Tip

Cheap Microsoft licenses for security pros: Microsoft Action Pack

 

There's a little and not well-known jewel available from Microsoft that can help put an end to the "I don't have a good test environment" syndrome and take your security skills to the next level. It's called the Microsoft Action Pack.

@45127 The Action Pack is for Microsoft consultants, systems integrators, VARs, developers and others who are part of the Microsoft Partner Program. I was turned on to the Action Pack by a colleague of mine last year and I must say that the $299 I invested was well worth it. Why do I like it so much? All of the Microsoft software you get comes for such a small price. Many of the programs even come with a 10-user Microsoft license. Just about everything Microsoft puts out is in the package -- from client applications to server databases, including:

  • Windows Server 2003
  • Small Business Server
  • Windows Vista Business
  • SharePoint Server
  • ISA Server
  • Exchange Server
  • SQL Server
  • Virtual PC

With this package, you can set up an environment and scan for vulnerabilities, exploit missing patches, crack passwords, practice your system hardening techniques, whatever -- all on a shoestring budget.

The Microsoft Action Pack is updated quarterly so you can keep up with the latest and greatest -- including certain beta software like Windows Server 2008 Enterprise. As of November 30, 2007, Microsoft requires Action Pack subscribers to sit through an online course and pass an associated test with a score of 70% or better and maintain their partner status. This is an effort to weed out people trying to obtain "cheap" software for business purposes that should otherwise be purchased through normal channels. Be sure to read Microsoft's licensing and eligibility requirements to make sure the type of business you have and what you want to do with the software is permitted.

If you qualify for the Microsoft Partner Program, the Action Pack provides a very cost-effective way of setting up a lab environment to learn about security. You can create a non-production network and bang away at Microsoft-based systems to your heart's content. This type of hands-on learning in a non-critical test environment builds a foundation for gaining and maintaining information security knowledge. Plus you'll get the added benefit of learning about all the ins and outs of Microsoft's software, which will not only enhance your career but also add value to your organization and to your customers as a whole. Sounds like a good investment to me.

About the author: Kevin Beaver is an independent information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic, LLC, where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels information security audio books providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.

This was first published in November 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.