IT Trenches


June 6, 2008  7:19 PM

Did you see this? – Is it Up/Down or is it just me?

Troy Tate Profile: Troy Tate

This is a great website to test if a public website is responding. http://downforeveryoneorjustme.com/ I am not sure what mechanism it really uses to test if a site is responding, if it is a ping test or if testing actually does an html GET. Anyways, this site may be a worthwhile addition to your network troubleshooting toolkit bookmarks.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

June 4, 2008  7:26 PM

Researching Network TAPs – Strike 1 (part 4)

Troy Tate Profile: Troy Tate

Yesterday, I received my Datacom Systems Singlestream 102 network tap. I installed it during lunch and wouldn’t you know, something started not working right on the network! Hmmmmm… maybe I should have tested this before putting it on the live network…. well… lesson learned.

You ask “What stopped working?” Let me tell you my friend… everything stopped working! Well, actually, to the users it seemed that way. It was as if I had a bad cable between the LAN and the router. Users were reporting slow performance due to packet retransmissions  and the LAN switch and the router were taking errors on the internal ethernet ports. Not a good situation!

So, strike 1 on the SS102. I called Datacom technical support and found out they were closed after 5:30 PM EST. It was now 8:15 PM EST. I left a message with details of what I was seeing on the network.

The next day, around 9:00 AM I tried calling Datacom technical support but received a message that all office staff were in a mandatory company meeting. A short time after this, I received a return call from a very good support engineer. We discussed my application and how I went through troubleshooting the situation. His current suggestion is rather than set the router & LAN switch ports to 100/full to set them to autosensing and ensure that portfast is enabled (this is a Cisco LAN switch). So, that is where I am now. I need to make a network maintenance window to make this change and try once again installing the Singlestream 102.

Stay tuned. More to come.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


June 3, 2008  1:26 PM

Troubleshooting humor for the day – engineer, systems analyst & programmer

Troy Tate Profile: Troy Tate

Quick Stop

A computer engineer, a systems analyst, and a programmer were driving down a mountain when the brakes failed. They screamed down the mountain, gaining speed, and finally managed to grind to a halt, more by luck than anything else, just inches from a thousand foot drop to jagged rocks. They all got out of the car.

The computer engineer said, “I think I can fix it.”

The systems analyst said, “No, I think we should take it into town and have a specialist look at it.”

The programmer said, “Okay, but first I think we should get back in and see if it does it again.”

Thanks to Arcamax Publishing for this content.


May 31, 2008  2:28 AM

Did you see this? – Noticebored – Infosec Awareness Education

Troy Tate Profile: Troy Tate

Noticebored is a great resource for information security awareness. The blogs are timely and cover a great spectrum of topics with regards to this important topic.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


May 23, 2008  7:58 PM

Did you see this? – Security Primer for the non-technical

Troy Tate Profile: Troy Tate

This is a shout-out to fellow blogger Martin McKeay. His Security Primer for the non-technical is a blog worth sharing with friends, family and co-workers. Hence, I am sharing this with you today.

His first paragraph is a simple read and leads to a lot of valuable information.

The Internet is a dangerous place. When your (sic) connected to it, you need to make sure to protect yourself from it. Right now there are several very active worms out there, crippling systems around the world. Here are some basic steps you can take to protect yourself from the Internet.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


May 21, 2008  1:18 PM

Cutting IT corners is not cutting IT

Troy Tate Profile: Troy Tate

How often does this happen to you? A user is going to travel to another company location and they want to checkout a laptop for the journey. However, they tell you the morning of the travel rather than in advance. So you do not have time to check out the device and ensure that it is really in good operating condition or up to date on patches and anti-virus.

As they say, “Poor planning on your part does not constitute an emergency on mine”. However, this is a real business situation and IT responds to the user’s needs.

We recently had a situation where IT staff at a site gave a laptop to a user for travel. The IT staff cut corners due to time restraints and not understanding the implication of following corporate standards. The outcome of this: the user was given administrative rights on the laptop and non-standard software was installed. The combination of these two events created almost the perfect storm when the user reached their destination at another company facility.

The traveling user’s device created a denial of service (DOS) since it was infected with a virus and was unprotected due to anti-virus protection that had not been updated for over a year. This DOS took down some manufacturing equipment so production stopped. This took away one of the three legs of the information security triad: AVAILABILITY. Users were unable to access the systems or services they needed to do their jobs. The user was also unable to use the travel laptop in this condition.

Needless to say, the problem device was removed from the network and corrective actions were taken.

Both sites now understand why we have the procedures in place that we do. Users are told that they will submit their travel laptop request at least one day in advance. IT will no longer add these users to the local administrators group on the travel laptops. Let’s hope that these actions help reduce the likelihood of this happening in the future.

Network admission control (NAC) is a good method of enforcing policy on devices attaching to the network. However, this takes significant investment in equipment, software, policy creation and enforcement activities. Well, maybe someday I will be able to move in this direction. In the meantime, communication, understanding and enforcement will help all involved, users, IT and management.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


May 16, 2008  6:40 PM

Did you see this? – Fear or doubt? New rootkit from researcher’s labs

Troy Tate Profile: Troy Tate

Do you fear or doubt these types of announcements? There are so many possibilities and weaknesses in systems and services.

According to: SoftPedia News

TechWorld reported today that a new type of malware that could be impossible to detect by the anti-virus technologies currently on the market has been developed by security researchers and will be demonstrated at the Black Hat security event scheduled for August in Las Vegas. The same source adds that the new rootkit could prove to be incredibly hard to detect first of all due to the fact that it stays in a “protected part of the computer memory”.

Just what I needed… another reason to tell my users to “just say no” to using computers.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


May 13, 2008  4:06 PM

To be done: an acquisition/merger checklist

Troy Tate Profile: Troy Tate

An acquisition or merger is not a frequent event for my organization. However, it seems like in the past year or so we have worked on a number of these activities. So, it seems like it may be time to create a formalized checklist for the IT department items that need to be addressed during an acquisition.

To get the ball rolling, I am listing some items that I consider to be important to the infrastructure/security folks like me. I know this list is not exhaustive or complete. It is a work in progress and will need to be refined for each event since they are all different. Some of these may be done in the due-diligence but the rubber hits the road during the implementation.

So, without further ado:
Absorbing a new acquisition – to do list (general & incomplete)

  • Private WAN connectivity – 30-90 days or more lead time depending on location
  • flexible IP addressing scheme to absorb devices on new network(s)
  • Internet firewall changes – ports, source addresses, NAT, etc.
  • DNS ownership and management
    • changing registrars
    • changing DNS nameservers – use a dig tool to get information concerning current configuration – MenAndMice
  • Network hygiene – how clean are the devices and what personnel habits need to be changed?
  • Device inventory – what effort will it take to do this?
  • Software licensing inventory
  • What about handling loss of staff & knowledge?
    • Documentation of processes, procedures, configurations?
  • Phone list sharing
  • E-mail addressbook sharing
  • E-mail system integration
    • anti-spam/anti-virus
    • calendar sharing
  • ERP process integration
  • Resource access permissions
  • Financial reporting integration – accounts payable, receivable, tax, etc.
  • Staff reporting structure
  • Other HR activities – benefits, payroll, etc.

I welcome your insight and experience on the many other activities you feel is important to address during a merger/acquisition.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


May 9, 2008  6:20 PM

Did you see this? – a live honeynet

Troy Tate Profile: Troy Tate

I just came across the Shadowserver Foundation. According to their mission:

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.

This is a great resource to find out what’s happening “in the wild” and to help sell security protection to your organization. This is real stuff happening in the real world. For example, take a look at how detailed the blog entry is on the winzipices.cn SQL injection / malware attack. This gives you enough information to fight the threat and feel confident you understand it.  Well done to the Shadowserver Foundation!

Thanks for your time. Let’s be good network citizens together &
practice safe networking!

 


May 9, 2008  12:51 PM

Did you see this? – the viral bitgirl

Troy Tate Profile: Troy Tate

I have always had an appreciation for Laura Chappel of www.packet-level.com fame and her quirky sense of … hmmmmm.. sense?? hahaha… well… she does have a great sense of humor and a heightened sense of awareness with respect to those bits and bytes flowing across our wired and wireless networks.

Laura Chappell has now gone viral after her “initial concern about being somewhat infectious”. She has launched the BitSpitters video series – fast answers to fast questions. The BitSpitters videos are hosted on YouTube right now – feel free to link to her BitSpitters page at www.wiresharktraining.com/bitspitters.html to always get the latest. After seeing the initial response from viewers, it seems more folks are interested in the humorous “How Do I Look Smarterest?” style so according to her recent Wireshark U newsletter she will be putting out some more ‘unique’ short videos for your viewing pleasure – and her newsletter has the following warning: “just wait until you see the ‘beach scene’ coming up! [Don't even get that 'bathing suit' thought in your head!]

[kml_flashembed movie="http://www.youtube.com/v/fTmlnQE917k" width="425" height="350" wmode="transparent" /]

In case you want more packet level and data networking education, I HIGHLY recommend her Master Library which you can purchase through WiresharkU. For a short time only, she is offering an dditional 50% off already discounted price. Coupon code: NLMAY Expiry: May 31, 2008.

Thanks for your time. Let’s be good network citizens together & practice safe networking!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: