Nov 5 2009 4:50PM GMT
Posted by: Troy Tate
tls,
SSL,
certificates,
web services,
authentication,
IIS,
apache,
vulnerability,
information security,
risk,
risk management
As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.
For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:
Renegotiating_TLS.pdf
Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf
Packet captures: renegotiating_tls_20091104_pub.zip
This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.
Oct 21 2009 1:20PM GMT
Posted by: Troy Tate
Microsoft,
podcast,
webcast,
Powershell,
sql,
dba,
Development,
IIS,
AD,
Active Directory,
education,
IT education,
virtual machines,
Virtualization,
SharePoint
I just came across an excellent resource for IT professionals working with Microsoft products. It is called RunAs Radio. There are weekly podcasts about topics of interest to those of us who support Microsoft products. The podcasts are in multiple formats such as mp3, wma & AAC (iPod). I was particularly interested in the presentations on performance management. There are several presentations on this one topic. Some sample topics include:
Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”
Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.
Steven Choy Measures Server Performance!
Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.
Thanks for reading and let’s continue to be good network citizens!
Oct 15 2009 6:44PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
Laura Chappel, the BitGirl, is at it again with another in her series of Wireshark Jumpstart webinars. The next one is called Wireshark Jumpstart 201: Filtering on the Good, the Bad, the Ugly. It will be held on October 27 - 10:00am-11:00am PDT (GMT-7). If you manage networks or want to manage a network, a good understanding of protocol and packet analysis will help you immensely with your career.
Some things you will learn in this webinar:
- Using the Default Capture and Display Filters
- Creating a Few Hot Capture Filters
- Filtering Tips and Tricks for Troubleshooting
- Filtering Tips and Tricks for Security
Even if you are very familiar with Wireshark or other packet capture and protocol decode tools, Laura’s seminars are well worth attending. You might even find out a little tidbit here or there because Repetition is one of the keys of learning. Unfortunately I will not be able to attend this webinar since I will be on a golf vacation in North Carolina. So, if you attend this event, please come back and share with me and other IT Trenches readers what you learned and how valuable the webinar was for you.
Thanks for reading and let’s continue to be good network citizens!
Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Jul 20 2009 6:36PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
There are more upcoming sessions in the Laura Chappell seminar series called Wireshark 101Jumpstart tutorials. Check out the schedule at Chappell University website. Some of the things you will learn include:
- Wireshark elements and capabilities
- Tapping into the wired or wireless network
- Capturing and filtering basics
- Graphing basics
If you cannot attend the seminar, you can still register and download the seminar notes and gain access to the trace files used in the session. If you manage a network, you should learn this stuff! Be sure to register and attend early. The sessions are limited to 1000 viewers and these fill up FAST!
See my entry
for a how attending one of these seminars helped address an issue I was having with using Wireshark.
Thanks for reading and lets continue to be good network citizens!
Jun 25 2009 3:37PM GMT
Posted by: Troy Tate
managed services,
contract negotiation,
strategy,
management,
support,
cost reduction,
vendor management,
vendor selection,
sla,
service level agreement,
negotiation,
rfp,
proposal,
request for proposal,
project management,
project work breakdown schedule,
wbs,
technical requirements,
technical vendor management,
evaluation,
vendor evaluation
You have now received back the proposals from the vendors based on the RFP that you built according to the RFP anatomy described previously.
Maybe you forgot the steps before the RFP. You can go back and review:
The first post in this series covered two questions: Where are you? and Where do you want to go?
The second article in the series described the calendar of events or how many shopping days do we have?
This third article in the series covered the actual RFP (request for proposal) anatomy and contents.
This final posting will discuss the vendor selection process - planning for the wedding (or engagement).
Let’s get talking about vendor selection and awarding the contract! Continued »
Jun 24 2009 2:00PM GMT
Posted by: Troy Tate
managed services,
contract negotiation,
strategy,
management,
support,
cost reduction,
vendor management,
vendor selection,
sla,
service level agreement,
negotiation,
rfp,
proposal,
request for proposal,
project management,
project work breakdown schedule,
wbs,
technical requirements,
technical vendor management
The first post in this series covered two questions: Where are you? and Where do you want to go?
The second article in the series described the calendar of events or how many shopping days do we have?
This third article in the series will cover the actual RFP (request for proposal) anatomy and contents.
The fourth article will discuss the vendor selection process - planning for the wedding.
Hopefully you are now ready to dive into the RFP itself. Continued »
Jun 15 2009 8:45PM GMT
Posted by: Troy Tate
managed services,
contract negotiation,
strategy,
management,
support,
cost reduction,
vendor management,
vendor selection,
sla,
service level agreement,
negotiation,
rfp,
proposal,
request for proposal
The first post in this series covered two questions: Where are you? and Where do you want to go?
This second article in the series will describe the calendar of events or how many shopping days do we have?
The third article in the series will cover the actual RFP (request for proposal) anatomy and contents.
Continued »
Jun 12 2009 2:29PM GMT
Posted by: Troy Tate
managed services,
contract negotiation,
strategy,
management,
support,
cost reduction
IT is not the first business of a manufacturing company. Nor is it very high on the list. Having said that, a lot of manufacturing (and other organizations) use various managed IT services. I will be writing a short series on how to negotiate managed IT services for your organization.
This first posting starts with two questions. Continued »