Windows Web Solutions UPDATE—brought to you by Windows Web Solutions, the Windows & .NET Magazine print newsletter with tools and solutions for managing your Web site.
THIS ISSUE SPONSORED BY
XCompress—Boost Page Speed and Save Bandwidth
Security Administrator Web Site
SPONSOR: XCOMPRESS—BOOST PAGE SPEED AND SAVE BANDWIDTH
XCompress for IIS reduces bandwidth use by about 30% and eliminates the bugs in older compression tools. XCompress works with HTTP 1.0/1.1, doesn't drop bytes, doesn't require client plug-ins, and doesn't choke CPU. Smart Compression Technology does the thinking—zero configuration required. It's easy, it's fast, and it's only $395 per server license. Oh yea—network transmission speed for compressed pages can be 500% faster than uncompressed pages. Try the Compression Report and see what XCompress can do for your site. Free eval too!
August 27, 2002—In this issue:
- Microsoft Reveals Plans for .NET
2. KEEPING UP WITH IIS
- Determine Passwords for IUSR and IWAM Accounts
- Results from Last Issue's Instant Poll: Number of Web Server Attacks
- This Issue's Instant Poll: Your Primary Job Description
- Take Our Exchange Survey and Enter to Win a Microsoft Xbox!
- Enter the Windows & .NET Magazine/Transcender Sweepstakes!
4. HOT RELEASES
- Time Lock(TM) - Secure Content for Microsoft(R) Word
- Task Automation: A Complimentary Tool for Microsoft Operations Manager (MOM)
- TeaLeaf Technology
- Event Highlight: International Web Services Conference & Expo
- Featured Thread: Ping over a Proxy Through a Client Machine
6. NEW AND IMPROVED
- Protect Your Web Server from Attacks
- Submit Top Product Ideas
7. CONTACT US
- See this section for a list of ways to contact us.
Last week, Microsoft publicly revealed plans for the next two releases of both Visual Studio .NET and the Microsoft .NET Framework, which will ship together. Microsoft estimates that it will take until 2004 for the releases to be completed. The company revealed its plans in response to customers' requests for a roadmap to help them plan their future investments in .NET-connected software. Microsoft's plans are interesting and exciting not only because of the platforms and tools the company plans to provide but also because Microsoft was so forthright. On February 13, Microsoft officially launched Visual Studio .NET and the .NET Framework. At the Visual Studio .NET launch event, I demonstrated how you can build a fully functional and feature-rich Web application in 1 hour (you can view the launch-event Webcast at http://msdn.microsoft.com/net/vslaunch/default.asp ). Since then, software developers and infrastructure folks have lauded the gains in productivity that Visual Studio .NET provides. If you're a loyal reader of this column, you know that I think that Visual Studio .NET and the .NET Framework are impressive. Five publications have awarded Visual Studio .NET and the .NET Framework top honors, reaffirming the innovation of these products. Microsoft's next step should be to integrate the .NET Framework and Visual Studio .NET into the rest of the .NET enterprise servers. Microsoft certainly deserves some criticism for its failure to do so thus far, but the company has clearly stated that integration is part of its master plan.
Unlike in the past, Microsoft plans to synchronize future tools' releases with important platform milestones. The next version of Visual Studio (VS), code-named Everett, is an incremental release that Microsoft wants to tightly integrate with the next version of Windows server software, Windows .NET Server (Win.NET Server). To provide users with simplified deployment and highly dependable operations, Win.NET Server will integrate the .NET Framework with the platform infrastructure. Because of Visual Studio’s dependency on the .NET Framework, availability of Everett will be roughly concurrent with Win.NET Server.
Most organizations aren't like mine—they don't immediately adopt a new Microsoft platform as soon as it ships (or, in my company's case, many months before). Organizations prefer to carefully analyze and plan migration concerns, integration points, and licensing costs before making platform moves. In the recent announcement, Microsoft acknowledged that customers welcome incremental releases, which focus on refinement rather than new features. Everett will be an incremental update and will include an updated version of the .NET Framework (version 1.1), which will extend the security and deployment benefits of version 1.0. For example, Windows Web administrators will be able to use code-access-security to lock down the permissions they grant to ASP.NET Web applications and XML Web services, enabling more flexible and granular control and a high degree of protection against malicious users. The .NET Framework 1.1 will also provide a unified programming model for building browser and smart-client applications for mobile devices, servers, and PCs.
Everett will include the new Enterprise Instrumentation Framework (EIF) technology, which will help businesses reduce development and maintenance costs. The EIF will help customers provide effective monitoring and troubleshooting in high-volume production environments, a key challenge you face when you build distributed applications. To unify existing event logging and tracing mechanisms built into Windows, the EIF will provide a consistent, low-profile API and configuration layer. Developers can use this feature to publish audits, errors, warnings, business events, and diagnostic events for support and operations teams to monitor and analyze.
Everett will also improve on XML Web services capabilities by adding support for Simple Object Access Protocol (SOAP) 1.2. The Visual Studio .NET Add Web Reference dialog box, which helps locate and bind XML Web services from within the development environment, will gain additional capabilities and usability features. A new development kit will also add support for some of the latest advanced XML Web services specifications.
Microsoft also said that Everett will provide enhanced reliability, stability, security, and performance for enterprise organizations. Additionally, Microsoft's Java programming language, Visual J# .NET, will be part of the Visual Studio IDE, joining Visual Basic .NET, Visual C++ .NET, and Visual C# .NET. Everett will also include the ASP.NET Mobile Controls (formerly the Microsoft Mobile Internet Toolkit) and the Microsoft .NET Compact Framework.
Microsoft hasn't released complete details about Everett's pricing but said it will announce that information closer to the ship date. Microsoft Developer Network (MSDN) subscribers will be among the first to receive Everett. For current Visual Studio .NET customers who don't subscribe to MSDN or to a volume-licensing program, Microsoft will provide an inexpensive path to Everett: For a limited time after the release, registered Visual Studio .NET users will be able to license Everett for $29, which Microsoft says is the cost of materials, shipping, and handling. For customers who don't want to upgrade to Everett, a service pack that offers only bug fixes for Visual Studio .NET will be available soon after the Everett release.
Tim Huckaby, News Editor, [email protected]
SPONSOR: SECURITY ADMINISTRATOR WEB SITE
WHERE TO BE PROACTIVE ABOUT SECURITY!
When you suspect a hack or virus attack, don't waste time surfing the Web. The Security Administrator Web site delivers news, articles, discussion forums, FAQs, and hotfixes (in one easy-to-navigate Web site!), so you can mitigate the effects of today's disaster and prevent tomorrow's. Visit:
While you're there, check out this article on Exchange Server Antivirus Software:
2. KEEPING UP WITH IIS
The passwords for the IUSR and IWAM accounts reside in the user account database (i.e., SAM) on Windows 2000 (without Active Directory—AD) and Windows NT 4.0, or in AD on Win2K domain controllers (DCs). As a result, obtaining passwords from those data stores is a severe security breach. Although you can obtain those passwords by using a few tools, you don't have to work that hard, because the passwords also reside in the metabase. You can retrieve them by creating and running a VBScript script. See the article "IIS Informant: Passwords for IUSR and IWAM" at the following URL to get the code.
The voting has closed in the Windows & .NET Magazine Windows Web Solutions channel's nonscientific Instant Poll for the question, "How many attacks have you recorded on your organization's Web servers over the past week?" Here are the results (+/-1 percent) from the 29 responses.
- 31% We don't count attacks.
- 31% 10 or fewer
- 10% 25 or fewer
- 3% 50 or fewer
- 24% More than 50
The next Instant Poll question is, "What is your primary job description?" Go to the Windows & .NET Magazine Windows Web Solutions home page and submit your vote for a) Systems and/or network administrator, b) Web administrator, c) Web developer, d) Consultant, or e) Other.
(brought to you by Windows & .NET Magazine and its partners)
We need your opinion! Take our brief survey on managing Microsoft Exchange Server with third-party tools, and we'll automatically enter your name into a drawing for a Microsoft Xbox. Click here to start the survey!
Nothing can help you prepare for certification like Transcender products, and no one can help you master your job like Windows & .NET Magazine. Enter our combined sweepstakes contest, and you could win a Transcender Deluxe MCSE Select Pak (a $729 value) or one of several other great prizes. Sign up today!
4. HOT RELEASES
Time Lock(TM) embeds secure time stamps into Microsoft(R) Word documents. With one click, your document is sealed, and its integrity can be proven at any time in the future. Click below for a free trial!
Download this free technical white paper now from Windows & .NET Magazine's White Paper Central. Brought to you courtesy of Opalis Software.
TeaLeaf IntegriTea helps IT identify, recreate and diagnose Web application failures. IntegriTea can increase the reliability of Web applications, and reduce application support costs by 60%. Download your FREE 15-day Trial of TeaLeaf IntegriTea at:
October 1 through 3, 2002
San Jose, California
The Web Services Edge 2002 Conference & Expo features information about Web services, XML, Java, Microsoft .NET, and wireless technologies. The conference provides 60 sessions, in which you'll hear about topics such as the future of Web services, the impact of Web services on the competitive enterprise, and integration technology for the twenty-first century. You can also visit the Expo floor to talk to vendors who supply the tools that you need to accomplish today's projects while learning about what will be possible tomorrow.
For other upcoming events, check out the Windows & .NET Magazine Events Calendar.
Suman wants to know how to ping over a proxy through the client machine. His LAN is connected to the Internet through a proxy server, WinGate 4.01. He can ping a requested Web site through the proxy server, but when he pings the Web site through the client machine, the request times out. To lend a helping hand, visit the following URL:
6. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
eEye Digital Security released SecureIIS Application Firewall 2.0, software that operates within IIS and inspects all incoming and outgoing Web server traffic. The firewall protects against buffer overflow attacks, parser evasion, directory traversal, high-bit shellcode, and general exploitation. Product enhancements include better deployment at the enterprise level and the addition of central policy management to let you manage settings for any number of systems from a central location. SecureIIS Application Firewall 2.0 is available in enterprise and single-license configurations. The enterprise edition starts at $4975, and a single license starts at $995. Contact eEye Digital Security at 949-349-9062, 866-339-3732, or [email protected]
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected]
7. CONTACT US
Here's how to reach us with your comments and questions:
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR WINDOWS WEB SOLUTIONS UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR WINDOWS WEB SOLUTIONS UPDATE?
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
Thank you for reading Windows Web Solutions UPDATE.