[kml_flashembed movie="http://www.youtube.com/v/CLkphZYt_Zk" width="425" height="350" wmode="transparent" /]

Have a great weekend! Thanks for reading and let’s continue to be good network citizens! And remember – Windows can’t fly.

I find this article humorous but at the same time frustrating with the comment about current threats:

… the top hacking methods of cross-site scripting and SQL injection had not changed in the past six years.

“One, it tells me that the bad guys go with what they know, and two, it says the developers aren’t listening”

How should this message be delivered to developers? Why are these threats still showing up in the top 5? If you are a developer or a CISO, let me and other ITKE readers know how you handle these security issues. Thanks for reading and let’s continue to be good network citizens.

will turn a desktop PC into a game of whack-a-mole by launching the file handlers for every registered file type, while recording whether or not a DLL was accessed within the working directory of the associated file.

To find out more about this DLL hijack exploit test kit and to get the tool see HD’s blog.

This could be a serious issue so I am waiting to see what develops out here now that Metasploit has released a working exploit plugin also.

What are your thoughts on this vulnerability? Do you have Windows developers which may have created risks for your organization by poor development practices? Let me and other ITKE readers know about your experiences with this vulnerability and if you have used the DLL hijack exploit test tool and how your testing went. Thanks for reading and let’s continue to be good network citizens!

• Chapter 1: Introduction to Volume Licensing
• Chapter 2: Choosing a Volume Licensing Program for Your Organization
• Chapter 3: Choosing a Volume Licensing Program for Your Government Organization
• Chapter 4: Choosing a Volume Licensing Program for Your Charitable Organization
• Chapter 5: Choosing a Volume Licensing Program for Your School or University
• Chapter 6: Microsoft Volume Licensing Programs for Software and Service Partners
• Chapter 7: Using Products Licensed Through a Microsoft Volume Licensing Program
• Chapter 8: Microsoft Software Assurance for Volume Licensing

If you have ever had any questions about Microsoft volume licensing programs, and most of us have at one point or other in our careers, then this is a good place to start. I’m sure that somewhere in this 65 page document you will find a nugget of useful information.

Thanks for reading & let’s continue to be good network citizens!

You can also listen to podcasts about previous month’s bulletins. This is another good resource to add to your library for managing the risks of Microsoft systems.

Enjoy and raise a caramel mocha latte for me!

Thanks for reading & let’s continue to be good network citizens.

The Microsoft security bulletin states that “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” That’s great news for a lot of organizations that have taken the operational stance of least user access or the principle of least privilege. Not everyone has to run everything as a local administrator on their computer. This would prevent a lot of home users from being infected and definitely help businesses reduce the impact of successful exploits of known and previously unknown vulnerabilities.

How much news about security breaches do you think there would be if LUA was put into practice everywhere possible? Maybe then we could focus on addressing other business application issues like getting incompatible applications upgraded from Internet Explorer 6 to IE8.

Thanks for reading and let’s continue to be good network citizens!

What strikes me as interesting about this attack is that the focus is on Microsoft’s Internet Explorer 6. Internet Explorer 6 was released in August 2001. Internet Explorer 7 was released in October 2006. Internet Explorer 8 was released in March 2009. So, the recent attacks focused on a 8+ year old application that has been superceded by two full revisions. Didn’t anyone use automatic updates to update their IE? What kept people from updating IE?

I know that Microsoft has released an out-of-cycle update to address the vulnerability. This is a cumulative update for all currently supported of Internet Explorer. So, will this update get applied to at-risk systems? Hmmm… I wonder since it appears that there is little movement off of older versions of Internet Explorer. The attacks were on well known organizations (Google, Adobe, Juniper). Why would they still be using this older version of IE? It seems like this would raise questions about Microsoft’s penetration of newer operating systems like Vista which would be running IE7.

IE7 had issues with compatibility and html standards. IE8 is much better. Is the compatibility issue so significant that organizations stayed on IE6 rather than moving to IE7 and/or IE8?

Please share your thoughts.

Thanks for reading and let’s continue to be good network citizens!

http://live.sysinternals.com/toolname.exe

and run the tool from a web browser. This means that you always have access to the latest valid version and can use the tool anywhere you are that has internet access.

One of the tools I most frequently use is the PsExec tool. PsExec is a command-line tool that lets you execute processes on remote systems and redirect console applications’ output to the local system so that these applications appear to be running locally. There are several command-line options on this tool so please read the documentation carefully to understand how to use this powerful tool.

The following is an example of how to use PsExec to remotely fight a system infected by malware. Note that this access works ONLY if you have administrative access on the remote Windows host.

The first step in accessing the remote system is to run the psexec command shown below where the IP address or name after the “\\” characters is the remote system. This particular command runs the cmd.exe executable that should already exist on the remote system at the IP address starting with 10. and ending in .29. In this case, the remote system is Windows XP.

One thing that a lot of malware does today is open up network connections to other machines or to the internet to spread an infection or get additional instructions. To see where this remote computer has made connections, I issue the netstat -an command. Using PsExec with the remote CMD shell is just like I am sitting at the console of the remote system so I can see the results on my screen even though the netstat command is being processed by the remote computer.

Nothing seems too amiss here. All of the remote (foreign) connections appear valid and using standard Windows ports for communication. But WAIT! This system is listening on a very strange port. What application is listening on port 22347? We can find this out using the netstat -ano command like shown below. The results show us the PID or process identifier number of the executable.

From these results, we see that the PID listening on port 22347 is 1820. So, the next step is to run tasklist to list running processes. Remember, we are doing this on a remote machine! Isn’t this cool?

Ahhh… so the executable of interest running on port 22347 and PID number 1820 is WkSvW32.exe. This doesn’t sound familiar to me. So, I need to find out what it is. How can I do that remotely? How about just running the DIR /s command at the root of the drive and see what the path is to the WkSvW32.exe executable is?

FOUND IT! The WkSvW32.exe program is in the C:\Program Files\WIBUKEY\Server folder. In this case the WIBUKEY application is supporting a license dongle for a legitimate business application. However, what if the executable had been something malicious? Well, then you would need to take some steps to get a copy of the malicious executable for forensics and identification. The machine would then need to be isolated and cleaned if possible. Do you have additional special procedures for handling malicious software like this? Please share your tips and tricks with other ITKE readers.

This article is meant to just scratch the surface and give a very practical use of the PsExec tool from the Sysinternals toolset. Other tools may be described in future entries. What tool(s) would you like me to focus on in future articles?

Thanks for reading & let’s continue to be good network citizens!

• Network connectivity between servers
• Active Directory health – sites, subnets, replication
• File replication – sysvol issues
• DNS health
• Network adapter configuration
• Domain controller health
• Network Time Protocol (NTP)
• Exchange server configuration
• Event log entries

The tool can be found on the Microsoft Downloads website. It is a very simple tool to install and run. The process goes something like this.

Download and install the Microsoft IT Environment Health Scanner. The .NET Framework v2.0 is required for installation and operation. Once the installation is completed, click on the icon created on the desktop or in the Start Menu.

Icon for Microsoft IT Environment Health Scanner

The application will begin collecting user provided network information prior to beginning the scan. The application welcome screen appears.

Welcome screen

The application then will want to apply any necessary and recent updates.

Update processing

The next step in the wizard asks for the local firewall IP address information.

Firewall IP address information

The application then asks for the subnet that you want scanned. In this case, it found the local subnet on my computer and automatically entered the appropriate information.

Subnet to scan

Start the scan and let it run.

Begin the scan

Domain administrator credentials will need to be entered to gain access to secured areas of the domain.

Enter Domain Administrator credentials

The scan will go through several areas to check the health of the environment.

Running the scan

I am unable to show you a completed scan. I do not have access to the forest root of my domain and was unable to run the tool in the child domain. However, if you have a small environment and can run this tool, it looks like an excellent resource to gain some insight into the environment and spot potential problem issues. Let me and and other ITKE readers know if you use this application. What results did you get? Did anything surprise you? What steps did you take based on the scan results? What did the follow-up scan show?

Thanks for reading & let’s continue to be good network citizens!

Some of the content on eTutorials includes topics like:

Adobe:

• Adobe Illustrator CS
• Adobe Photoshop 7. How to
• Adobe Premiere 6.5. Teach yourself in 24 hours
• Adobe Indesign CS2. Professional Typography

Networking:

• Lan switching fundamentals
• Router firewall security
• Wireless lan security
• Integrated cisco and unix network architectures
• Lan switching first-step
• Mpls VPN security
• Beginner’s guide to wi-fi wireless networking
• 802.11 security. wi-fi protected access and 802.11i
• Wimax Technology for broadband wireless access
• Wireless community networks
• Network security assessment
• Network security hacks
• Network Management
• Wireless networks first-step
• LAN switching first-step

Certification:

• A programmer’s guide to java certification
• CCNP BSCI Official Exam Certification Guide
• Sun certified solaris 9.0 system and network administrator all-in-one exam guide
• Advanced DBA Certification Guide and Reference

Other technology sections include:

• Macromedia
• Programming
• SQL
• Server Administration
• Microsoft Products
• Mac OS
• Linux systems
• Mobile devices
• XML
• Misc

An example of the table of contents in the CCNP BSCI Official Exam Certification Guide tutorial includes the following sections:

CCNP BSCI Official Exam Certification Guide, Fourth Edition – Graphically Rich Book
Each chapter includes:
“Do I Know This Already?” Quiz
Foundation Topics
Foundation Summary
Q&A

Introduction
Part I: Introduction to Scalable Networks
Chapter 1. Network Design
Chapter 2. IP Address Planning and Summarization

Part II: EIGRP
Chapter 3. EIGRP Principles
Chapter 4. Scalable EIGRP

Part III: OSPF
Chapter 5. Understanding Simple Single-Area OSPF
Chapter 6. OSPF Network Topologies
Chapter 7. Using OSPF Across Multiple Areas
Chapter 8. OSPF Advanced Topics

Part IV: IS-IS
Chapter 9. Fundamentals of the Integrated IS-IS Protocol
Chapter 10. Configuring Integrated IS-IS

Part V: Cisco IOS Routing Features
Chapter 11. Implementing Redistribution and Controlling Routing Updates
Chapter 12. Controlling Redistribution with Route Maps
Chapter 13. Dynamic Host Control Protocol

Part VI: BGP
Chapter 14. BGP Concepts
Chapter 15. BGP Neighbors
Chapter 16. Controlling BGP Route Selection

Part VII: Multicasting
Chapter 17. What Is Multicasting?
Chapter 18. IGMP
Chapter 19. Configuring Multicast

Part VIII: IPv6
Chapter 20. Introduction to IPv6 and IPv6 Addressing
Chapter 21. IPv6 Routing Protocols, Configuration, and Transitioning from IPv4

Appendix A. Answers to Chapter “Do I Know This Already?” Quizzes and Q&A Sections

There is a LOT of tutorial content on this website! I would highly recommend using this resource for reference materials and increasing your knowledge in the technology topics offered.

Thanks for reading and please share with other IT Trenches readers what online tutorial resources you use for reference or education.