Database

Nov 11 2009   6:31PM GMT

Free online IT education resource

Posted by: Troy Tate
tutorial, IT education, technology education, information technology reference, information technology tutorial, certification, programming, sql, Database, Microsoft education, Microsoft, Macromedia, Adobe, Networking, network technology education, MAC OS, Linux, XML

I recently came across an excellent IT education resource that is free. It is the eTutorials.org website. According to the website it is a source of  thousands online tutorials, useful tips, articles, and researched recommendations.

Some of the content on eTutorials includes topics like:

Adobe:

• Adobe Illustrator CS
• Adobe Photoshop 7. How to
• Adobe Premiere 6.5. Teach yourself in 24 hours
• Adobe Indesign CS2. Professional Typography

Networking:

• Lan switching fundamentals
• Router firewall security
• Wireless lan security
• Integrated cisco and unix network architectures
• Lan switching first-step
• Mpls VPN security
• Beginner’s guide to wi-fi wireless networking
• 802.11 security. wi-fi protected access and 802.11i
• Wimax Technology for broadband wireless access
• Wireless community networks
• Network security assessment
• Network security hacks
• Network Management
• Wireless networks first-step
• LAN switching first-step

Certification:

• A programmer’s guide to java certification
• CCNP BSCI Official Exam Certification Guide
• Sun certified solaris 9.0 system and network administrator all-in-one exam guide
• Advanced DBA Certification Guide and Reference

Other technology sections include:

• Macromedia
• Programming
• SQL
• Server Administration
• Microsoft Products
• Mac OS
• Linux systems
• Mobile devices
• XML
• Misc

An example of the table of contents in the CCNP BSCI Official Exam Certification Guide tutorial includes the following sections:

CCNP BSCI Official Exam Certification Guide, Fourth Edition - Graphically Rich Book
Each chapter includes:
“Do I Know This Already?” Quiz
Foundation Topics
Foundation Summary
Q&A

Introduction
Part I: Introduction to Scalable Networks
Chapter 1. Network Design
Chapter 2. IP Address Planning and Summarization

Part II: EIGRP
Chapter 3. EIGRP Principles
Chapter 4. Scalable EIGRP

Part III: OSPF
Chapter 5. Understanding Simple Single-Area OSPF
Chapter 6. OSPF Network Topologies
Chapter 7. Using OSPF Across Multiple Areas
Chapter 8. OSPF Advanced Topics

Part IV: IS-IS
Chapter 9. Fundamentals of the Integrated IS-IS Protocol
Chapter 10. Configuring Integrated IS-IS

Part V: Cisco IOS Routing Features
Chapter 11. Implementing Redistribution and Controlling Routing Updates
Chapter 12. Controlling Redistribution with Route Maps
Chapter 13. Dynamic Host Control Protocol

Part VI: BGP
Chapter 14. BGP Concepts
Chapter 15. BGP Neighbors
Chapter 16. Controlling BGP Route Selection

Part VII: Multicasting
Chapter 17. What Is Multicasting?
Chapter 18. IGMP
Chapter 19. Configuring Multicast

Part VIII: IPv6
Chapter 20. Introduction to IPv6 and IPv6 Addressing
Chapter 21. IPv6 Routing Protocols, Configuration, and Transitioning from IPv4

Appendix A. Answers to Chapter “Do I Know This Already?” Quizzes and Q&A Sections

There is a LOT of tutorial content on this website! I would highly recommend using this resource for reference materials and increasing your knowledge in the technology topics offered.

Thanks for reading and please share with other IT Trenches readers what online tutorial resources you use for reference or education.

Aug 28 2009   4:21PM GMT

BlackHat USA technical presentations available online - not just for hackers

Posted by: Troy Tate
malware, bootkit, rootkit, antivirus, threats, vulnerabilities, research, blackhat, hacker, least user authority, least user privilege, Database, Development, information security, infosec, education

The media archives have now been posted on the BlackHat website from the BlackHat technical conference held in July 2009. This is the place to go if you want to see some of the latest information security research and the threats that are REAL and may become real someday. I posted a previous blog entry on the presentation about the Bootkit - rootkit - malware bypasses disk encryption!

Some of the presentation titles:

I Just Found 10 Million SSN’s

Sniff Keystrokes With Lasers/Voltmeters
Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage

Anti-Forensics: The Rootkit Connection

Reversing and Exploiting an Apple® Firmware Update

The Language of Trust: Exploiting Trust Relationships in Active Content

Mo’ Money Mo’ Problems: Making A LOT More Money on the Web the Black Hat Way

The Conficker Mystery

These are just some of the titles available in the BlackHat 2009 Technical Conference media library. Check it out even if you are a web developer or an IT professional who manages desktops or networks or staff members who perform these tasks. You need to know what you are up against and possible methods to fight the threats.

Thanks for reading & lets continue to be good network citizens!

Jan 6 2009   4:23PM GMT

Is this program good or bad for my computer?

Posted by: Troy Tate
information security, bho, activex, Security, website, community, Database, malware, research

Have you ever wondered if an application or running process is good or bad? Google searches do a good job of helping you determine if a process is legitimate or not. I just came across another resource in the fight against malicious software. It is a search engine for files, CLSID’s, and application names. The site is SystemLookup. The search results show whether the item is Malware, spyware, adware, or other potentially unwanted items, Legitimate items, Open to debate, or Currently unknown status. The various categories available for search include:

browser helper objects (BHO), toolbars, search hooks, explorer bars
Internet Explorer Buttons
Layered Service Providers
ActiveX Installs
Extra protocols
AppInit_DLLs & Winlogon Notify
ShellServiceObjectDelayLoad
Shared Task Scheduler
Services

The website is community-based so please contribute and improve this resource for security information.

Sep 8 2008   4:49PM GMT

Did you see this? - 2007 Web Application Security Statistics Project

Posted by: Troy Tate
Security, tools, Database, Monitoring, Development, web, internet, DataManagement, WWW, Data security, malware, Policy, website, Metrics, risk, research, awareness, vulnerability, data loss

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

 

Goals

1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

 

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic

order):

 

- Booz Allen Hamilton

- BT

- Cenzic with Hailstorm and ClickToSecure

- dblogic.it

- HP Application Security Center with WebInspect

- Positive Technologies with MaxPatrol

- Veracode with Veracode Security Review

- WhiteHat Security with WhiteHat Sentinel

 

The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here:

 

http://www.webappsec.org/projects/statistics/

Jul 25 2008   12:58PM GMT

I know who I am - Do you know my name?

Posted by: Troy Tate
administration, Security, Microsoft Windows, Database, Development, Browsers, reporting, internet, DataCenter, DataManagement, WWW, email, wiki, Exchange 2007, Policy, Exchange, blogging, design, website, troubleshooting, howto, online identity, research, policy enforcement, awareness, subscriptions

If you read my previous post then you know we recently went through a major e-mail system migration. Part of that e-mail migration included moving from various naming conventions ( firstname at domain.com,  firstname.lastname at domain.com,  FirstInitialLastName at domain.com, etc.) to a single naming convention of  firstname.lastname at domain.com. Of course this was a huge undertaking and also a political move. One thing I am sure of is that the users will never understand the discussions taking place behind the scenes and will continue to take place about names of other non-user specific mailboxes like a project engineering team or an application mailbox.

Another thing which struck me during this process is that we netizens are identified by our e-mail address in many places on the web. Have you ever looked to see how many places you are identified by your e-mail address? I had to take some time and go out and change my e-mail address wherever the old one was in use. That is not a easy task let me tell you! First of all I went through the mailing lists I subscribe to. I went to their websites and tried to find the area to change my profile’s e-mail address. There are some sites where I could never find this and/or could not change it. So, webmasters & publishers…. please make it easier for your subscribers to modify their e-mail address or credentials! There is this need for companies that may get purchased or change names. There is the need for the users who change names when getting married or divorced…. this should not be as difficult as I found it to be.

In the end, I’m not sure what I will be missing out on when we go back and clean out all of the non-standard names which we will likely do by the end of the year.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Jun 18 2008   7:15PM GMT

Did you see this? - Sysinternals LIVE!!

Posted by: Troy Tate
administration, Networking, forensics, Security, tools, Microsoft Windows, Database, Monitoring, Development, web, reporting, CIO, DataCenter, DataManagement, WWW, WAN, LAN, Data security, Policy, Microsoft, website, troubleshooting, Performance, howto, network analysis, awareness, diagnostics, Sysinternals

If you’re a fan of the Sysinternals tools, check out the beta of Sysinternals Live, a service that makes it easy for you to execute Sysinternals tools directly from the web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals live path into Windows Explorer, or at the command prompt as \\live.sysinternals.com\tools\<toolname> or view the entire Sysinternals Live tools directory in a browser.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!

Jun 17 2008   2:05PM GMT

Did you see this? - Online e-book library

Posted by: Troy Tate
administration, Networking, Storage, Security, SAP, Oracle, Microsoft Windows, Linux, Database, Virtualization, Development, SQL Server, web, CIO, Mobile, DataCenter, DataManagement, IT education, WAN, LAN, Exchange, website, Performance, howto, network analysis, Metrics, research, awareness

Check out this digital online library for IT professionals. Bet you can’t read just one!

Thanks for your time. Let’s be good network citizens together & practice safe networking!