|
|
|
Home
|
Scott's Networking Page
Yes, I did it! I passed my Unity exam and my Exchange certification on time. Now the focus will be Windows 2003 server and possibly SQL Server 2000.
December 23rd, 2002 Nothing much new right now, just working on my Exchange 2000 certification - I want to have it completed by EOY.
October 14, 2002 Recently, it looks like the trend is that the number of Microsoft vulnerabilites are declining while the number of Linux vulnerabilities are on the rise. Recently there's been the Slapper Worm which infects Linux hosts running an unpatched version of SSL containing a buffer overflow. The Slapper installs backdoor software to allow a remote host to control banks of infected servers for distributed Denial-Of-Service attacks.
June 14th, 2002 OK, it's been a while since I've updated the network page. It's not that I haven't been busy or anything. Actually, a LOT has been happening in the last few months. SQL Server access has been a big issue, but seems to have died down in recent weeks. Lots of discussion concerning the Automatic updates from Microsoft, and their effectiveness of detecting ALL vulnerabilities. More problems with Buffer overflows, but likely the biggest news is how the US government is wrapping network security into the new Homeland Security act. I'll have more details after I digest some of the data. However, on a personal side, I've been experimenting with a few new technologies. First of all, (Wow, I've not added anything since November 2001???) is SNORT. Snort is a network intrusion detection utility. Like many others, it sits on your network watching every packet of data, and when it sees something that matches it's signature files (similar to a virus scanner, but for network traffic) it sounds an alarm and logs information to a DB. The nice thing about Snort is that it is FREE. The drawback is that it is not a simple Plug-N-Play operation - it requires a bunch of tweaking to get it to perform solidly without false alarms. In addition, Windows.NET beta3 is out from Microsoft so I'm looking into it's possibilities and capabilities. Looks like XP. There was an interesting article last week concerning the exposure of the SNMP bug, that affected literally millions of devices - servers, desktops, switches, phone systems, routers - you name it, it was probably affected. The root of the problem was the basic SNMP code - code that was replicated (copied) from implementation to implementation. http://online.securityfocus.com/news/474/ This article is one that explains all about how specialized testing was used to reveal a hole in the SNMP code used in thousands of products. The really interesting thing is how this bug was revealed. At the Oulu University in Finland, a group of programmers have been working on a technique that tests products by sending code using a wide range of unexpected values and illegally formatted data. This is how they found the bug. The low-level code for SNMP was based on another standard known as ASN.1, or Abstract Syntax Notation One. The problem with finding bugs in ASN.1 is that, if other holes are found, it could have an incredibly wide consequences. For example, not only are computer subsystems based on ASN.1, but also Telephone SS7 signaling networks between and within telephone carriers, as well as power companies that use ASN.1 signaling to remotely control power stations, and even the Air-To-Ground communications and traffic control for the next generation of the Aeronautical Telecommunications Network - all use ASN.1. With far-reaching consequences, we hope that folks are sitting up and taking notice that some of these low-level signaling protocols could use some closer examination. Add to that the push through the legal system to hold software companies liable for their products. http://biz.yahoo.com/rc/020614/bizfeature_liability_software_1.html Currently, software companies include product disclaimers that basically state, if your systems crash and you lose revenue by using our products, Tough. Now, Consumer advocates are pushing to hold software vendors liable for their products, just as automakers are liable for faults with their automobiles. Does your brain hurt yet? It should. Basically, there's a lot of broken stuff out there, and it's going to fix itself anytime soon.
November 1st, 2001 Just returned from a Cisco training class in Denver where I got hands-on training on Routers and Switches. What a great class! I spent some extra time on ACLs and Frame Relay High-Speed Serial connections, as I have a lot of this at the office. Not much big news in the security field - a New NIMDA variant floating around, but using the same holes as the old worm, seems mostly to be propogating through Email attachments.exe. Go figure. Here's a nice link that gives a summary of current activity. Not the ONLY link you should review, but a good summary of activity to check out. Note the increased probes to SSH port 22. Hmmm.... Otherwise I've been spending most of my time working on implementing a set of Cisco CSS 11000 switches for load balancing web traffic for Weblogic and Kana across WANS. So far they are working great! The CSS (Arrowpoint) switches have to be the coolest pieces of hardware I've seen in a long time. Windows XP launches. First report I see is that some folks with 440mx Laptop chipset hangs when user attempts to use the modem. Patch is available.... Will XP succeed? I suppose eventually, but nothing close to the likes of Win98 or NT4 for Microsoft. Partly due to the economy, but also because I think the market is just flooded with systems right now. Since Y2K changed the cyclical buying of PCs by corporations, it is unlikely we'll see another surge until sometime in 2003, when the 36 month tax write-off rules allow companies to fully depreciate the desktop and buy new ones. The good news out of Redmond - they have decided to back-off expiring the NT4 MCSE certifications like they originally planned. Apparently enough people complained, and my guess is there are not flocks of people running out to get W2K certified like they did for NT4. As I suspected, the MS plan backfired. They disowned the very folks in the field promoting their products, and likewise many of them opted NOT to pursue W2K, such as myself. How long will the W2K certification last with XP right around the corner? Why invest literally hundreds of hours of time and money to get the certifications when there's a chance it will expire in 6 months? I think not. How long is Linux certification good for? Sat with a couple of blokes in my Cisco class who worked for the Gov't (contractors like Lockheed and Northrop). Some used to be Novell admins. We had lots of healthy conversation about Novell and how stable it was. Netware 6.0 is out, wonder how it will be marketed? I also read an article about how Linux is not displacing Windows, but replacing other versions of Unix, such as Solaris, BSD, and HP. Gaining market share but not against Microsoft directly it looks like... MS settles case with the DOJ. IS it a good deal? I think so. A lot of pundits claim MS only got their and slapped. However, if you read carefully MS will be allowed to continue bundling additional software, but they MUST offer a version which does not contain these additional programs. Sounds good to me! In addition, MS must offer parts of their code open for public scrutiny, and must refrain from ever offering different companies incentives. Also, they cannot prevent a PC company from bundling competitive software with the desktops. The savings we got from Microsoft while I was at Compaq were incredible! From my perspective it is forcing Microsoft to play fair....which is what they need to do to survive. The other requirement for MS is to get some folks in there to plug the securiy holes! I read today that anyone using Microsoft Wallet (tm) is vulnerable to someone using a specially crafted Email that pulls your Cookies (which contain logon information to MS Wallet site) and allows anyone to use this data to access your electronic wallet for 15 minutes after you logged into MS Messenger. Whoops!
September 15th, 2001 What an unbelieveable week! With the fall of the World Trade Centers, life will never be the same. There's been a lot of news around the tragedy this week, and even some notes concerning how people turned ot the Internet for updates. Tuesday morning brought an incredible surge of Network traffic! I am still waiting for the reports, but my guess is there was a pretty large surge. Unconfirmed reports stated, for example, that Verizon lost 39 OC-48 trunks just inside the WTC towers alone. A single OC-48 carried 1344 T-1 voice and data trunks. So, in essence there was a large spike in traffic at the SAME time we lost a large segment. While I am not surprised that the Internet was able to handle the load, what caught me by surprise was that sometimes we forget to allow for multiple failures simultaneously when we are doing disaster planning. This can have significant impact on our future planning sessions, and adds validity to our "Oh my, What If..." scenarios. The key is to keep your expected service level in mind when planning. For example, CNN.com was pretty much unavailable from our part of the country for most of the day. Would I be upset of I could not get to CNN.com? Probably not. Why? because I would understand the extenuating circumstances surrounding the outage / overload. I also found it interesting how many folks turned to the Net for sending messages to their loved ones. There were several stories of using instant messages and Email to communicate with friends and relatives since the public telephone network was down. There was even a report of some stranded FBI agents borrowing connectivity from another company so they could get their assignments from their office using instant messaging. Just reinforces my opinion that our public DATA networks as well as our public telephone networks are important resources that must be protected from catastrophe. Incidently, Kudos to the CNN crew who switched directly to "Text Only" reporting. This certainly increased the availability of news information to the world by removing the bandwidth-intensive content. Very Smart policy. I also heard reports that many sites around the globe offer to give them bandwidth and server space to replicate some of their data to different parts of the world. I'd love to hear more about how they did it, if this is true. Elsewhere, Code Red is slowly being replaced by Code Blue. This new virus is more virulent, and I would guess that any remaining servers not patched will likely self-destruct. I also spent an interesting weekend cleaning the Sir-Cam virus from a relative's computer. The whole process took about 4 hours, including updating patches, virus signatures, and re-installing the virus software, which gave me the BSOD after every reboot once I cleaned the registry and removed the infected files. Funny thing - it evaded detection by placing a hidden program file within the recycled bin. This virus software had excluded the recycled bin by default. Hmph.
August 8th, 2001 Well folks, it's been a busy and active last few weeks in the networking world. The biggest news has been the Code Red worm. Yes, it's named after the new drink from Mountain Dew called Code Red (basically a Cherry Dew). Isn't that just GREAT. They come out with a new drink RIGHT when I'm trying to watch my sugar intake and dieting. Fine. :-) Anyway, the Code Red Worm attempts to infect web servers running Microsoft's IIS (Internet Information Server) using a known security hole. If network admins were on top of all the patches, this Worm would not be a big deal. but so many servers - likely 500,000 or more - do not have the security patches applied to them that this worm took advantage of. Many admins did not even know their systems were compromised. I've been spending some of my spare time assisting others in diagnosing, monitoring, and patching their IIS servers. It's also soaked up a good portion of my work time adressing security issues. And, I'm loving every minute of it! There is some debate over who is most to blame for this virus - do we blame the Admins who did not patch their systems? What about those responsible for creating the virus? How about the software / OS vendors that create applications that are so vulnerable? Maybe we're all to blame a little... All I know is that I must do my part - keep the systems patched and clean. I must depend on hackers NOT to write destructive viruses and worms (probably unlikely THAT will happen). I must also depend on companies like Microsoft to write more secure applications and operating systems (probably unlikely that will happen either). The fact of life is - Companies will write programs that have bugs / security holes / glitches. Hackers will write destructive viruses / worms / trojans. It's not a perfect world. What I CAN do is arm myself with the best tools and knowledge to mitigate the risks. Never ending vigilance..... In other news, I broke down and bought myself one of these Linksys Cable modem router / firewalls for $99. I'd been doing it myself with a dedicated machine for a while now, but I now have a need for that machine, so it has been re-deployed. I mention this because this is likely the FIRST time in a while I have purchased a product that was out-of-the-box, plugged in, and working in 10 minutes...literally! For all the problems I had with Linksys' wireless equipment, I believe they have the Cable/DSL router process done right. Kudos for such a nice, simple, fine product.
May 5, 2001 Networking - my true love and current technical hobby. I guess it's a hobby if I experiment in my spare time.?? Anyway, back in 1996 I went to a training seminar on Computer Network Analysis and Troubleshooting sponsored by the Pine Mountain Group in Mountainview, CA. I acheived my level 1 certification. Since then, I've spent a lot of my spare time and work time diagnosing network-related problems. I did a lot of work designing and implementing subnetworks at Compaq within their Commercial Desktop Division, and helped troubleshoot network troubles. I am by no means an expert, as I still have a lot to learn, but I figure the more I do it, the more I'll understand. Therefore I am planning on dedicating this page to keeping current with the network technologies I am currently working on or researching. Stay tuned for more cool stuff on:
I've also been heavily involved recently with Network security. I may include it on this page or I might create a separate page if it becomes too large. I recently got my NT4 certifications to help my teaching at HCC, and am beginning the Windows 2000 certs. During this process, I was fascinated by the world of network security, how to create secure servers, and how to detect intrusions, and other security policies related to NT/2K. I used a lot of this data in my class teachings. I was an Adjunct instructor at HCC teaching their Microsoft certification class on Windows NT 4.0 server. In addition to the essentials needed to pass the Microsoft Exam, I tried to include a lot of real-world concepts to help prepare my students for what they can expect. Actually, my classes were just too much fun for words...! Anyway, stay tuned for more updates!
|
