When you begin your CCNA studies, you get hit with a lot of different networking terms right away that you might not be familiar with. What makes it a little more confusing is that a lot of these terms sound a lot alike. Here, we're going to discuss the differences between broadcasts, multicasts, and unicasts at both the Data Link (Layer 2) and Network (Layer 3) layers of the OSI model.
A broadcast is simply a unit of information that every other device on the segment will receive. A broadcast is indicated by having every bit of the address set to its highest possible value. Since a hexadecimal bit's highest value is "f", a hexadecimal broadcast is ff-ff-ff-ff-ff-ff (or FF-FF-FF-FF-FF-FF, as the upper case does not affect hex value). The CCNA exam will demand you be very familiar with hex conversions, so if you're not comfortable with these conversions, get comfortable with them before taking the exam!At layer 3, a broadcast is indicated by setting every bit in the 32-bit binary string to "1", making the dotted decimal value 255.255.255.255.
Every host on a segment will receive such a broadcast. (Keep in mind that switches will forward a broadcast, but routers do not.) In contrast to a broadcast, a unicast is a packet or frame with only one destination. There is a middle ground between broadcasts and unicasts, and that is a multicast. Where a broadcast will be received by all, and a unicast is received by only one host, a multicast will be received by multiple hosts, all belonging to a "multicast group". As you climb the Cisco certification pyramid, you'll be introduced to creating multicast groups and controlling multicast traffic, but for your CCNA studies you need only keep certain multicast groups in mind.Class D addresses are reserved for multicasting this range is 224.0.0.0 - 239.255.255.255.
The addresses 224.0.0.0 - 224.255.255.255 are reserved for use by network protocols on a local network segment, and like broadcasts, routers will not forward these multicast packets. (Packets with these addresses are sent with a Time To Live of 1.)As a CCNA candidate, you should know that OSPF routers use the address 224.0.0.5 to send hellos, EIGRP routers use 224.0.0.10 to send updates, and RIP version 2 uses 224.0.0.9 to send routing updates. RIP version 1 and IGRP both broadcast their updates.Multicasting gets a bit more complicated as you go from your CCNA to the CCNP and CCIE, but by simply understanding what multicasting is, you go a long way toward securing the CCNA.
Orange County Computer Consultant
- Orange County Computer Security Consultant
- Orange County Computer Consultant helps small businesses with networking, installations and small business software.
Monday, December 05, 2005
Cisco Router Security
Network security is a hot topic today, and will only increase in importance in the months and years ahead.While most of the attention is paid to exterior threats, there are some steps you can take to prevent unwanted Cisco router access from within your organization.Whether you want to limit what certain users can do and run on your routers, or prevent unauthorized users in your company from getting to config mode in the first place, here are four important yet simple steps you can take to do so.Encrypt the passwords in your running configuration.This is a basic
Cisco router security command that is often overlooked. It doesn’t do you any good to set passwords for your ISDN connection or Telnet connections if anyone who can see your router’s running configuration can see the passwords. By default, these passwords are displayed in your running config in clear text.One simple command takes care of that. In global configuration mode, run service password-encryption. This command will encrypt all clear text passwords in your running configuration.Set a console password.If I walked into your network room right now, could I sit down and start configuring your Cisco routers? If so, you need to set a console password. This password is a basic yet important step in limiting router access in your network.
Go into line configuration mode with the command “line con 0”, and set a password with the password command.Limit user capabilities with privilege level commands.Not everyone who has access to your routers should be able to do anything they want. With careful use of privilege levels, you can limit the commands given users can run on your routers.Privilege levels can be a little clumsy at first, but with practice you’ll be tying your routers down as tight as you like. Visit www.cisco.com/univercd for documentation on configuring privilege levels.Configure an “enable secret” password.It’s not uncommon for me to see a router that has an enable mode password set, but it’s in clear text. By using “enable secret”, the enable mode password will automatically be encrypted. Remember, if you have an enable password and enable secret password set on the same router, the enable secret password takes precedence.These four basic steps will help prevent unwanted router access from inside your network. If only preventing problems from outside your network was as simple!
Author: Chris Bryant
Cisco router security command that is often overlooked. It doesn’t do you any good to set passwords for your ISDN connection or Telnet connections if anyone who can see your router’s running configuration can see the passwords. By default, these passwords are displayed in your running config in clear text.One simple command takes care of that. In global configuration mode, run service password-encryption. This command will encrypt all clear text passwords in your running configuration.Set a console password.If I walked into your network room right now, could I sit down and start configuring your Cisco routers? If so, you need to set a console password. This password is a basic yet important step in limiting router access in your network.
Go into line configuration mode with the command “line con 0”, and set a password with the password command.Limit user capabilities with privilege level commands.Not everyone who has access to your routers should be able to do anything they want. With careful use of privilege levels, you can limit the commands given users can run on your routers.Privilege levels can be a little clumsy at first, but with practice you’ll be tying your routers down as tight as you like. Visit www.cisco.com/univercd for documentation on configuring privilege levels.Configure an “enable secret” password.It’s not uncommon for me to see a router that has an enable mode password set, but it’s in clear text. By using “enable secret”, the enable mode password will automatically be encrypted. Remember, if you have an enable password and enable secret password set on the same router, the enable secret password takes precedence.These four basic steps will help prevent unwanted router access from inside your network. If only preventing problems from outside your network was as simple!
Author: Chris Bryant
Tips On Buying A Cisco CCNA / CCNP Home Lab Kit
Buying a CCNA / CCNP home lab is the best way to be totally prepared for your Cisco exams.
Most home labs are put together one router or switch at a time, but many CCNA / CCNP candidates prefer to buy kits where you get multiple routers and switches, along with all the cables and other connection devices you'll need.
While this is a good idea, keep a few things in mind when purchasing Cisco home lab kits.
Don't buy anything you don't need. The problem is that when you're first starting out with your Cisco home lab, you don't know everything that you need. (I sure didn't!) Keep in mind that you only need one transceiver per AUI port on a Cisco router, so if you're getting routers with two AUI ports in all, you don't need five transceivers in the kit. It doesn't hurt to have one spare, but three is a little too much.
More importantly, don't buy kits with old CCNA or CCNP study guides included. I've seen kits with books that were three years old and were of no use to the candidate. If you see a kit that looks good but includes books or manuals you just don't want, ask the vendor for a price that doesn't include the books. It never hurts to ask.
Watch the IOS version. Unless you've got access to IOS upgrades, you'll be working with the
IOS version that's on the routers and switches when you buy the kit for a while. You don't necessarily need the latest and greatest IOS version for CCNA study, but don't buy routers with IOS versions beginning with "10" unless you have an IOS to upgrade them with. (And make sure the routers have enough memory to handle the IOS you plan on putting on them.)
Purchasing a Cisco CCNA / CCNP Home Lab is one of the best investments in your career that you will ever make. Exercise just a bit of caution when purchasing your kit, and you'll be on your way to true Cisco success, in the exam room and on your network!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!
Most home labs are put together one router or switch at a time, but many CCNA / CCNP candidates prefer to buy kits where you get multiple routers and switches, along with all the cables and other connection devices you'll need.
While this is a good idea, keep a few things in mind when purchasing Cisco home lab kits.
Don't buy anything you don't need. The problem is that when you're first starting out with your Cisco home lab, you don't know everything that you need. (I sure didn't!) Keep in mind that you only need one transceiver per AUI port on a Cisco router, so if you're getting routers with two AUI ports in all, you don't need five transceivers in the kit. It doesn't hurt to have one spare, but three is a little too much.
More importantly, don't buy kits with old CCNA or CCNP study guides included. I've seen kits with books that were three years old and were of no use to the candidate. If you see a kit that looks good but includes books or manuals you just don't want, ask the vendor for a price that doesn't include the books. It never hurts to ask.
Watch the IOS version. Unless you've got access to IOS upgrades, you'll be working with the
IOS version that's on the routers and switches when you buy the kit for a while. You don't necessarily need the latest and greatest IOS version for CCNA study, but don't buy routers with IOS versions beginning with "10" unless you have an IOS to upgrade them with. (And make sure the routers have enough memory to handle the IOS you plan on putting on them.)
Purchasing a Cisco CCNA / CCNP Home Lab is one of the best investments in your career that you will ever make. Exercise just a bit of caution when purchasing your kit, and you'll be on your way to true Cisco success, in the exam room and on your network!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage , home of free CCNA and CCNP tutorials! Pass the CCNA exam with Chris Bryant!
Friday, December 02, 2005
Some things I would like to accomplish in my lifetime
Master UNIX
Visit Japan
Master spanish
Get my pilot's license
Visit Tibet
Learn Zen
Get a degree
Get a degree in Computer Science
Get married
make money
Invest in Real Estate
workout daily
Speak chinese
Help mankind
Become a engineer
Get my HAM license
understand electronics
understand physics
be a better boyfriend
get my MBA
Get a PhD
Purchase a home
Pray daily
stop smoking
visit Europe
Purchase a powerbook
Purchase a Sun Workstation
Design Planes
Get a job in Aerospace
learn GO Get a handheld GPS unit
Purchase an Escalade
eat healthier
visit Bali
Retire in Montana
own a boat
Visit Japan
Master spanish
Get my pilot's license
Visit Tibet
Learn Zen
Get a degree
Get a degree in Computer Science
Get married
make money
Invest in Real Estate
workout daily
Speak chinese
Help mankind
Become a engineer
Get my HAM license
understand electronics
understand physics
be a better boyfriend
get my MBA
Get a PhD
Purchase a home
Pray daily
stop smoking
visit Europe
Purchase a powerbook
Purchase a Sun Workstation
Design Planes
Get a job in Aerospace
learn GO Get a handheld GPS unit
Purchase an Escalade
eat healthier
visit Bali
Retire in Montana
own a boat
Classes I'm planning on taking:
Introduction to Engineering
Personal Finance
Physics
Chemistry
Logic
Business Writing and Communication
Finance
Child Psychology
Web Design
PERL
PHP
C and C++
Cryptography and Security Mechanisms
Practices for Administration of Physical and Operations Security Security in Systems Architecture and Applications Disaster Recovery/Forensics
You may ask all those? Yes, I love learning. Wouldnt mind getting a PHD. :)
Personal Finance
Physics
Chemistry
Logic
Business Writing and Communication
Finance
Child Psychology
Web Design
PERL
PHP
C and C++
Cryptography and Security Mechanisms
Practices for Administration of Physical and Operations Security Security in Systems Architecture and Applications Disaster Recovery/Forensics
You may ask all those? Yes, I love learning. Wouldnt mind getting a PHD. :)
Classes Ive taken in no particular order
UNIX/Linux System Administration
UNIX/Linux Operating System
Business 001 - Introduction To BusinessBusiness 005 -
Business Law I
Management 001 - Principles Of Management
Psychology 001 - General Psychology I
Philosophy 001 - Introduction To Philosophy
Internetworking
Electronics
Computer Repair
Computer Networking
Microsoft Windows
Spanish 001 - Elementary Spanish I
Computer Information Systems 787 - Network Essentials
UNIX/Linux Operating System
Business 001 - Introduction To BusinessBusiness 005 -
Business Law I
Management 001 - Principles Of Management
Psychology 001 - General Psychology I
Philosophy 001 - Introduction To Philosophy
Internetworking
Electronics
Computer Repair
Computer Networking
Microsoft Windows
Spanish 001 - Elementary Spanish I
Computer Information Systems 787 - Network Essentials
Thursday, December 01, 2005
Configuration Guidelines from CERT
I recommend that all sys administrators read these excellent articles:
Home Network Security
Windows NT Configuration Guidelines
UNIX Configuration Guidelines
UNIX Security Checklist New Version 2.0
Anonymous FTP Configuration Guidelines
Home Network Security
Windows NT Configuration Guidelines
UNIX Configuration Guidelines
UNIX Security Checklist New Version 2.0
Anonymous FTP Configuration Guidelines
Wednesday, November 30, 2005
Here are some articles I have written!!
http://ezinearticles.com/?expert=Benjamin_Hargis
Feel free to read them and email them to friends and colleagues. Keep checking back as I plan to write alot more!!!
A great way to start investing
I use this service and I love it. Its great because there is no minimum to start.
http://www.sharebuilder.com/sharebuilder/Index.asp
Check them out!!!
http://www.sharebuilder.com/sharebuilder/Index.asp
Check them out!!!
Looking for a great and cheap way to Try Linux, or Unix?
I go on this site on almost a daily basis to check out the new flavors of Unix and Linux, I probably own at least 4 or 5 distributions currently and all have their ups and downs. I own Whoppix, Knoppis, Auditor and a couple of forensics CD's as well. This is a great way to get alot of tools for open source on one CD. http://distrowatch.com/
Class I'm thinking about taking.
This is a PERL class that I might take; Ive had this teacher previously and hes pretty cool.
Students will be introduced to the Perl scripting language syntax, data types, input/output, Managing System Processes, Database programming, CGI programming and Web Programming. Not an introductory programming course. Students need to have previous programming experience.
I love PERL there are so many things that it is usefull for. I want to be able to write flawless networking applications with it.
Students will be introduced to the Perl scripting language syntax, data types, input/output, Managing System Processes, Database programming, CGI programming and Web Programming. Not an introductory programming course. Students need to have previous programming experience.
I love PERL there are so many things that it is usefull for. I want to be able to write flawless networking applications with it.
Looking for a good way to find files on your desktop?
I have used Google Desktop search and personally do not like the way it indexes my files here is an alternative. Its called Copernic Desktop Search and yes its free!
http://www.download.com/3000-2379_4-10314159.html
It searches most file formats as well.
http://www.download.com/3000-2379_4-10314159.html
It searches most file formats as well.
Friday, November 25, 2005
Free computer security software
Looking for free computer security tools to use?
Got Spyware?
There is now a bill in Congress to make Spyware illegal. Good luck at catching the creators, in the mean time here are two links you can use to get started on your journey against Spyware.
http://www.lavasoft.com/ Ad-aware
http://www.safernetworking.com/ Spybot Search and Destroy.
Note there is better version available for a cost. There are many things you can also do to protect your computer Keep Automatic Updates turned on for all of your Anti-Virus Software, and operating systems. Clean out your cookies as well there is often cookies placed to track your whereabouts on the Internet.
Now the subject of viruses. There are commercial anti-virus scanner like Symantec Norton Anti-Virus and MacAfee in fact many new computers come with trial versions. Unfortunately when these versions run out users most of the time ignore it and wonder why do I have a virus? Let me explain something just because you have a antivirus software program on your computer you are not cured. Virus writers do just that write new viruses and edit old ones to do new things. You need to update your signatures of your anti-virus software continuously. Crafty virus writer’s code Viruses to disable your anti-virus software!
There is free anti-virus solutions one is called AVG http://free.grisoft.com/. I personally use this product and love It, it is not a memory hog like Norton. And you can also set up schedules to run and get updates.
A good firewall is a must especially nowadays. This is because everyone for the most part is running DSL and Cable modems. Which are great for connectivity horrible because it’s like leaving your front door unlocked.
Check out http://www.zonelabs.com/ They have a product called Zone Alarm. It is customizable and blocks allot of attempts of entering your network. It is shocking to see the amount of people trying to get into your network. Zone Alarm will alert you to programs trying to access the Internet. This is kind of annoying but can be a life saver if a program is dialing Kenya on your telephone!! Zone Alarm can remember certain programs.
Windows Service Pack 2 has a firewall in it and I recommend enabling it.
There are many web browsers that you can use. I love Open Source you can probably guess I’m using Firefox www.mozilla.org/products/firefox.com There are so many features that I can rave about like tabbed browsing, if your anything like me at home I have at least two or three browser running if using Internet Explorer, with Firefox I can have as many websites as I want open and tabs at the top with descriptions. it's ingenious in my opinion. I don’t have to switch browsers like I do with IE.
Internet Explorer is one of the most used browsers and most targeted. Mozilla Firefox has many advantages including security. It also does not use ActiveX.
Scan your own systems! To see what ports are open and running. DO you have services that do not need to be running?
Knowledge is power. I work for a technology company for three years and never have they trained any people in multiple departments on security that I'm aware of. I’m amazed to hear things from co-workers such as I don’t have an account with so and so bank but they wanted my information and I gave it to them! Corporate networks are and will continue to be infected by users that are untrained about computer security. People all the time open attachments that they do not know where they came from. Homes users are sometimes even more ignorant. That is not said in a mean way.
File Sharing programs are popular and an opening to viruses, Trojans and other lovely things you don’t want in your network.
For the best and current security tools, alerts and news use Google http://www.google.com/.
Got Spyware?
There is now a bill in Congress to make Spyware illegal. Good luck at catching the creators, in the mean time here are two links you can use to get started on your journey against Spyware.
http://www.lavasoft.com/ Ad-aware
http://www.safernetworking.com/ Spybot Search and Destroy.
Note there is better version available for a cost. There are many things you can also do to protect your computer Keep Automatic Updates turned on for all of your Anti-Virus Software, and operating systems. Clean out your cookies as well there is often cookies placed to track your whereabouts on the Internet.
Now the subject of viruses. There are commercial anti-virus scanner like Symantec Norton Anti-Virus and MacAfee in fact many new computers come with trial versions. Unfortunately when these versions run out users most of the time ignore it and wonder why do I have a virus? Let me explain something just because you have a antivirus software program on your computer you are not cured. Virus writers do just that write new viruses and edit old ones to do new things. You need to update your signatures of your anti-virus software continuously. Crafty virus writer’s code Viruses to disable your anti-virus software!
There is free anti-virus solutions one is called AVG http://free.grisoft.com/. I personally use this product and love It, it is not a memory hog like Norton. And you can also set up schedules to run and get updates.
A good firewall is a must especially nowadays. This is because everyone for the most part is running DSL and Cable modems. Which are great for connectivity horrible because it’s like leaving your front door unlocked.
Check out http://www.zonelabs.com/ They have a product called Zone Alarm. It is customizable and blocks allot of attempts of entering your network. It is shocking to see the amount of people trying to get into your network. Zone Alarm will alert you to programs trying to access the Internet. This is kind of annoying but can be a life saver if a program is dialing Kenya on your telephone!! Zone Alarm can remember certain programs.
Windows Service Pack 2 has a firewall in it and I recommend enabling it.
There are many web browsers that you can use. I love Open Source you can probably guess I’m using Firefox www.mozilla.org/products/firefox.com There are so many features that I can rave about like tabbed browsing, if your anything like me at home I have at least two or three browser running if using Internet Explorer, with Firefox I can have as many websites as I want open and tabs at the top with descriptions. it's ingenious in my opinion. I don’t have to switch browsers like I do with IE.
Internet Explorer is one of the most used browsers and most targeted. Mozilla Firefox has many advantages including security. It also does not use ActiveX.
Scan your own systems! To see what ports are open and running. DO you have services that do not need to be running?
Knowledge is power. I work for a technology company for three years and never have they trained any people in multiple departments on security that I'm aware of. I’m amazed to hear things from co-workers such as I don’t have an account with so and so bank but they wanted my information and I gave it to them! Corporate networks are and will continue to be infected by users that are untrained about computer security. People all the time open attachments that they do not know where they came from. Homes users are sometimes even more ignorant. That is not said in a mean way.
File Sharing programs are popular and an opening to viruses, Trojans and other lovely things you don’t want in your network.
For the best and current security tools, alerts and news use Google http://www.google.com/.
Microsoft Internet Security Accelerator
Quick and Dirty Primer on Internet Security and Acceleration Server.
What exactly is ISA?
Microsoft Internet Security and Acceleration server is a web-cache, virtual private networks and application layer firewall.
For vendor information check out www.microsoft.com/isaserver.
I went to a Microsoft security conference and this is what I picked up.
ISA can inspect traffic coming into your network and also do HTTP filtering. It is designed to look for directory traversing. YOu can customize protocolsand policies based upon your criteria.
ISA allows for better authentication thru RADIUS remote access dial in server. You can also use products from RSA such as secure ID, which I recommend.
VPN's can also be customized thru ISA. VPN's are virtual private networks to allow remote users to access your network thru encrypted tunnels using protocolssuch as IPSec.
Internet Security Accelerator can also be used with Microsoft Exchange server for better security.
Internet Security accelerator allows traffic thru that has been deemed ok by the firewall administrator without additional packet inspection increasing performance of your network.
ISA will also cache webpages to allow faster access over the network.
There are always open source alternatives such as Squid, http://www.squid.org which is a open source proxy. This is just a few notes I took down that I thought I would share with the internet community. I hope this helps with any IT decisions.
What exactly is ISA?
Microsoft Internet Security and Acceleration server is a web-cache, virtual private networks and application layer firewall.
For vendor information check out www.microsoft.com/isaserver.
I went to a Microsoft security conference and this is what I picked up.
ISA can inspect traffic coming into your network and also do HTTP filtering. It is designed to look for directory traversing. YOu can customize protocolsand policies based upon your criteria.
ISA allows for better authentication thru RADIUS remote access dial in server. You can also use products from RSA such as secure ID, which I recommend.
VPN's can also be customized thru ISA. VPN's are virtual private networks to allow remote users to access your network thru encrypted tunnels using protocolssuch as IPSec.
Internet Security Accelerator can also be used with Microsoft Exchange server for better security.
Internet Security accelerator allows traffic thru that has been deemed ok by the firewall administrator without additional packet inspection increasing performance of your network.
ISA will also cache webpages to allow faster access over the network.
There are always open source alternatives such as Squid, http://www.squid.org which is a open source proxy. This is just a few notes I took down that I thought I would share with the internet community. I hope this helps with any IT decisions.
Making Money
It is Friday morning and I'm thinking about how to make more money on the Internet. There is allot of opportunities. I'm currently using Google Adsense and am constantly looking at ways to improve traffic to my website and total number of clickthrus. I run my own computer consulting company, which is fine. I would rather work fulltime from home because I have a baby on the way and would love to spend all the time I can with my girlfriend, child and my computers. I currently have two jobs. I like my day job, but hate my slow computer at work, it is also not as technically challenging as I would like.
Then there is affiliate programs. I like Amazon http://www.amazon.com because I can select what books amongst other items I want displayed.
The possibilities are almost endless. It takes allot of writing, even more research and link building to get the results I’m looking for. I would like to make a fulltime income of the Internet and not even leave the house unless there is some interesting security problem or technical problem to get into. I'm thinking about just writing more security articles on a daily basis as well. I do it for fun and to share knowledge.
It must be the Colombian coffee this morning because my mind is racing with business ideas of ways to profit and turn nothing into something. I don’t want to reveal too much though because there is always competition :) I’m looking forward to going to the USENIX conference in December it should be a blast. I will be blogging and taking photos of every bit as well. Then I and my pregnant girlfriend will be making a trip to San Diego to Sea world.
This February I should be going back to college, I have attended like 6 community colleges, various trade schools and I'm not even a PH.D.. I think my problem is that I focus on only technical classes and not the General Curriculum suggested. YAWN. The classes I’m looking at? Oddly enough more psychology and ecommerce, maybe a design class. I took Java and could not stand it. They don’t offer Python.
Then there is affiliate programs. I like Amazon http://www.amazon.com because I can select what books amongst other items I want displayed.
The possibilities are almost endless. It takes allot of writing, even more research and link building to get the results I’m looking for. I would like to make a fulltime income of the Internet and not even leave the house unless there is some interesting security problem or technical problem to get into. I'm thinking about just writing more security articles on a daily basis as well. I do it for fun and to share knowledge.
It must be the Colombian coffee this morning because my mind is racing with business ideas of ways to profit and turn nothing into something. I don’t want to reveal too much though because there is always competition :) I’m looking forward to going to the USENIX conference in December it should be a blast. I will be blogging and taking photos of every bit as well. Then I and my pregnant girlfriend will be making a trip to San Diego to Sea world.
This February I should be going back to college, I have attended like 6 community colleges, various trade schools and I'm not even a PH.D.. I think my problem is that I focus on only technical classes and not the General Curriculum suggested. YAWN. The classes I’m looking at? Oddly enough more psychology and ecommerce, maybe a design class. I took Java and could not stand it. They don’t offer Python.
Thursday, November 24, 2005
Windows Server 2003 Security
Windows Server 2003 has some of the following feautres to help protect your corporate enviroment:
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable thru Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates.
You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy.
In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate
Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication.I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.This provides great authetication for users on the move connecting to the corporate networks, or even home. I like open source solutions myself or even third party vendors for encryption such as RSA http://www.rsa.com.
There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.
Kerberos is now availiable thru Windows Server 2003 to allow for better and more secure authentication.
Credential Manager allows secure storage for usernames and passwords as well as certificates.
You can now delegate what services can access other resources on your network.
.NET password is now integrated with Active Directory aloowing SSO or single sign on.
RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.
Systems administrators can disallow software to run, with the Software Restrcition Policy.
In Windows 2003 you can audit system alerts and even set up audits of individual users!
Account Management logs IP addresses and even calls for Logon and Logoff events.
You can now log security events in real time and export them to a SQL database to anaylze later.
PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate
Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.
Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication.I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.This provides great authetication for users on the move connecting to the corporate networks, or even home. I like open source solutions myself or even third party vendors for encryption such as RSA http://www.rsa.com.
Wednesday, November 23, 2005
XBOX 360 buggy.
I really do not find this shocking as it is a new product. There will be bugs and probably lots of them we have not even heard about possible vulnerabilities this might open up on your home network. Here is the link
http://www.xbox-scene.com/xbox1data/sep/EEFkZkkkyEHasmrPqu.php
I look forward to playing around with an Xbox 360 shortly. I will then write my own review. I have to admit it looks sweet and has some nice feautres.
The Value Of An Oracle Database
There are some very large, very powerful companies out there that have saved quite a bit of money using an Oracle database. Will your company be one of those? Or, will you simply overlook this opportunity? In order to know if in fact an Oracle database will help you, perhaps you have to know a little more about it. Also, you need to realize the differences that are out there in various versions of the Oracle database. Gathering this information will help you make a sound decision about the use of this product in your business. First, realize that the Oracle database is available to be used and can be benefited from by virtually any size of business. Large corporations, medium sized companies, and even small organizations can all benefit here. What makes it nice to everyone as well is the lower prices that are currently being offered on Oracle database systems. There is no doubt that the introductory price is something to turn heads. The system we will mention here is the Oracle Database 10g Products. These are, believe it or not, the first databases designed for grid computing in the industry. Your options are many: • Enterprise Edition: Packed full with the highest level of performance and scalability. You will find reliability in OLTP as well as in decision support, and management activities. • Standard Edition: Clustering support is provided with this 4 processor version. • Standard Edition One: Same great stuff with a 2 processor version that is perfect for the entry level. • Personal Edition: Perfect for an individual • Lite Edition: Great option for managing mobile database applications. While the features of each of these Oracle database options are many, it makes sense for each and every business out there to find out how well these products can serve their basic needs. Take a moment to see what they can do for you and you may just be impressed with the options that are available to you in Oracle database.View all Sandy Baker's articles
About the Author: For more information please see http://www.money-market-info.co.uk
About the Author: For more information please see http://www.money-market-info.co.uk
Active Scripting
I have commented on this many times, this is how alot of Spyware and Viruses infect your computer. Disable active scripting.
How to stop 'Active Scripting' in home PCs by ZDNet's George Ou -- A supercritical zero-day IE flaw has been released in to the wild by a reckless British company. There are no patches available as of 11/22/2005. Here is what you can do now to protect yourself. You must disable "Active Scripting" on all Windows computers running Internet Explorer 5.5 or 6.0 even if you have Windows [...]