E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

Controlling more

It's all about control isn't it?  Patching.  Monitoring.  And whether your flavor is Level Platform or MOM.... if you aren't looking into tools to control and do... maybe you need to look into it?

Some recent postings about MOM, made me realize that in my circle of SBS buddies .. I don't know many folks running MOM.. Level Platforms, yes, but not MOM.  Any SBSers out there that are MOM'ers?

I think we're all a bit chicken to be installing it when were not sure it's SBSized enough.  The last thing we want to do is muck up a clients computer playing around.... so ...are you using any tools to monitor your networks?

Microsoft Security Advisory Notification

 
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 16, 2005
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Security Advisory (899588) 

  - Title:    Vulnerability in Plug and Play Could Allow Remote Code
	 Execution and Elevation of Privilege (899588)

  - Reason For Update: August 16, 2005: Advisory has been updated 
    to document additional information about variations of 
    Worm:Win32/Zotob.A and additional information about the 
    ongoing investigation.

  - Advisory Web site: http://go.microsoft.com/fwlink/?LinkId=51237

  - Bulletin Web site: http://go.microsoft.com/fwlink/?LinkId=48900


Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). The Microsoft Security Notification Service: 
  Comprehensive Version. It provides timely notification of any 
  minor changes or revisions to previously released Microsoft 
  Security Bulletins and Security Advisories. This new service 
  provides notifications that are written for IT professionals and 
  contain technical information about the revisions to security 
  bulletins. To register visit the following Web site:

  http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
  can help protect your PC at the following locations:

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a
  Microsoft security update, it is a hoax that may be distributing a
  virus. Microsoft does not distribute security updates through
  e-mail. You can learn more about Microsoft's software distribution
  policies here:
  
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

New variant of worm - batten down the hatches

Incidents.org  and the newsmedia [mainly because it appears they got nailed good] are reporting on a new variant of the Plug and Play worm.

Symantec Security Response - W32.Zotob.E:
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.e.html

I'd like to copy part of the incidents.org web site and remind everyone....

Malware can only develop as fast as it is developing in this case because of extensive code sharing in the underground. The only way we can keep up with this development is by sharing information as efficiently. Being able to do so openly will make it only easier to do this sharing. Please join our effort, and share future observations with us. We will continue to turn them over quickly and make them available via out diaries for everybody to read and to learn from.

Update..just got hit on IM with this alert from McAfee

We announce that _fill in the blank_

Microsoft Corp. today announced Berbee Information Networks Corporation has become the first Small Business Specialist in Madison. To attain this new designation, Berbee has demonstrated expertise in planning and building solutions for small businesses. As part of the Small Business Specialist Community, Berbee will receive a rich set of benefits from Microsoft, including access to training specifically designed for the small-business industry, small-business marketing materials for reuse, special partner offers, and the ability to use the Small Business Specialist logo in marketing materials, which can help give the company a competitive advantage in the marketplace.

“Berbee is extremely pleased with our status as the first Small Business Specialist in Madison,” said Liz Eversoll, vice president of the Berbee Microsoft practice, “For our small business clients, this special designation adds another facet to our award-winning Microsoft practice and extends the value we bring to our client relationships as the go to Microsoft partner in the Midwest.”

The Small Business Specialist Community, available as a competency-like designation as part of the Microsoft® Partner Program, was developed in response to input from customers and partners that expressed a need to build easier connections that enable small-business customers to quickly and easily identify technology partners best suited to support them.

“Small businesses are looking for partner companies that understand their unique business needs,” said Mike Porter, Midwest Area General Manager, Microsoft Small and Midmarket Solutions & Partner Group. “With resources like the Small Business Specialist Community and the partner locator tool on the Microsoft Small Business Center Web site, it will be much easier for Madison’s small businesses to identify local partners that are best able to address their specific needs. We are confident this offering will help Berbee reach its full potential by creating more visibility, opportunity and demand in the local small-business segment.”

As one of the requirements for attaining Small Business Specialist status, Berbee had to pass Microsoft’s Small Business Sales and Marketing Skills Assessment, designed to test the company’s knowledge of the dynamics and dependencies of the small-business market, as well as the value to small business of several software solutions, including Windows® XP Professional, Microsoft Office 2003 and Windows Small Business Server 2003. In addition, at least one individual in the company had to pass a certification exam that measures the ability to design and implement solutions for the small and medium-sized business by using Windows Small Business Server 2003 and the Windows Server System™.

The Small Business Specialist Community was announced earlier this month at the Microsoft Worldwide Partner Conference 2005.

Founded in 1975, Microsoft (Nasdaq “MSFT is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

#########

Microsoft, Windows and Windows Server System are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

So the question came in from the mailbag... how do we get one of those in a paper?  Well first you have to BE the first... so if you were not... you can't ...BUT you can do your own press release.... take an existing one..and change it...

Microsoft Corp. today announced _insert your company here_ has become the _a_ Small Business Specialist in _insert your city name_. To attain this new designation, _insert your company here_ has demonstrated expertise in planning and building solutions for small businesses. As part of the Small Business Specialist Community, _insert your company here_ will receive a rich set of benefits from Microsoft, including access to training specifically designed for the small-business industry, small-business marketing materials for reuse, special partner offers, and the ability to use the Small Business Specialist logo in marketing materials, which can help give the company a competitive advantage in the marketplace.

“_insert your company here_ is extremely pleased with our status as the _a_ Small Business Specialist in Madison,” said _insert your name_, _insert high falutting tiltle here_ of the _insert your company here_ Microsoft practice, “For our small business clients, this special designation adds another facet to our _insert glowing word here_ Microsoft practice and extends the value we bring to our client relationships in _insert your area of the Counry_.”

The Small Business Specialist Community, available as a competency-like designation as part of the Microsoft® Partner Program, was developed in response to input from customers and partners that expressed a need to build easier connections that enable small-business customers to quickly and easily identify technology partners best suited to support them.

“Small businesses are looking for partner companies that understand their unique business needs,” said Mike Porter, Midwest Area General Manager, Microsoft Small and Midmarket Solutions & Partner Group. “With resources like the Small Business Specialist Community and the partner locator tool on the Microsoft Small Business Center Web site, it will be much easier for Madison’s small businesses to identify local partners that are best able to address their specific needs. We are confident this offering will help Berbee reach its full potential by creating more visibility, opportunity and demand in the local small-business segment.”  [okay so this paragraph you may want to majorly edit]

As one of the requirements for attaining Small Business Specialist status, _insert your company here_ had to pass Microsoft’s Small Business Sales and Marketing Skills Assessment, designed to test the company’s knowledge of the dynamics and dependencies of the small-business market, as well as the value to small business of several software solutions, including Windows® XP Professional, Microsoft Office 2003 and Windows Small Business Server 2003. In addition, at least one individual in the company had to pass a certification exam that measures the ability to design and implement solutions for the small and medium-sized business by using Windows Small Business Server 2003 and the Windows Server System™.

The Small Business Specialist Community was announced earlier this month at the Microsoft Worldwide Partner Conference 2005.

Founded in 1975, Microsoft (Nasdaq “MSFT is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

....you get the idea?  Okay so type it up...send it to your clients, and send it to your local paper.  Then submit it here to get googled up...https://secure.dataovation.com/prweb/login.php

... you know what.. I should do more of that myself... make sure I hit Google news a bit...at least so I don't have to keep using “diva' when I google...

Do you charge?

With last weeks patches comes the question...do you charge for Security patches? For Service pack installation?

Many have set up 'managed' contracts where they are using the monthly management fee to include application of security patches. Some have placed in the managed contracts that they will include the application of Service packs in this monthly fee arrangement as well.

Now, the interesting thing about this is in SBS 2003 sp1, that SP process included not just 'traditional' service packs ...but also the application of ISA 2004. That's not a service pack..that's a new application. One, unfortunately that the business owner might not see a lot of benefit from..since it's an interface that you will use.

And there's the rub. I would argue that you need to charge for Service packs...but how do you make a business case for the application of something that may destabilize a network? It's not like we don't want to apply service packs and security patches...but it's that trip through the worm hole that scares us half to death because we are what we are.

Yes I know that I argue strongly that if you have a good backup that you shouldn't mind the application of a patch ..but the reality is... sometimes that business owner doesn't have the time, the resources, the budget..the whatever to deal with a patching issue. And while 99.9999% of the time I have no issues, the reality is, you need to be prepared just in case.

I say you charge for Service packs [especially this one] and not for security patches if you have a monthly plan. What do you do?  And how are you approaching your clients and 'selling them' on Service Pack 1?

But making the business case for patching and upgrading isn't always easy... I'll grant you that.

I personally know it's the right thing to do.  But for some folks... quantifying that and identifying it better than 'it's just the right thing to do to keep yourself better protected', well sometimes you have to make a stronger case than that.

My 'takeaways' of why you should apply this Service pack?

• Data Execution Prevention on Server 2003
• Right now while you are still in a bit of a 'sweet spot' of support, there will be a time that you won't be.  Target yourself for an application of this SP of when it makes the best sense for the client.
• Gets them fully ready to go for WSUS
• Gets them fully ready to go for having a geek phone like the Audiovox
• Deploys the bulk of the latest and greatest fixes for Backup software
• ISA 2004 is well... it's a 2004 product and not a 2000 product.  “Nuff said right there.
• ..and last but not least...it's the right thing to do

Read, prep, prepare and we'll leave the light on for ya....