Since I must sit my CCNA requalification no later than three weeks from now, I must suspend blogging for the nonce, to be resumed on resolution, with renewed vim and vigour.
http://www.informit.com/articles/article.asp?p=170904
It often seems as if managing an e-mail server is as arcane as the product is important. Understanding what e-mail servers do is vital to effective security and control on a network which implements e-mail [and the vast majority do]. Here we have a well-written article explaining how e-mail works, how it is administered, understanding e-mail errors, and how to teach users to do less harm with e-mail, which could be very useful as an educational resource.
My thanks to Brad Gadberry for drawing this to my attention.
http://www.eweek.com/article2/0,1759,1585522,00.asp
While Longhorn has been discussed repeatedly in this blog, an aspect which has not received as much attention as it should is that of backwards compatibility. As the indexed article suggests, a lot of things which worked with previous Windows versions will not work with Longhorn. Balancing the needs for operating system effectiveness [and, increasingly, security] with those for gegacy support is a contentious quesiton at the best of times. But in this case, abandoning legacy support may make sense to Microsoft in economic terms as well.
An alternative to abandoning legacy support is to retain it with the added reliability of Linix, as discussed in this article:
http://www.eweek.com/article2/0,1759,1586641,00.asp
The fact that Linux can run legacy Windows applications with ease may be one of its major competitive advantages in the Longhorn future.
http://news.com.com/2100-7349-5202236.html?tag=cd.top
In a scenario eerily reminiscent of Invasion of the Body Snatchers, security experts are concerned that bots, small programs which are downloaded stealthily and reside on computers until activated, form a greater security threat than the high-profile exploits dominating the current news. The range of damage a bot can do is extensive, from the classic Denial Of Service attack to information espionage on infected systems.
The article discusses a new bot variant which represents an upgrade of an established bot, incorporating public information about a long-standing Windows security vulnerability. As this article indicates, the first indication that something is going wrong may come long after our harbour has been pearled.
More details about this bot variant, with links to diagnostic and remediation tools, as well as even more information, can be found here:
http://www.esecurityplanet.com/alerts/article.php/3347331
http://mcpmag.com/columns/article.asp?editorialsid=705
Something which would not have ocurred to me had I not heard of this article: it turns out that the help engine used in XP/Server 2003 allows the Server help files to be mounted on the desktop system. This is obviously a most handy reference source, and the indexed article gives an illustrated step-by-step guide on how to do this.
Here are three articles/tutorials of potential interest to anyone teaching Windows Server 2003:
"NAT in Windows 2003: Setup and Configuration" describes how to make this important security service work, and can be found at:
http://www.WindowsNetworking.com/pages/article.asp?id=307
"Installing DNS On Windows 2003" deals with one of the most vital central services which runs on any Windows 2003 Server, and can be found here:
http://www.WindowsNetworking.com/pages/article.asp?id=304
"DNS Stub Zones in Windows Server 2003" covers a somewhat more esoteric aspect of DNS configuration, worth knowing because of the efficiency improvement it entails, available from:
http://www.WindowsNetworking.com/pages/article.asp?id=305
A more general articlle looking at DNS errors which can bring down your Active Directory network, obviously has application to Server 2003 as wel, and can be found here:
http://mcpmag.com/features/article.asp?editorialsid=413
http://www.informit.com/articles/article.asp?p=170772
While much of the current security furor concerns itself with Windows systems, the plain fact remains that other systems, like UNIX, can also be vulnerable to the wily hacker. Given that UNIX systems often run high-value assests, ensuring security on this OS also needs investigation and effort. The current article shows how user home directories are a security vulnerability on a UNIX system, and since the concept of eliminating all users is a tad counter-productive, the author gives some practical recommendations on how to secure these home directories.
Related links in sidebars address other articles dealing with UNIX and Linux security.
http://www.informit.com/articles/article.asp?p=170852
Solutions and issues relating to spam have been covered in this blog already, but here is a novel take on the subject. Starting with the premise that most of the badness we now experience on the InterNet stems from permanently connected SOHO systems [itself something demanding of proof], the author suggests that such individuals be held legally responsible. Should that happen, those who are not motivated to use protection when computing would now have some reason to do so. Whatever one thinks of the merits of this argument, it certainly could form an interesting discussion point in any class dealing with social responsibility and computing.
http://searchwin2000.techtarget.com/columnItem/0,294698,sid1_gci960904,00.html?%20offer=SB0502
WIth all of the emphasis on security [and there is no doubt about how well placed that is], it is easy to overlook stability as a desirable criterion. And there is no doubt that instability can bring your server down, so the 12-step checklist offered by this article is well worth reviewing. In addition to discussion, the checklist has a few links to downloadable software which can help maintain stability. Most of this is common sense, but it is good to be reminded now and again.
The comments to the article offer some useful practical extensions.
http://www.wired.com/news/infostructure/0,1377,63264,00.html?tw=wn_tophead_6
Short article offering the horrific prospect that RSS feeds, if they proliferate into a mainstream phenomenon, have the potential to bring the InterNet to its knees [perhaps the most ironic thing about this is that to the left of the article is a link for RSS feeds from the site hosting it]. In part this may be the result of badly designed aggregators, but the prospect of hundreds of millions of aggregators requesting feed updates even on an hoursly basis gives some indication of the problem of scale implicit here.
http://informationr.net/ir/8-1/paper144.html
The promise and potential of knowledge mangagement (as suggested by this entry) has exerted considerable force on research and management alike. The indexed URL takes some sharp pins to the rosy balloons of those who think that knowledge can be [or even is being] easily managed, and dismisses most research in this area as buncombe. An article like this, with lots of references, and a clear focus, can be a wonderful tool for stimulating student discussions.
http://www.cioinsight.com/article2/0,1397,1570390,00.asp
In previous observations on Instant Messaging, I have suggested it has a number of problems, despite its massive popularity. But as this article indicates, IM is here to stay, and the ruling of the USA SEC is that it must be handled and archived just like e-mail. Since the cost of noncompliance can be budget-wrecking, IT managers have to plan for it carefully. Accepting its necessity is the first step [if it is not necessary, a network administrator should take all appropriate steps to keep it form working], and then developing a plan and following it up become the subsequent steps.
http://www.knowledgestorm.com/collateral/WTP/50209_58306_99422_QualysYankee.pdf
Static security planning simply is not adequate to today's level of threats, as the 'Sasser' worm so brutally highlights. The indexed white paper "Dynamic Best Practices of Vulnerability Management" explains that such planning has become an operational necessity, and gives some hints and tips on how to proceed. This is useful practical advice, as well as serving as a good base for security teaching.
An extensive white paper on "Protecting Databases" is available here:
http://www.knowledgestorm.com/collateral/WTP/48986_84494_44122_Protecting_Databases.pdf
making the crucial point that it is not enough to protect the security perimeter -- protecting data at the source also has to be implemented, and the paper shows how to get started at this.
http://www.techlinks.net/articleNew.cfm?articleurl=5304182924
The venerable PC bus which connects the CPU to the rest of its parts has been a major drag on systems ever since processors broke the 1GHz barrier [in contrast, Apple, with its G5 systems, was able to implement a new 1GHz bus from the get-go, greatly enhancing system throughput as a result]. The difficult nature of bus standardization has meant that developments in this area tend to be slow and somewhat tectonic. The article reviews expectations for major changes in PC bus architecture within the next 18 months.
Itel is rolling out its PCI Express architecture, which uses a mesh/fabric concept to allow point-to-point serial connections among multiple devices. While this will push bus speeds up to a 2Gb/s bandwidth, it will be completely incompatible with the older PCI architecture, despite its name. Trusted processing is being built into the 'LaGrange' CPU to increase security, and additional security chips are being implemented to guard the periphery. The upshot of this is that trusted systems will not be completely interoperable with nontrusted systems.
As the article points out, this has major implication for PC acquisitions, especially for organizations large enough to have an acquisition cycle. When one adds the hardeware appetites of Microsoft's 'Longhorn', it appears that standing pat on technology is one option IT executives do not have. There are numerous snakes in the weeds here, not least the potential of these developments to create a two-tier computing community exacerbating divisions between haves and have-nots.
Managing a whole rack of servers is only possible with a centralized keyboard, mouse, and monitor, which implies the requirement for a Keyboard Video Mouse switch to allow this to happen. Here are three white papers addressing various aspects of this topic:
"KVM Tech Guide: Five Guidelines for Choosing the Best KVM Switching System" from http://whitepapers.comdex.com/data/detail?id=1078511691_445&type=RES&src=KA_RES_20040428
"The Definitive KVM Buyer's Guide" from http://whitepapers.comdex.com/data/detail?id=1082572029_368&type=RES&src=KA_RES_20040428
"KVM for the Enterprise" from http://whitepapers.comdex.com/data/detail?id=1082572031_187&type=RES&src=KA_RES_20040428
http://www.cwne.com/learning_center/index.html
While targeting the Certified Wireless Network Professional, this site is a searchable database with "over 900 free white papers, case studies, product information and webcasts". Included are resources for general information, wireless security, wireless LAN Applications, tutorials, and specific product information, all in a cleanly-executed interface.