technology&trainingmagazine01

Value of CertificationPreparing for Windows Server 2008 Launch Certification

Microsoft WindowsServer 2008

Takes Business Computing to New Level

The Launch is HERE!

No More MCSEs!

Blu-Ray Wins High-Def WAR!

Volume3 Issue#1

by Lutz ZiobMicrosoft GM of Learning

$3.99

2 3

is an essential resource to help you find information on the latest salary ranges for technology-related positions, in-depth regional salary analysis, the IT hiring outlook, top skills in demand and more.

Call us for your FREE 2008 Salary Guide today.

EVEN SALARIES NEED AN UPGRADE.

© 2008 Robert Half Technology. An Equal Opportunity Employer. 0807-4007

1.800.793.5533 · rht.com

Technology Series Professional Series Architect Series

Microsoft Certified Technology Specialist (MCTS) certifications validate an IT professional’s core technical skills on specific Microsoft products.

Microsoft IT Professional (MCITP) certifications highlight an IT professional’s specific areas of expertise in the IT environment.

Microsoft Certified Professional Developer (MCPD) certifications validate a comprehensive set of skills required to be successful on the job.

Microsoft Certified Architect (MCA) programs identify top industry experts in IT architecture.

Members and non-members of the Microsoft Partner Program can access more information about New Generation Certifications, including special offers on exam preparation and savings on exam fees, training options, testing locations, and more, by visiting: https://partner.microsoft.com/US/NGC/

The program introduces three series of credentials:

Managers and potential employers know they can entrust their projects to Microsoft Certified Professionals. These individuals have acquired critical on-the-job skills. They’ve proven their commitment to professional excellence. And they’ve validated their knowledge of Microsoft® products and platforms.

The benefits of Microsoft certification include:

Increased breadth of knowledge Following the path to certification enables IT professionals to learn new technologies in a structured and comprehensive way.

Increased opportunities on the job From salary and bonuses to project involvement and promotion, certified individuals reap rewards for their commitment to excellence.

Increased value to the organization Managers trust Microsoft Certified Professionals to complete projects on time, within budget, and with higher user satisfaction.

And now a good thing just got better.

Microsoft has created a new generation of certifications based on extensive feedback from you, our partners and customers, to even better prepare you for the ever-increasing demands placed on IT departments. Certifications are now:

• Targeted and flexible to reflect specific job roles and enable individuals to identify their skill sets

• Rigorous and credible with new exam paths that thoroughly validate skill sets and knowledge

• Relevant and simple to provide real-world credentials organized around job skills, best practices, and industry knowledge

New Generation Certifications from Microsoft—Available Now!

0208 Part No. 098-109354

To achieve “top-tier” performance, organizations should strive for between 40 and 55 percent of the team being certified in relevant technologies and processes.*

*IDC White Paper sponsored by Microsoft, “Value of Certification: Team Certification and Organizational Performance,” Doc # 204360, November 2006.

4 5

P 34 IPG International Protection Group

A new year is an exciting time for many reasons: new beginnings bring the promise of a fresh start and hope for an improved future. Here in the Northeast, we also look forward to the end of our cold winters and high heating bills.

Renewal and re-birth are the guiding principles behind our new Technology & Training magazine re-launch. Computer Training Magazine has been redesigned and remodeled to bring you a fresh perspective with more interesting articles, vivid graphics and a broader interest market.

In this issue, we will be covering the new Microsoft Server 2008 launch, same Top 5 list of great interest, a global survey from CompTIA, and much more.

“Microsoft Server 2008 in either 32- or 64-bit versions will make your Enterprise more manageable and productive,” says William Matthey II, who is already an MCTS (Microsoft Certified Technical Specialist) in Server 2008. William brings a unique and varied perspective to the marketplace for our readers, with his practical field experience and long background in training and development. By the way, he also provides IT Security training for the US Military worldwide. His Tech Tips & Tricks provides a fast roadmap for the interested user to locate the immediate resources useful for getting started.

You’ll also be interested to hear about “Ethical Hacking,” an entire field of study devoted to the understanding—and prevention—of breaches into sensitive corporate data and networks. We bring you one of the premiere practitioners in the field to show you the way.

You’ll see the latest information on the IT skills gap that so many industry experts have been talking about. CompTIA shares its recent research into the skills deficit, CompTIA CEO John Venator talks about it from the perspective of IT security, EMC’s Tom Clancy explains how it is affecting storage technologies, and NetCom executives discuss IT training needs—and what training companies like NetCom are doing about it.

Vendor certifications are one area that is undergoing change to meet IT skills shortfalls, and Lutz Ziob from Microsoft follows our Bill Gates article from the previous issue with his take on Microsoft Certifications.

Our contributing editor, Mary Shacklett, has developed a well documented white paper, “Setting Up an Internal IT Training Function,” which helpfully lays out a strategy for IT to manage its training investments at the same time that it keeps focus on maintaining systems and deploying new technologies.

Finally, here at Technology & Training, we like to practice what we teach.

You’ll find several short “workshop” articles in our Tech Tips section on Cisco and Microsoft technologies in this issue—in addition to information on new trends for networks and servers.

Welcome aboard—and I look forward to seeing you again in the next issue!

John Molnar Publishing ManagerTechnology & Training MagazineContact: [email protected]

from the PUBLISHER

New Generation Certifications—Microsoft

Windows Server 2008

Robert Half Technology

Server 2008: Business Computing Rises to New Levels by Mary ShacklettP 12

P 27, 29, 31, 33 NetCom Information Technology

Value of Certifications

Closing the Security Skills Gap

The Best WLAN Product

The Growing Need for Ethical Hacker Training

Server 2008: The Launch is Here! — no more MCSEs!

Training the “Right Stuff”

Top 5 reasons why certifications are important for IT professionals

To Hack or Not to Hack, Ethically?

Security Comes “Baked in” on Latest Cisco Routers

How to: Customize SharePoint Lists

IT Skills Crunch

How to: Password Recovery for Cisco Routers

Creating an Effective Internal IT Training Function

Partner Networks a Gateway to Growth

CIsco Fits the Bill

Blu-Ray DVD Wins High Def War!

Solving the IT Skills Crisis

ContentsFeatured Articles

Industry News

Tech Tips

Hacking

Training & Technology

Tech COOL

Microsoft

Cisco

IT Skills Crisis

by Lutz Ziob

by Kevin Sandlin

by William Alan Matthey

by Mary Shacklett

by John Venator

by Mary Shacklett

by Michael Diz

by Titu Sarder

by Richard Landrigan

by Ruzbeh Kheirabi

by Michael Govinda

by Russell Sarder

by Mudit Mittal

by Sanjay Bavisi

by Bill Breslin

by Tom Clancy

P 7

P 20

P 30

P 41

P 15

P 24

P 32

P 43

P 16

P 26

P 36

P 48

P 19

P 38

P 50

P 52

P 54

Mary Shacklett

John Molnar

CompTIA

P 2

P 15P 14

P 34

P 3

P 18

P 35, 40, 46

P 6

P 22

P 39

P 9

P 23P 25

P 28

P 45 P 42

P 47P 55P 56

Pace University

Mind Shift Technologies

CDW.comCitrix

3dSNMP.com

Specops Command

2008 DC PHP Conference & Expo

GRC InstituteSales Force.com

FMC TrainingCOLE SYSTEMSH@cker | Halted Security Conference

EMC Storage Technology FoundationsMerax.comNetSupport Inc.

Daniel Greenspan

Lutz ZiobWilliam Alan MattheyRuzbeh KheirabiBill BreslinJohn VenatorTom ClancyKevin SandlinMichael GovindaRichard LandriganSanjay BavisiMichael Diz

Masako MasudaDaniel Greenspan

Russell SarderTitu Sarder

Adam ChngTherese Switzer

Mudit MittalBrian Ciufo

CEOCOOCIOCTOGeneral ManagerQuality Control Analyst

Consulting Editor

Publishing Manager

Advertisers Index

All rights reserved. Reproduction or use without written permission is strictly prohibited.

March 2008

Marketing Coordinator

Contributing Writers

Advertising Sales

Design Team

Corporate Information

for Subscription: www.technologytrainingmag.com/subscribe

Hacking Examined

Roberto DiazRobert Kratzke646-747-5414

Technology & Training Magazine, March 2008. Application to mail at periodicals postage rates is pending at New York, New York. Technology & Training Magazine is published quarterly. Volume 3, Issue 1. Annual subscription fee is $19. Office of known publication: Technology & Training Magazine, Empire State Building, 350 Fifth Avenue, Suite 700, New York New York 10118. The opinions expressed within the articles and other content(s) herein do not necessarily express those of the publisher. Technology & Training Magazine assumes no responsibility for content, text or artwork of articles or advertisements other than those promoting Technology & Training Magazine, L.L.C.

An Ebiz9, Inc. Company

6 7

Power your Active Directory to new heights

Specops Command PowerShell remoting through Group Policy

www.specopssoft.com/powershell

Specops DeployGroup Policy basedSoftware Deployment

TM

Specops InventoryGroup Policy basedAsset Management

TM

Specops Password PolicyFor Multiple Password Policies in AD

TM

Active Directory JanitorKeeps your Active Directory clean

TM

For more information about Specops Command and to download your FREE limited version or full trial version please go to:

”Psychotically Powerful”

Specops CommandWe bring you the future ofscripting, today!

TM

Certification allows IT professionals to gain valuable experience and skills with new technologies before deployment

How do you define certification? Is it a test of skills? A paper certificate? Initials you can add after your name on your business cards and e-mail signature?

These are all visible elements of certification, but part of the misconception of certification is that these elements are the most important—or worse, that this is all there is to certification.

The reality is, certification encompasses a larger process, where the work up front is really the most critical. At Microsoft, we start by defining what it means to be proficient in a specific job or task, then we create a learning path to gain that proficiency. Finally, we develop rigorous and relevant exams delivered through a standardized testing approach.

This holistic approach to certification is what Microsoft employed to develop its latest genera-tion of certifications. At the core of the process, we used job task analysis research to define—at a detailed level for a range of job types—the tasks people perform daily, and what is most important in their professional life. That data was used to define responsibilities at a very granular level, which helped us to develop efficient, job-role-focused curricula.

Defining skills is not art. It is a very structured, scientific approach which ensures that Micro-soft can provide support for new technologies. It is one thing to say, “I’ll write some course work for this new product.” However, as technology is being brought into more and more scenarios, trying to figure out what really matters—what people really need to know, what their job roles are, and what implementation scenarios they face—is not easy.

By creating comprehensive definitions that describe what people need to know in specific job functions, as well as what they don’t need to know—we can ensure that all the elements come together in a way that is meaningful and relevant to people’s job roles, helping them prepare for new technologies as the technologies are introduced.

The value of this certification approach is that IT professionals get a tightly focused program to gain and validate the skills they need to successfully implement technology within their enterprises.

Value of Certificationsby Lutz Ziob GM Microsoft Learning Solutions

8 9

Preparing for Windows Server 2008Helping IT professionals acquire expertise with new technol-ogy is so fundamental to what Microsoft does, that we start developing training and certification as the products are de-veloped. About 18 months before a product introduction, we work with the business group to gain an in-depth understand-ing of what the new product will do, what capabilities it will bring, and how it is being positioned in the marketplace. From there, we start working on understanding what kind of train-ing skills and learning solutions will be necessary. A good example of how the early readiness works is in the prepara-tion for Windows Server 2008. To help customers understand and prepare for the technology, we made the first learning

and certification solutions available eight months before the product launch. This included 30 hours of e-learning content, two books, 15 days of instructor-led training; and two up-grade exams.

Most of the learning tools that are available before the Win-dows Server 2008 launch are offered to customers and part-ners for free. As part of early readiness, we want customers to engage and understand the technology with the fewest bar-riers possible.

Three to six months after the introduction of the product, the bulk of the training content will launch-because that’s when the majority of customers will start to need it. After the knowledge on the product has increased, the balance of the learning products will become available.

We also start training the trainers very early. This ensures that there are people in the marketplace who can take customers to the next level when customers begin implementing the technology. By the time the product is released, thousands of Microsoft trainers are ready to go.

Additionally, the content for Windows Server 2008 is avail-able in 10 languages and includes 180 days of instructor-led training; seven exams supporting five certifications; 600 hours of high-quality, multimedia-enabled e-learning; and 28 Microsoft Press books.

For customers interested in Microsoft Windows Server 2008, there is a variety of learning available to suit the style, pace, and language of virtually every customer.

More than 230,000 IT professionals have been trained on Windows Server 2008, and over 9,300 certifications have

already been awarded. These high training and certification numbers indicate that the IT professional community is an-ticipating the adoption and deployment of Windows Server 2008 technology. Additionally, Windows Server 2008 is gear-ing up to be one of the biggest product launches to date.

Setting yourself apartCertification has value at any point in a career path. For both seasoned professionals and people new to the IT industry, the certification process allows them to learn new skills, validate their skills base, promote them in their careers, and assist them in becoming more valuable members of IT organiza-tions. For persons with less IT experience, certification is a

proven method to demonstrate skills, knowledge and moti-vation levels that differentiate individuals from their peers. It aids managers in assessing individuals within their orga-nizations, and it assists companies in the evaluation of new hire candidates, since certifications provide recognized and standardized benchmarks of knowledge.

The process to become certified also demonstrates a level of commitment on the part of the individual that sets him apart from his non-certified peers. Certification is a clear indicator of the individual’s drive to be at the very top of his game, since certification involves a high level of personal commit-ment in preparation for exams.

Practice makes perfectThe certification process allows IT veterans to gain experi-ence with new technologies before they need to deploy them. It’s like a seasoned police officer learning to fire a new weap-on. The officer may already be experienced, but he still trains on the firing range until he has mastered the new weapon. This is because learning as you go in a life-or-death situation would be risky and irresponsible.

In the IT world, it is also extremely difficult to stumble across new ways of doing things and new capabilities, because it’s impossible to even know to expect them. Certification pro-grams give IT professionals the opportunity to test-drive new technology, and to gain an understanding of its breadth before deployment.

Recently announced new MCP benefitsIn addition to the learning and validation aspects of the certification process, there are new benefits for Microsoft Certified Professionals that give them an additional edge professionally.

“To help customers understand and prepare for the technology, we made the first learning and certification solutions available eight months

before the product launch.”

10 11

MCPs now have access to the extensive partner-level Micro-soft Product Support Knowledge Base—previously accessible only to Microsoft partners and MVPs. This includes access to exclusive technical information that is not available to the general public.

This deeper level of Knowledge Base access provides MCPs with an inside track to important technical issues that make them more valuable to their peers and employers. Because we know that experienced users learn from one another, we’ve created a more robust MCP community. MCPs worldwide can now build and maintain a personal landing page on the www.Microsoft.com website to help drive interaction and in-crease their visibility within the worldwide community. They can also locate their peers within a city, state or country for professional networking, mentoring and community involvement, using the MCP member directory search capabilities.

Additionally, there are enhanced ways for MCPs to promote their skills. All credentials earned are now combined into one transcript, which can be downloaded in both XPS and PDF formats for easier saving and sharing. The enhanced transcripts match the look and feel of the new generation certificates, and MCPs can forward transcripts di-rectly to their managers.

Finally, MCPs can now download redesigned, high-resolution Microsoft certifications in both XPS and PDF file formats within days of achieving new credentials. They can also down-load logos from the Microsoft library for use in their resumes, Websites and business communications.The new certification program features provide MCPs with a richer set of resources, a better sense of community, and more tools to promote their value within their organizations.

Certification increases team performanceMarketing your skills to IT managers has become more im-portant as organizations better understand the benefits of hav-ing certified IT professionals as part of their teams. A survey conducted by IDC and sponsored by Microsoft studied the or-ganizational performance of 1200 IT teams, examining the re-lationship of team performance to the percentage of the teams certified by Microsoft on a variety of technologies. The study concluded that certification correlated positively to organiza-tional performance improvements. In both general service

excellence and specific measures of task-level performance, certification made a measurable impact.

The survey revealed:

Seventy-five percent of managers believe that certifica-• tions are important to team performance. Team performance increases every time a new team • member is certified.When you increase the concentration of Microsoft cer-• tified membervs on a team, you directly improve team performance.Top performing teams on average have between 40 and • 55 percent certified Microsoft members who are trained on relevant Microsoft technologies and processes.

The IDC study concludes: “It is clear that every increase in team skill improves organizational performance. This research dem-onstrates that for each new team member certified, team perfor-mance increases.” Recognizing the importance of having certified pro-fessionals on their IT teams, hiring managers are increasingly making

certifications a requirement of employment and advancement. At any point along a career path, certification provides IT pro-fessionals with industry-recognized proof of the value they bring to their organizations. (See more details in the whitepa-per study on the following page, Connecting the Dots.

Getting readyBeing prepared for new technologies like Windows Server 2008, helps IT professionals realize the full potential and ca-pabilities of the solution before implementation. This prepara-tion also helps them stand out from their peers and be much more valuable members of their organizations.

ABOUT THE AUTHOR

Lutz Ziob is the General Manager of Microsoft Learning For more information: Microsoft Learning’s Windows Server 2008 programvisit: http://www.microsoft.com/learning

“MCPs worldwide can now build and maintain a personal landing and increase their visibility within the worldwide

community.”

12 13

From the beginning, server-based computing’s “trump card” has been its ability to bring low-cost hardware into enterprises. This hardware could deliver flexible, intuitive business software at lower price points than mainframe-based alternatives.

With Windows Server 2008, Microsoft is crossing the bridge into a province formerly “owned” by mainframes: the ability to deliver enterprise-level security, virtualization, failover, automation and network management—coupled with the server’s natural abilities for Web-based software development.

Server 2008 is designed to power the next-generation of networks, applications, and Web services. With Server 2008, you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. Server 2008 also delivers new Web tools, virtualization technologies, security enhancements, and management utilities that save time, reduce costs, and provide a solid foundation for your IT infrastructure.

Here is where Server 2008 delivers to major projects challenging IT departments in 2008:

Virtualization and Automation

The pressure is on to consolidate the number of servers deployed in businesses for lower costs and fewer hardware assets that IT must manage and coordinate. The more IT can consolidate multiple servers into single, larger servers—and then place these larger servers “under one roof” in a central data center-the more money that can be saved on separate hardware and license purchases, not to mention on travel expenses and IT staff time for installing and trouble-shooting hardware at remote locations.

Server 2008 uses Windows Server Hyper-V technology. This allows you to consolidate multiple servers and operating systems on a single virtual machine. You eliminate separate physical servers in the process, even if they are running on

non-Windows OS platforms like Linux. This is accomplished by loading all the multiple server content onto a single Microsoft Windows Server 2008 that supports multiple operating systems. Windows Server 2008 also has Terminal Services Gateway and Terminal Services RemoteApp, which provide remote access to standard Windows-based programs from anywhere, by running them on a terminal server instead of directly on a client computer.

New Web Initiatives for IPv6 and Componentized Software Development

Next generation Internet in the form of Internet2 will be slowly working its way into the corporate market, making IPv6 a required protocol upgrade for corporate IP networks. The “pinch” of older IPv4 protocol that most businesses are already feeling today, is that we are beginning to run out of available IP addresses under IPv4. This is a limitation that IPv6 overcomes.

Any company whose livelihood depends on securing government contracts already knows this, since government contracts now mandate that all new software runs on IPv6. Complete IPv6 integration and support come with Microsoft Windows Server 2008.

On the application software development side of the Web, over 90% of U.S. businesses now actively engage in Web services development that gives companies the ability to componentize their business software, and then reuse pieces of business logic anywhere they need to in the business. The flexibility of these reusable pieces of code provides consistent business processes throughout the company, and also saves staff development time, since the business software modules can be reused.

Ideally suited for Web services development, Windows Server 2008 comes with Internet Information Services 7.0 (IIS 7.0), a Web server and security-enhanced platform for developing and hosting Web applications and services. IIS 7.0 includes a componentized architecture for greater flexibility and control-and provides powerful diagnostic and troubleshooting

Business Computing Rises to New Levelsby Mary Shacklett

Server 2008: capabilities. IIS 7.0 teams with the .NET Framework 3.0 in a comprehensive platform for building Web-based applications.

Enterprise-Strength Security

Self-defending bots, denial of service attacks, viruses and data compromises have all put security on the top of the IT list for businesses—and Windows Server 2008 has solutions.

The Windows Server 2008 operating system has been hardened to help protect against failure, and to prevent unauthorized connections to networks, servers, data, and user accounts.

Sever 2008’s Network Access Protection (NAP) helps ensure that computers that try to connect to your network comply with your organization’s security policy. Technology integration and enhancements also make Server 2008’s Active Directory services a potent unified and integrated Identity and Access (IDA) solution. Read-Only Domain Controller (RODC) and BitLocker Drive Encryption allow you to more

securely deploy your Active Directory database at branch office locations, and next generation cryptography (CNG) supports standard cryptographic APIs (application program interfaces), as well as business-defined cryptographic algorithms.

Simplified Network Management and Failover

Three important benefits of server virtualization are the ability to automate routine networks and server functions, the ability to centralize management of these functions, and the ability to auto-failover to alternate servers or server partitions when applications fail. All are integral to running a 24/7 business.

In support of these goals, Microsoft Windows Server 2008 has a unified management console that simplifies and streamlines server setup, configuration, and ongoing management. It is complemented by Windows PowerShell, a new command-line shell that enables network administrators to automate routine system administration tasks across multiple servers. Windows

Deployment Services provides a simplified, highly secure means of rapidly deploying the operating system via network-based installations, along with Windows Server 2008 Failover Clustering wizards with IPv6 support and consolidated management of Network Load Balancing. This makes high availability easier to implement even by IT generalists.

In Conclusion

Microsoft Windows Server 2008 provides a solid foundation for current and future server workload and application requirements. It is relatively easy to deploy and manage.

This server is scalable. At the high end, it can come in the form of the Windows HPC (High Performance Computing) Server 2008. This high performance solution is built on Windows Server 2008, x64-bit technology, and can efficiently scale to thousands of processing cores with out-of-the-box functionality to improve the productivity, and reduce the complexity of high computing.

The long awaited arrival of Microsoft’s new Server 2008 Operating system is upon us. While Server 2008 builds on the management structure of 2003 Server, it also

adds a wide range of security and management options.

If Microsoft’s Server 2008 is in your future, you should look at the Microsoft Learning Site at http://www.microsoft.com/learning/windowsserver2008/default.mspx. You can also download a free evaluation version of Server 2008 to get familiar with its increased functionality (http://technet.microsoft.com/en-us/windowsserver/2008/bb405966.aspx).

Finally, consider planning, creating and using a virtual lab environment to gain some ideas about the impact of the new Server 2008 features on your current systems.

The scope of the management undertaking for Vista/Server 2008 environments is embodied in the list of available group policy settings available for the administration of the Enterprise (see

Microsoft links below)—(Group Policy Settings) nearly 3000 ways to assail the bodies/boxes of your minions).

There are considerable resources available from Microsoft, training providers, consultants and blog sites to help you work through even the toughest problems. Start slowly, measure twice or thrice, execute carefully—and Server 2008 in either 32- or 64-bit versions will make your Enterprise more manageable and productive.

As a final note, I also want to communicate that there will be no more MCSEs (Microsoft Certified Systems Engineer) from Microsoft. If you have any interest in a broad server-based certification, you should consider completing the 2003 Server MCSE requirements while they are available—probably prior to yearend, 2008. After these exams are discontinued, the only available certifications will be the more granular MCTS (Microsoft Certified Technology Specialist) and similar certifications.

Server 2008: The Launch is HEREby William Alan Matthey II, MCSE, MCTS, CISSP, MCT

USEFUL LINKShttp://www.microsoft.com/learning/windowsserver2008/default.mspx

http://technet.microsoft.com/en-us/windowsserver/2008/bb405966.aspx

http://www.microsoft.com/downloads/details.aspx?FamilyID=2043b94e-66cd-4b91-9e0f-68363245c495&DisplayLang=en

“there will be no more MCSEs (Microsoft Certified

Systems Engineer) from Microsoft”

ABOUT THE AUTHOR

William Matthey is an MCSE in NT4, Server 2000 and Server 2003, and already an MCTS (Microsoft Certified Technical Specialist) in Server 2008 and Vista. Matthey provides IT Security training for the U.S. Military worldwide. He also worked as part of Microsoft’s content development team that produced much of the current Vista training material.

Comments? Questions? Send them to [email protected].

16 17

Each day of our lives, we deal with itemized sets of tasks, responsibilities and a host of other daily items. These items are sometimes performed or maintained

in a certain order, and sometimes they have no order whatso-ever. The items can repeat themselves at times, or be unique to a certain day or scenario. I know what you’re thinking: “I have to-do lists for these kinds of things.” Not quite.

Even though at times our lives feel like nothing but lists, a single to-do list cannot fulfill all of our needs. What if the items we are dealing with are prices or lists of items on hand? You cannot add those to a to-do list.

Windows SharePoint Services version 3.0 (http://tinyurl.com/2bjvpr) is a free add-on service for Windows Server 2003 that can be used to build dynamic Web-based business applications and databases. One of the many great features of WSS is Custom Lists. Do not let the word “List” fool you, as you can do wonders with it.

Think of a list in WSS as an Excel spreadsheet that has col-umns and rows. Each row identifies a new set of values for each column. Let’s say, for example, that you need to keep a list of team members, including their ages and phone numbers. (See Figure below.)

You can create a spreadsheet with three columns: Name, Age and Phone Number. Rows can then be populated with every-one’s name, age and phone number. For many of you, this may seem perfect.

However, keep in mind the following questions which may arise:

Where will you store this spreadsheet? What if your supervisor also needs to view it? What if 1. other people need to view this list for any reason? How would you give them access to it?How will you enter data? To enter the data, you must 2. go line by line, since no user interface exists for you to input the data in any other way.

These are just a few of many issues and questions that can arise when dealing with spreadsheets and/or file-based docu-ments.

WSS allows you to create customizable lists with a wide variety of different column types that are automatically cre-ated, economizing the amount of work that has to be done. Additionally, WSS can create the appropriate forms for data entry and editing. Furthermore, your data and lists are stored centrally on a Web interface that can be accessed from any-where, based on permitted access that you set.

Let’s go ahead and create the above mentioned Excel spread-sheet in WSS. We will assume that you are logging onto your WSS site as a site owner or member. To create a custom list, follow the steps on the next page.

Customize SharePoint Lists

by Ruzbeh KheirabiCTT+, MCT, MCSE, MCDST, A+, Network+, Security+

Organize your day-to-day items and data

Howto

ABOUT THE AUTHOR

Ruzbeh Kheirabi is the president of Rooznet Consulting, Inc., which provides IT consulting and training services to a variety of small and home businesses. An MCT since 2004, he teaches part-time at different organizations, including NetCom Information Technology. Additionally, he works full-time as a net-work administrator for Southern Westchester BOCES, where he manages and maintains an entire school district’s network of 2,500 users on 600 desktops with 15 servers over four sites. Mr. Kheirabi holds a multitude of certifications on Windows 2000/XP/2003/Vista/2008 and Windows SharePoint. In his free time, he enjoys coding network utilities, studying to keep up with the latest technology and working out.


STEP 1. After logging into your WSS site, you will see a Site Actions button on the right hand side. Click on it, and select Create. You will then be redirected to the Create page, which gives you the option to create a variety of different WSS content and lists. WSS is a robust and powerful web-based service that has the capability not only to create lists, but also to manage and maintain different types of data and content. As you can see on the Create page, you can create Wikis, Picture libraries, Discussion Board vs Surveys, and many other items.

STEP 2. On the Create page, click on Custom List.

STEP 3. On the New page, give the list a name. In this instance, we will name it Team Members Info. You can also add a description to better describe and distinguish your list. Additionally, you can specify if you want your list to show on the quick launch bar. When you have finished, click on the Create button.

STEP 4. After the list is created, you will be redirected to the All Items view of the list. In WSS, each list has different views that can be customized to meet your needs without any programming or technical knowledge. This makes it very easy for non-technical users to master WSS. These views are capable of showing different data from a list based on criteria or groupings needed by the user. As you see, there are New, Actions and Settings buttons, and currently only one column named the Title column. By default, every list created in WSS has the default column Title, which can later be renamed or hidden. The paper clip icon represents attachments. In WSS lists, you have the ability to attach documents or files to a list item. This feature can be disabled under the Advanced Settings of the List Settings.

STEP 5. To customize the columns of our list, click on Settings and select List Settings. You will be then redirected to the List Settings page, which allows you to customize and configure different options and settings for your list, including adding or removing columns.

STEP 6. Under the Columns header, you will see the different columns that are in the list and their types. WSS allows for different types of columns, including but not limited to text, numbers, currency and date and time. The first thing we want to do is to rename the Title column to display FullName. Go ahead and click on Title and on the Change Column page. Type FullName under the column name and click OK.

STEP 7. We still need to create two more columns: age and phone number. To create a new column, click Create Column.

STEP 8. On the Create Column page, enter Age as the column name and select Number as the column type. Under additional column settings, set the Number of Decimal Places to 0 and click OK.

STEP 9. We still need to create one more column, the Phone Number column. Go ahead and click Create Column one more time, and enter Phone Number as the column name. Leave the already selected column type of Single Line of Text in place, and click OK.

STEP 10. You should be back at the Customize Team Members Info page. Under the Columns header, you will see all three of your needed columns. As we performed these tasks, WSS also created the necessary forms that will allow us to enter, edit and view the data in our list. Click on the Home link at the top of your page and then click on the Team Members Info link on the left in the quick launch bar. You will now notice the three columns we created.

STEP 11. To add data to your list, go ahead and click on New. You will be redirected to the Team Members Info New Item form, which allows you to enter the needed data for each team member. Go ahead and enter John, who is 23, with a phone number of 111-111-2323. Then click OK.

STEP 12. You will be redirected back to the Team Members Info page, and the new row of data will be automatically added for you. You can edit or delete an item by clicking on the Full Name of the team member. You can add more items by clicking on New.

There are no items to show in this view of the “Team Members Info” list. To create a new item,

click “New” above.

19

CompTIA A+ takes a new approach to validating the skills for entry-level IT techniciansby covering both technical skills and job-specific soft skills. The recently updatedCompTIA A+ credential includes current technologies, expanded security content,and soft skills such as communication and professionalism.

To learn more about CompTIA A+ andhow it can benefit your business,visit certification.comptia.org/aplus08.

CompTIA A+® Certification —Designed for today’sNEW IT technician

CompTIA_A+Ad_Trng&Tech:Layout 1 2/19/08 4:41 PM Page 1

When a Dallas-based software developer needed deeper expertise for a Microsoft SharePoint project, the company called on trusted specialists to assist. In turn,

a tandem of software vendors brought a third supplier into the fold to handle infrastructure requirements. Ultimately, three small companies joined forces to provide a turnkey solution, and each brought in revenue it couldn’t have captured alone.

Scenarios like this one become more common every day. The concept of complementary businesses teaming up isn’t new, but it’s more powerful than ever as our technology ecosystem becomes overwhelmingly complex. Few companies have the depth and breadth to be a one-stop shop, and attempting to be everything to everyone is usually a business plan for failure. Instead, the IT world is increasingly composed of smaller, highly I specialized experts that excel in one particular area. When the job requires it, they band together to deliver a complete portfolio of services to their customers.

It’s a phenomenon known as partner-to-partner networking, or P2P. Increasingly, these types of business connections are made through P2P organizations like the International Association of Microsoft Certified Partners (IAMCP). With more than 4,000 members across over 70 chapters worldwide, IAMCP is the virtual community where non-competing businesses come together to uncover new opportunities and succeed through collaboration. Since only Microsoft Certified Partners can join, IAMCP members know they can count on the skills and experience of others in the network.

Research shows that P2P networking is a gateway to growth for companies with specialized expertise to offer. An IDC study revealed that IAMCP members engaged in $6.8B of P2P transaction activity in 2006. In the same year, members with a high commitment to forging new partnerships grew an average of five percent faster than less active members.

There’s little doubt that the industry has recognized the value of partnering. Many of the world’s technology giants, such as Cisco and HP, have implemented partner programs of their own. In the process, organizations have also emerged to help those partners

find and link to each other. However few, if any, P2P networks have evolved to offer the same level of value that IAMCP brings to its members.

More than just a directory of contact names, IAMCP is a vibrant professional organization teeming with networking events, education and training opportunities, and community activism. IAMCP is also an advocate for its members’ interests, providing Microsoft with input on future product developments, and even lobbying Congress

on important legislative affairs.

What makes IAMCP truly unique, however, is its independent status. Though Microsoft is IAMCP’s biggest sponsor and supporter, the association is not affiliated with Microsoft and is run entirely by volunteers consisting of business owners from around the world who represent the voice of the IT community.

This “bottom-up” philosophy creates an environment of trust among members that’s hard to find in any other professional organization.

The trust is evident in the hundreds of business relationships that sprout every year through the IAMCP network. When a U.S. government agency needed an IT vendor in Costa Rica, they found one through IAMCP. When a major telecom vendor needed financing services to close a million-dollar phone system deal, an IAMCP member got the call. And when a member from Houston was away on business, he tapped the IAMCP network to manage a client emergency during his absence.

The success stories are endless, and so are the opportunities awaiting technology companies that embrace the power of partnering.

Partner Networks a Gateway to Growth

by Bill BreslinIAMCP Provides Hub for Microsoft Partners

ABOUT THE AUTHOR

Bill Breslin is vice president of Application Development at Insource Technology in Houston. He also serves as U.S. president of the International Association of Microsoft Certified Partners (IAMCP).

Visit www.iampc.org for more information.


“An IDC study revealed that IAMCP members engaged

in $6.8B of P2P transaction activity

in 2006.”

20 21

By John A. VenatorPresident and Chief Executive Officer

Closing the Security

Security tops the list of the technol-ogy skills that are most important to organizations today, according to a

survey of more than 3500 technology pro-fessionals in North America, Europe and Asia. In the same survey, 73 percent of participating organizations also identified firewalls and data privacy as the IT skills most critical to their organizations.

However, the same survey, along with new research commissioned by the Computing Technology Industry Association (Comp-TIA), indicated that there is a widening gap in the technical security skills that employ-ers want, and the corresponding skills that workers bring to the job. This heightened interest in security is re-flected in a 2007 CompTIA study, which found that the management of 78 percent of organizations considered information

security a top priority. With so much at stake, it is incumbent on organizations to implement comprehensive security train-ing programs and making training a re-quirement for IT staff.

The benefits of such training are clear. Among organizations that have provided security training for IT staff, the 2007 CompTIA study found that an impressive 81 percent believed that security training improved security practices in their orga-nizations.

In corporate IT, security training:increased awareness of security is-• sues; improved the ability of IT staff to pro-• actively identify potential security risks; enabled IT to respond more quickly to • security issues.

Despite these findings, specialized training for IT staff is still the exception rather than the rule in many organizations. Less than half of all companies surveyed by Comp-TIA require IT security training, while about one-third have made security training a re-quirement for both new hires and existing IT employees. Overall, IT security training is mandatory to some degree for 47 percent of organizations.

Organizations with security training pro-grams in place agree that security training has been beneficial, and that they have also realized financial savings. The average es-timated average cost savings that organiza-tions attribute to their IT security training programs is around $352,000 annually. These same organizations spend an aver-age of $90,000 per year on security-related training, so the corresponding return on in-vestment is rather compelling.

Skills GapAmong organizations that require security certifications, more than eight out of ten (84 percent) believe they improved their company’s overall IT security. More than two-thirds believe that having IT staff with security-related certifications enables the or-ganization to pro-actively identify potential security risks—and a similar percentage of organiza-tions also feels that security train-ing also allows them to respond quickly to potential security risks. Organizations that lack a formal strategy for security-related train-ing may be placing themselves at significant financial risk.

In addition to these benefits, the estimated cost savings associated with having IT staff with security certifications are even more compelling. Respondents estimate that the cost savings asso-ciated with having IT employees with security certifications is $656,000, which is 80 percent higher than the savings for or-ganizations that have implemented only IT training initiatives. For the individual worker, attaining a recognized security cer-

tification or credential is a strong indicator to employers of you security expertise.

One such certification is CompTIA Security+, which validates foundation-level knowledge of communication security, infra-

structure security, cryptography, operational security, and general security concepts. It is an inter-national, vendor-neutral certifi-cation for security professionals with two years of hands-on expe-rience in networking, with a focus on security. It is recognized by the technology community as a valu-able credential that proves compe-tency with information security.

As the information security market evolves and the types of threats expand, organizations must seek out the correct balance of technology and training solutions. The benefits of security-related training and certification for IT staff are real and compel-ling, and the cost savings are undeniable.

ABOUT THE AUTHOR

John Venator is the president and chief executive officer of the Computing Technology Industry Association (CompTIA), the leading trade association representing the business interests of the global information technology (IT) industry. He is responsible for leading strategy, development and growth efforts for the associa-tion and its 20,000-plus member organizations around the world.


“Among organizations that require security certifications, more than eight out of ten (84 percent) believe they improved

their company’s overall IT security.”

The SurveyCurrently most important:

Currently less important:

Skills Gaps in Security/Firewalls Data Privacy:

%Important

%Proficient

Gap

74%

57%

17

Security

Networking

Operating Systems

74%

66%

66%

RF Mobile/Wireless

Web-based Technologies

Operating Systems

17%

40%

40%

CompTIA commissioned CSR (Center for Strategy Research) to conduct this large, International study.Two phases to this study: Data was collected from 3578 respondents to the online survey (11/16/07-12/6/07). A minimum of 250 respondents per country.Countries included: U.S., Canada, U.K., Australia, India, South Africa, (surveys translated for the following:) Germany, Russia, France, Italy, Netherlands, Poland, Japan, China. (Essentially three major regions: North America, Europe, and AsiaPac.)

Job# CDW BRA P71913AD# CDW-BRA-913A61 FILE NAME: C_913A61.indd

Pub: Technology and Training Mag

Insertion: Open

Size: TRIM: 8.5” x 11” BLEED: 9” x 11.5” LIVE: 7.5” x 10”

MATERIALS: PDF / X1a Please include all fonts (postscript fonts only) and support files. 1 color proof must accompany all files.

JWT Communications, Entertainment and TechnologyONE RAVINIA DRIVE, 9TH FLOORATLANTA, GEORGIA, 30346

Materials Contact Person:Theresa Buchanan 770 668-5700 x229email [email protected]

As you sit there among the humming and buzzing of servers, the miles of cables and the flashing of tiny little lights, know

this – you are not alone. At CDW, we provide you with a personal account manager who knows your business and the IT

challenges you face. We make sure your most difficult questions get answered by highly trained technology specialists who,

quite frankly, are ridiculously smart. And we offer a full range of custom configuration services that can save you valuable time

and money. With all this, plus an unfathomable number of products from the top names in the industry, you should feel quite

comfortable knowing CDW has everything you need, when you need it. And as always, we’re only a phone call away.

The server room can be a cold and lonely place. We can definitely help with the lonely part.

©2008 CDW Corporation

CDW.com 800.399.4CDW

6323_cdw_T&Tmag_open.indd 4 3/21/08 2:38:02 PM

Job Name: 6323 cdw_T&Tmag_openPDF Page: 6323_cdw_T&Tmag_open.p1.pdf Process Plan: PDF Output X1a[Vector]Color: Cyan, Magenta, Yellow, Black W: 8.5 H: 11 Scale: 100Date: Mar-21-2008 Time: 13:40:38 SpoolServer

PageMark-Color-Comp

24 25

In January 2008, Information Week (www.informationweek.com) cited compelling figures on the U.S. IT labor market:

More than one million IT jobs are expected to be added to • the U.S. economy between 2004 and 2010;70 million baby boomers will exit IT employment over the • next 15 years, but only 40 million new workers are pro-jected to replace them;U.S. Department of Labor Statistics (www.dol.gov) rank • network systems and data communications analysts and application software engineers as, respec-tively, the number one and number two “fastest growing” jobs in the U.S. economy in 2006-2010 that pay over $46,360 annually, while computer systems analysts, da-tabase administrators and system software engineers are respectively ranked numbers six, seven and eight on the same list.

Contrarians argue that outsourcing can continue to mitigate these skills demands and deficits—however, few have acknowl-edged the future impact of competition for these same skills from emerging economies in India, China and elsewhere.

Our clients and business partners see this. Daily, we work to-gether to ensure that the “right” kinds of IT skills are being trained so these skills can be immediately applied to technology that delivers competitive advantages to our stakeholders.

We recognize as well, our responsibility as a professional train-ing organization to deliver “work ready” skills that deliver to corporate “bottom lines”—and to an individual’s ability to at-tract employment.

Today’s “right stuff” skill sets include hands-on know-how and problem solving in network architecture design and operational execution; Web-based infrastructure management and applica-tion development; security; IT soft skills, and many other areas. All are central to NetCom’s in-class and online curriculum.

NetCom training features the best instructors in the industry. These men and women not only understand the work of teach-ing and knowledge transfer—but are accomplished practitioners in their own rights.

We never rest in our ongoing assessments of the IT market and the needs of our clients. We continuously meet with our busi-ness and individual clients—and we continuously revise our cur-riculum as technology changes. We partner with key technology providers, and we work collaboratively to anticipate future needs, and to provide the training that facilitates technology adoption.

At the same time, we recognize that measuring return on in-vestment (ROI) from training is very challenging for corporate training officers and for IT. In IT, training needs to be measured in terms of timely skills delivery to projects, understanding that many of these skills deliver intangible as well as hard skills to the work they are applied to. In IT, these investments in human capital are often experienced as reductions in the need to go out-side of the company for technology skills; reduced time lines for projects; and improved turnaround on critical new systems and networks needed in the business.

More companies understand this, yet the eLearning Guild (www.elearningguild.com) released a study in October 2007 which showed that while 20 percent of businesses stated that they were

Training the “Right Stuff”by Russell Sarder

President and CEO NetCom Information Technology

able to measure what they wanted from the training that they had invested in, only 10.9 percent had data that showed that these measurable results provided value to the organization.

One reason was the rapidity of change in IT—which is charac-terized by constantly changing priorities for projects and initia-tives. The need to train for today’s technologies while keep-ing an eye on tomorrow’s priorities does not escape us as an IT training company. It is central to our clients’ success, and

central to our own. We recognize that training the “right stuff” begins with today’s results—but it also has to incorporate agility in problem-solving abilities that trainees can apply to a variety of IT issues that exist now and that will emerge in the future.

This problem solving elasticity is carried forward in our training approaches, because the knowledge gained in training should never stop delivering value as long as organizations and indi-viduals continue the ascent to their full potential.

©2008 Citrix Systems, Inc. All rights reserved. Citrix® is a trademark of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks andregistered trademarks are the property of their respective owners.

Find out how Citrix can have yourapplications, employees and businessworking together.

www.citrix.com

ABOUT THE AUTHOR

Russell Sarder co-founded NetCom Information Technology in 1997 with a view to help IT professionals get the best training to be effective in their corporate environments and careers. Differentiating NetCom with a focus on client excellence, Mr. Sarder has led NetCom to be recognized as a technical training leader. Today, NetCom’s success is driven by its successful alignment with industry leaders such as Microsoft, where Mr. Sarder in less than a decade brought NetCom to the global arena as Microsoft’s Global Learning Solution Partner for 2007. NetCom is a profitable, award-winning training leader that provides a wide variety of services to clients from over 20 major IT vendors. NetCom offers training solutions for more than 1000 technical, application and project management courses to Fortune 500 companies, businesses, government agencies and individuals. NetCom’s leading subject matter experts provide authorized hands-on education in the latest technologies from leading vendors including Adobe, Autodesk, Check Point, Cisco, Citrix, CIW, CompTIA, EC-Council, EMC, Intel, ITIL, Linux Institute, Microsoft, Novell, Oracle, PMI, SOX and Zend.


26 27

IT Skills CrunCh by Tom Clancy

VP of Education Services for EMC Corporation

Industry researcher IDC projects a six-fold increase in worldwide data between 2006 and 2010, largely due to the impact of the

Internet (The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010). By 2010, the global tally of data storage is projected at 988 exabytes, up from 161 exabytes in 2006.

This enormous growth is pressuring businesses to determine what must be stored and accessed online, what must be archived but immediately accessible, and what should be discarded—if

for no other reason than to survive the daily data onslaught and to stay

on top of industry regulatory requirements.

”The exponential growth of

d a t a

is a major factor that contributing to the IT skills shortage in data management,” said Tom Clancy, VP of Educational Services and Productivity at EMC (www.emc.com), a global data storage and infrastructure solutions provider. “There are also new regulations that require companies to hold onto data longer, and at the same time have immediate access to it,” Clancy continued.

“If you don’t have the in-house knowledge and experience to do this, you have to hire people. The cost of not addressing data management, with the rise of litigation, is too great. In short, the burgeoning amount of data is simply outpacing the ability to manage it.”

Rapidly growing data, data repositories and compliance measures are creating new roles for data storage administrators, such as business continuity administration and the comprehensive definition and organization of a total storage architecture.

The storage infrastructure has to be designed with an eye toward the requirements for data archiving, immediate data access and the ultimate protection of business-critical data. Implicit in this are best practices for day to day data backups, provisioning, archiving, replication, reporting and compliance.

“About 75% oft he companies we work with prefer to hire experienced people for data management,” said EMC’s Clancy. “If they hire new people, they want assurance that these people have the requisite storage knowledge

and experience. Possessing a technical certification in the discipline is the most objective way for companies to determine that.”

EMC offers the EMC Proven Professional Certification Program and storage education through many authorized companies.

“Business and IT leadership needs to understand that there is a skills gap in storage management and in the general area of storage,” said Tom Clancy. “Many companies have not yet made the systematic investment in their people to acquire the knowledge and develop the necessary experience, and have strictly focused on the bottom line without thinking of their present and future needs.

It takes a forward understanding of the data management crisis to budget for storage management training when funds are tight--but in the end, an educated person will be much more productive.”

Clancy says that data management and how to best match training and skills development with the associated IT knowledge shortfall frequently “comes to the top” when IT managers assess the needs of the business.

With awareness growing of the shortfall in data management knowledge and experience, organizations are also discovering that it isn’t so easy to hire an expert off the street.

“We believe in certification as another avenue to attain the critical knowledge in data management,” said Clancy. “There are certification programs out there that tie to the “hottest” job openings that companies are advertising and that individuals are interested in.

This includes areas like networking, virtualization, storage and security. Persons

Cisco Authorized CurriculumSponsored by Fast LaneA Cisco Learning solutions Partner

entering into these types of certifications should have the confidence that there will be job openings there.”

Clancy has this additional advice for individuals pursuing certification programs, and for the companies that are investing in their training:

If you are an individual, select a high growth area •

that you are genuinely interested in and get certified. Once you are certified, you’ve proven that you have know-how in the area and you open yourself up to opportunities to further develop your experience. You can continue to work yourself up the ladder of knowledge through advanced certifications.

If you are a business, recognize that you have to •

make training investments in people to obtain the critical skills you need from your staff. There is always some risk that you can “lose” the person to somebody else, but this is greatly outweighed by the return on investment you get from a highly-performing employee who is more than likely to stay.

Clancy and his organization are committed to providing all IT professionals with the skills they need to meet the challenges of storage and information management. To further address the IT skills shortage in storage, they have developed the EMC Academic Alliance program.

Launched in 2006, the program has enrolled over 170 universities and specifically offers technology curriculum that provides students with strong foundations for designing and managing IT infrastructures—helping shape the next generation of IT skills and workers. The program also complements the EMC Proven Professional Certification program.

For more information about the EMC Proven Professional Certification program, please visit http://education.emc.com.

Tom Clancy is Vice President of Education Services and Productivity for EMC Corporation. In his career at EMC, Tom has held various field and corporate roles, primarily in partner management of Original Equipment Manufactures, Independent Software Vendors and Channels. Prior to Education Services, Tom managed Global Sales Productivity, focusing on field development, best practices and change execution. Since 2002, his chief responsibility has been to re-align training initiatives to meet the requirements of EMC’s business model transformation from a hardware product company to a technology-led provider of systems, software and services. Under Tom’s direction, EMC has transitioned from traditional ILT to a much more blended JIT and situational learning approach for specialization and consulting.


3dSNMP’s ultra modern IPv6/IPv4 networking tools bring net-work management software to a new graphical level. Our Network Engineer’s Toolkit contains a myriad of tools with a stunning graphical user interface. We make network monitor-ing and troubleshooting a pleasure.

call 888.572.5834 or visit www.3dSNMP.com for a FREE Downloadable Demo.

accurateaffordable

IPv6 / IPv4 Network Management Tools for Todays PC’s

30

The best WLAN product does not always win. Just ask Apple about the 1980s and 1990s. Ask any startup IT company that built a superior product, but got beat in the market by the bigger, more established competition.

In the WLAN market, there are many players in the Small Of-fice Home Office (SOHO), Small and Medium Business (SMB), and enterprise markets. All of these companies have legitimate products or they would not be able to survive very long, especially in the enterprise space. In the SOHO market, success is largely about buying shelf space so that your product is seen more often than your competitors’ products in the Best Buy, Office Depot, and Amazon storefronts.

For companies in the SMB and enterprise markets, it’s all about the knowledge that distributor sales channels have about your product. It’s not enough that your SEs (sales experts) and VAR SEs (value-added reseller sales experts) “know wireless,” or that they are gen-eral IP networking experts nor is it enough that your SEs and VAR SEs know how to install and use your WLAN product.

Your SEs and VAR SEs not only have to know your product inside and out, but they have to know why your product is better than each and every one of your competitors’ products. No single pro-vider’s WLAN solution can solve every customer need, so your SEs have to know all the technology behind all the products that are in their market space. In this way, they can understand where your product fits best, where it fits worst, and where it doesn’t fit at all. These SEs have to understand why your product is better than the competition’s, not just the fact that your marketing team believes it’s better.

Your SEs and your VAR SEs must be the best trained in the in-dustry. Microsoft and Cisco learned this lesson a long time ago.

Microsoft removed Novell from the network-ing software market by training and certify-ing hundreds of thousands of MCSEs. What networking software does an MCSE recom-mend? Microsoft. Cisco took over the routing market, switching market, and by some ac-counts the security market through building (or buying) great products, and by educating their technical sales channel. The same par-adigm exists today in the enterprise WLAN Market. The best products do not always win, and the most innovative approach does not always win. The winner is the player with the best technical sales channel. According to Dell’Oro Group, the top players in the En-terprise WLAN market are Cisco, Aruba, Mo-torola, and Meru. All have great enterprise WLAN controller products. But what happens when they meet head-to-head at a customer site, with the customer asking why he should implement one or the other—or both?

The analogy is this: If you handed me the biggest, most highly featured and security rich router in the world, it would make a really nice doorstop. Why? Because I don’t have the slightest idea how to use it. Today’s high-

end enterprise WLAN controllers can do some amazing things, but not without a properly trained administrator or engineer in the driver’s seat. Your product’s feature sets might impress potential customers, but equipment doesn’t buy or sell equipment: people do. Customers build relationships with your account managers (AM) and sales engineers (SE), not with a WLAN controller. A highly-skilled SE can take any good product and win a bake-off-

provided the product in the bakeoff fits the customer’s needs.

The moral of the story is that the best product does not always win. The most thoroughly trained technical channel or-ganization wins.

Dell’Oro Group also predicted that improved security, notebooks with built-in Wi-Fi radios, and the coming boom in mobile VoIP around the office will cause the enterprise wireless LAN market to more than double in revenue by 2009. That’s just a year away. Want a piece of that $3.5 billion pie? Invest in your technical sales channel by getting them properly trained. Right now, the most sig-nificant and consistent gap we see is the one between each ven-dor’s core design team and its field SEs. The answer is training. Invest in your employees, as well as your technology.

Kevin Sandlin, Chief Executive Officer, CWNP is the primary business and marketing manager for Planet3 Wireless. Sandlin has twelve years of high tech marketing, management, business and product development experience. He developed the financial model and managed the overall process of the 1995 IPO of A.D.A.M. Software, Inc. Sandlin also managed the acquisition of TSI, a leading fax service bureau, by First Data Corporation (NYSE:FDC) in 1997. Sandlin was Director of Business Development and behind the re-launch of the Western Union’s worldwide internet services division. He holds a BA from Presbyterian College in Clinton, SC, an MBA from Georgia State University, and management certificates from Kellogg, Fuqua, and Wharton business schools.

“The winner is the player with the best technical

sales channel”


The BEST

WLANProduct

by Kevin Sandlin CEO CWNP

32

Routers continue to come in all shapes and sizes, with duties that range from total enterprise

traffic routing to routing responsibili-ties for small and medium-sized back offices and businesses.

Regardless of application, all routers require robust security measures to cope with the myriad of security threats that confront today’s technology.

These security threats have grown ex-ponentially with the popularization of the Internet for data and voice traffic transport. It is no longer enough for IT professionals to apply secu-rity techniques and policies alone. Router manufacturers like Cisco realize that enterprise security must be “baked into” the routers in the form of embedded systems that harden communications resources like routers from security threats and attacks.

The Cisco Self-Defined Network is applied to a new generation of routers that blend expertise in rout-ing with best of class security. These Cisco routers use firewall and intrusion protection technologies and directly incorporate Cisco IO software security into the routers themselves. One prime directive of the integrated IOS is to protect against router break-ins, since routers often function on the edges of networks and are ready-made targets for would-be intruders.

Hardened Cisco security is included in series 800, 1800, 2800, and 3800 rout-ers. This security addresses vital areas in trust and identity; vulnerability and attack protection; and secure connec-tivity for data and voice traffic.

Trust and IdentityCisco routers use the Network Admis-sion Control (NAC) method that Cisco has advanced to the networking industry as an industry-wide standard. A central purpose of NAC is ensuring that every endpoint device complies with the net-work security procedure of the enterprise using them. If not, access is denied. Cisco routers also use AAA security services for the setup and dynamic configuration of user authentication and authorization. These services are organized around the 802.1x standard, which makes un-authorized access more difficult by re-

quiring valid access credentials. Cisco 800, 1800, 2800 and 3800 series rout-ers come equipped with fully integrated USB 1.1 ports that enable both security and storage. These ports are often used for securing VPN connections.

Vulnerability and Security Attack ProtectionCisco routers use a control plane to po-lice the network from denial of service (DoS) attacks. The Cisco IOS has the ability to limit rates of traffic to the control plane processor. This dimin-ishes the opportunity for DoS attacks to occur.

Security Protection for Data and Voice TrafficCisco incorporates security protection in its routers for every type of network traf-fic imaginable in business. This includes VPN tunneling and encryption, and the support of various types of VPNs—from virtual tunnel VPNs to easy VPNs and DMV VPNs. For voice traffic, Cisco routers also provide secure voice securi-ty for non-IP-based telephony like TDM (time-division multiplexor) and analog voice. The routers use AES (Advanced Encryption Standard), the most robust encryption formula available for voice.

Determining What’s Right for Your SiteThe many security options af-forded by Cisco routers are best utilized by IT security policies and expertise that optimize the possibilities of the particular se-curity and compliance environ-ment of the enterprise the routers are used in. This is a critical issue, since usually the router comes preconfigured with “default” se-curity settings that can create traf-

fic security issues for the enterprise that auditors and compliance officials are un-happy with.

Cisco courses and certifications assist IT professionals in keeping on top of opti-mal security configurations, as do pub-lished best practices and industry expe-rience. From an investment standpoint, the important thing is that the new series of Cisco routers, regardless of size, come equipped with enough resident security to meet the needs of all types and sizes of enterprises and businesses—easier than ever before.

Security Comes “Baked In” on Latest Cisco Routers

by Mary Shacklett


MAXIMIZE YOUR CREATIVITY and efficiency on the tools you use with the premier digital media training center in the nation.

Since 1994, FMC has provided manufacturer-

authorized training in digital film and

video editing, motion graphics, web

development, sound design, DVD

authoring, 3D animation, desktop

publishing and Mac OS X.

FMC provides:

Certified trainers and curriculum.

Small class sizes (max 8).

State-of-the-art equipment.

Manufacturer’s Certificate of Merit.

Weekday, weekend and custom-scheduled courses.

All level courses including certification exams.

On-site training worldwide.

Corporate training programs.

www.FMCtraining.com

New York

212.233.3500

Boston

617.621.1155

Philadelphia

212.922.2500

Washington, DC

202.429.9700

Chicago & MidWest

312.566.0400

Miami

305.263.6644

Orlando

407.354.4866

Dubai

+971.4.360.4554

TRAINING A NEW GENERATION OF DIGITAL ARTISTS.TRAINING

36 37

Password recovery has become a necessary procedure for most Administrators and Cisco Instructors teaching the introductory courses such as the CCNA. Recovering the passwords for most Cisco devices via the console port is very simple. However, Cisco has acquired so many other vendors that put the Cisco label on their devices that the procedures for password recovery vary

greatly from one Cisco device to another. In addition, the Cisco password recovery procedures have also changed with IOS upgrades.

The purpose of this article is to present a clear and concise approach to password recovery for Cisco 2600 and 2811 routers. It describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and con-figuration modes. The enable password can be recovered, but the enable secret password is encrypted and must be replaced with a new password. Use the steps outlined below to recover your password:

Password Recovery for Cisco Routers

by Michael Govinda

Attach a PC to the console port of the router. Ensure 1. that you have a terminal emulation program running on your PC. Hyper Terminal is a good example of a ter-minal emulation program. Use the following terminal settings:

Power the router off and then back on.2.

Press Break on the terminal keyboard within 60 seconds 3. of power-up in order to put the router into ROMvMON.This is usually achieved by holding down the CTRL and Break keys simultaneously.

Type confreg 0x2142 at the rommon1> prompt in order 4. to boot from Flash. This step bypasses the startup con-figuration where the passwords are stored.

Type reset at the rommon2> prompt. The router reboots, 5. but ignores the saved configuration.

Type no after each setup question.6.

Type enable at the Router> prompt.7.

Type configure terminal. The Router(config)# prompt 8. appears.

Type enable secret <password> to change the enable 9. secret password. For example: Router(config)#enable secret <password>

Type config−register <configuration_register_setting>.10. Router(config)#config−register 0x2102

Press Ctrl−z or end in order to leave the configuration 11. mode. The Router# prompt appears.

Type copy running−config startup−config to save the 12. changes.

9600 baud rate;• No parity;• 8 data bits;• 1 stop bit;• No flow control.•

Howto CTT+, MCT, CNI, MCSE, MCDBA, MCSD, MCNE, CCIE, SCSA,

SCJP, CCNP, CCDP, OCP, MCIW, and CCA

Example for the Cisco 26 0 RouterAfter issuing the break command on boot up, the router enters into ROMMON mode.

rommon 1>confreg 0x2142rommon 2v>resetRouter>enableRouter#configure terminalRouter(config)#enable secret < password >Router(config)#endRouter#copy running−config startup−configRouter#show version Configuration register is 0x2142Router#configure terminalRouter(config)#config−register 0x2102Router(config)#endRouter#show version Configuration register is 0x2142 (will be 0x2102 at next reload)Router#copy running−config startup−configRouter#reloadRouter>enableRouter#show versionConfiguration register is 0x2102

A Final Precautionary Word

Cisco advises that, “Physical access to a computer or router usually gives a sophisticated user complete control over the device. Software security measures can often be circumvented when access to the hard-ware is not controlled.”

For this reason, while Password recovery may be a useful procedure in allowing you access back into your router, it can also be extremely dangerous and

damaging if it is performed by someone who is not authorized to configure your router. An unauthorized person can and will execute the same procedure out-lined above, and then take control of your router and possibly the rest of your network.

Ensure that console access to your router and other devices is restricted only to authorized personnel. In addition, you should regularly perform accounting, auditing and logging on all routers.

ABOUT THE AUTHOR

Michael Govinda teaches Cisco official courses at Award-Winning NetCom Information Technology. Prior to this, he was the Department Chair and Senior Instructor for The Chubb Institute. He has over 17 years of professional experience in the IT field, which includes over 13 years as certified Trainer. During the course of his career Mr. Govinda has achieved many certifications including CTT+, MCT, CNI, MCSE, MCDBA, MCSD, MCNE, CCIE, SCSA, SCJP, CCNP, CCDP, OCP, MCIW, and CCA. His tremendous expertise, experience and communica-tion skills make him an invaluable trainer. His goal is to provide quality training to new students and seasoned IT professionals.


38

Branch offices, global villages and home-based offices de-mand state-of-the-art, dis-

tributed data and voice communica-tions. They place huge demands on IT to be “anywhere, anytime” for maintenance, troubleshooting and operation of these systems. This IT maintenance of distributed comput-ing, according to industry analysts, accounts for as much as 80 percent of ongoing technology operation costs.

One answer to geographically dis-tributed hardware, routers and serv-ers—and their cost—is the Cisco Integrated Service Router (ISR) (www.cisco.com/en/US/docs/rout-ers/access/1800/1801/hardware/in-stallation/guide/hig.html). The Cisco ISR allows for virtualization of rout-ers, with branches and remote offices receiving premium services from the router as if it were in their own “back room.”

Here is how it works:In a virtualized deployment, the ac-tual physical router is located in the corporate data center. Through virtu-alization and partitioning technolo-gies and techniques, IT is able to run dedicated router resources for geo-graphically distributed offices—and attend to maintenance, upgrades and troubleshooting from the central data center where maximum IT expertise and resources are available.

Virtualization of routers, servers, operating systems and software has been one of the top two IT trends

over the past three years. Organiza-tions have realized that a handsome return on investment (ROI) can quickly be gained with virtualization services that allow IT to “stay put” in a data center at headquarters, instead of going on the road to solve branch computing issues in the field.

Virtualization has paid off in other areas as well—such as better use of computing resources, reductions in the numbers of physical servers and software licenses, and the ability to execute failovers with speed and agility.

Overcoming User Resistance to Virtualization Although the cost savings and op-erational efficiencies data is in on virtualization, there are still pockets of user resistance when it comes to losing physical servers in remote of-fices and locations.

Branch office managers do not like to cede control of physical routers and servers to an IT department in anoth-er location. In the past, these branch managers have experienced losing customers and good faith when rout-ers and servers were down. They also don’t understand the concept and the technical capabilities of virtu-alization, and they feel more secure knowing that they have their own computing resources onsite. Two es-pecially resistant industries are retail and financial services. Both industries have customers who are constantly putting through transactions at local

stores and branches—and who grow impatient when systems are “down.” Both also use software and systems that typically have built-in “store and forward” mechanisms that trigger when the central processing router or server at headquarters, the ultimate recipient of in-store or in-bank trans-actions, becomes unavailable.

During these times, the computing problem issue is entirely transparent to customers, who continue to pro-cess in-store or in-bank transactions with the local store and forward serv-er logging the transactions—and then later transferring all transactional activity to the corporate mainframe or server when that resource comes back online.

If IT provides effective education on virtualization and failover to busi-ness managers, along with an actual demonstration of virtualization in action, these managers will become more receptive to the concept. They will also quickly see the benefits of instantaneous problem resolution that no longer requires an IT person to physically travel to a site. Above all, the critical thing for managers with end P&L responsibility to know is that their customers will always be served by their systems—and that they are not “losing anything” when the physical server is removed from the premises.

In a virtualization strategy, Cisco 3800 Integrated Services Routers (ISRs) are one of the most robust so-

Integrated Service Routers for Virtualization and Branch-Based Computing

FITs the Bill

lutions available for multiple branches on a single server at headquarters. These ISRs can handle concurrent voice, data, security and end applications, and they are both modular and scalable. Most importantly, they provide peace of mind to IT and business users.

If you are in an industry that relies on in-store and in-branch distributed servers, the Cisco 1861 Integrated Services Rout-er will integrate voice, call processing, voicemail, automated attendant, conferencing and security. It enables anytime, any-where secure access to information.

Cisco offers a full slate of certifications for technical person-nel on these new Cisco routers.

Certifications are available in the area of:• Routing and Switching• Security• Storage Networking • Voice

Courses are also available for quicker technical introductions to the routers—or for training of in-branch or in-store busi-ness personnel.

www.colesystems.com

40 41

GSA Training DiscountsGSA Training Discounts

www.FMCtraining.com

• Certified Instructors and curriculum• Small size - 8 student maximum!• State-of-the-art equipment and software• Manufacturer certificate of completion

• Weekday and weekend courses• Beginner and advanced level courses• On-site training worldwide• Satisfaction guaranteed

FUTURE MEDIA CONCEPTS, INC., the nation's premier digital media training center, provides manufacturer-authorized training in all areas of digital media including digital video and film editing, web design and development, sound design, DVD authoring, 3D animation, motion graphics, desktop publishing and OS X. FMC is an authorized training provider for Adobe, Apple, Autodesk, Avid, Boris, Digidesign, NewTek and Softimage.

► Individual Courses: 17.25% off► Multiple Enrollment: 20% off► Passports, Master Classes, On-Sites: 20% off

Instructor-Led Training, Schedule 69Contract: GS-02F-0235R

Information Technology, Schedule 70Contract: GS-35F-0414T

FMC’s GSA Contracts:

Special GSA Rates

www.colesys.com

As an instructor, I am often asked by people why they should attend Certified Ethical Hacker training. Certified Ethical Hacker is a course presented by EC-Council that, in my mind,

should be attended by anyone in the security field, and by every network administrator and systems engineer. I know this covers a lot of ground, but an Ethical Hacking course is not meant to create tomorrow’s hackers or crackers. It is meant to inform us, the “good guys,” on how the “bad guys” think—and what they are currently up to.

Hacking is EverywhereWe all read, almost daily, about the latest hack, database exposure or identity theft—and we think we are doing all we can to prevent that from happening to us. Unfortunately, sometimes we couldn’t be further from the truth. For example, every household in the U.S. has a lock on the front door, and we all believe that this will keep most of the “bad guys” out. Fine, except they are ahead of us. Have you ever heard of the “bump-key” technique for opening a pin tumbler lock by using a specially-crafted key? The Masterlock people have. As far back as November, 2007, they have marketed a lock that is resistant to this practice. Did you purchase one of these locks? Do you have one of them now?

Our computer systems are no different. There are many areas that leave us exposed to data or identity theft. Do you have a password on your computer? Is it more than 15 characters long? Most of the world is still using eight- or ten-character passwords which can be cracked in less than 20 minutes with the latest innovations, once physical or network connectivity has been accomplished. Hackers can also can boot a computer from a bootable CD, complete with an operating system on it, and recover your password quickly, defeating even encrypted file systems.

It is not that these criminals are that much smarter than we are. They are merely more aware of the weaknesses of computers and the people who use them. The latest threat is “drive-by” hacking, which consists of going to a Web page with the latest browser, and downloading a tiny program to your computer.

The purpose of this program is to “phone home,” and then download a larger program to your computer that may contain rootkits, email daemons, or Trojans which are designed to give the criminal your data—or to turn control of your computer over to the criminal so the machine can be used

for an Internet attack, or for information needed for identity theft. This is as transparent as a cookie, and will not ask for your permission.Social hacking activities go on around the clock. While we are focusing on work and other daily priorities, the “bad guys” are devoting all of their time looking for that one vulnerability to exploit. They no longer need to be master programmers or highly technical engineers. They only have to be able to download the latest hack program and execute it.

If you download music, or buy a music CD from the store and play it on your computer, you could be installing a "rootkit"-a program designed to take fundamental control on your computer. Just ask those people

who bought music CDs from a well-known music retailer that were infected with a program that gathered and then emailed information from their computers. There are also other retailers who ask you to install a program on your computer to improve your experience. The program allows the store and its employees to see all of your Internet traffic, including your encrypted bank sessions, stock purchases and even your telephone conversations if you are using VoIP (voice over IP) for your phone system.

Many people I speak with have at least one firewall in place—but in many cases, a single firewall is not sufficient. Using two firewalls is a better approach. Minimally, I recommend one firewall for hardware and a second firewall for software. This should be accompanied by scanning your PC constantly.

Hacking threats are with us every day, and are constantly evolving. This is what makes it so critical to receive the training in ethical hacking that can enable individuals and organizations to fight back.

The Growing Need for Ethical Hacker

Training by Richard LandriganCEH, CHFI, Security+, MCT,

MCDST, MCSE, CWNP

Richard Landrigan is Vice President of Compuceuticals LLC, a subsidiary of Federal Computers LLC, NY and NJ that provides on-site training and consulting services to corporations, schools, government agencies and other organizations. As an experienced network administrator, security consultant, vulnerability assessment and penetration tester, MCT and certified CEH/CHFI Instructor, he consults regularly with executives from a wide variety of fields to help create synergistic solutions to business-impacting problems.


43

H@cker HaltedTM

U S A2 0 0 8

Hacker Halted USA will be held in conjunction with the 10th Techno Security Conference and the Access Data User Conference. Over 1,000 Information Security Specialists will attend this event and there will be over 150 exhibitors exhibiting the latest and the greatest tools and technology in Information Security.

For further details, please visit http://www.hackerhalted.com

Presented by EC-Council, the global series of Hacker Halted conferences is raising international awareness towards increased education and ethics in IT Security. It has been successfully held in Mexico City, Dubai, Singapore, Kuala Lumpur, Taipei, Hong Kong and now in Myrtle Beach, SC

The International Platform for IT Security Professionals

The 10th Hacker Halted in association with TechnoSecurity

Myrtle Beach, South Carolina, USA May 29 - June 4 , 2008

Obtain your CEH v6Attend the World's Most Advanced Ethical Hacking Course

at Hacker Halted Conference C EHTM

Certified Ethical Hacker

Obtain your CHFIAttend the Computer Hacking Forensic Investigator Course

at Hacker Halted Conference

Obtain your ECSA/LPTAttend the Licensed Penetration Tester Course

at Hacker Halted Conference

C HFIComputer Hacking Forensic

INVESTIGATOR

TM

L P TTM

Licensed Penetration Tester

In January of this year, TJX, operator of discount chains including T.J. Maxx and Marshalls. was hacked, put-ting shoppers at risk of identity fraud. Intruders ac-

cessed systems used to process and store customer transac-tion data and handle credit card, debit card, check and return transactions. Stores affected were T.J. Maxx, Marshalls, and HomeGoods; A.J. Wright stores in the U.S. and Puerto Rico; and the Winners and HomeSense stores in Canada.

The exposed data covers the year 2003, and the period from mid-May through December 2006. The breach of sensitive personal information held by TJX was foreseeable, but there was also a report alleging that the company failed to put in place adequate security safeguards. The company collected too much personal information, kept it too long, and relied on weak encryption technology to protect the information. This put the privacy of millions of its customers at risk.

In another incident that occurred in September 2007, Micro-soft apologized for a problem that caused some visitors to its MSN site in Taiwan to be redirected to a non-Microsoft site.

In November 2007, Monster.com was attacked and hacked with the hackers using the site to feed exploits to visitors. This forced Monster.com to take down a portion of its on-line job search service.

However, the most serious case of all involved the govern-ment of Estonia. Estonia was a target of a synchronous at-tack. At the peak of the attack, 20,000 networks of com-promised computers were being linked, indicating that an organization was behind the barrage of network traffic. Es-tonia government websites were targeted, and the Internet had calls to join in the attack and hack Estonia.

In the second phase of the attack, there was a gathering of botnets that was used to launch attacks against the routers of ISPs hosting Estonian government sites. Distributed denial-of-service (DDoS) attacks against the two main banks in Estonia, Hansabank and SEB Eesti Ühispank, were the major focus of

the attack. This was critical to Estonia, since it was highly dependent on Internet banking.

Why are all of these attacks happening on major networks, corporations and countries? What happened to all of the se-curity policies and practices, and what can we do to reduce these attacks?

One reason is that some corporations tend to equate the strength of their corporate networks with the amount of their corporate budgetary commitments to security. What they fail to understand is that, even if they invest in the best technology, security is only as good as the weakest link—including the human link. That human link can be an ill-informed administrator, a disgruntled employee or an inept security professional.

It is common, as well, for corporations to invest in “the lat-est technologies.” These include biometrics, cryptography, firewalls, intrusion detection systems, anti virus programs, intrusion prevention systems, and more. At the same time that companies invest, they should also be asking: “Who is the person in the company who completely understands all of the configuration and security challenges that our mul-tiple installation raise? Who is monitoring for automated security vulnerabilities caused by these installations?”

Companies rely on patch management software to assist them in updating their operating systems, and in keeping these sys-tems secure. However, what about the executives who were in a flight the day the patches were uploaded? Are their lap-

To Hack or Not to HackEthically?Copyrights reserved by EC-Council.

by Sanjay BavisiPresident of EC-Council

“What they fail to understand is that, even if they invest in the best technology, security is only as good as the weakest link—including the

human link.”

44

tops updated? Obviously, they have missed the patches and hence, they become a “weak link” for the security of the organization!

Corporations need to recognize that no matter how good their produc-tion systems are in terms of functionality, they can be compromised easily if vulnerabilities remain un-patched. How can these organiza-tions empower their network administrators to man their information highways efficiently?

The average network administrator spends significant time managing a slow Internet connection, replacing a damaged mouse, or trouble-shooting a cloudy monitor screen. This is not the case with a proac-tive administrator, who continually monitors the network, analyzes log files and screens for internal and external security intrusions.

An average corporation deploys hundreds of computers, and each knowledge worker has his own machine. These machines are loaded with top-notch security software that includes anti-virus software, firewalls, highly secure passwords, etc. Meanwhile, the aim of the hacker is to get into the system at any cost.

The intrusions can be quite creative, like an after-hours cleaning crew team that is part of an espionage team. What if they install a physical key logging device that monitored every keystroke you typed? What if the device has the capability to monitor every screen shot, too? What if the key logger had a wireless capacity to transmit the data to the “captain” of the espionage team, seated across the road in a fast food chain, eating his favorite burger?

Few in the industry today understand the complexities of the hacking world or that the most recent hacking tools available for download on the Internet can be used to compromise the network with just a mouse click. One of the reasons we are in this predicament today is because the same companies that manufacture computer equipment and oper-ating systems, also train systems administrators in a vendor-specific environments.

The focus of security training, therefore, is on equipment and soft-ware—and not necessarily on human factors, and other potentially threatening elements. Malicious hackers are aware of these vulner-

abilities. Given all these technical and human aspects of security, what makes a system administrator stand out from the crowd? The International Council of E-Commerce Consultants (EC-Council) offers a certification course in ethical hacking.

Certified Ethical Hacker (CEH) training gives IT systems profession-als a mastery of hacking tools and security systems, as well as knowl-edge of how to hack via Windows and Linux. Students learn strong security system techniques, including how to deploy countermeasures that will prevent or contain hacker attacks. Information security pro-fessionals who carry the CEH certification are qualified to administer non-destructive penetration testing to e-commerce, e-business, IT security and other types of computer networks or systems.

The Certified Ethical Hacker certification also arms systems admin-istrators with critical information to identify, counter and defend the corporate network against harmful agents. It takes administrators into the minds of the attackers, and enables them to assess the security pos-ture of the network from an attacker’s perspective. This differentiated perspective allows agile system administrators to deploy pro-active countermeasures, and to stay at the bleeding edge of information se-curity developments.

A Microsoft Certified Systems Engineer (MCSE) equipped with CEH can address his organization’s information security resources in a sharp, focused and adaptable manner. He deals with security initia-tives productively, rather than restricting the efficiency of the organi-zation. Functionality is enhanced, and not lost in the process of secur-ing the organization. This is why an MCSE armed with the knowledge of hacking, can significantly reduce the number of security breaches.

An MCSE with CEH stands out from the crowd because he is equipped with the critical knowledge that makes him an extraordinary systems administrator. He is sought after by organizations, because he brings more value to the table. He improves the organization’s return on se-curity investment, and he reduces external security assessment costs. He is more than the guy who makes sure that cables connect or printers work. He is a vigilant systems administrator, constantly re-assessing and defending the organization’s network, and enabling other employ-ees to improve efficiency in a productive workspace.

ABOUT THE AUTHOR

Sanjay Bavisi is a leading consultant, columnist and speaker for many local and international companies and government organizations. He is a Certified e-Business Professional and the T i.e. the International Council of Electronic Consultants. A distinguished and popular speaker, he has conducted training and presented papers at numerous events. He is a strong believer of Ethical Hacking and Countermeasures.


Cer r rrS zesState-of-the-ar nM rer’ Certifi at MerWeekday, week

t sA evertifi a e s

On-sit r wor dwideCor orat r ro r s

A rized Tr Center

Mac OS X LeopardC for ow

FMC Provides

www.FMCtraining.com | 877.362.8724New York · Boston · Washington, DC · Miami · Orlando · Chicago & Midwest · Dubai

TigerM ntr t M for T Prof

M M or Essen

M or M for Window A rators

M M Serv Essen

M M D o n

M Dire tor Sv nt ra A C nt/Svr

M S rit B Pra ti f M

LeopardM M or Essen

M M Serv Essen

M M M Serv Dire tor Servi

M M M Serv D o n

M M M Serv Advan A ra

About Future Media ConceptsSin , ro

r riz r,

r s, w ev nt,, D rin ,

a t

o fer Atr fea r b L rand T a a r

C r h A e’riz rr

instr t t rev rof rainin

48 49

More corporate IT departments are realizing that technol-ogy training should be addressed by IT with a process that goes beyond simple budgeting and fulfillment.

One reason is limitations of corporate training departments when it comes to prescribing and monitoring technical training. A sec-ond reason is the rapidity of technology change that IT must keep pace with. In the past three years alone, virtualization (which demands new thinking about network management), new OSs and servers (like Microsoft Vista and Server 2008), new security requirements (for emerging areas like social engineering, DNS attacks, etc.) and new Web services deployments, have all pre-sented technologies that factor into the IT workload.

How do you create a training program that infuses these critical new technology skillsets into your staff and projects?

ThE CORnERSTOnES OF IT TRAInInGEffective IT training rests on four cornerstones:1. Clear Goals

IT managers and staff should determine which types of training will be purchased or performed, who is going to receive the training, and who is going to ensure that the knowledge transfer from the training occurs.

2. Timely Investment Training is optimized when it is immediately applied. IT managers

must ensure that this happens if maximum results from training are to be attained.

3. Calculated ReturnsFor every training planned, IT managers and staff should define be-forehand how the training will be used in the projects it is applied to. This creates training metrics that results can be tracked against.

4. Process ImprovementTraining and projects should be reviewed annually to see which train-ing and projects really went well and which can be improved. The end goal is continuous improvement of the training Process—from plan-ning and procurement through knowledge transfer to projects.

SETTInG UP YOUR TRAInInG FUnCTIOnIT can take these steps to assure a results-oriented program:

Meet with Managers to determine needs and budgetMost IT departments take their closest looks at training invest-ments during annual budget cycles. They assess staff skills short-falls, look at staff, and decide who should be trained in which skills areas to improve overall IT performance. The process suc-ceeds in identifying and budgeting for training—but it often fails to follow the process once training is completed. Process moni-toring is essential to assure that skills transfer takes place. This follow-up should be with both the trainee and with the project mangers that the trainee is expected to bring his newly developed skills to.

Creating an Effective Internal IT Training Function by Mary Shacklett

Identify training objectives by project or functionOne way to facilitate the tracking of training results is to ask IT managers to match training investments to projects as well as to employees. In the end, managers must ask themselves if the train-ing delivered the desired value to the projects. This ensures that training investments match up with busi-ness and technology needs.

At the same time that IT managers identify the specific projects and initiatives that they expect the train-ing to deliver value to—they should fur-nish timelines of when the projects requiring training will be coming online. In this way, the timing and the budgetary in-vestment of the training can be matched to the anticipated start dates of the projects that the training is intended to benefit.

Set metricsCIOs should have high expectations of both their line managers and their training partners. One way to facilitate this is to ask managers to draw up lists of very specific goals where training will benefit the projects they are charged with. In other words, instead of stating a project need for training as “ability to interact with end users,” the training goals for that overall need might be expressed as a set of specific skills and capabilities such as:

Ability to give an oral presentation;• Ability to produce Microsoft Powerpoint presentations;• Ability to conduct meetings;• Ability to write a system requirements document;• Ability to use a project management software to input and • maintain project tasks;Ability to conduct a system review and/or test with end • business users.

By breaking down overall objectives into more specific and project-directed goals, the organization (and the employee) are better able to communicate with professional trainers to let them know exactly what the company expects from the training.

Talent-scout your organization and set development objec-tives with staff:If you have mentors, set mentor objectives, such as training a spe-cific employee to be able to handle day to day network manage-ment duties within six months. Managers should also be tasked

with employee development objectives. These begin with effec-tive “talent scouting” of staff to determine who is best suited for roles on projects (e.g., you might have a solid programmer who has demonstrated the ability to easily work with users, and who might with soft skills development be turned into a project man-

ager in a year). In this way, you can specify a particular training re-gime and the goals and time frames in IT proj-ects that the training must deliver results to. The training should be included as an objec-tive in the employee’s personal goals for the coming year that will

be assessed during his annual performance evaluation. This pro-cess lets the employee know that you are investing in him, and that you also have expectations in return.

Identify an internal resource who can coordinate trainingIT departments with effective training programs assign an inter-nal resource person who schedules training and tracks training results against projects in the same way that resources are on staff to track projects and budgets. In very small IT departments, this might mean a general administrative person who also maintains a spreadsheet or a database with training prescriptions, metrics and results. Larger staffs often hire an individual with both a training/education and a technology background who conducts the training function on a fulltime basis, and who also provides consultation services to employees and managers. In either case, the training administration, metrics and results tracking process is greatly facilitated if there is administrative support and follow-up with line managers. Designating one person with administrative authority for the training function establishes a central control whenever training-related questions arise.

Partner with training vendors that share your commitmentChoose training vendors that are results-oriented and that can work with you. The best way to do this is to personally meet with vendors and share your specific project and training needs, along with performance-related goals and training expectations. You should ask the vendor about its training methodology, and how it can work with you to deliver skills that will support your projects and your employees. Last but not least, ask the vendor for a list of references. These references will tell you how effective the training was in delivering immediate value and results to their project goals.

“Larger staffs often hire an individual with both a training/education and a

technology background who conducts the training function on a fulltime basis,

and who also provides consultation services to employees and managers.”

51

by Mudit Mittal

TOP Reasonswhy certifications are important for IT professionals

So why are certifications important anyway? In my previous column, I talked about what certifications can do for you, and how to get them. I want to thank the readers for responding with questions and comments. I answer some of the questions through this column, and emphasize why certifications are important for IT professionals.

Differentiate yourself Stand out from the crowd. An individual who is a Cisco CCIE doesn’t need to explain how much about Cisco technologies he or she might know. People “in the know” understand the value of certifications. They know that if you are certified, you know what you say you know, and depending on your certification, how much you know. Cer-tifications are a better yard stick for an objective measure of your skill level than self proclaimed competency.

Committed to your causeWhat have you done differently lately? Everyone continuously has to learn new skills to stay ahead of the game. How can you show your peers, managers and potential employers that you are committed to your cause and specialty? Without getting the latest certifications, you will only stay as sharp as the business end of an old pencil.

Show me the money!Certifications open doors for better paying jobs. In a July 2006 study by Gartner (Gartner 2006 IT Market Compensation Study), hiring manag-ers and IT managers from 188 U.S. corporations were surveyed. When asked, “What premium, as a percentage of base salary, are you willing for pay for individuals possessing the follow-ing certifications?” the majority hardly showed a raise – because they wouldn’t even hire a person without certification! The study did surmise that the added market value that a certification brings can be as high as 30%—40%, while the average salary uplift reported across all certifications in the study was in the 5%—11% range.

Making the world a better placeGetting certified is no walk in the park. When you become certified, you put in a lot of hard work. There is an enormous amount of material to be appreciated, absorbed and assimilated, together with a lot of hands-on practice. There are also exam preparation and practice tests to go through. Real money has to be spent, perhaps, towards getting good quality training, and defi-nitely for exam vouchers.

But the rewards are worth it. By virtue of becom-ing certified, you learn the subject matter. You are able to perform related job functions. You help companies solve business problems. You con-tribute toward companies making their products faster, and you provide services more efficiently, while keeping customer service high. No matter how small a cog in the grand scheme of things you think you are, you make the world a better place, one certification at a time. Satisfaction and increased confidenceThe most important reason is (yes, even more im-portant than money), because certifications help you increase your confidence. You work hard, and you achieve a tangible recognition. There is no better reward than the satisfaction of a job well done.

TOP 5 Reasons

ABOUT THE AUTHOR

Mudit Mittal is General Manager at NetCom Information Technology, an award-winning technology training provider. Mudit has played a key role in the technology training industry since 2000 and has been instrumental in bringing learning & certification solutions to organizations and IT professionals. He initiated the bootcamp division at NetCom which in two short years became a nationally reckoned force, recognized for its high quality training and customer oriented service. Mudit holds an MBA with a technology and marketing focus from Indiana University’s Kelley School of Business and a Bachelor of Technology from Indian Institute of Technology, Delhi, India.


53

Much like the VHS vs. Betamax format war during the late 1970s and early 1980s, HD DVD was in a “format war” with rival format Blu-ray Disc to determine which would become the leading format for high-definition

content to consumers. On February 19, 2008, HD-DVD apparently lost that war, when Toshiba made an official announcement that it would no longer develop, manufacture, and market HD DVD players and recorders. Microsoft followed suit by saying it would stop making HD DVD players for its Xbox 360 video game system, although it would continue to provide standard warranty support for its HD DVD players.

Microsoft, Intel and NEC Corporation were three of HD DVD’s main backers, and their support was critical to the success of Toshiba’s HD-DVD format. Just recently, Toshiba President Atsutoshi Nishida estimated that around 300,000 people own the Microsoft video player, sold as a separate $130 add-on for the Xbox 360. In a written statement, Blair Westlake, corporate vice president of Microsoft’s media and entertainment group, said, “HD DVD is one of the several ways we offer a high definition experience to consumers, and we will continue to give consumers the choice to enjoy digital distribution of high definition movies and TV shows directly to their living room, along with playback of the DVD movies they already own,”

I believe this untimely end to the format wars will leave consumers worse off, because at this time, HD-DVD offers a superior feature set on its players, along with lower price points. Corporate data centers, as well, will need to consider Blu-ray’s impact on their backup and storage operations.

One Last Look at Blu-ray versus hD-DVD Blu-ray and HD-DVD both deliver a sharply detailed, color-rich picture and audio capable of making home theater sound like being there. Both have extra storage space for features such as multi-language broadcasts, directors’ cuts, and interactive menus (though Blu-ray has more storage capacity).

Some companies, such as LG Electronics and Warner Brothers, proposed strategies for making players and discs that would support both formats. This hybrid approach might have ultimately won—if the companies supporting it could have developed compatible players and discs for a sufficiently low price.

HD-DVD’s main advantage was that it was cheaper and thus more accessible to consumers. However, Blu-Ray had advantages, too: Blu-ray’s PS3 (PlayStation 3)

by Michael Diz

Blu–RayWINs High Def WAR!

guaranteed a very large installed base, and Sony’s ownership of several movie studios guaranteed that these studios would be Blu-Ray by default. The big question was: did PS3s count as market share? PS3s were game machines, and would PS3 owners actually buy Blu-Ray movies to play on their PS3? A lot of these users didn’t even realize they could play movies, which was why Sony started bundling Spiderman.

Technical factors like disc size, CODEC choices, capabilities like PinP and Internet are similar between HD DVD and Blu-ray, but HD DVD uses the Microsoft HDi system for interactive software, which is currently superior to Blu-ray’s BD-Java system. The less expensive HD-DVD players also support more advanced features than many older and current Blu-ray players do. These are all reasons why I feel that HD-DVD technology actually was out in front.

Recordable high Capacity discs and IT managers

What does the end of the Blu-ray-HD-DVD war mean for IT?

Computer data storage and backup will need to be positioned for Blu-ray. This means looking at the amounts of data that can be stored on a single Blu-ray disc, and understanding the features that come along with Blu-ray technology that can aid storage and backup.

A single-layer Blu-ray disc can hold 25GB, and a dual-layer disc can hold 50GB. The Blu-ray disc format is easily extendable (i.e. future-proof) because it supports multi-layer discs, which allow storage capacity to be increased to 100GB-200GB (25GB per layer) simply by adding more layers to the discs.

Data reads will also be rapid with Blu-ray, which defines its 1x speed as 36Mbps. However, since BD-ROM movies will require

a 54Mbps data transfer rate, the minimum speed we’re expecting to see is 2x (72Mbps). Blu-ray also has the potential for much higher speeds, as a result of the larger numerical aperture (NA) adopted by Blu-ray Disc. The large NA value effectively means that Blu-ray will require less recording power and lower disc rotation speed than DVD and HD-DVD to achieve the same data transfer rate. This is important because the media limited the recording speed in the past. In contrast, the only limiting factor for Blu-ray is the capacity of the hardware. To illustrate, if we assume a maximum disc rotation speed of 10,000 RPM,

then 12x at the outer diameter of the disc (about 400Mbps) should be possible. This is why the Blu-ray Disc Association (BDA) already has plans to raise the speed to 8x (288Mbps) or more in the future.

Blu-ray discs also take advantage of new, low cost hard-coating technologies that have made cartridges obsolete. Blu-ray will rely on hard-coating for protection, which when applied, will make the discs even more resistant to scratches and fingerprints than today’s DVDs, while still preserving the same look and feel. Blu-ray also adopts a new error correction system which is more robust and efficient than the one used for DVDs.

Conclusion

It is now clear that Blu-ray will be the DVD standard of choice. Large retailers like Best Buy and Netflix have thrown their support behind Blu-ray in the consumer market, and we can expect similar endorsement on the business side.

The time is now for IT managers to begin its evaluation of Blu-ray technology, and how Blu-ray discs will fit in corporate data centers.

ABOUT THE AUTHOR

Michael Diz is head of a west coast computer accessories company. He regularly contributes articles and commentaries for trade journals, magazines, and newspapers like “Storage and Entertainment” magazine and “NewsAsia”. He oversees strategic marketing, sales and product marketing for his company. When he’s not developing and selling technology products, he writes and develops film and television projects; a craft which he has developed under the mentorship of UCLA screenwriting chairman, Lew Hunter. He has worked on 3 continents in film production, entertainment and technology. He holds a Bachelors degree in Business and a post-graduate degree in Marketing Management.


“A single-layer Blu-ray disc can hold 25GB, and a dual-layer disc can hold 50GB.”

54 55

F or the past ten years, companies have systemati-cally outsourced IT skills to meet their growing information needs. Often, this outsourcing came

with attractive price points and with short time frames to deploy critical new applications. This allowed companies to “buy time” from the perceived pain of internal training efforts and from the lengthy recruitment times for needed skills.

Now the trend has come full circle, as many of the same orga-nizations have realized how critical their IT initiatives are to corporate business viability. While outsourcing will remain as a viable option, companies also want the assurance of know-ing that a set of business-critical skills resides within their own internal IT staffs. Consequently, we are seeing a trend in companies of reinsourcing critical IT skills that drive the end business.

The U.S. IT skills shortage comes at a time when a shortage of IT skills is being experienced worldwide. Recent United Kingdom figures reveal that one-third of businesses are now impacted by the inability to find the right IT talent for their business needs. A CNET (www.cnet.com) report published in September 2007 indicated that the IT skills gap was liter-

ally costing Europe “billions” in investments. One industry analyst assessed the European information illiteracy level at almost 40%. The problem is even surfacing in newer technol-ogy centers like India.The message is clear: companies must find ways to train or hire the critical skills that their internal staffs need to support key areas of the business, even if part of their strategy is out-sourcing.

The View from netComAt NetCom, we are in the business of IT training. Our resourc-es are directed at addressing the IT skills crisis by availing the most effective, state of the art training content and methods possible. We cannot do this without an active collaboration with our clients, our vendor business partners and our online and in-class instructors to ensure the delivery of training and skills that are immediately applicable in the “trenches” of corporate technology. We also regularly survey the market, and work with IT students to assure the best possible learning techniques for knowledge transfer.We know that best-of-class training happens when it delivers critical skills back to the IT workforce that can be immedi-

ately applied to technology projects. This requires the delivery of both in-class and online learning formats; comprehensive training to the latest levels of industry and vendor certifica-tions; and consultative work with our clients and technology workers for superior technology results that deliver immedi-ate value today, while they build bridges to the future.

Bringing new Skills to the CrisisThe IT skills crisis won’t be solved overnight, nor is training the only method through which it will be solved.

Companies have many different paths to skills acquisition that are open to them, including hiring top talent, outsourcing to expert talent, actively seeking technologies with smaller learning curves, and even extending the life of older IT tech-nologies in the business until the necessary skill sets are built or acquired.

However, there is no strategy better suited to delivering last-ing investment into a company’s IT workforce than profes-sional development and training in key skills areas. The pay-offs are happy employees who are more likely to stay with the company when they see they are being invested in; new

technology projects that begin to come online as the company pulls itself up by its own bootstraps; and a growing arsenal of new technology skills that can be continuously applied to emerging IT initiatives. From an educational standpoint, this means the successful transfer of both creative problem solving and highly specific technical skills, along with the building of “soft” skills in project management that ensure that all ends of a technology project come together.

Solving the IT Skills Crisisby Titu Sarder

ABOUT THE AUTHOR

Titu Sarder is a founding member of NetCom Information Technology and is the Chairman & Chief Operating Officer of NetCom. He works with companies to help them define their IT strategies and training needs.


“The U.S. IT skills shortage comes at a time when a shortage of IT skills is

being experienced worldwide.”

“However, there is no strategy better suited to delivering lasting investment

into a company's IT workforce than professional develpment and training

in key skills areas.” Protect yourself from bumps and scratches.

www.merax.com

Protect your valuable data, video and notebooks from bumps, scratches and other damage, with Merax products.

For nearly a decade, we have been bringing consumers a broad mix of innovative solutions for home, office and

even on the road. With media storage solutions, labels, notebook cases, comfortable furniture and more, Merax is

your affordable accessory provider.

Corporate IT Training Solutionsall solutions Vista compatible

[email protected] 770-205-4456 www.netsupport-inc.com

IT Training Software for Your Corporate Enterprise

Whether your training program takes place in a local computer lab or remotely across the world, the tools you use are just as important as the lesson at hand.

NetSupport’s training suite for the corporate enterprise includes NetSupport Manager remote control software and NetSupport Inform, a dedicated training solution for the corporate enterprise.

Train your employees across the world with NetSupport Manager and remotely support their systems while in the process. For a computer lab environment, NetSupport’s software provides instruction and monitoring features to enhance the learning process.

Please visit www.netsupport-inc.com for more information

technology&trainingmagazine01

Documents

Transcript of technology&trainingmagazine01