Sep 14 2009 1:49PM GMT
Posted by: Troy Tate
Microsoft,
information security,
vulnerability,
risk management,
patches,
tcp-ip,
tcp,
tcp/ip,
Windows,
windows 2000,
support,
Microsoft support,
threat,
risk
Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.
One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.
I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.
Thanks for reading & let’s continue to be good network citizens.
Jul 20 2009 6:36PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
There are more upcoming sessions in the Laura Chappell seminar series called Wireshark 101Jumpstart tutorials. Check out the schedule at Chappell University website. Some of the things you will learn include:
- Wireshark elements and capabilities
- Tapping into the wired or wireless network
- Capturing and filtering basics
- Graphing basics
If you cannot attend the seminar, you can still register and download the seminar notes and gain access to the trace files used in the session. If you manage a network, you should learn this stuff! Be sure to register and attend early. The sessions are limited to 1000 viewers and these fill up FAST!
See my entry
for a how attending one of these seminars helped address an issue I was having with using Wireshark.
Thanks for reading and lets continue to be good network citizens!
May 26 2009 7:34PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
I recently posted an update about Laura Chappell’s Chappell University Online seminars. I attended one of these seminars today. What a great experience! I always try to attend Laura’s events and always pickup a tidbit that makes my life as a network manager easier. She gives you information about tools you can use to fight the battle of “the network is down”. Most of the time the network is behaving as designed. It’s poorly written applications or too high user expectations that create issues. So, if you want be the expert on fighting the network is “bad” syndrome - check out Laura’s presentations - I did and I learned something new… Continued »
May 21 2009 12:57PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis
I’m a huge fan of Laura Chappell. She has a great sense of humor and is a great educator about all things packet oriented. Previous posts about Laura have included:
Is protocol analysis or network management your thing?
ARP as a network auditing tool
Did you see this? - Latest Laura Chappell Newsletter
Did you see this? - the viral bitgirl
She has now started a new online seminar series. Some of the presentation are free and others are accessible for a fee of $99. If you cannot get away for education, then this is an excellent alternative and you can gain a great amount of knowledge from this packet analysis expert. I recommend that you visit Chappell Online University and sign up for the free Wireshark Jumpstart: Master Key Tasks for Network Troubleshooting seminar to get a feel for the seminars.
Thanks for reading and let’s continue to be good network citizens!
May 19 2009 5:48PM GMT
Posted by: Troy Tate
OSI model,
tcp/ip,
Networking,
education
Here is another source for educating yourself and some of your users on what networking is all about and why fixes are not always explained in simple terms. The example that the author gives of trying to explain to a casual air traveller how all of the devices on an aircraft work together for a landing is very similar to explaining a network to a typical home user. The author of the TCP/IP networking from the wire up takes the complex subject of a network and breaks it down. Add this to your list of references on the OSI model.
If you have not visited the Microsoft Technet Blogs website, then you should take some time and check it out.
Thanks for reading and let’s continue to be good networking citizens.
Feb 19 2009 1:47PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files
Laura Chappell (the Viral Bitgirl) has announced that Sharkfest 09 registration is open and all registered attendees get a FREE AIRPCAP ADAPTER (US $198)! Sharkfest is the Developer/User Conference for Wireshark and it is sponsored by CACE Technologies and Wireshark University. Laura will be there with new, hot (or cool, if you prefer) topics, trace files, case studies and hands-on labs. Register today at Sharkfest.09 to get your free AirPcap adapter. [Dates: June 16-18, 2009-registration and BBQ on June 15th]
Laura has also announced that Chappell University is open for registration. Subscription-level service will be open soon. Chappell University is an affordable, on-demand, online training system to maintain and enhance IT skills in the area of analysis, troubleshooting and security. Some of the content includes two lab workbooks with over 100 lab exercises using Wireshark to spot network problems, security breaches, and analyze normal and abnormal TCP/IP communications. There are video answers to all the lab exercises. In addition, there’s an extensive trace file respository and additional WLAN, VoIP, bot-infections, application, etc., trace files will be added each quarter. Check out the new YouTube Channel for Chappell University and the video “Ethical Hacking with NetScanTools Pro: Tutorial on ARP Scanning to Discover All Local Hosts” (even those hidden behind firewall applications).
If you have never experienced training presented by Laura, this is your chance to get very in-depth, easy to understand technical training. Sure, some of the stuff may cost a little, but she has tons of free stuff out there also. The paid content is definitely worth it. I have her Master Library (pre-dates the new Chappell University) and I still refer to the content occasionally to refresh my skills in network analysis.
Thanks for reading and let’s continue to be good network citizens!
