Typically considerations for setting up an Exchange 2007 / 2010 CAS is to have a UCC cert that contains both the qualified and unqualified name of the CAS server (or CAS server array). This is to prevent Outlook from throwing a cert error when accessing the server internally.
While I can't speak to the security implications of such certificates, I can say that this is most certainly not something "controversial" that the SSL providers are doing, it's simply meeting a legitimate customer need.
Why not try a phrase or rhyme from one of her favorite books that she can memorize (or perhaps already has). Who says passwords need to be single words - In this day and age longer passwords with spaces are supported on every operating system I've encountered.
I've been using Trend's products for years but have recently been swayed by ESET's NOD32 product. I've got it installed in two of my small business clients and so far it's very nice. Small footprint, nice interface, good centralized control. The only thing I'm not jazzed about yet is their Exchange product, which is fairly rudimentary.
Oddly, I've begun moving away from Trend not because of these lawsuits, but because of the growing bloat of the client program, something Trend used to be quite good at compared to McAfee and Symantec. My current installs of Trend OfficeScan clients consume about 70MB of RAM, which is just disgusting. In comparison, NOD32 Business Edition (AV and AS) consume about 20MB total. Very light.
Usual disclaimers apply - I'm not affiliated nor am I a reseller of either Trend or NOD32, just a happy admin.
When are we going to start seeing regular Slashdot postings outlining Linux or other free software security patch releases in the same accusatory tone that the monthly Microsoft security bulletin releases bring? No, I'm not trolling, but I'm getting sick of the clear bias Slashdot editors (and most readers) have when it comes to matters of Microsoft.
(I can feel my karma slipping away, but I couldn't take it anymore).
You can achive all of this quite easily with Altiris Deployment Solution, and then some. Imaging, application packaging and deployment, remote execution, basic inventory, remote control, and other management functions are all included. I've been using it for over 5 years and haven't used anything better for managing Windows PCs. You can buy it stand alone or bundled with the Client Management Suite, although for an organization of your size, the CMS is probably overkill. If you create your images properly with sysprep, you can achive near full hardware independence.
With a wired network anyone that comes into your building and finds an open port can hop on your LAN and go roaming around.
Not if you take the same measures to secure your wired network that you do your wireless network. Most enterprise switches can do 802.1x authentication via certificates to a RADIUS server, which is more than secure enough. However, even without port-based security, a switched wired network is still more secure than wireless. It's almost impossible to sniff traffic off a switched network beyond broadcast information. Unless you can get CLI access to the switch and turn on a monitoring/mirroring port, all you'll be able to sniff is traffic from/to your own machine. Wifi, due to its shared nature, is a traffic sniffers dream, much like an old-school hub.
You want something like NetDisco. It will go out and discover every switch on your network and can figure out how they're interconnected. You can then query ports for VLAN, speed, and duplex settings, among other things. Finally, you can toggle ports on and off. It can even produce graphs of your network layout using GraphViz. You'll need a *nix box, Perl, Apache, and Postgresql, as well as managed switches that support SNMP.
If all of this scares you, then go out and buy Visio, but all you'll get out of that is pretty pictures.
well the truth is schools is a misconseption. the install base for Dell in schools is MUCH lower than they claim
Do you have data to back this claim up?
their turnaround rate though is much higher which is why they can claim they sell to more schools, BUT in truth there are almost the same number of computers as before, they just replaced their 1.5-2 year old Dells which crap out extreamly fast in a school enviroment, sometimes within a year (thank god for service plans)
I'm a network admin in a school, and we still have Dell's from 1999 kicking around. They're being replaced this year due to speed, other than that they're fine. Even the hard drives are still good. My experience with Dell equipment is that they're well built cheap machines that last. I am, of course, talking about their business line (Optiplexes). I wouldn't put Dimensions in a school (or any other large network) because they're not designed to handle that level of abuse or management.
Macs on the otherhand last a MUCH longer time. Up untill 2 years ago I still had fully used and working 5500s in some of our buildings in some labs. We still have at least 200-300 1st gen iMacs and infact barely ever buy macs, even though our install base is over 1500. They barely break and are easily repaired and do everything they need to do so why replace them. The only time we ever actually replace them is either cause the CRT goes out, or the motherboard dies. harddrive and optical drive problems are easily repaired by ordering parts even on iMacs.
My experience is that hardware-wise, Mac's last just as long as PCs. Software-wise is a different story. We're usually pushed to upgrade our PCs sooner due to newer software and OSes that slow them down. Mac's don't seem to have this problem, which is nice.
I'm not trying to argue against Mac's here, just dispell some Windows FUD that is so prevalent on Slashdot. I'm writing this from my 15" Powerbook, so I'm obviously an Apple fan. Additionally, at this point I can't see any logical reason for recommended PCs over Macs at schools these days, especially in an already mixed or a brand new environment. OS X clients and OS X server are like Oreo's and Milk, way better than anything from Redmond. But, if I could run OS X on Dell hardware, I wouldn't think twice about doing it.
I've always considered stock Debian stable to be "Enterprise Grade" for a Linux distribution. Between a huge number of architectures, excellent package management, and great security team, it's my first choice for a server distribution.
Also, Debian has had "RPM compatibility" in the form of Alien for quite some time.
Wait, you're bitching because you have to spend time documenting system changes? How long have you worked in IT? Do you have any idea how important and valuable system and network documentation is?
Next to reliable backups, I can't think of anything more important than a changelog.
I don't know how your system is configured, but on my network all of my users run with non-privledged (read Users) accounts and can run Office 2000, XP, and 2003 just fine.
Would someone mind trying to explain what the point of all this is? Why would I choose a Netscape branded version of Firefox, repleat with pre-set home and search pages aimed at generating ad revenue for one of largest companies in the U.S., when I could simply download and install the free and fully function version from Mozilla.org? Plus, are they going to ensure compatibility with all the existing extensions? Why is Slashdot even interested in following Netscape anymore? The last time I visited their homepage, I really had to dig to find the browser.
Living on campus is a money racket for colleges. Rent housing in a nearby ghetto (there's always one) and get broadband.
Some people enjoy living in dorms for the community experience, at least for the first few years. While I never did the typical college thing, my wife dormed-it for two years and throughly enjoyed it. There were many times I pined for the environment of friends being near, popping in and out during the day and night, yada yada. Anyway, don't just push that opportunity away at first glance...
Frankly, I'd rather test and install a batch of patches at once, then do them one at a time, several times a month. Besides, any decent sized Windows-based network with a good admin (and smart budget people) has some type of automated patch deployment system in place, even if it's just SUS.
As a power user, I use Firefox as my sole browser on every machine I own and use daily. That being said, as a network admin my network still uses IE as the primary browser for one reason, group policy. I work at a school, so managing Internet settings centrally and locking them down is a requirement. Until I can easily manage Firefox centrally and deploy custom pacakges, I will continue to use IE on my network.
We've never had a problem with IE, and we run an application-level firewall, so filtering the latest IE exploits is quite easy. Popup blocking is provided by the Google Toolbar. Spyware isn't a problem because my users don't run under a privledged account, and McAfee VirusScan 7 corporate picks up browser hijackers as viruses.
Is it just me, or am I the only one who ever thought this was completely stupid?
You just haven't seen it used in the right environment. VoIP over WLAN is perfect for a multi-building campus-like environment with roaming users. Instead of building a single-purpose analog infrastructure to support Spectralink-type phones, you can invest in building a data infrastructure (or use an existing one) that supports both your computing resources and your telephone systems. Plus, many of the industrial VoIP wireless handsets support push-to-talk, making them perfect replacements for your maintanence crew's walkie-talkies.
If you're using decent enterprise-class AP's (Cisco, Enterrasys, Proxim) which support QOS, call quality is quite good.
I thinks its funny that the rumor sites never caught onto this parallel, especially since George has been so into creating parallels with the first three movies.
I'm surprised that no one has posted this yet, but you should look at Bobby. You feed it a URL, it will spit out ways to help you make the page more accessible. It can be set to use Section 508 rules from the US Government or the W3's own recommendations on web accessibility.
I'd also recommend Zeldman's Designing with Web Standards. I provides excellent details for using CSS to control the entire appearance of your site and better support modern web standards. In addition, it has a whole chapter devoted to designing websites with accessibility in mind.
Slashdot Mirror
Mod Parent Up.
Typically considerations for setting up an Exchange 2007 / 2010 CAS is to have a UCC cert that contains both the qualified and unqualified name of the CAS server (or CAS server array). This is to prevent Outlook from throwing a cert error when accessing the server internally.
While I can't speak to the security implications of such certificates, I can say that this is most certainly not something "controversial" that the SSL providers are doing, it's simply meeting a legitimate customer need.
Why not try a phrase or rhyme from one of her favorite books that she can memorize (or perhaps already has). Who says passwords need to be single words - In this day and age longer passwords with spaces are supported on every operating system I've encountered.
I've been using Trend's products for years but have recently been swayed by ESET's NOD32 product. I've got it installed in two of my small business clients and so far it's very nice. Small footprint, nice interface, good centralized control. The only thing I'm not jazzed about yet is their Exchange product, which is fairly rudimentary.
Oddly, I've begun moving away from Trend not because of these lawsuits, but because of the growing bloat of the client program, something Trend used to be quite good at compared to McAfee and Symantec. My current installs of Trend OfficeScan clients consume about 70MB of RAM, which is just disgusting. In comparison, NOD32 Business Edition (AV and AS) consume about 20MB total. Very light.
Usual disclaimers apply - I'm not affiliated nor am I a reseller of either Trend or NOD32, just a happy admin.
When are we going to start seeing regular Slashdot postings outlining Linux or other free software security patch releases in the same accusatory tone that the monthly Microsoft security bulletin releases bring? No, I'm not trolling, but I'm getting sick of the clear bias Slashdot editors (and most readers) have when it comes to matters of Microsoft.
(I can feel my karma slipping away, but I couldn't take it anymore).
You can achive all of this quite easily with Altiris Deployment Solution, and then some. Imaging, application packaging and deployment, remote execution, basic inventory, remote control, and other management functions are all included. I've been using it for over 5 years and haven't used anything better for managing Windows PCs. You can buy it stand alone or bundled with the Client Management Suite, although for an organization of your size, the CMS is probably overkill. If you create your images properly with sysprep, you can achive near full hardware independence.
With a wired network anyone that comes into your building and finds an open port can hop on your LAN and go roaming around.
Not if you take the same measures to secure your wired network that you do your wireless network. Most enterprise switches can do 802.1x authentication via certificates to a RADIUS server, which is more than secure enough. However, even without port-based security, a switched wired network is still more secure than wireless. It's almost impossible to sniff traffic off a switched network beyond broadcast information. Unless you can get CLI access to the switch and turn on a monitoring/mirroring port, all you'll be able to sniff is traffic from/to your own machine. Wifi, due to its shared nature, is a traffic sniffers dream, much like an old-school hub.
You want something like NetDisco. It will go out and discover every switch on your network and can figure out how they're interconnected. You can then query ports for VLAN, speed, and duplex settings, among other things. Finally, you can toggle ports on and off. It can even produce graphs of your network layout using GraphViz. You'll need a *nix box, Perl, Apache, and Postgresql, as well as managed switches that support SNMP.
If all of this scares you, then go out and buy Visio, but all you'll get out of that is pretty pictures.
well the truth is schools is a misconseption. the install base for Dell in schools is MUCH lower than they claim
Do you have data to back this claim up?
their turnaround rate though is much higher which is why they can claim they sell to more schools, BUT in truth there are almost the same number of computers as before, they just replaced their 1.5-2 year old Dells which crap out extreamly fast in a school enviroment, sometimes within a year (thank god for service plans)
I'm a network admin in a school, and we still have Dell's from 1999 kicking around. They're being replaced this year due to speed, other than that they're fine. Even the hard drives are still good. My experience with Dell equipment is that they're well built cheap machines that last. I am, of course, talking about their business line (Optiplexes). I wouldn't put Dimensions in a school (or any other large network) because they're not designed to handle that level of abuse or management.
Macs on the otherhand last a MUCH longer time. Up untill 2 years ago I still had fully used and working 5500s in some of our buildings in some labs. We still have at least 200-300 1st gen iMacs and infact barely ever buy macs, even though our install base is over 1500. They barely break and are easily repaired and do everything they need to do so why replace them. The only time we ever actually replace them is either cause the CRT goes out, or the motherboard dies. harddrive and optical drive problems are easily repaired by ordering parts even on iMacs.
My experience is that hardware-wise, Mac's last just as long as PCs. Software-wise is a different story. We're usually pushed to upgrade our PCs sooner due to newer software and OSes that slow them down. Mac's don't seem to have this problem, which is nice.
I'm not trying to argue against Mac's here, just dispell some Windows FUD that is so prevalent on Slashdot. I'm writing this from my 15" Powerbook, so I'm obviously an Apple fan. Additionally, at this point I can't see any logical reason for recommended PCs over Macs at schools these days, especially in an already mixed or a brand new environment. OS X clients and OS X server are like Oreo's and Milk, way better than anything from Redmond. But, if I could run OS X on Dell hardware, I wouldn't think twice about doing it.
I've always considered stock Debian stable to be "Enterprise Grade" for a Linux distribution. Between a huge number of architectures, excellent package management, and great security team, it's my first choice for a server distribution.
Also, Debian has had "RPM compatibility" in the form of Alien for quite some time.
Wait, you're bitching because you have to spend time documenting system changes? How long have you worked in IT? Do you have any idea how important and valuable system and network documentation is?
Next to reliable backups, I can't think of anything more important than a changelog.
I don't know how your system is configured, but on my network all of my users run with non-privledged (read Users) accounts and can run Office 2000, XP, and 2003 just fine.
Do Perl developers have some kind of reverse size-compensation complex?
Anything you can do I can do smaller?
Would someone mind trying to explain what the point of all this is? Why would I choose a Netscape branded version of Firefox, repleat with pre-set home and search pages aimed at generating ad revenue for one of largest companies in the U.S., when I could simply download and install the free and fully function version from Mozilla.org? Plus, are they going to ensure compatibility with all the existing extensions? Why is Slashdot even interested in following Netscape anymore? The last time I visited their homepage, I really had to dig to find the browser.
NT was developed on the Intel i960, a RISC processor. Intel never went anywhere with it
Actually, the i960 can be found on many a RAID controller.
and since they uses [sic] FireWire, you won't be waiting around for the transfer to finish.
So, instead of waiting for my USB transfer to finish, I'll spend my time trying to find a machine with firewire ports. Yeah, okay.
Living on campus is a money racket for colleges. Rent housing in a nearby ghetto (there's always one) and get broadband.
Some people enjoy living in dorms for the community experience, at least for the first few years. While I never did the typical college thing, my wife dormed-it for two years and throughly enjoyed it. There were many times I pined for the environment of friends being near, popping in and out during the day and night, yada yada. Anyway, don't just push that opportunity away at first glance...
Frankly, I'd rather test and install a batch of patches at once, then do them one at a time, several times a month. Besides, any decent sized Windows-based network with a good admin (and smart budget people) has some type of automated patch deployment system in place, even if it's just SUS.
I've been using fu@bar.com for as long as I can remember.
As a power user, I use Firefox as my sole browser on every machine I own and use daily. That being said, as a network admin my network still uses IE as the primary browser for one reason, group policy. I work at a school, so managing Internet settings centrally and locking them down is a requirement. Until I can easily manage Firefox centrally and deploy custom pacakges, I will continue to use IE on my network.
We've never had a problem with IE, and we run an application-level firewall, so filtering the latest IE exploits is quite easy. Popup blocking is provided by the Google Toolbar. Spyware isn't a problem because my users don't run under a privledged account, and McAfee VirusScan 7 corporate picks up browser hijackers as viruses.
Searching for a deal, not the posters strong point.
I just recently bought a new 20GB laptop drive, 5400rpm, for $80. If you look on eBay, you can find them in the 2 - 4GB range for around $15 - $30.
Is it just me, or am I the only one who ever thought this was completely stupid?
You just haven't seen it used in the right environment. VoIP over WLAN is perfect for a multi-building campus-like environment with roaming users. Instead of building a single-purpose analog infrastructure to support Spectralink-type phones, you can invest in building a data infrastructure (or use an existing one) that supports both your computing resources and your telephone systems. Plus, many of the industrial VoIP wireless handsets support push-to-talk, making them perfect replacements for your maintanence crew's walkie-talkies.
If you're using decent enterprise-class AP's (Cisco, Enterrasys, Proxim) which support QOS, call quality is quite good.
Except in quality...
Funny, I always thought that was the job of a good bar maid...
I'm surprised that no one has posted this yet, but you should look at Bobby. You feed it a URL, it will spit out ways to help you make the page more accessible. It can be set to use Section 508 rules from the US Government or the W3's own recommendations on web accessibility.
I'd also recommend Zeldman's Designing with Web Standards. I provides excellent details for using CSS to control the entire appearance of your site and better support modern web standards. In addition, it has a whole chapter devoted to designing websites with accessibility in mind.