Replies

How is a large public WiFi network more susceptible to malware and hacking as opposed to private?

Roderunner, is it XP or Win7? I’m not sure that MBSA works properly on Windows 7. I suggested it to the OP because he was dealing with XP.

If, and this is a big if, the motel/hotel uses a password for accessing their WiFi, you are much more secure than an open network because at a minimum your WiFi connection is encrypted and very hard to break into. The trouble is that in my experience the majority of hotels/motels have unsecured wireless, not unlike going to a Starbucks or Panera Bread, where someone with the freely available FireSheep plugin could easily steal your passwords.

One additional thing to watch for when using https sites is one you are logged in, make sure the https is still showing up in the address bar. Some sites, although usually not banks, use https for the login page but drop it once you are logged in. Its a wasted effort because your password is part of the packets that get sent back and forth between your machine and the site. So unless the https “stays with you” through out your use of the site, its not secure.

Don’t use WINS. Its antiquated and fraught with problems. Use only DNS (Domain Naming Service) and DHCP. DHCP does not have a “higher” or “lower” priority than DNS. They are separate technologies for different purposes, but they do work together. DHCP dynamically assigns an IP address to a given device, DNS is a database of host names and IP addresses that devices refer to to quickly find resources on the network or over the Internet. DNS can (and generally should) be configured to push out the IP addresses of the DNS servers to DHCP clients.

While we can probably try and answer some of your questions, this forum isn’t very good for trying learn something from the ground up. Based on your questions, I’m also thinking your a bit over your head. That’s not a criticism, I understand you are probably between a rock and a hard place on some project you are tasked with that has very little budget. I suggest that you look into one of Mark Minasi’s Windows Server books. Google searches may yield some good tutorials on how to set up things for your environment.

Try the Microsoft Security Baseline Analyzer. Its a good tool to identify missing patches not correctly reported by WU, can help pinpoint WU issues, and link to the missing patches to manually install them if needed.

In Task Manager look for msiexec running. It could be that something is trying to install and hasn’t completed. If a reboot doesn’t kill msiexec just kill it in Task Manager.

Paul pretty much covered it. But MS licensing is very complex. You’ll also technically need a Server CAL for the users to access resources on the server. That part is an honor system thing. The workstations will connect to resources regardless of whether they have Serer CALs or not, these are just on paper. But if the license police ever knock on the door… Are you in the US? Give Software One, or any reputable MS licensing partner a call and run that scenario by them. They’ll tell you exactly what you need.

Good link. Anything Mark Russinovitch writes is worth paying attention to.

Good point about proprietary and specialty applications. A GUI front end to a client server application can be written for any platform. I’ve supported the Windows side of apps where the back end ran on an AS/400 or a flavor of UNIX (Solaris, AIX). So its not so much of an issue for someone to write an RT app for something like this. I believe Epic Systems is now offering tablet apps for its medical records software. But if I have a choice between a secure device fir my users and a non-secure consumer device, which do you think I am going to choose? A big part of what is going to drive what corporate IT chooses for thier users to access the app is cost and compatibility. For most companies that means using Windows and other Microsoft infrastructure. We went from Novell Groupwise to MS Exchange lst summer because the business needed that compatibility with partners. There was nothing wrong with Groupwise, but it was missing features that people have come to rely on and that pushed us to make the change.

Best of breed is what most IT shops do, so there never really was a such thing as brand loyalty. What was the best tool 3 years ago has been superseded by something else today. And MS has always known that which is why they get companies into enterprise licensing agreements. That said, in the corporate world MS is still the only game in town. There is good reason for this. Integration, central management, and control of all devices and data. No one else but MS is doing that to this degree today. Still, as FUN suggests, consumer devices are starting to drive how some people (don’t let the press fool you into thinking that this is as wide spread as they make you think) access company resources (READ, this is different than how the data is served up in the data center). The trouble with consumer devices is that they are just that, consumer devices. And despite what consumers might think, they are inherently insecure. With a quick Google search you can learn how to hack someone’s supposedly secure iPhone. And that is where IT gets worried. Not that we want to control your device, but that we need control over company data. Ask any vendor if they can prevent an e-mail attachment from being downloaded to a personal device? Nobody can as far as I have been able to determine. And I’ve pretty asked much every mobile security vendor if they can do this. Add to that the legal issues around remote wiping a consumer owned device. So the notion of a device that can natively integrate with Active Directory is being watched closely by every IT dept. that manages sensitive data. What Hal Berenson writes about is very desireable.

Check out some of the local IT consulting companies in your area. Many will host e-mail for small business at a reasonable cost.

You might also take a look at K9 Web Protection and/or Open DNS. Both have free and paid products that offer excellent protection.

ruirib I was teasing. It was pretty evident by the style of the commercial that it was meant to show how easy Windows 8 is. Its a great commercial. In the US people tend to get overworked about issues like this instead of just seeing the humor in it. This awesome Chevy Corvette commercial was pulled the day after it first aired because some parents groups got their undies in a bind over it because they thought it encouraged wreckless driving.

http://www.youtube.com/watch?v=0D95xWahRSM

I put this in perspective. Consumer Reports is the same rag that has been caught more than once rigging tests, has bashed the Chevy Corvette as not having enough cargo space, and giving bad marks to PU trucks because they ride, well, like trucks.

The Portugese must have a different view of child labor… :rolleyes: