Jan 26 2009 7:14PM GMT
Posted by: Troy Tate
Firewalls,
internet,
WWW,
Subnet,
malicious activity,
malware,
research,
network,
graph,
activity,
Security,
network security
For those of you who manage your own network, you have to consider the strength of the firewall at your network perimiter, the knowledge and skills of those who manage it. You also have to provide technology that can help protect your mobile users. Part of building that secure environment is understanding the environment out there in the wild world web.This is just one of the resources available out there. Please leave feedback if you are aware of others that might be useful to readers.
I recently came across an interesting graph that shows where some of the malicious traffic originates from on the internet. It is called the Internet malicious activity map (PNG) The graph is from Team Cymru. The graph displays in “heatmap” style in a Hilbert Curve (check this out if you are a fan of fractals). This is an interesting way to graph a lot of data in a small space. As is true in heatmaps, the colors indicate the concentration of malicious activity. The lighter the color, the higher the malicious activity. Take a look at the 85.x.x.x/8, 87.x.x.x/8, and 88.x.x.x/8 sections of the graph. Looks like these networks are major sources of malicious activity on the internet. I would recommend reviewing this graph and determining if the address ranges showing high malicious activities are part of your organization’s network. If so, then be very concerned. If not, then does your network receive any traffic originating on these subnets? Maybe you should consider blocking traffic from these source subnets. See the Team Cymru Malevolence Monitoring website for more security oriented information.
Thanks for reading and let’s be good network citizens!
Nov 11 2008 4:07PM GMT
Posted by: Troy Tate
administration,
Networking,
tools,
Microsoft Windows,
Monitoring,
Development,
reporting,
internet,
WAN,
LAN,
debugging,
performance monitoring,
SharePoint,
design,
MOSS,
troubleshooting,
Performance,
howto,
network analysis,
Metrics,
awareness,
diagnostics,
toolkit,
analysis
Many organizations are finding value in the Microsoft SharePoint technologies. Whether you use the free Windows SharePoint Services or the Microsoft Office SharePoint Server, your organization will gain a lot of value from using these services. To enhance your ability to manage these technologies, there is a project on Codeplex called the SharePoint Toolbox. Per the website, the purpose of this project is as follows:
This project includes powerful and useful tools and add-ons for SharePoint that help developers and IT pros implement SharePoint based solutions more quickly and managed them more effectively. Contributions will come from the Microsoft SharePoint Product Group, Microsoft SharePoint Online Services Group, Microsoft Information Technology Group, and Microsoft Consulting Services Group.
I have personally used the CopyTimer utility to measure throughput from remote sites to a SharePoint server. It worked well and helped gather some excellent data about the site and global network performance.
Enjoy using these tools and give me some feedback on what you find useful and how SharePoint provides value to your organization.
Oct 27 2008 8:52PM GMT
Posted by: Troy Tate
Networking,
forensics,
Security,
tools,
Microsoft Windows,
Linux,
Monitoring,
web,
reporting,
Google,
internet,
IT education,
WAN,
LAN,
performance monitoring,
troubleshooting,
Performance,
Network TAPs,
howto,
network analysis,
Metrics,
wireshark,
packet capture,
research,
education,
toolkit,
man-in-the-middle,
analysis
Checkout the Sharkfest 2008 videos at LoveMyTool.com. If you use Wireshark or want to learn network troubleshooting, this is one of the best resources you can have in your toolkit. The videos will give you a better understanding of this tool and other tools out there.
There is even a video of Dr. Vinton G. Cerf, vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. Widely known as a “Father of the Internet,” Vint is the co-designer with Robert Kahn of TCP/IP protocols and basic architecture of the Internet.
Have a great day and thanks for stopping by!
Oct 6 2008 1:12PM GMT
Posted by: Troy Tate
administration,
Networking,
forensics,
Security,
tools,
Microsoft Windows,
Monitoring,
reporting,
internet,
LAN,
debugging,
Data security,
malware,
performance monitoring,
recovery,
Microsoft,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
packet capture,
research,
diagnostics,
Sysinternals,
toolkit,
analysis
If you ever need to get under the covers of running Windows processes for investigating why a system is running slow, then the Sysinternals toolkit has an updated tool that will help you. Per the website:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.
If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!
Oct 3 2008 7:59PM GMT
Posted by: Troy Tate
administration,
Networking,
Firewalls,
forensics,
Security,
tools,
Monitoring,
reporting,
internet,
IT education,
WAN,
LAN,
debugging,
Data security,
SSL,
performance monitoring,
blogging,
design,
anti-virus,
troubleshooting,
Performance,
howto,
network analysis,
Sandbox,
Metrics,
wireshark,
packet capture,
research,
blog,
podcast,
diagnostics,
toolkit,
analysis
If you are like me, you like those little goodie tools like nmap and wireshark that do something that is actually pretty complex but do it well and have a great following. I just came across this website that I am going to have to take some time to go through and find all of the nuggets it offers. Hope you get some use out of it too and let us know what you discover and how it made your job easier.
LoveMyTool
There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org - A Survival Guide for Bootstrapping Entrepreneurs
Sep 8 2008 4:49PM GMT
Posted by: Troy Tate
Security,
tools,
Database,
Monitoring,
Development,
web,
internet,
DataManagement,
WWW,
Data security,
malware,
Policy,
website,
Metrics,
risk,
research,
awareness,
vulnerability,
data loss
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.
Goals
1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.
The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic
order):
- Booz Allen Hamilton
- BT
- Cenzic with Hailstorm and ClickToSecure
- dblogic.it
- HP Application Security Center with WebInspect
- Positive Technologies with MaxPatrol
- Veracode with Veracode Security Review
- WhiteHat Security with WhiteHat Sentinel
The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here:
http://www.webappsec.org/projects/statistics/
Sep 3 2008 7:28PM GMT
Posted by: Troy Tate
administration,
Security,
tools,
reporting,
internet,
DataManagement,
IT education,
spam,
email,
Data security,
Policy,
Exchange,
anti-virus,
Performance,
howto,
Metrics,
risk,
awareness,
podcast
An audio podcast on how SPAM is generated along with an examination on the frameworks and technologies that help manage and reduce SPAM.
This may be a great tutorial for you and/or your users.
CERTStation Media - Spam-Prevent.mp3
I just ran my monthly e-mail statistics and these are the results:
97,000 msgs/day inbound
8,800 msgs/day delivered to end users - 9%
22,200 msgs/day quarantined as spam - 23%
66,000 msgs/day blocked as spam - 67%
This month had higher than normal quarantine activity. Quarantine has been running about 15% and blocking around 75%. How does your mail stack up?
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Aug 22 2008 3:46PM GMT
Posted by: Troy Tate
administration,
Networking,
Security,
web,
reporting,
internet,
CIO,
WWW,
IT education,
intellectual property,
design,
website,
online identity,
risk,
awareness,
blog
Here’s an interesting blog entry I came across this week. I have great respect for John Postel mentioned in the article. He contributed immensely to the design of the protocols on which we depend on for data networks. I really like his Robustness Principle. “Be conservative in what you do, be liberal in what you accept from others.” This is a good statement for life but can be a challenge to address in the IT world. The article and follow-up postings have a lot of nuggets of great thought. Maybe add your thoughts to Mr Schwartz’s post or add some thoughts below here.
Have you had to deal with a troll? What were your challenges and how did it end up? What are your suggestions for handling this global issue?
It is quite amazing if you take a minute to think about it how the global internet provides a whole new environment for crime and abuse. There is no single legal body that can deal with this environment. There are no borders (although countries like China try to control what information crosses theirs).
I do want to commend ITKE for seeming to keeping the trolls away from this useful internet resource. I know it is a challenging job but the TechTarget folks are doing a great job! Let’s thank them for all their hard work by keeping up the knowledge sharing.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Aug 21 2008 8:08PM GMT
Posted by: Troy Tate
administration,
Networking,
forensics,
Security,
Monitoring,
reporting,
internet,
CIO,
Mobile,
DataManagement,
IT education,
WAN,
intellectual property,
Data security,
government,
Policy,
design,
online identity,
risk,
research,
policy enforcement,
awareness,
blog,
data loss
I have recently been hearing some rumblings about this issue. I work for a firm with international locations and have travelled out of the country myself. So, this is a personal issue.
What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?
Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?
This issue seems like a bureaucratic (and maybe totalitarian leaning - think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?
I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.
This situation is definitely one to watch and be concerned about as world citizens.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
