This issue:
- User Case Study: NT migration
- Comparing Unix and NT security
You can register to receive regular copies of the Centreline 2000 News Letter.
They always contain a mixture of product news, technical information, trade gossip - some of which you will not
hear anywhere else!
Centreline 2000 - keeping you informed.
Tax-Free Systems? ... Trouble Free Systems.
Centreline 2000 and the Chartered Institute of Taxation
Migrating to NT with the CIOT
The Chartered Institute of Taxation (CIOT) and Association of Taxation Technicians (ATT) wanted their new computer systems to be tax-free... free of the tax and stress that often accompanies a new computer system.
They wanted to see the benefits quickly. Together with Centreline 2000 the result has been an impressive set of capital gains!
Royal Charter and 12,000 members
CIOT was founded in 1930 and received its Royal Charter in 1994. The institute's purpose is to advance public education in, and promote the study of, the administration and practice of taxation.
Between them, CIOT and the Association of Taxation Technicians have a membership of over 12,000 including accountants, solicitors, barristers, corporate tax advisors and members of government departments.
"We interact extensively with various government bodies including the Chancellor of the Exchequer's Office," comments CIOT's Maureen Davis. "Our primary role is to promote, share and disseminate information on taxation matters. That means producing high quality information - quickly."
The arrival of self-assessment in April is likely to increase the institute's membership dramatically and with it, the demand for information. Many more people will need to seek professional taxation advice. So CIOT is encouraging advisors everywhere to sit the rigorous entry examinations and become full members of the institute.
"The general public will want to be re-assured that the advisor they choose has the right credentials," continues Davis. "Membership of the institute is a guarantee that the advisor has passed an extremely stringent exam and is qualified to advise them."
Internet, E/Mail and Direct Fax
CIOT has always believed in the importance of IT and by 1996 the institute was running a proven and mature mix of office and business critical systems.
The 30 staff used character terminals to access Uniplex Business Software (for office systems) and InfoBase on Oracle for their membership databases. The applications ran on 2 IBM RS/6000 UNIX computers.
"The systems worked fine," says Davis. "But we were getting more and more requests for email, Internet access and the ability to fax direct from the computer. If we were going to start investing anew, it was time to re-assess our overall IT offering."
NT and PC Networking
CIOT arranged a demonstration of Microsoft Office for its users and the session met with predictable enthusiasm. But the institute was conscious of the need to balance the require-ments for new PC based products, with the need to ensure access to all its legacy data.
Maureen Davis, who runs the IT project team at CIOT explains: "We decided on a totally new infrastructure. That meant a local area network, PCs and a new server platform. In addition to training and support we would also have to ensure complete integration with the InfoBase system and the ability to convert between Uniplex and the new office systems."
"I could see the benefits," continues Davis. We could use market leading PC products. We could save money on training, temporary staff and support. We could increase productivity with email and direct fax. But I could also see the pitfalls and choosing the right supplier was going to be critical. I wanted someone we could trust to supply the total solution."
From Uniplex to Windows & NT
"That is why we chose Centreline 2000."
In just 4 months Centreline worked with the project team to implement the new system and train all the users.
Now an Ethernet local area network running TCP/IP connects CIOT's Microsoft Windows NT server with the client workstations. Each PC user has Windows 95 and Microsoft Office Professional. Each user also has access to server-based fax, email and the Internet.
The 2 existing UNIX machines are also attached to the network. To ensure integration with CIOT's legacy systems, Centreline supplied Office 2000 document and spreadsheet converters (for translation between Uniplex and MS-Office Pro). CIOT also use Office 2000 PC-Enterprise to share files between the UNIX systems and the new PC network. Combined with terminal emulation, users can readily access their membership database and integrate information with their PC applications.
Advice you can trust
"A key requirement for us was complete trust," says Davis. "My background is not in computing and as an organisation we did not want to deal with the implementation details. What we wanted was a supplier who could be trusted to take the whole project away and make it happen. That is exactly what Centreline did."
Reliable, popular and effective
A good example was CIOT's choice of server platform. The institute could have chosen to stay with UNIX, but Centreline advised that the time had come to make the change.
"We wanted a strategic view," continues Davis. "Centreline gave us exactly that - on the server, security, storage, the Internet and a host of other issues."
Maureen Davis is delighted with the results so far. "Centreline had a proven track record which is why we chose them. They have not let us down. Although it is early days, the new systems are reliable, popular and effective. I am still impressed with the ease with which they went in."
"When I analyse why things have gone so well," she continues, "I think it is down to a thorough understanding of our needs. They took the time to make sure we all got it right."
Solid growth
For the future, CIOT are already making plans to migrate their membership databases from InfoBase/Oracle into Microsoft. They are also evaluating producing their examination and membership papers in-house.
"For us, the real benefit comes with knowing we have chosen an infrastructure, platforms and technologies that will grow to meet our future needs."
Solution summary:
|
Site: |
The Chartered Institute of Taxation (CIOT) head office in Belgravia
|
|
Problem: |
To provide office systems, electronic mail, fax and internet access and legacy system integration to the institute's 30 staff and improved levels of service to their 10,000 members.
|
|
Problem-solvers: |
Maureen Davis and the project team at CIOT working with Centreline 2000.
|
|
Solution: |
Local area network with Microsoft Windows NT running TCP/IP. 30 personal computers connected to the LAN, running Microsoft Windows 95 Office Professional.
Internet, fax and email access via the server.
Office 2000 to provide legacy system integration including terminal emulation, file sharing with the UNIX hosts and document/spreadsheet conversion.
|
|
COMPARING SECURITY FOR UNIX AND NT |
There has been much news in the press recently regarding generally poor security of computer systems.
So, we thought a short article highlighting the basic password controls for Unix and NT systems would be timely.
The weakest link of any security chain is the basic user password.
Users are notorious for writing them down, passing them round and in once case I saw having it posted on the wall!
Control of passwords relies on (a) users remembering their passwords,
(b) administrators ensuring that passwords are current.
To help users remember passwords we recommend that passwords are made from two simple and short words
- such as "line" and "tree" to make "linetree".
A user can remember this (hopefully) without recourse to the yellow sticky.
For you the administrator there are controls you can set to ensure that passwords are changed reasonably frequently. Both Unix and NT provide a similar set of controls.
The screen shot above shows the master control for NT security. We shall discuss here these features and their corresponding SCO Unix attribute. For SCO Unix all changes are made by editing the files /etc/default/passwd and /etc/default/goodpw.
Starting top left on the NT screen we have "Maximum password age". This is the number of days before the password expires. This ensures that users change their passwords regularly and that leaked passwords don't remain valid for long. In Unix you set the field "MAXWEEKS=13" for a password change very quarter.
On the top left we have "Minimum Password Age", or for Unix "MINWEEKS". When set to more than zero it stops users setting a new password (as requested) and then immediately changing it back to their old one. If "MAXIMUM" is set then "MINIMUM" should be also.
Centre left is "Minimum Password Length", or for Unix "PASSLENGTH". This is the minimum number of characters that a password must have, for reasonable security this should be set to 5 or more.
Centre right is "Password Uniqueness", which on NT prevents a user from switching between only two passwords. There is no direct equivalent in Unix, instead you can set entries in "goodpw" for "AVOID_USERS=YES", "AVOID_GROUPS=YES", "AVOID_MACHINES=YES" and "AVOID_ALIASES=YES" which prevent using user names, group names, machine names and mail aliases respectively. "AVOID_WORDS=YES" also prevents single words from being used. None of these controls are available in NT.
And bottom left we have "Account Lockout". For NT this counts the number of failed attempts to enter the correct password, after the final try the account is locked out, i.e. no further use of the account can be made. The account can be locked out for a few minutes or forever (until the administrator resets it).
For Unix similar function is provided by the automatic delay after 3 attempted logins. Not as bullet proof, but does prevent any access at the terminal for a period - this prevents a modem connection trying many user names and passwords.
| 
