RE: Microsoft CAL license needed to install Security Software



Mistake: Microsoft Support or anybody CAN NOT answer for sure about your own licensing program... Terrible.

Ivan Carlos
Chief Information & Security Officer
E-mail / GTalk / Skype / WLM: icarlos@xxxxxxxxxxx
Cell.: +55 (11) 8112-0666

-----Original Message-----
From: Ivan Carlos <icarlos@xxxxxxxxxxx>
Sent: terça-feira, 28 de setembro de 2010 15:43
To: frommel@xxxxxxxxx <frommel@xxxxxxxxx>; security-basics@xxxxxxxxxxxxxxxxx <security-basics@xxxxxxxxxxxxxxxxx>; Ansgar Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Subject: RE: Microsoft CAL license needed to install Security Software


Its something wrong there. You dont need cals to each user that access a website running over IIS.

Microsoft Support or anybody can answer for sure about your own licensing program... Its terrible.

Ivan Carlos
Chief Information & Security Officer
E-mail / GTalk / Skype / WLM: icarlos@xxxxxxxxxxx
Cell.: +55 (11) 8112-0666

-----Original Message-----
From: Florian Rommel <frommel@xxxxxxxxx>
Sent: terça-feira, 28 de setembro de 2010 15:23
To: security-basics@xxxxxxxxxxxxxxxxx <security-basics@xxxxxxxxxxxxxxxxx>; Ansgar Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Subject: RE: Microsoft CAL license needed to install Security Software


True, though you could argue that you purchase a license to run and use the operating system, not for other machines to use it.
Boy i like my xserve :)
//f
http://go-dslr.com ...bringing digital photography to the masses
-----Original Message-----
From: Ansgar Wiechers
Sent: 28/09/2010, 18:00
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft CAL license needed to install Security Software



On 2010-09-27 Florian Rommel wrote:
This is correct. Cals are needed if you access any kind of service
hosted within a windows server platform. Consider it like a bubble
within a bubble. The outer bubble is windows server and the innwr the
3rd party software. While they have nothing linking them, you still
need to go through the outer shell.
I do think that you chould purchase a corecal for all clients. This
covers any windows server and windows based services.

Pretty nice business model, ain't it? First you pay for a server, and
then you pay *again* so you can actually use the server that you already
paid for.

It never ceases to amaze me how customers put up with that.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • [NEWS] Predictability and Vulnerability in the Canadian Firearms Centres On-Line Services Web Site
    ... Get your security news from a reliable source. ... extract valid/invalid License Numbers, but also brute-force accounts. ... secured using a Personal Identification Number (PIN). ... request for personal information, or a request for a PIN number. ...
    (Securiteam)
  • Re: US Unveils New Drivers License Rules
    ... post-9/11 security rules to be unveiled Friday by federal officials. ... been pushed back in the hopes of winning over skeptical state officials. ... "We worked very closely with the states in terms of developing a plan ... ID: "One driver, one license." ...
    (soc.retirement)
  • Re: Licensed Penetration Tester LPT
    ... legislation to license information security ... "Are you an unlicensed penetration tester?" ... Concerned about Web Application Security? ... a managed service can ...
    (Pen-Test)
  • Re: Licensed Penetration Tester LPT
    ... Expert in Security Policy Assessments ... Subject: Licensed Penetration Tester LPT ... legislation to license information security ... a managed service can ...
    (Pen-Test)
  • RE: Microsoft CAL license needed to install Security Software
    ... Microsoft CAL license needed to install Security Software ... Personally I find this ironic as the CAL price can total up to 10-20 times that of commercial software and server if you have more than 1000 users. ... In future I think we have to include the CAL price in security product evaluation. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)