Sep

Windows Server Update Services (WSUS)

Jesse Woodriff This week I’m going to show how to tackle the WSUS 3.0 install. I’m also going to talk a little bit about some of its functionality. I’m sure that by now everyone is familiar with how Windows Automatic updates work and how you can schedule them or manually choose to update your pc. Well WSUS is pretty much the same type of thing except you have a central place to manage updates for every pc or server in your organization. You also have the option to store the updates locally to your WSUS server so that your pc’s will be able to download updates quicker.

First, the installation

When you’re ready to try WSUS you can download it from here. Ok, now on to the install. Run the WSUS3Setupx86.exe. Click next à

In the below screen shot choose “Full server installation”. Next à

Next is the license agreement. It won’t install without it. Next à

Below, you can choose where to install WSUS and also whether you’d like to store the updates locally. Basically, it all runs the same if you choose not to store the updates locally, it’s just if you need to save disk space. Next à

This screen shot lets you choose to use an internal windows database or if you are currently running mssql on this server you can choose to use that instead. I chose to use the internal database. Next à

Below, you can choose whether to use the existing IIS default website for the web services. I chose to use the IIS default web site (recommended if you do not have other websites on the server). Next à

Ready to Install! Click Next à

Going through the install.

Congratulations. You now have WSUS installed.

Some configuration choices

Once you’re finished installing then you can configure it to send e-mail notifications when there are new updates and alerts. From the options menu you can customize your WSUS solution.

Within the administrator WSUS console you can view all updates, critical updates or security updates. You can also choose to decline or approve them for install. As you can see under the computers tree on the left you can view all computers whether they are servers or just PC’s. Reports can also be generated to help you with updates.

To update your client PC or server you’ll need to either configure a Group Policy Object (GPO) within your active directory or if it’s in a non active directory environment you can edit the registry. Find more information about configuring the client here.

This was just a quick rundown for WSUS, so if you’re interested in making sure that all the PC’s in your office or infrastructure are updated you should give WSUS a test drive. By controlling what updates and who gets them you can better secure your environment.

Additional Resources

WSUS download
https://www.microsoft.com/downloads/details.aspx?familyid=E4A868D7-A820-46A0-B4DB-ED6AA4A336D9&displaylang=en

Determining a method for Client configuration
http://technet2.microsoft.com/windowsserver/en/library/3a8c83c3-4eac-4cc3-86fc-a54e67de9c121033.mspx?mfr=true

Filed under: Technical Articles on September 20th, 2007 | 1 Comment »

Sep

Windows updates that won’t crash your network

team bay Everyone running a computer nowadays is probably used to running a software update mechanism of some sort. Windows users, Mac users, even Linux users are consistently bombarded with new features, bug fixes and software updates. This is all well and good except when the updates can cause network bandwidth utilization issues, or even system crashes. Take for example the two day outage Skype users suffered last month. It was reportedly caused by company personnel doing windows updates, which then required reboots, which then required users to re-connect to the network, and then crash! Obviously I would have concerns about a network being brought down by a simple update, but the fact that they say this is how it happened led me to our topic today. For all of you running Microsoft Windows networks I am happy to introduce you to a simple way to avoid this issue: Windows Server Update Service or WSUS. (Sorry Mac and Linux users).

What is WSUS?

So, what is WSUS you may ask.. Well simply put, it is a software application that allows companies granular control over the downloading, distribution and installation of Microsoft Windows patches. Or as far as Skype is concerned, it is the service that could have prevented their system from crashing.

Let me explain a little bit. The WSUS service plays two critical roles in the Windows updating process. First it becomes the central repository for all of those windows patches that need downloading almost every day. WSUS server initiates contact with Microsoft and downloads patches so your internal computers no longer need to strangle your precious Internet connection. This single fact in a company of 100 windows computers will provide a 100x bandwidth usage reduction. Second, and just as important for our friends at Skype, WSUS allows the integration of policy based patch deployment. Let’s take a look at that a little closer. WSUS allows administrators to deploy updates and patches based on corporate security and business rules. For example, again for our friends at Skype, a good deployment rule would be to create sub sections of computer users and deploy the patches in stages as opposed to all at once. Another possible rule, only deploy patches during low usage times, either of which could have minimized the risk occurred by updating, and potentially eliminating unnecessary outages.

Technical Preparedness

Obviously there are some technical considerations when evaluating and deploying a solution like this, and our own Jesse Woodruff has taken a deeper look into the technical world of WSUS in his post here.

Ultimately there are a number of reasons networks and systems can crash without any help from us, hopefully this tool gives you the ability to take one item off that list.

Good Luck!

Additional Resources

Skype Crash
http://gizmodo.com/gadgets/breaking/skype-blames-microsoft-windows-update-for-network-crash-291202.php

WSUS Homepage
http://technet.microsoft.com/en-us/wsus/default.aspx

WSUS Overview
http://technet2.microsoft.com/windowsserver/en/library/632f98ac-9d45-480b-b801-996b714cebd01033.mspx?mfr=true

Filed under: Business Articles on September 20th, 2007 | No Comments »

Sep

Anti-Spam - Is it good for breakfast?

mark cropsmlII When I told my wife I was writing a story about stamping out spam she was pretty excited because she never could understand how I could eat that stuff. (Personally I love it!) I know it’s an old joke. What I really want to talk about is email spam, how it is evolving and the steps you can take to reduce it in your organization.

Is my anti-spam solution working?

If you’ve noticed an increase in spam you’re right! There are actually two things occurring. First, the volume of spam has grown by over 15% in the last six months. In fact, it is estimated that over 85% of all e-mail traffic is now spam. Second, spam firms are always looking for and finding new ways to get around spam filters. Until recently you probably saw a lot of emails where the message was actually an image rather than text. However anti-spam technology has evolved rapidly to identify and stop image spam. Within a mere six months image spam has almost stopped.

What’s the latest spam ploy?

Now it’s fake greeting cards or “attachment” spam. You receive an innocent looking message that asks you to open an attachment. In many cases it looks like a greeting card. When you open the attachment, your PC can be hijacked and turned into a “zombie” that can be used to forward more spam without your knowledge. Who knew The Night of the Living Dead was more truth than fiction.

A spammer’s main goal is to get you to go click on a web link or URL. Often it’s to get you to look at a product, call a phone number, buy a stock or order some form of medication (as if any of us really need to be any bigger!) So pay attention. It’s easy to fall prey to an innocent looking e-mail that says “Hey John - click here to see pictures from our vacation!”

Now my filter is blocking good messages!

Yep - here’s the flip side to the issue. As anti-spam filters become increasingly sophisticated, the prospect of a false positive has grown. So what to do? Quite often administrators will “white list” the domain of the sender. However, remember our earlier statement about zombie machines? Who’s to say that the server you trust today won’t be infected tomorrow? Obviously sometimes you will need to white list a domain, just don’t be indiscriminate. Better to white list an individual e-mail instead.

I also see people do things like enter the subject in all capital letters or give a short “Guess what ?????” subject with a string of punctuation. Anti-spam filters use content to identify spam. If your e-mails look like spam, they get treated like spam.

We’ve also noticed that AOL accounts seem to bounce e-mails more than other services. I think they are trying to provide protection to their customers but sometimes it goes a little overboard.

Is there anything else to worry about?

Yes, stopping spam is an ongoing process but the good news is that technology is moving fast to keep up. The best defense is a dedicated anti-spam appliance that sits in front of your email server. You don’t want your email server spending all its time monitoring for spam and slowing down. The anti-spam device we employ at Awecomm monitors for all of the following items:

Anti-spam
Anti-virus - Might was well check for viruses at the same time. Don’t let emails get through with viruses that a user might open.
Anti-phish - protects from schemes often used to gather confidential information about an organization or its users.
Anti-spy (attachments) - scans attachments for spyware executables and delete.
Anti-spoof - prevents the use of forged or “spoofed” sender addresses on unsolicited emails.
Denial of Service protection - use rules to prevent denial of service attacks.

There are also anti-spam services and anti-spam software you can run locally, but a hardware solution is going to be faster. Take a look at your budget and overall requirements. With any solution make sure there is a competent subscription service in place to update the rules and scanning mechanisms on a regular basis.

Here are some additional tips:

1. Never reply to spam messages even if you are given a “remove” option. Instead use your Outlook or anti-spam service to block the message. (Most systems have a plug-in that lets you tell the service whether to mark or unmark a message as spam). The only time you may want to respond is if you know the e-mail is from a reliable source.
2. Do not open attachments from a source you are unfamiliar with. If necessary call the individual to confirm first.
3. Don’t send your email address through chat rooms or instant message services.
4. Don’t put direct e-mail links on your web site. This one is far too easy to pickup. Instead, for example, use a hyperlink from your name. Even better is to use a form that uses a processing script to resolve the email address. It helps to even keep email addresses out of the site HTML.
5. Make sure you “opt out” of receiving free or additional information from a web site. A lot of sites have a flag that defaults to “Send me more information”. Make sure to uncheck it.
6. If you are just checking out a site and aren’t sure if you will go back you can always enter a fake e-mail address if one is required.

There are obviously a lot of issues to deal with when it comes to spam. Complicating this scenario is the fact that the nature of spam is changing all the time. Spam identification and elimination solutions will constantly evolve. However the cost on the organization in terms of wasted time or possible outright damage to your network is too substantial to ignore. You will need to be proactive and don’t be surprised to see spikes in activity. But if you have a good solution in place you should see it adapt to the challenge.

Sources:

Barracuda networks white papers. http://www.barracudanetworks.com/ns/support/white_papers.php

Personal experience fighting the fight!

MSNBC articles on spam

Filed under: Business Articles on September 5th, 2007 | Comments Off

Sep

SPAMming the SPAMmers

Matt Salloum Well, I have never eaten SPAM, but I have deleted a bunch of it. A few years ago, you may have been excited when you have received a new email. Now, you just wish you recognize the sender. SPAM email has become more prevalent in recent years and is one of the biggest pains to deal with. Unless you like adds for Viagra or “Get rich quick” emails. In this article, I will discuss exactly the types of SPAM, why they are out there and some things you can do to minimize it.

What is SPAM and how many kinds are there?

First, why is it called “SPAM?” It seems that this term came up from a Monty Python SPAM sketch; the sketch was set in a café where every item included SPAM meat. The chorus of patrons were singing the words “SPAM, SPAM, SPAM…lovely SPAM, wonderful SPAM,” thus “SPAMming” the dialogue. SPAM meat was also one of the few products not rationed during World War II, making it commonly available. Looks like the name took off from there.

Before we can tackle SPAM, we must first know the proper definition. Some of the definitions vary, but my favorite comes from Wikipedia, “Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.” This pretty much sums it up; SPAM is a mass email about something you probably have no interest in, or an attempt to infect your computer with a virus, spyware, adware, etc.

How many kinds are out there? There are many different kinds, trying to do the same thing, annoy you. The most common and widespread is e-mail spam; here is a list of some others you might be familiar with:

Instant messaging
Usenet newsgroup
Web search engine
Spam in blogs
Mobile phone messaging
Internet forum
Junk fax transmissions
Image
Blank

As you can tell, SPAM is all over. Most of these are for recreational purposes and it is a shame that SPAM is ruining user’s experiences. You can read more about each of these here: http://en.wikipedia.org/wiki/Spam_(electronic)

How does it work?

You have probably been the victim of many SPAM mass emails; have you ever wondered what is going on? By examining how these emails get out; it is not hard to do, which is why there are so many. There is a simple “SPAM to do list” explained on spambloggers.com; this explains what one would do if they wanted to become a SPAMmer.

Procure initial capital.
Acquire a list of e-mails to which you will send out your messages.
Get at least one client that is willing to pay you in order for you to distribute their message.
- Figure out a way by which you will be paid by your client.
- Figure out how you will track the payment conditions.
- Setup the system by which you will be paid by your client, following the payment tracking conditions.
Create a system which you can use to distribute the message to the e-mail list.
Press Go

It is as simple as getting some money together and thinking up a product, or fake product to sell. Once you have that you can get a list of email addresses to send to. Just remember, if one per son will buy it, then many more will. If they pay using Paypal or another Internet pay portal, the money will come in without much work on your end.

I guess the next question anyone might have is, “Is SPAM illegal?” Well, for the most part no, but states have varying rules. SPAMmers are sending messages from outside the United States, which makes it much harder than creating a law. Sending someone a SPAM email is not illegal; forging another company’s software is illegal. This will be discussed in the next section.

People that got busted and stats on SPAM

SPAM has been around for some time now, there must have a few people that have been caught. Well, there are actually many, but I will explain two cases.
Ryan Pitylak - a 24 year old out of Texas, is known for one of the biggest spammers of all time. At his peak he was sending out 25 million messages a day and made between 3 to 4 million throughout his career. His emails offered mortgages and debt counseling, but in the end he paid a fine of 1 million and costly legal bills. He now clams to be an “anti-spam activist.”

Jeremy Jaynes - Spammer that Virginia and AOL put in jail. He made over $24 million on fake Federal Express refund kits. He was sending over hundreds of thousands of e-mails a day, with 10-17,000 replying each month. His kits went for $39.95 and was earning up $750,000 a month. He was sentenced to jail for nine years.

Here are some stats that you may think are crazy:

The first SPAM on record was in 1978 that was sent to 600 addresses. The first big scale SPAM sent was in 1994 that was sent to 6000 newsgroups. As of February 2007, 90 billion SPAM emails are sent per day. Jef Poskanzer, owner of the domain name acme.com, was getting over 1 million spam emails a day. It is estimated that 80-85% of all incoming mail is some form of SPAM. It was stated in 2006 that the SPAMming industry has cost the US over $10 billion in money, lost man hours and fixes to limit SPAM.

Interesting Cases
The first known SPAM attack was in 1978, read about it here: http://www.templetons.com/brad/spamreact.html

Star Trek vs. Star Wars - Star Wars fans invade a Star Trek chat room http://www.myshelegoldberg.com/writings/essays/spam.htm

With all that said, what can I do to decrease SPAM?

There are many things that can be done to decrease the amount of SPAM that you receive. The easiest way would be to customize whatever SPAM protection you are using on your mail server. A common product is called SpamAssassin; this product lets you create rules to keep you up to date with the newest attacks. You can give emails a scoring rating, ones that score too high will not be allowed through. This, combined with Outlook settings, will greatly diminish the emails you receive. Outlook will let you place all Junk emails into a Junk Folder, so only the emails you want will be in your Inbox. These programs do vary and it depends what kind of mail server you are running on. There are also other programs that you can run from your desktop that will scan incoming messages.

Another way to more efficiently limit the SPAM that you get is through a hardware appliance. The most popular one is called the Barracuda SPAM firewall. The setup is pretty straightforward; point your MX record to the appliance and setup the domain on the server. This appliance sits in front of your email server and will decide, based on its’ software, if the message it legit or not. If it thinks it is fine, it will let it pass through to the mail server; if not, it will block or tag the message for further review. There is a nice web control panel that will let you view all the messages received. If it blocks a message that it shouldn’t, you can manually deliver it through the web control panel. The only downfall is price, these units start around $1500.

SPAM is a growing issue and will continue to get worse. You can keep up with the times, or surrender to hundreds of unwanted emails a day. The major email providers seem to be getting a grasp on SPAM (gmail, hotmail and msn); but if you want your own domain, there is a bit to consider. You could go software or hardware protection and try to customize that to your liking. There are different ways to go, look around and see what works best.