IT Trenches

May 21, 2009  12:57 PM

Master key tasks for network troubleshooting – Chappell University Online Seminars

Troy Tate Profile: Troy Tate

I’m a huge fan of Laura Chappell. She has a great sense of humor and is a great educator about all things packet oriented. Previous posts about Laura have included:

Is protocol analysis or network management your thing?

ARP as a network auditing tool

Did you see this? – Latest Laura Chappell Newsletter

Did you see this? – the viral bitgirl

She has now started a new online seminar series. Some of the presentation are free and others are accessible for a fee of $99. If you cannot get away for education, then this is an excellent alternative and you can gain a great amount of knowledge from this packet analysis expert. I recommend that you visit Chappell Online University and sign up for the free Wireshark Jumpstart: Master Key Tasks for Network Troubleshooting seminar to get a feel for the seminars.

Thanks for reading and let’s continue to be good network citizens!

May 19, 2009  5:48 PM

Did you see this? TCP/IP networking from the wire up

Troy Tate Profile: Troy Tate

Here is another source for educating yourself and some of your users on what networking is all about and why fixes are not always explained in simple terms. The example that the author gives of trying to explain to a casual air traveller how all of the devices on an aircraft work together for a landing is very similar to explaining a network to a typical home user. The author of the TCP/IP networking from the wire up takes the complex subject of a network and breaks it down. Add this to your list of references on the OSI model.

If you have not visited the Microsoft Technet Blogs website, then you should take some time and check it out.

Thanks for reading and let’s continue to be good networking citizens.

May 11, 2009  2:28 PM

FREE Disaster Resource Guide

Troy Tate Profile: Troy Tate

If you are involved in IT you should also be involved in the disaster recovery planning and operations for your organization. There are quite a few resources to help with this activity. A very good free one just came across my desk that I wanted to share with you.

It is called the Disaster Resource Guide. It is a free quarterly publication to US mailing addresses. The guide covers six content categories:

  • Planning and Management
  • Human Concerns
  • Information Availability and Security
  • Telecom and Satcom
  • Facility Issues
  • Crisis Communications and Response

The guide has been published since 1995. There are three specialty issues printed each year that go deeper into a single content category. To subscribe visit

Some topics of the articles in the 2008-2009 edition:

Where Does Business Continuity Planning Belong in an Organization?

NFPA 1600 or BS25999? … Why Not Both?

Using Standards to Get Immediate Value for Your Organization

The Mouse in the Room: “Where’s the Planning for People?”

May your disaster preparations pay off but may the disaster not strike that you have not planned for. Thanks for reading & let’s continue to be good network citizens!

May 7, 2009  7:33 PM

Is unified threat management defense in depth?

Troy Tate Profile: Troy Tate

An ITKE poster recently asked a great question.

Experts tout unified threat management appliances as an ideal antimalware, intrusion prevention and content filtering firewall for midmarket companies. But doesn’t this counter the long-standing security practice of defense-in-depth? With a one vendor, platform, and management console, aren’t we talking about a dangerous single point of failure?

When is UTM good enough? When should we go with standalone devices?

Here’s the answer that I offered:

Actually it is defense in depth even though they are all contained on one appliance or device. Think about the layers in a bullet proof vest. They each work in tandem to prevent damage to the person wearing it. However just one type of layer by itself would likely not be enough protection against certain firearms.

Granted it is a single point of failure, but the ability to manage an entire suite of services from one console is attractive to many smaller organizations that may not be able to provide the care and feeding of single purpose devices. The ability of a vendor to patch the entire product suite against vulnerabilities is another good reason to go to a UTM device. If using multiple devices from different vendors, then the vulnerability exposure could potentially be greater if one vendor addresses a vulnerability in their appliance/service but another does not.

I would go to standalone devices if the potential threat to my organization could create capacity/performance issues on the UTM device.

How do you think about the UTM vs defense in depth issue? Do you agree with the answer I offered? What do you think?

Thanks for reading and let’s continue to be good network citizens.

April 29, 2009  1:02 PM

Google has published a browser security handbook for developers

Troy Tate Profile: Troy Tate

If you develop websites or manage webservices, then you should check out the Browser Security Handbook that Google publishes on their website. The Browser Security Handbook currently has three sections:

Part 1: Basic concepts behind web browsers

  • Uniform Resource Locators
    • Unicode in URLs
  • True URL schemes
  • Pseudo URL schemes
  • Hypertext Transfer Protocol
  • Hypertext Markup Language
    • HTML entity encoding
  • Document Object Model
  • Browser-side Javascript
    • Javascript character encoding
  • Other document scripting languages
  • Cascading stylesheets
    • CSS character encoding
  • Other built-in document formats
  • Plugin-supported content

Part 2: Standard browser security features

  • Same-origin policy
    • Same-origin policy for DOM access
    • Same-origin policy for XMLHttpRequest
    • Same-origin policy for cookies
    • Same-origin policy for Flash
    • Same-origin policy for Java
    • Same-origin policy for Silverlight
    • Same-origin policy for Gears
    • Origin inheritance rules
    • Cross-site scripting and same-origin policies
  • Life outside same-origin rules
    • Navigation and content inclusion across domains
    • Arbitrary page mashups (UI redressing)
    • Gaps in DOM access control
    • Privacy-related side channels
  • Various network-related restrictions
    • Local network / remote network divide
    • Port access restrictions
    • URL scheme access rules
    • Redirection restrictions
    • International Domain Name checks
    • Simultaneous connection limits
  • Third-party cookie rules
  • Content handling mechanisms
    • Survey of content sniffing behaviors
    • Downloads and Content-Disposition
    • Character set handling and detection
    • Document caching
  • Defenses against disruptive scripts
    • Popup and dialog filtering logic
    • Window appearance restrictions
    • Execution timeouts and memory limits
    • Page transition logic
  • Protocol-level encryption facilities

Part 3: Experimental and legacy security mechanisms

  • HTTP authentication
  • Name look-ahead and content prefetching
  • Password managers
  • Microsoft Internet Explorer zone model
  • Microsoft Internet Explorer frame restrictions
  • Mozilla and Safari HTML5 storage experiments
  • Microsoft Internet Explorer XSS filtering
  • Script restriction frameworks
  • Origin headers
  • Mozilla content security policies

This is a good resource for developers and administrators to understand browser & web security considerations.

Thanks for reading and let’s continue to be good network citizens.

April 29, 2009  12:40 PM

Training users? Do they still do what you tell them NOT to do?

Troy Tate Profile: Troy Tate

Here’s a story that might help you think of a creative method to train users to NOT do what they continue to do even after you have instructed them in proper use of computer systems.

Lipstick in School (You’ve got to love this Principal)

According to a news report, a certain private school in Washington
was recently faced with a unique problem. A number of 12-yr-old girls
were beginning to use lipstick and would put it on in the bathroom.
That was fine, but after they put on their lipstick they would press
their lips to the mirror, leaving dozens of little lip prints. Every
night the maintenance man would remove them and the next day the
girls would put them back. Finally, the principal decided that
something had to be done.

She called all the girls to the bathroom and met them there with the
maintenance man. She explained that all these lip prints were causing
a major problem for the custodian who had to clean the mirrors every
night (you can just imagine the yawns from the little princesses.)

To demonstrate how difficult it had been to clean the mirrors, she
asked the maintenance man to show the girls how much effort was
required. He took out a long-handled squeegee, dipped it in the
toilet, and cleaned the mirror with it.

Since then, there have been no lip prints on the mirror.
There are teachers…and then there are educators.

Thanks for reading and let’s continue to be good network citizens!

April 29, 2009  12:25 PM

Did you see this? – Free Wireless LAN planning, deployment and management tools

Troy Tate Profile: Troy Tate

Xirrus is a WLAN equipment manufacturer. They have some very cool products and if you have not checked them out and are looking for installing, adding or replacing any WLAN network gear, then I suggest you take a look at their offerings before making a decision.

Xirrus has a page on their website where they offer some cool free tools for planning, deploying and managing wireless networks. The tools will work on any 802.11 wireless network as well as on wired networks. Some of the tools available include:

Xirrus Wi-Fi Inspector
The Xirrus Wi-Fi Inspector is a powerful tool for managing and troubleshooting the Wi-Fi on a Windows XP or Vista laptop. Built in tests enable you to characterize the integrity and performance of your Wi-Fi connection.

Xirrus Wi-Fi Monitor Gadgets/Widgets
The Xirrus Wi-Fi Monitor allows you to monitor your Wi-Fi environment and connection in real time from your desktop in an easy-to-use mini-application. Nine different color skins allow you customize the Wi-Fi Monitor to your desktop

Iperf is an easy to use and very popular tool that every IT professional should have that measures maximum throughput. Iperf provides you the data to tune TCP and UDP characteristics. Iperf reports throughput, delay jitter, and datagram loss in easy to understand tables and graphs. You can run Iperf from and command line or a GUI interface.

Qcheck is a must have and handy tool for any IT professional. It does much more than the traditional “ping” command

Other tools are available on this excellent website. I recommend that you take a few minutes, review the offerings and add to your toolbox those tools of value to you.

Thanks for reading and let’s continue to be good network citizens.

April 29, 2009  12:11 PM

Doing Microsoft packet analysis? – Microsoft releases Network Monitor 3.3

Troy Tate Profile: Troy Tate

If you do packet capture or analysis in a Microsoft environment, then you are probably already familiar with Microsoft Network Monitor. If not, please read my real-world use of it for PROTOCOL analysis vs protocol analysis (with a small p). Microsoft has updated Network Monitor to v3.3. The announcement of its release can be found on the Technet blog. Some of the new features listed are:

· Ability to capture WWAN (mobile broadband) and Tunnel traffic on Windows 7.

· Full Hyper-V support on Windows Server 2008

· Right-click-add-to-alias: Right-click a frame in the Frame Summary window with an IPv4, IPv6 or MAC address to add that address as a new alias. This is one of those little things that simplifies your work-flow.

· Right-click-go-to-definition: Have you ever wondered where and how the protocols fields you see in the Frame Details are defined in our in-built parsers? Wonder no more. Introducing right-click-go-to-definition: right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.

· Autoscroll: Another one of those little, but priceless things … auto-scroll. See the most recent traffic as it comes in. In a live capture, click the AutoScroll button on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.

Several other new features are described in the Technet blog. If you capture packets on a Microsoft network, then you should get this upgraded version to add to your toolbox.

Thanks for reading and let’s continue to be good network citizens.

April 29, 2009  11:55 AM

Doing less with less – the glass is the wrong size!

Troy Tate Profile: Troy Tate

I am an optimist by nature. I always look for the positive in everything. However, that is sometimes a challenge in today’s economic environment. There is a time when you have to be a realist and see the situation for what it is. Continued »

April 27, 2009  7:22 PM

Pandemic preparation, risk and business continuity

Troy Tate Profile: Troy Tate

I’m not the kind to run around thinking the sky is falling or that the swine or bird flu risk is non-existent. I take a lot of these warnings with a grain of salt. However, the pandemic watches of the past few years should obviously have organizations thinking about their risks and business continuity plans. In fact, my organization has a few sites in Mexico and along the border with Mexico. So, this situation has the potential to directly affect our employees.

I wanted to bring your attention to a recent posting on the excellent SANS organization website about the pandemic watch of 2009. This posting is titled Pandemic Watch April 2009. This has very good explanations of the current situation and the potential health risks.

The section that I think is most appropriate to IT folks (actually to everyone) describes a skeleton plan for companies to help deal with the situation. The following is an excerpt from the SANS website.

Don’t Panic!

Initial monitoring stage (where we are right now)

* If you’re sick, stay home
* Family is sick, stay home
* Close contact with someone showing symptoms, stay home
* Wash your hands, cover your cough

Then, if multiple cases in your area,

* Think about telling non-essential workers to stay home
* Recommend workers take kids out of daycare

Pandemic stage

* Everyone will be staying home, how will you handle it?
* Do you have enough laptops?
* Can your VPN concentrators handle the load

I would recommend taking some time to read the summary about the health risks of the various flu strains. Let’s continue to keep our thoughts and best wishes for those who have already been affected by this most recent health issue.

Thanks for reading and let’s continue to be good network citizens – stay healthy too and if you are not healthy, then please contact a health care organization as soon as you can. Get well soon!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: