Postini was seeing almost 9 out of every 10 messages as SPAM or bad addresses. This is a huge amount of traffic hitting the circuit(s) and not to mention the email servers and user mailboxes. Postini has saved lots of money on both communication costs and servers. I urge you to take a look at their services or other similar “cloud” services.

We recently made a change that was done at NO COST and are seeing savings in network traffic and server load. We got rid of the multiple domain names and went to a single email domain for the entir organization. Before making this change, the total number of inbound messages was about 60,000 per day. After making this change, the number was reduced to 13,000. This is a >4X reduction in inbound messages! This was done at no cost. However, it is not without risk so a lot of up-front planning and communication is needed. All employees needed to ensure that their contacts knew their new addresses. An autoreply was also implemented on the edge email gateway to reply to all messages addressed to the old domains.

Savings can come but there are risks. All interested parties need to be kept informed during the changes. Think about what changes can be done in your environment to save costs. It may not be easy, but sometimes can be very effective.

Thanks for reading & let’s continue to be good network citizens.

I recently came across an interesting graph that shows where some of the malicious traffic originates from on the internet. It is called the Internet malicious activity map (PNG) The graph is from Team Cymru. The graph displays in “heatmap” style in a Hilbert Curve (check this out if you are a fan of fractals). This is an interesting way to graph a lot of data in a small space. As is true in heatmaps, the colors indicate the concentration of malicious activity. The lighter the color, the higher the malicious activity. Take a look at the 85.x.x.x/8, 87.x.x.x/8, and 88.x.x.x/8 sections of the graph. Looks like these networks are major sources of malicious activity on the internet. I would recommend reviewing this graph and determining if the address ranges showing high malicious activities are part of your organization’s network. If so, then be very concerned. If not, then does your network receive any traffic originating on these subnets? Maybe you should consider blocking traffic from these source subnets. See the Team Cymru Malevolence Monitoring website for more security oriented information.

Thanks for reading and let’s be good network citizens!

This project includes powerful and useful tools and add-ons for SharePoint that help developers and IT pros implement SharePoint based solutions more quickly and managed them more effectively. Contributions will come from the Microsoft SharePoint Product Group, Microsoft SharePoint Online Services Group, Microsoft Information Technology Group, and Microsoft Consulting Services Group.

I have personally used the CopyTimer utility  to measure throughput from remote sites to a SharePoint server. It worked well and helped gather some excellent data about the site and global network performance.

Enjoy using these tools and give me some feedback on what you find useful and how SharePoint provides value to your organization.

There is even a video of Dr. Vinton G. Cerf, vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. Widely known as a “Father of the Internet,” Vint is the co-designer with Robert Kahn of TCP/IP protocols and basic architecture of the Internet.

Have a great day and thanks for stopping by!

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!

LoveMyTool

There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org – A Survival Guide for Bootstrapping Entrepreneurs

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.

Goals

1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.

The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic

order):

- Booz Allen Hamilton

- BT

- Cenzic with Hailstorm and ClickToSecure

- dblogic.it

- HP Application Security Center with WebInspect

- Positive Technologies with MaxPatrol

- Veracode with Veracode Security Review

- WhiteHat Security with WhiteHat Sentinel

The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here:

http://www.webappsec.org/projects/statistics/

This may be a great tutorial for you and/or your users.

CERTStation Media – Spam-Prevent.mp3

I just ran my monthly e-mail statistics and these are the results:

97,000 msgs/day inbound

8,800 msgs/day delivered to end users – 9%

22,200 msgs/day quarantined as spam – 23%

66,000 msgs/day blocked as spam – 67%

This month had higher than normal quarantine activity. Quarantine has been running about 15% and blocking around 75%.  How does your mail stack up?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Have you had to deal with a troll? What were your challenges and how did it end up? What are your suggestions for handling this global issue?

It is quite amazing if you take a minute to think about it how the global internet provides a whole new environment for crime and abuse. There is no single legal body that can deal with this environment. There are no borders (although countries like China try to control what information crosses theirs).

I do want to commend ITKE for seeming to keeping the trolls away from this useful internet resource. I know it is a challenging job but the TechTarget folks are doing a great job! Let’s thank them for all their hard work by keeping up the knowledge sharing.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?

Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?

This issue seems like a bureaucratic (and maybe totalitarian leaning – think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?

I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.

This situation is definitely one to watch and be concerned about as world citizens.

Thanks for your time. Let’s be good network citizens together & practice safe networking!