Archive for the ‘Uncategorized’ Category

h1

Using Microsoft Baseline Security Analyzer

August 1, 2010

Microsoft Baseline Security Analyzer (MBSA) v. 2.0 is a tool that identifies common security misconfigurations and missing security updates (hot fixes) on computer systems. MBSA includes a Graphical User Interface (GUI) and Command Line Interface (CLI) that administrators can use to scan local or remote Windows systems and that provides security recommendations and specific remediation guidance. Get MBSA from Microsoft at http://technet.microsoft.com/en-us/security/cc184924.aspx.

After MBSA is downloaded and installed, use the following steps to run a local or remote system scan:

1. From the Start > All Programs menu, click Microsoft Baseline Security Analyzer 2.0. At the welcome screen, select one of the scanning options to scan a single computer, multiple computers, or view existing security reports.

2. Configure computer and scanning options. If you’re unsure, use the default settings. Click Start Scan to commence security scanning.

3. Review the scan report details screen. Security issues are categorized in various levels: a red X indicates a critical issue; a yellow X indicates a non-critical issue; a green checkmark indicates a passed test with no issues; and a blue asterisk indicates a best-practice. For easier reading, administrators can print out a hard copy of the report using the print option on the left side of the screen.

4. Update security vulnerabilities as necessary.

Advertisements
h1

Formatting a Disk in Ubuntu 9.10

May 30, 2010

When most people think of formatting a disk, they think it is the process of deleting everything on the disk. Formatting a disk actually involves a little bit more, and it completely replaces the filesystem on the disk.

A side benefit to formatting a disk is making the disk work on different computers. Only certain types of filesystems are supported by each O/S, and formatting a disk with a common filesystem can ensure that it works with these different operating systems. As an example, if you format a USB key with the ext3 filesystem, it won’t work in Windows. If you use the VFAT filesystem, it will work in both Windows and Linux.

Formatting is fairly simple, and you just need to know the location of the device. USB storage devices (such as USB keyring drives and key fobs) tend to be located at /dev/sda1 or /dev/sdb1. Make sure that you have the right device, and then use one of the many mkfs commands to create the relevant filesystem. As an example, to create an ext3 filesystem, use the following command:

foo@bar:~$ sudo mkfs.ext3 /dev/sda1

A range of other mkfs commands can be used to create other filesystems:

mkfs
mkfs.cramfs
mkfs.ext2
mkfs.ext3
mkfs.jfs
mkfs.minix
mkfs.msdos
mkfs.reiser4
mkfs.reiserfs
mkfs.vfat
mkfs.xfs

Each of these commands is used in the same way.

h1

System Log Files in Ubuntu

May 19, 2010

As a system administrator, the system log files are some of your best friends. If you watch them carefully, you’ll often know in advance when something is wrong with the system, and you’ll be able to resolve most problems before they escalate.

Unfortunately, your ability to pay close attention to the log files dwindles with every server you’re tasked with administering, so administrators often use log-processing software that can be configured to alert them on certain events, or they write their own tools in languages such as Perl and Python.

Logs usually live in /var/log, and after your server runs for a while, you’ll notice there are a lot of increasingly older versions of the log files in that directory, many of them compressed with gzip (ending with the .gz filename extension).

Here are some log files of note:

/var/log/syslog: General system log

/var/log/auth.log: System authentication logs

/var/log/mail.log: System mail logs

/var/log/messages: General log messages

/var/log/dmesg: Kernel ring buffer messages, usually since system boot-up

Your Log Toolbox

When it comes to viewing logs, you should become familiar with a few tools of choice. The tail utility prints, by default, the last ten lines of a file, which makes it a neat tool to get an idea of what’s been happening in a given log file:

$ tail  /var log/syslog

With the -f parameter, tail launches into follow mode, which means it’ll open the file and keep showing you the changes on the screen as they’re happening. If you want to impress your friends with your new system administrator prowess, you can now easily recreate the Hollywood hacker stape: text furiously blazing across the screen.

Also invaluable are zgrep, zcat, and zless, which operate like their analogues that don’t begin with a z, but on gzip-compressed files. For instance, to get a list of lines in all your compressed logs that contain the word “warthog” regardless of case, you would issue the following command:

$  zgrep -i warthog /var/log/*.gz

Your toolbox for dealing with logs will grow with experience and based on your preferences, but to get an idea of what’s already out there, do an apt-cache search for “log files.”

h1

Creating an Unsecured Website in IIS 7.0

May 19, 2010

Users access unsecured Websites by using HTTP. You can create a Website that uses HTTP by completing the following steps:

1. If you’re creating the Website on a new server, ensure that the World Wide Web Publishing Service has been installed and started on the server.

2. If you want the Website to use a new IP address, you must configure the IP address on the server before installing the site.

3. In IIS Manager, double-click the icon for the computer you want to work with, and then right-click Sites. On the shortcut menu, choose Add Website. This displays the Add Website dialog box.

4. In the Website Name textbox, type a descriptive name for the Website, such as Corporate Sales. IIS Manager uses the name you provide to set the name of the new application pool to associate with the site. If you want to use an existing application pool instead of a new application pool, click Select. In the Select Application Pool dialog box, in the Application Pool drop-down list, select the application pool to associate with the site, and then click OK. Note that the .Net Framework version and pipeline mode of a selected application pool are listed on the Properties panel.

5. The Physical Path textbox specifies the physical directory that contains the site’s content. You can configure the physical path by using a local directory path or a shared folder. Keep the following in mind:

* To specify a local directory path for the site, click the Select button to the right of the Physical Path textbox. In the Browse For Folder dialog box, use the choices provided to select a directory for the Website. This folder must be created before you can select it. If necessary, click Make New Folder to create the directory.

* To specify a shared folder for the site, type the desired UNC path in the appropriate textbox, such as \\CentralStorage83\inetpub\sales_site. If you need to use alternate credentials to connect to the remote server specified in the UNC path, click Connect As. In the Connect As dialog box, choose Specific User, and then click Set. In the Set Credentials dialog box, type the name of the user account to use for authentication, type and confirm the account password, and then click OK.

Note: If you don’t specify a username and password, the user’s Windows credentials are authenticated before allowing access. For an anonymous access site, IIS authenticates the credentials  for the IUSR_ServerName account, so this account should have access to the shared folder. Otherwise, the network connection to the folder will fail.

6. The Binding settings identify the Website. To create an unsecured Website, select HTTP as the type and then use the IP Address drop-down list to select an available IP address. Choose (All Assigned) to allow HTTP to respond on all unassigned IP addresses that are configured on the server. Multiple Websites can use the same IP addresses so long as the sites are configured to use different port numbers or host headers.

7. The TCP port for an unsecured Website is assigned automatically as port 80. If necessary, type a new port number in the Port field. Multiple sites can use the same port as long as the sites are configured to use different IP addresses or host headers.

8. If you plan to use host headers for the site, type the host header name in the field provided. On a private network, the host header can be a computer name, such as EngIntranet. On a public network, the host header must be a DNS name, such as services.microsoft.com. The host header name must be unique within IIS.

9. By default, IIS starts the Website immediately so long as the bindings you’ve supplied are unique. If you don’t want to start the site immediately, clear the Start Website Immediately checkbox. In most cases, you’ll want to finish setting the site’s properties before you start the site and make it accessible to users.

By using the IIS Command Line Administration Tool, you can run the Add Site command to add an HTTP site to a server. I’ve added the syntax and usage below. Technically, bindings and physicalPath are optional, but a site won’t work until these parameters are provided. Adding the physical path is what allows IIS to create the root virtual directory and root application for the site.

Adding an HTTP Site Syntax and Usage

Syntax:

appcmd add site /name:Name /id:ID /bindings:http://UrlAndPort
/physicalpath:Path

Usage:

appcmd add site /name: ‘Sales Site’ /id:5 /bindings:http://sales.adatum.com:80

appcmd add site /name ‘Sales Site’ /id:5 /bindings:http://*:8080

appcmd add site /name ‘Sales Site’ /id:5 /bindings:http:/*:8080
/physicalPath: ‘c:\inetpub\mynewsite’

h1

How to Locate Your MAC Address

March 3, 2010

First off, let me say that your computer does not have a MAC address – it’s your network card (NIC) that does.

Some computers have two network cards: one that’s for wired connections and one that uses WiFi. S0 a computer will have a different MAC address depending on which network card it uses to connect to the network.

The MAC address can be found written directly on the network (NIC) card, but since that is sometimes concealed inside a computer, it’s impractical to use this method.

The best way to determine your MAC address is to access it on the computer. Here’s how, using some different O/S’es:

Windows XP

1. Click the Start button and select Run (or hit the Windows Key+R to open the Run dialog box).

2. Type cmd and hit Enter.

3. At the C:/ prompt, type ipconfig /all.

You’ll see a hexidecimal number listed next to Physical Address in the listing. This is your MAC address. An example of a MAC address is 02-00-54-55-4E-01.

Windows 95/98/Me

1. Click the Start button and select Run (or hit the Windows Key+R to open the Run dialog box).

2. Type winipcfg and hit Enter.

3. A grey box will appear with all the network settings, including the MAC address.

Mac OS X

1. Open the Applications folder on the hard drive.

2. In the folder, double-click on the Network Utility.

3. Under Info, choose the network card from the drop-down menu that you want to allow access to your network. Below that, you’ll see an entry for Hardware Address. That is the network card’s MAC address.

h1

Mass Virtual Posting in Apache 2

February 25, 2010

The mod_vhost_alias module allows the document root and CGI script directories for all matching virtual hosts to be specified as templates, into which parts of the hostname or IP address are interpolated, as indicated by the specifiers listed below:

%p – Replaced with the port number of the virtual host.

%n – Replaced with the nth dot-separated component of the hostname or IP address. If n is zero, then the whole string is used. If n is preceded by a minus sign, then it counts from the end of the hostname or IP address. If the specifier is suffixed by a plus sign, then the rest of the hostname or IP address is used.

%n.m – Replaced with the nth character of what would be selected by %n.

%% – Replaced with a single percent (%) sign.

Virtual Document Root

mod_vhost_alias (E)

VirtualDocumentRoot directory-template

URLs for a matching virtual host are translated to file names by prepending a document root directory formed by interpolating the value of the server name into directory-template.

VirtualDocumentRootIP

mod_vhost_alias (E)

VirtualDocumentRootIP directory-template

Identical to VirtualDocumentRoot, except the IP address is used rather than the server name.

VirtualScriptAlias

mod_vhost_alias (E)

VirtualScriptAlias directory-template

URLs for a matching virtual host that start with /cgi-bin/ are translated to filenames by prepending a script directory formed by interpolating the value of the server name into directory-template. The handler is marked as cgi-script so that the file will be processed as such.

VirtualScriptAliasIP

mod_vhost_alias (E)

VirtualScriptAliasIP directory-template

Identical to VirtualScriptAlias, except the IP is used rather than the server name.

h1

Book Review

February 24, 2010

For this posting, I thought I’d give my honest opinion to a book I ordered, called “What All Network Administrators Know: Answers to What you Need to Know About Being a Network Administrator.”

This book, written by Douglas Chick, starts out defining what a network administrator is, and relative salaries you can expect to make as one. This is a tricky area, considering there are many factors to the level of salary – experience level, certifications/college degree (if any) – make this a grey area.

There is one section of the book that I and other readers have issue with: “Being a Brave Liar.” The author gives several “tips” for dealing with tricky questions posed by an interviewer.

The tips I have a problem with are:

2. “During the interview, appear laid back, confident and somewhat arrogant. Kind, meager and too polite will give you away immediately. An experienced network administrator is a slightly bitter one.” – I have a problem with this tip because I have met many network administrators (current and former), who were VERY nice, friendly and, most important, accomodating with information. Having been a systems administrator in a former life, I am most certainly not bitter. Regarding the bit about “giving it away” because you appear kind, meager and/or polite, that, to me, is complete b.s. I’ve never gone into an interview laid back, or arrogant. I always go in confident, but that confident only shows that I’m completely comfortable in my abilities to do the job that I’m interviewing for. In my experience, arrogance or a laid back attitude gets you one thing… More free time to interview.

7. “If asked why you are no longer employed, blame it on the economy. Your interviewer might show compassion, as he/she may also be afraid of losing their job.” – I find this to be incorrect also. Depending on the circumstance, DO NOT LIE. While it’s true that a company’s HR rep cannot disclose why you left (this is not always the case, however), it’s sometimes better to let the interviewer know – unless you had a particularly nasty exit. If you’re the type of person who can lie through your teeth without showing a solitary emotion, then go for it. Most of us, however, cannot. You can always say that you left due to a lack of opportunity for advancement.

9. “If asked about your networking certifications, trivialize them by saying that you only got them to put on your resume. Harping about your certification only agitates someone that does not have one, and insults those that do.” – Again, I have issue with this. If you have certifications, especially if you have several, why would you trivialize ANY of them, when you worked so hard to obtain them? I agree you don’t want to harp on having them, but admitting you do and admitting to being proud of having them will not harm you or your chances. Again, it goes back to confidence.

10. “There is always someone in the computer department that is not well-liked, and because he/she does not know this, if asked if there is someone like that in your department, answer yes. Because if you answer no, your interviewer will know that it is you. – Again, b.s. In the over eight years I have worked in IT, I have NEVER been asked this question. You’ll get job scenarios, problem scenarios, and other “typical” HR questions, but I don’t see this question coming up.

The section “What Server Operating Systems Should I Know?” contains O/S’es such as Windows NT, Windows 2000 and Novell. Not many companies are still using NetWare, although some still do (a company I did Level 2 Tech Support for used NetWare to reset passwords for some hospital admins). One O/S I would definitely add to this list is Windows Server 2003/2008. How this O/S was left out of a 2007 edition is beyond me.

Another section of the book asks “What types of attacks can I expect on my network?” While the standard types are here – DoS (Denial of Service), Buffer Overflows, E-mail Spoofing, Worm/Virus, Logic Bombs, Password Cracking, and Confidentiality Breaches – there are some that are not present, which I feel should be. In particular, IP Spoofing, Wardriving, War Chalking, Malware/Spyware/Scareware, Web Spoofing, and DDos Botnets (Distributed Denial of Service). Of course, there are others, but you get my point.

All in all, it is a pretty informative book, worth the $12 price (amazon.com). Just be cautious when reading and absorbing the information contained within.