Archive for December, 2009
Server 2008 R2
by RyanWagner on Dec.16, 2009, under SMB, Technical, Windows
http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx
Most of the time people will want to use the downloads here:
http://technet.microsoft.com/en-us/evalcenter/cc137123.aspx
I also recommend reading this KB article so that you know how to have the server work for more than 60 days.
http://support.microsoft.com/kb/948472
Visio 2010 – Beta
by RyanWagner on Dec.14, 2009, under SMB, Technical, Windows
Leave a Comment more...Sharepoint 2010 – Beta
by RyanWagner on Dec.11, 2009, under SMB, Technical, Windows
I figured it would be good to pass along some of the beta’s I recieve as well.
Exchange 2010
by RyanWagner on Dec.10, 2009, under SMB, Technical, Windows
I am currently testing Exchange 2010 and wanted to share the information on how you can also try Exchange 2010 for free. No, Microsoft did not write that cheesy line.
http://www.microsoft.com/exchange/2010/en/us/try-it.aspx
I can’t tell people enough that getting these early trial keys and software packages are extremely helpful. Even for those of you who know you won’t upgrade to 2010 for sometime, or ever, it is still good to keep a source of trial packs for this type of stuff. It is helpful for upgrading certifications and if you do ever want to use this product having trial keys is a great way of reducing cost and running a IT test-bed.
Directory Harvest Attacks (DHA)
by RyanWagner on Dec.08, 2009, under Linux/Unix, SMB, Technical, Understanding Technology, Windows
Directory Harvest Attacks, DHA, is one of the most common methods used to obtain valid email address’ from companies. DHA occurs in a couple stages. The first stage is to identify the naming scheme used by the company. The second stage is to identify valid email address’ using that name scheme. The entire time the attackers are effectively spamming your server with requests and logging when your server tells them that the name does exist. The collected names are then sold to spammers, or used by their own future spamming efforts.
DHA = Future Spam
Today many IT professionals are still unaware of what DHA is and when asked how spammers get email address’ often blame users for poor security habits. I am sure that users bad habits are not helping, but a user is probabally only going to hurt themself and not thousands. DHA is capable of effecting large chuncks of an orginization.
In my experience a company with 100-999 email address’ will average 200-400 thousand DHA attacks a month if left unchecked.
Many technologies exist today to combat DHA. Many email services, like postini, and email security devices contain methods to combat DHA. In addition software, like milter-greylist, are available.
DHA Prevention Methods:
1) Greylisting – temporarily blocking IP address’
Greylisting is the process by which new email servers are asked to ‘try again later’. The downside is that inbound email will be delayed, but the upside is that greylisting can cut DHA by more than half. I would highly recommend Milter-Greylist for unix and warn against software that is supposed to greylist exchange directly. If someone is reading this who knows of working greylist software for exchange please post a comment. In my experience setting up MTA delays for exchange and using software plugins for exchange has had problems.
2) Blacklisting – blocking IP address’ permamently
Blacklisting is preventing specific IP address’ from making connections. Blacklisting can be handled several ways. You can black list from your email server, firewall, or even by using additional software that would effect only 1 servers connections. Each of these methods have pros and cons. A final way to blacklist is via a service. Most of these blacklist services are free and vary in methods used. You can look thru the thousands of these blacklist services, generally called RBL which stands for realtime black list, and pick which ones suit your needs. I would recommend that people stay away from SORBS except while combating a serious problem. SORBS is one of the most aggressive blacklists and has entire blocks of valid IP address’ blacked out with no reasonable way for the owners of those IPs to get them off the list. This results in thousands of email servers unable to legitimately send you email. On the plus side using SORBS during a crisis will mean you can cut your spam, DHA, and other malicious issues drastically down. Hopefully allowing you to catchup with your security issues. I follow 2 rules for RBLs. The first is to use multiple sources. The second is to not rely on RBLs as my only blacklist source. You must still maintain your own blacklist so you are not waiting on RBLs to catch up to you.
3) Behavioral Identification – simular to anti-virus heuristics
Behavioral Identification is almost exclusive to Services and Hardware. Some exceptions exist, but consider this an advantage of going with a service or hardware solution for email security. I highly recommend postini as a service and either the cisco emails security devices or even the sonicwall security devices. The sonicwall security device comes with some very handy reporting for DHA and by regularly updating your blacklist with DHA attackers who have done 10+ attacks in a day you will make a serious impact on the number of DHA you encounter every day.
BCP/DRP (Buisness Continuity Planning/Disaster Recovery Planning)
by RyanWagner on Dec.04, 2009, under SMB, Technical, Understanding Technology
Thru the years I have encountered more than a few times that a company did not have a proper BCP/DRP, and in some cases they didn’t have one at all. Even when companies hire out to IT Service Providers they still might lack a proper plan, have no plan, or the plan they do have is out of date and inaccurate. I remember several years ago numerous magazine and news articles stating that companies all over the country had inadequate backups, or no backups at all. Today the cost of backups and solutions available has expanded dramatically, but without a proper BCP/DRP in place those backups often fall short when disaster strikes.
Using wikipedia’s Buisness Continuity Planning article as a baseline I was able to create the following outline for creating a BCP.
1. Analysis
a. Business Impact Analysis (BIP)
i. critical services/applications
1. recover point objective (RPO)
a. maximum tolerable data loss (MTDL)
b. The minimum application and application data requirements
2. recovery time objective (RTO)
a. Maximum tolerance period of disruption (MTPD)
b. The time frame in which the minimum application and application data must be available
ii. Systems/Devices required to support critical services/applications
iii. Financial loss from unavailability
b. Threat analysis
i. Disease
ii. Earthquake
iii. Fire
iv. Flood
v. Cyber Attack
vi. Sabotage
vii. Hurricane
viii. Utility Outage
2. Solution Design
a. the crisis management command structure
b. secondary work site
i. telecommunication architecture between primary and secondary work sites
ii. data replication methodology between primary and secondary work sites
iii. the application and software required at the secondary work site
iv. the type of physical data requirements at the secondary work site
v. numbers and types of desks, whether dedicated or shared, required outside of the primary business location in the secondary location
c. individuals involved in the recovery effort along with their contact and technical details
d. manual workaround solutions
e. peripheral requirements like printers, copiers, fax machines, calculators, paper, pens, etc
f. WAN Optimization (as it applies to network uptime)
g. Backups
h. Surge Protection
i. UPS
j. RAIDS
k. Fire Protection
l. Anti-Virus/Malware
m. Other Security
3. Implementation
4. Testing
a. Crisis command team call-out testing
b. Technical swing test from primary to secondary work locations
c. Technical swing test from secondary to primary work locations
d. Application test
e. Business process test
5. Maintenance
a. Information update and testing
i. Staffing changes
ii. Staffing persona
iii. Changes to important clients and their contact details
iv. Changes to important vendors/suppliers and their contact details
v. Departmental changes like new, closed or fundamentally changed departments.
vi. Changes in company investment portfolio and mission statement
vii. Changes in upstream/downstream supplier routes
b. Testing and verification of technical solutions
i. Virus definition distribution
ii. Application security and service patch distribution
iii. Hardware operability check
iv. Application operability check
v. Data verification
c. Testing and verification of organization recovery procedures
i. Are all work processes for critical functions documented?
ii. Have the systems used in the execution of critical functions changed?
iii. Are the documented work checklists meaningful and accurate for staff?
iv. Do the documented work process recovery tasks and supporting disaster recovery infrastructure allow staff to recover within the predetermined recovery time objective
d. Treatment of test failures
vsftpd Folder Security
by RyanWagner on Dec.03, 2009, under Linux/Unix, SMB, Technical
vsftpd is one of the most common FTP server programs for unix. For anyone who is thinking of using unix you will need a ftp program and, to its benefit, vsftpd is simple, effective, and free. Thus far I have not been able to configure vsftp to select folders out of hierarchy for user access. For example if you wanted to create a new ftp user with folder access to the web root directory AND his home directory then you might not want to choose vsftp.
Another problem with vsftp is that when it is initially installed ftp users are able to navigate everywhere on the sevrer and while they may not have any access, even read, they can still download files to their desktops and then read the files. This problem we will be resolving today.
In most cases your vsftpd installation will be /etc/vsftpd, but note that you may have some vsftpd files in the /etc folder. Inside of the vsftpd.conf file look for
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
Please note that even though it only shows 2 commented out options you actually have 3.
chroot_local_user
chroot_list_enable
chroot_list_file
Here is a working config entry.
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
Don’t forget to restart vsftpd. Now your users will only be able to see their home folders and the subfolders within that folder. If you need to create a ftp user who has global access you can assign their home as the root directory, but that is not advisable. The proper way to configure this is to add their username to the chroot_list_file, in the above example it is “/etc/vsftpd/chroot_list”. Any account found listed in this file will be excluded from the home folder lock down.
website: http://vsftpd.beasts.org/
Greetings and Salutations
by RyanWagner on Dec.02, 2009, under Non-Technical
After closing down Techblog for several years I find myself with enough ‘free’ time to start blogging once more. My plan is to bring back some of the more popular blogs on technologies that people still use today as well as new blogs on technologies that were never covered.
For those who are reading Techblog for the 1st time I would like to provide some background information on myself. My name is Ryan Wagner and I have been working in the IT industry since 1995. During that time I have worked with SMB, Fortune 500 companies, and multiple goverments.
