Network Administration

Microsoft Eschews Patch, Gives Exploit Code for IIS 5.0 Bug

Thu, 07 Jun 2007 07:48:37 +0000

Saying that an Internet Information Server exploit is due to a feature, not a flaw, Microsoft has published exploit code for the flaw but no workaround or patch.

Active Directory: Questions and Answers

Tue, 28 Nov 2006 20:49:39 +0000

What is the difference between Windows 2000 Active Directory and Windows 2003 Active Directory? Is there any difference in 2000 Group Polices and 2003 Group Polices? What is meant by ADS and ADS services in Windows 2003?

Windows 2003 Active Directory introduced a number of new security features, as well as convenience features such as the ability to rename a domain controller and even an entire domain – see Microsoft's website for more details.

Windows Server 2003 also introduced numerous changes to the default settings that can be affected by Group Policy – you can see a detailed list of each available setting and which OS is required to support it by downloading the Group Policy Settings Reference.

ADS stands for Automated Deployment Services, and is used to quickly roll out identically-configured servers in large-scale enterprise environments. You can get more information from the ADS homepage.

Four steps to secured VoIP

Tue, 21 Nov 2006 00:15:22 +0000

Securing Voice over IP (VoIP) doesn't have to be a challenge for small and medium-sized businesses (SMBs).

VoIP is basically a phone call over the Internet. It offers the same promises - and pitfalls - as the Internet. The promises are cheap and easy communication over a readily available and easy-to-use public network - the Internet. The pitfalls are the same security weaknesses of that network, which wasn't originally designed for security - or phone calls, for that matter.

Define server roles, counterattack zero-day threats

Sat, 18 Nov 2006 18:01:26 +0000

Zero-day exploits are an unsettling issue for any administrator who is concerned with security. A zero-day exploit is an exploit against a previously undiscovered and undocumented vulnerability. The problem with zero-day exploits is that you are trying to protect the system against security holes that may or may not even exist. This means that you can't just apply a security patch to prevent the vulnerability from being exploited, because no one except for the hacker who exploits the vulnerability knows about it.

Harden your network services and contain zero-day threats

Sat, 18 Nov 2006 17:58:17 +0000

We all dread the thought of zero-day threats; they arrive and you have no vaccine for them. These exploits are all too common in recent months and years. Fortunately, there are some common sense steps you can take to harden your network layer against these threats.

Eliminate zero-day threats with virtual server technology

Sat, 18 Nov 2006 17:54:30 +0000

One solution when fighting zero-day attacks is to take advantage of virtual server technology. If you have several server roles that require a minimal amount of system resources, you could consolidate those roles onto a single physical server that is hosting multiple virtual servers. Doing so provides better security than hosting all of the server roles under a common operating system (OS) because each virtual OS functions as an isolated environment.

Permitting Ping: ICMP Exceptions

Thu, 16 Nov 2006 18:42:13 +0000

When Windows Firewall first appeared in XP SP2, I started getting odd questions on email. They all went something like, "Hey, something's weird on my system now that I'm running SP2. I've got two computers, A and B. A can ping B, but B can't ping A. What's going on?" What was going on was that system A was running XP SP2 with Windows Firewall enabled by default, and system B was a Windows 2000 system without any firewalls.

Eight daily steps to a more secure network

Thu, 16 Nov 2006 18:07:04 +0000

While many companies have a 9-to-5 security staff, hackers don't punch a clock. However, your network can still remain secure in the 16 hours in-between - you just need to focus activities to provide maximum coverage for the network.

What you need to know about OSPF

Thu, 09 Nov 2006 11:36:39 +0000

As I mentioned in the "What you need to know about EIGRP" article, EIGRP and Open Shortest Path First (OSPF) are the two most popular routing protocols for today's midsize and large companies—both offer a huge breadth of features that can cover just about any routing scenario such companies would need. That article answered some common questions about EIGRP, but what about OSPF?

What you need to know about EIGRP

Thu, 09 Nov 2006 11:21:05 +0000

When it comes to internal routing protocols, the two most popular in use today at midsize and large companies are Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF). Both of these routing protocols offer a huge breadth of features that can cover just about any routing scenario that a midsize or large company would require.

Network Load Balancing: Economical means to scalability, fault tolerance

Tue, 07 Nov 2006 16:40:26 +0000

One way to make a network server both scalable and fault-tolerant is to implement clustering, which allows a server's workload to be distributed across multiple servers. This provides fault tolerance in that if one server fails, the remaining servers in the cluster will continue to service requests.

Using the new DFS in Windows Server 2003 R2

Wed, 10 May 2006 13:22:49 +0000

R2 is an interim or "upgrade" release of Windows 2003. It is an optional upgrade, but has some very nice features such as the new DFS. Look here for more details on R2.

Before we continue this discussion, it is important to note that "DFS" previously referred to shares and namespace management. Beginning with the Windows Sever 2003 R2 release, "DFS" is an umbrella term that refers to both namespaces and replication. The term "DFSR", at lease as it is used at this time, refers to the new replication engine.

Active Directory scripting secrets: When GUI just isn't enough

Wed, 10 May 2006 13:00:00 +0000

While it's true that Active Directory provides a number of easy, wizard-driven Graphical User Interface options to create objects and perform many common administrative tasks, to be a truly effective admin you'll often need to get away from the GUI and find a more efficient way to operate.

Extracting Active Directory info quick and easy with LDIFDE

Wed, 10 May 2006 12:50:59 +0000

As mature as Active Directory is, it still amazes me how many admins I talk to who have no idea how to write simple LDIFDE.exe commands to gather data for routine operations. My next few articles will give you some simple instructions on how to take advantage of this tool to gather AD data without using those painful UIs -- even for the scripting impaired!

Taking out the Active Directory trash

Wed, 18 Jan 2006 14:04:46 +0000

Active Directory (AD) is essentially a big database. As with any database, you have to do a little work to maintain it properly. In this article, I'll shown you how to defragment the Active Directory database and how garbage collection works.