- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
Most companies have a solid disaster recovery plan in place to handle a "complete failure" of its Active Directory, which is really quite rare. What most recovery plans are missing, and the most common scenario, is a means to efficiently restore single directory objects. In this paper, we'll explore what most disaster recovery plans already address, highlight potential weak points, and suggest solutions that help fill those gaps-without requiring you to completely re-do your existing plan.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch Raven Zachary, Research Director for Open Source at the 451 Group, an independent IT analyst firm, discuss the emergence of enterprise Linux and the role of Oracle Unbreakable Linux support.
Our "In the Wild" evaluation of network intrusion-prevention systems took place on a live, distributed network connecting three of our Test Alliance labs. The goal was to mix elements of a multi-site enterprise network with the inherent randomness of the Internet to see how these new IPS devices would behave.
We started with our "sacrificial lambs," HP ProLiant DL330 servers running unpatched versions of Unix and Windows, and a Cisco router running V11.3 of IOS. These were put into data centers in Los Angeles (LAX) and San Jose (SJC). Each set of sacrificial lambs was protected by an in-line IPS, coexisting with other traffic in the same data centers. Because the IPS devices were installed in-line, we had to test them serially. Starting in September 2003, we evaluated one IPS device per week to see how each behaved while the Internet bucked and gyrated around us.
Because this test took a full five months to complete, several of the vendors have upgraded their products since we tested them.
For management, each vendor was invited to send its management system to our network operations center in Tucson, Ariz. In some cases, vendors sent a full-blown management server. Other times, we got nothing more than a URL with instructions to download a client. In general, we discovered that multi-site and multi-unit management is not as advanced in the IPS world as it is in the intrusion-detection system and firewall business.
In cases where out-of-band management was available, we hooked the management interfaces on the LAX and SJC sensors to an IP Security VPN we built between all three sites. In cases where in-band management was the only possibility, we simply drove these devices over the Internet. Only the management systems were given Internet access (through a NetScreen Technologies firewall) so they could download signature updates and patches as necessary; this turned out to be a problem with some products that expected the IPS device itself would be Internet accessible, a poor architectural choice on the vendor's part.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
