Iowa/Nebraska Novell Technical Blast
John Bezy, Novell Iowa/Nebraska Systems Engineer
Vol 3, No 3 - 2/14/01
** High Priority **
Technical Tips
Anna Kournikova? Tennis Player, but Now a New, Potent Virus
It's an apparently polymorphic VBScript virus. http://www.zdnet.com/zdnn/stories/news/0,4586,2684605,00.html
To keep them from affecting you at all, turn off Windows Scripting Host
(actually I just associated the file types with Notepad instead). See:
http://www.zdnet.com/zdhelp/stories/main/0,5594,2568111,00.html
If you need ammo in the fight against the new worm that emailing its
way around the world right now, we've got some Just In Time Cool Solutions
for you. If you are a ZENworks for Desktops user, you're in luck. Check
out this article by Martin Buckley, one of the original ZENworks Zealots.
He explains how you can use ZfD 3 to deliver a lockdown which turns off
the Windows Scripting Host. http://www.novell.com/coolsolutions/zenworks/features/a_zwz_wsh_antivirus_zw.html
To find out more about the worm, and learn a nifty trick for sorting
out possible wormy emails in your GroupWise mailbox, see this article:
http://www.novell.com/coolsolutions/zenworks/features/a_here_you_have_virus_zw.html
Mixed NetWare/NDS Version Tree?
Here are some comments from a senior Novell consultant. They vary a
bit from some of the TIDs... So the usual disclaimer applies....
"The first NW5.1 server in the tree must contain a replica of the [Root]
partition to guarantee that the schema extensions that are introduced
by NW5.1 are propagated throughout the tree correctly. The general recommendation
for the first NW5.1 server in a NW4.11 tree is to upgrade an existing
server that holds a replica of [Root] first, or to install the new server
as NW4.11, then add a replica of [Root] to it and then perform an in-place
upgrade.
This general principal applies to any product installation that extends
the schema. Schema extensions only propagate to servers that are in partitions
that the server introducing the schema extensions holds a replica of
and down the tree from those partitions. Schema extensions do not propagate
up the tree.
Some application installations walk the tree to [Root] during the schema
extension portion of the installation and will extend the schema properly
no matter which server you are installing the application to. Unfortunately
most applications that extend the schema do not do this, so you should
always install to a server holding a replica of [Root] first."
But, There Can Be Some Problems with NetWare v4.10...
The NW5.1 servers running NDS8 are not compatible with NW4.10. The support
life cycle ended for NW4.10 before NW5.10 NDS8 was developed. The result
of this is that NW4.10 will not handle the auxiliary classes from NW5.1
NDS8. This will stop the synchronization of the schema possibly for the
entire tree, depending on the order of the Schema Sync List. The solution
for this problem is to upgrade to NW4.11/4.2 or higher. You may set the
replicas to master on the NW5.10 servers to better handle the schema
sync, however you will experience problems until the 4.10 servers are
out of the tree.
Looking for Beta Testers..
We're currently looking for Novell Customers who are interested in becoming
an authorized beta test site for Consolidated Support Pack 6 (CSP6).
CSP6 consists of:
Need to Remove The NICI Key on Your Server?
The general rule of thumb is as follows:
Each NetWare 5.1 (and NetWare 5.0 with Cert Server) installed into the
tree typically has a certificate issued in the directory as well as pulled
down the NICISDI keys from the certificate server. When you "change"
certificate servers in the tree all this needs to be redone.
This means:
More on the Compaq Insight Manager Vulnerability
http://www.securityfocus.com/bid/1917
The default installation of Compaq Management Agents allow anonymous
access via port 2301 over HTTP to the files SYS:SYSTEM\AUTOEXEC.NCF and
SYS:ETC\NETINFO.CFG. These files may contain the remote console password
in addition to others such as the SNMP ControlCommunity password. The
passwords are stored in plaintext and can be obtained by connecting to:
http://target:2301/survey.
Successful retrieval of the passwords may allow a malicious user to gain
full administrative control over the Management Agents.
FTP Substitute? A Recent Dave Kearns Article
Today's focus: FTP substitute
By Dave Kearns
This has happened to me, and it may have happened to you. I'm on the
road, ready to make a special presentation, when I discover that the
slideshow file on my laptop has been damaged - or worse, I forgot to
bring it!
This usually means calling the office and having someone find the file
and then e-mail it to me. That is, provided someone with the right permissions
and abilities is available. Now there's a better way.
The Universal File Share (UFS) from Ideaberg is, essentially, a directory-enabled,
Web-based FTP substitute.
FTP servers have many known (and unknown) security holes than can be
exploited. Most enterprises that have FTP servers have them isolated
from the corporate network and build walls around them so that anyone
accessing the FTP server cannot easily break into the enterprise. That
doesn't help when you want to retrieve your personal files.
UFS enforces authentication through Novel Directory Services, so security
is not a problem. This also means that anyone using UFS sees only those
files they have rights to, and can't do anything via a Web browser they
couldn't do from their desktop NetWare client.
In order to use UFS, you need to be running NetWare 5 with the Netscape
Enterprise server (included with NetWare) or the Apache server for NetWare
(a free download), but that is more of a help than a hindrance (no need
to worry about those nasty Microsoft Internet Information Server security
holes).
UFS is licensed for only $250 per server - or $2,500 for a site license.
There's also a downloadable evaluation version at http://www.ideaberg.com,
so give it a whirl. By the way, because Ideaberg encourages telecommuting,
the company is the biggest user of UFS.
Novell Career Pak now a standard product
The Novell Career Pak is a bundle of courses targeted at jumpstarting
students for a new career as an IT professional. Once a limited-time
promotion, this convenient, cost effective package prepares new entrants
to take both the Certified Novell Administrator (CNA) and CompTIA Network
+ examinations. The Career Pak includes the following Novell Education
student kits:
Novell Merges CIP Certification with CIW Certification
Your Novell CIP credential allows you to obtain instant dual certification!
For complete information, see http://www.cip2ciw.com/
US East Region * Novell Education Delivers Advanced Technical Training
(ATT) and Boot Camps
Visit www.novell.com/registernow
for complete schedule & updates.
ATT - ZENWorks for Desktops v3 - 3 days
$1495 or 6 Education Vouchers or Partner Passport
| Detroit Cincinnati Boston Philadelphia Washington DC Albany, NY New York Detroit Boston New York |
February 21,22,23 (sold out) February 26, 27, 28 March 5, 6, 7 March 12, 13, 14 April 18, 19, 20 April 23, 24, 25 April 30, May 1, 2 May 21, 22, 23 June 4, 5, 6 July 23, 24, 25 |
| Cincinnati Boston Philadelphia Washington DC Albany, NY New York Detroit Pittsburgh Philadelphia |
March 1, 2 March 8, 9 March 15, 16 April 16, 17 April 26, 27 May 3, 4 May 24, 25 May 31, June 1 June 14, 15, 16 |
| Washington DC | July 26, 27 |
| Philadelphia | March 13, 14 |
| Washington DC | May 8, 9 |
| Washington DC Philadelphia |
May 14-18 and May 21-25 July 23-27 and July 30-Aug 3 |
Novell direct training complements NAEC training.
Visit www.novell.com/education/locator
to locate courses in your area. NAEC training can lead to high-value
certifications such as CNE and CDE. Self-study and eLearning tools available
through NAECs and through your Novell reseller or licensing contract.
Cool URLs
Need Info on the SAN (Storage Area Network)?
A good tutorial at http://www.dothill.com/tutorial/index.htm
Sun's Response to Microsoft
This is one of the funniest things I've read in a long time. This Sun's
response to emails that MS has been sending out questioning Sun's technologies.
It's well worth a read. http://www.sun.com/dot-com/realitycheck/headsup010205.html
Using NIMS? Want to Know More About It? Get Files?
Check out www.nimsinfo.com.
See What We Are Doing for Electronic Government
www.digitalut.novell.com
Check it out, this is for governments!
Interesting Factoid
Information Security Deb 2001 Factoid - 56% 8% 7%. Percentages of
defaced web sites between Aug 1999 and Dec 2000 that ran on NT, Solaris,
and Red Hat Linux respectively... (from Attrition.org)
STILL Seeking Information
We are looking for customers who are using Novell Products to do the
following functions. If you are, would you send me an e-mail describing
what you are doing? Also, unless you explicitly state in the e-mail
that you wouldn't mind if other customers contact you, your information
WILL NOT be shared with anyone... Thanks...
Sales Stuff----
HIPAA Security Requirements Assessment
Children's Hospital Oakland First to Complete Novell's HIPAA Security
Requirements Assessment
Novell Prescribes One Net to Healthcare Market
Novell Healthcare Combines Proven Products, Education and Consulting
Services to Address the more than $1 Trillion Healthcare Market - Novell
Healthcare provides organizations with single global network to reduce
costs and improve healthcare services
· Consultant & Systems Integrator partners offer healthcare solutions
based on Novell Net services software
· Novell Net services software successfully deployed at leading healthcare
companies
Novell Healthcare Customer Quotes
Novell and PricewaterhouseCoopers Deliver Integrated Solution for the
Healthcare Market
· Alliance will provide expertise and infrastructure solutions to give
customers competitive advantage in the more than $1 trillion healthcare
industry
· Enables healthcare organizations to meet challenges of responding to
new industry regulations, changing relationships with managed care providers
and consumers, and Internet integration
Administration Information:
Subscribe to news listservs at:
For GroupWise list: http://www.ngwlist.com
For Syracuse U NetWare list: listserv@listserv.syr.edu with 'subscribe novell' in message body
Trouble Incident Escalation
If you have an open support incident and it has been open for an unusually
long period of time, one of my functions is to help escalate the issue
inside Novell Tech Support. I will decide what the 'unusually long period
of time' is... If you have a support contract, your issue should be resolved
within days (resolved; depending on the level of the support contract,
someone should contact you within minutes/hours to start working on it.)
Without a support contract, you might face hours/days of waiting before
tech support can address your call. So, if you feel you need assistance,
send me an e-mail describing the incident, the incident number, and who
to contact. If you don't have an open incident, don't get me involved
until you do.
How to Get Tech Support
Want to see how some of our solutions work?
Check them out at the on-line demo city... http://democity.novell.com/staticindex.html
Due a Software Upgrade?
Here is how the process works.... You should receive an e-mail from Novell
Sales Operations stating you are entitled, as an upgrade protection customer,
the next upgrade for product XYZ... You should then go to the upgrade request
site at www.novell.com/licensing/upgfulfill
and fill in the appropriate lines and information. Your upgrade should then
be shipped second day.... BUT turnaround time is dependent on when the product
is actually available for FCS (First Customer Ship), which could be days or
weeks after the actual product announcement. If you are then having problems,
please let your IA/NE Novell team know so we can get involved.
Previous Editions of this E-Blast
Have you missed previous editions of this newsletter? Want to read them?
Thanks to the CINUG (Central Iowa Network Users Group), they have posted
them all at http://www.cinug.net/nov_blast.html...
Unsubscribing
If you do NOT want to continue to receive this e-mail blast, please send
an e-mail to
jbezy@novell.com,
with 'unsubscribe e-mail blast' (without the quotes) in the subject line,
and you will be removed from the list.
Subscribing
If other people in your organization not directly receiving this e-mail
blast wish to do so, have them send an e-mail to
jbezy@novell.com,
with 'subscribe e-mail blast' (without the quotes) in the subject line,
and they will be added to the list.
Changing Addresses
If you need to change your e-mail address, send an e-mail to
jbezy@novell.com
with 'change e-mail blast' (without the quotes) in the subject line,
and your address will be changed. We like to keep track of Novell users.
We recognize there is frequent turnover in the networking business, so
if you are changing jobs, please drop me a line....
Disclaimer:
Information contained herein is provided as-is. Opinions are those of
the author and may or may not be the same as those of Novell, and are definitely
NOT attributable to Novell unless otherwise noted.
John Bezy
Novell Systems Engineer
Iowa/Nebraska
ph: (402) 291-1808
eFax: (561) 760-6149
fax: (402) 291-4529
Novell-the leading provider of
Net Services Software
www.novell.com
jbezy@novell.com
Last Revised February 19, 2001. Site maintainted by MG Consulting and Colorfx Marketing Services, sponsors of the Central Iowa Network Users Group.
Feedback |
Legal |
Privacy
© 1999-2001 Central Iowa Network Users Group