the average “port scan” or “vulnerability scan” exercises. They look at your network through the eyes of those looking to do you harm. As Razorpoint Security’s president Gary Morse says, “We know what they know, we know what they see, and we know what they do.”

Razorpoint Security’s assessments provide business leaders and corporate clients the necessary security services and solutions that help keep corporate networks secure. They have exceptional expertise in network security, attack/penetration testing and identifying security vulnerabilities especially as they relate to Internet solutions and web applications. They provide security services that focus the view of your operating environment. Razorpoint Security offers all sectors of business the services to maintain a firm grasp on the evolving state of network security.

Razorpoint Security’s attack/penetration tests identify potentially disastrous security vulnerabilities and help ensure the protection of network infrastructures and e-business ventures. While many security firms provide singular penetration tests with limited documentation, Razorpoint Security offers a year-round assessment schedule, customized documentation deliverables, and monthly security advisories that help keep clients up to date.

As Razorpoint Security Technologies approaches the start of its fourth year in business, they have clearly become a leading force in the network security industry. In addition to providing comprehensive security services to its clients, Razorpoint Security has become a prime media source on information security. News outlets such as The New York Times Magazine, ABC/CourtTV, CBS News, Crain’s NY Business, Entrepreneur Magazine, CSO (Chief Security Officer) Magazine, CRN Magazine and Wired News are among those that have tapped Razorpoint Security for their expertise.

As local leaders in the security field, QTS and Razorpoint Security have worked together to develop a Penetration & Attack Testing offering that fits into QTS’ QuikSecure methodology and is a logical progression for customers who have completed QTS’ QuikSecure Security and Vulnerability Assessment offerings. This QuikSecure PAT offering has been scaled, and priced, appropriate for the Medium Business market space.

For more information on Razorpoint Security Technologies, please view their web site at www.razorpointsecurity.com, email them at sales@razorpointsecurity.com, or call 212.744.6900. Or, contact your QTS Account Manager.

Visit www.QTSnet.com for company information.

QUIKSECURE TIP OF THE MONTH

Each month, we now provide a security recommendation to our QuikNews readers based on content from our recent QuikSecure Security Assessments. One of these reports typically includes 100-200 specific recommendations such as this, but we’re providing some “free advice” here to our readers.

ISSUE – Do you have patch and vulnerability management processes is in place, for servers, infrastructure or security components of the network?

IMPACT – Security vulnerabilities to server, desktop and infrastructure components are discovered and reported on at least a weekly basis, and unpatched systems are vulnerable systems. However, not all patches need to be applied, and some can have negative ramifications. Research, testing and potentially guidance are needed here.

RECOMMENDATION – Establish a clearly defined process for identifying software patches and for monitoring vulnerabilities. Set up a test lab to test the impact of patches in your environment, or rely on your network/ security service provider to supply input based on their experience. Vulnerability patches should be applied promptly as determined hackers often exploit published vulnerabilities quickly. Other patches should be evaluated for benefit versus risk, and should generally be tested before being applied. A good rule of thumb for non-vulnerability patches is to wait at least one week after release, as defective patches or patches that cause other problems are usually “pulled” by the major players within that time.

PATCHES & UPGRADES

Call the Customer Support Center to have us apply QTS-standard patches and keep your systems current. The following patches have been recently released and are generally recommended by QTS:

* New Security Updates are available in July for Symantec ESM, HIDS, Manhunt, SGS, and Vulnerability Assessment.
* Novell NetWare 6.0 Support Pack 5 (just released, not yet QTS-tested) and 6.5 Support Pack 2.
* Novell NetWare Client 4.9 for Windows NT/2000/XP.

Please note that Exchange Server 2003 Service Pack 1 is not presently intended for use on Small Business Server 2003. Please wait for the service pack specific to SBS 2003.

Also, please click here for applicability of Microsoft Security Bulletins to the products in use at your environment. Contact your QTS Account Manager if you would like our Customer Support Center to monitor these bulletins for you and advise with recommendations for your environment upon release of new bulletins.

Note that Microsoft has moved to releasing security patches on the second Tuesday of each month, starting last November. New Security Updates to Windows and Office are available, and recommended.

Symantec (formerly Norton) Antivirus Corporate Edition signature files are currently at version 60726w (7/26/2004). CA InoculateIT 6.x signature files are currently at version 23.65.88 (7/26/2004). McAfee VirusScan / NetShield signature files are currently at version 4381 (7/26/2004). Please keep your antivirus signatures, and your scan engines, current! If you do not have your system set up to automatically distribute updates from your server to your PCs, please call your QTS Account Manager or the Customer Support Center.

Some patches can cause problems, especially in combination with other software programs or patch levels. Please talk to us to verify whether we see any possible problems in your environment before patching your systems independently. We make best efforts to test patch combinations but cannot guarantee compatibility between software and hardware manufacturers’ products.

Back to Top

PRODUCT SUPPORT LIFECYCLE WATCH

The following products are pending “end of life” status by their manufacturers, and therefore customers should be planning for system upgrades or replacement.

* Novell GroupWise 6.0 will reach end of life on 8/4/04.
* Windows NT Server 4.0 support ends on 12/31/04.
* Aladdin eSafe 3.5 will reach end of life on 12/31/04.
* Novell NetWare 4.2 will reach end of life on 6/1/05.
* Novell NetWare 6 will reach end of life on 11/1/05.
* Citrix MetaFrame 1.8 will reach end of maintenance on 6/30/05 and end of support on 12/31/05.

Please remember that end of life for a product does not only impact that product, but also other products that interact with it. For example, end of life status for an operating system means that no new software products that are released will run on that operating system, as the manufacturers will no longer receive support from the operating system vendor.

SOLUTION SPOTLIGHT: Aladdin eSafe Gateway

Aladdin's eSafe Gateway software provides advanced content filtering capabilities, allowing for inspection of data as it passes through the gateway. Executable code can be allowed to run on the gateway in a "sandbox" to test for malicious behavior, and malicious code can be isolated and killed. This allows for worms, spyware and other forms of mobile code to be stopped before reaching the inside of your network.

ESafe Gateway can run as a transparent Bridge, in "Nitro-Inspection Mode," where it sits behind the firewall with all traffic passing through it before entering or leaving the network. Or, for Check Point FireWall-1 customers, it can utilize Check Point's Content Vectoring Protocol to integrate with FireWall-1 to do the same function without physically being between the firewall and the network.

Aladdin's eSafe product also has modules for URL Filtering, to track or block inappropriate web surfing, and an Advanced Anti-Spam module.

For more information, click here.

Back to Top

SPECIAL OFFERS

MICROSOFT PROMOTIONS
Microsoft is offering Medium Business Customers an incentive on purchase of Windows Server and CAL licenses. Contact your QTS Account Manager for more information if you are currently purchasing Windows Server and Client Access Licenses in a volume of 50 or more CALs.

SYMANTEC PROMOTIONS
Symantec is currently running several promotions, on the following products:

* Symantec Client Security upgrades from SAV Corporate or Enterprise Editions – up to 70% discount on Gold Support renewal;
* Symantec DeepSight Alert Service;
* Symantec Gateway Security 5400 Series Competitive Upgrades.

Contact your QTS Account Manager for more details.

SURFCONTROL PROMOTIONS
SurfControl is offering a number of promotions, including bundles with its Instant Message Filter software. Contact your QTS Account Manager for more details.

HP “MY FIRST SAN” PROMOTION
Purchase an HP StorageWorks MSA1000 Modular Storage Array system by July 31^st and receive up to 587GB of storage for free. Contact your QTS Account Manager for more information.

QUIKNEWS ARCHIVES
For access to past issues of QTS QuikNews dating back to January 2001, click here.

SUBSCRIPTION INFO

This newsletter is distributed to QTS clients, recent contacts, and "friends of QTS." We respect your privacy and never share your contact information with others.

To Comment on this newsletter, send an email to QuikNews@QTSnet.com.

To Remove yourself from this mailing list please send a reply to this message with the word UNSUBSCRIBE in the subject field, or contact your QTS Account Manager.

To Subscribe to this Newsletter, go to http://www.qtsnet.com/contact/QuikNews.htm.

To View an archive of QTS QuikNews newsletters, please visit http://www.QTSnet.com/stayinformed/QuikNews/QuikNews_Index.htm.

Quality Technology Solutions, Inc.
201 Littleton Road, 2^nd Floor
Morris Plains, NJ 07950

Tel: (973)984-7600
Email: QuikNews@QTSnet.com
Web: www.QTSnet.com

This site last updated 07/26/04
© 1999 Quality Technology Solutions, Inc.
201 Littleton Road, Morris Plains, New Jersey 07950
telephone: 973.984.7600 fax: 973.984.7650
email: info@qtsnet.com