So, first create a new MSAccess database and then create a table called “Packages” like the following:

ID:         Auto increment

PackageDesc:    Contains a short description of the file (E.g. Microsoft FrontPage)

PackageName:    Is the filename, avoid using spaces (E.g. “MSaccess.exe” better than “MS Access.exe”) because this will be used to construct the download link

PackageType:    Can be Special or Standard or Goodie. Standard/Goodie will be available for download to everyone while Special will be only for the users that are members of given groups.

NeededGroup:    In case of Special package the visiting user must be part of this group in order to download the package.

Then create another table called “Sites” as the following:

Country:    Short name of the Country (E.g. ITA=Italy, GER=Germany)

Subnet:        The third octet of the country/site’s IP address range (E.g. ITA= 192.168.39.x)

Distrib_Point:    The web server in the given country (E.g. websrv_ITA)

The first table will handle information on the packages themselves and whether they’re freely accessible or not; the second table instead will be used in order to redirect the user to his/her local web server in order to save bandwidth. This is applicable only in environments in which the IP subnets are correctly set for country level and where in every country or site there is a local IIS web site.

In the next post I’ll be showing you how to build the homepage for this site and the techniques used for it….keep on reading!

I normally tend to use professional tools for these delicate matters because of several considerations: when you BUY software you also have support, agreements, SLAs and so on; also by using a professional product you can easily centralize the management of your antivirus infrastructure by scheduling corporate scans, virus definitions updates and so on. But we won’t loose the spirit of the TLBAT section and I’ll provide you suggestions on some freeware tools that you can use to protect your network.

The tools are:

1. Grisoft’s AVG antivirus
2. SpyBot Search & Destroy
3. HiJackThis
4. Microsoft malware removal tool

AVG is an antivirus software and here I won’t spent too much words; SpyBot S&D has to be used when you suspect that spyware or malware is installed on your computer, this software has automated removal procedures and is easy to use; HiJackThis is a more pro-skilled software because it searches in several places in your computer looking for BHO (Browser Helper Objects), hijackers (ex. you want to surf to yahoo.com but it redirects you to malware.com) and registry entries. Seen that the informations catched by HiJackThis are sometimes in critical components of your system please be really careful of what you are removing!! For the Microsoft Windows Malicious Software Removal Tool, this is a software that helps for removing most known virii (plural of virus) such as Blaster, Sasser, and Mydoom and so on.
My 2 cents: these tools, the HoneyPot described in a previous article and the patch/update control server (WSUS) can be affordable in protecting your network…but don’t forget this principle “A security-relaxed SysAdmin is the weakest entry point in a structure” so never, I say never, deploy your tools and think “I’m safe now” because it will come the day in which your network is infected by all kind of virii , malware, pornware and whateverware!!!

Stay tuned and keep on reading this blog.

In order to have a server/infrastructure of servers for the updates in your network, you will need to install the Microsoft Windows Update Services Server 3.0 (a.k.a. WSUS).

Basically with WSUS you can create a local update server where you can control all the updating process for your client’s network. You may choose to download the updates and patches from the Microsoft Update site and store a copy of the files locally in order to save bandwidth; you may only choose to control the approval/denial of the updates and have the clients connect to Microsoft to download the files; you may also create a tier based WSUS structure where a child server receives updates and approvals from the above server and so on.

Once you have designed, planned and installed your WSUS structure you can then use Group Policies, or any other method (e.g. VBScript) to have your clients connect to the WSUS servers in your structure.

First start by downloading this document that describes the process for deploying the WSUS; then you may consider having a look at this site that explains how to implement GPO for the use of WSUS or consider using either VBScript or this Visual Basic 6.0 tool I released some years ago.

This time we have to thank Microsoft for providing another money-saver tool that won’t impact your low budget!!!

Keep on reading my blog and in the end you will have saved lots of buck$ that you may consider to send me via PayPal!!

When building an IT infrastructure, one of the features you HAVE to consider is to provide messaging and collaboration tools to your customers (normally your employer…alsways remeber: the users are your customers!); considering to buy Microsoft Exchange is always the first choice but as you know this will cost you money that, with some little sacrifices, can be saved.

Once again I’ll focus on a VMWare appliance (ok, it’s clear that I do love VMWare appliances!) that you can download, burn or mount as an ISO image and then start the VMWare machine and have an almost ready tool for the production evironment.

This time the VMWare appliance consists of a Linux based machine (rPath linux) and the preinstalled Zimbra Collaboration Suite 4.5. On this link you can download the ISO image that you can mount on your VMWare Server/Player (more instruction in this previous post) and once you have powered on your VMachine you can have a free, opensource, reliable messaging and collaboration server.

Hereafter some screenshots:

The tool we are going to describe today is a low interaction HoneyPot that will be a central point for your network and avoid spreading of malware and provide you useful information about attacks. This virtual machine, once configured, will act as a computer without patches, antivirus software and that holds sensitive information; this way of acting will attract attackers and malware, it will download a the binary files and study their behavior and provide useful information about the type of the attack, the entry point and so on.

First start downloading the appliance from this site and then read some interesting documentation on the Security Focus website; in this post I won’t provide all needed information about how to configure the virtual machine because this depends on how you want to configure the HoneyPot, in this blog post you can read how to mount the appliance you just downloaded and have it running in minutes.

Whe you have finished the mount of the virtual machine you can access it by using the following credentials:

Username = root Password = pass2cng

[LINKS]

Nepenthes homepage

HoneyBow sensor

We will use the free VMWare Server and the Squid Proxy + DANS Guardian appliance. The appliances are precompiled and configured virtual machines for the VMWare Server/player that you can download from the VMWare site and that you can “mount” and, with little effort, use in your environment. In addition to the proxy/content filtering machine you may like to add a report generator so you can always have nice reports showing blocked sites/users/ip addresses and more, this good tool is called SARG
The scope of this article is to have a solid proxy server and a content filtering for internet browsing so you can both masquerade your network clients and provide a caching solution that can ease the clients’ surfing experience. In addition you can have a content filtering where you can block/allow access to sites and contents soyou can have a complete control on where/when/what your client computers can do on the Internet.

First download the VMWare Server (about 146Mb) and apply for a free product key; meanwhile I suggest you downloading the VMWare appliance because this will take longer (about 712Mb).

Install the VMWare Server and place the file of the appliance that you just downloaded in a directory that you prefer (normally it is C:\Virtual Machines) . Open the VMWare Server Console and choose File/Open, browse your computer where you saved your file before; this will add the virtual machine to the inventory.

Start the machine and follow all the steps requested during the startup process.

Once that the vm has started login with user=root and password=proxy2006 then change password by issuing the passwd command:

At this point you can configure your IP address (first you have to configure the VMWare Virtual Networks). To do so you have to:

1. Login to the VMachine
2. Issue the ifconfig eth0 command
3. Read the inet addr value and use it in your internet broswer (Example https://192.168.0.100:10000)

At this point in your internet browser you will have the web interface (Webmin) to the system where you can manage every single setting, from the network configuration, to the startup levels and so on.

I suggest you using the Webmin interface if you are not really familiar with Linux commands or Putty if you want to access the system via SSH console.

At the beginning the content filtering could be really restrictive, I suggest you testing the sites you want to be listed/banned and check/configure the groups (Ex. /etc/dansguardian/bannedsitelist).

After you have configured all the VM settings, the DANS Guardian and so on you are ready to test and implement your solution…we spent about 1/2 hours but saved lots of bucks!!

There are many reasons you may need to image computers: it may be for a huge rollout, for backup purposes or for any other reasons that leads you to have a centralized storage for images of the computers in your network.

Seen the spirit of this TLBAT (The Low Budget Admin Tools) section, I alwas prefer to apply opensource/freeware solutions, in this case I suggest you using the PING project (Partimage Is Not Ghost) that says it all: partition imaging is not strictly Ghost! This great tool can be either a bootable cd or a RIS (Remote Installation Services) tool that enables computers in your network to boot from cd/network and save or load an image of their computer to a centralized point.

Once again a great tool, for free and completelly integrable with your Windows environment, I hope someone is enjoying this TLBAT section, if please let me know your impressions through the comments on this blog area.

I tested SpiceWorks for a couple of months and I really appreciated this product that comes with a really easy setup process and gives you good results in terms of inventory, reporting and so on.

I suggest you to have a look at this free product that can save time and money for everyone.

P.S. This is not an AD but simply a suggestion!!