NetFlow Analyzer

NetFlow Analyzer is a bandwidth monitoring and reporting software.

• Support for NetFlow®, sFlow®, cflowd®, J-Flow®, IPFIX®, NetStream® and NBAR® technologies
• Application recognition based on IP addresse in addition to port and protocol
• Proactive alerting based on threshold violations on IP Groups
• Distributed architecture support for large enterprises

Success Stories
"NetFlow Analyzer helped us understand application network requirement & bandwidth usage."- Milan Modi, DHL

What is NetFlow Analyzer?

NetFlow Analyzer is a bandwidth monitoring and capacity management tool that has been optimizing thousands of networks across varied industries for peak performance. By providing an in-depth visibility into network traffic and its patterns, NetFlow Analyzer gives business knowledge of real-time network behavior and how traffic impacts the network's overall health.

What problems does it solve?

One of the key issues in network management is knowing the genuineness of traffic.Capacity considerations affect investment decisions, policies, usage and consequentially the business as a whole. NetFlow Analyzer gives detailed information on network bandwidth usage pattern for traffic analysis, capacity planning and making policy decisions. By drilling down into the specific applications, users, ports or communication network managers are able to determine the exact source of spikes and bursts and therefore able to proactively monitor, control, and take informed decisions.

What features does it offer?

In-depth visibility with top hosts, applications, DSCP, TCP_Flag and AS information for every link and for configurable IP Based departments and divisions, Fine Grained Application Categorization and Recognition, Proactive alerting and Scheduling, Privilege based user access

What platforms/vendors/technologies does it support?

Platforms: Windows & Linux.
Vendors: CISCO, Juniper, HP, APC, IBM, Intel, Microsoft. For complete list click here.

Datacenter and Server Management Suite

Optimize datacenter efficiency from a unified portal

DSM Suite helps datacenter administrators manage Servers, Databases and their applications, and guarantee maximum uptime. Deliver high application performance Manage Servers, Databases and websites Secure against internal and external threats Ensure business continuity with proactive management Datacenter and Server Management Every IT Manager realizes the consequence of the failure of a business critical application. With increasingly heavy investments on datacenters and the servers within them, a break-fix management methodology is no longer sufficient. With troubles right from an over utilized resource causing an application failure, up to a malicious virus threatening data security, the Datacenter manager requires a solution that proves to be proactive as well as business intelligent. Challenges in Datacenter Management The process of identifying and optimally using the datacenter resources, guaranteeing maximal device availability and ensuring security across all infrastructure is no simple task. Failed services could lead to unhappy end-users and even cause heavy business losses. Common concerns in Datacenter Management are: Unavailability of Servers, Databases and Applications Application-level performance degradation Internal security breaches and unauthorized user access Malicious traffic, viruses and worms affecting servers Optimization of resource allocation ManageEngine Datacenter and Server Management Suite What you need in managing your Datacenters is a cost-effective and yet reliable solution that answers your concerns. ManageEngine Datacenter Management Suite provides such a proactive solution by giving you an array of benefits: Server CPU, Memory and Disk Utilization In-depth Application performance and availability management Management across heterogeneous databases Monitoring across websites and web transactions Service monitoring including Web Services Internal Security Management with Windows Eventlogs External traffic management with firewall analyzer Centralized password management including shared and service accounts Specialized MS Exchange Server Monitoring

Applications Manager

Availability and Performance Monitoring

Take control of your heterogeneous IT Infrastructure !

Do you face these problems ? Inability to pinpoint resources that affect business applications Lack of know-how in managing heterogeneous IT Difficulty in meeting user service levels Unplanned downtimes due to improper capacity planning ManageEngine® Applications Manager can help you take control of your IT infrastructure. With out-of-the-box support for Servers, Application Servers, Databases, Custom Applications, Service Oriented Architectures and Web Services, Application Support personnel can hence take time to focus on other priorities. ManageEngine® Applications Manager integrates years of industry best practices in application and server monitoring and can empower IT admins and application support people. Being an agentless monitoring solution maintenance costs are low and administrators can also setup and start monitoring their critical resources in minutes.

Technical Benefits

• Out-of-the-box support for heterogeneous applications and servers
• Agentless Monitoring
• High Scalability with support for a distributed architecture

Manage Engine

What is Applications Manager?

ManageEngine Applications Manager is an availability and performance management software that helps businesses to ensure high availability and performance for their business applications. ManageEngine Applications Manager provides application server monitoring, database monitoring, server monitoring, web services monitoring and an array of other application management capability that will help IT administrators manage their resources.

How can ManageEngine Applications Manager help you?

ManageEngine Applications Manager helps you with a holistic view to your IT resources. It helps monitor the performance of various components of an application and helps troubleshooting production issues quickly. This helps reduce finger pointing and poor quality of service to end users. Additionally with ManageEngine Applications Manager, capacity planning and identifying root cause of performance issues becomes quicker.

ManageEngine Applications Manager also provides you with a business centric view to monitoring IT resources. This further helps aligning your IT resources to the needs of the business.

Why should you consider Applications Manager?

ManageEngine Applications Manager supports a heterogeneous application and server environment. This helps you meet most of your monitoring needs with a single tool. It is a comprehensive tool that covers all leading Application servers, web servers, databases, systems and also provides mechanisms to include custom application monitoring.

How to Become a Successful Linux User

How to Become a Successful Linux User

First Edition Published: 2007-04-20
Updated: 20-Apr-2007 07:40AM

If you're thinking of switching to Linux, using a bit of common sense can be the difference between having a positive or negative experience with Linux. Here are some simple rules that we think will make yours a positive one.

Know what you want to do

Many emails we receive from aspiring Linux users start with some variant of: "I've decided to stick it to Bill Gates and I've would like to try Linux ..." . Though most of us of in the Linux community are not big fans of Mr. Gates, we don't think this is the best motive for switching. The best reason for using Linux is to get to work with a more robust, stable and secure operating system. If you're using Microsoft Windows to do general things (using the internet, word processing, storing your photos, listening to music), then a switch to Linux shouldn't be too painful. However, if you're a Windows user and your computer directly effects your livelihood, then you need to do an inventory of the programs you use. You should know that programs designed to run on Windows will not work automatically on a computer running Linux. That means that you may have to look for substitutes. Luckily, substitutes for almost every type of program exist. Even if you work in some special niche and can't find a substitute for a particular program, you may still be able to use it with Linux, but you will probably need outside help in getting in running. The bottom line is that having a clear idea about what you're going to use Linux for will improve your chances of having a successful transition.

An Introduction to Some Linux Terminology

Like any particular group, the Linux community uses its own terminology, comprised of certain words, expressions and acronyms, to talk about its activities. Just as dentists may talk about molars, bicuspids and incisors, people who are knowledgeable about Linux may talk about things like the kernel, a distribution and dual-booting. Like any new member to a community, hearing and seeing words you don't understand can be a bit of a turn off. Before you read any further, we'd like to refer you to our brief glossary of the most important terms associated with Linux.

Give Linux a Practice Run

The Linux community is fortunate in that we have a lot of very talented people who love to tinker. One of these talented tinkerers, Klaus Knopper, developed a type of Linux distribution that doesn't need to be installed. It is called a Live CD. He named his distribution Knoppix and it is available for free download from his website. All you need to do is burn it to a CD or DVD and boot your machine. This will give you a good idea what Linux is like. In fact, Knoppix isn't the only distribution that will do this. Many popular distributions, including Mandriva, MEPIS and Ubuntu will also boot up as live-CD systems. With these versions of Linux, you can take the operating system for a spin and there's no need to install anything. If you end up liking what you see, these live-CDs can also be installed to your hard drive.

Choose a "popular" Linux distribution

If you've decided to make the switch, we recommend using a distribution that a lot of other people are using. One of the keys to a successful Linux transition, in our estimation, is choosing a popular distribution has a large developer community. A large developer community means that you'll find the programs that you need easily and you will be able to install them with the same ease. With a less well-known distribution, you may find suitable programs but in many cases installing them will mean manually compiling the source code. If you're a beginner, this can be a frustrating experience. The more well-known distributions have prepared programs in 'packages' that are easy to install. On top of this, there are tools designed especially for a particular distribution to manage these packages to make sure that programs run correctly right away. The website Distrowatch.com maintains a comprehensive list of the most popular distributions.

Get the latest version of your chosen distribution

Linux.org receives a lot of emails from people looking for installation help. In the course of the email exchanges, it often becomes apparent that a person is trying to install some older, often no-longer supported version of a Linux distribution. It's best to stay away from CDs you find in old books and magazines. If you have a good connection, go to a distribution's homepage and download the latest ISO images or DVD image from an official mirror. If you're on a dial-up connection, there are several online retailers that will sell you a Linux CD or DVD at very cheap prices. The newer the Linux distribution version, the better the hardware support. The number of glitches you'll get in the installation process decreases with the newness of the version of Linux you choose.

Consider paying for your Linux distribution

A lot of Linux's fame has to do with the fact that the general public considers it 'freeware'. It is true that you can get a full-featured Linux operating system free of charge by downloading it from any number of sources. This is an excellent alternative to an operating system like Windows, which either comes pre-loaded with a newly purchased computer (which gets figured into the cost), is bought separately or copied 'illegally'. In most people's experience, the popular Linux distributions are easy to install. At the time of this writing, Ubuntu is a popular distribution that, is considered an easy to install system. It is also 'free as in beer', as we say in the Linux community. However, if you do run into some glitch (normally hardware related), you may have a frustrating experience. Although there are a number of excellent Linux support forums out there, personalized advice on your particular problem may be hard to find. So if your tolerance for frustration is low, then you may want to consider buying a computer with Linux pre-installed. Contrary to what the tech press often publishes, they do exist. For example, US retailing giant WalMart began selling Linux systems back in 2002, which proves that this option has existed for some time now.

If you'd rather use a computer you already have, you can also purchase a Linux distribution in a boxed package. There are several good candidates and they come with personalized support for a period of time. At the time of this writing, leading Linux distributions available for purchase include:

• Linspire
• Mandriva
• SUSE Linux Enterprise by Novell
• Xandros

The price you pay for a boxed set of Linux is usually half of what you'd pay for a copy of Windows XP or Mac OS X and considerably much less expensive than Windows Vista. And remember also that time is money. If you've spent the whole weekend searching internet forums for a solution to some problem, then your free operating system has cost you more than you planned on.

Use an appropriate computer

You may have heard that one of the advantages of Linux is that it runs on 'old' hardware. Does that mean that you can go and find a 10 year old Pentium, install Linux on it and expect to do productive work with it? Probably not. The confusion with respect to Linux on old hardware is mostly our fault because we often talk about using Linux to get more life out of old computers. Inside of a certain time frame, computers can run Linux well, but running it "well" depends on what you're going to use the machine for. You can use Linux to run a mail server or a web server in a small or medium sized business on older hardware. Scaled-down Linux distributions do exist to provide a basic desktop computing environment on older computers. But if you want to use Linux to do the same things that you would with Windows XP or Mac OS X, then you'll need the newest computer you can get your hands on. Avoiding 'elite' video cards and new, exotic hardware will also work in your favor. Though Linux has great hardware support, considering it's at a disadvantage with respect to Microsoft (they can sign non-disclosure agreements while the gadgets are still on the drawing boards), the best computer to use is something fairly new without being on the bleeding edge.

You're on your way

If you can follow the aforementioned guidelines, you'll get a good start on your way to a rewarding experience with Linux. Those who have approached their switch to Linux with many or all of these ideas in mind have gone on to become successful Linux users.

Note: Based on an op-ed piece by Linux Online managing editor Michael J. Jordan

LINUX

Linux is an operating system that was initially created as a hobby by a young student, Linus Torvalds, at the University of Helsinki in Finland. Linus had an interest in Minix, a small UNIX system, and decided to develop a system that exceeded the Minix standards. He began his work in 1991 when he released version 0.02 and worked steadily until 1994 when version 1.0 of the Linux Kernel was released. The kernel, at the heart of all Linux systems, is developed and released under the GNU General Public License and its source code is freely available to everyone. It is this kernel that forms the base around which a Linux operating system is developed. There are now literally hundreds of companies and organizations and an equal number of individuals that have released their own versions of operating systems based on the Linux kernel. More information on the kernel can be found at our sister site, LinuxHQ and at the official Linux Kernel Archives. The current full-featured version is 2.6 (released December 2003) and development continues.

Apart from the fact that it's freely distributed, Linux's functionality, adaptability and robustness, has made it the main alternative for proprietary Unix and Microsoft operating systems. IBM, Hewlett-Packard and other giants of the computing world have embraced Linux and support its ongoing development. Well into its second decade of existence, Linux has been adopted worldwide primarily as a server platform. Its use as a home and office desktop operating system is also on the rise. The operating system can also be incorporated directly into microchips in a process called "embedding" and is increasingly being used this way in appliances and devices.

Throughout most of the 1990's, tech pundits, largely unaware of Linux's potential, dismissed it as a computer hobbyist project, unsuitable for the general public's computing needs. Through the efforts of developers of desktop management systems such as KDE and GNOME, office suite project OpenOffice.org and the Mozilla web browser project, to name only a few, there are now a wide range of applications that run on Linux and it can be used by anyone regardless of his/her knowledge of computers. Those curious to see the capabilities of Linux can download a live CD version called Knoppix . It comes with everything you might need to carry out day-to-day tasks on the computer and it needs no installation. It will run from a CD in a computer capable of booting from the CD drive. Those choosing to continue using Linux can find a variety of versions or "distributions" of Linux that are easy to install, configure and use. Information on these products is available in our distribution section and can be found by selecting the mainstream/general public category.

Additional Information

If you're interested in learning about Linux, need help with some aspect of its use or are enthusiastic about it and want to help foster its adoption, you may want to get in touch with a Linux User Group in your area. There are groups in practically every country, region and city in the world, so there is likely to be one near you.

Each day, Linux use is increasing in every sector of our society. We have information about Linux deployments in government, industry and the arts.

Linux has an official mascot, Tux, the Linux penguin, which was selected by Linus Torvalds to represent the image he associates with the operating system. Tux was created by Larry Ewing and Larry has generously given it to the community to be freely used to promote Linux. More information on use of the image can be found on his webpage. More links to variations on the image and alternative logos can be found on our logo page

Many people are not sure of the pronunciation of the word Linux. Although many variations of the word exist, often due to native language factors, it is normally pronounced with a short " i " and with the first syllable stressed, as in LIH-nucks. You can hear how Linux creator Linus Torvalds pronounces the word in Swedish and in English .

applet2app 2.2

applet2app application is a Java Application which can be used to convert an applet to a Java executable application. Typically, an applet requires a browser like Internet explorer, Netscape Navigator to execute.

Unless it’s specifically coded, an applet can not execute as a normal Java application. applet2app adds the necessary wrapper files to the applet class files and creates a standalone Java 2 compliant executable jar file.

Software features of "applet2app":
· A virtual desktop environment, powered by GUIFactory
· Parsing of local HTML files to automatically extract and populate applet parameters
· Now applets can have their applet INI inside the executable jar file
· Application Icon now resides inside the executable jar file
· Dynamic multilingual support thanks to GUI Factory
· Dynamic Semi-transparent frame support thanks to GUI Factory
· Dynamic Look and Feel support thanks to GUI Factory with l2f working in background
· Dynamic wallpaper (with animated GIF) support thanks to GUI Factory
· Complete MDI support thanks to GUI Factory
· Checking for auto-update of software from within its execution environment

What's New in This Release:

· This version supports conversion of a Java applet to a standalone Java executable, a Linux executable, or Windows executable.
· It also supports improved Look and Feel based GUIFactory.

Acunetix Launches Free Cross Site Scripting Security Scanner

Organizations now able to protect their websites from growing threat of Cross Site Scripting vulnerabilities

London, UK – 3 September, 2007 – Acunetix today launched a Free edition of its popular web vulnerability scanner, which allows companies to check for cross site scripting vulnerabilities in their websites at no charge. The Free Edition of Acunetix Web Vulnerability Scanner (WVS) is available immediately at http://www.acunetix.com/cross-site-scripting/scanner.htm

What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet. Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting (XSS), as it is one of the most common yet underestimated of web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store. Whereas in June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website.

A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that Cross-Site scripting ranked first in a list of top security risks. In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners. Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition
To check whether your website has cross site scripting vulnerabilities, download the free edition from http://www.acunetix.com/cross-site-scripting/scanner.htm. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here http://www.acunetix.com/websitesecurity/xss.htm.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta), a US office in Seattle, Washington and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com/; http://www.acunetix.de/.

Applying Certificates to a WSUS Server

Many administrators tend to ignore the recommendation that WSUS be configured to use SSL encryption if the WSUS server is only servicing clients within the perimeter network. However, if SSL encryption is not used, a hacker could potentially steal the WSUS server’s identity and use the spoofed server to send malicious versions of patches to your clients. If you don’t like the idea of having a bunch of infected clients on your network, then check out this article on how to encrypt WSUS transactions.

If you have ever installed WSUS, you have probably noticed that the main WSUS Administrator screen gives you a warning if WSUS is not configured to use SSL encryption. I have talked to some people who believe that SSL encryption is not necessary if the WSUS server is not exposed to the Internet. After all, the server is a trusted member of your network and is maintained by the administrative staff, so there is no need for SSL if it is not servicing external clients, right?

If you stop and think about it, it does seem a bit silly to encrypt security patch downloads. The reason why Microsoft recommends using SSL encryption with WSUS doesn’t really have anything to do with encryption though. It has more to do with integrity. SSL encryption is certificate based. When a client connects to a WSUS Server (or to any other type of Web server for that matter) and requests SSL encryption, the server uses its certificate to encrypt the data. More importantly in this case though, the certificate proves the server’s identity and it also proves that the data has not been modified in transit.

So why is this important? Imagine for a moment that a hacker set up a WSUS server of their own. Let’s up the ante by saying that they modified all of the patches on the server so that they contained some really nasty malicious code. Once the hacker had set up the WSUS server, they could either change the host record on your DNS server to point to their malicious server, or they could use a malicious script similar to what many spyware mechanisms use to modify your workstation’s HOSTS file. The end result is that your clients think that they are connecting to your WSUS server, when in reality they are connected to a malicious WSUS server that has now infecting all of the machines on your network with evil Trojans. On the other hand, if your WSUS server had been configured to use an SSL certificate, then the server’s identity could be checked each time that a client requests a patch.

Disable Unused Group Policy Elements

One of the first things that you should do to de-clutter your group policy is to disable any unused group policy elements. There are a couple of different ways that you can do this. I recommend starting out by looking at group policy objects as a whole to see if they are really necessary. In larger organizations, it is not uncommon to need group policy objects at every level of the Active Directory, but smaller organizations can often get away with having all of their group policy settings take place at a single level within the Active Directory.

The level within the Active Directory where it makes the most sense to enforce your group policy settings depends heavily on the way that the individual organization is set up. The procedure for disabling a group policy object is almost identical regardless of which level you are doing it at. For example, suppose that you wanted to disable a site level group policy object. To do so, you would open the Active Directory Sites and Services console. Next, you would right click on the site that the policy is currently linked to and select the Properties command from the resulting shortcut menu. When you do, you will see the site’s properties sheet. If you then select the properties sheet’s Group Policy tab you will see a list of all of the group policy objects that are bound to that site, as shown in Figure A.

Figure A: The Group Policy tab displays which group policy objects are bound to the site that you have selected

OK, for this example, I said that we were going to disable the site level group policy object that’s shown in Figure A. If you look at the figure, you will notice that there is a Delete button that you could use to get rid of the policy completely. However, I recommend disabling a policy initially rather than deleting it. The reason is because, if you were to delete a group policy object and then found out that something didn’t work quite right afterwards, then it might be tricky to figure out which settin

g caused the problem and to fix the problem. However, if you simply disable the group policy object rather than deleting it, you can always re-enable the policy should something go wrong. Of course if everything appears to work correctly after you disable the policy, you could always delete the policy once it has been disabled for a week or so.

You might notice in Figure A that there is no disable button. If you want to disable a group policy, then you will have to select the policy that you want to disable and then click the Options button. When you do, yo u will see the Options dialog box that’s shown in Figure B. Now all you have to do is to select the Disabled check box and click

Figure B: Select the Disabled check box and click OK

So far I have shown you how to disable an entire group policy object, but what you might not realize is that you can also disable part of a group policy object. Let’s pretend that our site level group policy shown in Figure A contains some important settings at the user level, but that it doesn’t have any computer level settings configured. That being the case, we can (and should) disable the computer settings within the policy.

Technically speaking if none of the computer level settings in the policy are configured, then it isn’t hurting anything if we leave the computer level portion of the policy enabled. However, it will increase efficiency if you go ahead and disable the computer level portion of the policy. Think about what happens when a user logs on to a domain. Windows combines all of the group policy objects that apply to the user and to the computer that the user is working from and uses these group policy objects to create the effective policy. The more group policy objects that are in effect, the longer the login process will take. If however, you disable unused portions of your group policy objects, you can speed up the login process for your users and reduce the workload on your domain controllers.

So let’s pretend that we want to disable the computer level portion of the group policy object that’s shown in Figure A. To do so, we would simply click the Properties button to access the properties sheet that’s shown in Figure C. As you can see in the figure, the properties sheet contains two check boxes that you can use to disable either the user or the computer portion of the policy. Therefore, you would select the Disable Computer Configuration Settings check box and click OK.

Figure C: Select the Disable Computer Configuration Settings check box and click OK

Override Settings

Now that I have talked about how to disable whole or partial policies, I want to discuss another best practice for group policy configuration. You might have noticed in Figure B that there was a check box labeled No Override. This is one option that I recommend using very sparingly.

As I have explained already, group policies are applied in a hierarchical fashion beginning at the local computer level then working up to the domain, site, and organizational unit levels. If a setting within a higher level policy contradicts a setting made in a lower level policy, then the higher level policy takes precedence. For example, suppose that a local computer level policy set the minimum password length to six characters and a domain level policy set the minimum password length to eight characters. Assuming that both policies were in effect, the required password length would be eight characters because the domain level policy is considered to be a higher level policy than the local policy.

What the No Override option does is prevents a higher level policy from changing anything that is set in the policy with the no override option set. The higher level policy can enforce new settings, but it can’t change existing settings. For example, let’s pretend that there are two policies in effect. A local computer policy sets a minimum password length of six characters and has the no override option set. A domain level policy sets the minimum password length to eight characters and sets the maximum password age to 30 days. The effective policy would mandate a six character password that expires every 30 days. The six character password remains in effect because the no override option is in effect. The 30 day expiration period is in effect because the lower level policy didn’t specify an expiration period, so the higher level policy isn’t overriding the lower level policy by setting an expiration period, it is merely adding to the policy.

Another group policy feature that you should use sparingly is the Block Inheritance feature. The basic idea here is that if you want to insure that a policy does not pick up settings from a lower level policy, then you can enable Block Inheritance.

In most cases, I would recommend never using the No Override or Block Inheritance features. They do have their place though. Although I have personally never tried it, I have heard other administrators talk about using No Override and Block Inheritance to help prevent group policies from interfering with the system policies used by older Windows operating system.

Best Practices for Configuring Group Policy Objects

In this article, I will share with you some best practices that you can use to keep your group policy objects well organized.

Although group policies are an extremely powerful security mechanism, it can be a bit tricky to deploy them in an effective manner. That’s because the effective group policy is made up of multiple and sometimes contradictory group policy elements that are applied to the user object and / or to the computer that the user is working from. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation.

Further complicating things is the fact that group policy objects can be combined with other group policy objects from the local computer or from a number of different locations within the Active Directory. If you want to make things really interesting though, you can even throw in some loopback or non inheritance settings to make things really confusing.

My point in telling you all of this is to illustrate that without the proper planning, your group policy structure can easily become huge and overly complicated. It is therefore critically important that you manage your group policy objects in a way that will allow you to keep them well organized so that you can always figure out which policy elements apply in a given situation. In this article, I will share with you some best practices that you can use to keep your group policy objects well organized.

Wireless Network Security For The Home

According to a December 2004 study, 60 to 70 percent of all wireless networks are insecure. Although there is lots of information on securing wireless networks, most of this information focuses on corporate networks. In this article, I will attempt to help people secure their home wireless networks.

If you were to do a Google search on the phrase “Wireless Network Security”, you would get thousands of links to articles explaining all sorts of elaborate ways to secure your wireless network. One thing that always bothered me about these articles though is that the vast majority of them focus their attention on corporations. The reason why this bothers me is because Wi-Fi is primarily a consumer technology. I’ll admit that I have been as guilty as anyone of writing wireless security articles that focus on corporations. However, in this article, I want to fill a badly neglected void and talk about wireless security for the home.

Why is Wireless Security Important in the Home?

Wireless security is important in the home for the same reasons why it is important in corporations. If you have an unsecured wireless network in your home, anyone in close proximity can spy on your online activities. Depending on how your home network is configured, someone could even gain full access to your computer’s hard drive over an unsecured wireless network.

Even if no one is around that wants to spy on you or perform some malicious action against you, your neighbors could sponge off of your Internet connection. This would not only deprive you of bandwidth that you are paying for, but if your neighbor conducted some illegal activity while online, it could be traced back to your network.

Right now you might be wondering what the odds are of any of these things ever happening. If you have an unsecured wireless connection, the odds of it being exploited are pretty good.

About four years ago, I was asked by one of the companies that I was writing for at the time to do an experiment to see how many wireless networks I could detect and how many of those networks were insecure. To perform the experiment, I loaded a copy of Net Stumbler onto my laptop and had my wife drive me around while I tried to detect wireless networks. During my experiment I managed to detect seven networks and none of them were secure.

Seven wireless networks certainly aren’t many, but there are several things to keep in mind. First, I live in the middle of nowhere in a rural part of South Carolina, not in a densely populated place like New York City. Second, I was using a stock Wi-Fi card without any type of external antenna. Third, I was attempting to detect wireless networks from a moving vehicle, using a Wi-Fi card that had a relatively short range. Fourth, this was four years ago.

If I detected that many wireless networks, four years ago, in the middle of nowhere, under conditions that would give me poor reception, can you imagine how many wireless networks are in use today? Wireless networks are everywhere, and the vast majority of them are insecure. In fact, as of December 2004, an estimated 60 to 70 percent of all wireless networks did not use any type of encryption. My point is that wireless networks are everywhere and the majority of them are insecure, and the bad guys know this.

Hackers routinely engage in a practice called war walking. War walking is similar to my little experiment. It’s basically a trip on foot, by car, by airplane, or what ever to try to locate wireless networks.

At first it might not seem like a big deal if a hacker knows that you have a wireless network. After all, most of your neighbors probably have wireless networks too. Besides, wireless networks have a relatively short range and it would be easy to spot someone sitting in front of your house with a laptop. The problem is that although your wireless access point may have a short range, it is possible to make a homemade antenna that can receive your network’s signal from many miles away. In fact, if a direct line of sight is available, it is possible to make a Wi-Fi antenna out of a Pringles can that can intercept a Wi-Fi signal from up to ten miles away. Hackers no longer need to sit in a car in front of your house to hack your wireless network.

Securing Your Wireless Network

Now that I have explained why it is so important to secure your wireless network, I want to spend the rest of this article explaining the steps that you should take in doing so. Unfortunately, I can’t give you the exact step-by-step procedure because every manufacturer of wireless hardware uses a different interface for configuring the device. Even so, the things that I will be discussing are nearly universal and will be valid for almost all Wi-Fi networks.

Use Encryption

By far the most important thing that you can do to secure your wireless network is to use encryption. Almost every wireless access point has some type of encryption mechanism built in. Most older access points offer WEP encryption, and newer access points offer a choice between WEP and WPA.

You are much better off using WPA than WEP. The WEP encryption method is flawed because if someone is able to capture enough data, it is possible to decipher WEP. Even so, it takes most home users weeks to do enough Web surfing to produce enough traffic for WEP to be compromised.

My advice would be that if your wireless hardware doesn’t support WPA, then you should upgrade to hardware that does offer WPA support. If an upgrade just isn’t in the budget, then you should go ahead and turn on WEP encryption. Sure, WEP is flawed, but flawed encryption is better than no encryption. Besides, there are enough people with insecure wireless networks that most of the time if a hacker sees that your network is encrypted with WEP, they will move on to an easier target than spending weeks trying to capture enough data to decrypt WEP.

The only other drawback to using encryption on your access point is that it can be a little complicated to set up if you aren’t the technical type. If you can’t figure out how to set up wireless encryption, then invite the neighborhood nerd over for dinner and have them enable encryption. Do what ever you have to do, but get encryption enabled.

Don’t Announce Yourself

Wi-Fi access points use a mechanism called identifier broadcasting to announce themselves. The problem with identifier broadcasting is that you already know that you have a wireless network, so there is no need in announcing it to you. The only people that the broadcast really benefits is hackers. Not all wireless access points allow you to disable identifier broadcasting, but if yours does allow you to disable it, then you should.

While you are at it, you should also change your SSID or ESSID. The SSID or ESSID is basically just a name that’s assigned to the wireless access point. The reason why it is important to change the SSID or ESSID is because you don’t want your access point to have an out of the box name. Think about it for a minute. Wireless hardware manufacturers assign the same SSID or ESSID to every access point that rolls off of the assembly line. Even if you aren’t broadcasting your access point’s identification to the world, it isn’t that hard to figure out that you have an access point in your house. If the access point isn’t broadcasting an SSID or an ESSID then the first thing that a hacker will usually try is to attach to the access point by using common default SSID or ESSID names.

It is also important that you change your access point’s default password for the same reason. You don’t want a hacker to be able to take control of your access point just because it still has the default password assigned to it. If a hacker were to take control of the access point, they could actually lock you out of your own network.

Limit Access To Your Access Point

Another thing that you can do to help secure your wireless access point is to limit which computers are allowed to use it. Every network interface card (including wireless cards) has what’s known as a Media Access Control (MAC) address associated with it. Most wireless access points contain a mechanism that you can use to tell the access point that only network cards with these specific MAC addresses are allowed to use the network.

You can determine a machine’s MAC address by opening a command prompt window on the workstation and entering the command IPCONFIG /ALL. This command is designed to display the machine’s TCP/IP configuration. However, it will list the machine’s MAC address under the Physical Address heading.

Limiting access to the access point by MAC address isn’t a perfect security mechanism. A hacker can use a protocol analyzer to determine which MAC addresses are in use on your network. They can then spoof a valid address and bypass your address filter. Even so, it is important to use address filtering. The reason is because none of the wireless security mechanisms that I’ve shown you are perfect, but all of the mechanisms that I’ve shown you provide relatively good security.

Voice Over Internet Protocol (VoIP)

Background
Voice over Internet Protocol (VoIP) is a technology for communicating using “Internet protocol” instead of traditional analog systems. Some VoIP services need only a regular phone connection, while others allow you to make telephone calls using an Internet connection instead. Some VoIP services may allow you only to call other people using the same service, but others may allow you to call any telephone number - including local, long distance, wireless, and international numbers.

How VoIP Works
VoIP converts the voice signal from your telephone into a digital signal that can travel over the Internet. If you are calling a regular telephone number, the signal is then converted back at the other end. Depending on the type of VoIP service, you can make a VoIP call from a computer, a special VoIP phone, or a traditional phone with or without an adapter. In addition, new wireless "hot spots" in public locations such as airports, parks, and cafes allow you to connect to the Internet, and may enable you to use VoIP service wirelessly. If your VoIP service provider assigns you a regular telephone number, then you can receive calls from regular telephones that don’t need special equipment, and most likely you’ll be able to dial just as you always have.

Here is one example of how VoIP service works:

TYPES OF BROADBAND CONNECTIONS

Digital Subscriber Line (DSL)
DSL is a wireline transmission technology that transmits data faster over traditional copper telephone lines already installed to homes and businesses. DSL-based broadband provides transmission speeds ranging from several hundred Kbps to millions of bits per second (Mbps). The availability and speed of your DSL service may depend on the distance from your home or business to the closest telephone company facility.
The following are types of DSL transmission technologies:
Asymmetrical Digital Subscriber Line (ADSL) – used primarily by residential customers, such as Internet surfers, who receive a lot of data but do not send much. ADSL typically provides faster speed in the downstream direction than the upstream direction. ADSL allows faster downstream data transmission over the same line used to provide voice service, without disrupting regular telephone calls on that line.
Symmetrical Digital Subscriber Line (SDSL) – used typically by businesses for services such as video conferencing, which need significant bandwidth both upstream and downstream.
Faster forms of DSL typically available to businesses include:
High-data-rate Digital Subscriber Line (HDSL); and
Very High-data-rate Digital Subscriber Line (VDSL).

Cable Modem
Cable modem service enables cable operators to provide broadband using the same coaxial cables that deliver pictures and sound to your TV set.
Most cable modems are external devices that have two connections, one to the cable wall outlet and the other to a computer. They provide transmission speeds of 1.5 Mbps or more.
Subscribers can access their cable modem service simply by turning on their computers without dialing-up an ISP. You can still watch cable TV while using it. Transmission speeds vary depending on the type of cable modem, cable network, and traffic load. Speeds are comparable to DSL.

Fiber
Fiber, or fiber optic, is a newer technology available for providing broadband. Fiber optic technology converts electrical signals carrying data to light and sends the light through transparent glass fibers about the diameter of a human hair. Fiber transmits data at speeds far exceeding current DSL or cable modem speeds, typically by tens or even hundreds of Mbps.
The actual speed you experience will vary depending upon a variety of factors, such as how close to your computer the service provider brings the fiber, and how the service provider configures the service, including the amount of bandwidth used. The same fiber providing your broadband can also simultaneously deliver voice (VoIP) and video services, including video-on-demand.
Telecommunications providers (mostly telephone companies) are offering fiber broadband in limited areas and have announced plans to expand their fiber networks and offer bundled voice, Internet access, and video services.
Variations of the technology run the fiber all the way to the customer’s home or business, to the curb outside, or to a location somewhere between the provider’s facilities and the customer.

Wireless
Wireless broadband connects a home or business to the Internet using a radio link between the customer’s location and the service provider’s facility. Wireless broadband can be mobile or fixed.
Wireless technologies using longer range directional equipment provide broadband service in remote or sparsely populated areas where DSL or cable modem service would be costly to provide. Speeds are generally comparable to DSL and cable modem. An external antenna is usually required.
Fixed wireless broadband service is becoming more and more widely available at airports, city parks, bookstores, and other public locations called “hotspots.” Hotspots generally use a short-range technology that provides speeds up to 54 Mbps. Wireless fidelity (Wi-Fi) technology is also often used in conjunction with DSL or cable modem service to connect devices within a home or business to the Internet via a broadband connection.
Mobile wireless broadband services are also becoming available from mobile telephone service providers and others. These services are generally appropriate for highly-mobile customers and require a special PC card with a built in antenna that plugs into a user’s laptop computer. Generally, they provide lower speeds, in the range of several hundred Kbps.

Satellite
Just as satellites orbiting the earth provide necessary links for telephone and television service, they can also provide links for broadband. Satellite broadband is another form of wireless broadband, also useful for serving remote or sparsely populated areas.
Downstream and upstream speeds for satellite broadband depend on several factors, including the provider and service package purchased, the consumer’s line of sight to the orbiting satellite, and the weather. Typically a consumer can expect to receive (download) at a speed of about 500 Kbps and send (upload) at a speed of about 80 Kbps. These speeds may be slower than DSL and cable modem, but download speed is about 10 times faster than download speed with dial-up Internet access. Service can be disrupted in extreme weather conditions.

Broadband over Powerline (BPL)
BPL is the delivery of broadband over the existing low and medium voltage electric power distribution network. BPL speeds are comparable to DSL and cable modem speeds. BPL can be provided to homes using existing electrical connections and outlets.
BPL is an emerging technology, currently available in very limited areas. It has significant potential because power lines are installed virtually everywhere, alleviating the need to build new broadband facilities to every customer.

BROADBAND IN RURAL AREAS
Because of relatively low population density, topographical barriers, and greater geographical distances, broadband service may be more difficult to obtain in some rural areas. In attempting to address these challenges, some rural communities have found it helpful to develop a strategic plan for broadband deployment that includes creating a comprehensive business proposal to broadband providers. Such a plan, for example, could demonstrate to broadband providers that deployment is a sound business decision that would benefit both the providers and the community. This strategic planning process may include, but is not limited to, the following elements and strategies:

Educating the community about the potential benefits of broadband service.
Creating partnerships among community organizations and institutions that might benefit from broadband deployment.

Systematic assessment and prioritization of the community’s needs for broadband service.
Aggregating (consolidating) demand within the community to make service profitable for broadband providers.

Participants may include, but are not limited to, individual consumers, businesses, educational institutions, health care facilities, and government agencies.
Identifying an anchor tenant with adequate demand to spur infrastructure investment in broadband.

BROADBAND

What is Broadband?
The term broadband commonly refers to high-speed Internet access. The FCC defines broadband service as data transmission speeds exceeding 200 kilobits per second (Kbps), or 200,000 bits per second, in at least one direction: downstream (from the Internet to the user’s computer) or upstream (from the user’s computer to the Internet).
HOW IS BROADBAND DIFFERENT FROM DIAL-UP SERVICE?
Broadband service provides higher speed of data transmission—Allows more content to be carried through the transmission “pipeline.”
Broadband provides access to the highest quality Internet services—streaming media, VoIP (Internet phone), gaming, and interactive services. Many of these current and newly developing services require the transfer of large amounts of data which may not be technically feasible with dial-up service. Therefore, broadband service may be increasingly necessary to access the full range of services and opportunities that the Internet can offer.
Broadband is always on—Does not block phone lines and no need to reconnect to network after logging off.
Less delay in transmission of content when using broadband.
WHY IS BROADBAND IMPORTANT?
Broadband can provide you with the technical capability to access a wide range of resources, services, and products that can enhance your life in a variety of ways. These resources, services, and products include, but are not limited to:
Education, Culture, & Entertainment
Broadband can overcome geographical and financial barriers to provide access to a wide range of educational, cultural, and recreational opportunities and resources.
Telehealth & Telemedicine
Broadband can facilitate provision of medical care to unserved and underserved populations through remote diagnosis, treatment, monitoring, and consultations with specialists.
Economic Development/E-Commerce
Broadband can promote economic development and revitalization through electronic commerce (e-commerce) by:
Creating new jobs and attracting new industries.
Providing access to regional, national, and worldwide markets.
Electronic Government (E-Government)
Electronic government can help streamline people’s interaction with government agencies, and provide information about government policies, procedures, benefits, and programs.
Public Safety and Homeland Security
Broadband can help protect the public by facilitating and promoting public safety information and procedures, including, but not limited to:
Early warning/public alert systems and disaster preparation programs.
Remote security monitoring and real time security background checks.
Backup systems for public safety communications networks.
Broadband Communications Services
Broadband provides access to new telecommunications technologies such as Voice Over Internet Protocol (VoIP) allowing voice communication using the Internet.
Communications Services for People With Disabilities
Broadband permits users of Telecommunications Relay Services (TRS) to use Video Relay Services (VRS) to communicate more easily, quickly, and expressively with voice telephone users.

WHEN YOU LOVE THE MOST

When you love the most
Give your heart
But not the beat.

When you care the most
Give your hugs
But not the warmth.

When you can offer so much
Give what you can
But not your strength.

When you cook with love
Give yourself the privilege
To taste it first.

When you have plenty of time together
Spare sometime to be on your own.

When you could afford to buy one
Buy it for yourselfAnd share the rest.
When you have secrets to tell
Let it burn till midnight hour
But save the best to save yourself.

When you love the most
Make a tiny space for twoIn case, t
hat dear one leaves you.

When you are happy
Share some pleasure
But don't give up all together.
When you say goodbyeS
ay it with a smile instead of a cry,
REMEMBER, YOU STIL HAVE YOUR LIFE.