"What's really missing from tech support and product documentation is the empirical knowledge of the user." ~ James W. Turner
Web Services Security
I enjoyed Lori MacVittie's article "Web Services: Be Nimble, But Be Safe" (April 3, 2003). It looks like she put a lot of work into it, and it's very informative. I agree that Web services are the wave of the future. However, I disagree about there being a lack of security. A company called Wave Systems has a great security product and is working with AMD, Intel, IBM, Hewlett-Packard, Microsoft, National Semiconductor and other vendors to develop a standard for hardware security. See news releases and recent articles at wave.com. I look forward to future articles about this growing area. Eli Katz, MD
SBKatz@aol.com
Lori MacVittie responds: Thanks for the kind words. There is no mention of security in the Web services standards, which is why OASIS and WS-Security are so important. However, I agree several companies are developing or already providing security solutions specifically for Web services. DataPower Technology, Forum Systems, Oblix, Reactivity and Blue Titan Software are a few that come to mind, and I'm excited to see the depth of their products. They go into what I've been calling the "information layer," which is higher than the application layer (Layer 7) and into the actual data being transported. They promise to provide the security necessary to let intercompany Web services be deployed without compromise.
Of course, these are just promises. Stay tuned ... we'll see if the vendors can deliver later this year.
MRTG Mode
Bruce Boardman's article "MRTG Monitors What's Brewing" (April 3, 2003) is excellent, and it could not have come at a better time for me. I'm a Linux newbie and had been looking for a way to set up something like MRTG to monitor some of our links. To be honest, I was a tad afraid of starting such a project because of my lack of Linux-MRTG knowledge.
Thanks to Boardman's well-written article and the links he listed, after just one weekend I had MRTG loaded and monitoring six major links, from one of our Red Hat Linux 7.3 boxes on which we run Squid proxy server for our district. Because of the ol' info-overload thing, I have canceled my subscriptions to many other industry publications and have kept Network Computing.
John Humphrey -- CNA, Senior Network Support
Southwest Allen County Schools, IN
JHUMPHREY@sacs.k12.in.us
Tech Support Smarts
Until I read Ron Anderson's column "Open Wide, This Won't Hurt a Bit" (April 3, 2003) on technical support and the lack thereof, I thought a million of us were just complaining about our jobs, but Anderson really hit the problem square on. After more than 20 years in IT, I've found two areas that are in dire need of rethinking: tech support or what's passing for it, and product documentation or the lack of it.
I've spent too many days talking to vendors trying to get "simple" solutions to problems, and have experienced too much anguish trying to interpret what the genius who put together the documentation was thinking while writing the installation instructions.
I've come to some of the same conclusions as Anderson: Vendors are trimming tech
support in a few ways, such as by hiring kids right out of colleges and tech schools, which is not a terribly bad idea. But what's really missing from tech support and product documentation is the empirical knowledge of the user.
Just imagine calling for support and talking to someone who's actually worked with your software in a production environment, or having documentation written by someone who is not a programmer or, better yet, by someone who has done installs and upgrades for a living.
Most of these people have been trimmed by layoffs, offshore outsourcing and product sunsetting.
Maybe we should take another look at our corporate culture and fill some of those jobs with people who have at least "done the work."
My opinions are my own and do not represent those of my employer. James W. Turner
DBA, Lawson System Administrator; Kennedy Health System
j.turner@kennedyhealth.org
Firewall Apps
Thank you for Mike Fratto's excellent article on application firewalls ("Application-Level Firewalls: Smaller Net, Tighter Filter," March 21, 2003). I understand that application firewalls protect Web applications from attacks directed at them. But how do they work with other devices in this space--XML security devices and Web security proxies, for example? Mihir Mohanty
President and CEO; Hexagon Systems
mmohanty@hexagonsys.com
Mike Fratto responds: XML firewalls and even HTTP proxies are specific to their protocols. They delve much deeper into the transaction than an application firewall does. For example, none of the products we tested evaluates HTML forms, so Web application attacks will pass through. The application firewalls provide stronger adherence to protocol conformance and more control over the commands and data types transmitted.
Tell us how you really feel. Send e-mail to us at editor@nwc.com, fax to (516) 562-7293 or mail letters to Network Computing, 600 Community Drive, Manhasset, NY 11030. Include your name, title, company name, e-mail address and phone number. All correspondence becomes the property of Network Computing.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
REPORTS
ANALYTICS
Follow 
