IT Trenches


July 29, 2009  5:51 PM

Network Computing magazine is BACK! – WAN Optimization issue

Troy Tate Profile: Troy Tate

The Network Computing magazine was always one of my favorite trade publications. It covered a lot of very technical things from basic to advanced levels. I was very disappointed when they stopped publication. So, it is with a lot of excitement that I am sharing with ITKE members that Network Computing magazine is back! It is available online for your perusal. It is now a quarterly publication. The July 2009 issue focuses primarily on WAN optimization technologies.

Take a few minutes look it over. You may gain a better understanding of WAN optimization and how it might help your organization. Go to Network Computing for the July 2009 issue.

Thanks for reading & let’s continue to be good network citizens.

July 28, 2009  3:11 PM

Open Patch Management Metrics Model Released

Troy Tate Profile: Troy Tate

Securosis and Microsoft have teamed up and released an Open Patch Management Metrics Model. The purpose of this model is to  “provide organizations with a tool to better understand their patching costs.” The model also has ten steps with multiple substeps to help guide an organization through a patch management process framework.

The document can be found on the Securosis website. More information will be released as the model matures and additional organizations contribute to the research. Let the ITKE community know your thoughts on this model and if the metrics are meaningful to your organization.

For myself, I think that the metrics would be good to gather but would be a challenge to maintain when we are always being challenged to do more with less.

Thanks for reading & let’s continue to be good network citizens!


July 24, 2009  6:47 PM

Microsoft Learning Snacks: Coming to a desktop near you

Troy Tate Profile: Troy Tate

In today’s business environment it is always a challenge to get technology training as it seems like training is one of the first things to get cut.

Microsoft has always been a great source of free training material that can help make IT professionals and user’s use of technology much more effective. A Microsoft training resource you may not have heard of is Microsoft Learning Snacks. These are short (most between 3-20 minutes long) Silverlight-based self-paced presentations that you can watch at anytime from your computer. The topics available include:

  • Core Infrastructure Optimization
  • Microsoft Exchange Server 2010
  • Microsoft Silverlight
  • Virtualization
  • Web 2.0 Development
  • Windows 7
  • Windows Essential Business Server 2008
  • Windows Server 2008
  • Windows Vista

If you have a little craving for education and your budget does not permit you to go to offsite training, check out the Microsoft Learning Snacks. And, as is true with most snacks, you won’t be filled up here but maybe this will guide you into gaining a better understanding of these Microsoft technologies.

Thanks for reading and let’s continue to be good network citizens!


July 24, 2009  6:03 PM

Using Wireshark to analyze a bot infected host

Troy Tate Profile: Troy Tate

My favorite Bitgirl (Laura Chappell) is at it again in this 15 minute presentation. She came across a host on a network that appears to be infected with some bot application. Take a few minutes and watch and learn! Maybe you will see something you can use or better understand some odd behavior on your local network.

Analyze a BOT infected host using Wireshark Tutorial

Beware – there is a trick question in the presentation. Think hard… you probably know the right answer!

Thanks for reading & let’s continue to be good network citizens.


July 22, 2009  2:55 PM

Using net shell to backup/restore DHCP

Troy Tate Profile: Troy Tate

Recently a fellow ITKE blogger posted Windows server 2003: DHCP server rant. I had been working on moving some DHCP services from one site to another when I saw his posting. I was using a series of network shell (netsh) commands to perform the necessary tasks to move scopes from one server to another. I thought I would share that series of commands with ITKE readers for your use.

We have about 20 sites with DHCP servers. So, this is a significant number of servers and scopes to manage. The Microsoft DHCP management console can be sluggish across a WAN so managing each server through RDP can be a pain also. Fortunately, the netsh dhcp server command set gives a good set of tools for managing DHCP services through a command line.

The netsh dhcp server help says:

Switches the active command context to the specified DHCP server.

Syntax:
dhcp> server <\\ServerName | ServerIP>

Parameters:
ServerName     – The NetBIOS or the DNS name of the DHCP server computer.
ServerIP       – The IP address of the DHCP server computer.

Notes:         If a value for neither ServerName nor ServerIP is specified, the local computer is assumed.

Examples:      server \\DHCP-SRV1
server \\dhcp-srv.microsoft.com
server 10.0.0.1

Using this command and the additional options available to manage DHCP, I wrote a script to go out to each DHCP server, make a copy of all scopes on that server and write it to a central location. The script is shown below. A prerequisite to the script is to get a copy of the psexec.exe tool from Sysinternals (Microsoft). I could use the remote server format of the command but prefer running the command on the remote servers’ command line.

The backup script is shown below. I named mine PS-dhcp-export.cmd

The first part of the script writes a batch file unique to each remote server.

:part1

if exist get-dhcp.cmd del get-dhcp.cmd
echo net use j: /d > get-dhcp.cmd
echo net use j: \\backupserver\c$ >> get-dhcp.cmd
echo j: >> get-dhcp.cmd
echo cd “\dhcpbackup” >> get-dhcp.cmd
echo netsh dhcp server export j:%1.txt all >> get-dhcp.cmd

Part2 actually runs the script on the remote computer and copies the get-dhcp.cmd file to the remote computer’s C:\ folder.

:part2
psexec -c -w c:\ get-dhcp.cmd \\%1

So, to run this against all remote site’s dhcp servers, I create a text file listing each remote authorized DHCP server. There is one server per line and looks something like this:

us1dc01
th6dc01
us2dc01
mx1dc01
us9dc01
us7dc02
uk3dc01
tw3dc01
us4dc01

This file is then read in and processed using the following backupdhcp.bat file:

for /F “tokens=*” %%I in (sites.txt) do call ps-dhcp-export.cmd %%I

Wait a few minutes and the backup is completed across all DHCP servers and a copy of the scopes is in one folder on another server.

If a scope needs restored or installed on a new DHCP server, use a command similar to the following:

netsh dhcp server import backupfile.txt scopesubnet

Where scopesubnet is either “ALL” or the subnet range like 10.2.0.0 or similar. More help can be found on the Microsoft Technet website for the netsh commands for DHCP.

Hope this tip has been useful. Thanks for reading & let’s continue to be good network citizens!


July 20, 2009  7:22 PM

Do you manage or develop websites and need to know more about securing them?

Troy Tate Profile: Troy Tate

If you do manage websites, then you should know about the Open Web Application Security Project (OWASP). This group is working to make web application security issues visible so organizations can make intelligent decisions about how to address the risks.

There is a great series of very short (5 minute) presentations from OWASP about web vulnerabilities. One of the most interesting is about cross site scripting (XSS) vulnerabilities. This is a huge issue and web application developers need to understand this threat and how to address it. Take a few minutes and watch the series. Maybe you will pick up something you never knew about web vulnerabilities and be able to better explain risks of certain applications to your organization.

These presentations are also focused on discussing the Consensus Audit Guidelines (CAG) and how they apply to application and service development.

Thanks for reading & let’s continue to be good network citizens!


July 20, 2009  6:36 PM

Wireshark quickstart tutorial – learn to capture network traffic

Troy Tate Profile: Troy Tate

There are more upcoming sessions in the Laura Chappell seminar series called Wireshark 101Jumpstart tutorials. Check out the schedule at Chappell University website. Some of the things you will learn include:

  • Wireshark elements and capabilities
  • Tapping into the wired or wireless network
  • Capturing and filtering basics
  • Graphing basics

If you cannot attend the seminar, you can still register and download the seminar notes and gain access to the trace files used in the session. If you manage a network, you should learn this stuff! Be sure to register and attend early. The sessions are limited to 1000 viewers and these fill up FAST!

See my entry

Repetition is one of the keys of learning

for a how attending one of these seminars helped address an issue I was having with using Wireshark.

Thanks for reading and lets continue to be good network citizens!


July 20, 2009  6:05 PM

Nmap v5 released – nearly 600 changes!

Troy Tate Profile: Troy Tate

Fyodor has announced the release of Nmap v5. This is the first major release since 1997. There are over 600 changes in the new version.

According to Wikipedia:

Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich).[1] Nmap is a “Network Mapper”, used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren’t advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.

If you have not used Nmap before, you should become add it to your toolbox and become familiar with this extremely useful network administration and testing tool. Some of the additions in v5 include:

1. Ncat included with Nmap. If you are familiar with netcat, then enough said. If not, ncat is a “reinvention” of the infamous netcat tool. Ncat is defined as the ‘swiss army knife’ for security testing and admin functions and can be considered a ‘piece of clay’ as you’ll find it’s range of uses is only limited by the user’s imagination and technical skills.

See http://nmap.org/ncat/

2. Ndiff scan comparison tool can be used to compare two Nmap XML files – in essence,  you can scan a host today and scan it tomorrow and use Ndiff to compare the two to see differences in the results.

See http://nmap.org/ndiff/man.html

3. Performance enhancements have been made possible by the numerous scans Fyodor made of the internet last summer  and finding the most commonly-open ports and reduce the number of ports scanned by default. In addition, you can define your own scan rate and bypass Nmaps congestion control algorithms.

4. The Nmap Scripting Engine (NSE) scripts have been improved and 32 new scripts added including scripts for MSRPC/NetBIOS atacks, queries and vulnerability probes, brute force attack scripts against SNMP and POP3 and more. NSE scripts/modules are defined at http://nmap.org/nsedoc/

5. The Nmap Book – this is a MUST HAVE for anyone involved in network troubleshooting or security! This is the best technical book that has come out in many years!

Get this right now at http://nmap.org/book/

I have a copy of the Nmap book that I ordered from Amazon. It is a great reference addition to your technical library and will be of great use. Nmap is a very technical tool but there are graphical interfaces for its use.

Let other ITKE members know how you use Nmap. Leave some tips/tricks here for our readers.

Thanks for reading and let’s continue to be good network citizens.


June 29, 2009  8:15 PM

Another threat to watch out for – Ants in the keyboard!

Troy Tate Profile: Troy Tate

On Friday I posted a tongue-in-cheek type posting about a worm taking down a laptop. Not necessarily big news but something different to see as a risk to computing equipment.

Another similar story came to my attention today. It has to do with ants in a membrane switch type keyboard. Check out the article Ant Farm In The Keyboard. Hey… isn’t it about sharing troubleshooting information between peers? wink-wink – nudge-nudge

Thanks for reading. Have a great day and let’s continue to be good network citizens!


June 26, 2009  5:22 PM

Friday news alert – Worm causes computer crash! – Troubleshooting tip

Troy Tate Profile: Troy Tate

Well… that’s probably news every day somewhere but in this case it was a real worm and I’m not talking about an electronic worm! I guess I need to ensure I don’t leave my computer out on the patio on the swing. I need to also watch my cat.

Check out the story Worm Causes Computer to Crash. You will see what I am saying is true.

Thanks for reading and let’s continue to be good network citizens.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: