Oct 23 2009 6:40PM GMT
Posted by: Troy Tate
net neutrality,
blacklist,
privacy,
wiretapping,
eavesdropping,
lawsuit,
Cisco,
Microsoft,
Comcast,
TRUSTe
A web based tool I frequently use is called Network-Tools.com. I frequently use the site to lookup names associated with IP addresses and whois information and ping to the addresses. A recent notice on the page raised my concern. The notice says:
Network-Tools owner sues Microsoft, Cisco, Comcast and TRUSTe over IP Address Blacklisting
Suit alleges eavdropping, privacy policy fraud, breach of contract and defamation
Interesting stuff, huh? So why would this suit be raised? According to the page tracking the lawsuit:
The lawsuit claims that Comcast, Microsoft, and Cisco collected information about Smith’s IP addresses and either put them on a “blacklist” or gave them a poor “Reputation Score.” Comcast even blocked his communication link with a mail server he operates outside the Comcast network. The suit claims that in order to collect this information in the first place Comcast, Cisco and Microsoft violated eavesdropping laws. The suit goes on to claim that Comcast, Microsoft, and Cisco failed to adhere to their privacy policies. Continued »
Oct 21 2009 1:20PM GMT
Posted by: Troy Tate
Microsoft,
podcast,
webcast,
Powershell,
sql,
dba,
Development,
IIS,
AD,
Active Directory,
education,
IT education,
virtual machines,
Virtualization,
SharePoint
I just came across an excellent resource for IT professionals working with Microsoft products. It is called RunAs Radio. There are weekly podcasts about topics of interest to those of us who support Microsoft products. The podcasts are in multiple formats such as mp3, wma & AAC (iPod). I was particularly interested in the presentations on performance management. There are several presentations on this one topic. Some sample topics include:
Clint Huffman Analyzes PerfMon Logs! Mr. Huffman is the creator of the Performance Analysis of Logs tool found at Codeplex. I have found this tool very useful in tracking down server issues to show folks “it’s not the network!”
Shane Creamer Goes Deep on Performance Monitor! This is a very interesting presentation. There is a link to the video presentation portion and another link to the various audio formats. The video presentation has a very long gap in audio at the beginning (almost 12 minutes). This is because the video portion is only capturing the presenter’s audio portion and not the commentators’. You really should download both audio and video to get the full impact of the presentation.
Steven Choy Measures Server Performance!
Other topics that might be of interest includes SQL, Active Directory, IIS, cloud (Azure), Powershell, virtualization, SharePoint, information security, and many other Microsoft-centric technologies. I have subscribed to the RSS feed so I can keep up with new presentations as they are released. If you run any Microsoft technologies, or you just want to learn about some recommended best practices, then check out this resource. There might be something here that will help you “save the day”.
Thanks for reading and let’s continue to be good network citizens!
Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Aug 19 2009 6:21PM GMT
Posted by: Troy Tate
botnet,
infection,
parasite,
autoupdate,
command and control,
command,
control,
antivirus,
configuration manager,
systems center,
Microsoft,
mcafee
Ponder this question. Are there botnets that are sexy and make you more attractive? I got this idea from the Animal Planet (Discovery) show: Monsters Inside Me: Can a Parasite Make Me Sexy? Consider a good botnet (parasite) for a minute. Is something like the McAfee ePolicy Orchestrator or Microsoft’s Systems Center Configuration Manager something like a command and control system for a good botnet? Would that be considered a sexy parasite? Is this just a symbiotic relationship that is good for all?
So, think about it… what are you infected with today that’s doing you good?
Well… maybe it’s not always good to be infected with a parasite so that’s why I say: thanks for reading & let’s continue to be good network citizens.
Aug 12 2009 3:33PM GMT
Posted by: Troy Tate
Microsoft,
Microsoft Certification,
mcse,
certification,
mcp,
job skills,
technical certification,
TechEd 2009,
Microsoft TechEd
Check out this interview during TechEd 2009 with David Elfassy. You will find out answers to many of your burning questions like:
- How much does certification really matter?
- Is an MCSE still valuable?
- Which certifications should you pick?
- Would certification be a good way to switch into another area of expertise?
- What changes are happening around Piracy with test development?
- What are his recommended steps to get started with prepping for the exam?
Thanks for reading & let’s continue to be good network citizens.
Jul 28 2009 3:11PM GMT
Posted by: Troy Tate
Microsoft,
patch management,
Metrics,
framework,
maturity model,
patch management framework,
research,
asset management,
lifecycle management
Securosis and Microsoft have teamed up and released an Open Patch Management Metrics Model. The purpose of this model is to “provide organizations with a tool to better understand their patching costs.” The model also has ten steps with multiple substeps to help guide an organization through a patch management process framework.
The document can be found on the Securosis website. More information will be released as the model matures and additional organizations contribute to the research. Let the ITKE community know your thoughts on this model and if the metrics are meaningful to your organization.
For myself, I think that the metrics would be good to gather but would be a challenge to maintain when we are always being challenged to do more with less.
Thanks for reading & let’s continue to be good network citizens!
Jul 24 2009 6:47PM GMT
Posted by: Troy Tate
Microsoft,
e-learning,
education,
online training,
Exchange Server,
Microsoft Virtualization,
web 2.0,
Windows 7,
Windows Vista,
Vista,
Windows Server 2008
In today’s business environment it is always a challenge to get technology training as it seems like training is one of the first things to get cut.
Microsoft has always been a great source of free training material that can help make IT professionals and user’s use of technology much more effective. A Microsoft training resource you may not have heard of is Microsoft Learning Snacks. These are short (most between 3-20 minutes long) Silverlight-based self-paced presentations that you can watch at anytime from your computer. The topics available include:
- Core Infrastructure Optimization
- Microsoft Exchange Server 2010
- Microsoft Silverlight
- Virtualization
- Web 2.0 Development
- Windows 7
- Windows Essential Business Server 2008
- Windows Server 2008
- Windows Vista
If you have a little craving for education and your budget does not permit you to go to offsite training, check out the Microsoft Learning Snacks. And, as is true with most snacks, you won’t be filled up here but maybe this will guide you into gaining a better understanding of these Microsoft technologies.
Thanks for reading and let’s continue to be good network citizens!
Jun 26 2009 2:56PM GMT
Posted by: Troy Tate
Microsoft,
virtual machine,
Virtual machine management,
solution accelerator,
technology,
technology management,
tool,
toolkit,
education
Microsoft has a very large library of Solution Accelerators. These solution accelerators are meant to be detailed guides and toolkits to help organizations be successful in the planning, deployment and management of Microsoft products and technologies.
One accelerator that recently came to my attention is the Offline Virtual Machine Servicing Tool. According to the Microsoft website:
The increasing use of virtual machines—for purposes ranging from support of older operating system environments to power savings—has created new challenges for IT.
In particular, virtual machines may be left offline (stored in a non-operating state) for extended periods of time, which conserves resources when the server capacities of the virtual machines are not needed or frees up physical computing resources for other purposes.
However, offline machines do not automatically receive operating system, antivirus, or application updates that would keep them compliant with current IT policy. An out-of-date virtual machine may pose a risk to the IT environment. If deployed and started, the out-of-date virtual machine might be vulnerable to attack or could be capable of attacking other network resources.
Therefore, IT groups must take measures to ensure that offline virtual machines remain up-to-date and compliant. At present, these measures involve temporarily bringing the virtual machine online, applying the necessary updates, and then storing it again.
In the future, image updating solutions may be able to update virtual machines while they remain offline. Until such solutions become available, the Offline Virtual Machine Servicing Tool, a Solution Accelerator from Microsoft, provides a way to automate the process of updating virtual machines. This tool is now available as a free download from the Microsoft Download Center.
Business Scenarios
You can use this Solution Accelerator to help you with business scenarios such as these:
- Your IT organization is converting physical servers to virtual machines to reduce costs, including administrative overhead. How can you regularly update offline virtual machines while minimizing administrative costs?
- Your IT organization has thousands of virtual machines stored for months at a time in a number of libraries. How do you keep the virtual machines reliably up to date?
This tool can be useful to those organizations already managing virtual machines or those considering deployment. Maybe it can make your life a little easier. Why not leave some feedback if you have used or are considering this tool?
Thanks for reading and let’s continue to be good network citizens!
May 26 2009 8:41PM GMT
Posted by: Troy Tate
Microsoft,
SharePoint,
website,
design,
website administration,
website admin,
tools
SharePoint Designer 2007 is Now Free – Office SharePoint Designer 2007 provides the powerful tools you need to deliver compelling and attractive SharePoint sites and quickly build workflow-enabled applications and reporting tools on the SharePoint platform, all in an IT-managed environment. You can use SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code. It also provides the professional-quality design tools you need to create great-looking SharePoint pages that are compatible with a wide range of browsers. Additionally, site administrators and IT managers can control exactly how SharePoint Designer 2007 is used to help ensure information workers have a managed and controlled experience.
If you are interested in learning more about SharePoint Designer 2007, please be sure to check out:
· Microsoft Office Sharepoint Designer 2007 Product Overview
· SharePoint Designer demos
· SharePoint Designer webcasts
· Help for SharePoint Designer 2007
· Future direction of Sharepoint Designer 2007: video
