Jun 25 2008 3:09PM GMT
Posted by: Troy Tate
Data security,
diagnostics,
howto,
DataCenter,
DataManagement,
troubleshooting,
Networking,
network analysis,
WAN,
wireshark,
metrics,
packet capture,
Performance,
reporting,
research,
tools
Hopefully you have been reading about my adventures with implementing a network tap to end network blindness. If not, take a look back at previous entries found here.
When I last left you on this topic, there was a problem plugging in the tap between the router and the LAN switch. I was informed by technical support that the devices needed to be configured with auto-detect network settings. Those settings have now been made and the network tap is now installed and functioning well!
One interesting thing I discovered about the Datacom Systems Singlestream 102 device is that it will permit network injection through the tap port. What this means is that you can have a host running ntop and listening on the tap, for example, that you can get to without having to install a second nic and publishing on that nic. This is a great thing! It simplifies the configuration of the monitoring host.
So, it looks like my monitoring need has been met and now the real challenge of discovery and ongoing traffic management. Such is life in the network management world.
I will pass on any updates about this network tap as any new information arises from my implementation.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Jun 18 2008 7:25PM GMT
Posted by: Troy Tate
Powershell,
administration,
howto,
DataCenter,
DataManagement,
Development,
Exchange,
Microsoft Windows,
Microsoft,
troubleshooting,
Networking,
Security,
policy enforcement,
reporting,
tools
Microsoft has some great virtual labs which can give an administrator some quick education over a lunch hour or a short period of time. One of these virtual labs is the 10 Cool Powershell Scripts lab. If you have not started with Powershell, then this may help you get moving in the same direction that Microsoft is moving… back to the command line!
Enjoy & keep your skills fresh.
Jun 18 2008 7:20PM GMT
Posted by: Troy Tate
administration,
diagnostics,
beta,
DataCenter,
Microsoft Windows,
Microsoft,
troubleshooting,
Networking,
LAN,
Monitoring,
metrics,
Performance,
reporting,
tools
The Microsoft Assessment and Planning (MAP) Toolkit is an integrated platform with tools and guidance that make it easier for you to assess your current IT infrastructure and determine the right Microsoft technologies for your IT needs. It offers easy inventory, powerful assessment and actionable recommendations for Windows Server 2008, Windows Server Hyper-V, Virtual Server 2005 R2, Microsoft Application Virtualization (formerly SoftGrid), System Center Virtual Machine Manager, Windows Vista, 2007 Microsoft Office, and SQL Server. The popular Windows Vista Hardware Assessment readiness tool has now been replaced by the MAP toolkit platform.
Jun 18 2008 7:15PM GMT
Posted by: Troy Tate
administration,
Microsoft,
Sysinternals,
awareness,
Data security,
diagnostics,
howto,
CIO,
Database,
DataCenter,
DataManagement,
Development,
Microsoft Windows,
troubleshooting,
Networking,
LAN,
network analysis,
WAN,
Security,
forensics,
Monitoring,
Policy,
Performance,
reporting,
tools,
web,
website,
www
If you’re a fan of the Sysinternals tools, check out the beta of Sysinternals Live, a service that makes it easy for you to execute Sysinternals tools directly from the web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals live path into Windows Explorer, or at the command prompt as \\live.sysinternals.com\tools\<toolname> or view the entire Sysinternals Live tools directory in a browser.
If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!
Jun 18 2008 5:26PM GMT
Posted by: Troy Tate
anti-virus,
awareness,
botnet,
Data security,
DataCenter,
Networking,
IT education,
Security,
antivirus,
CA,
digital signatures,
forensics,
honeypot,
malware,
Monitoring,
Policy,
SSL,
metrics,
policy enforcement,
reporting,
RSS,
research,
tools,
web,
website,
www
Infosecurity Magazine has a very good RSS feed to keep yourself up to date on events/issues and technologies. Check it out!
Jun 17 2008 2:33PM GMT
Posted by: Troy Tate
diagnostics,
browser,
DataCenter,
Linux,
Microsoft Windows,
Mobile,
Networking,
metrics,
Performance,
reporting,
tools,
web,
website,
www
Here’s a great website for testing your browser functionality and understanding the different features of each application.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Jun 6 2008 7:19PM GMT
Posted by: Troy Tate
DataCenter,
troubleshooting,
Networking,
network analysis,
Monitoring,
Performance,
reporting,
tools,
website,
www,
web
This is a great website to test if a public website is responding. http://downforeveryoneorjustme.com/ I am not sure what mechanism it really uses to test if a site is responding, if it is a ping test or if testing actually does an html GET. Anyways, this site may be a worthwhile addition to your network troubleshooting toolkit bookmarks.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Jun 4 2008 7:26PM GMT
Posted by: Troy Tate
howto,
DataCenter,
DataManagement,
Networking,
LAN,
network analysis,
Monitoring,
Network TAPs,
metrics,
packet capture,
Performance,
reporting,
tools
Yesterday, I received my Datacom Systems Singlestream 102 network tap. I installed it during lunch and wouldn’t you know, something started not working right on the network! Hmmmmm… maybe I should have tested this before putting it on the live network…. well… lesson learned.
You ask “What stopped working?” Let me tell you my friend… everything stopped working! Well, actually, to the users it seemed that way. It was as if I had a bad cable between the LAN and the router. Users were reporting slow performance due to packet retransmissions and the LAN switch and the router were taking errors on the internal ethernet ports. Not a good situation!
So, strike 1 on the SS102. I called Datacom technical support and found out they were closed after 5:30 PM EST. It was now 8:15 PM EST. I left a message with details of what I was seeing on the network.
The next day, around 9:00 AM I tried calling Datacom technical support but received a message that all office staff were in a mandatory company meeting. A short time after this, I received a return call from a very good support engineer. We discussed my application and how I went through troubleshooting the situation. His current suggestion is rather than set the router & LAN switch ports to 100/full to set them to autosensing and ensure that portfast is enabled (this is a Cisco LAN switch). So, that is where I am now. I need to make a network maintenance window to make this change and try once again installing the Singlestream 102.
Stay tuned. More to come.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
May 21 2008 1:18PM GMT
Posted by: Troy Tate
administration,
anti-virus,
Data security,
CIO,
DataCenter,
DataManagement,
Mobile,
Security,
antivirus,
malware,
Performance,
reporting,
tools,
policy enforcement,
Policy,
Network Admission Control
How often does this happen to you? A user is going to travel to another company location and they want to checkout a laptop for the journey. However, they tell you the morning of the travel rather than in advance. So you do not have time to check out the device and ensure that it is really in good operating condition or up to date on patches and anti-virus.
As they say, “Poor planning on your part does not constitute an emergency on mine”. However, this is a real business situation and IT responds to the user’s needs.
We recently had a situation where IT staff at a site gave a laptop to a user for travel. The IT staff cut corners due to time restraints and not understanding the implication of following corporate standards. The outcome of this: the user was given administrative rights on the laptop and non-standard software was installed. The combination of these two events created almost the perfect storm when the user reached their destination at another company facility.
The traveling user’s device created a denial of service (DOS) since it was infected with a virus and was unprotected due to anti-virus protection that had not been updated for over a year. This DOS took down some manufacturing equipment so production stopped. This took away one of the three legs of the information security triad: AVAILABILITY. Users were unable to access the systems or services they needed to do their jobs. The user was also unable to use the travel laptop in this condition.
Needless to say, the problem device was removed from the network and corrective actions were taken.
Both sites now understand why we have the procedures in place that we do. Users are told that they will submit their travel laptop request at least one day in advance. IT will no longer add these users to the local administrators group on the travel laptops. Let’s hope that these actions help reduce the likelihood of this happening in the future.
Network admission control (NAC) is a good method of enforcing policy on devices attaching to the network. However, this takes significant investment in equipment, software, policy creation and enforcement activities. Well, maybe someday I will be able to move in this direction. In the meantime, communication, understanding and enforcement will help all involved, users, IT and management.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
