TLBAT

[TLBAT] Control and see your band….width!

You just subscribed a new contract with your ISP and they promised a given download/upload rate but you don’t know how to monitor this.

What would you do? Buy famous branded software and reduce your low budget or save bucks and use a free one (so you have more money left that you can send to me?? )…I’d say that you’ll go for the second choice…obviously.

The tool I talk about is the great Paessler’s Router Grapher that can provide you nice graphs that show how your bandwidth is used.

Graph example

[TLBAT] SysLog for Windows

The more you see, the more you know, this is never as right as it is in IT world.

Every device in your network or Linux machine or whatever else writes information on logs and, depending on the log level you defined for these “devices”, the information can be really helpful for re-acting/pro-acting to problems, finding issues or simply historyzing your events.

This post is about a free, windows based and human readable syslog daemon that you can install somewhere in your network and that can provide you a centralized point for logging.

The tool is called Kiwi SysLog Daemon and is downloadable here.

[TLBAT] Keep patches and updates under control with WSUS

In my previous articles I’ve described the process to allow several services and servers to be installed for free or at low cost in your network; this post continues with “I want it but I have no budget” philosophy and enables you to have an update and patching system for your network where you can control who, what, when is updated/upgraded.

In order to have a server/infrastructure of servers for the updates in your network, you will need to install the Microsoft Windows Update Services Server 3.0 (a.k.a. WSUS).

Basically with WSUS you can create a local update server where you can control all the updating process for your client’s network. You may choose to download the updates and patches from the Microsoft Update site and store a copy of the files locally in order to save bandwidth; you may only choose to control the approval/denial of the updates and have the clients connect to Microsoft to download the files; you may also create a tier based WSUS structure where a child server receives updates and approvals from the above server and so on.

Once you have designed, planned and installed your WSUS structure you can then use Group Policies, or any other method (e.g. VBScript) to have your clients connect to the WSUS servers in your structure.

First start by downloading this document that describes the process for deploying the WSUS; then you may consider having a look at this site that explains how to implement GPO for the use of WSUS or consider using either VBScript or this Visual Basic 6.0 tool I released some years ago.

This time we have to thank Microsoft for providing another money-saver tool that won’t impact your low budget!!!

Keep on reading my blog and in the end you will have saved lots of buck$ that you may consider to send me via PayPal!!

[TLBAT] Messaging, collaboration, IM …. an opensource alternative to Microsoft Exchange

Another post to present a free tool, another post to save your low budget!

When building an IT infrastructure, one of the features you HAVE to consider is to provide messaging and collaboration tools to your customers (normally your employer…alsways remeber: the users are your customers!); considering to buy Microsoft Exchange is always the first choice but as you know this will cost you money that, with some little sacrifices, can be saved.

Once again I’ll focus on a VMWare appliance (ok, it’s clear that I do love VMWare appliances!) that you can download, burn or mount as an ISO image and then start the VMWare machine and have an almost ready tool for the production evironment.

This time the VMWare appliance consists of a Linux based machine (rPath linux) and the preinstalled Zimbra Collaboration Suite 4.5. On this link you can download the ISO image that you can mount on your VMWare Server/Player (more instruction in this previous post) and once you have powered on your VMachine you can have a free, opensource, reliable messaging and collaboration server.

Hereafter some screenshots:

[TLBAT] Honey, honey…HoneyPot!

In a previous post I suggested you to build a proxy and content filtering solution based on a VMWare virtual machine, in this post I’ll redo the same thing: propose another VMWare appliance that you can mount on your VMWare server, configure and have a ready-to-go tool for your IT environment.

The tool we are going to describe today is a low interaction HoneyPot that will be a central point for your network and avoid spreading of malware and provide you useful information about attacks. This virtual machine, once configured, will act as a computer without patches, antivirus software and that holds sensitive information; this way of acting will attract attackers and malware, it will download a the binary files and study their behavior and provide useful information about the type of the attack, the entry point and so on.

First start downloading the appliance from this site and then read some interesting documentation on the Security Focus website; in this post I won’t provide all needed information about how to configure the virtual machine because this depends on how you want to configure the HoneyPot, in this blog post you can read how to mount the appliance you just downloaded and have it running in minutes.

Whe you have finished the mount of the virtual machine you can access it by using the following credentials:

Username = root Password = pass2cng

[LINKS]

Nepenthes homepage

HoneyBow sensor

[TLBAT] Proxy server and content filtering

In this article I’ll explain how you can have your proxy server and content filtering for your network absolutelly for free allowing you to save at least 1600 USD (Microsoft ISA 2006 Standard Edition)!!

We will use the free VMWare Server and the Squid Proxy + DANS Guardian appliance. The appliances are precompiled and configured virtual machines for the VMWare Server/player that you can download from the VMWare site and that you can “mount” and, with little effort, use in your environment. In addition to the proxy/content filtering machine you may like to add a report generator so you can always have nice reports showing blocked sites/users/ip addresses and more, this good tool is called SARG
The scope of this article is to have a solid proxy server and a content filtering for internet browsing so you can both masquerade your network clients and provide a caching solution that can ease the clients’ surfing experience. In addition you can have a content filtering where you can block/allow access to sites and contents soyou can have a complete control on where/when/what your client computers can do on the Internet.

First download the VMWare Server (about 146Mb) and apply for a free product key; meanwhile I suggest you downloading the VMWare appliance because this will take longer (about 712Mb).

Install the VMWare Server and place the file of the appliance that you just downloaded in a directory that you prefer (normally it is C:\Virtual Machines) . Open the VMWare Server Console and choose File/Open, browse your computer where you saved your file before; this will add the virtual machine to the inventory.

Start the machine and follow all the steps requested during the startup process.

Once that the vm has started login with user=root and password=proxy2006 then change password by issuing the passwd command:

At this point you can configure your IP address (first you have to configure the VMWare Virtual Networks). To do so you have to:

1. Login to the VMachine
2. Issue the ifconfig eth0 command
3. Read the inet addr value and use it in your internet broswer (Example https://192.168.0.100:10000)

At this point in your internet browser you will have the web interface (Webmin) to the system where you can manage every single setting, from the network configuration, to the startup levels and so on.

I suggest you using the Webmin interface if you are not really familiar with Linux commands or Putty if you want to access the system via SSH console.

At the beginning the content filtering could be really restrictive, I suggest you testing the sites you want to be listed/banned and check/configure the groups (Ex. /etc/dansguardian/bannedsitelist).

After you have configured all the VM settings, the DANS Guardian and so on you are ready to test and implement your solution…we spent about 1/2 hours but saved lots of bucks!!

[TLBAT] The IT swiss-knife

In my previous article I wrote about removable media used to access dead/dying computers and I mentioned a bootable USB drive that you can always have with you. Personally I have the USB pendrive always with me because it is tied to my car keyholder.
Let’s describe my USB swiss-knife: it has a bootable WindowsXP that has been built as described here and also features the PortableApps suite loaded with the WireShark utility, the InfraRecorder and all the standard applications that may save you some time on almost every x386 computer.

In addition I added a Tools folder filled with:

• BGInfo
• Double Driver
• KeyFinder
• Microsoft Key Update Tool
• HijackThis
• AntiVir

BGinfo: This tool adds some useful information on the desktop background and is highly configurable.

Double Driver: Useful for saving all installed drivers that can be used for driver reinstallation after a format.

KeyFinder: It finds the Microsoft Windows XP /Office product key.

Microsoft Key Update Tool: It can change the WIndows XP product key.

HijackThis: Really helpful tool that helps discovering BHO, Hijacks and spywares.

AntiVir : Free antivirus software.

So adding these tools to the PortableApps Suite made my swiss-knife for easy problem solving on most computers.

[TLBAT] Accessing dead/dying computers

On my previous article I had a comment about someone trying to access a dying computer where because of wrong drivers, tons of software and other reasons the system couldn’t boot anymore; this article explains my preferred methods of booting a dead/dying computer with an extenal media such as USB or a livecd and perform data recovery, password changes and so on.

:: Booting from USB Drive ::..
This is the slower method but is the more usable seen that not all the times you have your CD case with you so having the USB stick that is bootable and loaded with basic tools is always a good thing; I personally have my USB drive with the car keyholder
My choice goes to PEBuilder that is the most used and reliable technology to build bootable CD/DVDs; this article explains the entire process that enables you to create a WindowsXP bootable USB drive that can be used to access a dying/dead computer and many other useful things (E.g. change the lost local Administrator password!)

:: Booting from CD Drive ::..
Here my choice goes directly to the great UBCD4WIN (Ultimate Boot CD For Windows) that, with its list of preinstaleld tools, enables you to do many useful things directly from a WindowsXP livecd. This saved me a lot of times!!

[TLBAT] Ghosting computers without Symantec’s Ghost

At the moment whenever you talk to the IT you may hear “You have to ghost your computer” meaning that you have to create a snapshot image of your computer partitions and store it somewhere. But why people says that you have to ghost it? Because Norton (actually Symantec) Ghost is the leader in this technology but it has a small problem: it costs bucks and you have to spend some money in order to have a business like repository of computer images.

There are many reasons you may need to image computers: it may be for a huge rollout, for backup purposes or for any other reasons that leads you to have a centralized storage for images of the computers in your network.

Seen the spirit of this TLBAT (The Low Budget Admin Tools) section, I alwas prefer to apply opensource/freeware solutions, in this case I suggest you using the PING project (Partimage Is Not Ghost) that says it all: partition imaging is not strictly Ghost! This great tool can be either a bootable cd or a RIS (Remote Installation Services) tool that enables computers in your network to boot from cd/network and save or load an image of their computer to a centralized point.

Once again a great tool, for free and completelly integrable with your Windows environment, I hope someone is enjoying this TLBAT section, if please let me know your impressions through the comments on this blog area.

[TLBAT] Network inventory made easy… and free!!

Do you want to have a network inventory of computer and devices, do you need an out-of-the-box solution for IT HelpDesk? Here it is…for free!!!

I tested SpiceWorks for a couple of months and I really appreciated this product that comes with a really easy setup process and gives you good results in terms of inventory, reporting and so on.

I suggest you to have a look at this free product that can save time and money for everyone.

P.S. This is not an AD but simply a suggestion!!