qtslogo10.gif (7142 bytes)
 ad1.gif (2831 bytes)
hvl_home.gif (1239 bytes) hvl_about.gif (1244 bytes) hvl_techres.gif (1285 bytes) hvl_customers.gif (1285 bytes)
hvl_stay.gif (1256 bytes) hvl_contact.gif (1236 bytes) hvl_sitemap.gif (1230 bytes) hvl_jobs.gif (1261 bytes)

Quality Technology Solutions, Inc.

QTS QuikNews � May 2002 � Issue 2002.5  May 31, 2002

**************************************************************************

Welcome to the May edition of QTS QuikNews, our Monthly E-Mail newsletter.  In this monthly e-mail, you will receive an update of what's new at QTS - new products we support, new patches and upgrades, solution ideas and promotions to save you money, and information about our company and our clients.

As a QTS client, a prospective client we have had discussions with, or a �friend of QTS,� you have been automatically added to our newsletter distribution list.  To unsubscribe from this mailing please see the instructions at the bottom of this page, or call your QTS Account Manager.  Please do not respond to this e-mail.  This is an unmonitored account.

**************************************************************************

IN THIS ISSUE

**************************************************************************

1.        QTS News

2.        Events

3.        Patches & Upgrades

4.        President�s Corner

5.        Special Offers & Featured Solutions

 

**************************************************************************

QTS NEWS

**************************************************************************

MICROSOFT PRODUCT SUPPORT LIFECYCLE

Manufacturer support for software offerings typically runs a 3 year lifecycle from initial product release these days � sometimes sooner, sometimes later, depending on the frequency of interim updates.  The following Microsoft products are coming up on their end-of-life date:

6/30/2003 � Microsoft Windows 98 and Windows NT Workstation 4.0
12/31/2003 � Microsoft Windows NT Server 4.0

See http://www.microsoft.com/ntserver/ProductInfo/Availability/Retiring.asp and http://www.microsoft.com/windows/lifecycle.asp for more information.  Note that support for Windows 95 was discontinued effective 12/31/01.

+++ FROM THE WEB +++

QTS ANNOUNCES QUIKSECURE SECURITY POLICY DEVELOPMENT SERVICE

5/28/2002: QTS today announced its new QuikSecure� Security Policy Development service offering, a one day consulting engagement that results in delivery of a customized Security Policy document for customer use, along with customer security training and best practices for implementation.

Read more at http://www.QTSnet.com/stayinformed/l3_stay_pr27.htm

 

**************************************************************************

EVENTS

**************************************************************************

MICROSOFT LICENSING SEMINARS

Microsoft and QTS will be holding a series of seminars at Microsoft�s Berkeley Heights, NJ office to explain the licensing program changes that will be taking place effective July 31st.  Please see the entry above about the importance of these changes, and President�s Corner below.  QTS will be presenting on Software Asset Management best practices and its service offering during these events.

* June 4th: Event Code 107077492

Register by going to msevents.Microsoft.com/events/usa and typing in the appropriate event code, or calling 1-877-673-8368.

We strongly recommend that all QTS mid-market business customers attend one of these events, and that all QTS customers speak with your Account Manager about the impact of these changes on your upgrade plans.  Failure to act before the cutoff date could result in a significant cost penalty when you move to upgrade at a later date.

MICROSOFT EXECUTIVE CIRCLE

Join Microsoft and QTS partner Stratis Group at the Microsoft Executive Circle Forum on Enterprise Application Integration on Tuesday, June 4th at the Yogi Berra Museum and Learning Center in Little Falls, NJ.  The event is from 1:30 to 4:30PM, with 1:00 registration.  Stratis Group President David Roth will be presenting at this event on �Enterprise Application Integration: Creating Value from Business Process Integration.�  Pre-register at http://msevents.microsoft.com/events/USA/ using Event ID# 100131873, or call the Microsoft registration desk at 877-MSEVENTS.

**************************************************************************

PATCHES & UPGRADES

**************************************************************************

Call the Customer Support Center to have us apply QTS-standard patches and keep your systems current.  The following patches have been recently released and are recommended by QTS:

* Microsoft Cumulative Patch for Internet Explorer 5.01 and above (5/15/02)
* Microsoft SQL Server 7.0 Service Pack 4 (Note: do not apply unless it fixes a problem in your environment or is recommended by an application vendor)
* Microsoft Security Fix for Exchange 2000 Malformed Mail Packet in MS02-025
* Microsoft Security Fix for Windows NT/2000 Elevated Privileges in MS02-024
* Microsoft Security Fix for SQL Server 7/2000 Unchecked Buffer/Cumulative Security Update in MS02-020

Norton Antivirus Corporate Edition signature files are currently at version 40531e (5/31/2002).  CA InoculateIT 4.x signature files are currently at version 36.26 (5/30/2002) and 6.x signature files are currently at version 23.54.26 (5/30/2002).  McAfee VirusScan/NetShield signature files are currently at version 4205 (5/29/2002).  Please keep your antivirus signatures, and your scan engines, current!  If you do not have your system set up to automatically distribute updates from your server to your PCs, please call your QTS Account Manager or the Customer Support Center.

Some patches can cause problems, especially in combination with other software programs or patch levels.  Please talk to us to verify whether we see any possible problems in your environment before patching your systems independently.  We make best efforts to test patch combinations but cannot guarantee compatibility between software and hardware manufacturers� products.

**************************************************************************

PRESIDENT�S CORNER

**************************************************************************

One of the hottest topics we�ve been discussing with customers, and dealing with, recently is email security.  Over the last few months, we have seen a sharp increase in the level of mail bomb and email virus activity, as well as undelivered mail problems involving relay configurations.  To put it somewhat dramatically, but I believe effectively, there is a war going on out there on the Internet, and it is getting increasingly difficult to sit on the sidelines and not take action, without being affected.

A comprehensive email security strategy consists of the following elements, which I will address sequentially:

* email policy
* virus scanning
* controlling mail bombs
* controlling spam
* content filtering
* controlling mail relay

An email policy is a document that outlines what is and what is not acceptable behavior from an email standpoint, and what users should expect in use of company email systems.  There are many complexities in the process, and many decisions to make.  We recommend that your email policy in some way address, among other things, the following elements: content & style, standardized footers, antivirus policy, spam, message retention, liability limitations, security & encryption.  QTS includes a strong email policy within its overall Security Policy Development offering, and this provides a quick way for businesses to get this in place with good application of best practices, but tailored to your business.

Virus scanning is a critical element of email security.  Although you may have perfectly good virus scanning on your PCs and servers, such systems do not scan mail as it is coming into the post office from the gateway.  Therefore, it is possible for viruses and malicious code to grow within the post office, infecting your entire system before a user opens a single message.  Email specific virus scanners such as Norton Antivirus for Microsoft Exchange know how to look inside the post office and message store, and scan messages as they come in (or go out) to ensure that there are no viruses � catching them before they spread.

Mail Bombs are email messages that are sent in mass volume against a site.  Essentially, they are a Denial of Service attack that is meant to overwhelm the target system and cause it to stop functioning.  Most current email systems have protections against this type of attack that can be enabled, but are off by default.  They recognize the incoming message being from the same source, and after a certain number of consecutive messages they recognize it is a mail bomb attack and refuse the remaining messages.  This is an area where we have seen a sharp increase in attacks, often against targets that we would have normally considered low profile.

Spam, as we all know, refers to unsolicited �junk� email that we receive in alarmingly increasing numbers.  I am generally hearing from customers that are not blocking spam that it is not uncommon for users to receive between 20-50 spam messages a day, representing a considerable time waster for users to have to clean up their mailboxes.  Interestingly, of the 20 or so times the Klez worm has been cleaned from inbound messages coming to me personally, all were spam.  So spam messages now represent an increasing danger, rather than just an annoyance (as witnessed by Klez� destructive payload that I hope none of us get to experience).  Spam can be dealt with by mailbox level rules, but the better way is to catch it as it comes in (see content filtering, below).

Content filtering refers to a system reviewing the content of email against a rule base that says what is and is not acceptable.  If an email passes the rule list, it is sent on to the recipient (inbound or outbound).  If it fails (such as having sexual or otherwise inappropriate content) it is flagged for action � which may include steps such as the administrator being notified, then being discarded.  Some systems can also �learn� patterns of behavior, which is helpful in filtering spam.  Examples of Content Filtering software include SurfControl�s SuperScout Mail (which can run inside a network on an Exchange server or outside it as an SMTP Relay in a DMZ configuration) and Symantec�s NAV for Microsoft Exchange or Lotus Notes (which run inside the network as part of the mail platform).  All products have different levels of granularity in their controls, so it is best to start with a needs definition (rating criticality of features) rather than simply purchasing a product.

Mail Relay refers to when mail is given to an intermediate host on its way to the ultimate destination.  In some cases this can be good � for example, when your internal POP3 clients send mail to an SMTP server to relay to the recipient, or when your SMTP relay outside your network (or in your DMZ, or at your ISP) forwards your mail along to the end recipient.  However, it can also be bad � for example, when someone uses your mail server to send SPAM to unwilling recipients, and you allow it to happen.  Being an open relay server like this can even result in you not receiving your own mail � services such as ORBS keep track of which servers are open relays on the Internet, and put those servers (potentially you) on a black list of servers to block mail from (thinking you are a spammer).  Our recommendation here is to make sure you are not set up as an open relay (which is often enabled by default), and for any deliberate relay servers to make sure they only accept relayed mail from authorized senders (yours).  Also, make sure you are not on the ORBS list or other similar lists.

These recommendations involve a significant amount of work, and we can help you get this done.  Unfortunately, this is yet another example of security�s ongoing balance with convenience and ease of use, but in a connected Internet-centric world, the scales have to start tipping more and more toward security.

As always, feel free to email me your comments or thoughts at nrosenberg@QTSnet.com.  Thank you.

Neil Rosenberg
President & CEO
Quality Technology Solutions

**************************************************************************

SPECIAL OFFERS & FEATURED SOLUTIONS

**************************************************************************

NOVELL ZENWORKS FOR DESKTOPS

Novell NetWare 4 and 5 users own NAL Starter Pack, which provides software distribution and policy-based management for desktop PCs.  Through July 31st, these users can upgrade to ZENworks for Desktops 3.2, adding remote control, Windows 2000/XP support, inventory and other management features, and can save up to 50% on software upgrade costs when combined with Full Term Upgrade Protection (which provides you with ZENworks for Desktops 4 when it ships).  Contact your QTS Account Manager for more details.

**************************************************************************

To Comment on this newsletter, send an email to QuikNews@QTSnet.com.

**************************************************************************

To Remove yourself from this mailing list please send a reply to this message with the word UNSUBSCRIBE in the subject field.  Or call or email your QTS Account Manager.

**************************************************************************

To Subscribe to this Newsletter, tell your friends and colleagues to go to http://www.QTSnet.com/QuikNews.

**************************************************************************

To View an archive of all QTS QuikNews editions, please visit http://www.QTSnet.com/stayinformed/QuikNews/QuikNews_Index.htm.  **************************************************************************

2002 Quality Technology Solutions, Inc.

This site last updated 08/31/07
� 1999 Quality Technology Solutions, Inc.
76 South Orange Avenue Suite 302, South Orange, New Jersey 07079
telephone: 973.761.5400       fax: 973.761.1881
email: info@qtsnet.com