August, 2008

Aug 22 2008   8:02PM GMT

Poor Spelling = Identity Lost

Posted by: Troy Tate
administration, Networking, forensics, Security, Browsers, web, reporting, WWW, intellectual property, CA, certificate authority, malware, SSL, design, website, howto, network analysis, online identity, risk, awareness, blog, vulnerability, MITM, man-in-the-middle

Well, I am not the best speller and I know that is true for most people. I have recently discovered how this human weakness can get you into trouble and cause identity loss as well as potential financial loss.

This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed https://www.mybnak.com/myaccount into your browser. The actual address should be https://www.mybank.com/myaccount. This is just a simple typographical error right? Hmmmmm… maybe not!

Consider if an attacker purchased the domain name mybnak.com. They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?

How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.

This looks like the following picture:

This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!

Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:

Mozilla SSL Policy Considered Bad for the Web

SSL VPN might not be as secure as you think

Black Hat 2008 Aftermath

But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.

The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 22 2008   3:46PM GMT

Trolls on ITKE - I think not!

Posted by: Troy Tate
administration, Networking, Security, web, reporting, internet, CIO, WWW, IT education, intellectual property, design, website, online identity, risk, awareness, blog

Here’s an interesting blog entry I came across this week. I have great respect for John Postel mentioned in the article. He contributed immensely to the design of the protocols on which we depend on for data networks. I really like his Robustness Principle. “Be conservative in what you do, be liberal in what you accept from others.”  This is a good statement for life but can be a challenge to address in the IT world. The article and follow-up postings have a lot of nuggets of great thought. Maybe add your thoughts to Mr Schwartz’s post or add some thoughts below here.

Have you had to deal with a troll? What were your challenges and how did it end up? What are your suggestions for handling this global issue?

It is quite amazing if you take a minute to think about it how the global internet provides a whole new environment for crime and abuse. There is no single legal body that can deal with this environment. There are no borders (although countries like China try to control what information crosses theirs).

I do want to commend ITKE for seeming to keeping the trolls away from this useful internet resource. I know it is a challenging job but the TechTarget folks are doing a great job! Let’s thank them for all their hard work by keeping up the knowledge sharing.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 21 2008   8:08PM GMT

IT Equipment search & seizure at the US borders

Posted by: Troy Tate
administration, Networking, forensics, Security, Monitoring, reporting, internet, CIO, Mobile, DataManagement, IT education, WAN, intellectual property, Data security, government, Policy, design, online identity, risk, research, policy enforcement, awareness, blog, data loss

I have recently been hearing some rumblings about this issue. I work for a firm with international locations and have travelled out of the country myself. So, this is a personal issue.

What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?

Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?

This issue seems like a bureaucratic (and maybe totalitarian leaning - think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?

I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.

This situation is definitely one to watch and be concerned about as world citizens.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 20 2008   6:19PM GMT

Did you see this? - Need some Exchange advice/support

Posted by: Troy Tate
administration, tools, Microsoft Windows, web, CIO, DataCenter, DataManagement, WWW, CA, spam, certificate authority, digital signatures, email, RSS, wiki, Exchange 2007, Outlook Web Access, Policy, Exchange, design, OWA, website, anti-virus, Performance, Powershell, howto, policy enforcement, awareness, blog, toolkit

Maybe you have already read my post about implementing new Exchange 2007 mailboxes for over 2000 users. If not… look here. So, as you see from this event, ongoing support for these global users on a new messaging system is going to be a real challenge.

I found a great blog posting with links to some excellent Exchange resources. Keep this in your toolkit for those times you just can’t find the answer elsewhere to those nagging Exchange problems. I see lots of other IT people struggling with this system and looking for support here at IT KnowledgeExchange.

Some other Exchange resources I recommend are:

Microsoft Exchange Server Resource Site

E-mail archiving

Seven ways to organize your e-mail

MessagingTalk.org - Portal for Microsoft Exchange Messaging & Collaboration

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 18 2008   7:24PM GMT

Did you see this? - Online tools/tutorials - RingOfSaturn

Posted by: Troy Tate
administration, Networking, Storage, Security, tools, Monitoring, VoIP, web, reporting, internet, DataCenter, DataManagement, WWW, IT education, WAN, LAN, malware, design, website, troubleshooting, Performance, howto, network analysis, online identity, Metrics, wireshark, risk, packet capture, research, awareness, diagnostics

Ok, I admit it. I’m a network tool junkie. I constantly look for neat tools to perform tasks in the easiest manner possible and give me reliable information. This website from RingofSaturn.com is definitely one of the cooler online tool websites. Check out the browser sniffer tool if you are curious about what information your browser gives up while surfing the web. You might be surprised!

Check out the TCP/IP tutorial. It’s a quick easy read that you can share with those you are trying to explain how a network works.

Checkout this website. I guarantee that if networks are in your blood, you will find something of interest here.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 18 2008   7:11PM GMT

Did you see this? - Boot CD tutorial

Posted by: Troy Tate
administration, forensics, Security, tools, Microsoft Windows, Monitoring, Mobile, DataCenter, DataManagement, antivirus, recovery, Microsoft, troubleshooting, Performance, howto, risk, packet capture, research, diagnostics, bootcd

How often have you needed to recover a Windows system or use some type of boot disk? It’s not easy to create a bootdisk in the current versions of Windows (XP or Vista). There’s still a need for this capability. One source of how-to information can be found on the BootCD.US website. I recommend that you check out this fine resource and test this capability before you are in need and don’t have a lot of time to wade through a lot of how-to documentation.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 18 2008   7:04PM GMT

Moving a datacenter - one weekend - DONE!

Posted by: Troy Tate
administration, Networking, Monitoring, internet, CIO, DataCenter, WAN, LAN, design, troubleshooting, Performance, network analysis, risk, facility, facility management

Well, another busy month here. Last month we moved more than 2000 users from 6 different e-mail systems to a single e-mail platform. This month we moved a factory facility about 5 miles. The original facility was too small for our needs and we are also integrating a recent acquisition that was in a separate facility.

This event had been in the planning and implementation stages for months. The building had to be outfitted for occupancy and services had to be ready for use on day one.

Fortunately we had implemented a Cisco CallManager solution at the old facility and it was easy enough to move into the new facility. However, some challenges existed with that implementation. First of all, our original implementation was not a full CallManager implementation. It was a Survivable Remote System Telephony (SRST) implementation. The actual CallManager cluster for this site is located in southern California. This site is in northern California, several hundred miles away.

Another issue was that the site was experiencing growth due to the merged office. Our current gateway solution was not large enough to handle the additional handsets. We implemented a larger gateway with capacity to handle the current user population plus some additional growth.

I say “We” because we had a partner helping us with the implementation. This is not something we have in our staff skillset. Our partner helped us with the original implementation at the site. They provided outstanding support and were available to help with other network issues as they arose during the move and day one of business. I was able to breathe a sigh of relief with this partner onsite.

Our servers moved over without a glitch. Our structured cabling plant looks really nice (for the moment, I’m sure) . Our users enjoy the new facility. So, it’s a win-win!

My only real issue happened unfortunately on day one of business in the new facility. For some reason, both the primary and secondary network links went down. This was definitely not a good thing especially since the site used the remote CallManager to manage calls. During this period, the WAN link was unreliable and calls were dropped and phones reset. Another item that you should note is that there was another tenant moving into the building next door. My company and this other shared a telecom closet where all communication circuits entered the facilities. I have major concerns about cross-connects as well as the danger of miscommunication with the carriers about circuits being terminated or orders placed.

My WAN provider went right to work though and had the carriers investigating why both our primary (T1) link and backup (DSL) link went down. The circuits are provided by different carriers so they could work unrestricted on their issues while we waited for resolution. The T1 issue was due to some problem at the carrier central office (hmmmm…. likely story since I had a new neighbor moving in at the same time.) The DSL issue turned out to be some kind of problem with inside wiring.

Our circuits became stable later on day one and have been stable ever since. I’m really glad the event is over! Now we are planning for a new site implementation coming online in January and the facility has not even been built yet. The new facility is not even in the USA so this will be even more of a challenge.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 14 2008   2:58AM GMT

Managing risk & vulnerability

Posted by: Troy Tate
administration, forensics, Security, Monitoring, CIO, DataCenter, DataManagement, IT education, antivirus, Data security, malware, Policy, design, honeypot, risk, policy enforcement, awareness, vulnerability

Jotting some quick thoughts here after answering a user post. Thought I would place the same information here for all to see. This list is by no means complete and your thoughts are always welcome.

Some ways to measure risk include:

How valuable is the asset?
How much of a threat exists?
What is the impact if the system/service is exploited?
Is the vulnerability rated high/medium/low?
Can the risk be reduced?
How easily can it be reduced considering costs, technology, staffing & skills?
What is the probability of the vulnerability being exploited?

You are asking yourself:
What are you protecting?
What can happen to it? - How can it happen?
What does it mean to the business?
How can the risk be reduced?
How likely is it to happen given the existing conditions?

Risk assessment goal: identify & prioritize risks.
Risk management goal: manage risks to an acceptable level. This can be done by:

• Mitigate: select controls; implement; monitor
• Transfer: purchase insurance
• Accept: do nothing
• Avoid: discontinue activity

Thanks for your time. Let’s be good network citizens together & practice safe networking!