Oct 10 2008 7:58PM GMT
Posted by: Troy Tate
Security,
Monitoring,
reporting,
IT education,
Data security,
malware,
performance monitoring,
botnet,
Metrics,
risk,
research,
awareness,
vulnerability,
dhs,
analysis
If you are into metrics, you might find this article rather interesting. For Good Measure: Type II Reverse Engineering
A couple of the security metrics I find interesting:
Counterfeit hosts (zombied/botted): 30% (estimated)
Odds that neither end of a P2P session is øwned: 50–50
Bytes required to counterfeit a presidential candidate: 1
Dollar value of counterfeit Cuban
cigars: $100 million
Dollar value of counterfeit whisky: $700 million
Dollar value of counterfeit IT: $100 billion
Information like this really helps you understand why hackers and criminals do the things they do. I’m not endorsing it by any means.
Oct 9 2008 3:56PM GMT
Posted by: Troy Tate
administration,
Networking,
Cisco,
Monitoring,
VoIP,
unified communications,
IP telephony,
DataCenter,
IT education,
WAN,
LAN,
PSTN,
design,
howto,
risk,
education
As you may have already read, I will not be attending the Enterprise VOIP event at CampIT Conferences in Chicago on 10/14. Well, I thought I would bring my portion of the discussion to you in this virtual panel discussion and maybe you and I both can gain some from this forum.
Some background on our environment: IP phone population - over 400, distributed at 4 sites, largest ~150, smallest 60; all Cisco
Why implement VOIP?
- greenfield site - needed a phone system and VOIP made sense for a new site install to position for future
- acquired company in process of implementing VOIP - came into a situation where an acquisition had purchased VOIP and I became owner of the implementation; had issues with chosen vendor and equipment lists; eventually came out successful but was not without its pain during implementation.
- forward looking strategy - setup the company to have regional communication hubs for IP telephony; we have VOIP in North America, Europe and Asia now; this could permit us to leverage our WAN for toll bypass provided we build other local site infrastructure to support this technology.
Our biggest challenges:
- users: they find the phones easy to use and very good features; however, there are some features like managing meet-me conference calling that they feel are too onerous so don’t take the time to use this cost-saving feature
- administrators: setting up phones is an infrequent event so it is not a real simple task to setup a new phone; moves are made easier than traditional systems; troubleshooting skills are different since voice now is carried over the data network until it reaches a PSTN gateway
Best features:
- dial another site using extensions rather than 10 digit or more dialing
- “on phone” directory - can lookup another IP phone user’s extension directly on the phone rather than finding them on a piece of paper or website somewhere
- easier conference calling than old system
- mobile-phone like features: listing missed calls; call history log
- moves are made easier; adds are a challenge since done infrequently
Desires for additional features/services:
- more ringtones (must have been someone young and a heavy cell phone user)
- integration with e-mail/web
What are the risks?
- it’s challenging to implement in an “old school” infrastructure environment (flat network, no-vlans, hubs still in use, etc.) It takes lots of forethought and understanding VLAN’s, WAN links, need to update staff skills.
- The network MUST be reliable or voice will suffer. Traditional phone companies have had 100+ years to make a bulletproof network.
- Costs. It’s not cheap to implement this technology. You have to weigh the ability of the organization to support non-industry leading implementations versus choosing the best technology you can afford.
- Maintenance. Upgrading the software in the servers, gateways and phones is much riskier than upgrading a traditional PBX environment.
What are the rewards?
- It positions the organization to take advantage of other services provided that it is not simply an IT-led project but meets business requirements.
Feel free to add comments on your own experiences, concerns. This is a great forum and keep up the good work of information sharing!
Oct 9 2008 3:00PM GMT
Posted by: Troy Tate
administration,
Networking,
Firewalls,
Storage,
Security,
DataManagement,
intellectual property,
email,
Data security,
Policy,
SharePoint,
Exchange,
design,
website,
risk,
policy enforcement,
vulnerability
I’m looking for some help on this topic and have posted a question to the ITKE community. Hopefully someone out there has had some experience with this service for your organization and can provide some valuable insight.
One group I participate in is a mailing list from SANS. If you have not attended a SANS event or education, then you should try to get to one of their events. They are one, if not, the premier non-vendor related security and systems administration group in the IT industry. I posed the same question to this peer group and have had some very good responses. Some suggestions for solutions have come back and include:
Microsoft Office SharePoint (http://www.microsoft.com/sharepoint/default.mspx)
OpenText – Livelink (http://www.opentext.com/2/sol-products/sol-pro-llecm10.htm)
Webex Connect – (http://webex.com/enterprise/index.html) (There are other flavors for small & medium business)
Accellion - http://www.accellion.com)
These are very interesting solutions and I will certainly be looking at all potential candidates. One thing that bothers me about the SharePoint option is its security capabilities. SharePoint is typically Microsoft Active Directory integrated. This has major security implications and in fact CSO magazine has posted a recent article on this topic. I recommend that you read the article and understand what risks the SharePoint solution may open for your organization.
Why Security Pros Hate Microsoft SharePoint
Microsoft’s SharePoint collaboration platform is all the rage in today’s business world, especially since third parties gained the ability to plug security holes. But managing it can still be a nightmare for IT security shops.
I am still looking for more references and ideas for this solution, so please share what you are doing for your organization and it will be much appreciated by me and other readers.
Oct 8 2008 2:00PM GMT
Posted by: Troy Tate
administration,
Networking,
tools,
VoIP,
unified communications,
IP telephony,
DataCenter,
IT education,
design,
howto,
awareness,
education
Update: I will not be a panel member at the CampIT Conference on Enterprise VOIP being held in Chicago (Rosemont) on Tuesday, October 14. However, please try to attend this event if you are in the area and support the CampIT conferences group.
Per the CampIT Conference website:
According to leading industry analysts, 99% of enterprises have implemented IP Telephony. Many made the decision to do so based on projected long term savings and increased efficiencies. But what are the best ways to capitalize on your existing investment and prepare for the future? How can you leverage your investments to provide new services that your business is asking for?
In this one day conference attendees will learn:
- How to leverage IP telephony and unified communications (UC) to improve business processes
- How to determine which UC services are the best fit for your organization
- How to troubleshoot converged networks
- How to determine if your IP converged network is vulnerable and what you can do about it
- How to integrate mobility with UC
- Advice from the experienced enterprise IT User: How IP telephony/UC users are maximizing their investment
The panel discussion will be at the end of the day so hopefully you will stick around for that part of the event. Even if you do not, the event will hopefully help you and your organization understand what VOIP or unified communications can do for sustained business value.
Oct 6 2008 1:12PM GMT
Posted by: Troy Tate
administration,
Networking,
forensics,
Security,
tools,
Microsoft Windows,
Monitoring,
reporting,
internet,
LAN,
debugging,
Data security,
malware,
performance monitoring,
recovery,
Microsoft,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
packet capture,
research,
diagnostics,
Sysinternals,
toolkit,
analysis
If you ever need to get under the covers of running Windows processes for investigating why a system is running slow, then the Sysinternals toolkit has an updated tool that will help you. Per the website:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.
If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!
Oct 3 2008 7:59PM GMT
Posted by: Troy Tate
administration,
Networking,
Firewalls,
forensics,
Security,
tools,
Monitoring,
reporting,
internet,
IT education,
WAN,
LAN,
debugging,
Data security,
SSL,
performance monitoring,
blogging,
design,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
Metrics,
wireshark,
packet capture,
research,
blog,
podcast,
diagnostics,
toolkit,
analysis
If you are like me, you like those little goodie tools like nmap and wireshark that do something that is actually pretty complex but do it well and have a great following. I just came across this website that I am going to have to take some time to go through and find all of the nuggets it offers. Hope you get some use out of it too and let us know what you discover and how it made your job easier.
LoveMyTool
There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org - A Survival Guide for Bootstrapping Entrepreneurs
Oct 3 2008 3:25PM GMT
Posted by: Troy Tate
Data security
Still stuck with lowering IT budgets and increasing costs? Hear Laura Chappel’s six things you should do on a vanishing IT budget.
See and listen to the presentation here.
Oct 2 2008 12:00PM GMT
Posted by: Troy Tate
administration,
tools,
Microsoft Windows,
reporting,
debugging,
performance monitoring,
recovery,
server,
troubleshooting,
Performance,
howto,
diagnostics,
toolkit
Debugging a dump from a hung server may not be something you do every day, so you may want to engage with a Microsoft debug expert, however with this information as your guide you may find that you can narrow down a problem and save yourself a call.
My Server is hung - what do I do?
http://blogs.msdn.com/ntdebugging/archive/2008/09/12/red-alert-my-server-is-hung-what-do-i-do.aspx
If you need additional background on debugging, this article can get you started:
Basics of Debugging Windows
http://blogs.msdn.com/ntdebugging/archive/2008/08/28/basics-of-debugging-windows.aspx
· Collect a kernel dump: http://support.microsoft.com/kb/244139
· Set up the debugger: http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
· Know how to use the symbol server: http://support.microsoft.com/kb/311503
Additional resources that you may find useful (including links to the tools, book recommendations, etc.):
· Microsoft Debugging Tools
· ADPlus – An automated way to use the cdb.exe to capture/create a usermode dump when a process hangs or crashes (more info - http://msdn.microsoft.com/en-us/library/cc265629.aspx or KB286350)
· Public Symbols for Microsoft Operating Systems:
o Microsoft Public Symbol server : srv * DownstreamStore * http://msdl.microsoft.com/download/symbols
o example: srv*c:\mysyms*http://msdl.microsoft.com/download/symbols
o Microsoft Symbol packages http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx#d
· Use !Analyze-v to gather additional information about the bugcheck and a bucket-id for your dump file. The bucket-id can be submitted to Microsoft for review for similar crashes and resolutions. Try using the Microsoft Online Crash Analysis to submit your crash dump bucket-id for possible follow up from Microsoft or for Microsoft to look for trends: http://oca.microsoft.com/en/Welcome.aspx
· For concepts, tools and information about the system architecture: http://msdn.microsoft.com/en-us/default.aspx
· Windows Internal 4th edition (by Mark E. Russinovich & David A. Solomon): the whole book or Chapter 14 - Crash Dump Analysis
· Advanced Windows Debugging (by Mario Hewardt & Daniel Pravat): http://technet.microsoft.com/en-us/default.aspx
· How to Access the User Mode Debugger from the Kernel Debugger
· How can I find out why the Cluster Resource Monitor dumped – Access Violation
· 1394 Kernel Debugging Tips and Tricks [WinHEC 2004; 373 KB]
· Debugging Windows Vista
Oct 1 2008 8:03PM GMT
Posted by: Troy Tate
administration,
homeland security,
financial analysis,
government,
website,
Metrics,
threshold,
risk,
awareness,
blog,
Wall Street,
analysis
We all know that things in the US economy are bad right now. Looking back we wonder if anyone was thinking ahead and thinking “what-if” and managing the risk. Apparently no one was doing that and here we are today with the government working on a $700 billion bailout for some critical financial organizations to ensure the world credit market does not collapse.
Speaking of looking back, I was recently reading the book Good to Great by Jim Collins. This is a easy to read business management book with some very good nuggets. It was written in 2001 and focuses on several companies and what it took for them to exceed the general market and become what the researchers considered great companies. Some of the companies mentioned include Abbott, Circuit City, Fannie Mae, Kimberly-Clark…
Wait, did I just say Fannie Mae? Isn’t that one of the companies that is being bailed out by the US government? Why yes it is! Interesting… before 2001 Fannie Mae was considered a great company according to Mr. Collins and team. You are wondering how I am relating this to IT or technology. Well, one of the chapters in the book is titled “Technology Accelerators”. This chapter focuses on how do “good-to-great organizations think differently about technology?” The book says that Fannie Mae:
“Pioneered application of sophisticated algorithms and computer analysis to more accurately assess mortgage risk, thereby increasing economic denominator of profit per risk level. “Smarter” system of risk analysis increases access to home mortgages for lower-income groups, linking to passion for democratizing home ownership”
As we have seen, something must have changed since 2001. Fannie Mae is no longer considered a great company since it is in need of so much taxpayer help due to poor risk management. What did the company do with the technology that made them so great before 2001? Did they just modify some Excel spreadsheet and change the threshold so some cells that were red are now yellow or even green? Did they ignore the idea of managing mortgage risk to ensure that people could have the “dream come true” of home ownership?
I cannot answer that since I am not part of Fannie Mae or any financial institution. I just ponder what if they had continued to use technology effectively in addition to making less risky decisions if they would still be considered a great company.
One thought I want to leave you with is one of the unexpected findings by Mr. Collins and his research team about technology accelerators:
“The idea that technological change is the principle cause in the decline of once-great companies (or the perpetual mediocrity of others) is not supported by the evidence. Certainly, a company can’t remain a laggard and hope to be great, but technology by itself is never a primary root cause of either greatness or decline.”
