After MBSA is downloaded and installed, use the following steps to run a local or remote system scan:

1. From the Start > All Programs menu, click Microsoft Baseline Security Analyzer 2.0. At the welcome screen, select one of the scanning options to scan a single computer, multiple computers, or view existing security reports.

2. Configure computer and scanning options. If you’re unsure, use the default settings. Click Start Scan to commence security scanning.

3. Review the scan report details screen. Security issues are categorized in various levels: a red X indicates a critical issue; a yellow X indicates a non-critical issue; a green checkmark indicates a passed test with no issues; and a blue asterisk indicates a best-practice. For easier reading, administrators can print out a hard copy of the report using the print option on the left side of the screen.

4. Update security vulnerabilities as necessary.

A side benefit to formatting a disk is making the disk work on different computers. Only certain types of filesystems are supported by each O/S, and formatting a disk with a common filesystem can ensure that it works with these different operating systems. As an example, if you format a USB key with the ext3 filesystem, it won’t work in Windows. If you use the VFAT filesystem, it will work in both Windows and Linux.

Formatting is fairly simple, and you just need to know the location of the device. USB storage devices (such as USB keyring drives and key fobs) tend to be located at /dev/sda1 or /dev/sdb1. Make sure that you have the right device, and then use one of the many mkfs commands to create the relevant filesystem. As an example, to create an ext3 filesystem, use the following command:

foo@bar:~$ sudo mkfs.ext3 /dev/sda1

A range of other mkfs commands can be used to create other filesystems:

mkfs
mkfs.cramfs
mkfs.ext2
mkfs.ext3
mkfs.jfs
mkfs.minix
mkfs.msdos
mkfs.reiser4
mkfs.reiserfs
mkfs.vfat
mkfs.xfs

Each of these commands is used in the same way.

Unfortunately, your ability to pay close attention to the log files dwindles with every server you’re tasked with administering, so administrators often use log-processing software that can be configured to alert them on certain events, or they write their own tools in languages such as Perl and Python.

Logs usually live in /var/log, and after your server runs for a while, you’ll notice there are a lot of increasingly older versions of the log files in that directory, many of them compressed with gzip (ending with the .gz filename extension).

Here are some log files of note:

/var/log/syslog: General system log

/var/log/auth.log: System authentication logs

/var/log/mail.log: System mail logs

/var/log/messages: General log messages

/var/log/dmesg: Kernel ring buffer messages, usually since system boot-up

Your Log Toolbox

When it comes to viewing logs, you should become familiar with a few tools of choice. The tail utility prints, by default, the last ten lines of a file, which makes it a neat tool to get an idea of what’s been happening in a given log file:

$ tail  /var log/syslog

With the -f parameter, tail launches into follow mode, which means it’ll open the file and keep showing you the changes on the screen as they’re happening. If you want to impress your friends with your new system administrator prowess, you can now easily recreate the Hollywood hacker stape: text furiously blazing across the screen.

Also invaluable are zgrep, zcat, and zless, which operate like their analogues that don’t begin with a z, but on gzip-compressed files. For instance, to get a list of lines in all your compressed logs that contain the word “warthog” regardless of case, you would issue the following command:

$  zgrep -i warthog /var/log/*.gz

Your toolbox for dealing with logs will grow with experience and based on your preferences, but to get an idea of what’s already out there, do an apt-cache search for “log files.”

1. If you’re creating the Website on a new server, ensure that the World Wide Web Publishing Service has been installed and started on the server.

2. If you want the Website to use a new IP address, you must configure the IP address on the server before installing the site.

3. In IIS Manager, double-click the icon for the computer you want to work with, and then right-click Sites. On the shortcut menu, choose Add Website. This displays the Add Website dialog box.

4. In the Website Name textbox, type a descriptive name for the Website, such as Corporate Sales. IIS Manager uses the name you provide to set the name of the new application pool to associate with the site. If you want to use an existing application pool instead of a new application pool, click Select. In the Select Application Pool dialog box, in the Application Pool drop-down list, select the application pool to associate with the site, and then click OK. Note that the .Net Framework version and pipeline mode of a selected application pool are listed on the Properties panel.

5. The Physical Path textbox specifies the physical directory that contains the site’s content. You can configure the physical path by using a local directory path or a shared folder. Keep the following in mind:

* To specify a local directory path for the site, click the Select button to the right of the Physical Path textbox. In the Browse For Folder dialog box, use the choices provided to select a directory for the Website. This folder must be created before you can select it. If necessary, click Make New Folder to create the directory.

* To specify a shared folder for the site, type the desired UNC path in the appropriate textbox, such as \\CentralStorage83\inetpub\sales_site. If you need to use alternate credentials to connect to the remote server specified in the UNC path, click Connect As. In the Connect As dialog box, choose Specific User, and then click Set. In the Set Credentials dialog box, type the name of the user account to use for authentication, type and confirm the account password, and then click OK.

Note: If you don’t specify a username and password, the user’s Windows credentials are authenticated before allowing access. For an anonymous access site, IIS authenticates the credentials  for the IUSR_ServerName account, so this account should have access to the shared folder. Otherwise, the network connection to the folder will fail.

6. The Binding settings identify the Website. To create an unsecured Website, select HTTP as the type and then use the IP Address drop-down list to select an available IP address. Choose (All Assigned) to allow HTTP to respond on all unassigned IP addresses that are configured on the server. Multiple Websites can use the same IP addresses so long as the sites are configured to use different port numbers or host headers.

7. The TCP port for an unsecured Website is assigned automatically as port 80. If necessary, type a new port number in the Port field. Multiple sites can use the same port as long as the sites are configured to use different IP addresses or host headers.

8. If you plan to use host headers for the site, type the host header name in the field provided. On a private network, the host header can be a computer name, such as EngIntranet. On a public network, the host header must be a DNS name, such as services.microsoft.com. The host header name must be unique within IIS.

9. By default, IIS starts the Website immediately so long as the bindings you’ve supplied are unique. If you don’t want to start the site immediately, clear the Start Website Immediately checkbox. In most cases, you’ll want to finish setting the site’s properties before you start the site and make it accessible to users.

By using the IIS Command Line Administration Tool, you can run the Add Site command to add an HTTP site to a server. I’ve added the syntax and usage below. Technically, bindings and physicalPath are optional, but a site won’t work until these parameters are provided. Adding the physical path is what allows IIS to create the root virtual directory and root application for the site.

Adding an HTTP Site Syntax and Usage

Syntax:

appcmd add site /name:Name /id:ID /bindings:http://UrlAndPort
/physicalpath:Path

Usage:

appcmd add site /name: ‘Sales Site’ /id:5 /bindings:http://sales.adatum.com:80

appcmd add site /name ‘Sales Site’ /id:5 /bindings:http://*:8080

appcmd add site /name ‘Sales Site’ /id:5 /bindings:http:/*:8080
/physicalPath: ‘c:\inetpub\mynewsite’

Some computers have two network cards: one that’s for wired connections and one that uses WiFi. S0 a computer will have a different MAC address depending on which network card it uses to connect to the network.

The MAC address can be found written directly on the network (NIC) card, but since that is sometimes concealed inside a computer, it’s impractical to use this method.

The best way to determine your MAC address is to access it on the computer. Here’s how, using some different O/S’es:

Windows XP

1. Click the Start button and select Run (or hit the Windows Key+R to open the Run dialog box).

2. Type cmd and hit Enter.

3. At the C:/ prompt, type ipconfig /all.

You’ll see a hexidecimal number listed next to Physical Address in the listing. This is your MAC address. An example of a MAC address is 02-00-54-55-4E-01.

Windows 95/98/Me

1. Click the Start button and select Run (or hit the Windows Key+R to open the Run dialog box).

2. Type winipcfg and hit Enter.

3. A grey box will appear with all the network settings, including the MAC address.

Mac OS X

1. Open the Applications folder on the hard drive.

2. In the folder, double-click on the Network Utility.

3. Under Info, choose the network card from the drop-down menu that you want to allow access to your network. Below that, you’ll see an entry for Hardware Address. That is the network card’s MAC address.

%p – Replaced with the port number of the virtual host.

%n – Replaced with the nth dot-separated component of the hostname or IP address. If n is zero, then the whole string is used. If n is preceded by a minus sign, then it counts from the end of the hostname or IP address. If the specifier is suffixed by a plus sign, then the rest of the hostname or IP address is used.

%n.m – Replaced with the nth character of what would be selected by %n.

%% – Replaced with a single percent (%) sign.

Virtual Document Root

mod_vhost_alias (E)

VirtualDocumentRoot directory-template

URLs for a matching virtual host are translated to file names by prepending a document root directory formed by interpolating the value of the server name into directory-template.

VirtualDocumentRootIP

mod_vhost_alias (E)

VirtualDocumentRootIP directory-template

Identical to VirtualDocumentRoot, except the IP address is used rather than the server name.

VirtualScriptAlias

mod_vhost_alias (E)

VirtualScriptAlias directory-template

URLs for a matching virtual host that start with /cgi-bin/ are translated to filenames by prepending a script directory formed by interpolating the value of the server name into directory-template. The handler is marked as cgi-script so that the file will be processed as such.

VirtualScriptAliasIP

mod_vhost_alias (E)

VirtualScriptAliasIP directory-template

Identical to VirtualScriptAlias, except the IP is used rather than the server name.

This book, written by Douglas Chick, starts out defining what a network administrator is, and relative salaries you can expect to make as one. This is a tricky area, considering there are many factors to the level of salary – experience level, certifications/college degree (if any) – make this a grey area.

There is one section of the book that I and other readers have issue with: “Being a Brave Liar.” The author gives several “tips” for dealing with tricky questions posed by an interviewer.

The tips I have a problem with are:

2. “During the interview, appear laid back, confident and somewhat arrogant. Kind, meager and too polite will give you away immediately. An experienced network administrator is a slightly bitter one.” – I have a problem with this tip because I have met many network administrators (current and former), who were VERY nice, friendly and, most important, accomodating with information. Having been a systems administrator in a former life, I am most certainly not bitter. Regarding the bit about “giving it away” because you appear kind, meager and/or polite, that, to me, is complete b.s. I’ve never gone into an interview laid back, or arrogant. I always go in confident, but that confident only shows that I’m completely comfortable in my abilities to do the job that I’m interviewing for. In my experience, arrogance or a laid back attitude gets you one thing… More free time to interview.

7. “If asked why you are no longer employed, blame it on the economy. Your interviewer might show compassion, as he/she may also be afraid of losing their job.” – I find this to be incorrect also. Depending on the circumstance, DO NOT LIE. While it’s true that a company’s HR rep cannot disclose why you left (this is not always the case, however), it’s sometimes better to let the interviewer know – unless you had a particularly nasty exit. If you’re the type of person who can lie through your teeth without showing a solitary emotion, then go for it. Most of us, however, cannot. You can always say that you left due to a lack of opportunity for advancement.

9. “If asked about your networking certifications, trivialize them by saying that you only got them to put on your resume. Harping about your certification only agitates someone that does not have one, and insults those that do.” – Again, I have issue with this. If you have certifications, especially if you have several, why would you trivialize ANY of them, when you worked so hard to obtain them? I agree you don’t want to harp on having them, but admitting you do and admitting to being proud of having them will not harm you or your chances. Again, it goes back to confidence.

10. “There is always someone in the computer department that is not well-liked, and because he/she does not know this, if asked if there is someone like that in your department, answer yes. Because if you answer no, your interviewer will know that it is you. – Again, b.s. In the over eight years I have worked in IT, I have NEVER been asked this question. You’ll get job scenarios, problem scenarios, and other “typical” HR questions, but I don’t see this question coming up.

The section “What Server Operating Systems Should I Know?” contains O/S’es such as Windows NT, Windows 2000 and Novell. Not many companies are still using NetWare, although some still do (a company I did Level 2 Tech Support for used NetWare to reset passwords for some hospital admins). One O/S I would definitely add to this list is Windows Server 2003/2008. How this O/S was left out of a 2007 edition is beyond me.

Another section of the book asks “What types of attacks can I expect on my network?” While the standard types are here – DoS (Denial of Service), Buffer Overflows, E-mail Spoofing, Worm/Virus, Logic Bombs, Password Cracking, and Confidentiality Breaches – there are some that are not present, which I feel should be. In particular, IP Spoofing, Wardriving, War Chalking, Malware/Spyware/Scareware, Web Spoofing, and DDos Botnets (Distributed Denial of Service). Of course, there are others, but you get my point.

All in all, it is a pretty informative book, worth the $12 price (amazon.com). Just be cautious when reading and absorbing the information contained within.

Maintenance
Hard drive maintenance can be broken down into two distinct functions: checking the disk occasionally for failed clusters and keeping data organized on the drive so that it can be accessed quickly.

Error-Checking
Individual clusters on hard drives sometimes go bad. There’s nothing you can do to prevent this from happening, so it’s important that you check occasionally for bad clusters on drives. The tools used to perform this checking are generally called error-checking utilities, although the terms for two older Microsoft tools – ScanDisk and CHKDSK (pronounced “CheckDisk”) – are often used. Microsoft calls the tool Error-Checking in Windows XP. Whatever the name of the utility, each does the same job: when the tool finds bad clusters, it puts the electronic equivalent of orange cones around them so that the system won’t try to place data in those bad clusters.
Most error checking tools do far more than just check for bad clusters. They go through all of the drive’s filenames, looking for invalid names and attempting to fix them. They look for clusters that have no filenames associated with them (these are known as lost chains) and erase them. From time to time, the underlying links between parent and child folders are lost, so a good error-checking tool checks every parent and child folder. With a folder such as C:\TEST\DATA, for example, they make sure that the folder DATA is properly associated with its parent folder, and that C:\TEST is properly associated with its child folder, C:\TEST\DATA.
To access error-checking on a Windows 2000 or Windows XP system, open My Computer, right-click the drive you want to check, and choose Properties to open the drive’s Properties dialog box. Select the tools tab and click the Check Now button to display the Check Disk Dialog box, which has two options. Check the box next to Automatically Fix File System Errors, but save the option to Scan For and Attempt Recovery of Bad Sectors  for times when you actually suspect a problem, because it takes a while on bigger hard drives.
Now that you know how to run Error-Checking, the next question is often, “How often do I run it?” A reasonable maintenance plan would include running it about once a week. Error-Checking is fast (unless you use the Scan For and Attempt Recovery of Bad Sectors option), and it’s a great tool for keeping your system in top shape.

Defragmentation
Fragmentation of clusters can make your drive access times increase dramatically. It’s a good idea to defragment – or defrag – your drives as part of monthly maintenance. You access the defrag tool that runs with Windows 2000, XP, and Vista, called Disk Defragmenter, the same way you access Error-Checking – right-click a drive in My Computer and choose Properties – except you click the Defragment Now button on the Tools tab to open the Defragmenter.
Defragmentation is interesting to watch – once. From then on, schedule it to run late at night. You should defragment your drives about once a month, although you could run it every week, and if you run it every night, it takes only a few minutes. The longer you go between defrags, the longer it takes. If you don’t run Disk Defragmenter, your system will run slower. If you don’t run Error-Checking, you may lose data.

Disk Cleanup
Did you know that the average hard drive is full of trash? Not the junk you intentionally put in your hard drive like the 23,000 e-mail messages that you refuse to delete from your e-mail program. This kind of trash is all the files that you never see that Windows keeps for you. Here’s a few examples:

Files in the Recycle Bin
When you delete a file, it isn’t really deleted. It’s placed in the Recycle Bin in case you decide you need the file later.

Temporary Internet Files
When you go to a Website, Windows keeps copies of the graphics and other items so that the page will load more quickly the next time you access the page. You can see these files by opening the Internet Options applet on the Control Panel.

Downloaded Program Files
Your system always keeps a copy of any Java or ActiveX applets that it downloads. You can see these in the Internet Options applet. You’ll generally find only a few tiny files here.

Temporary Files
Many applications create temporary files that are supposed to be deleted when the application is closed. For one reason or another, these temporary files sometimes aren’t deleted. The location of these files varies with the version of Windows, but they always reside in a folder called TEMP.

Every hard drive will eventually become filled with lots of unnecessary trash. All versions of Windows tend to act erratically when the drives run out of unused space. Fortunately, all versions of Windows have a powerful tool called Disk Cleanup. You can access Disk Cleanup in all versions of Windows by choosing Start | Programs | Accessories | System Tools | Disk Cleanup.

Disk Cleanup gets rid of the four types of files just described (and a few others). Run Disk Cleanup once a month or so to keep plenty of space available on your hard drive.

Some motherboard makers even provide Windows-based flash ROM update utilities that will check the Internet for updates and download them for you to install. Most of these utilities will also enable you to backup your current BIOS so you can return to it if the updated version causes trouble. Without a good backup, you could end up throwing away your motherboard if a flash BIOS update goes wrong, so you should always make one! Finally, one final piece of advice: Don’t update your BIOS unless you have a compelling reason to do so!

To clear the CMOS, turn off the PC. Then locate one of those tiny little plastic pieces (officially called a shunt) and place it over the two jumper wires for a moment. Next, restart the PC and immediately go into the CMOS and restore the settings you need.