**********************************************************
WINDOWS 2000 MAGAZINE SECURITY UPDATE
**Watching the Watchers**
The weekly Windows 2000 and Windows NT security update newsletter
brought to you by Windows 2000 Magazine and NTSecurity.net
http://www.win2000mag.com/update/
**********************************************************

This week's issue sponsored by

Trend Micro
http://antivirus.com/SecureValentine1.htm

Network-1 Security Solutions – Embedded NT Firewalls
http://www.network-1.com/eval/eval6992.htm
(Below Security Roundup)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
February 16, 2000 - In this issue:

1. IN FOCUS
     - Something Old, Something New: DNS Hijacking

2. SECURITY RISKS
     - Timbuktu Pro Denial of Service
     - SNMP Trap Watcher Denial of Service
     - Internet Anywhere Denial of Service
     - Firewall-1 Allows Unauthorized TCP Connections
     - MySQL Allows Password Bypass
     - Novell GroupWise Denial of Service

3. ANNOUNCEMENTS
     - Security Poll: What Will the Recent DDoS Attacks Lead to?
     - Windows 2000 Magazine Presents the Windows 2000 Experience
     - Technical Pursuit 2000

4. SECURITY ROUNDUP
     - News: RSA Security Site Ransacked
     - News: Microsoft Outlines New Windows 2000 Security Strategy
     - News: Why Deny Read Access To Executable Content?
     - Feature: Avoiding Database Security Problems

5. NEW AND IMPROVED
     - Protection Against Internet Attack Tools
     - Cluster Firewall Assures Monitoring and Restart
     - VPN Suite Provides Secure Access to Remote Users

6. HOT RELEASE (ADVERTISEMENT)
     - VeriSign - The Internet Trust Company

7. SECURITY TOOLKIT
     - Book Highlight: Creating and Implementing Virtual Private
Networks Gold Book
     - Tip: Protect Your InterNIC DNS Records
     - Review: InspectorScan 5.0
     - Feature: Avoid Database Security Problems

8. HOT THREADS
     - Windows 2000 Magazine Online Forums:
        * Help with Mapping Drives
     - Win2KSecAdvice Mailing List:
        * WebSpeed Security Issue
        * More SQL Hacking with IIS 4 Through Access Driver
     - HowTo Mailing List:
        * NT 4 and DSL Security Question
        * System Policies

~~~~ SPONSOR: TREND MICRO ~~~~
Your network can be "broken" much like your heart. So no matter how
things went for you on Valentine's Day, you can strike up an ideal
match for your network with the Trend InterScan product family. PROTECT
THE HEART of your network with Trend's wide range of ANTIVIRUS
solutions. Trend is a leader in antivirus technologies -- offering
protection and security for the Internet gateway, Notes and Exchange
email servers, the desktop, and everywhere in between -- that builds a
protective, virtual VirusWall around the information pulse of your
network.
http://antivirus.com/SecureValentine1.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to sponsor Windows 2000 Magazine Security UPDATE? Contact Vicki
Peterson (Western and International Advertising Sales Manager) at 877-
217-1826 or vpeterson@win2000mag.com, OR Tanya T. TateWik (Eastern
Advertising Sales Manager) at 877-217-1823 or ttatewik@win2000mag.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. ========== IN FOCUS ==========

Hello everyone,

Every day, intruders break into and deface Web sites. The methods these
crackers use are incredibly numerous. In most cases, someone failed to
establish adequate security controls, and an intruder was able to
penetrate the network. That assumption might seem obvious, but
malicious users can use methods to subvert a normally functioning
system without actually penetrating that system's security.
   One recent example is RSA Security. Intruders allegedly defaced the
company's Web site this past weekend. After reading the initial news
reports regarding the defacement, I was slightly startled. After all,
RSA Security is a big name in the security industry and should be able
to keep its networks reasonably secure. I wondered whether the report
was true. Did someone really deface the RSA Security Web site?
   As it turns out, the answer is yes and no. To me, a Web site
defacement means someone broke into a network, gained access to
relevant file systems, and modified the HTML for the site's home page.
The alleged defacement of RSA Security's Web site did not follow that
scenario. No one broke into RSA Security's network, no one penetrated
its security, and no one modified any of its Web server files. No one
actually cracked RSA Security's site at all.
   If no one defaced the site, what did happen? The answer is very old
and very simple: DNS hijacking. At least two forms of DNS hijacking can
occur on the Internet. One hijack attack involves spoofing DNS records,
and the other method involves taking over InterNIC database records.
   From the information available at the time of this writing, it
appears that intruders used the former method to spoof, not deface, RSA
Security's Web site. I use the word spoof because that's exactly how
the attack works: Someone creates a fake Web page and then redirects
traffic to that fake page by manipulating various DNS records. When
unsuspecting users see the spoofed Web page, they assume an intruder
cracked the real Web site. In reality, the site was not cracked at all.
   In the case of RSA Security's Web site hijack, someone diverted
traffic to a fake Web page after gaining access to an upstream DNS
server out of RSA Security's direct control. The intruder accessed the
DNS server and temporarily modified its DNS records so those queries
destined for RSA Security's Web site would divert to the fake RSA
Security Web site. It's that simple. People thought they had landed on
the real RSA Security site when, in fact, they simply landed on a
spoofed site at another IP address.
   If you understand basic DNS architecture, you can understand how
this attack could happen to any domain on the Internet. DNS record
spoofing is a trivial way to spoof a real Web site crack. And to make
matters worse for the hijacked site, the hijacking misleads people into
thinking intruders cracked the Web site at Company A, when intruders
actually cracked the DNS server at Company B. Company B usually goes
unmentioned in the flurry of press reports regarding the attack. If I
knew who Company B was in the RSA Security case, I'd report that
information to you, but I’ve been unable to obtain that company's name.
   The problem with these types of hijacking attacks is that in most
cases, administrators control only their DNS records. You can’t defend
against this type of Web site attack because you have little, if any,
control over upstream DNS records. All you can do is monitor your site
using third-party Web page integrity-checker tools and take action the
instant you suspect a traffic diversion.
   Defending against the second DNS hijack type is easy because of the
attack’s nature. In a nutshell, a malicious user can perform this type
of DNS hijack by creating fake mail accounts, spoofing valid mail
accounts, and flooding the inbox of the technical and administrative
contacts listed for a given domain. This attack is successful only if
you don't use authentication for your InterNIC records, or if you
disregard the flood of email you receive from an intruder that uses
this method of attack. In most cases, the flood of email looks like a
slew of InterNIC confirmation messages. The attack relies on the hope
that less-experienced administrators will mistake these messages for
some kind of mail error and simply delete them all instead of examining
each one.
   To protect your system against this second type of domain hijack,
modify your InterNIC domain records so that they require some level of
authentication before anyone can make changes. To learn how to add an
authentication requirement to your InterNIC records, review the tip in
the Security Toolkit section of this newsletter.

Until next time, have a great week!

Mark Joseph Edwards, News Editor
mark@ntsecurity.net

2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, mark@ntsecurity.net)

* TIMBUKTU PRO DENIAL OF SERVICE
Laurent Levier discovered a denial of service (DoS) condition in
Netopia's Timbuktu Pro software. By performing a specific series of
connections and disconnections, an intruder can cause the
authentication protocol to misbehave, thereby causing the software to
hang. Netopia is aware of the problem and is working on a fix.
   http://www.ntsecurity.net/go/load.asp?iD=/security/timbuk1.htm

* SNMP TRAP WATCHER DENIAL OF SERVICE
Paul Timmons reported that by sending a trap string of more than 306
characters to the SNMP Trap Watcher 1.16 monitoring system, an intruder
can crash the software. BTT Software has released an updated version of
the software that is not vulnerable to this attack.
   http://www.ntsecurity.net/go/load.asp?iD=/security/trap1.htm

* INTERNET ANYWHERE DENIAL OF SERVICE
Nubuo Miwa reported two problems with True North Software's Internet
Anywhere 3.1.3 mail server. By sending a specific string of characters
as the parameter of the RETR POP3 command, an intruder can crash the
server. In addition, if an intruder opens 3000 or more connections on
the SMTP port, the server will respond with an error reporting too many
connects. By establishing a second large set of connections (800 or
more) immediately after the first 3000 connections, the intruder can
crash the service. True North is working on a fix as of this writing.
   http://www.ntsecurity.net/go/load.asp?iD=/security/ia1.htm

* FIREWALL-1 ALLOWS UNAUTHORIZED TCP CONNECTIONS
John McDonald and Thomas Lopatic reported a problem with Checkpoint
Technologies' Firewall-1 software. According to the report, using
particular techniques, an intruder can trick the firewall into opening
TCP ports to an FTP server behind the firewall. Checkpoint is working
on a fix for the problem.
   http://www.ntsecurity.net/go/load.asp?iD=/security/fw1-1.htm

* MYSQL ALLOWS PASSWORD BYPASS
Robert van der Meulen/Emphyrio and Willem Pinckaers discovered a
vulnerability in MySQL Server that lets a remote user bypass password
checking. The problem is the result of faulty string checking. You can
download a patch at the following URL.
   http://www.ntsecurity.net/go/load.asp?iD=/security/mysql1.htm

* NOVELL GROUPWISE DENIAL OF SERVICE
Adam Gray discovered that by sending a specific URL to the Web Access
interface of a Novell GroupWise 5.5 server, a malicious user can crash
the server. Novell is aware of the problem and has issued a patch.
GroupWise users should install Service Pack 1 (SP1) for the GroupWise
Enhancement Pack, which is available from Novell's technical support.
   http://www.ntsecurity.net/go/load.asp?iD=/security/grpwse1.htm
   http://support.novell.com/additional/

3. ========== ANNOUNCEMENTS ==========

* SECURITY POLL: WHAT WILL THE RECENT DDOS ATTACKS LEAD TO?
The recent distributed denial of service (DDoS) attacks have a lasting
effect on the Internet community. What will that effect be in the long
run? We've posted a new poll that asks the question, "What will the
recent DDoS attacks lead to?" Stop by our home page and submit your
answer today.
   http://www.ntsecurity.net

* WINDOWS 2000 MAGAZINE PRESENTS THE WINDOWS 2000 EXPERIENCE
Before making any decision concerning Windows 2000 (Win2K), get the
facts from a trusted source. The Windows 2000 Experience Web site
brings to you the how-to knowledge, resources, and product information
you need to evaluate and deploy Win2K. Everything you expect in a deep,
high-quality site: news, in-depth articles, forums, product offerings--
all focused squarely on Win2K. Visit the Web site at
http://www.windows2000experience.com.

* TECHNICAL PURSUIT 2000
Windows 2000 Magazine's "Technical Pursuit 2000" is your chance to show
up the experts and win cool prizes! Match wits with Windows 2000
(Win2K) mavens Mark Smith, Sean Daily, and Kathy Ivens at the Windows
2000 Conference and Expo in San Francisco from February 15 to 17, 2000.
   "Technical Pursuit 2000" will be held at 11:00 A.M. and 2:00 P.M. on
February 15 and 16, and at noon on February 17. To enter, drop by the
Windows 2000 Magazine booth (#1315) at the Expo and pick up your free
raffle ticket. A drawing will be held 10 minutes before each game to
select a contestant. Contestants will try to answer five Win2K-related
questions to win up to $250 in cash. On the final day of the Expo,
we're giving away $500 for five correct answers! We'll also be giving
away free prizes every hour during the entire conference, so you have
plenty of chances to win.

4. ========== SECURITY ROUNDUP ==========

* NEWS: RSA SECURITY SITE RANSACKED
Even top security firms occasionally fall prey to network intruders. A
recent case is RSA Security, whose Web site was hijacked on Saturday.
Intruders didn't change the home page, but instead diverted traffic to
a spoofed lookalike site. The give away that the site was spoofed was
the suffix added to the company's slogan: "The most trusted name in E-
commerce security has been owned." Intruders routinely use the term
"owned" to mean that they’ve broken into a site and might have left
backdoors. For a link to a copy of the spoofed RSA Security home page,
visit the URL below.
   http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=209&TB=news

* NEWS: MICROSOFT OUTLINES NEW WINDOWS 2000 SECURITY STRATEGY
On January 18, Brian Valentine, Microsoft’s senior vice president in
charge of Windows 2000 (Win2K) and Windows 98, outlined Microsoft’s new
Win2K security strategy in an address at the RSA 2000 security
conference. Valentine announced that Win2K will ship worldwide with
128-bit encryption. He explained that Microsoft sees Win2K as a chance
to respond to the security crisis that the rise of the Internet has
created. Read the rest of C. Thi Nguyen's Web exclusive story for
Windows 2000 Magazine on our Web site.
   http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=212&TB=news

* NEWS: WHY DENY READ ACCESS TO EXECUTABLE CONTENT?
Reader Jerry Walsh recently posted some interesting comments to the
Win2KSecAdvice mailing list. Walsh points out the need to secure Web
directories against unwanted actions. Case in point: ASP processing.
Many developers code their programs in pieces and place those pieces in
separate files for later inclusion in applications. This approach is a
fantastic way to make code portable and to avoid developing other
applications in the future. A programmer only needs to code an include
statement to use the portable code base.
   The concern is not the code or its processing, but how the server
stores the code. Read the rest of this Web exclusive for NTSecurity.net
on our Web site.
   http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=210&TB=news

~~~~ SPONSOR: NETWORK-1 SECURITY SOLUTIONS – EMBEDDED NT FIREWALLS ~~~~
Don’t let your network become a target of denial of service attacks.
Defend it with CyberwallPLUS - the first embedded firewall designed
specifically to protect NT servers.  It is the only firewall that gives
system administrators the network access control and intrusion
prevention needed to secure valuable servers and cost-effectively scale
to preserve performance and reliability.  CyberwallPLUS gives NT a
whole new meaning – No Trespassing.
Visit http://www.network-1.com/eval/eval6992.htm for a free
CyberwallPLUS evaluation kit and white paper.

5. ========== NEW AND IMPROVED ==========
(contributed by Judy Drennen, products@win2000mag.com)

* PROTECTION AGAINST INTERNET ATTACK TOOLS
In response to the recent spate of hacker attacks on major Web sites,
Computer Associates (CA) announced the immediate availability of
updates to the company's eTrust Intrusion Detection and eTrust Anti-
Virus solutions. These updates provide detection for tools that hackers
use against major e-businesses. Hackers have used distributed attacks
against e-businesses using Denial of Service (DoS) tools such as Tribal
Flood Network 2K (TFN2K). eTrust Anti-Virus and eTrust Intrusion
Detection defend against viruses and other forms of malicious mobile
code such as TFN2K. eTrust Intrusion Detection also detects intrusion
and attempts to gain malicious access to systems through techniques
such as buffer overflow. CA is offering free downloads of antivirus
software at http://antivirus.cai.com. CA is also offering free trial
downloads of the eTrust Intrusion Detection solution at
http://www.cai.com/solutions/enterprise/etrust/. For more information,
contact Computer Associates, 1-631-342-2542.
   http://www.cai.com

* CLUSTER FIREWALL ASSURES MONITORING AND RESTART
Legato Systems announced Legato Cluster Firewall, components of which
the company codeveloped with Network Associates to provide continuous
availability of its Gauntlet firewall. Legato Cluster Firewall provides
a streamlined clustering solution for up to four Solaris servers
running Network Associates' Gauntlet firewall solution. Legato's
product keeps the firewall available by monitoring and restarting
Gauntlet services and replicates the Gauntlet firewall's log file data
for faster recovery. You can upgrade Legato Cluster Firewall to support
additional servers. Legato Cluster Firewall is the first heterogeneous
cluster solution supporting both UNIX and Windows NT. Legato Cluster
Firewall is priced at $5000 per server. For information about a special
discount available through the end of March 2000, contact Legato
Systems, 650-812-6000.
   http://www.legato.com

* VPN SUITE PROVIDES SECURE ACCESS TO REMOTE USERS
InfoExpress announced FireWalker VPN Suite, a software suite that helps
organizations provide secure remote access to their user community.
FireWalker VPN Suite enables organizations to share corporate resources
with employees, partners, and customers, without requiring users to
adjust network, computer, or application settings. FireWalker VPN Suite
consists of InfoExpress' multimode remote access VPN client and a
personal firewall to protect the growing number of home users exposed
to high-risk DSL and cable connections and laptop PCs accessing the
corporate network over dial-up connections or on the LAN. Remote PC
components for FireWalker VPN Suite are available for Windows NT and
Windows 9x, and support for Windows 2000 (Win2K) will be available in
the first quarter of 2000. Pricing for FireWalker VPN suite starts at
$129 per seat. For more information, contact InfoExpress, 650-947-7880.
    http://www.infoexpress.com

6. ========== HOT RELEASE (ADVERTISEMENT) ==========

* VERISIGN - THE INTERNET TRUST COMPANY
Building an intranet or extranet? Protecting your company's
confidential data is critical when designing new Web applications. Get
VeriSign's Guide "Securing Intranet and Extranet Servers" at:
http://www.verisign.com/cgi-bin/go.cgi?a=n033305190150000

7. ========== SECURITY TOOLKIT ==========

* BOOK HIGHLIGHT: CREATING AND IMPLEMENTING VIRTUAL PRIVATE NETWORKS
GOLD BOOK
By Casey Wilson and Peter Doak
Online Price: $31.95
Softcover; 558 pages
Published by Coriolis Group Books, November 1999

Creating and Implementing Virtual Private Networks Gold Book teaches
the theory, implementation, guidelines, and security aspects of VPNs.
This book divulges the details behind encryption tools, government
restrictions, firewall architectures, client/server technology,
security tools, cryptography, and much more.

For Windows 2000 Magazine Security UPDATE readers only--Receive an
additional 10 PERCENT off the online price by typing WIN2000MAG in the
referral field on the Shopping Basket Checkout page. To order this
book, go to http://www.fatbrain.com/shop/info/1576104303?from=SUT864.

* TIP: PROTECT YOUR INTERNIC DNS RECORDS
(contributed by Mark Joseph Edwards, mark@ntsecurity.net)

Most people know that you can register a domain name by sending a form
to a domain name registrar such as Network Solutions. As you also know,
Network Solutions operates the InterNIC, which maintains the root DNS
server entries for several top-level domains such as the ever-popular
.com addresses. But did you know you can secure your domain's InterNIC
database records so that the system authenticates changes before
InterNIC acts on them?
   To add authentication to your InterNIC database records, fill out a
domain name change request form, which is available at the first URL
listed below. Pay attention to fields 0b and 0c because they're the
fields that enable authentication. You can select one of three
authentication schemes currently supported by Network Solutions: Pretty
Good Privacy (PGP), CRYPT-PW, or MAIL-FROM, in descending order of
security strength. The Web page located at the second URL below
explains these options in detail. Be sure to review the details
carefully before you add authentication to your InterNIC records.
   Although no security system is 100 percent secure, I highly
recommend that you use PGP as your authentication system for your
InterNIC domain records. PGP authentication will drastically reduce the
chances of an intruder hijacking your domain records.
   http://www.networksolutions.com/makechanges
   http://www.networksolutions.com/help/guardian.html

* REVIEW: INSPECTORSCAN 5.0
When we kicked off the Ultimate Security Toolkit a few weeks ago, Steve
Manziuk began with a review of eEye's security scanner product, Retina
1.7. This week, Steve looks under the hood of another Windows NT-based
scanner, Shavlik Technologies' InspectorScan 5.0.
   InspectorScan helps systems administrators and security
professionals quickly determine the system-level policy settings on
multiple NT hosts. InspectorScan can scan either your entire domain or
individual machines referenced by their NetBIOS names.
   http://www.ntsecurity.net/go/ultimate.asp

* FEATURE: AVOIDING DATABASE SECURITY PROBLEMS
Imagine that you must guard the Hope Diamond. You wouldn't place the
diamond in the world’s most impregnable safe, then leave the lock’s
combination on a yellow sticky note on the safe’s door, would you?
That's essentially what happens when you become obsessed with one part
of the e-commerce security puzzle, but ignore the security of key
ingredients such as the database. Read the rest of Brian Moran's Web
exclusive for Windows 2000 Magazine on our Web site.
   http://www.ntsecurity.net/go/2c.asp?f=/features.asp?IDF=150&TB=f

8. ========== HOT THREADS ==========

* WINDOWS 2000 MAGAZINE ONLINE FORUMS

The following text is from a recent threaded discussion on the Windows
2000 Magazine online forums (http://www.win2000mag.com/support).

February 07, 2000, 06:22 A.M.
Help with Mapping Drives

I am having a problem with our network. I work for a company that uses
mostly UNIX, and we have an NT 4.0 machine we use for logins and to
store files. We are looking at giving every PC a mapped H drive. The
only problem is we can only map it to the /users dir. So when anyone
goes to their H drive, they see everyone's dir. They don't have access
to them, but it makes it harder (or more confusing) for them to find
their folder. I know that I can make each person's folder a share that
only they have access to, but I was wondering if you can hide the
folders that someone does not have access to. Keep in mind our network
has Windows 9x for clients. Thanks for your help in advance.

Thread continues at
http://www.win2000mag.com/support/Forums/Application/Index.cfm?CFApp=69&Mess
age_ID=89595.

* WIN2KSECADVICE MAILING LIST
Each week we offer a quick recap of some of the highlights from the
Win2KSecAdvice mailing list. The following threads are in the spotlight
this week:

1. WebSpeed Security Issue
http://www.ntsecurity.net/go/w.asp?A2=IND0002B&L=WIN2KSECADVICE&P=373

2. More SQL Hacking with IIS 4 Through Access Driver
http://www.ntsecurity.net/go/w.asp?A2=IND0002B&L=WIN2KSECADVICE&P=93

Follow this link to read all threads for Feb. Week 3:
  http://www.ntsecurity.net/go/win2ks-l.asp?s=win2ksec

* HOWTO MAILING LIST
Each week we offer a quick recap of some of the highlights from the
HowTo for Security mailing list. The following threads are in the
spotlight this week:

1. NT 4 and DSL Security Question
http://www.ntsecurity.net/go/L.asp?A2=IND0002C&L=HOWTO&P=390

2. System Policies
http://www.ntsecurity.net/go/L.asp?A2=IND0002C&L=HOWTO&P=299

Follow this link to read all threads for Feb. Week 3:
   http://www.ntsecurity.net/go/l.asp?s=howto

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

WINDOWS 2000 MAGAZINE SECURITY UPDATE STAFF
News Editor - Mark Joseph Edwards (mje@win2000mag.com)
Ad Sales Manager (Western and International) - Vicki Peterson
(vpeterson@win2000mag.com)
Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@win2000mag.com)
Editor - Gayle Rodcay (gayle@win2000mag.com)
New and Improved – Judy Drennen (products@win2000mag.com)
Copy Editor – Judy Drennen (jdrennen@win2000mag.com)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

Thank you for reading Windows 2000 Magazine Security UPDATE.

To subscribe, go to http://www.win2000mag.com/update or send email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the
quotes.

To unsubscribe, send email to listserv@listserv.ntsecurity.net with the
words "unsubscribe securityupdate" in the body of the message without
the quotes.

To change your email address, you must first unsubscribe by sending
email to listserv@listserv.ntsecurity.net with the words "unsubscribe
securityupdate" in the body of the message without the quotes. Then,
resubscribe by going to http://www.win2000mag.com/update and entering
your current contact information or by sending email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the
quotes.

========== GET UPDATED! ==========
Receive the latest information on the Windows 2000 and Windows NT
topics of your choice. Subscribe to these other FREE email newsletters
at
http://www.win2000mag.com/sub.cfm?code=up99inxsup.

Windows 2000 Magazine UPDATE
Windows 2000 Magazine Thin-Client UPDATE
Windows 2000 Exchange Server UPDATE
Windows 2000 Magazine Enterprise Storage UPDATE
Windows 2000 Pro UPDATE
ASP Review UPDATE
SQL Server Magazine UPDATE
IIS Administrator UPDATE
XML UPDATE

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
Copyright 2000, Windows 2000 Magazine

Security UPDATE is powered by LISTSERV software.
http://www.lsoft.com/LISTSERV-powered.html