IT Trenches

April 27, 2009  1:29 PM

Simple is not always easy – SNMP for network management

Troy Tate Profile: Troy Tate

SNMP – Simple Network Management Protocol has been around since the late 1980’s (RFC 1065, 1066, 1067). It has moved from SNMPv1 to the current SNMPv3 (RFC 34113418). Older versions are considered obsolete or historical.

SNMP is available on almost every network device such as switches, routers, servers, desktops and laptops. It is a feature provided by the operating system on these devices. Since it is so prevalent and across so many platforms, it is a significant risk to an environment if the SNMP configuration is enabled and the defaults are not changed, a malicious hacker could gain a lot of information and possibly control an organization’s infrastructure with little or no notice by the affected organization.

It is critical that each sysadmin and netadmin understand this service/protocol. It is not something to be taken lightly. Device configurations can be changed using SNMP. Data can be sniffed, redirected and decoded using SNMP. The upside of SNMP is it can be used effectively as a warning system of system/network issues. Thresholds can be monitored and notifications sent before the users detect any issues. Trend analysis can be performed based on historical data.

Here’s a sampling of some SNMP resources to help you gain a better understanding of this protocol/service that is likely already running on your network but not being monitored.

SNMP Link Org – a portal to all things SNMP; has news, software, appliance information and other SNMP related resources.

SNMP Wikipedia article – a great page with links to many SNMP resources

GetIF – a nice free SNMP tool that I use occasionally to quickly watch some SNMP MIBs on devices

What SNMP tools do you like that are easy to use and available for other administrators to use?

Thanks for reading & let’s continue to be good network citizens.

April 2, 2009  8:53 PM

5 Things we learned from the Conficker non-event

Troy Tate Profile: Troy Tate

1. The media can take a story about Information Technology and say nothing of substance. What did the 60 Minutes story do for the IT industry? It made Symantec look like they could not effectively address security risks and might even create a sense of false security. I wonder how the CBS IT staff felt when it was revealed that some computers had been compromised. Who was this April Fools joke for? Working in IT at times makes you feel like Rodney Dangerfield – “I don’t get no respect”

Continued »

March 31, 2009  3:32 PM

Simple Conficker Scanner tool released – find the infected machines

Troy Tate Profile: Troy Tate

A Simple Conficker Scanner (SCS) tool has been released by members of the Honeynet Project. This tool can be run under linux or Windows. It runs a specially crafted RPC query against a host or range of IP addresses. The tool will tell if systems are clean or potentially infected. I am running this tool against hosts on my network and I found a Windows 2000 server apparently infected by Conficker. I am in the process of clean-up on that host. It looks like a couple of things contributed to the infection on this computer:

1. Out of date anti-virus. The antivirus signatures had not been updated since January 2008.

2. Microsoft patches not applied.

Folks, the advice about maintaining up-to-date AV and applying patches is good advice. Heed the warnings and save yourself some troubles of clean-up. I will be having a discussion with my operations team about this situation and make it clear that we should have been prepared for this and this situation should not have arisen.

I am also following the advice from McAfee on Combating the Conficker worm

For more details on how the Conficker worm actually works, follow the links in my blog

The Conficker Analysis – are you ready for April 1?

Thanks for reading. Let’s continue to be good network citizens.

March 27, 2009  12:52 PM

The Conficker Analysis – are you ready for April 1?

Troy Tate Profile: Troy Tate

There is a feeling in the infosec community that Conficker may change its behavior April 1 and wreak havoc. Headlines have included:

ComputerWorld: Conficker’s next move a mystery to researchers

Computer Reseller News: Conficker Worm to Strike April 1

USA Today: PC security forces face April 1 showdown with Conficker worm

Here’s a great analysis of the Conficker variants and some details to show what to be concerned about.

Take a look at this guidance from Microsoft on Conficker.A and Conficker.B. You need to get the MS08-067 (KB958644) patch rolled out as soon as you can to your machines.

Good luck and if there is a big outbreak on your network, break the internet connection or shutdown the machines until you get them checked & updated. Don’t be afraid to shut things down to get them cleaned up. Then… once you do get things cleaned up and can estimate the time it took… figure out how much you could have saved and look at purchasing a good asset management system like Windows Systems Center Configuration Manager to push out patches and fixes to your devices.

Thanks for reading & let’s continue to be good network citizens.

March 26, 2009  7:38 PM

Do You Manage Sharepoint and want training? – Free Microsoft How-to Videos

Troy Tate Profile: Troy Tate

It’s always nice to come across free training, especially in the economic times most companies are experiencing today. It is also good to be able to do some self-education to better prepare yourself for whatever may lie ahead in your career.

Microsoft offers lots of training materials. I previously wrote about a couple of them

Did you see this? – FREE TRAINING: Technet Virtual Lab: Managing Bandwidth Using Windows QOS

Did you see this? – 10 Cool Powershell scripts virtual lab

I just came across another Microsoft training resource that covers Microsoft SharePoint. Take a look at the SharePoint Products and Technologies “How Do I?” Videos. Maybe you can find the solution to that problem that has been nagging you or your users or do something nifty and cool and impress the users! You can download the videos in lots of different formats including WMV, iPod, and MP4.

Thanks for reading & let’s continue to be good network citizens.

March 23, 2009  3:57 PM

Need help? Ask questions – help someone – read my blog & win one of 3 XBox 360’s

Troy Tate Profile: Troy Tate

Looking for some help on some troublesome IT isssues? Post your question on IT Knowledge Exchange. Maybe take some time to read through some of the questions on ITKE. Provide an answer or even improve answers already given or give some discussion feedback. By doing these things with other IT peers, you could just win one of three XBox 360’s to be given away in April.

While you are her on ITKE, why not take some time, read through a few of my blog postings, maybe there is something there that would be of value to you or someone else you know. Send your fellow IT peers to ITKE. Make this the best free online support community and a one-stop shop for getting the support you need for those IT issues we each face every day.

Some of my blogs that will hopefully be of interest to you include:

What did I just do with my contacts list? – Social Engineering/Networking & contact list scraping

Network speed & capacity are NOT the same

Financial crisis due to poor risk understanding & management – IT security next?

Nifty tools for tracking down that “interesting” network traffic

PROTOCOL analysis vs protocol analysis (with a small p)

Good luck with the contest! Stay tuned for more and thanks for reading. Let’s continue to be good network citizens together.

March 20, 2009  2:55 PM

What did I just do with my contacts list? – Social Engineering/Networking & contact list scraping

Troy Tate Profile: Troy Tate

A recent article in the Windows Secrets newsletter titled Viral Inviters Want Your E-mail Contact List raised some fear, uncertainty and doubt (FUD) in my mind. Sometimes we use FUD as a term of derision, but in this case it might be warranted suspicion. How many times have you registered on a social networking website and get prompted to contact all of your contacts to join you there? Sounds simple and painless, right? Maybe not painless… simple it is for sure. Just be wary of what you click on and accept on these social networking websites. Warn your contacts about the same and create some type of notice you can send back to them when you receive an invitation that came through their interaction with such a social networking website.

Thanks for reading & let’s continue to be good network citizens.

March 13, 2009  6:25 PM

Friday fun – keyboards for blondes, Polacks, Aggies… hmmm… and me?

Troy Tate Profile: Troy Tate

Please don’t take this wrong but I think this is a very funny product. It is directed towards blondes, hence the pink color, but pick your favorite “intellectually challenged” individual (e.g. Aggie if you are a Texan like me) and it could be the best thing to get them for their birthday, anniversary or other gift giving occasion. Maybe the American Blonde Association of America will release this for use by other populations.

It’s the Keyboard For Blondes.

Some of the function keys include:

NO! – formerly known as ESC

WARNING! Size XXL letters – CAPS lock

Smart Blonde Button – Shift

THE BIG ONE: “I need my space” key – spacebar

OOPS! – Backspace

Way Up – Page Up

Way Down – Page Down

Hope this gets you laughing and maybe enjoying your work more thinking about creative key renaming.

Have a great Friday and thanks for reading!

March 13, 2009  5:38 PM

Who hires IT staff anyways? Was it the US CIO or some HR crew?

Troy Tate Profile: Troy Tate

Recently my fellow ITKE blogger Denny posted a rant against how IT people act in public. I know that his posting does not always apply just to IT folks. A news announcement today makes me wonder about the actions of some IT people and the way they get hired.

Per Network World on Thursday, 3/12/09:

According to a report in the Washington Post, Cisco CCNA Yusuf Acar who is currently employed as the Chief Security Officer (CSO) and/or Information Systems Security Officer (ISSO) of the Government of the District of Columbia, has been busted by the FBI in a federal bribery sting. FBI agents found $70,000 in Acar’s Northwest D.C. home when they arrested him this morning.

The question Brad Reese raises and I think should be considered in this forum is “Who is hiring these people?” Yusuf had no information security certifications or credentials (e.g. CISSP or CISA) to support his position as CSO. Continued »

March 10, 2009  8:43 PM

Did you see this? – Microsoft Team Blogs – BlogMS

Troy Tate Profile: Troy Tate

BlogMS consolidates a large number of highly relevant and up-to-date information sources across the Microsoft product and online services portfolio.  You can expect to find important Microsoft announcements, news, product releases, service packs, updates, and important support issues.

All blogs are grouped into logical categories, so you can quickly skim the entire document and find the most relevant information which is important to you.

You can find the February posting here:

Monthly Report – 214 Microsoft Team blogs searched, 876 new articles found in 152 blogs between the 1st February 2009 and 28th February 2009.

Get some good scoop at BlogMS!

Thanks for reading & let’s continue to be good network citizens.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: