Thursday, May 13, 2010

A+ Certification

Knowledge and supplies needed to prepare for the A+ Certification test

A+ Certification is created by a non-profit organization called CompTIA. Visit comptia.org to determine CompTIA specific information. CompTIA's certifications are vendor neutral and are used in the computing industry. Though not a prerequisite, A+ Certification is a natural lead-in to other CompTIA certifications, such as Network+, Server+, Linux+, Security+, iNet+ and others. It is the only industry certification based on PC Maintenance.
To obtain A+ Certification, one must have knowledge in many areas of Microsoft Windows, and the IBM style of personal computer. In this course the student will take apart a computer, identify parts, be able to assemble a computer, and practice using different operating systems.
A student attempting the A+ Certification should have approximately 500 hours work experience with operating systems, computer hardware, system files, maintenance, networking, configuration of hardware and software, and troubleshooting computer problems.
Courses and other study materials can be found on the internet.
To study for the exam, the following materials are needed:
  • A PC with Microsoft Windows XP and 2000
  • Grounding pad
  • Anti Static Wrist Strap (ESD Bracelet or Ground Bracelet)
  • Phillips head screwdriver
  • Flat head screwdriver
  • Calculator

[edit] Exam details

The A+ certification exam was updated in late 2006, so the structure of the exam is different than it had been for the three years prior to the update. (In September of 2008, CompTIA is holding meetings which appear to be geared towards another revision, possibly for 2010.) The 2003 exams had an average pass rate of between 3% and 10%. The new A+ exam has been redesigned to have a 20% pass rate. A+ certification currently entails two tests: A+ Essentials (220-601) and one of three elective exams, IT Technician (220-602), Remote Support Technician (220-603), or Depot Technician (220-604). Both of these tests must be passed in order to receive A+ certification. CompTIA suggests that one take the A+ Essentials exam before the other, but they can be taken in either order.
As of 2010, the total cost is 336 USD (168 USD for each test). If you are a student check with your school's Career Tech program, most public schools are Jobs+ sites. If your school is a Jobs+ site you can get the A+ voucher for half the price as you would retail. Many companies that offer training are CompTIA affiliates and can also sell you the voucher at discounted prices. The CompTIA A+ Essentials consists of 100 questions, and the elective consists of 90 questions. A passing score on the CompTIA A+ Essentials exam is 675, on any of the electives is 700.
The A+ Essentials test consists of 8 "domains":
Domain Percentage of exam
Personal computer components 21
Laptop and portable devices 11
Operating systems 21
Printers and scanners 9
Networks 12
Security 11
Safety and environmental issues 10
Communication and professionalism 5
Total 100

[edit] Disassembling and reassembling a computer

One of the best things you can do to prepare for the exam is to learn the function of and how to identify the hardware inside of a computer. The following is a rough guideline for the order in which to disconnect components from your computer system. Be sure to place items in anti-static bags, where appropriate. Static electricity can damage components or destroy data. Always wear an anti-static wrist strap when working inside the case. DO NOT wear one while the power is still attached.
  1. Detach external devices



    1. Detach power cable
    2. Detach keyboard and mouse
    3. Detach monitor
    4. Detach serial, parallel, and USB devices
    5. Detach network cables, telephone lines, speaker cables, etc.
    6. Detach all other peripheral devices
    7. Remove system case
  2. Remove internal components (be sure that the computer is unplugged from any power source before removing components) (but, remember that if you unplug the power, the computer components are no longer grounded and there is increased likelihood of device damage from electrostatic discharge. This is why you should wear an anti-static wrist strap.)



    1. Detach internal power cables and connectors from all storage devices
    2. Remove hard drive, floppy drive, CD-ROM and other storage devices
    3. Remove interface cards
    4. Remove power cables from system board
    5. Remove all other cables from the system board
    6. Remove screws or clips holding motherboard in place
    7. Remove motherboard
    8. Remove DIMM or RIMM memory modules
    9. Remove CPU fan, heat sink, and CPU

The computer should be reassembled in the reverse order. For the exam one must know how to install and configure hardware and other input and multimedia devices. There is no practical component to any of the A+ exams.

[edit] Identifying hardware components

One of the essential requirements for A+ Certification is identifying names, purposes, and characteristics of specific hardware components, including the following:
These are not devices:

[edit] Identifying operating systems

Although the examination focuses almost exclusively on Microsoft's Windows operating system (OS), one should also know about differences among other operating systems.
Microsoft operating systems:
Apple operating systems:
Unix-like operating systems:

[edit] Boot Process for Operating Systems

[edit] DOS BOOT PROCESS

  1. Upon powering on the machine a POST (Power on Self Test) is executed, this does a quick test on things such as the memory and power supply of a machine. POST transfers control to CMOS (Complementary Metal Oxide Semiconductor) which contains the BIOS (Basic Input Output System). The BIOS loads various low level settings such as boot-order and network settings. The BIOS is also a very useful tool for testing memory or hard drives, as well as finding out basic information such as serial numbers and asset tags. Note if POST fails it is usually identified by various light or audible beep codes which often can be searched for by model on the manufacturers' website.
  2. The BIOS searches attached disk drives and peripherals (such as USB flash drives) for a valid Master Boot Record (MBR). The MBR contains a series of tasks for loading an Operating System(OS). If a valid MBR is found, instructions for loading the OS are read. If no valid MBRs are detected by the BIOS, an error message is displayed.
  3. Instructions from the MBR are read. This instructions check the floppy, CD-ROM, or hard drive (not necessarily in that order). The MBR points to the boot sector, which locates IO.SYS and loads the file into RAM.
  4. IO.SYS is a file that loads low level drivers for hardware devices like the keyboard, serial and parallel ports, floppy drive, and hard drive. Next, IO.SYS will run Sysinit which in turn loads Msdos.sys into RAM.
  5. MSDOS.SYS in turn helps manage the input and output for the hard disk. It processes the commands in Config.sys. Config.sys loads all the other device drivers and manages memory for optimization.
  6. Command.com is loaded into RAM. Command.com is a file that stores all your internal commands.
  7. Command.com then processes Autoexec.bat which will set the initial configuration of DOS. The user can add what programs to start each time the computer boots.
  8. The last step will get you the command prompt.

[edit] WIN95/98/ME BOOT PROCESS (Similar to DOS)

  1. POST is performed.
  2. Master Boot Record (MBR) is loaded into RAM and locates the boot sector. The boot sector then locates the Io.sys.
  3. The Io.sys runs Sysinit and loads Msdos.sys into RAM.
  4. Io.sys then loads System.dat, but does not process at this time.
  5. Io.sys then loads Config.sys and Autoexec.bat. These are not necessary to load the operating system, but are needed when 16 bit (real mode) drivers are used.
  6. Io.sys then loads Win.com which start the operating system.
  7. Win.com loads drivers specified by the registry.
  8. Win.com processes the System.ini and Win.ini files. System.ini is used to configure the memory cache and buffers. Win.ini is used for 16-bit applications. Otherwise, they are run by the registry.
  9. Win.com will start KERNEL32.DLL, KERNEL386.EXE, GDI.EXE, and GDI32.EXE. The Kernel files are the operating systems. The GDI files are responsible for the graphical functions and display.
  10. The Kernel files will load the Explorer user interface, which includes the Desktop, Taskbar, and Start Menu.
  11. The Kernel will then process anything in the Startup folder and restore network connections.
  12. The user can now interact with the operating system.

[edit] WIN2000/NT/XP BOOT PROCESS

  1. BIOS runs POST.
  2. Computer finds the boot device and loads Master Boot Record (MBR) into RAM.
  3. MBR looks for the active partition on the boot device and loads the boot sector.
  4. The boot sector in turn starts the Ntldr file which will load the operating system.
  5. Ntldr configures the computer’s processor to recognize all of the memory.
  6. Ntldr will start the file system, and the operating system will load, whether it is FAT or NTFS.
  7. Ntldr checks the Boot.ini file to find the operating system(s) and to create the boot menu.
  8. After the operating system is selected, Ntldr will run Ntdetect.com which will make the hardware list.
  9. Ntldr will load Ntoskrnl.exe which is the kernel of the operating system.
  10. The operating system will start the graphical interface.
  11. Ntoskrnl.exe loads Smss.exe which is the Session Manager.
  12. The user logs on.

[edit] WINDOWS VISTA BOOT PROCESS

TODO
TODO
todonote
  1. BIOS run POST.
  2. Computer finds the boot device and loads Master Boot Record (MBR) into RAM.
  3. MBR looks for the active partition on the boot device and loads the boot sector.
                1. The boot sector in turn starts the bootmgr file which will load the operating systems.http://en.wikibooks.org/wiki/A%2B_Certification
                2. 05/13/10

Free website promotion tutorial

Free website promotion tutorial

Welcome to A Promotion Guide. If this is your first visit, you might want to take the time to read through this page. It contains a free step-by-step website promotion tutorial
that also serves as a "User's Guide" to the site. Reading it will give you a good idea on what you need to do, when you need to do it and how the articles on this site will help you.This tutorial is split into three phases that each have two, three or four steps. It is highly recommended that you start from the first phase and move forwards only after you have completed all of the steps in it.
We'll begin with the assumption that your site is brand new and that you haven't done any website promotion work yet. However, that doesn't mean that you can't use the tutorial if you have submitted to a few search engines or registered your site with a couple of directories. If you notice that there are some things you have already done, feel free to simply skip over them.
Promoting your site takes a lot of time and may involve waiting several weeks or even months to get into certain directories and search engines. Thus, it might be wise to bookmark this page so that you can return to it later and continue the tutorial from where you left off.

Website promotion, phase one - Directories

You should start your website promotion efforts by listing your site at the most popular Internet directories. Because they can send you substantial amounts of traffic and affect your ranking in various search engines, it is wise to make sure that your site is present in all of the major directories before doing anything else.

Step one - General information

Submitting to directories is easy and doesn't require much effort. It's ensuring that your submission will be accepted that makes this task a hard one.
  1. First, read "Boost your traffic with website directories" to get a basic idea on what directories are and how to submit to them.
  2. Examine the article about web page design to get some tips on how to improve your site and reduce the chances of it being rejected.

Step two - The Open Directory Project

Start with the Open Directory Project. While your site has to offer good, unique content to be accepted to the ODP, its editors usually review sites quickly and won't reject them without a good reason for doing so. This, along with the fact that submitting to the ODP is free of charge, makes it a perfect starting point. Completing this step successfully will also provide you with experience that will prove to be very valuable later on.
  1. Read my thoughts on how Google's ranking algorithm works and notice how an ODP listing seems to affect your ranking at Google. Keep this information in mind when you submit.
  2. Take a look at the advice on submitting your website to the ODP.
  3. Finally, submit your site to the ODP.
  4. If your submission isn't successful, consider becoming an editor at the Open Directory and listing your own site.

Step three - Yahoo

After securing a listing at ODP, your next task is to get the folks at Yahoo to notice that your site exists and is worth a place in their directory. This might cost you a fair amount of money if you are running a commercial site, but is usually worth it. Non-commercial sites can get in for free, but might require several submissions and a lot of patience before they are accepted.
  1. Check out the Yahoo-specific guidelines and hints and the article about how Yahoo's search feature ranks sites.
  2. Bite the bullet and submit your site to Yahoo.

Website promotion, phase two - Search engines

Now that your site has been included in ODP and Yahoo, you should already be receiving clearly more traffic than before. The next task is to get to know search engines and use them to bring even more people to your pages. Because you have completed phase one, you have established a good foundation for making your site perform well in the search engines.

Step one - Search engine optimization, basics

In order to gain good rankings, you'll need to learn the basics of search engine algorithms (ranking systems) and adjust your pages to meet their criteria as well as possible. This will take some time and effort, but doing some work now will save you from a lot of trouble in the future.
  1. First, try to make the design of your site as search engine friendly as possible. To read more about the subject, take a look at my article about website optimization.
  2. Next, you'll need to do some keyword optimization. Sounds frightening, but in plain English it simply means choosing the correct keywords for your pages. Using the wrong words is perhaps the most common reason why people don't get satisfying results from their search engine optimization work.
  3. Continue by reading these search engine optimization tips.
  4. Read the article about META tags and add them to all of your pages. The META keywords tag isn't absolutely necessary, but the META description tag is very important.
  5. Learn what link popularity is and how search engines use it to rank your pages.
  6. Unless you have already done so, read about Google's algorithm. Google is among the most popular search services of today, so it is wise to take its requirements into account.
  7. Use all of this information to optimize your pages for the search engines.

Step two - Search engine optimization, advanced

Your site is now adequately prepared to really start bringing in traffic from search engines. But if you want to widen your knowledge about them and increase your chances of success, you still have some work to do. On the other hand, if you're totally exhausted and just want to get this thing over with, you'll be delighted to know that this step isn't absolutely necessary.
  1. Study some of the more advanced things related to search engine optimization. Among them are cloaking, css tricks, doorway pages, themes and how to improve your search engine ranking with click popularity.
  2. Read about the things you should avoid doing from this article that outlines common web site promotion mistakes.

Step three - Submitting to search engines?

Now is the time to make sure that your site has a presence in the indexes of major search engines. Fortunately, they are quite good at finding your site on their own. There are things you can do to help them, though..
  1. Get to know how search engine submission works and how the search engines determine which sites to list.
  2. Read the article "Targeting your search engine marketing" to see which engines are the most popular ones.
  3. If you are running a commercial site, you might also want to consider paying for search engine placement. Take a look at how you can use PPC search engine advertising to buy your way to the top.

Website promotion, phase three - More techniques

After being accepted into the largest directories and having pages of your site come up in answer to searches done at the major search engines, the long hours that you've spent on website promotion have begun to pay off and your daily visitor count is starting to look good. But there is still plenty you can do to help your site attract even more traffic.
In phase three, we'll examine different promotion methods that you might want to try. However, in order to prevent you from wasting your time on things that don't work, we'll also go over a few techniques that have proven to be less than spectacular when I experimented with them.

Step one - Keep these in mind

First, let's take a look at the good stuff. The articles introduced in this step are about the website promotion methods that are at least partially effective. Some of them work better than others, but if used correctly, all of them can produce results that will be worth your while. Of course, most of the articles include advice on what you need to do to obtain the best possible results with the method discussed.
  1. If you sell something on your site, you might want to try banner ads. Usually banner campaigns are seen as expensive and ineffective, but it is partially because advertisers don't know how to design good banners.
  2. Read the article on how to increase traffic with return visitors. Getting people to come back is the secret to why some sites get amazingly many hits per day.
  3. Learn what reciprocal links are and how to get them, then put that knowledge into use. In addition to sending you visitors, reciprocal links will also increase your link popularity and help your site rank higher in the search engines.
  4. Start using E-mail signatures. They might not produce thousands of visitors, but are a great way to promote your site a bit without having to actually do anything.
  5. Evaluate whether your site could benefit from joining a topsite list. These lists have their good and bad sides, but might be at least worth a try.
  6. Consider trying to build traffic with Usenet advertising. It can give you a nice traffic boost and help spread the word about your site, but only if done properly. Read the article to learn why Usenet promotion should only be done with great care.
  7. Writing newsletter articles often works well and can send you large amounts of targeted traffic in a short period of time, for free.

Step two - Forget these

As said, everything just doesn't always work the way it should in the world of promotion. In step two, our attention is focused on website promotion methods that are more trouble than they are worth. They might not be entirely useless, but your time would be better spent on improving your site or spreading the word about your site in other ways.
  1. Click exchange programs are easy, fast, free and will get you a lot of visitors. That's why it might be a surprise to hear that they really aren't good website promotion tools.
  2. A lot has been written about FFA pages and for the past few years, most of it has been negative. The only thing they are good for is increasing the flow of spam to your E-mail address.
  3. Winning website awards can occasionally be useful, especially if the awards are well-known. However, sometimes the winner of the award is not the real winner.

Final words

Congratulate yourself for being persistent, bright and hard-working. Most get frustrated and quit before this point, which is why most sites never become anything. After all, the secret to having a successful site is working hard in both promoting
and creating it. You just might have what it takes.After going through those three phases, you've read just about everything this site has to offer. While there is more to website promotion than what we have discussed here, you now know quite a lot about the subject. If you still desire more information, don't forget to come back to this site every now and then. This tutorial is always incomplete, because I continuously notice things that I want to write about.
I hope that A Promotion Guide has been able to help you to make your site more popular and thus given you the chance to spread your ideas and thoughts to a larger audience. And remember, if you have achieved good results, it's not because I showed you how to do it - it's because you did it.
http://www.apromotionguide.com/
05/13/10

Wired Equivalent Privacy (WEP) Wireless Security

Wired Equivalent Privacy (WEP) Encryption details

Wired Equivalent Privacy (WEP) was included as the privacy of the original IEEE 802.11 standard ratified in September 1999.[6] WEP uses the stream cipher RC4 for confidentiality,[7] and the CRC-32 checksum for integrity.[8] It was deprecated as a wireless privacy mechanism in 2004, but for legacy purposes is still documented in the current standard.
Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 traffic key. At the time that the original WEP standard was being drafted, U.S. Government export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).
A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key.
A 256-bit WEP system is available from some vendors, and as with the 128-bit key system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits = 256-bit WEP key.
Key size is not the only major security limitation in WEP.[10] Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets,[7] that are not helped at all by a longer key.

[edit] Authentication

Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.
For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (that is, between a WLAN client and an Access Point), but the discussion applies to the ad-Hoc mode as well.
In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys.
In Shared Key authentication, the WEP key is used for authentication. A four-way challenge-response handshake is used:
  1. The client station sends an authentication request to the Access Point.
  2. The Access Point sends back a clear-text challenge.
  3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
  4. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.
After the authentication and association, the pre-shared WEP key is also used for encrypting the data frames using RC4 .
At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication.[2] Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication. (Note that both authentication mechanisms are weak.)

[edit] Flaws

Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.
In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as one minute. If an insufficient number of packets are being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely available software such as aircrack-ng to crack any WEP key in minutes.
Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. They write "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target." They also reported two generic weaknesses:
  • the use of WEP was optional, resulting in many installations never even activating it, and
  • WEP did not include a key management protocol, relying instead on a single shared key among users.
In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.[11] Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 keystream and the key than the ones found by Fluhrer, Mantin and Shamir which can additionally be used to break WEP in WEP-like usage modes.
In 2006, Bittau, Handley, and Lackey showed[5] that the 802.11 protocol itself can be used against WEP to enable earlier attacks that were previously thought impractical. After eavesdropping a single packet, an attacker can rapidly bootstrap to be able to transmit arbitrary data. The eavesdropped packet can then be decrypted one byte at a time (by transmitting about 128 packets per byte to decrypt) to discover the local network IP addresses. Finally, if the 802.11 network is connected to the Internet, the attacker can use 802.11 fragmentation to replay eavesdropped packets while crafting a new IP header onto them. The access point can then be used to decrypt these packets and relay them on to a buddy on the Internet, allowing real-time decryption of WEP traffic within a minute of eavesdropping the first packet.
In 2007, Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann were able to extend Klein's 2005 attack and optimize it for usage against WEP. With the new attack
it is possible to recover a 104-bit WEP key with probability 50% using only 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions. The actual computation takes about 3 seconds and 3 MB of main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40-bit keys with an even higher success probability. In 2008, Payment Card Industry (PCI) Security Standards Council’s latest update of the Data Security Standard (DSS), prohibits the use of the WEP as part of any credit-card processing after 30 June 2010, and prohibit any new system from being installed that uses WEP after 31 March 2009. The use of WEP contributed to the T.J. Maxx parent company network invasion[12].

[edit] Remedies

Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) can provide secure data transmission over an insecure network. However, replacements for WEP have been developed with the goal of restoring security to the wireless network itself.

[edit] 802.11i (WPA and WPA2)

The recommended solution to WEP security problems is to switch to WPA2 or with older equipment the less resource intensive WPA. Either is much more secure than WEP.[13] To add support for WPA or WPA2, some old Wi-Fi access points might need to be replaced or have their firmware upgraded. WPA was designed as an interim software-implementable solution for WEP that could forestall immediate deployment of new hardware.[14] However, TKIP (the basis of WPA) has reached the end of its designed lifetime and has been deprecated in the next[dated info] full release of the 802.11 standard.[15]

[edit] Implemented non-standard fixes

[edit] WEP2

This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.[16] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.

[edit] WEPplus

WEPplus, also known as WEP+, is a proprietary enhancement to WEP by Agere Systems (formerly a subsidiary of Lucent Technologies) that enhances WEP security by avoiding "weak IVs".[17] It is only completely effective when WEPplus is used at both ends of the wireless connection. As this cannot easily be enforced, it remains a serious limitation. It is possible that successful attacks against WEPplus will eventually be found. It also does not necessarily prevent replay attacks.

[edit] Dynamic WEP

Dynamic WEP changes WEP keys dynamically. It is a vendor-specific feature provided by several vendors such as 3Com.
The dynamic change idea made it into 802.11i as part of TKIP, but not for the actual WEP algorithm.
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
05/13/10

The importance of an intranet

Characteristics

An intranet is built from the same concepts and technologies used for the Internet, such as client–server computing and the Internet Protocol Suite (TCP/IP). Any of the well known Internet protocols may be found in an intranet, such as HTTP (web services), SMTP (e-mail), and FTP (file transfer). Internet technologies are often deployed to provide modern interfaces to legacy information systems hosting corporate data.
An intranet can be understood as a private analog of the Internet, or as a private extension of the Internet confined to an organization. The first intranet websites and home pages began to appear in organizations in 1990-1991. Although not officially noted, the term intranet first became common-place among early adopters, such as universities and technology corporations, in 1992.[dubious ]
Intranets are also contrasted with extranets. While intranets are generally restricted to employees of the organization, extranets may also be accessed by customers, suppliers, or other approved parties.[1] Extranets extend a private network onto the Internet with special provisions for access, authorization, and authentication (AAA protocol).
Intranets may provide a gateway to the Internet by means of a network gateway with a firewall, shielding the intranet from unauthorized external access. The gateway often also implements user authentication, encryption of messages, and often virtual private network (VPN) connectivity for off-site employees to access company information, computing resources and internal communications.

[edit] Uses

Increasingly, intranets are being used to deliver tools and applications, e.g., collaboration (to facilitate working in groups and teleconferencing) or sophisticated corporate directories, sales and customer relationship management tools, project management etc., to advance productivity.
Intranets are also being used as corporate culture-change platforms. For example, large numbers of employees discussing key issues in an intranet forum application could lead to new ideas in management, productivity, quality, and other corporate issues.
In large intranets, website traffic is often similar to public website traffic and can be better understood by using web metrics software to track overall activity. User surveys also improve intranet website effectiveness. Larger businesses allow users within their intranet to access public internet through firewall servers. They have the ability to screen messages coming and going keeping security intact.
When part of an intranet is made accessible to customers and others outside the business, that part becomes part of an extranet. Businesses can send private messages through the public network, using special encryption/decryption and other security safeguards to connect one part of their intranet to another.
Intranet user-experience, editorial, and technology teams work together to produce in-house sites. Most commonly, intranets are managed by the communications, HR or CIO departments of large organizations, or some combination of these.
Because of the scope and variety of content and the number of system interfaces, intranets of many organizations are much more complex than their respective public websites. Intranets and their use are growing rapidly. According to the Intranet design annual 2007 from Nielsen Norman Group, the number of pages on participants' intranets averaged 200,000 over the years 2001 to 2003 and has grown to an average of 6 million pages over 2005–2007.[2]

[edit] Benefits

  • Workforce productivity: Intranets can also help users to locate and view information faster and use applications relevant to their roles and responsibilities. With the help of a web browser interface, users can access data held in any database the organization wants to make available, anytime and - subject to security provisions - from anywhere within the company workstations, increasing employees' ability to perform their jobs faster, more accurately, and with confidence that they have the right information. It also helps to improve the services provided to the users.
  • Time: Intranets allow organizations to distribute information to employees on an as-needed basis; Employees may link to relevant information at their convenience, rather than being distracted indiscriminately by electronic mail.
  • Communication: Intranets can serve as powerful tools for communication within an organization, vertically and horizontally. From a communications standpoint, intranets are useful to communicate strategic initiatives that have a global reach throughout the organization. The type of information that can easily be conveyed is the purpose of the initiative and what the initiative is aiming to achieve, who is driving the initiative, results achieved to date, and who to speak to for more information. By providing this information on the intranet, staff have the opportunity to keep up-to-date with the strategic focus of the organization. Some examples of communication would be chat, email, and or blogs. A great real world example of where an intranet helped a company communicate is when Nestle had a number of food processing plants in Scandinavia. Their central support system had to deal with a number of queries every day (McGovern, Gerry). When Nestle decided to invest in an intranet, they quickly realized the savings. McGovern says the savings from the reduction in query calls was substantially greater than the investment in the intranet.
  • Web publishing allows cumbersome corporate knowledge to be maintained and easily accessed throughout the company using hypermedia and Web technologies. Examples include: employee manuals, benefits documents, company policies, business standards, newsfeeds, and even training, can be accessed using common Internet standards (Acrobat files, Flash files, CGI applications). Because each business unit can update the online copy of a document, the most recent version is always available to employees using the intranet.
  • Business operations and management: Intranets are also being used as a platform for developing and deploying applications to support business operations and decisions across the internetworked enterprise.
  • Cost-effective: Users can view information and data via web-browser rather than maintaining physical documents such as procedure manuals, internal phone list and requisition forms. This can potentially save the business money on printing, duplicating documents, and the environment as well as document maintenance overhead. "PeopleSoft, a large software company, has derived significant cost savings by shifting HR processes to the intranet" [3]. Gerry McGovern goes on to say the manual cost of enrolling in benefits was found to be USD109.48 per enrollment. "Shifting this process to the intranet reduced the cost per enrollment to $21.79; a saving of 80 percent" [3]. PeopleSoft also saved some money when they received requests for mailing address change. "For an individual to request a change to their mailing address, the manual cost was USD17.77. The intranet reduced this cost to USD4.87, a saving of 73 percent" [3]. PeopleSoft was just one of the many companies that saved money by using an intranet. Another company that saved a lot of money on expense reports was Cisco. "In 1996, Cisco processed 54,000 reports and the amount of dollars processed was USD19 million" [3].
  • Promote common corporate culture: Every user is viewing the same information within the Intranet.
  • Enhance Collaboration: With information easily accessible by all authorised users, teamwork is enabled.
  • Cross-platform Capability: Standards-compliant web browsers are available for Windows, Mac, and UNIX.
  • Built for One Audience: Many companies dictate computer specifications. Which, in turn, may allow Intranet developers to write applications that only have to work on one browser (no cross-browser compatibility issues).
  • Knowledge of your Audience: Being able to specifically address your "viewer" is a great advantange. Since Intranets are user specific (requiring database/network authentication prior to access), you know exactly who you are interfacing with. So, you can personalize your Intranet based on role (job title, department) or individual ("Congratulations Jane, on your 3rd year with our company!").
  • Immediate Updates: When dealing with the public in any capacity, laws/specifications/parameters can change. With an Intranet and providing your audience with "live" changes, they are never out of date, which can limit a company's liability.
  • Supports a distributed computing architecture: The intranet can also be linked to a company’s management information system, for example a time keeping system.

[edit] Planning and creation

Most organizations devote considerable resources into the planning and implementation of their intranet as it is of strategic importance to the organization's success. Some of the planning would include topics such as:
  • The purpose and goals of the intranet
  • Persons or departments responsible for implementation and management
  • Functional plans, information architecture, page layouts, design.[4]
  • Implementation schedules and phase-out of existing systems
  • Defining and implementing security of the intranet
  • How to ensure it is within legal boundaries and other constraints
  • Level of interactivity (eg wikis, on-line forms) desired.
  • Is the input of new data and updating of existing data to be centrally controlled or devolved.
These are in addition to the hardware and software decisions (like content management systems), participation issues (like good taste, harassment, confidentiality), and features to be supported[5].
  • Intranets are often static sites, basically they are essentially a shared drive, serving up centrally stored documents alongside internal articles or communications - often one-way communication. However organisations are now starting to think of how their intranets can become a 'communication hub' for their team by using companies specialising in 'socialising' intranets.[6]
The actual implementation would include steps such as:
  • Securing senior management support and funding.[7]
  • Business requirements analysis.
  • User involvement to identify users' information needs.
  • Installation of web server and user access network.
  • Installing required user applications on computers.
  • Creation of document framework for the content to be hosted.[8]
  • User involvement in testing and promoting use of intranet.
  • Ongoing measurement and evaluation, including through benchmarking against other intranets.[9]
Useful components of an intranet structure might include: