September, 2008

Sep 30 2008   1:34PM GMT

Did you see this? - Laura Chappell’s Troubleshooting & Security Summit

Posted by: Troy Tate
Networking, forensics, Security, tools, Monitoring, reporting, DataManagement, WAN, LAN, Data security, malware, SSL, performance monitoring, troubleshooting, honeypot, Performance, Network TAPs, howto, network analysis, Metrics, wireshark, risk, packet capture, research, awareness, education, toolkit

Maybe you already know Laura Chappell (The Viral Bitgirl), if not then this is your chance to meet her and gain loads of knowledge in 2 days.

On November 4-5, 2008 - Las Colinas, TX (near Dallas-Ft Worth airport) Laura will be holding a Troubleshooting and Security Summit.

In two full days you will walk away with more security, optimization and troubleshooting knowledge than you’d get after spending months in the field figuring this out.

Learn the best practices and most efficient tools to use to analyze wired and wireless network performance to optimize and secure network communications from Laura Chappell, Founder of Wireshark University and Protocol Analysis Institute. See the Summit 08 special pricing and group discount information below. Register today at www.chappellsummit.com.

Key points include:
* TCP Enhancements in Vista/Server 2008
* Faster File Transfers with SMBv1 vs. SMBv2
* Traffic Analysis between Virtualized Hosts
* Proven Techniques to Baseline the Network
* Latency Chokepoints
* Automatic Traffic Capture and Analysis
* Network Security and Forensics Procedures
* Key Points to Deploying Decoys
* Suspicious Traffic Signatures
* Handling Traffic Evidence

Bring Your Own Laptop (BYOL) Format
This hands-on lab-based course offers a series of demonstrations and individual hands-on labs to rapidly improve and expand your skill set. You will leave with your laptop loaded with tools, trace files and configured to improve network performance and security immediately after class.

GUEST SPEAKERS
*Gerald Combs, Creator of Wireshark - Must-Know Steps to Analyzing Virtualized Communications and the Future of Wireshark

* Tom Quilty, Cybercrime Investigator for BD Consulting and Investigation - Preparing for and Handling a Data Breach or Theft

Register Today - Seating is Limited
Register online at www.chappellsummit.com. Registration $1,295 - Early Bird $995 (ends midnight PDT Tuesday 9/30/08)

Group Discounts: Bring in two or more people from your company and receive $100 off each additional registration. Contact Brenda Czech at +1 408-378-7841 for more details.

Wireshark University Savings: Attendees receive the Wireshark University WSU03 Troubleshooting Network Communications self-paced course free with the student kits. Registered attendees also receive a 50%-off coupon on Wireshark University Self-Paced Courses.

Register today.
www.chappellsummit.com

If you go, please share some of the tips and tricks you gained with the ITKE population. Help spread the word!

Sep 24 2008   2:07PM GMT

Did you see this? - Using Microsoft Excel for business functions

Posted by: Troy Tate
administration, tools, Microsoft Windows, CIO, financial analysis, Microsoft Excel, Microsoft, howto, toolkit

Came across a great free toolset for Excel today. It is called the Business Functions toolset. Here’s the PCWorld Editor’s review on the toolset:

Looking to use Excel to run your business? Then you’ll want this free add-in, which has 500 new functions to help with just about any business analysis, budgeting, or tracking you need. Need functions specifically for real estate, such as a variety of functions having to do with rent? It’s there. So are functions for other specific industries, as well as hundreds of general-purpose Excel functions as well.

There’s no need to run Business Functions separately from Excel; it integrates directly within it, and is available as menu options. No matter what you need for your business, there’s probably something for you, including a nifty time chart creator, and much more.

–Preston Gralla

You can find this useful download here.

Sep 19 2008   1:16PM GMT

Crunching numbers - is this any way to manage a network?

Posted by: Troy Tate
administration, tools, Monitoring, reporting, DataManagement, WAN, performance monitoring, Performance, howto, network analysis, Metrics, facility, toolkit, facility management

I just got done catching up crunching wide area network usage statistics for the last 6 months. Wow… what a job! I should be doing it at the end of each month but I got behind due to other major activities like moving a data center and implementing a new e-mail system for >2000 users. Those kind of major activities seem to take over the day so routine items sometimes get left behind.

Getting back to the WAN statistics. I download usage stats daily. The stats are in 10 minute increments. So, I get really good detailed information about utilization at the sites. Well, 10 minute stats over a 24 hour period is about 144 data points per day per site (actually, multiply X2 since there are stats for inbound AND outbound usage). Since this is such a large volume of data, I distill it down to the busy business hours of 7AM to 7PM local site time, Monday through Friday. For a regular month, this may give me around 1600 data points each for inbound and outbound. I also have to do some work in converting the dates/times from the vendor reports to Excel-friendly format.

I take these data points and run them through Excel performing some frequency plots and trend analysis. This gives me an idea of utilization at the site during the past month and possible trends for the future month. As you can see, this is a labor-intensive activity. I don’t know of another way of  getting this information given the current toolset I have available. Do any of you have a similar challenge? How do you address it? I do think the task is worth the effort since a global WAN is a significant monthly expense.

As always, thanks for checking out my blog. Let’s be good network citizens together & practice safe networking!

Sep 19 2008   12:53PM GMT

Did you see this? - Encyclopedia of internal network security threats

Posted by: Troy Tate
Networking, forensics, Security, tools, Microsoft Windows, Monitoring, Browsers, web, reporting, WWW, antivirus, homeland security, Data security, malware, Policy, design, Firefox, Microsoft, website, troubleshooting, honeypot, botnet, risk, research, awareness, vulnerability, man-in-the-middle

Promisec has released an online encyclopedia of internal network security threats. This is available online for free. There is a lot of information to look through and decide how the risks affect your organization.

Take for example the entry describing GoogleTalk. The site rates it as one of the top 5 internal threats.

The more we know about these risks the better prepared we can be. Thanks for your time. Let’s be good network citizens together & practice safe networking!

Sep 11 2008   4:36PM GMT

RANT: Am I responsible for training technology staff at other companies?

Posted by: Troy Tate
administration, Networking, Firewalls, Security, CIO, DataCenter, DataManagement, WAN, Data security, Policy, design, risk, policy enforcement, awareness, blog

You may have seen in one of my past blog posts that we relocated a site over a weekend. As a result of that move we are continuing to clean-up various network access issues for services that existed in the old facility but are not available at the new facility.

In the old facility some of the users were required to use a kiosk or standalone computer to access customer extranets using VPN. We wanted to make this easier in the new facility and get rid of the standalone computers and internet connections. As we approach each instance of VPN access, we have to ask the standard questions of what is the destination IP address and what ports need to be opened on the firewall for this service. I recently came across a customer technology staff member at another organization who was responsible for the remote access service but could not answer these standard application questions. The answer I was given was just open any-to-any ports for their destination IP (at least he knew their IP address for this service). I don’t think this was a junior staff member either answering the question. This is the person responsible for interfacing with suppliers!

Well, after walking around and burning off some frustration, I took some steps to try to identify how the application works and make firewall changes according to what I discovered. Working with my managed security partner I went through the following steps:

1. Configure a private client machine and designate as single source of traffic.

2. Define firewall rule to permit any traffic from this client to the destination IP.

3. Run VPN application  and capture details about TCP/UDP ports during the conversation.

4. Close the any-to-any rule and open ports discovered in step #3.

Well, things did work pretty well but apparently there are some other ports needed to be opened, so once again I am asking this customer to help us as their supplier to gain access to their network. We will see if I have to get someone else involved in his organization even though I was told he manages this by himself.

hmmmm… so have you ever had to train someone at another organization that you deal with how to do their job?

Sep 8 2008   4:49PM GMT

Did you see this? - 2007 Web Application Security Statistics Project

Posted by: Troy Tate
Security, tools, Database, Monitoring, Development, web, internet, DataManagement, WWW, Data security, malware, Policy, website, Metrics, risk, research, awareness, vulnerability, data loss

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

 

Goals

1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

 

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic

order):

 

- Booz Allen Hamilton

- BT

- Cenzic with Hailstorm and ClickToSecure

- dblogic.it

- HP Application Security Center with WebInspect

- Positive Technologies with MaxPatrol

- Veracode with Veracode Security Review

- WhiteHat Security with WhiteHat Sentinel

 

The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here:

 

http://www.webappsec.org/projects/statistics/

Sep 3 2008   7:28PM GMT

Did you see (listen to) this? - Podcast on preventing spam

Posted by: Troy Tate
administration, Security, tools, reporting, internet, DataManagement, IT education, spam, email, Data security, Policy, Exchange, anti-virus, Performance, howto, Metrics, risk, awareness, podcast

An audio podcast on how SPAM is generated along with an examination on the frameworks and technologies that help manage and reduce SPAM.

This may be a great tutorial for you and/or your users.

CERTStation Media - Spam-Prevent.mp3

I just ran my monthly e-mail statistics and these are the results:

97,000 msgs/day inbound

8,800 msgs/day delivered to end users - 9%

22,200 msgs/day quarantined as spam - 23%

66,000 msgs/day blocked as spam - 67%

This month had higher than normal quarantine activity. Quarantine has been running about 15% and blocking around 75%.  How does your mail stack up?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Sep 2 2008   6:22PM GMT

Operation Sentinel - Manhattan becomes “Big Brother”

Posted by: Troy Tate
Security, Monitoring, homeland security, Data security, Policy, policy enforcement, awareness, blog, dhs

Hopefully you have read my previous blog entry about IT Equipment Search & Seizure at US Borders. Well, if that is not enough to make you think Big Brother is here and watching, then take a look at the article NYPD seeks to screen vehicles entering Manhattan. This could be come one of the grandest IT endeavors of all time. How do you track these vehicles? What criteria do you capture to be able to determine a threat or not? The article mentions images and radiological readings. I think that authenticating and ensuring readings and images are accurate would create a market need for supercomputer implementations in New York City. How often are the radiological scanning devices calibrated and tested? What skills does someone need to be able to do that? Can cameras be fooled and images wrong?

Who is paying for all of this for NYC? Is this really where the city should be spending its dollars on risk mitigation? Maybe someone should share my thoughts on managing risk & vulnerability.

Thanks for your time. Let’s be good network citizens together & practice safe networking!