IT Trenches


November 30, 2009  4:03 PM

Check your IT environment health using this FREE Microsoft tool



Posted by: Troy Tate
Active Directory, dns, domain controller, event logs, file replication, free tool, Microsoft, Microsoft Windows, network health, small enterprise, troubleshooting, Windows

Microsoft has an excellent free tool for checking the health of your IT environment in small to medium size networks (up to 20 servers and 500 clients). This tool will scan the environment and report on health items such as:

  • Network connectivity between servers
  • Active Directory health – sites, subnets, replication
  • File replication – sysvol issues
  • DNS health
  • Network adapter configuration
  • Domain controller health
  • Network Time Protocol (NTP)
  • Exchange server configuration
  • Event log entries

The tool can be found on the Microsoft Downloads website. It is a very simple tool to install and run. The process goes something like this.

Continued »

November 19, 2009  6:15 PM

I didn’t learn information technology from TV crime dramas



Posted by: Troy Tate
chat, communication, covert channel, education, hacker, information technology, internet relay chat, irc, leetspeak, misinformation, technology education

I recently blogged about an online Nmap training video and referenced some movies that featured the Nmap application. It’s not just movies that feature information technology. Television features it’s share of information technology also. However, like anything you see on TV or in the movies, you have to consider accuracy of the information source. TV shows are not meant to be educational unless marketed as such, even then sources should be verified and established as credible. A recent Numb3ers show featured a segment about IRC or internet relay chat. According to the video below from YouTube, that is about all that was accurate about this information technology reference.

[kml_flashembed movie="http://www.youtube.com/v/wXW-HnRSrbQ" width="425" height="350" wmode="transparent" /]

What references to information technology have you seen that may hurt or hinder IT professionals?

Thanks for reading & let’s continue to be good network citizens.


November 19, 2009  3:21 PM

Online Nmap video training – scan your network



Posted by: Troy Tate
blackhat, education, free training, hacker, host identification, network analysis, network testing, nmap, online training, penetration testing, scanning, training, training resources, vulnerability scanning, whitehat

Nmap has been around a long time. It has become an indispensable tool for identifying systems, services and vulnerabilities on a network. It has also been featured in movies like The Matrix Reloaded, Bourne Ultimatum and Die Hard 4. What other network tool do you have in your toolkit that is a movie star?

I came across a great training resource for Nmap. It is a video by the author of Nmap, Gordon “Fyodor” Lyon. This particular video is from Defcon 16 Black Hat Briefings 2008. It is a great video because you learn some tips and tricks from the Nmap master. Take some time and learn about scan timing settings in Nmap that can get you results much faster. Learn also about analyzing responses of firewalled hosts versus non-firewalled hosts. The tips I learned in this video made a big difference in getting my job done.

The CosmoLearning website has a lot of excellent computer science content. This is a website to bookmark if you are a computer professional or student. You will find something of interest whether it be artificial intelligence, computer graphics, programming theory, or robotics.

Thanks for reading & let’s continue to be good network citizens!


November 19, 2009  1:59 PM

What technology would Shakespeare use?



Posted by: Troy Tate
forensics, investigation, playwright, robots, Shakespeare, technology

In that realm of odd and unusual news stories, a recent story on Wired tells about a Texas A&M production of Shakespeare’s A Midsummer Night’s Dream using robot flying fairies alongside the rest of the carbon based cast. So, it seems like the classics are just that, the themes and stories also work well in today’s world. Isn’t that the definition of a classic, that it speaks to us today as effectively as it did to others in the past?

This story just made me wonder what technologies of today Shakespeare would have used in his plays.

In Hamlet, would Shakespeare have used the techniques and tools that the Ghost Hunters on Syfy use for detecting the ghost of Hamlet’s father?

In Macbeth, would the three witches have met using Cisco’s Telepresence?

Would CSI have been called in to investigate all of the deaths of King Lear’s daughters?

What technology elements or themes do you think Shakespeare would have used if he had available then what is available today?

Thanks for reading & let’s continue to be good network citizens!


November 11, 2009  6:31 PM

Free online IT education resource



Posted by: Troy Tate
Adobe, certification, Database, information technology reference, information technology tutorial, IT education, Linux, MAC OS, Macromedia, Microsoft, Microsoft education, network technology education, Networking, programming, sql, technology education, tutorial, XML

I recently came across an excellent IT education resource that is free. It is the eTutorials.org website. According to the website it is a source of  thousands online tutorials, useful tips, articles, and researched recommendations.

Some of the content on eTutorials includes topics like:

Adobe:

  • Adobe Illustrator CS
  • Adobe Photoshop 7. How to
  • Adobe Premiere 6.5. Teach yourself in 24 hours
  • Adobe Indesign CS2. Professional Typography

Networking:

  • Lan switching fundamentals
  • Router firewall security
  • Wireless lan security
  • Integrated cisco and unix network architectures
  • Lan switching first-step
  • Mpls VPN security
  • Beginner’s guide to wi-fi wireless networking
  • 802.11 security. wi-fi protected access and 802.11i
  • Wimax Technology for broadband wireless access
  • Wireless community networks
  • Network security assessment
  • Network security hacks
  • Network Management
  • Wireless networks first-step
  • LAN switching first-step

Certification:

  • A programmer’s guide to java certification
  • CCNP BSCI Official Exam Certification Guide
  • Sun certified solaris 9.0 system and network administrator all-in-one exam guide
  • Advanced DBA Certification Guide and Reference

Other technology sections include:

  • Macromedia
  • Programming
  • SQL
  • Server Administration
  • Microsoft Products
  • Mac OS
  • Linux systems
  • Mobile devices
  • XML
  • Misc

An example of the table of contents in the CCNP BSCI Official Exam Certification Guide tutorial includes the following sections:

CCNP BSCI Official Exam Certification Guide, Fourth Edition – Graphically Rich Book
Each chapter includes:
“Do I Know This Already?” Quiz
Foundation Topics
Foundation Summary
Q&A

Introduction
Part I: Introduction to Scalable Networks
Chapter 1. Network Design
Chapter 2. IP Address Planning and Summarization

Part II: EIGRP
Chapter 3. EIGRP Principles
Chapter 4. Scalable EIGRP

Part III: OSPF
Chapter 5. Understanding Simple Single-Area OSPF
Chapter 6. OSPF Network Topologies
Chapter 7. Using OSPF Across Multiple Areas
Chapter 8. OSPF Advanced Topics

Part IV: IS-IS
Chapter 9. Fundamentals of the Integrated IS-IS Protocol
Chapter 10. Configuring Integrated IS-IS

Part V: Cisco IOS Routing Features
Chapter 11. Implementing Redistribution and Controlling Routing Updates
Chapter 12. Controlling Redistribution with Route Maps
Chapter 13. Dynamic Host Control Protocol

Part VI: BGP
Chapter 14. BGP Concepts
Chapter 15. BGP Neighbors
Chapter 16. Controlling BGP Route Selection

Part VII: Multicasting
Chapter 17. What Is Multicasting?
Chapter 18. IGMP
Chapter 19. Configuring Multicast

Part VIII: IPv6
Chapter 20. Introduction to IPv6 and IPv6 Addressing
Chapter 21. IPv6 Routing Protocols, Configuration, and Transitioning from IPv4

Appendix A. Answers to Chapter “Do I Know This Already?” Quizzes and Q&A Sections

There is a LOT of tutorial content on this website! I would highly recommend using this resource for reference materials and increasing your knowledge in the technology topics offered.

Thanks for reading and please share with other IT Trenches readers what online tutorial resources you use for reference or education.


November 5, 2009  4:50 PM

Do you use TLS or client certificates for authentication? Beware of new MITM vulnerability



Posted by: Troy Tate
apache, authentication, certificates, IIS, information security, risk, risk management, SSL, tls, vulnerability, web services

As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.

For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:

extendedsubset.com

Renegotiating TLS

Marsh Ray

Steve Dispensa

v1.1 November 4, 2009

Summary

Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well. Although this research has focused on the implications specifically for HTTP as the application protocol, the research is ongoing and many of these attacks are expected to generalize well to other protocols layered on TLS.

There are three general attacks against HTTPS discussed here, each with slightly different characteristics, all of which yield the same result: the attacker is able to execute an HTTP transaction of his choice, authenticated by a legitimate user (the victim of the MITM attack). Some attacks result in the attacker-supplied request generating a response document which is then presented to the client without any certificate warning or other indication to the user. Other techniques allow the attacker to forward or re-purpose client certificate authentication credentials.

Visit the website for details including:

extendedsubset.comThe full document in pdf format: Renegotiating_TLS.pdf

Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf

Packet captures: renegotiating_tls_20091104_pub.zip

This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.


October 23, 2009  6:40 PM

Stuck on a blacklist? Sue the big guys! Cisco, Microsoft, Comcast, TRUSTe



Posted by: Troy Tate
blacklist, Cisco, Comcast, eavesdropping, lawsuit, Microsoft, net neutrality, privacy, TRUSTe, wiretapping

A web based tool I frequently use is called Network-Tools.com. I frequently use the site to lookup names associated with IP addresses and whois information and ping to the addresses. A recent notice on the page raised my concern. The notice says:

Network-Tools owner sues Microsoft, Cisco, Comcast and TRUSTe over IP Address Blacklisting
Suit alleges eavdropping, privacy policy fraud, breach of contract and defamation

Interesting stuff, huh? So why would this suit be raised? According to the page tracking the lawsuit:

The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.” Comcast even blocked his communication link with a mail server he operates outside the Comcast network. The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws. The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies. Continued »


October 23, 2009  5:58 PM

Tools I use – Startup Control Panel



Posted by: Troy Tate
application, portable application, regedit, tools, Windows, windows service, windows startup

One of the tools I frequently use is called Startup Control Panel. This is a free tool from Mike Lin. It is a portable tool so it does not require any client installation and may be run from a USB memory stick. This tool is similar to the excellent Autoruns & Autorunsc tools from Sysinternals. This is a good method to get at and manage those items that startup when your system starts.

The Startup Control panel tool window looks like the window below:

Startup Control Panel window

Startup Control Panel window

Using the application:

I have successfully run this utility on both XP and Vista. The dialog contains six to seven tabs, depending on your system configuration. Each tab represents one place where a program can be registered to run at system startup. These include:

  • Startup (user) – the current user’s Startup folder in the Start Menu.
  • Startup (common) – the common (all users) Startup folder in the Start Menu.
  • HKLM / Run – the Run registry key located in HKEY_LOCAL_MACHINE. These apply for all users.
  • HKCU / Run – the Run registry key located in HKEY_CURRENT_USER. These apply for the current user only.
  • Services – system services that are started before the user logs in. This appears only in Win9x; on NT/2000/XP, use the Services control panel, or the Services item in Computer Management.
  • Run Once – started once and once only at the next system startup.
  • Deleted – programs go to the Deleted tab when you remove them from another location. They will not run at system startup, but will merely be stored should you ever want to use them again. If you delete an item from the Deleted tab, it is removed permanently.

Each page contains a list of the programs registered at that location. Use the checkbox to enable or disable individual items. Additional operations are available by right-clicking an item. You can select multiple items using the Shift and Control keys. Options include:

  • New… – create a new entry. You can also drag & drop files from My Computer or Explorer.
  • Edit… – edit an existing entry.
  • Delete – delete the currently selected entry.
  • Disable / Enable – disable or enable the selected entry. A disabled program will appear in the list with a special icon, and will not run at system startup. You can also use the checkbox next to an item to enable or disable it.
  • Run Now – executes the program now.
  • Send To – moves the entry from the current location to another.
  • Press F5 to refresh the list at any time.

Hope you find this tool as useful as I do. Thanks for reading and let’s continue to be good network citizens.


October 21, 2009  1:20 PM

Microsoft IT professional resource – RunAs Radio



Posted by: Troy Tate
Active Directory, AD, dba, Development, education, IIS, IT education, Microsoft, podcast, Powershell, SharePoint, sql, virtual machines, Virtualization, webcast

I just came across an excellent resource for IT professionals working with Microsoft products. It is called RunAs Radio. There are weekly podcasts about topics of interest to those of us who support Microsoft products. The podcasts are in multiple formats such as mp3, wma & AAC (iPod). I was particularly interested in the presentations on performance management. There are several presentations on this one topic. Some sample topics include:

Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”

Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.

Steven Choy Measures Server Performance!

Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.

Thanks for reading and let’s continue to be good network citizens!


October 15, 2009  6:44 PM

Free Training – Laura Chappell presents: Wireshark 201 Jumpstart – Filtering on the Good, the Bad, the Ugly



Posted by: Troy Tate
analysis, education, ethereal, howto, IT education, Laura Chappell, Metrics, Monitoring, network analysis, Networking, packet analysis, packet capture, performance monitoring, protocol analysis, reporting, tcp/ip, tools, trace files, training, troubleshooting, wireshark

Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 – 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.

Some things you will learn in this webinar:

  • Using the Default Capture and Display Filters
  • Creating a Few Hot Capture Filters
  • Filtering Tips and Tricks for Troubleshooting
  • Filtering Tips and Tricks for Security

Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.

Thanks for reading and let’s continue to be good network citizens!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: