average admins

Have any of you started planning, tried, or considered a Vista rollout.  I know it is still early in the game and I personally will wait about another year before doing it in my company since I am still a one man IT department, and with that said R&D time is hard to find, also. I’ve seen a few local businesses here in Huntsville/ North Alabama try to use Vista in a tech support roll to much frustration on their own part.  I’ve had a 3rd party technician try to help me trouble shoot e-mail trouble on his Vista staion and he finally gave up and RDP’ed my XP station so he could help effectively.  I’m mostly wanting to hear a voice from a group of intligent people that I know I can trust an opinion from since the internet is full of opinions of questionable value.  I hope to scrape up enough budget to buy one Vista Business station for testing purposes, but I work for a small company and I don’t konw when that will be.

I use this link often when setting up new computers or helping a friend or family member secure theirs. Since I’m always searching for this site, I decided to mirror a copy of it here.

If someone knows of a better suite of tools please let me know.

So how did I get infected in the first place?
http://www.castlecops.com/postlite7736-.html

(more…)

http://www.ossim.net/

This thing looks too cool to not write about. It’s basically an all-in-one monitoring solution that includes a ton of the top Open Source applications.

Ossim stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator with detailed view over each and every aspect of his networks/hosts/physical access devices/server/etc…
Besides getting the best out of well known open source tools, some of which are quickly described below these lines, ossim provides a strong correlation engine, detailed low, mid and high level visualization interfaces as well as reporting and incident managing tools, working on a set of defined assets such as hosts, networks, groups and services.

All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional.

Components
Ossim features the following software components:

* Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant useful information for attack correlation.
* Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host and service availability information.
* Osiris, a great HIDS.

To this we add a bunch of self developed tools, the most important being a generic correlation engine with logical directive support. Finally we take any other device you might have on your network which could contain useful data which, when fed to the system, could allow for a better undestanding of what’s going on on your network.

Profiles
Usually a typical ossim deployment consists of:

* A database host.
* A server which hosts the correlation, qualification and risk assesment engine.
* N agent hosts which do information collection tasks from a number of devices. For a list of plugins please refer to: http://www.ossim.net/dokuwiki/doku.php?id=roadmap:plugins
* A control daemon which does some maintenance work and ties some parts together. It’s called frameworkd.
* The frontend is web based, unifying all the gathered information and providing the ability to control each of the components.

It’s really cool to see people/companies build stuff like this. They even provide a VMware image so you don’t have to do any of the building of it yourself. The VMware Player is free and works on any operating system, however you really should be using VMware Workstations since it offers a ton more features than the little player does.

…Why Don’t I Back That Thing Up?!

Originally posted at cocoacrusty.com on March 5th, 2007.

I’m just trying to tell you, I do a lot of development on my laptop and have a lot of Photoshop files, code, etc. for my client’s web sites and other applications I have developed for Fruitful Solutions. I also have a ton of music in my iTunes music library. I have e-mails from clients that I need to hang on to and other important things that matter to me and I feel like I need to back this stuff up. Before I go on, if you have data, you need to be backing that stuff up. And here we go…

I have been backing up my MacBook to a USB 2.0 IDE drive cage with a 120GB Western Digital drive in it for a few months now using an application called Personal Backup X4 from Intego. This application has everything I was looking for in a backup solution.

I currently do what the software calls Synchronizing. Basically, it is an incremental backup. The first time you run the script, it performs a full backup. Then each run after that it only backs up any files that have been added or modified since the last synchronization and will also delete any files that are no longer on the source disk from the disk you’re backing up to.

You can also create disk images, archives, and even make bootable copies of your harddrive with this software. Like I said, I have been using this software for a while now and love it. I like knowing that my data is backed up and that I can customize my backup job with little to no effort using the intuitive interface Personal Backup provides.

If you’re looking for an inexpensive ($69.95) commercial backup solution for your Mac, I highly recommend you give Personal Backup a try. There is a free trial available for those of you who like to try before you buy. If you try this application, I can almost guarantee you will be impressed with its ease of use and feature set. Of course, I say “almost guarantee” because some people just can’t be pleased and then some don’t want to pay any kind of money for software these days. Hasn’t FOSS just spoiled us all?!

Until next time…

I found this on one of my “must-read” blogs, A Day in the Life of an Information Security Investigator

This particular entry is about an article from Redmond themselves describing the methods for doing forensics on Windows machines.

I haven’t read though it, yet, but if SecurityMonkey thinks it’s good enough for his site, then I’m definitely going to post it here.

And you can find his article here.

OK, everyone knows that Google has a powerful search interface but few people take the time to learn how to use it, myself included.

The most powerful search I’ve really ever done was something like intitle:”index of” blah blah .mp3

I’m not really getting the most out of my Google search and I’m probably missing a lot of potential search results.

I ran across a post on one of my favorite blogs, Geeks Are Sexy, about Interesting Reads for a Monday Morning.

One of the things he mentions is a really nice list of the 30 Essential Pieces Of Free (and Open) Software for Windows, which I encourage you to read since there really is some good software there.

I’ll list a few items from the list so make sure you check out the article to catch them all.

* Either/Or - if you want to search for something OR something else, make sure your OR is capitalized.

* Include/Exclude words - I use this all the time. If you want to exclude a certain phrase or word from your search results add a nice - before it. something OR something else -”something over there”

* Various operators: site:averageadmins.com chris davis, -inurl:(html | htm | php) intitle:”index of” +description +”last modified” +size +name search words. The last one is one of the best methods I’ve found of searching through directory listings.

If you REALLY want to hone your Google searching skills, you need to head over to Johnny Long’s site: johnny.ihackstuff.com

So, I’ve been invited to a “rollout party” for Verizon Broadband here in Huntsville.  It was implemented yesterday for public use, but it is still being tested and configured, so it isn’t fully reliable yet.  The official rollout is next week sometime.  Verizon is inviting businesses to the Space and Rocket Center for a show and tell.  Below is a topic schedule.  If any of you want any specific info for the future in Texarkana let me know and I’ll post what I find out.  I think I’ve heard it is coming to T’town in the next year, right?  I’ve used it down the Birmingham area not too long ago and it was great (fast and reliable even when driving down the interstate).

EVENT SCHEDULE 

Registration & Breakfast
7:30am - 8:00am 

Announcement
8:00am - 8:30am 

Technology Demonstrations
8:30am - 8:45am 

Vertical Market Solutions
8:45am - 9:15am 

BroadbandAccess - You Drive!
Hands-on demonstrations
9:15am - 10:00am

I like cheat sheets. Depending on what I am working on, I may have several on my desk at any given time so that I can reference them quickly.

One of the best technical cheat sheet resources I have found to date resides at ilovejackdaniels.com. Dave Child has created a dozen or so, all in pdf format, for your pleasure. Dave has done a fantastic job with the layout of these sheets to include the maximum amount of information possible while keeping them readable. His latest sheet is a reference for regular expressions (which happens to be what I was looking for this morning. Thanks Dave!). Others include MySQL, PHP, CSS, javascript, ASP, mod_rewrite, and several more. He has even created a cheat sheet for World of Warcraft for you gamers.

Linked from [Geeks are Sexy], here are 14 ways to protect your computers. This list is mainly geared towards the IT admin who has a large network of computers to manage, but some of them can be used by the single-PC person.

Most of these are really, really good.

I think this one would be a lot of fun:

12. Track where everyone browses on the Internet and for how long. Post the findings on a real-time online report that is accessible by anyone. This recommendation tends to make users’ Internet surfing habits self-policing. (I bet it will also lead to a sudden increase in productivity.)

http://geeksaresexy.blogspot.com

The term “sandbox” means to run code in a virtual enviornment so as not to harm the underlying system.

I have heard of the term “sandboxing” but have never really looked into running any applications in a sandboxed environment. While posting an earlier entry, I read of a guy running his Firefox in a program called Sandboxie so I decided to give it a try.

I installed Sandboxie and ran an instance of Firefox in it. Everything I did with my sandboxed Firefox was kept away from my running system: all registry entries, bookmark additions and deletions, browsing history, downloaded software (inclusing malware), everything.

The best part of it all is that after you’re done browsing (or whatever application you’re using) you simply delete the sandbox and all traces of it are gone. Well, not ALL traces as it does touch your hard drive so if you were to run a disk forensics scan it would find traces of your sandboxed activity. Fortunately, Sandboxie has already thought of that so they offer a way for you to integrate your existing favorite secure disk wiping application with their delete function. It does require editting the registry, however.

The author of Sandboxie is providing this software free of charge. After 30 days of use, the program will popup “reminders” asking you to kindly pay the $20 lifetime registration fee that gives you not only tech support but also a few other cool software additions like letting you know when software was launched outside of the sandbox (like a trojan install). The paid version also lets you automatically sandbox specific programs even if they weren’t launched inside the sandbox. Registered users can also have as many sandboxes open as they want, whereas the free version only allows one.

Of course, if you ask me, Linux is the best sandbox I’ve ever used!

http://www.sandboxie.com/