qtslogo10.gif (7142 bytes)
 ad1.gif (2831 bytes)
hvl_home.gif (1239 bytes) hvl_about.gif (1244 bytes) hvl_techres.gif (1285 bytes) hvl_customers.gif (1285 bytes)
hvl_stay.gif (1256 bytes) hvl_contact.gif (1236 bytes) hvl_sitemap.gif (1230 bytes) hvl_jobs.gif (1261 bytes)
November 2006  

Volume 6 Issue 11

November 29, 2006

To view this update as a Web page, copy this link into your browser: http://www.qtsnet.com/stayinformed/quiknews/quiknews november2006.htm.

To subscribe or unsubscribe, please follow instructions at the bottom of this page.


Welcome to the November edition of QTS QuikNews, our monthly e-mail newsletter. In this monthly e-mail, you will receive an update of what's new at QTS - new products we support, new patches and upgrades, solution ideas and promotions to save you money, and information about our company and our clients.

In this issue:

  • QTS and Partner News
  • Events
  • President's Corner
  • QuikSecure Tip of the Month
  • Patches and Upgrades
  • Product Support Lifecycle Watch
  • Solution Spotlight
  • Special Offers
  • Partner Spotlight

QTS AND PARTNER NEWS

QTS PUBLISHES "10 STEPS TO IMPLEMENT YOUR DISASTER RECOVERY PLAN" WHITE PAPER – QTS has released the second in a series of White Papers, focused on its “10 Steps” disaster recovery presentation.  Click Here to view the White Paper.

QTS IS HIRING!
QTS is recruiting for senior and mid-level technical personnel, a Sales Coordinator, and 1099 contract technical resources.  If you know anyone who might be a good fit, please have them visit our recruitment page at http://www.qtsnet.com/jobs/Default.htm, or submit their resume to Liz Meechan, our Office Manager. Liz can be reached at lmeechan@QTSnet.com, or (973)984-7600 x223.

WINDOWS VISTA/OFFICE 2007/EXCHANGE 2007 LAUNCH
 New York City is the site of Microsoft’s worldwide product launch event for these exciting new products on January 16th, for which QTS is a proud sponsor.  We’ve worked long and hard through 2006 to help Microsoft get these products ready for launch, and will be at this event in force.  Please join us at this event by registering at http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID= 1032314708&Culture=en-US, and stop by the QTS booth to say hello!

Back to Top

PRODUCT NOTICES AND ADVISORIES

CITRIX METAFRAME XP UPGRADES
Citrix’ promotion to upgrade existing MetaFrame XP licenses to Presentation Server 4.0 is expiring at the end of this year, so all clients who have not purchased upgrades by then or who are not on Subscription Advantage will need to purchase new licenses at that time.  If you have MetaFrame XP licenses that need to be upgraded, please contact your QTS Account Manager as soon as possible.

MICROSOFT END OF LIFE FOR SUS 1.0
 Microsoft has announced end of life on December 6th, 2006 for its Software Update Service (“SUS”) patch management software, which has been replaced by Windows Server Update Service (“WSUS”).  This is a free upgrade.  Note that as of the cutoff date, SUS will stop receiving and distributing patches so this is a critical upgrade.  For more information, see http://www.microsoft.com/windowsserversystem/updateservices/evaluation/ previous/default.mspx.  Please contact us if you would like assistance with this process.

FREE MICROSOFT CRM SERVER LICENSE FOR MBS CUSTOMERS
 At its Worldwide Partner Conference, Microsoft announced that all new customers purchasing its Dynamics ERP products (Great Plains, Axapta, Navision, Solomon) will receive a free Dynamics CRM Server License.  This offer also applies to all current customers who presently have maintenance on their systems.  Contact your Microsoft Business Solutions Partner, or your QTS Account Manager, for more information.

TERMINAL SERVICES CAL TRADE-UP EXTENDED!
Due to a change in the way Microsoft licenses Terminal Services as of April 2003, customers may be eligible for free Terminal Services Client Access Licenses (CALs).  With the release of Windows Server 2003, the “built-in” CALs under Windows 2000 were eliminated.  However, customers owning Windows XP Pro receive a free Terminal Services CAL for each XP license.  This offer has been extended, but we strongly recommend processing this promptly.  For more information, visit http://www.microsoft.com/windowsserver2003/ howtobuy/licensing/tscaltransfaq.mspx.

Back to Top

PRESIDENT'S CORNER

Every year, the Computer Security Institute collaborates with the San Francisco office of the Federal Bureau of Investigation’s Computer Intrusion Squad to prepare their Computer Crime and Security Survey.  Separately, Symantec recently released the 10th volume of its Internet Security Threat Report, which is prepared twice a year.  This month, I want to summarize some of the key points in these two reports, which I think provide important insight into the current and future nature of the security threats we face as IT professionals.

The 2006 version of the CSI-FBI report, released this past summer, identified a number of important information security trends.  Among the key findings are:

·         The primary cause of security-related financial losses are (1) viruses and malicious code, (2) unauthorized access, (3) lost/stolen laptop computers and (4) theft of proprietary information.  These four areas account for nearly three quarters of all financial losses;

·         Organizations remain conservative about reporting security incidents to law enforcement, for fear of adverse publicity.  This means that  actual losses continue to be far greater than those reported;

·         Over 80% of all organizations surveyed conduct some form of security audits;

·         Security awareness training is viewed as a critical element of security strategy.

There were also some interesting findings on the technologies in use by responding organizations, which represent a broad cross-section of sizes and industries.  Nearly 70% had Intrusion Detection and nearly 45% had Intrusion Prevention systems in place, while nearly 50% encrypt data in storage.  Nearly 40% utilize smart cards or one time password tokens (such as RSA SecurID).  These technologies, once reserved for the more security conscious organizations or those with atypically high IT budgets, are finding their way into a broader cross-section of organizations as more and more companies determine that security is a top-tier priority and look for better tools and approaches to reduce their risk.

The increased recognition of and focus on the importance of employee security awareness training is refreshing.  I have maintained for a long time that people can undermine almost any security technology, and we see evidence of this in most of our Security Assessment engagements.   Increased focus on training, and associated budget resources, will go a long way toward helping to prevent security incidents.

The CSI-FBI Computer Crime study is available to all at no charge, at www.goCSI.com.

Symantec’s Internet Security Threat Report is based on its own research and on data collected through its vast network of sensors spread across the Internet – the data is collected from over 40,000 sensors across over 180 countries, plus another 120 million client/server/gateways systems running Symantec’s antivirus products.  As such, the data represents a broad-based sample of systems and patterns, and there were a number of interesting observations.

Web browser attacks have risen to the forefront of security issues, and not just around Microsoft Internet Explorer (which represented only 47% of the targeted attacks).  Attacks are targeting multiple and many browsers, and web applications have become the primary target due to the ease of exploitation compared to classic “Win32” apps.  Over ¾ of all easily exploited vulnerabilities affected web browsers.

The continued trend toward developing web-based applications, including both custom AJAX (Asynchronous Javascript and XML) applications and commercial web services applications, is putting even more incentive toward hackers to exploit browser-based vulnerabilities, or to find vulnerabilities in custom code executing on the browser.  This is much harder to secure than Windows applications, and it is important that browser security “catch up” with these threats.

The average window of exposure for vulnerabilities (time before vulnerabilities are fixed) was 28 days.  Microsoft’s patch development time went down from 34 days in the second half of 2005 to 13 days in the first half of 2006, a major improvement.  Red Hat also came down to 13 days on average, with Apple at 37 days.  Everyone else was longer, with Sun at 89 days and HP (for their operating systems) at 53 days.  This is an area where all vendors need to strive for continued improvement.

Denial of Service attacks remain a major consideration, with Symantec seeing an average of over 6,000 daily DoS attacks.   ISPs were the most frequently targeted for attacks.

Home users were the most highly targeted sector, with 86% of attacks targeted at home users and the balance targeted at Financial Services.  Other market segments each represented less than 1% of targeted attacks (as opposed to victims of malicious code, DoS attacks, etc.).

“Bot” networks – groups of compromised computers on which attackers have installed software that listens for and responds to commands - have become a major point of concern.  Compromised systems give the attacker control of systems on the internal network, bypassing many firewall security safeguards and allowing for DoS attacks against internal resources as well as harvest confidential data.  Symantec was able to observe nearly 60,000 bot-infected systems in a given day in the survey window, and nearly 5 million infected systems in total.  The highest percentage of infected systems is in China, and the largest number of “command-and-control” servers in the United States (which was also the top country of attack origin). 

Phishing is another major point of concern, with an 81% increase in the volume of phishing attacks in the first half of 2006 versus the second half of 2005.  Phishing attacks are used to entice users to visit web sites that users think are real, but which will deceive the user into providing confidential data in order to accomplish identity theft.  Obviously, the majority of these attacks involve financial services sites.   

The scary but logical conclusion here is that while yesterday’s hacker was often a young adult writing malicious code for the challenge and gratification, today’s hacker increasingly can be profiled as a mature, criminal professional.  The ante has been upped for security professionals, and today’s attacks are increasingly focused around financial gain and compromise of personal or corporate information that can lead to financial gain.  Securing our networks is certainly not going to get any easier.

The full Symantec report is available at www.symantec.com/threatreport.  The report itself is over 100 pages and therefore a bit of a long read, but very worthwhile to anyone responsible for or interested in information security.

Next month, we will push back our normal “end of year thoughts” column into the January issue, and will drill down on where Symantec is going with their security technologies to combat these new and disturbing trends.

As always, feel free to email me your comments or thoughts at nrosenberg@QTSnet.com. Thank you.

Neil Rosenberg
President & CEO
Quality Technology Solutions

Back to Top

PARTNER SPOTLIGHT

Often companies are unaware of opportunities provided by the Internet and their web sites, that can help differentiate them from their competition.  In today’s world, a web site is often the first image your customers see of your organization, and sets the tone for how your company is viewed and treated.  This is one area where QTS' partner for Web site development, Interactive Media Associates (IMA), can help.  Consider inviting IMA to perform a cost-effective audit of your existing Web site and your Intranet/Extranet services to learn how savvy companies are using the Web to improve their marketing, as well as to drive efficiencies internally and externally. 

IMA is a full-service digital agency headquartered in Parsippany, NJ.  Clients include New York City Ballet, Hackensack University Medical Center, Metropolitan Opera, Mason Gross School of the Arts, CalTech, the Shakespeare Theatre of New Jersey, and IATSE International, among others.  IMA develops web content that integrates tightly with the organization's marketing strategy. They also specialize in interactive "Weblet" sites that extend the Internet experience through smaller, more targeted interactive sites, which promote a specific product, event, or company function.

Len Muscarella, IMA’s President, founded the company in 1985. Len spent years working for traditional media companies, including three plus years as one of the pioneers of the "online" industry in his work with CBS and Prodigy.  Anticipating the business potential of interactive media, he founded IMA and began to help clients use the new technologies to change the way they marketed their products and services.  Soon, IMA was providing consulting services in market research, competitive analysis, and business strategy for companies developing products related to proprietary online services, interactive television, CD-ROM technology, and, eventually, the Internet.

Many of IMA's client sites are hosted in the company's ReliaServe hosting environment, based on multiple web servers, set up in a high availability and reliability configuration.

QTS and IMA work together for our customers to develop web sites that integrate the technology, design and marketing strategies to best meet our customers' goals and objectives.

For more information on IMA please view their web site at www.imediainc.com, email them at lmuscarella@imediainc.com, or call 973-539-5255.  Or, contact your QTS Account Manager.

Back to Top

 

 
Visit www.QTSnet.com for company information.

QUIKSECURE TIP OF THE MONTH

Each month, we now provide a security recommendation to our QuikNews readers based on content from our recent QuikSecure Security Assessments.  One of these reports typically includes 100-200 specific recommendations such as this, but we’re providing some “free advice” here to our readers.

ISSUE – Are Third Party connections to the network secured by your firewall?
 
IMPACT – Third Party connections to your network may bypass your perimeter security, allowing unauthorized access to your network and also allowing potential vulnerability to viruses, worms and other threats.

RECOMMENDATION – Secure all Third Party connections through your Internet firewall or another firewall.  These connections define the perimeter of your network and need to be treated with the same care as Internet connections, both to protect you and potentially to protect the third party.

QTS EVENTS

Please note that QTS seminars are open only to customers and prospective customers, and not to other vendors, partners and consultants.

CxO Seminar: Microsoft Solutions for Collaboration
 Presented by QTS, ISS Group and Microsoft
Join Microsoft, QTS and ISS Group at this informative event focused on how Microsoft Office and the Windows Server System can allow organizations to collaborate and share information and resources more effectively, both within and outside their organization.  QTS and Microsoft will show how Microsoft Office SharePoint Server 2007, Microsoft Groove 2007 and Office Communications Server and Exchange Server can be used to help teams of people work together, in an internal context (Intranet) as well as across organizational boundaries (Extranet) with highly mobile users.  QTS partner ISS Group will then show how Microsoft SQL Server and Business Scorecard Manager can be added to this solution to empower better business decision making and put key data in the hands of people that need it, creating a more agile and People Ready organization.
   9:00 AM-12:00 PM (8:30 registration/continental breakfast)
     Wednesday, December 6th, 2006 at Microsoft's Iselin, NJ Office - Click To Register

CxO Seminar: Systems Management Tools and Approaches for Medium Business Customers
 Presented by QTS, IMPACT Management and Microsoft
QTS and Microsoft are hosting a half day seminar on how to leverage Microsoft's Systems Center tools and Management methodologies to implement a Secure and Well-Managed Infrastructure.  In this event, QTS will present on how Microsoft Systems Management Server and Microsoft Operations Manager can help reduce management costs and improve the efficiency and available time for your IT staff, while increasing network uptime and proactivity.  We will demonstrate key features of both products, and discuss other products under Microsoft's System Center product family, including future plans.  We will also discuss virtualization, and Microsoft Virtual Server, as it relates to systems management.  Our partner IMPACT Management will also present on Change Control and their SharePoint-based Change Control Portal software.
9:00 AM-12:00 PM (8:30 registration/continental breakfast)
     Thursday, November 30th, 2006 at Microsoft's NYC Office - Click To Register
 

CxO Seminar: Exchange Email Security and Lifecycle Management
Presented by QTS, Microsoft and Symantec
Email has quickly risen to become the most mission-critical application for most businesses, and presents a series of challenges to network administrators around security, management and archiving/capacity management.  In this seminar, QTS, Microsoft and Symantec will show you how our best practices, combined with products such as Microsoft ForeFront Security products (ISA Server, ForeFront Server Security), Microsoft Operations Manager, Symantec Mail Security and Symantec Enterprise Vault can be combined to create a secure, well-managed and highly reliable email environment.  We will also touch on the roadmap and new features in Exchange 2007.
   9:00 AM-12:00 PM (8:30 registration/continental breakfast)
     Wednesday, November 29th, 2006 at Microsoft's Iselin, NJ Office - Click To Register
     Thursday, December 14th, 2006 at Microsoft's NYC Office - Click To Register

 

CxO Seminar: Securing Your Microsoft Medium Business Network
 Presented by QTS, Microsoft, Symantec and Citrix
Join Microsoft, Symantec, Citrix and QTS for this informative seminar on how to optimize security for your Microsoft network.  Key topics will include Security Policy and Enforcement, Secure Remote Access, Identity Management, Perimeter and Client Security, Email Architecture and other key elements.  Together, we will review the architecture and best practices for implementing a strong security strategy and architecture.
   9:00 AM-1:00 PM (8:30 registration/continental breakfast; lunch provided)     Thursday, December 7th, 2006 at Microsoft's NYC Office - Click To Register

Please visit www.QTSnet.com/events for our full event schedule.

 

Back to Top

PATCHES & UPGRADES

Call the Customer Support Center to have us apply QTS-standard patches and keep your systems current. The following patches have been recently released and are generally recommended by QTS:

* New Security Updates are available in November for Symantec ESM, Symantec Network Security, Symantec Gateway Security, Symantec NetRecon and Symantec Client Security.

To receive notifications of new Microsoft product downloads and Service Packs, click here.

Also, please click here for applicability of Microsoft Security Bulletins to the products in use at your environment. Contact your QTS Account Manager if you would like our Customer Support Center to monitor these bulletins for you and advise with recommendations for your environment upon release of new bulletins.

Note that Microsoft releases security patches on the second Tuesday of each month. New Security Updates to Windows and Office are available.

Symantec (formerly Norton) Antivirus Corporate Edition signature files are currently at version 81127r (11/27/2006). CA eTrust Antivirus 6.x/7.x signature files are currently at version 23.73.69 (11/27/2006). McAfee VirusScan / NetShield signature files are currently at version 4905 (11/27/2006). Trend Micro signature files are currently at version 3.961.00 (11/27/2006).  Please keep your antivirus signatures, and your scan engines, current! If you do not have your system set up to automatically distribute updates from your server to your PCs, please call your QTS Account Manager or the Customer Support Center.

Some patches can cause problems, especially in combination with other software programs or patch levels. Please talk to us to verify whether we see any possible problems in your environment before patching your systems independently. We make best efforts to test patch combinations but cannot guarantee compatibility between software and hardware manufacturers’ products.

Back to Top

PRODUCT SUPPORT LIFECYCLE WATCH

The following products are pending “end of life” status by their manufacturers, and therefore customers should be planning for system upgrades or replacement.

* Microsoft Exchange Server 5.5 support ended on 12/31/05.
 * Novell NetWare 4.2 reached end of life on 6/1/05.
* Novell NetWare 5.1 reached end of general support on 10/31/05.  Extended Support ended on 11/1/06.
* Novell NetWare 6 reached end of general support on 11/1/05.  Extended Support ended on 11/1/06.
* Citrix MetaFrame 1.8 reached end of support on 12/31/05.
* Citrix MetaFrame XP reaches end of maintenance on 12/31/06, and end of life/support on 6/30/07.
* Citrix MetaFrame Presentation Server 3.0 reaches end of maintenance on 6/30/07, and end of life/support on 12/31/07.
* Captaris RightFax 8.5 reached end of life on February 17, 2006.  RightFax 8.7 is supported until November 1, 2007.

Please remember that end of life for a product does not only impact that product, but also other products that interact with it.  For example, end of life status for an operating system means that no new software products that are released will run on that operating system, as the manufacturers will no longer receive support from the operating system vendor.

Back to Top

 

SOLUTION SPOTLIGHT: MICROSOFT OFFICE 2007

Microsoft Office 2007 is the newest version of Microsoft Office, consisting of a wide range of client and server components that work together to enhance personal productivity, improve team collaboration, provide deeper insight into business data and allow for enhanced content management.

Microsoft Office 2007 consists of several versions, each consisting of different components.  As with prior versions, the Standard version includes Word, Excel, PowerPoint and Outlook.  The Professional Plus version adds Access, Publisher, InfoPath and other client access licenses, while the Enterprise version includes these pieces plus Groove and OneNote 2007.

Although there are plenty of new features and capabilities, the major enhancement of Office 2007 from a personal productivity perspective is the new User Interface, which has been refined to make it easier for users to find commands and to quickly produce professional looking documents.  Microsoft has introduced "the Ribbon" to replace the legacy menus and toolbars, providing more context sensitive command access and a more graphical experience.

*For more information, click here.

Back to Top

SPECIAL OFFERS

MICROSOFT LIVE COMMUNICATION SERVER – FREE CLIENT ACCESS LICENSES
Microsoft is offering customers with Software Assurance on Microsoft Exchange that was active on or before 10/1/03 free CALs for Microsoft Live Communications Server, to match their Exchange CALs owned at that time.  Software Assurance can also be purchased for redeemed LCS CALs at the time SA on Exchange is renewed.  Contact your QTS Account Manager for more details.

Back to Top

QUIKNEWS ARCHIVES

For access to past issues of QTS QuikNews dating back to January 2001, click here.

Back to Top

 

 

SUBSCRIPTION INFO

This newsletter is distributed to QTS clients, recent contacts, and "friends of QTS." We respect your privacy and never share your contact information with others.

To Comment on this newsletter, send an email to QuikNews@QTSnet.com.

To Remove yourself from this mailing list please send a reply to this message with the word UNSUBSCRIBE in the subject field, or contact your QTS Account Manager.

To Subscribe to this Newsletter, go to http://www.qtsnet.com/contact/QuikNews.htm.

To View an archive of QTS QuikNews newsletters, please visit http://www.QTSnet.com/stayinformed/QuikNews/QuikNews_Index.htm.

(c) Quality Technology Solutions, Inc. All rights reserved.

 

Quality Technology Solutions, Inc.
201 Littleton Road, 2nd Floor
Morris Plains, NJ  07950

Tel: (973)984-7600
Email: QuikNews@QTSnet.com
Web: www.QTSnet.com

Back to Top

 

This site last updated 11/29/06
© 1999 Quality Technology Solutions, Inc.
201 Littleton Road, Morris Plains, New Jersey 07950
telephone: 973.984.7600       fax: 973.984.7650
 email: info@qtsnet.com