Saturday, January 8, 2011

The Mac App Store makes multi-Mac ownership cheaper than multi-PC ownership | COMPTIA VIDEOS! Comptia A+ Videos Training, Comptia video training at comptiavideo.com

Apple has struck a blow again Microsoft by making multi-Mac ownership cheaper than multi-PC ownership.

Note: Putting aside that whole piracy problem plaguing the Mac App Store …

How has Apple pulled off this trick? Through this simple entry in the Mac App Store FAQ:

Q: Can I use apps from the Mac App Store on more than one computer?

A: Apps from the Mac App Store may be used on any Macs that you own or control for your personal use.

People seem to have forgotten that Microsoft had an app store of sorts built into Windows Vista called Windows Marketplace. It died.

Complete Comptia A+ trainingComptia A+ Certification for just $99 at Actualkey.com

Check out the use of the word “any” in that sentence. Apple is placing no restriction (other than the personal use clause, which I’m seeking clarification on from Apple ) on the number of Macs that you can install purchased apps on.

No more having to buy software twice. Once you’ve bought it, you can install it on all your systems. Sure, the freedoms are nowhere near as broad as those offered by open source software, but as far as commercial software goes, these restrictions are about as loose as you’ll find. And these aren’t just junk ‘fart’ apps and so on. For Mac users there’s some quality stuff to be found in the Mac App Store at a decent price. Sure, not everything, everyone will ever need is there, but if that was a criteria for success, nothing would ever succeed.

Not only that, but the end to serial numbers, activation codes and the like:

Q: Do apps from the Mac App Store require activation keys, serial numbers, or registration numbers?

A: No, but you may be asked for your Apple ID and password the first time you use an app.

I don’t know about you, but to me that sounds like a serious simplification for Mac-owning consumers. Not only for those owning multiple Mac systems, but also for those upgrading to newer systems.

About the only potential gotchya I can see is this:

Q: If I have already downloaded an app from the Mac App Store, can I redownload it for free?

A: Yes. You can redownload apps from the Mac App Store as long as the app remains available. You may be asked to enter the Apple ID and password you initially used to download the app.

follow Adrian Kingsley-Hughes on Twitter

So if an app or developer vanishes from the App Store, you’re out of luck unless you’ve got a backup (in which case, you’ve still got access to the app in question).

It’s clear that when it came to the Mac App Store that Apple really did choose to ‘think different’ when it came to licensing. People seem to have forgotten that Microsoft had an app store of sorts built into Windows Vista called Windows Marketplace. It died. Why? Partly because Microsoft couldn’t see it as any more than a new way to distribute old thinking.

Whether you’re a fan of Apple or not, the company deserves some praise for making software ownership for consumers less of a hassle.

CES wrap: Nvidia, Motorola Mobility get top marks | COMPTIA VIDEOS! Comptia A+ Videos Training, Comptia video training at comptiavideo.com

The Consumer Electronics Show is about to wind down—mercifully—and it’s time to hand out grades for the major tech players. Motorola Mobility and Nvidia move to the front of the class.

This wrap focuses on the strategic positioning of the players at CES this week. Why? Let’s face it: Many of the products highlighted this week are either six months away or vaporware. At best, CES is a demoware festival. That’s part of the reason why I never go to CES. However, you do get a good feel for strategy from some key tech vendors.

With that in mind, here are my top 5 performances at CES from a strategic perspective.

Motorola Mobility: CEO Sanjay Jha did what he had to at CES. First, he diversified with AT&T and showed off the Atrix, which looks like a interesting contender to win the superphone crown. James Kendrick already has it pegged as best in show. Motorola was also out front with its Verizon Wireless 4G LTE launch with the Bionic. Toss in Motorola Mobility’s Xoom tablet (right), which appears to be a showpiece for Google’s Android Honeycomb effort, and the company had a solid CES. Motorola Mobility sees itself as a bridge between computing and mobility.

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

Stifel Nicolaus analyst Doug Reid said:

Motorola Mobility confirmed steps to diversify carrier relationships beyond Verizon (specifically, with Atrix 4G on AT&T) give us increased confidence that management is effectively addressing the threat of iPhone arriving on Verizon in 1Q11.

Grade: A. See all on Motorola Mobility.

Nvidia: The graphics chip maker is really stepping on the gas. Its Tegra2 is at the heart of several new handsets from Motorola and LG. In addition, Nvidia is positioned at the heart of 4G devices. With Motorola’s Atrix, which docks to create a PC, Nvidia is subliminally positioning itself beyond phones. Speaking of that move, Nvidia also unveiled a CPU effort. Simply put, Nvidia was everywhere at CES—even at Audi press conferences.

Grade: A+

Samsung: At CES, Samsung is everywhere. The company is talking phones, PCs, TVs and everything in between. The biggest standout for Samsung was its slider PC, which is a workable mix between a tablet and a laptop. Is Samsung’s device an iPad killer? No way. However, Samsung may just have found a way to create a netbook done right. On the 4G device front, Samsung was also all over the place boasting powerful Android smartphones. One knock on Samsung was all the talk about Smart TV, which could be a rathole since the market is so fragmented. Also see:

* CES: First look at the Samsung’s first sliding laptop PC
* Image Gallery: Close-up look at Samsung’s first sliding laptop computer

Grade: B

Apple: Apple wasn’t at CES, but the company looks better than everyone there strategically. The biggest takeaway: Despite dozens of tablets at CES there was nothing that looked ready to duel with the iPad. Motorola’s Xoom looks promising, but the tablet needs to get to market first.

Grade: A

Google: The biggest event of CES—in my view—was the long demonstration of Android Honeycomb. Overall, the video—relayed by Jason Hiner—was impressive. If the tablet market is riding on Honeycomb, the demonstration gave me confidence that Android may just step up to the iPad plate. Google gets dinged because its TV efforts were barely worth talking about at CES.

CES video: Google’s surprise demo of Android 3.0 Honeycomb

Grade: B

Other thoughts:

* Microsoft Surface 2.0 is interesting and could be one helluva coffee table one day. Windows 8 nuggets were also notable.

* Dell’s 10-inch Streak is likely to be pushed as an enterprise device for key verticals.
* HTC had a solid CES, but is going to have trouble standing out in the Android brawl with Motorola and Samsung. I’m not sure the next-gen Sense—touted by AT&T—is much of a selling point.
* 4G marketing is a complete mess for consumers. Every carrier is now talking 4G—even if technically their networks are built for “4G speeds.” The 4G marketing is only going to confuse the consumer and everyone and their mother will be 4Gwashing. The term 4G will be meaningless by March. See: CES: The Real Cost of 4G

CCNA Training, CCNA Certification key Understanding the critical role of Cisco’s Access Control Server in Cisco NAC « CCNA KEY

Typically, you only hear about the importance of the Cisco ACS server for VPN and dial-up authentication, authorization, and accounting. However, today the Cisco ACS server is being used as the central posture server when implementing Cisco's Network Access Control (CNAC). Let's discuss the role ACS plays in NAC.


CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com

What is the Cisco ACS Server?

It's the job of Cisco Secure Access Control Server (ACS) to offer authentication, accounting, and authorization services to network devices. It includes routers, switches, Cisco PIX firewalls, and network access servers. Cisco Secure Access Control Server supports two major AAA protocols; namely, TACACS+ and RADIUS. Figure A shows an example of how Cisco ACS plays a role in the typical network for wireless network authentication.
Figure A

Cisco ACS can work with wireless network authentication.

Cisco ACS not only centralizes authentication (who you are) but also authorization (what you can access) and accounting (the logging of what when you logged in and out, as well as what you were granted access to). Traditionally, this was just needed for dial-up users over modem phone lines; later, for Internet VPN users. However, beginning with ACS version 4.0, Cisco ACS is performing the same authentication, authorization, and accounting functions for networks that are NAC-enabled.

You can obtain Cisco ACS in either a Windows version or an appliance version. The appliance version is called the Cisco ACS Solution Engine. The UNIX version of Cisco ACS has been discontinued.
What is a posture validation server?

When learning about and implementing Cisco NAC, there are some new terms that you must learn. One of many such terms is the posture validation server. Exactly what is this? The short answer is that Cisco ACS is the posture validation server.

Cisco Secure Access Control Server plays a prominent role in Cisco NAC as a policy decision point. Generally speaking, Cisco Secure Access Control Server connects with the Cisco Trust Agent to build much of the NAC framework. The Cisco Secure Access Control Server judges the state or health of the host. Additionally, you have a choice of downloading access lists and VLAN assignment to the NAD, to control the PC host.

The best part about Cisco Secure Access Control Server is that it also implements security policy verification of host credentials. This, in turn, enforces policy items like antivirus signature file version and OS patch level. You can extend the Cisco Secure Access Control Server policies by forwarding credentials to third-party servers.

There are some who believe the performance of the Cisco ACS server needs to be increased in order to support Cisco NAC; generally, this is not true. While Cisco ACS plays an important role in the Cisco NAC equation, it can do this for many thousands of users without a lot of horsepower.

To see what the Cisco ACS Web console looks like, check out Figure B.
Figure B

The Cisco ACS Web console.

Figure C shows Cisco NAC and how ACS plays a role.
Figure C

In this diagram, ACS is the Cisco Policy Server.
What are profiles and postures?

Cisco's NAC relies on the RADIUS authorization protocol to communicate the authorization information to ACS. The RADIUS request will contain VSAs, or vendor specific attributes. Back on the ACS server, there will be a NAP (network access profile) that determines what to do with the RADIUS request. That is because the ACS server is probably not only authenticating NAC hosts and NADs, but also VPN clients and other RADIUS clients.

Next, the ACS Server checks the authentication credentials against its own internal database, or Microsoft Active Directory (AD), for example. After that, the Type Length Value (TLV) and posture of the host requesting accesses is checked against the posture validation rules. These posture validation rules are a series of polices with multiple rules inside each policy. The decision that the ACS server makes about the posture of the PC host is made on a first-match basis. This means the NAC administrator must write the rules in a way that the most common rule is matched first. Usually, the first rule is that the client be healthy and is allowed access to the network.

Optionally, the ACS server can send the credentials off to a third-party posture validation server. This is primarily because the third-party validation server can have other types of validations and features that ACS does not support. For example, the Trend Micro OfficeScan solution works with Cisco ACS and the NAC framework to check a user's posture when it comes to the state of that user's antivirus client. Is that AV client up-to-date? Another similar solution is the McAfee Policy Enforcer.
What are audit servers?

While Cisco ACS can do auditing and logging of certain user activities, there are also third-party audit servers that are compatible with the NAC framework, such as the Qualsys Appliance, McAfee Policy Enforcer, and Altiris.
What's the downside to using Cisco ACS?

If you implement Cisco NAC, you are basically choosing to implement Cisco ACS as well. With that, there are some downsides that you should consider:

* You'll most likely want to implement 802.1X. This can be complex and will require some user training.
* You'll need Cisco routers and switches.
* You'll have to use Cisco RADIUS for authentication and the Cisco ACS server as your authentication server.
* The Cisco ACS server cannot protect itself from being attacked or from having malicious code loaded on it. Therefore, you must be very careful to apply Windows security patches and use a host-based firewall on the ACS Server.

In conclusion

The Cisco ACS server is a critical part of Cisco's NAC solution. With the help of Cisco Secure Access Control Server, you can decide who can login to the network based on their credentials. From there, you can decide if that device is healthy enough to be on the network: Do they have all the right patches, antivirus updates, and firewall settings? In addition, you can assign a different set of privileges to each user in the network. Finally, you can audit that user's activity of logging in and out of the network. Besides being a Cisco NAC AAA server, Cisco ACS also performs AAA for wireless LAN devices, dial-up users, VPN users, and more.

CCNA Training, CCNA Certification key Learn the components of Cisco’s NAC Framework « CCNA KEY

Cisco's NAC Framework is an architectural design for how multiple hardware and software components can work together to protect your network from unhealthy clients. Those clients could be PC's without the latest security patches, the latest anti-virus definitions, or a personal firewall enabled. In this article, I'll attempt to explain the complex NAC Framework as clearly as possible.


for CCNA Training and CCNA Certification and more Cisco exams log in to Actualkey.com

What are the components of the Cisco NAC Framework?

Cisco's NAC Framework attempts to solve a complex problem, and is consequently a complex solution. A full-blown implementation of the NAC Framework is not an easy task because the architecture includes lots of different components from Cisco and other vendors. For example, there is a NAC policy manager, multiple network systems, an audit server, a remediation server, and third-party security software posture validation servers. Figure A shows how the framework would work:
Figure A

The Cisco NAC Framework.

It's quite a challenge for both security and network personnel to make sure that above-mentioned components work cohesively. Irrespective of that, the Cisco-led NAC initiative is supported by majority of vendors associated with endpoint security, secure access gateways, and remediation servers.
How does the Cisco NAC Framework work?

So what can the Cisco NAC Framework do for you? Well, a lot. Here's how it works:

* If a PC host is attempting to access the network, it must be authenticated and audited for policy compliance. This attempt triggers a NAC Process.
* The PC host is running the Cisco Trust Agent (CTA).
* The Network Access Device (NAD) is the Ethernet switch attempting to initiate the network access on behalf of the PC host.
* The Extensible Authentication Protocol (EAP) is used and the host credentials are sent to a Cisco Secure Access Control Server (ACS).
* Until the entire process is complete, the PC host (your potentially malicious computer) is only passing credentials through from the Cisco Trust Agent to the network. The PC host cannot really communicate on the network.
* The Cisco Trust Agent passes credentials through a secure tunnel so that the NAD cannot see them.
* The ACS Server can pass the credentials to other servers. For example, much of the time today, these credentials are sent to Windows AD servers who can verify the credentials used. However, the credentials could also go to other servers, like LDAP or one-time-password servers.
* Based on the response of one or more authentication servers, the ACS server can grant, deny, or quarantine the PC host requesting network access. Additionally, the ACS Server can assign different levels of network access.
* To verify security policy compliance of the PC host, Cisco NAC Framework conducts network and agent-based scans.
* The Cisco NAC Framework can implement compliance checks on all types of devices.
* The Cisco NAC Framework notifies users of connection status, and if there's any problem, it automatically corrects problems by updating the machine's patches, firewall, or other settings. Optionally, the host PC can be notified whether his or her credentials allowed them network access with a pop-up window or similar function. For example, the user could get a message: "Your computer is lacking the necessary updates and therefore is not granted access to the network. In order to resume normal network access, please update your computer now at the following location: [URL]."

Figure B helps better explain the process:
Figure B

The connection process.

You should note that usually the 802.1X network authentication protocol is used to authenticate the devices to the network. The switch that the NAD is connected to must support 802.1X, or the device cannot be truly quarantined until it is authenticated and scanned.
What are the components of Cisco's NAC Framework?

Now that you understand how the framework works, you should learn a little bit about the components of the framework. These are as follows:

* Posture: The posture of a host is a set of credentials and attributes that define the state or health of a user's computer and the applications on that computer.
* Cisco Trusted Agent: Cisco Trusted Agent (CTA) is one of the integral components of Cisco NAC Framework. The CTA is termed a posture agent. Cisco Trusted Agent is basically an installed software client whose main responsibility is to collect state information from security software on the endpoint (the NAD). In addition, it also communicates the "posture" (or what it learns) to the Cisco ACS Policy Server.

It's worth mentioning in this regard that Cisco Trusted Agent only communicates with client applications that are NAC-enabled by Cisco partners. There are around 50 vendors in the market actively participating in the NAC initiative. It includes, leading patch management vendors, client security vendors, and antivirus vendors.

* Network Access Devices (NAD): The NAD is, most commonly, the switch that the PC is connected to. However, it could also be a router, VPN concentrators, or other similar network access device. Many vendors switch manufacturers support the Cisco NAC Framework.
* AAA Policy Server: The AAA policy server is the Cisco Secure Access Control Server (or ACS). The main function of the ACS Server is to act as the policy decision point in NAC deployments. Apart from that, Cisco Secure Access Control Server also evaluates user credentials and calculates the security posture of network endpoints.

Frequently, the Cisco Secure ACS Server sends out per-user authorization to Cisco access devices with the help of downloaded access control lists. If you're running non-Cisco access devices, don't worry: Cisco Secure Access Control Server sends out per user authorization in this scenario as well.

The Cisco ACS Server is a Cisco application that runs on a Windows or Linux Server. ACS Servers can be scaled to very large implementations. Even without NAC, the Cisco ACS system operates as a centralized RADIUS or TACACS+ server. In general, the Cisco Secure Access Control Server manages the authorization, accounting, and authentication of users who access corporate information in a network.

The main advantage of Cisco Secure Access Control Server is that it gives you an authority to control user access to the network. You also get the power to authorize different kinds of network services for users. If you want to keep a record of all network user actions, you can do so easily with Cisco Secure Access Control Server.

* Directory Servers: The Directory Servers offers user IDs, authorization privileges, and group membership information.
* Posture Validation Server: As already mentioned, Cisco Secure Access Control Server has an ability to pass posture data to application-specific posture validation servers, which are normally given by third-party security vendors. Posture Validation Server judges whether endpoint software is up to the mark or not. On the basis of Posture Validation Server evaluation, Cisco Secure Access Control Server allows or disallows user access to networks.
* Remediation Servers: It's the job of remediation servers to bring devices back into compliance. The best part about remediation servers is that they can be as straightforward as a Web server that supports software downloads. Apart from that, remediation servers can automatically evaluate devices and if needed also supply mandatory software updates.

Parts of the greater whole

Cisco's NAC Framework is an architectural design for how multiple hardware and software components can work together to protect your network from unhealthy clients. While the Framework isn't as easy to use as the Cisco NAC Appliance, it does offer the benefit of bringing together offerings from various third-party security companies. At this point, you should understand the different components of the Cisco NAC Framework -- posture agent (Cisco Trust Agent), posture validation server (Cisco ACS Server), Network Access Device (NAD) -- the Cisco switch, and the remediation server (where users will go to get the firewall, OS, or AV software needed to get the PC host in compliance).

SolutionBase: Get familiar with Cisco’s NAC solution

Network Admission Control (NAC) is a solution that allows network administrators to define and enforce security policies across network devices. NAC allows only healthy hosts to access your network, but which are the healthy hosts? As this is not a simple question to answer, the solution can also be complex. Cisco NAC (CNAC) is no different. In this article, we will learn about Cisco’s solution to NAC and see how it stacks up to the competition.
What is Cisco’s NAC solution?

Cisco’s original NAC solution is the NAC Framework. Later, Cisco bought a company called Perfigo and released the NAC Appliance. Both of these solutions have merit, and one is not a replacement for the other. So while these are two valid but distinctly separate choices, Cisco has announced that they plan to combine these solutions in the future. It’s rumored that Cisco will call the solution OneNAC, which makes one wonder if the second revision would be called TwoNAC, and so on.


for CCNA Training and CCNA Certification and more Cisco exams log in to Actualkey.com

Why should I use NAC?

There are a number of benefits to using a NAC system from any vendor, not just Cisco Systems. As malware, viruses, and spyware just continue to become greater issues, NAC becomes more important. If your manager asks why you’re looking into NAC, you can give an informed response:

* Protects your company’s assets: Those assets could be your data (many times, that’s the company’s most valuable asset). NAC enforces the policies that you define to prevent your company’s data from being sent out to Russia or China.
* Protects against business disruption: When a computer connects to your network, an Internet worm on that computer could bring your whole network down.

What is the Cisco NAC Framework?

The Cisco NAC Framework is just a framework, not really a solution. The NAC Framework is architecture that Cisco offers to partners and customers. By using their framework, the third-party partner’s products can interoperate with Cisco’s products to create a complete solution. Once the Framework solution is put together with the partners’ products, it can create a highly-automated NAC infrastructure.

One of my initial concerns with the Cisco NAC Framework is that it’s really a framework to which over 75 Cisco security partners subscribe to make their products compatible and interoperable. The framework isn’t a solution in itself, nor is it a standalone product. Can the products of 75 different vendors really work together to create a successful solution? And who would you buy these products from; 75 different vendors? Initially, it doesn’t sound like a solution that’s easy to understand or implement.

However, based on my research, most people say that the products of the multiple Cisco NAC framework partners work well with the Cisco NAC policy controller. However, just as with any complex project, you may have to invest heavily in software, hardware, and services to make a Cisco NAC Framework implementation a success.
What is the Cisco NAC Appliance?

Previously called Cisco Clean Access, Cisco NAC Appliance is the alternative to the Cisco NAC Framework. The Cisco NAC Appliance offers companies an option to deploy a self-contained endpoint assessment, remediation service, and policy management solution all in one box. The best part is that this is all implemented quickly without need for modifications.

The downside of the Cisco NAC Appliance is that its capabilities are narrower when compared to a full-blown NAC Framework implementation; however, the time and effort needed to implement the NAC Appliance is generally also smaller. Figure A shows what the Cisco NAC Appliance looks like.
Figure A

The Cisco NAC Appliance.
Which is right for you?

There’s a lot of talk about the NAC Framework, but Cisco recommends the NAC Appliance for initial deployments in their FAQ:

Cisco recommends the NAC Appliance to most customers as their initial deployment method. The NAC Appliance delivers a successful solution to solve our customers’ real world business problems. We have established a large and rapidly growing customer install base with worldwide NAC Appliance deployments.

However, that is only a recommendation for initial deployments. You might not be facing a clean scenario that could be described as an initial deployment; perhaps you’re using 802.1X, or you have part of a solution installed, but not others. In some cases, the Cisco NAC Framework can also turn out to be useful. This is especially true when you require extensive integration with third-party NAC-enabled products. When the NAC Appliance isn’t possible for you, the NAC Framework is the option to choose.

While the NAC Appliance is the easiest road for a single network, it doesn’t scale well. And though the NAC Framework might sound like a great all-encompassing alternative, most IT shops don’t end up deploying a full NAC framework when they choose that option, simply because of the time, resources, and infrastructure costs involved.
Interoperability of NAC solutions

Cisco’s NAC Framework is what Cisco will really point to when it comes to questions of interoperability. However, you have to look at the multitude of NAC parts and pieces and wonder how or if they could all work together. Just in the Cisco arena, all of these pieces can be part of a NAC solution:

* Cisco Secure Agent (CSA)
* Cisco Security Monitoring, Analysis, and Response System (MARS)
* Cisco Trust Agent (CTA)
* Cisco Secure Access Control Server (ACS)
* Cisco routers with NAC
* Cisco switches with NAC
* Cisco VPN concentrators
* Cisco wireless devices

As those are all Cisco devices, it’s likely that they all can work together to provide a NAC solution; however, the computing environment is not homogenous. So what about your PCs, laptops, PDAs, and such?

Fortunately, for those of us who use the Windows OS, Microsoft and Cisco announced a deal to make Cisco NAC and Microsoft NAP compatible with each other. This seems like a win/win situation for the consumer; we don’t have to choose, and allows us to protect our investment in their NAC/NAP infrastructure. I wish more vendors would follow their lead; this interoperability isn’t functional until you start using Windows Server 2008.
Cisco NAC and the competition

Although Cisco’s NAC and Microsoft’s NAP may be two most recognizable buzzwords revolving around NAC, that doesn’t mean they’re the only game in town; there’s a lot of competition out there. NAC is still a young technology with lots of innovation going on in the marketplace. Here’s the short list of CNAC competitors:

1. Bradford Networks: All Bradford does is NAC.
2. ConSentry Networks: Their product line is called LAN Shield and they focus on NAC.
3. ForeScout Technologies: Their two products are CounterACT and ActiveScout. Forescout has had good reviews for their NAC solutions.
4. InfoExpress: Offers CyberGatekeeper Dynamic NAC. They claim that you won’t have to make any network changes.
5. Juniper Networks: The large firewall & router manufacturer produces Unified Access Control (UAC) and sells the Infranet Controller as their policy controller.
6. Lockdown Networks: Produces Real NAC and has had good reviews in tests.
7. McAfee: The large software company produces McAfee Policy Enforcer and ePolicy Orchestator. Together, these are supposed to provide a complete NAC solution, but they still lack some basic NAC features.
8. StillSecure: Their NAC product is called Safe Access.
9. Symantec: This large software company offers SNAC (Symantec NAC), which won the title of best overall NAC solution in a recent test.
10. Vernier Networks: They claim that over 1,000 organizations have deployed their NAC product.

While Cisco’s NAC solution may seem like a safe bet, you might want to take a look at the other vendors: in a recent unbiased test done between 13 NAC vendors (including Cisco), Symantec’s solution won (the runners-up were Forescount, LockDown, and Juniper). To Cisco fans, it may seem unimaginable for Cisco not to rate in the top four NAC vendors; but, in my opinion, the test results show that Cisco’s solution is more fragmented and immature than the competition.
In summary

Cisco currently offers two NAC solutions: Framework and Appliance. The framework is an architecture of which many parts of your network (Cisco or non-Cisco) can belong. The framework is more of a guide on how various pieces might fit together to create a NAC solution. However, a complete Cisco NAC Framework can be difficult and costly to implement. On the other hand, the Cisco Appliance can be deployed in-band or out-of-band and is used to block or quarantine clients directly.

As the NAC market is still young, Cisco has some tough competition out there. Although it is just one of many NAC solutions available today, I feel that the Cisco NAC appliance deserves a review when considering enterprise NAC solutions.

SolutionBase: Cisco’s NAC hardware explained

Cisco Network Admission Control (NAC) is a system to enforce the security policy of your company on all devices attempting network access. The Cisco NAC solution is made up of many different pieces of hardware, software, and services; this article will explain its many pieces.
What hardware makes up Cisco’s NAC solution?

On Cisco’s network security solutions Web page, you’ll find the following list of Cisco technologies, all of which play a part in the complete Cisco NAC solution:


for more info on CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com

* Advanced Services for Network Security
* Cisco Security Agent (CSA)
* Cisco Security Monitoring, Analysis and Response System (MARS)
* Cisco Trust Agent 2.0 (CTA)
* Cisco Secure Access Control Server for Windows (ACS)
* Cisco Secure Access Control Server Solution Engine (ACS)
* Cisco Works Interface Configuration Manager (ICM)
* Cisco Works Security Information Management Solution (CW-SIMS)
* NAC-enabled routers
* Router security
* Cisco VPN 3000 Series Concentrators
* Cisco Unified Wireless Network
* Cisco Catalyst switches

Let’s discuss some of the more critical pieces of Cisco’s NAC solution.
Cisco NAC-enabled routers

The recently released Cisco router NAT module enforces NAC at the remote branch locations or ancillary buildings of a campus. Apart from that, the NAC router module also improves the overall security of the network by making sure that all incoming users and devices comply with security policies.

Additionally, the Cisco NAC router module (part # NME-NAC-K9) brings the capabilities of Cisco NAC Appliance Server to Cisco 2800 and 3800 Series Integrated Services Routers. This module helps network administrators by not having to deploy NAC appliances across the board and it helps to consolidate the administrative tasks into fewer boxes.

Amazingly, this module is actually a 1 GHz Intel Celeron PC, with 512 MB RAM, 64 MB of Compact Flash, and an 80 GB SATA hard drive. All that fits onto a single 1 pound module that slides into a router and enforces your security policies. This module requires a 2800 or 3800 series router running IOS 12.4(11)T or later.
Cisco NAC Appliance

The single most popular piece of the Cisco NAC solution has been the Cisco NAC Appliance. As evident from the name itself, Cisco NAC Appliance is an appliance-based solution that offers fast deployment, policy management, and enforcement of security policies.

With the Cisco NAC Appliance, you can opt for an in-band or out-of-band solution. The in-band solution is for smaller deployments. As your network grows into a more campus environment, you may not be able to keep in the in-band design. In that case, you can move to the out-of-band deployment scenario.

Here are some advantages of the Cisco NAC Appliance:

* Identity: At the point of authentication, the Cisco NAC Appliance recognizes users, as well as their devices and their responsibility in the network.
* Compliance: Cisco NAC Appliance also takes into account whether machines are compliant with security policies or not. This includes enforcing operating system updates, antivirus definitions, firewall settings, and antispyware software definitions.
* Quarantine: If the machines attempting to gain access don’t meet the policies of the network, the Cisco NAC Appliance can quarantine these machines and bring them into compliance (by applying patches or changing settings), before releasing them onto the network.

For more information about the Cisco NAC Appliance, see the Cisco NAC Appliance datasheet.
Cisco Secure Access Control Server (ACS)

The Cisco ACS Server could be called the “brain” of the Cisco NAC solution. It is here that users’ credentials are checked to see if they are valid, policies are sent back to be enforced, and activities are logged. The ACS server is called an AAA Server because it performs authentication, authorization, and accounting.

This server runs on an existing Windows server in your organization and can use other existing databases in your organization to verify users’ credentials. For example, most companies have ACS point toward their Windows Active Directory (AD) system to look up credentials. If those credentials are valid, then ACS can enforce network authorization polices on those users, with the help of the network hardware: NAC Appliance, Router NAC module, or ASA/PIX firewalls.
Cisco Security Agent (CSA)

Cisco CSA is a software client that is run on every machine in an organization. These clients talk to a centralized policy server. Together, these software applications know what software and activities that occur on each PC in the organization are or are not “normal”. The CSA agent may alert on or block certain activities that it sees as abnormal.

When compared to anti-virus software that depends on definition updates to stay current, Cisco touts that the CSA never needs updating because it is constantly “learning” and monitoring activities, not definitions of viruses.

For more information about the Cisco CSA solution, see the Cisco CSA datasheet.
Cisco Trust Agent (CTA)

You can think of the Cisco Trust Agent as the “NAC Client”. The CTA runs on each PC in the organization. It talks to the NAC Appliance, for example, to tell it about the state of the device attempting to access the network. For example, the CTA reports the version of the OS, patch level, the AV definition level, the firewall status, and more. According to Cisco, the CTA “interrogates devices.” You can obtain CTA free of charge from Cisco Systems.
Cisco Works Security Information Management Solution (CW-SIMS)

The Cisco Works Security Information Management Solution (CW-SIMS) in the centralized repository that all Cisco devices use for security logging and other information. According to Cisco, this application “integrates, correlates, and analyzes security event data from the enterprise network to improve visibility and provide actionable intelligence for strengthening an organization’s security.”

With so many security devices in your network, one application has to try to correlate all the logs and security information that is generated. According to Cisco, here are the features that the CW-SIMS offers:

* Comprehensive Correlation: Statistical, rules-based, and vulnerability correlation of events as they happen, in real time, across all integrated Cisco network devices.
* Threat Visualization: See a visual status and generate reports of all the security events as they happen across your network.
* Incident Resolution Management: SIMs integrates with common helpdesk packages to track security events until resolution.
* Integrated Knowledge Base: SIMS can be a source of knowledge about security issues and how they are resolved.
* Real-Time Notification: SIMS can notify security admins, in real time, when events occur.

For more information about the Cisco CW-SIMS solution, see the Cisco SW-SIMS datasheet.
Cisco Security Monitoring, Analysis, and Response System (MARS)

While MARS may seem similar to CW-SIMS, it is quite different. MARS actually understands the configuration and topology of your network. You can think of MARS as a “virtual security admin” for your network — working while you sleep.

MARS uses NetFlow data from Cisco routers to have a real-time understanding of network traffic. It knows what is considered normal and what is not; this is called behavioral analysis. With behavioral analysis, MARS can stop abnormal network traffic. MARS has over 150 audit compliance templates ,and will make recommendations on how to remediate threats to your network.

MARS is actually an appliance that you install on your network. This appliance comes in a variety of sizes and license levels based on the size of your network. Cisco Security MARS and Cisco Security Manager are part of the Cisco Security Management Suite.
In summary

To be a complete solution that can fulfill the Cisco Self-Defending Network framework, the hardware and software of Cisco’s NAC solution must integrate well. With nine or more different pieces of hardware and software related to NAC, the challenge of acquiring (i.e., affording), learning to configure, deploying, and monitoring these solutions can be a large task for any organization. While having the centralized software applications like CW-SIMS and MARS can really bring it all together, those applications will take time, effort, and expertise to master. For this reason, I can relate to anyone who says that deploying a security solution is difficult.

In this article, I’ve attempted to clarify the purpose of the different NAC security solutions offered by Cisco today; with this information, I hope that your quest for strong network security can be realized.

Free Training | Free Certification Free MCITP Free Training Key » Blog Archive » TS: Configuring Microsoft Windows Vista Client – 70-620

QUESTION 76
You work as the desktop support technician at CertKingdom.com. The CertKingdom.com network consists
of a single Active Directory domain named CertKingdom.com. You have been assigned to the
CertKingdom.com help desk to aid all the CertKingdom.com users who experience trouble with their
workstations. There are both desktop and laptop workstations in operation at CertKingdom.com.
The manager of the CertKingdom.com Sales department named Clive Wilson contacted the
CertKingdom.com help desk to ask for assistance with his department’s main workstation. According
to Clive Wilson, he makes use of many Web sites and services to order and track sales from
several companies. This result in him having a lot of custom settings and preferences on these
sites that he does not want to lose. Many of the sites have passwords that the manager is no
longer required to enter because they are stored locally on the computer.
Clive Wilson has recently delegated the task of processing sales orders online to some of his staff
members. He would like them to have their own credentials on the Web sites, so they can track
their own sales. To this end you are required to remove the stored passwords from the computer
and prevent them from being stored locally again.
Which two of the following actions should you perform?

A. Navigate to the Advanced tab in Internet Options and click Restore advanced settings.
B. Navigate to the Advanced tab in Internet Options and click Reset
C. On the Privacy tab in Internet Options, set the level to High.
D. On the Content tab in Internet Options, click the AutoComplete Settings button and clear the
User names and passwords on forms check box.
E. Click Tools in the Internet Explorer and then click Delete Browsing History. Click Delete
passwords.

Answer: D,E

Best online Microsoft MCTS Certification, Microsoft MCITP Certification at Actualkey.com

Explanation:
To remove the passwords, you should open Internet Explorer, click Tools, and then click Delete
Browser History. Then click Delete Passwords to remove the local passwords stored for Internet
content.
You also must clear the User names and passwords on forms option in the AutoComplete Settings
dialog box. This will prevent user name and password settings from being stored locally in the
future.


QUESTION 77
You work as the desktop support technician at CertKingdom.com. The CertKingdom.com network
consists of a single Active Directory domain named CertKingdom.com. You have been assigned to the
CertKingdom.com help desk to aid all the CertKingdom.com users who experience trouble with their
workstations. There are both desktop and laptop workstations in operation at CertKingdom.com.
A user named Mia Hamm contacted the CertKingdom.com help desk to report that she is experiencing
trouble with viewing Web sites in Microsoft Internet Explorer 7.0. She says that all Web pages are
displayed in the upper-left corner of the tab. The text as well as the images appear very small and
make it very awkward to view. You need to enable Mia Hamm to view the pages at their original
size. To this end you therefore change the text size from medium to large, but it has very little
impact on the text, and the images are still too small.
What should you do?

A. You need to decrease the screen resolution.
B. You need to increase the screen resolution.
C. You need to decrease the monitor refresh rate.
D. You need to increase the monitor refresh rate.
E. You need to decrease the zoom level for the tab.
F. You need to increase the zoom level for the tab.

Answer: F

Explanation:
Internet Explorer 7.0 allows one to view Web pages at different zoom levels and judging by the
symptoms described in the question it is possible that Mia Hamm accidentally pressed the
Ctrlkeys to zoom out. Changing the zoom level affects the entire page, resizing both text and
images. If you change the zoom level to 100 percent, Web pages will appear in their original
sizes. Therefore you should increase the zoom level for the tab.


QUESTION 78
You are employed as an administrator at CertKingdom.com. The CertKingdom.com network consists of a
single Active Directory domain named CertKingdom.com.
CertKingdom.com contains a computer named CERTKINGDOM-WS621 that is running Microsoft
Windows Vista. You have received instructions to remove any Microsoft Windows Internet
Explorer 7 add-ons from CERTKINGDOM-WS621 that do not have prior approval from Microsoft,
System manufacturer or Service provider.
What should you do?

A. You need to remove any add-ons that are not found in the list of add-ons that are at currently
loaded in Windows Internet Explorer 7.
B. You need to remove all add-ons then reapply the add-ons you want to keep.
C. You need to remove any add-ons that are not found in the list of add-ons that run without
requiring permission.
D. You need to remove any add-ons that are not found in the Temporary Internet Files folder.
E. You need to remove any add-ons that are not found in the list of add-ons used by Windows
Internet Explorer 7.

Answer: C

Explanation:
Internet Explorer 7 add-ons that are approved by Microsoft, System manufacturer and the Service
provider do not require your permission to run. They will run automatically. Any add-on that isn’t
approved will require your permission to run. Therefore, to remove all the unapproved add-ons,
you need to remove any add-ons that are not found in the list of add-ons that run without requiring
permission.


QUESTION 79
You are employed as a network administrator at CertKingdom.com. The CertKingdom.com network
consists of a single Active Directory domain named CertKingdom.com.
A CertKingdom.com user named Mia Hamm who works in the Marketing department of CertKingdom.com,
has been assigned a computer named CERTKINGDOM-WS623. CERTKINGDOM-WS623 has the popup
blocker enabled. To do her daily work she visits a certain Web site which makes use of popups.
Mia Hamm wants to view the pop-ups from this Web site while maintaining the highest level of
security for all other Web sites.
Which two of the following options would achieve this goal?

A. You need to disable the pop-up blocker.
B. You need to set the default security level to High.
C. You need to add the URL of the Web site to the list of allowed sites.
D. You need to set the default security level to Medium.
E. You need to visit the Web site and select the Always allow pop-ups from this site option.

Answer: C,E

Explanation:
To enable the pop-ups from a certain website to be viewed, the URL of the Web can be added to
the list of allowed sites in the Pop-Up Blocker settings. Alternatively, you can visit the website and
select the Always allow pop-ups from this site option.


QUESTION 80
You work as the Help Desk technician at CertKingdom.com. The CertKingdom.com network consists of a
single Active Directory domain named CertKingdom.com. CertKingdom.com also operates a Customer
Care Help Desk for the benefit of its customers.
A CertKingdom.com customer named Rory Allen has contacted you at the Customer Care Help Desk.
Rory Allen has configured Microsoft Internet Explorer 7 with a Really Simple Syndication (RSS)
subscription to a website. Rory Allen now has a problem that the RSS subscription Web page has
failed and show the information that the RSS feed Web page displays from the website.
How can you assist Rory Allen to configure Internet Explorer to display the current content from
the RSS feed?

A. Instruct Rory Allen to add the URL of the Web site to the list of allowed sites.
B. Instruct Rory Allen to configure the RSS feed properties to use the maximum interval value
C. Instruct Rory Allen to enable the feed reading view in the RSS feed settings.
D. Instruct Rory Allen to configure the RSS feed properties to use the minimum interval value.
E. Instruct Rory Allen to disable the pop-up blocker for the website.

Answer: D

Free Training | Free Certification Free MCITP Free Training Key » Blog Archive » A+ OS technologies – 220-302

QUESTION 77
An employer is concerned that a user may unknowingly launch a malicious .vbs file. The employer
wants to enable file extensions on all Windows XP computers. Which of the following actions
should be taken?

A. At the command line run C:\>compmgt /afiletype .vbs
B. At the command line run C:\>compmgt /tfiletype .vbs
C. Windows Explorer > Folder Options > File types
D. Windows Explorer > Folder Options > View

Answer: D


Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com


QUESTION 78
When a technician has successfully completed a service call to a difficult customer, it would be
MOST important to:

A. take a break to calm down before handling the next problem.
B. follow up with the customer and verify that the customer is satisfied.
C. leave quickly and quietly before something else goes wrong.
D. notify the customer that the work is finished and the technician is leaving.

Answer: B


QUESTION 79
A technician observes that a user is storing passwords in a text file on the desktop. Which of the
following should the technician do?

A. Print out a copy of the file and show the file to theusers supervisor.
B. Ignore the file and not worry about what the user does with the information.
C. Email a copy of the file to thetechnicians supervisor.
D. Inform the user that this is a violation of thecompanys security policy.

Answer: D


QUESTION 80
Which of the following will prevent the Windows messenger service from displaying any
messages?

A. Start > Run > type CMD > type NET START messenger
B. Start > Run > type service.msc > right click on the messenger service > Properties > Start-up
type > Disable
C. Start > Run > type service.msc right click on the messenger service > Properties > Start-up
type > Automatic
D. Start > Run > type CMD > type NET START msg.exe

Answer: B


QUESTION 81
An angry customer is reporting problems with a computer. Which of the following would be the
FIRST step to take?

A. Tell the customer to calm down.
B. Tell the customer there is nothing to worry about.
C. Let the customer express frustration without interrupting.
D. Ask the support supervisor to take the call.

Answer: C


QUESTION 82
Which two of the following operating systems support system restore? (Select TWO)

A. Windows 2000
B. Windows XP
C. Windows NT
D. Windows Me
E. Windows 98 SE

Answer: B,D


QUESTION 83
Which of the following is the default name of the file that stores Virtual Memory on a Windows
2000 computer?

A. BOOT.INI
B. PAGEFILE.SYS
C. VMM386.SYS
D. WIN386.SWP

Answer: B


QUESTION 84
An A+ Professional is using SYSEDIT to modify settings for a user’s application. By using this tool,
which two files are automatically opened for editing? (Select TWO)

A. IO.SYS
B. BOOT.INI
C. AUTOEXEC.BAT
D. SYSTEM.INI

Answer: C,D


QUESTION 85
Which file system has built-in encryption support?

A. HPFS (high performance file system)
B. FAT16
C. FAT32
D. NTFS

Answer: D


QUESTION 86
An A+ Professional copies several files from a CD-ROM to the hard drive of a computer. The files
have the attribute Read Only. Which command line function and switches can easily remove the
Read Only file attribute from all the files in a particular folder?

A. ATTRIB -A
B. ATTRIB +R /S
C. ATTRIB -R /S
D. ATTRIB /S

Answer: C


QUESTION 87
In Windows XP, which command line program is used to remove an additional operating system?

A. SETUP.EXE /X
B. Bootcfg /delete /ID#
C. Format C: /S
D. WINNT32.EXE /B

Answer: B


QUESTION 88
Which utility can be used to optimize disk performance?

A. FDISK
B. FORMAT
C. SCANDISK
D. DEFRAG

Answer: D


QUESTION 89
NTUSER.DAT and NTUSER.DAT.LOG are associated with which one of the following Registry
Hives?

A. HKEY_USERS\.DEFAULT
B. HKEY_USERS_CURRENT
C. HKEY_CURRENT_USER
D. HKEY_CURRENT_PROFILE

Answer: C


QUESTION 90
Which two operating systems have the Registry editing command Regedt32? (Select TWO)

A. Windows Me
B. Windows NT Workstation
C. Windows XP Professional
D. Windows 98 SE

Answer: B,C


QUESTION 91
Which of the following will allow modification of the Startup folder in
Windows 98 SE?

A. SYSEDIT
B. REGEDIT32
C. MSCONFIG
D. SCANREG

Answer: C


QUESTION 92
Which of the following is the name of the swap file for Windows 98?

A. PAGEFILE.SYS
B. WIN386.SWP
C. VIRTUAL.TMP
D. SWAPFILE.SYS

Answer: B


QUESTION 93
Which utility can a technician use in Windows 2000 to limit the access to Registry keys to certain
users?

A. EDIT.COM
B. REGEDIT.EXE
C. REGEDT32.EXE
D. SYSEDIT.EXE

Answer: C


QUESTION 94
In Windows 2000 Professional, what does the BOOT.INI file contain?

A. hardware profiles
B. boot order
C. default operating system
D. theLilo loader

Answer: C


QUESTION 95
Which Windows XP command allows for the retrieval of compressed files from the operating
system source files?

A. EXPAND
B. COMPRESS
C. OPENFILES
D. UNPACK

Answer: A

MCITP Certification Training Key Microsoft’s new policy sets firm support life cycle schedule | MCITP KEY

Microsoft recently introduced a new product support life cycle policy designed to make support availability more predictable and consistent. This will allow customers to better plan their upgrades, instead of relying on announcements about the retirement of products or the discontinuation of support for them.

Under previous policies, customers couldn’t effectively plan upgrades. This had a significant impact on IT budgets and implementation plans. Microsoft’s new policy makes clear when the support for a product will end and what types of support are available during the product life cycle.

The new policy should be of great benefit to those who rely on Microsoft products, especially its operating systems.

Life time access to Microsoft MCTS Certification, MCTIP Certification and over 2000+ Exams at Actualkey.com

The policies
Microsoft has adopted two support policies—one that covers business and development software, the other for consumer products, hardware, and multimedia software. The primary difference between the two is that additional paid support is unavailable for consumer, hardware, and multimedia products.

Microsoft’s Support Lifecycle policy establishes two phases of support for business and development software.

The Mainstream Support Phase lasts at least five years from the product release date. Mainstream support provides the same options and services that are currently available, including free incident support, paid incident support, hourly charge support, warranty claim support, and hot fix support. In this phase, customers can suggest design changes or feature additions, and Microsoft will evaluate the requests.

At the end of that five-year period, customers can elect to purchase extended support, which covers the product for an additional two years. With extended support, you must pay for support on an hourly basis. To get hot fix support, you have to purchase a hot fix support contract within 90 days after the end of the mainstream period. During the extended phase, Microsoft will not respond to requests for warranty support, make design changes, or add new features.

Beyond the extended phase, customers can obtain additional support through Microsoft’s strategic partners. This custom support may include assisted support as well as hot fix level support.

Online self-help support—which includes access to the Microsoft Knowledge Base, FAQs, troubleshooting tools, and other resources—is available for a period of at least eight years after the product release date. So for at least one year after the end of the extended phase, customers will have access to online resources free of charge to resolve issues without contacting Microsoft.

For Microsoft’s consumer, hardware, and multimedia products, no extended support is available at the end of the mainstream phase. Customers will continue to have access to the self-help resources, however, for the same eight-year period from the product’s release.

Service packs and patches
In addition to the new support policy, Microsoft also announced a change in its Service Pack Support Policy, which extends the availability of support for product service packs.

Previously, Microsoft only offered support for the most recent service pack; it now offers support on the current and immediately preceding service packs. Support for preceding service packs will continue for up to one year after the release of the most current one. Customers can request new or receive existing hot fixes for both during the mainstream support phase.

Microsoft will not automatically create hot fixes for the immediately preceding service packs, however. If a customer needs a hot fix for the earlier service pack, it must contact Microsoft to request it.

Security patches
For business and development software, Microsoft will offer security patches through the extended support phase at no additional charge. Security fixes for most products will thus be available for seven years from the product release date.

Microsoft will provide security patches for its consumer, hardware, and multimedia products for five years—through the end of the mainstream support phase.

Coverage
Microsoft says the new policies cover most of its currently available and future product offerings. To verify that your product is covered by the policy, you should visit the product’s Web page or find it via the Locate Your Product page.

For additional information about Microsoft’s new policies, you can visit the Support Lifecycle Support Policy FAQ page.

Potential benefit
In the long run, the new policies likely won’t result in big changes in the way Microsoft’s customers use its products, but they will add better predictability to the product life spans. Because of the new policies, customers won’t be caught off guard by announcements of the discontinuation of support for particular products.

Why Microsoft bought Great Plains Software - MCTS KEY

When Microsoft announced its acquisition of Great Plains Software at the end of 2000, many people began wondering: What does this mean for the future of Great Plains, other mid-market accounting software companies, and other accounting companies in general—and for the value-added reseller (VAR) channels that Microsoft and Great Plains have spent several years and millions of dollars to develop?

This acquisition also has significant ramifications for both the “big five” ERP vendors (Invensys/Baan, SAP, Oracle, JD Edwards, and PeopleSoft) and the little two (QuickBooks and NetLedger). Since almost all CIOs deal with one of these companies directly or indirectly, I think it makes sense for us to consider the possible outcomes of the acquisition.

What does this acquisition mean for the existing partner channels for Microsoft and Great Plains?
Microsoft needs to have an answer for customers who are seriously considering the Oracle database and financial products from the big five on the UNIX platform. This acquisition gives Microsoft the ability to give their medium to large enterprise customers “one-stop shopping” under the Microsoft brand, with the combination of Windows 2000, Microsoft Exchange, Microsoft SQL Server, and now Great Plains.

Best Microsoft MCTS Training – Microsoft MCITP Certification at Certkingdom.com

This selection is beneficial for companies that want integrated solutions and for Microsoft. I’ve talked to companies in the past year that originally purchased Great Plains as an interim solution on their way to SAP before dumping SAP halfway through the conversion when they realized that Great Plains could do everything they needed. They were also able to get it fully operational in a fraction of the time it took to implement SAP.

Companies that have invested heavily in training and certifying their companies to deliver Great Plains solutions on Microsoft technology are also positioned to take advantage of this acquisition. Those reaping the greatest benefits will be the handful of companies that are both Great Plains Certified Hosting Providers and Microsoft Solution Provider Partners; they will immediately benefit from the marketing and support economies that will be achieved through the merger.

In addition, the president of the Great Plains division of Microsoft, Doug Burgum, has stated that he will continue with his strategy of being selective in building the traditional VAR and applications hosting channel. Companies that have not already made an investment in being Great Plains partners but who represent other mid-market accounting systems now have a difficult choice to make about the financial software they will represent in the future.

This merger could also spell trouble for traditional Great Plains VARs. Microsoft’s .NET platform and emphasis on ASPs and Web-based technologies make many existing VARs obsolete. These VARs will either have to partner with an ASP, significantly beef up their consulting and development practices, or make a move down market.

What does this mean for the accounting software market?
If you’re a mid-market accounting software company on a Microsoft platform or a company that relies on one, then you should seriously consider your strategy. During the past year, Great Plains gobbled up Solomon Software and RealWorld. Companies like Sage and Hyperion have to be looking over their shoulders.

This will also make it more difficult for the big five to move into the medium enterprise market. All of them (except Oracle) were counting on using Microsoft’s leverage on the server and the cost of the database to help them move into this space. Microsoft was clearly tired of losing competitive bids to UNIX and Oracle in this space and decided to take matters into its own hands.

But perhaps the most interesting story will be unfolding on the low end of the market. Quicken.com (with QuickBooks on the Net) and NetLedger (based on Oracle database technology) have made significant inroads into the small and medium business market. But by combining Great Plains with its bCentral small business service, Microsoft may have finally found a way to crack this market. Before this can happen, however, Great Plains has to be re-architected to eliminate its dependency on its proprietary development tool (Dexterity) and to be more Net (or .NET) friendly.

The Great Rewrite—Great Plains on Microsoft’s .NET platform
The acquisition is also great news for Microsoft’s .NET initiative. Great Plains had already announced a 24-month time frame to rewrite the entire Great Plains product line using .NET technology. This includes tight integration with all .NET Server products (specifically SQL Server 2000, BizTalk Server 2000, and Commerce Server 2000) and the replacement of Dexterity with C# as the core language.

I expect to see this timeline shrink dramatically. It’s possible that by the end of this year, Microsoft and Great Plains will release an enterprise production-level .NET accounting application that really shows off the power of the .NET environment.

Can Great Plains pull it off? This isn’t the first time Great Plains has made a significant commitment to Microsoft technology. It was the first mid-market accounting company to make significant investments away from Novell’s Btrieve (now Pervasive SQL) when other companies bet the ranch on Novell.

Since then, they’ve been huge supporters of SQL Server. Great Plains’ home office in Fargo has been a testing center for every new version since 6.0. The company also developed its own Transaction Server technology (called the Process Server) before Microsoft released Microsoft Transaction Services.

Great Plains is a company with significant technology resources and a loyal employee base. And it has one more attribute that will hopefully make its way into the Microsoft culture—it actually releases its products on time!

Microsoft extends its accounting reach with Navision acquisition

On May 7, Microsoft announced its intention to acquire the Danish ERP accounting software vendor Navision. This announcement comes on the heels of Microsoft’s purchase last year of the midmarket accounting systems leader, Great Plains.

Navision has spent the last few years trying to catch Great Plains in the midmarket space. Many consultants had written off Navision as a competitor because of the increased awareness and bankroll that Microsoft brought to Great Plains. So what’s the rationale behind the acquisition, and how will it affect ERP consultants?


Best online Microsoft MCTS Certification, Microsoft MCITP Certification at Actualkey.com

Microsoft’s party line
In an interview, Tami Reller, vice president of Global Solutions for the new Microsoft Great Plains Business Solutions division (MGP), offered two points about the acquisition:

* Microsoft is committed to partnering with its solution providers to provide business solutions to the middle market. The combination of Great Plains, bCentral (Microsoft’s small business solutions arm), and Navision will give partners a wide variety of midmarket accounting solutions and services to offer their customers.
* Microsoft is committed to providing the strongest .NET applications and development platforms, including extensible accounting solutions based on the .NET platform.

The translation
I interpreted my conversation with Reller this way: Although Great Plains had great consumer awareness and market share in the United States and Canada, it has had a difficult time getting that same recognition in the European market. The Navision acquisition gives Microsoft global reach in the midmarket accounting space almost overnight.

Navision may also hold the key to expanding Microsoft’s hosted solutions practice overseas. Until now, overseas companies haven’t found a compelling reason to take advantage of the business solutions offered by Microsoft’s bCentral division.

In the United States, Microsoft has done significant work to allow MGP customers to integrate their locally installed and managed Great Plains systems with features of bCentral that are designed to integrate with those systems. These features include Dun & Bradstreet company lookups, cross-company appointment management and, in the future, integration with hosted versions of Microsoft’s new CRM product, which is based on the .NET framework. (For more on the MGP product and its effect on consultants, read my previous column for IT Consultant Republic.)

By building new integration points between bCentral and Navision, Microsoft will be able to extend its hosting platform overseas and, in Navision, it will have a large number of existing partners who will help sell the services.

On the surface, this strategy seems intended to sell and promote Great Plains in North America and Navision in Europe. Yes, Great Plains has customers and partners in Europe, as does Navision in the United States, but Microsoft has a lot of work to do to differentiate the products to help its customers and its partners decide which product to buy and support, respectively. In the future, Microsoft will have to differentiate based on features and price in order for resellers to justify carrying Navision in the United States and Great Plains in Europe.

Navision’s reputation for the robustness of its manufacturing solution will be another near-term differentiator. Great Plains has its own manufacturing solution, but industry partners and customers don’t recognize it to be as robust or complete as the one provided by Navision. Each company has development partners whose products help them win business against other players, such as J. D. Edwards, Lawson Software, and CODA Software Systems, in the midmarket space. But Navision and Great Plains both benefit from the Microsoft name when selling against these other accounting systems companies.

How does the acquisition affect consultants?
Navision and Great Plains each have existing consulting channels. For the foreseeable future, both Navision’s and Great Plains’ certification programs for companies that want to resell their products will stay in place. And there will be little or no effect on existing partners. However, Microsoft now has three groups of partners to rationalize: Solution Providers, GP Partners, and Navision partners. Microsoft has made a point in the past to maintain the more difficult certification—GP—rather than the entry-level one—SP.

Existing consultants shouldn’t expect it to get any easier to sell accounting solutions from Navision just because Microsoft is acquiring them, and existing Navision dealers shouldn’t be concerned about the commoditization of their Navision certification.

This strategy is the right one for the channel and the customer and the same strategy will probably be employed with the Navision channel. The real differentiator between the Great Plains and Navision channels is their products’ customization capabilities and their partners’ staff commitments to deliver customer-specific solutions.

MGP customization has been hampered by its dependence on the proprietary Dexterity language developed before the acquisition of Great Plains. Navision, on the other hand, has a large community that uses the Navision customization toolkit to perform significant customizations of the Navision platform.

In fact, what draws many partners to the Navision platform is its customization capability. Where most MGP consultants generate minor revenue streams from customization engagements (and staff accordingly), Navision consulting firms have developers on staff and salespeople who know how to sell customization engagements.

As the code base for both products moves to .NET during the next 18 to 24 months, the entire MGP consulting channel will have new opportunities to generate sales from extended customization of the core accounting platform. Therefore, I suspect that one of the other key benefits of the Navision acquisition is the ability to use the sales and marketing knowledge regarding sales and support of product customization to help build a similar channel for Great Plains’ partners.

Bottom line
Even after you look at the evidence behind the party line, the core messages ring true: This acquisition demonstrates that Microsoft is intent on owning the midmarket space worldwide, and it intends to do so by partnering rather than building a large consulting organization (a la Oracle Financials). Any partner—whether it’s Navision, Great Plains, or a Microsoft Solutions Provider—better be investing heavily in developing its .NET development expertise if it wants to take advantage of upcoming opportunities from Microsoft.

New Microsoft downloads are packed tight with patches

Microsoft Security Bulletin (MS01-044)
Regarding: Microsoft Internet Information Server 4.0 and 5.0
Date posted: August 15, 2001
Patch URL: Click here to download the IIS 4.0 patch.
Patch URL: Click here to download the IIS 5.0 patch.
Information URL: Click here for more information.

Microsoft has released a patch combining all the patches released so far for IIS 4.0 and 5.0 (since NT 4.0 Service Pack 5), plus fixes for five newly discovered vulnerabilities. These vulnerabilities include denials of service, a buffer overrun, and a privilege elevation.

Microsoft Security Bulletin (MS01-045)
Regarding: Microsoft ISA Server 2000
Date posted: August 16, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

In another multipatch download, Microsoft includes fixes for three vulnerabilities affecting ISA Server 2000. Two of them are denial of service vulnerabilities (memory leaks in the H.323 Gatekeeper Service and in the Proxy service), and the third is a cross-site scripting vulnerability.


Best online Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

Microsoft Security Bulletin (MS01-046)
Regarding: Windows 2000
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

The infrared-connectivity software in Windows 2000 contains an unchecked buffer. By sending a packet of a particular design, an attacker could cause an access violation, requiring the user to reboot. This vulnerability is more of a nuisance than anything, since it does not allow the attacker to run malicious code on the user’s system.

Novell issues
Regarding: NetWare 5.1, Novell Small Business Suite 5.1
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This download contains files to make NetWare Remote Manager meet Section 508, The U.S. Federal Mandate for Accessibility.

Regarding: GroupWise
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Remember the Padlock Fix from last week? Well, this download simply verifies that you have the fix installed and enabled.

Regarding: Account Management 2.1 for Windows 2000
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Here’s yet another password synchronization fix. It addresses the same symptoms as the past fixes: You can change a password once, but if you try to change it again, it won’t synchronize.

Virus updates from Trend Micro
Virus/Worm: TROJ_MODNAR.A
Posted: August 17, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_DSNX.A
Posted: August 20, 2001
Risk: Low
Information URL: Click here for more information on this virus.
Stay current on virus information
Have you been keeping up with the latest virus information and patches from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-044)
Regarding: Microsoft Internet Information Server 4.0 and 5.0
Date posted: August 15, 2001
Patch URL: Click here to download the IIS 4.0 patch.
Patch URL: Click here to download the IIS 5.0 patch.
Information URL: Click here for more information.

Microsoft has released a patch combining all the patches released so far for IIS 4.0 and 5.0 (since NT 4.0 Service Pack 5), plus fixes for five newly discovered vulnerabilities. These vulnerabilities include denials of service, a buffer overrun, and a privilege elevation.

Microsoft Security Bulletin (MS01-045)
Regarding: Microsoft ISA Server 2000
Date posted: August 16, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

In another multipatch download, Microsoft includes fixes for three vulnerabilities affecting ISA Server 2000. Two of them are denial of service vulnerabilities (memory leaks in the H.323 Gatekeeper Service and in the Proxy service), and the third is a cross-site scripting vulnerability.

Microsoft Security Bulletin (MS01-046)
Regarding: Windows 2000
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

The infrared-connectivity software in Windows 2000 contains an unchecked buffer. By sending a packet of a particular design, an attacker could cause an access violation, requiring the user to reboot. This vulnerability is more of a nuisance than anything, since it does not allow the attacker to run malicious code on the user’s system.

Novell issues
Regarding: NetWare 5.1, Novell Small Business Suite 5.1
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This download contains files to make NetWare Remote Manager meet Section 508, The U.S. Federal Mandate for Accessibility.

Regarding: GroupWise
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Remember the Padlock Fix from last week? Well, this download simply verifies that you have the fix installed and enabled.

Regarding: Account Management 2.1 for Windows 2000
Date posted: August 21, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Here’s yet another password synchronization fix. It addresses the same symptoms as the past fixes: You can change a password once, but if you try to change it again, it won’t synchronize.

Virus updates from Trend Micro
Virus/Worm: TROJ_MODNAR.A
Posted: August 17, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: TROJ_DSNX.A
Posted: August 20, 2001
Risk: Low
Information URL: Click here for more information on this virus.

MCTS Online Training, MCITP Online Training MCITP Online.com » Blog Archive » Microsoft’s Passport e-wallet invites pickpockets

A newly discovered flaw in Microsoft’s Passport put another layer of tarnish on the company’s already heavily corroded security image. Microsoft was forced to temporarily shut down its Passport e-wallet service after being warned that hackers could pickpocket individual e-wallets.

Passport and e-wallet
Microsoft’s Passport service provides a centralized database to store and distribute confidential data and a way for users to be identified on the Web. Passport can make Web sites easier to use because you don’t have to keep identifying yourself to gain access to various services.

Of course, this convenience comes at the not-so-minor cost of giving Microsoft control over your personal data, which, because of the company’s spotty security record, is not something I would recommend.

The online shopping feature of Passport, known as e-wallet, is supposed to eliminate all that tedious data input when you place an order online. Microsoft’s promise is essentially this: “Give us your name, address, and credit card number, and we will send that information to merchants on request.” So far, more than 70 online merchants have signed up for Microsoft’s Express Purchase service.

Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

Handing over your virtual wallet
Does it really take a highly paranoid security specialist like me to see that this might be a bad idea? Apparently, several million people out of the much larger Passport community have already signed up for this e-wallet service. According to Microsoft, those subscribers may have placed their personal data at risk due to a flaw that could allow a hacker to obtain the contents of their virtual wallet just by clicking on a link contained in a Hotmail e-mail account message.

Microsoft said that it immediately shut down the e-wallet service after learning of the problem and that Passport security has been enhanced. But that leaves open the question of whether any hacker took advantage of this flaw before a white-hat hacker discovered it and informed Microsoft.

Microsoft was quick to point out that this was an “isolated” problem (almost every individual security problem is) and that it patched the flaw immediately. The company also said that no e-wallet user’s credit card information was actually compromised. That may be true, but the cracker would probably leave no trace using this method, so I’m not certain just how Microsoft can know that no personal data was stolen.

Is even one of you surprised by this latest security breach at Microsoft? Did anyone not see this coming? The answer to both questions is probably a resounding “No.” For some time now, many IT professionals have been very cautious about Passport and downright obstinate about e-wallet.

The bottom line
Convincing people to trust Passport is vital to a number of upcoming Microsoft services in the .NET initiative. So if this recent Passport security flaw becomes widely known, it could be a much bigger PR problem for Microsoft than it appears to be on the surface. Indeed, Passport, which has recently been renamed .NET Passport, may be the crown jewel in the .NET crown.

Unfortunately, most average users will know little about this problem, and even fewer will realize that this is only one in a long string of Microsoft security problems. Anyone with any concerns about personal or business privacy and identity theft must place a great deal of trust in a company’s security policies before they give any confidential information to an online service that offers to serve as a gatekeeper for sensitive personal and financial information.

Microsoft must be hoping that average users won’t notice that there were about 100 Microsoft security bulletins in 2000 and that we are well on track to see another 60 or 70 by the end of this year. In addition to credit card information, Microsoft wants people to eventually store other confidential data, such as medical records, in Passport accounts.

Some people will even be foolish enough to provide debit card numbers, which, unlike credit cards, offer little or no fraud protection. While having your credit card stolen is annoying, it isn’t a big problem because credit card issuers limit the amount you can be forced to pay for fraudulent charges. But since debit cards offer direct access to your bank account, having that number stolen can be just like losing a checkbook full of signed, blank checks.

There is also some question as to whether can you continue to use Microsoft software and still avoid Passport. That’s going to become a major problem in the near future. If you haven’t yet installed a copy of XP, you may not realize that anyone running the new Microsoft operating system will be virtually forced to sign up for Passport.

Microsoft is making a big push to get everyone to use Passport as part of the impending .NET initiative, and in the years ahead, it will probably become increasingly difficult to use Microsoft programs if you don’t provide at least a minimum of information to Passport.

MCTS Online Training, MCITP Online Training MCITP Online.com » Blog Archive » Build Your Skills: E-mail on demand with Microsoft Outlook Web Access

Would you like to provide your users with accessibility to your company’s e-mail system no matter where they are? With Microsoft Outlook Web Access for Exchange Server, they’ll never be more than a browser (with frames support) away from their Inbox. They can have secure access to their Inbox and calendar from any PC with Internet access in the world.
This article appears courtesy of TechRepublic’s TechProGuild, the subscription Web resource for IT administration and support professionals. Among other great benefits, TechProGuild offers in-depth technical articles, e-books, and weekly chats moderated by industry experts on hot topics such as the latest OS developments and career advancement. Sign up now for a FREE 30-day trial of our TechProGuild service.
Outlook Web Access (OWA) became available with Microsoft Exchange version 5. Basically, OWA is intended to supplement Microsoft Outlook. It gives users remote access to many of the core components and functions of the client that they use in the office. Unfortunately, most administrators don’t know about it, so they don’t use its great features. In this Daily Drill Down, I’ll discuss how you can put these helpful features to work in your organization.


Best online Microsoft MCTS Certification, Microsoft MCITP Certification at Actualkey.com

Outlook Web Access requirements
For your server, you’ll need the following components:

* Pentium 6/200 single processor
* 256 MB RAM
* Network connection to Microsoft Exchange Server
* Microsoft Windows NT operating system with Service Pack 4 (SP4) or later
* Microsoft Internet Information Server (IIS); Exchange Server 5.0 supports IIS 3.0 only, but Exchange Server 5.5 supports IIS 3.0 or later
* Active Server Pages (ASP), which are available on Microsoft Windows NT 4.0 Service Pack 3 CD-ROM
* Active Server components (which come with Exchange Server 5.0) or Outlook Web Access components (which come with Microsoft Exchange Server 5.5)
* Exchange Server 5.0 Service Pack 1 (SP1) or Microsoft Exchange Server 5.5 Service Pack 2 (SP2); SP1 and SP2 provide enhanced Outlook Web Access components

For your client, you’ll need an Internet browser that’s capable of displaying Active Server Pages. You’ll also need Internet Explorer 3.02 or later (or any third-party browser that’s capable of supporting frames).

Outlook Web Access recommendations
As with most of Microsoft’s server-based products, you ought to dedicate at least one server to performing the foundation that’s needed by Internet Information Server and Outlook Web Access Server components. Microsoft recommends that Outlook Web Access and Microsoft Exchange Server not be installed on the same machine. (Please note that Windows NT Challenge/Response (NTLM) authentication isn’t supported.) Microsoft also recommends that you use load balancing hardware or software in order to serve users better and to improve server response and availability.

The Microsoft Outlook Web Access server performs most of the processing for connected clients. The OWA Server also handles the entire load that’s required by active client connections. Supporting one client on the Outlook Web Access Server is similar to running one instance of Microsoft Outlook. Thus, to support the connections and requests, the Outlook Web Access Server must run many active MAPI sessions to the Microsoft Exchange Server. The overhead that’s created by the Internet browser running on the client computer is small, but the session that’s created by the client connection to the Outlook Web Access Server consumes many resources on that server. Keep this information in mind and plan the potential load on the Outlook Web Access Server accordingly.

When you plan any project, you must address scalability. To ensure that OWA maintains a semblance of scalability and to allow for organizational growth and changes, Outlook Web Access and Internet Information Server must reside on a dedicated server that’s separate from other Exchange Servers. As the number of clients increases, the load on the Outlook Web Access Server will increase, and you’ll need to add more servers. You can add more OWA Servers without affecting the existing Microsoft Exchange Server or the mailboxes in your organization.

When you need to add another Microsoft Outlook Web Access Server to your organization, load balancing makes the process much easier. Load balancing, which is available in hardware and software variations, allows multiple servers to process and handle requests that are intended for a single IP address. Load balancing has several benefits. First, users will need only one URL to access their e-mail accounts; the load balancing software or hardware will determine which Outlook Web Access Server handles the request. Another benefit is its continued availability. If a user makes a request and a member of a server load balancing team is down, the request will be directed to another server automatically. In some cases, load balancing software or hardware can distribute the load that’s placed on servers by noting which servers are busiest at the time of the request and then by directing the new request to a less burdened machine.

To satisfy general load-balancing requirements, Microsoft recommends that you use Windows Load Balancing Service (WLBS) as a load balancing software solution and Cisco’s LocalDirector as a load balancing hardware solution. WLBS supports up to 32 servers; LocalDirector supports up to 64,000. However, WLBS won’t work in OWA scenarios because WLBS uses round-robin DNS: When a request is made to a DNS server, the DNS server points the request to the next available member of the WLBS team. It doesn’t consider server load. Round-robin DNS works only with stateless ASP applications. Each user request is sent to the next server that’s a member of the WLBS team, but the new server interrupts the user’s ASP session. That means that users who try to access their e-mail via the OWA Server must log in every time they make another request.

Functionality
With Microsoft Outlook Web Access for Exchange Server, access to a user’s e-mail account is no longer restricted to a particular operating system. As long as the browser being used supports frames, access to important information is possible. OWA provides a true cross-platform messaging and application collaboration system. OWA is a MAPI application that’s composed of binary, HTML, and ASP script files. The scripts use Collaborative Data Objects (CDO) to access mailbox and public folder information that’s stored on the Microsoft Exchange Server computer. OWA also uses Microsoft Active Server Pages on the Internet Information Server. JavaScript and Java control, which are downloaded to the user’s Internet browser on demand, generate HTML pages.

Although the browser uses the downloaded JavaScript to perform some of the processing on the client computer, the Microsoft Outlook Web Access Server handles most of the processing that the Outlook Client usually completes. This server processing includes MAPI sessions, client logic, state information, address resolution, rendering, content conversion, and Remote Procedure Calls (RPC) communications with the Microsoft Exchange Server. The Exchange Server receives and completes requests that the Outlook Web Access Server makes. (These requests resemble requests from any MAPI client.)

The process
Here’s what happens when users open messages in their Microsoft Exchange Server Mailboxes using a browser with Outlook Web Access. First, a browser with the Outlook Web Access client sends a request to a Microsoft Internet Information Server and the OWA Server. This request includes a cookie that identifies the browser and the user. IIS accepts the request and hands it to Active Server Pages (ASP) for processing. ASP verifies that the cookie points to a valid ASP session and that the user making the request has logged on properly. Next, the Internet Services API (ISAPI) filter determines which language to use when displaying messages in the browser. Then, ASP opens the script that’s named in the URL and executes any server-side Microsoft Visual Basic script it contains. These scripts use CDO to open the message that’s in the user’s Microsoft Exchange Server Information Store. The message GUID is passed on within the query string of the URL. Next, The CDO rendering library (Cdohtml.dll) converts the requested message into HTML format, and IIS sends the HTML to the browser. Finally, the browser renders the HTML, including the embedded JavaScript.

Outlook Web Access security
You can configure Outlook Web Access to support one or more of several different types of authentication. As usual, there are advantages and disadvantages to many of these configuration options. The following configurations will authenticate OWA users:

* Anonymous
* Basic (clear text)
* Basic (clear text) over Secure Sockets Layer (SSL)
* Windows NT Challenge/Response (NTLM)

Anonymous authentication
If Outlook Web Access is set up to accept an anonymous connection, any user with access to the OWA Web page can use Outlook Web Access without specifying a Windows NT account name or password. When a user accesses OWA and makes an anonymous connection, Internet Information Server logs on the user with an anonymous (guest) account, which is a valid Windows NT user account. The default IIS user account is IUSR_computername. Be aware that anonymous authentication grants access only to resources that are anonymously published, such as public folders and directory content. Table A summarizes the advantages and disadvantages of using anonymous authentication.

Table A

Basic (clear text) authentication
When using basic (clear text) authentication, a user who tries to connect to OWA must supply a valid Windows NT account username and password. The user’s account and password are transmitted as clear text over the network to the Internet Information Server/Outlook Web Access Server. Validating users with basic (clear text) authentication gives them the ability to access an unlimited number of resources that are located on machines other than the Outlook Web Access Server. A user can access e-mail on one Microsoft Exchange Server and public folders on another Microsoft Exchange Server.

Since basic authentication transmits clear text passwords across the network, Microsoft recommends that you also use SSL. SSL encrypts all information that passes through IIS. Table B summarizes the advantages and disadvantages of using basic authentication.

Table B

Basic (clear text) over SSL
When using basic authentication over SSL, a user must specify a valid Windows NT user account name and password in order to access OWA. Usernames and passwords are transmitted as encrypted information over the network to the Internet Information Server/Outlook Web Access Server. Basic authentication over SSL allows users to access an unlimited number of resources, which may be located on machines other than the Outlook Web Access Server—just like basic (clear text) authentication does. Table C summarizes the advantages and disadvantages of using basic over SSL authentication.

Table C

Windows NT Challenge and Response (NTLM)
Windows NT Challenge and Response requires a user to specify a valid Windows NT user account name and password in order to access the OWA Server. The username and password are sent from the browser to the IIS as encrypted information. All information that the user wants to access must reside on the same server as IIS and the Outlook Web Access Server. Windows NT Challenge and Response authentication isn’t supported if IIS and the OWA Server are located on the same machine that contains Microsoft Exchange Server. Table D summarizes the advantages and disadvantages of using Windows NT Challenge and Response.

Table D

Multiple users
If multiple users are going to share the same computer and use it to access e-mail via OWA, Microsoft recommends that you disable local caching. Doing so lessens the chances that a message a user accessed via Outlook Web Access still resides on the local disk, where the wrong user could access it. Microsoft also recommends that you disable the Save Password option in Internet Explorer in order to lower the chances that a nosy user will access another person’s e-mail account.

Outlook Web Access installation
Below, I’ve provided a step-by-step guide that will explain how to install Microsoft Outlook Web Access. The test machine is a Windows NT 4.0 Server with Windows NT Service Pack 6a, Internet Information Server 4.0, and Active Server Pages installed.

1. Insert the Microsoft Exchange 5.5 CD-ROM into the machine on which you plan to install Outlook Web Access.
2. In the Setup Selection window, select Set Up Server And Components.
3. In the Choose And Install window, select Microsoft Exchange Server 5.5.
4. Accept the End User License Agreement.
5. In the Exchange Server Setup box, select Complete/Custom.
6. Make sure that the Outlook Web Access option is the only one that’s checked and click Continue. If you haven’t installed IIS 4.0 and/or Active Server Pages yet, you’ll be notified via a pop-up screen. (Setup won’t continue. You’ll have to stop setup and install the missing component(s).) Then, start these steps over. Please note that IIS 4.0, which can be found in the Windows NT 4 Option Pack, requires Internet Explorer 4.01 or later.
7. Exchange Server Setup begins and explains that it will stop the Internet Information Server Service.
8. Microsoft Exchange Server Setup prompts you for the name of the Microsoft Exchange Server to which the Outlook Web Access Server will connect.
9. Files are copied to the local computer. Services that OWA needs are stopped and started, and Outlook Web Access is installed.
10. Upon completion, a pop-up window appears and lets you know if all is well.
11. You’re finished.
12. To test your setup, open your browser, type the name of the computer that’s running Outlook Web Access in the address line, and press [Enter]. (The address probably will be something like http://computername/exchange.)
13. You’ll be prompted for your username and password. You may need to include your domain name, too (such as domainname\username). Don’t check Save This Password, since that would allow anyone to access your mailbox from your computer.
14. You’ll be welcomed to your Inbox.
15. After successfully reading and sending some e-mail messages, remember to log off and close your browser. That way, you can be certain that no unauthorized users will view your mail.

Conclusion
Microsoft’s Outlook Web Access provides a quick and easy method of increasing the accessibility of your company’s e-mail system. Configuring OWA properly gives you a solid and secure method of remotely accessing e-mail. Of course, you must consider the variables when you’re implementing OWA. All Microsoft installations will be unique to your organization, so you should customize OWA accordingly. For more information on tuning and enhancing the performance of IIS and ASP, please point your browser here.