Windows IT Library UPDATE--July 21, 2004

1. Book Review
- PDA Security: Incorporating Handhelds into the Enterprise

2. New from Windows IT Library
- Evaluating and Selecting Wireless Equipment
- General Design Considerations

3. New Books in Print
- Windows Admin Scripting Little Black Book, Second Edition
- Black Hat Physical Device Security: Exploiting Hardware and Software

4. New eBooks
- Taking Control: Monitoring the Windows Platform Proactively
- A Guide to DNS and Windows 2000
- Building the Small Business Infrastructure

5. Windows IT Library Top Five
- Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
- The Microsoft Outlook E-Mail and Fax Guide
- A+ Certification: How to Pass Your Exams
- Microsoft Windows NT Secrets: Option Pack Edition
- The Administrator's Guide to Microsoft SQL Server 6.5

==== Sponsor: Security Administrator ====
Try a Sample Issue of Security Administrator!
Security Administrator is the monthly newsletter from Windows & .NET Magazine that shows you how to protect your network from external intruders and control access for internal users. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BFMs0Ak

==== 1. Book Review ====

PDA Security: Incorporating Handhelds into the Enterprise
Authors: David Melnick, Mark Dinman, Alexander Muratov
Publisher: McGraw-Hill
Published: July 2003
ISBN: 0071424903
Soft cover, 378 pages
Price: $39.95

According to information published on the companion Web site to the book, "PDA Security: Incorporating Handhelds into the Enterprise," "PDAs have moved into the workplace. More than 25 million of them will soon be accessing company networks." Such a proliferation of PDAs represents another challenge for systems administrators who are already struggling to ensure that their company's information is not violated in any way or by any means.

"PDA Security: Incorporating Handhelds into the Enterprise" will be useful to those administrators tasked with developing a practical "handheld computing" strategy for their company or organization. Most important, the book provides the framework for assessing, and then addressing, the risks that PDAs present.

The book consists of four major sections: Introduction to PDA Security in the Enterprise, Handhelds in the Enterprise, The Technology of PDA Security, and Graduation. Section One provides an overview of what constitutes a handheld and discusses the handheld's emerging role in the enterprise. The book's authors explain that they "use the terms handheld computing and PDA somewhat interchangeably" but that "PDAs are best understood as a subset of the handheld computing area."

For many companies, a gray area is determining who is responsible for managing and supporting the employee handheld devices. For instance, whose job is it to reset a password for one of these devices, or to install and configure the latest version of the device software?

In addition to managing these devices, companies must also address security concerns. Implementing a uniform security policy for PDAs is akin to hitting a moving target. Paradoxically, the handheld market is characterized by immaturity and rapid development--and the situation is worsened by the large variety of devices and options available to consumers and corporations.

Yet one more obstacle to overcome when introducing security measures for PDAs is addressing the special needs of handheld users. This area of concern is a sensitive one because people are drawn to PDAs by the convenience and flexibility that they offer. The book's authors point out that systems administrators must choose wisely so that their "end users will not feel the security significantly detracts from their handheld user experience."

In Section Two, which you can read independently of the rest of the book, the focus turns to security risk management for PDAs in the enterprise. For PDAs, security risk management includes three stages: the identification of risks; an analysis of any risks that have been exposed; and the planning, monitoring, and controls that you must establish to ensure that an appropriate response exists for every risk that you've identified and examined in stages one and two. Even from a purely physical perspective, you need to investigate the issue of which individuals are bringing handhelds into the premises as well as determine their role within the company and their reason for using a handheld.

Section Three delves heavily into the technology of PDA security. Examples of the technical topics covered in detail include device access authentication, network connection security, data storage security (data encryption), resistance to intruder penetration, cryptography, and access to device storage bypassing the OS. This section also discusses the two major handheld platforms: the Pocket PC OS platform and the PalmSource OS platform. In addition, the authors briefly mention other devices available on the market, including RIM with RIM OS, Linux-based PDAs such as Sharp Zaurus, and the Symbian OS-based SmartPhones.

In Section Four, the authors attempt to predict the future of handheld computing promises. The most likely outcome, resulting from research that's currently underway, is device convergence. Having just one all-encompassing unit will eliminate the device clutter from which many professionals now suffer and will deliver functionality that will enable text messaging, Web browsing, email capabilities, digital camera capabilities, the integration of both a desktop calendar and an address book application, and new GPS applications for tracking and monitoring people, animals, and objects.

Of course, closely coupled with any developments like these is the security required to protect the data that's both stored on and transmitted from handheld devices. While looking into their crystal ball, the authors of "PDA Security: Incorporating Handhelds into the Enterprise" predict that, "over the next few years, a few products will lead the way in enforcing mobile device security policies. They will track devices that attach to the networks and log such information as which applications are running, when the devices touch the corporate network, and security events and breaches that occur on the devices."

As a close to this review, it's worth reflecting on the cautionary note that the authors provide in the book's introduction: "PDA security has become an Achilles' heel within an Enterprise's overall security strategy." But on an optimistic note they add that the "still-emerging hardware and software tools have focused unprecedented bottom-up attention on achieving enforceable security policies within the handheld computing industry."

To keep up to date with the latest news and issues affecting PDA security, I recommend that you bookmark the Web site that acts as a companion to this book and visit it on a regular basis. You'll find the site at http://www.pdasecurity-book.com.

Tony Stevenson
mkdsoftware@trump.net.au
Windows IT Library Guest Reviewer

For more book reviews, visit the Windows IT Library Web site.
http://www.WindowsITlibrary.com/bookreviews

==== Sponsor: Get Your FREE Small Business Servers Toolkit - Includes an eBook plus 3 Web Seminars! ====
Don't miss your opportunity to evaluate your server options and discover which Windows version is right for your needs to lower licensing and operating costs. You'll learn how to create a centralized server environment and develop an IT infrastructure plan to get the most out of your systems while minimizing the costs involved. Get your Small Business Servers Toolkit now!
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJzX0A7

==== Announcements ====

Get Equipped to Fight Against Spammers With Our Latest Email Security Toolkit II--Includes a White Paper, Web Seminar, and eBook
Take the next steps against the "silent killer" and learn how to prepare for directory harvest attacks. Plus, find out how to eliminate spam and viruses by learning spammers' new covert tactics designed to get past conventional spam content filters. Get the latest Email Security Toolkit now!
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJyu0Aa

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJkl0AD

Get Subscriber Access to Everything in the Windows & .NET Magazine Network!
Our VIP Web site/Super CD subscribers are used to getting online access to all of our publications, plus a print subscription to Windows & .NET Magazine and exclusive access to our banner-free VIP Web site. Now we've added even more content from the archives of SQL Server Magazine! You won't find a more complete and comprehensive resource anywhere--check it out!
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJEb0AP

==== 2. New from Windows IT Library ====

Evaluating and Selecting Wireless Equipment
After reading this chapter from "Deploying License-Free Wide-Area Networks," you'll understand the International Organization for Standardization (ISO) Open Systems Interconnection (OSI) seven-layer reference model, and you'll know the best features for wireless backbone equipment, access points (APs), PBX, wireless network cards, mesh network nodes, and amplifiers. You'll also be able to recognize compatibility problems that can cause problems when mixing wireless equipment from different vendors.
http://www.WindowsITlibrary.com/Content/1130/06/toc.html

General Design Considerations
In this chapter from "Network Security Architectures," you'll learn basic ways to protect your network. You'll find out about Level 2 control protocols, including 802.1q and Spanning-Tree Protocol (STP). You'll learn about working with DHCP and Content Addressable Memory (CAM) tables. Also, you'll learn about IP addressing, including routing, filtering, and Network Address Translation (NAT).
http://www.WindowsITlibrary.com/Content/1110/06/toc.html

==== 3. New Books in Print ====

Windows Admin Scripting Little Black Book, Second Edition
This book shows you how to perform Windows XP and 2003 management and administrative tasks using powerful scripts for just about every important task imaginable. It covers ways to implement these scripts in an everyday environment to automate repetitive tasks, and features example scripts on every new topic, which you can easily modify or combine to perform myriad tasks.
http://www.oreilly.com/catalog/1932111875/

Black Hat Physical Device Security: Exploiting Hardware and Software
This book provides a methodology for detecting vulnerabilities in individual security devices similar to those that plague the software industry. The book supplies a methodology and checklist for finding common exposures, and also supplies real-world scenarios and shows how bypassing specific equipment can render a security system powerless.
http://www.oreilly.com/catalog/193226681X/

==== 4. New eBooks ====

Taking Control: Monitoring the Windows Platform Proactively
Monitoring Windows servers is a daunting proposition not only because of the wide range of subsystems and applications--each with its own unique set of monitoring requirements--but also because of the sheer number of Windows servers. Instead of one massive mainframe, Windows networks can comprise hundreds and even thousands of servers. On top of that, with technologies such as Active Directory (AD), Windows servers are highly interdependent. A failed service on one server can affect availability or performance of a service on a completely different system. In this eBook, we'll examine four main types of monitoring crucial to any network: performance, capacity, availability, and security. We'll discuss the ins and outs of each type of monitoring for the Windows OS itself, Microsoft IIS, AD and related components, and for two common Windows server applications: Microsoft SQL Server and Exchange Server. For each area, you'll find out the most important events and conditions to monitor to maximize performance, manage capacity, ensure availability, and stay on top of security. You'll find out where to get the information, and we'll provide important caveats crucial to effectively monitoring each area of the Windows platform.
http://www.WindowsITlibrary.com/ebooks/MonitoringWindowsServers

A Guide to DNS and Windows 2000
Windows 2000 and Active Directory (AD) brought DNS into the mainstream. Win2K completely incorporated TCP/IP for all aspects of networking, allowing Windows network administrators to drop the old NetBIOS protocol that Windows NT used as a transport and for name resolution. With NetBIOS gone, Win2K moved to TCP/IP's DNS protocol for network name resolution. Microsoft didn't stop halfway in adopting DNS and TCP/IP: DNS is an essential part of AD, and AD completely depends on a functional DNS implementation. To use DNS effectively, you need to understand its core components. This eBook provides you with a basic foundation for understanding DNS.
http://www.WindowsITlibrary.com/ebooks/DNS

Building the Small Business Infrastructure
A small to midsized business's needs are different than the needs of larger companies. For these smaller organizations, this eBook helps you plan your IT infrastructure to get the most out of your systems while minimizing the costs involved. Beginning with an overview of Microsoft Small Business Server 2003 and a Windows Decision Point quiz, this eBook helps you decide which Windows version is right for your needs. In addition, you'll learn advanced techniques for keeping crucial servers up to date, how to use terminal services to remotely administer your systems, and how to lower your licensing and operating costs by using a free database solution called MySQL.
http://www.WindowsITlibrary.com/ebooks/sbinfrastructure

==== 5. Windows IT Library Top Five ====

Microsoft Windows NT Server Administrator's Bible: Option Pack Edition
This book provides specific coverage of the Windows NT 4.0 Option Pack add-ons to help you plan, install, configure, manage, optimize, and connect NT Server 4.0 to the Internet.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=405

The Microsoft Outlook E-Mail and Fax Guide
Written for Microsoft Outlook end users and the administrators who support them, this volume explains all the real-world tasks that you're likely to encounter when working with Outlook and includes many timesaving techniques that take you beyond the basics.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=191

A+ Certification: How to Pass Your Exams
This book walks you through all the skills tested in the Computing Technology Industry Association (CompTIA) A+ Core Hardware exam and A+ OS Technologies exam.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=175

Microsoft Windows NT Secrets: Option Pack Edition
Packed with the kind of notes, tips, and workarounds that come only from years of working day in and day out with a product, this book will help you optimize the performance, reliability, and security of your network.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=329

The Administrator's Guide to Microsoft SQL Server 6.5
This book provides expert technical advice, practical management guidelines, and an in-depth look at the database administration aspects of SQL Server 6.5.
http://www.WindowsITlibrary.com/documents/book.cfm?documentid=77

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events)

Going Beyond Blade Server Basics
In this free Web seminar, attendees will learn about the scalability of blade servers and how the HP BL series of servers work. And, we'll look at support for remote management, Integrated Lights Out (ILO) management, automated configuration, and server provisioning, as well as specialized server designations within a blade enclosure and more. Register now!
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJyv0Ab

==== Sponsored Links ====

Argent
Comparison Paper: The Argent Guardian Easily Beats Out MOM
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BDWV0AP

CrossTec
Free Download--New - Launch NetOp Remote Control from a USB Drive
http://list.winnetmag.com/cgi-bin3/DM/y/egky0IGRIK0CBq0BJyw0Ac

==== Contact Us ====

About the newsletter -- letters@winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products@winnetmag.com
About your subscription -- winnetmagupdate@winnetmag.com
About sponsoring this UPDATE -- emedia_opps@winnetmag.com