Aug 28 2009 4:21PM GMT
Posted by: Troy Tate
malware,
bootkit,
rootkit,
antivirus,
threats,
vulnerabilities,
research,
blackhat,
hacker,
least user authority,
least user privilege,
Database,
Development,
information security,
infosec,
education
The media archives have now been posted on the BlackHat website from the BlackHat technical conference held in July 2009. This is the place to go if you want to see some of the latest information security research and the threats that are REAL and may become real someday. I posted a previous blog entry on the presentation about the Bootkit - rootkit - malware bypasses disk encryption!
Some of the presentation titles:
I Just Found 10 Million SSN’s
Sniff Keystrokes With Lasers/Voltmeters
Side Channel Attacks Using Optical Sampling of Mechanical Energy and Power Line Leakage
Anti-Forensics: The Rootkit Connection
Reversing and Exploiting an Apple® Firmware Update
The Language of Trust: Exploiting Trust Relationships in Active Content
Mo’ Money Mo’ Problems: Making A LOT More Money on the Web the Black Hat Way
The Conficker Mystery
These are just some of the titles available in the BlackHat 2009 Technical Conference media library. Check it out even if you are a web developer or an IT professional who manages desktops or networks or staff members who perform these tasks. You need to know what you are up against and possible methods to fight the threats.
Thanks for reading & lets continue to be good network citizens!
Jan 26 2009 7:14PM GMT
Posted by: Troy Tate
Firewalls,
internet,
WWW,
Subnet,
malicious activity,
malware,
research,
network,
graph,
activity,
Security,
network security
For those of you who manage your own network, you have to consider the strength of the firewall at your network perimiter, the knowledge and skills of those who manage it. You also have to provide technology that can help protect your mobile users. Part of building that secure environment is understanding the environment out there in the wild world web.This is just one of the resources available out there. Please leave feedback if you are aware of others that might be useful to readers.
I recently came across an interesting graph that shows where some of the malicious traffic originates from on the internet. It is called the Internet malicious activity map (PNG) The graph is from Team Cymru. The graph displays in “heatmap” style in a Hilbert Curve (check this out if you are a fan of fractals). This is an interesting way to graph a lot of data in a small space. As is true in heatmaps, the colors indicate the concentration of malicious activity. The lighter the color, the higher the malicious activity. Take a look at the 85.x.x.x/8, 87.x.x.x/8, and 88.x.x.x/8 sections of the graph. Looks like these networks are major sources of malicious activity on the internet. I would recommend reviewing this graph and determining if the address ranges showing high malicious activities are part of your organization’s network. If so, then be very concerned. If not, then does your network receive any traffic originating on these subnets? Maybe you should consider blocking traffic from these source subnets. See the Team Cymru Malevolence Monitoring website for more security oriented information.
Thanks for reading and let’s be good network citizens!
Nov 19 2008 3:58PM GMT
Posted by: Troy Tate
administration,
tools,
Microsoft Windows,
documentation,
Monitoring,
Development,
reporting,
DataCenter,
troubleshooting,
howto,
toolkit
If you don’t already document your network and configurations, then you should begin immediately as it is a never-ending task. There are lots of ways of doing this and I will mention some of those in future postings.
One of the best tools is simply capturing screen shots and placing those in a Word document. This provides the ability to build “how-to” documentation as well as documenting existing conditions when the screenshot was taken. A simple press of the PrintScreen key will capture the entire desktop. CTRL-PrintScreen or Shift-PrintScreen will do the same thing. ALT-PrintScreen captures only the current window.
The challenge at times though is focusing on a particular part of the screen or a smaller section of a window. The tools that I use for this are Gadwin Printscreen (freeware) and BYS ScreenMarker.
The Gadwin Printscreen application sits in the system tray and is called by a hotkey combination that you can define (or just take the place of the PrintScreen key). I use CTRL-F12. I like the application for selecting a rectangular region of the screen rather than an entire window or desktop. The screen captures can also be saved in various formats (bmp, jpg, gif, tif or png). This is much better than the BMP format that the standard printscreen capture does.
In combination with the Gadwin Printscreen, I have started using the BYS ScreenMarker utility. This allows me to make callouts or highlights on various areas of the screen before running the CTRL-F12 capture. So, I can highlight, capture and paste in quick easy steps into an email or documentation. This is particularly useful when sending information to technical support and highlighting information shown on the client computer.
Hope this tip is useful to you. What tools or tricks do you use to document your network?
Nov 18 2008 1:15PM GMT
Posted by: Troy Tate
administration,
tools,
Microsoft Windows,
Development,
CIO,
DataCenter,
email,
Exchange 2007,
Exchange,
design,
Microsoft,
howto
New Infrastructure Planning and Design Guide-Now Available for Download
Exchange Online — Evaluating Software-plus-Services
The Infrastructure Planning and Design team has released a new guide, Exchange Online — Evaluating Software-plus-Services. Download the guide here.
In addition to the continuously growing collection of IPD guides focusing on architectural design configurations, Microsoft is now introducing a variation of these guides. This new type of guide is designed to help you make decisions about what’s best for your organization from both a business and a technology point of view.
Considering an online solution for your organization’s e-mail services? The Exchange Online — Evaluating Software-plus-Services guide provides a clear comparison of e-mail technologies across on-premises, standard hosting, and dedicated hosting scenarios. Use the guide as a framework for evaluating the technical feasibility of Microsoft Exchange Online. An overall scoring assessment is provided for each option, identifying key mail services and requirements for your organization. Understand the impact of adopting software-plus-services, weigh the importance of each topic to your organization, and learn which offering will serve you best.
Find other Infrastructure Planning and Design guides.
Nov 11 2008 4:07PM GMT
Posted by: Troy Tate
administration,
Networking,
tools,
Microsoft Windows,
Monitoring,
Development,
reporting,
internet,
WAN,
LAN,
debugging,
performance monitoring,
SharePoint,
design,
MOSS,
troubleshooting,
Performance,
howto,
network analysis,
Metrics,
awareness,
diagnostics,
toolkit,
analysis
Many organizations are finding value in the Microsoft SharePoint technologies. Whether you use the free Windows SharePoint Services or the Microsoft Office SharePoint Server, your organization will gain a lot of value from using these services. To enhance your ability to manage these technologies, there is a project on Codeplex called the SharePoint Toolbox. Per the website, the purpose of this project is as follows:
This project includes powerful and useful tools and add-ons for SharePoint that help developers and IT pros implement SharePoint based solutions more quickly and managed them more effectively. Contributions will come from the Microsoft SharePoint Product Group, Microsoft SharePoint Online Services Group, Microsoft Information Technology Group, and Microsoft Consulting Services Group.
I have personally used the CopyTimer utility to measure throughput from remote sites to a SharePoint server. It worked well and helped gather some excellent data about the site and global network performance.
Enjoy using these tools and give me some feedback on what you find useful and how SharePoint provides value to your organization.
Nov 11 2008 3:58PM GMT
Posted by: Troy Tate
administration,
Microsoft Windows,
Virtualization,
Development,
RSS,
blogging,
design,
server,
awareness,
blog
For those of you who are fans of Microsoft Windows Virtualization, this blog from the Microsoft Windows Virtualization Products Group might be of interest to you. Keep informed and provide feedback to the team as this useful technology becomes more widespread.
Nov 11 2008 3:51PM GMT
Posted by: Troy Tate
administration,
Security,
Microsoft Windows,
patching,
Development,
debugging,
Data security,
malware,
design,
Microsoft,
server,
risk,
awareness,
blog,
vulnerability,
analysis
As you probably already know, Microsoft issued an urgent out of cycle security patch recently for a Vulnerability in Server service could allow remote code execution. Look here for additional Microsoft Security Vulnerability Research and Defense information about this bulletin. If you have not already applied this patch, I urge you to do so as there are reports of MS08-067 exploits in the wild for this vulnerability. For those of you who are developers and QA testers out there and wonder about how this vulnerability slipped through testing at Microsoft. Look at this article about MS08-067 and the Security Development Lifecycle. Like many of the responses to this blog posting say: keep code as simple as possible. Automated testing is not a panacea and keeping things simple may head off signficant problems later for all users and administrators.
Oct 6 2008 1:12PM GMT
Posted by: Troy Tate
administration,
Networking,
forensics,
Security,
tools,
Microsoft Windows,
Monitoring,
reporting,
internet,
LAN,
debugging,
Data security,
malware,
performance monitoring,
recovery,
Microsoft,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
packet capture,
research,
diagnostics,
Sysinternals,
toolkit,
analysis
If you ever need to get under the covers of running Windows processes for investigating why a system is running slow, then the Sysinternals toolkit has an updated tool that will help you. Per the website:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.
If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!
Oct 3 2008 7:59PM GMT
Posted by: Troy Tate
administration,
Networking,
Firewalls,
forensics,
Security,
tools,
Monitoring,
reporting,
internet,
IT education,
WAN,
LAN,
debugging,
Data security,
SSL,
performance monitoring,
blogging,
design,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
Metrics,
wireshark,
packet capture,
research,
blog,
podcast,
diagnostics,
toolkit,
analysis
If you are like me, you like those little goodie tools like nmap and wireshark that do something that is actually pretty complex but do it well and have a great following. I just came across this website that I am going to have to take some time to go through and find all of the nuggets it offers. Hope you get some use out of it too and let us know what you discover and how it made your job easier.
LoveMyTool
There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org - A Survival Guide for Bootstrapping Entrepreneurs