IT Trenches

September 19, 2008  1:16 PM

Crunching numbers – is this any way to manage a network?

Troy Tate Profile: Troy Tate

I just got done catching up crunching wide area network usage statistics for the last 6 months. Wow… what a job! I should be doing it at the end of each month but I got behind due to other major activities like moving a data center and implementing a new e-mail system for >2000 users. Those kind of major activities seem to take over the day so routine items sometimes get left behind.

Getting back to the WAN statistics. I download usage stats daily. The stats are in 10 minute increments. So, I get really good detailed information about utilization at the sites. Well, 10 minute stats over a 24 hour period is about 144 data points per day per site (actually, multiply X2 since there are stats for inbound AND outbound usage). Since this is such a large volume of data, I distill it down to the busy business hours of 7AM to 7PM local site time, Monday through Friday. For a regular month, this may give me around 1600 data points each for inbound and outbound. I also have to do some work in converting the dates/times from the vendor reports to Excel-friendly format.

I take these data points and run them through Excel performing some frequency plots and trend analysis. This gives me an idea of utilization at the site during the past month and possible trends for the future month. As you can see, this is a labor-intensive activity. I don’t know of another way of  getting this information given the current toolset I have available. Do any of you have a similar challenge? How do you address it? I do think the task is worth the effort since a global WAN is a significant monthly expense.

As always, thanks for checking out my blog. Let’s be good network citizens together & practice safe networking!

September 19, 2008  12:53 PM

Did you see this? – Encyclopedia of internal network security threats

Troy Tate Profile: Troy Tate

Promisec has released an online encyclopedia of internal network security threats. This is available online for free. There is a lot of information to look through and decide how the risks affect your organization.

Take for example the entry describing GoogleTalk. The site rates it as one of the top 5 internal threats.

The more we know about these risks the better prepared we can be. Thanks for your time. Let’s be good network citizens together & practice safe networking!

September 11, 2008  4:36 PM

RANT: Am I responsible for training technology staff at other companies?

Troy Tate Profile: Troy Tate

You may have seen in one of my past blog posts that we relocated a site over a weekend. As a result of that move we are continuing to clean-up various network access issues for services that existed in the old facility but are not available at the new facility.

In the old facility some of the users were required to use a kiosk or standalone computer to access customer extranets using VPN. We wanted to make this easier in the new facility and get rid of the standalone computers and internet connections. As we approach each instance of VPN access, we have to ask the standard questions of what is the destination IP address and what ports need to be opened on the firewall for this service. I recently came across a customer technology staff member at another organization who was responsible for the remote access service but could not answer these standard application questions. The answer I was given was just open any-to-any ports for their destination IP (at least he knew their IP address for this service). I don’t think this was a junior staff member either answering the question. This is the person responsible for interfacing with suppliers!

Well, after walking around and burning off some frustration, I took some steps to try to identify how the application works and make firewall changes according to what I discovered. Working with my managed security partner I went through the following steps:

1. Configure a private client machine and designate as single source of traffic.

2. Define firewall rule to permit any traffic from this client to the destination IP.

3. Run VPN application  and capture details about TCP/UDP ports during the conversation.

4. Close the any-to-any rule and open ports discovered in step #3.

Well, things did work pretty well but apparently there are some other ports needed to be opened, so once again I am asking this customer to help us as their supplier to gain access to their network. We will see if I have to get someone else involved in his organization even though I was told he manages this by himself.

hmmmm… so have you ever had to train someone at another organization that you deal with how to do their job?

September 8, 2008  4:49 PM

Did you see this? – 2007 Web Application Security Statistics Project

Troy Tate Profile: Troy Tate

The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape.



1. Identify the prevalence and probability of different vulnerability classes 2. Compare testing methodologies against what types of vulnerabilities they are likely to identify.


The statistics was compiled from web application security assessment projects which were made by the following companies in 2007 (in alphabetic



– Booz Allen Hamilton

– BT

– Cenzic with Hailstorm and ClickToSecure


– HP Application Security Center with WebInspect

– Positive Technologies with MaxPatrol

– Veracode with Veracode Security Review

– WhiteHat Security with WhiteHat Sentinel


The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity. The detailed information can be found here:

September 3, 2008  7:28 PM

Did you see (listen to) this? – Podcast on preventing spam

Troy Tate Profile: Troy Tate

An audio podcast on how SPAM is generated along with an examination on the frameworks and technologies that help manage and reduce SPAM.

This may be a great tutorial for you and/or your users.

CERTStation Media – Spam-Prevent.mp3

I just ran my monthly e-mail statistics and these are the results:

97,000 msgs/day inbound

8,800 msgs/day delivered to end users – 9%

22,200 msgs/day quarantined as spam – 23%

66,000 msgs/day blocked as spam – 67%

This month had higher than normal quarantine activity. Quarantine has been running about 15% and blocking around 75%.  How does your mail stack up?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

September 2, 2008  6:22 PM

Operation Sentinel – Manhattan becomes “Big Brother”

Troy Tate Profile: Troy Tate

Hopefully you have read my previous blog entry about IT Equipment Search & Seizure at US Borders. Well, if that is not enough to make you think Big Brother is here and watching, then take a look at the article NYPD seeks to screen vehicles entering Manhattan. This could be come one of the grandest IT endeavors of all time. How do you track these vehicles? What criteria do you capture to be able to determine a threat or not? The article mentions images and radiological readings. I think that authenticating and ensuring readings and images are accurate would create a market need for supercomputer implementations in New York City. How often are the radiological scanning devices calibrated and tested? What skills does someone need to be able to do that? Can cameras be fooled and images wrong?

Who is paying for all of this for NYC? Is this really where the city should be spending its dollars on risk mitigation? Maybe someone should share my thoughts on managing risk & vulnerability.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

August 22, 2008  8:02 PM

Poor Spelling = Identity Lost

Troy Tate Profile: Troy Tate

Well, I am not the best speller and I know that is true for most people. I have recently discovered how this human weakness can get you into trouble and cause identity loss as well as potential financial loss.

This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed into your browser. The actual address should be This is just a simple typographical error right? Hmmmmm… maybe not!

Consider if an attacker purchased the domain name They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?

IE invalid certificate

How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.

This looks like the following picture:


This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!

Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:

Mozilla SSL Policy Considered Bad for the Web

SSL VPN might not be as secure as you think

Black Hat 2008 Aftermath

But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.

The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

August 22, 2008  3:46 PM

Trolls on ITKE – I think not!

Troy Tate Profile: Troy Tate

Here’s an interesting blog entry I came across this week. I have great respect for John Postel mentioned in the article. He contributed immensely to the design of the protocols on which we depend on for data networks. I really like his Robustness Principle. “Be conservative in what you do, be liberal in what you accept from others.”  This is a good statement for life but can be a challenge to address in the IT world. The article and follow-up postings have a lot of nuggets of great thought. Maybe add your thoughts to Mr Schwartz’s post or add some thoughts below here.

Have you had to deal with a troll? What were your challenges and how did it end up? What are your suggestions for handling this global issue?

It is quite amazing if you take a minute to think about it how the global internet provides a whole new environment for crime and abuse. There is no single legal body that can deal with this environment. There are no borders (although countries like China try to control what information crosses theirs).

I do want to commend ITKE for seeming to keeping the trolls away from this useful internet resource. I know it is a challenging job but the TechTarget folks are doing a great job! Let’s thank them for all their hard work by keeping up the knowledge sharing.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

August 21, 2008  8:08 PM

IT Equipment search & seizure at the US borders

Troy Tate Profile: Troy Tate

I have recently been hearing some rumblings about this issue. I work for a firm with international locations and have travelled out of the country myself. So, this is a personal issue.

What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?

Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?

This issue seems like a bureaucratic (and maybe totalitarian leaning – think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?

I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.

This situation is definitely one to watch and be concerned about as world citizens.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

August 20, 2008  6:19 PM

Did you see this? – Need some Exchange advice/support

Troy Tate Profile: Troy Tate

Maybe you have already read my post about implementing new Exchange 2007 mailboxes for over 2000 users. If not… look here. So, as you see from this event, ongoing support for these global users on a new messaging system is going to be a real challenge.

I found a great blog posting with links to some excellent Exchange resources. Keep this in your toolkit for those times you just can’t find the answer elsewhere to those nagging Exchange problems. I see lots of other IT people struggling with this system and looking for support here at IT KnowledgeExchange.

Some other Exchange resources I recommend are:

Microsoft Exchange Server Resource Site

E-mail archiving

Seven ways to organize your e-mail – Portal for Microsoft Exchange Messaging & Collaboration

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: