Day four of SANSFire 2008, and I’m feeling a bit tired.
Alright, I am burned out.
Continue reading “SANSFire 2008 – Audit 507, Day 4 – Web applications”
SANSFire 2008 – Audit 507 – Day 3
Day three – Auditing Networks, done. Today we covered what it takes to audit a network, including those little things called modems. Remember them? You used to used them to do stuff like, send faxes, connect to your local BBS, or get dial-up Internet access! And, if you’re a poor, unfortunate soul who lives in Vermont, odds are pretty good that you still use one of those modems for dialup access. (Not that I would know anything about that.) Continue reading “SANSFire 2008 – Audit 507 – Day 3”
SANS STI Masters Degree in InfoSec
I just found out that the SANS Technology Institute is offering two Masters degree programs in Information Security. A couple of years ago, I had toyed with the idea of pursuing an MBA, but after realizing that I was already a) making more money than the average MBA graduate right out of school and b) owning my own business and fairly happy with life at the time, I asked myself “why would I want to spend the time and money to get an MBA to change what’s not broken?” Needless to say, since I’m not “Peter Nikolaidis, MBA,” I didn’t pursue that course.
But a Master degree in something that I am very interested in, made up of SANS classes (which, if the one I’m taking is any indication, are very interesting and relevant to what I want to be doing), may be exactly what I’m looking for. Watch this space for details!
SANSFire 2008 – Audit 507 – Day 2
Today we covered what it takes to audit Cisco (and other) routers and firewalls. I learned a couple of new things about Cisco IOS, but in auditing, we are mainly concerned with ensuring that things are doing what they’re supposd to do, not necessarily configuring or doing in-depth troubleshooting.
Again, we covered tips and techniques to help admins appreciate what the role of an auditor is, and to demonstrate that we’re not “the enemy,” but here to help.
We did a few exercises, including analyzing a router config file (in which every single line of the IOS has errors), reviewing a firewall ruleset with similar errors, and conducting a sample audit on a network of virtual machines. I was exposed to a couple of new (to me) tools made specifically for auditing Cisco routers, RAT and Nipper, which analyze configurations for common problems and present them in a (sometimes) easy to understand report.
The exercises are not as tough as some other training I’ve had, by far, but at the end of the day, I’m definitely feeling that I’ve absorbed enough that I need to take a break and unplug for a while, which is a good thing.
SANSFire 2008 – Audit 507, Day 1
My first day of classes here at SANSFire 2008, where I’m taking their Audit 507 course, is going well. Not having any formal audit training, but still knowing something of the basics (so I thought, anyway), I decide to take the 500-level course as opposed to the intro to auditing. So far, I am happy with this choice, as the first day, which is supposed to get everyone from different auditing backgrounds on the same page with terminology and goals, is not strange to me.
The hotel is nice, and the staff are helpful. However, in order to prepare my Medifast meals I need to use a microwave oven down in the food court area, which is somewhat inconvenient – especially since 3 out of 5 meals a day require heat.
My room’s pretty good too, except there is no refrigerator in it! I’m compensating by maintaining a bucket of ice at all times. Also, the safe is in a drawer which didn’t want to fully open until I really worked to pry it, fortunately without breaking anything.
Allegedly tomorrow’s class, focusing on firewalls and Cisco routers, is the most technical day, and the ones that most folks complain about. Sounds like fun! (no, really!)
Transcript of My Chat With APC Technical Support
I have a client with an APC UPS which has a failing battery. Since it is under warranty, we contacted APC to arrange for a replacement. The conversation is enclosed for your entertainment. Continue reading “Transcript of My Chat With APC Technical Support”
ECFiber Finds Underwriter
It was announced this evening at the regular ECFiber governing board meeting that the group, representing 23 towns in east central Vermont with an aim to build a municipal fiber-to-the-home network, is in negotiations with Oppenheimer & Company, Inc. to underwrite an $80M investment to create the network. Sovereign Bank has been hired as a financial advisor on the deal, and Greenberg and Traurig, LLP has been chosen as financial counsel to ECFiber and its member towns.
Fixing Active Directory Replication/FSMO Transfer issues
For several weeks, we’ve had some odd behavior at our internal network here at Paradigm. In typical shoemaker fashion, I have not looked at this issue because we’ve been busy taking care of client issues instead, but I finally decided I’d had enough and today was the day.
One of our domain controllers has been acting up. It would fail to process logons sometimes, not give us the right logon scripts, fail to allow joining to a domain, not deploy software, etc. – very annoying.
Since the first controller was acting up, I decided I would simply strip all of its functions and transfer them to the second one, which was fine, except that it was down to 200MB of free disk space and, as a result, still didn’t have Service Pack 2 installed. (Are you starting to see why I was putting this off?) A new virtual disk and a quick application of partedmagic fixed this issue, so I was able to resume working on the actual problem.
I followed the standard procedure to trasfer the FSMO roles from Microsoft, and everything went well until I tried to transfer the RID Operations Master role. This failed because the current RID master could not be found!
Fortunately, a little Googling revealed this article, which suspected the issue was related to the AD replicas being out of sync – something I had personally observed. I followed the steps and within moments, the AD replicas were again in sync and I was able to transfer all roles from the old server to the new.
Are spam magnet addresses worth it?
It’s a common practice to maintain email addresses such as [email protected], [email protected], [email protected], etc., addresses for Internet email domains. The theory is that these provide a generic address which can be used to contact a company if the sender doesn’t have a specific address to use.
The problem is that these addresses are what I refer to as “spam magnets.” These, as well as emails which are [email protected], are likely targets for automated spam generators and, in my experience, in excess of 95% of the messages sent to these addresses are junk. Despite using a variety of spam filters, including SpamAssassin, GFI MailEssentials, or GMail‘s, Outlook‘s, or Thunderbird‘s built in junk email filters, they still get swamped.
At the domains I control, we are removing these addresses altogether, and replacing them with “less guessable” replacements (like [email protected], or [email protected]) to make them a little less obvious. Overnight, the difference is noticeable.
What’s your opinion? Is there any value in maintaining these addresses anymore? Do people still blindly send email to these addresses, or has their usefulness fallen by the wayside?
Moving Grub from the MBR to the Install Partition
I realize this is nothing new to experienced Linux users, but I figured I’d document the process I used to move GRUB from the master boot record (MBR) of my notebook’s hard drive to the partition where I had Linux installed. I got the steps straight out of the Ubuntu forums as a result of a Google search for “move grub mbr.” The reason I am moving it is because, as I write this, I am using TrueCrypt to encrypt my entire Windows partition. To be able to boot Linux, I needed to move GRUB to make room for the TrueCrypt boot loader, since the MBR ain’t big enough for the both of them!
So, the process was:
- Identify the partition in which Linux is installed.
mount
Look for the/partition, which, in my case, is/dev/sda2(as/dev/sda1is where Windows lives on this machine). sudo grub-install /dev/sda2
Voila! GRUB now lives in/dev/sda2(as well as in the MBR).
Of course, there’s no real way to verify that this will work until you overwrite the MBR with something else, as GRUB still lives in the MBR, so effectively nothing has changed. In my case, I installed the TrueCrypt boot loader in the MBR. I then booted and selected my Linux partition from the TrueCrypt boot loader, which brought up my friendly GRUB boot menu! Now assured that things were working and that I could get back into Linux, even if I somehow hosed my Windows partition, I continued on with encrypting the entire partition.