Friday, July 29, 2011

The 5 Biggest IT Security Mistakes

I was forwarded a very interesting article yesterday from Network World.

Number 4 on the list is "Not preparing for data breach".  Interesting to note, I would say this is number 1.  In my course of work as both a consultant and instructor, I am still amazed at how many companies are lacking in IT security preparedness.  What could be more important than protecting a companies assets?


I understand the need for a business to get revenue to pay the bills.  I also understand that one security breach can also cost a company revenue or even put a company under.  Being prepared for a breach and protecting from a breach are important so a company can continue to do business.  If there is an interruption in service or access to assets, it does not take long for a company to be out of business. 


Security is a hot topic right now in IT, lets hope more companies get on board....

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Goldielocks and the 3 Database Restore Plans

For those of you who have had me in class before, you have heard me talk about the benefits of applying the SIMPLE recovery model. And you have heard me urge its use if you can get away with it. You have also heard Microsoft write about the benefits of complex multi steps DR plans for huge enterprises. Recently I ran into a situation where an approach right in the middle was called for, and I’d like to share that with you.

Back up and restore scenarios are all about 2 things. “Mean time to recovery” and “Acceptable data loss”. Weaved into the art of leveraging these components are idiosyncrasies to your own environment. Recently I ran into this environment...

ENVIRONMENT:
12 gig Mission critical database
Restore operations MUST be quick and simple
24 hour data loss is acceptable
Disk space for retention of backups is limited (about 60GB available)
Daily transactions touch about 2-10% of the total size of the database (through inserts or updates, deletes almost never occur)

A traditional backup up schedule of a complete every night will not be sufficient, it will provide simple restores and handle the 24 hour data loss requirement, we simply will not have enough space for sufficient retention of backups.
On the other side of the spectrum , we could change to FULL recovery model and run a complete weekly, run transaction logs backups every 15 minutes, then run differentials every night. This option is unacceptable because the restore process is not simple enough, yet it does handle the disk space issue.

Consider this setup. Stay with the SIMPLE recovery model. Set up weekly complete backups and set up daily differential backups. This keeps restores relatively easy, it will always be a two step process – restore the complete then restore the most recent differential (no transaction logs). It also conserves disk space as we only have one 12 GB backup (the complete) per week, and the nightly backup is a differential of no more than several hundred MB (though this will grow throughout the week).

If you have a relatively large database that is mission critical but has few inserts into it daily, and quick/easy restorations is of utmost importance, consider the approach I just went over.

- Ed Dressler, SQL Server Expert; CTT+, MCDBA, and MCITP LinkIn with Ed

Bookmark and Share

"I want to get my CISSP!"


Earlier this week I got an email from a student who asked me how they would go about getting their CISSP.  I have had the student in several of my OS and Security classes and knew the student had years of experience in network administration and hardening operating systems.

Here is a list of things you will need before you begin your assault on the top security certification.


1.)  At least 5 years in IT experience, either in administration, infrastructure engineering or security.  The more experience the better.


2.)  A desire to study and learn about things you have never had experience with in the field.  No one who ever takes this exam has experience with all the concepts.


3.)  The
Shon Harris All-In-One Guide.

The first thing to do is go out to
ISC2 website and download the information about the test and information about the 10 Common Bodies of Knowledge.

The next thing I would do is seriously think about taking a cert prep course with an experience CISSP instructor.  Yes that is a shameless plug, but students who have taken my course at
Centriq and studied 3-6 months have a pass rate of about 80%.  I believe an experienced instructor not only will help with prepping the student with the information for the exam but also in taking the exam.

The next scheduled exam for the Kansas City area is in December.  So if you can come take my Security Essentials (CISSP prep course) and study for a few months, I am sure you can achieve your CISSP.


If you have any questions please feel free to contact me if you have any questions and good luck!


- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Monday, July 25, 2011

Troubleshooting Ajax AsyncFileUpload Control

The ASP.Net Ajax Control Toolkit provides lots of interactive, feature-rich controls for the web developer. However, as my work transitioned from Visual Studio 2008 to Visual Studio 2010 products, I noticed a common problem with the Asynchronous File Upload control. The error message from trying to use the control was "The file attached is invalid".

 

If you're not familiar with this control, it behaves similarly to the normal File Upload control that's in the Standard section of the Tools panel in Visual Studio. Both versions of the control allow a user of the web application to browse for, select, and upload a file to the server. However, the Ajax toolkit's Asynchronous version allows the upload process to occur in real time (in the background) as the user continues to use the webpage, instead of forcing the user to wait for the page to be returned while the upload is being processed.

 

The issue appears to be with the control itself, but particularly when used in the .Net 4.0 framework, which is likely to be the default for Visual Studio 2010 products, unlike the 3.5 framework likely set as the default for Visual Studio 2008.

 

So, how do you fix the AsyncFileUpload that keeps telling you "The file attached is invalid"?

The Fix

Just add the ClientIDMode="AutoID" property to the control. This easy change allows the control to be properly identified. If you would like to control this at the web.config level, you could also consider using the following approach instead:



<pagecontrolRenderingCompatibilityVersion="4.0" clientIDMode="AutoID"/>


Of course, in that case you will want to be sure to test the rest of your controls to make sure this doesn't cause any problems elsewhere.

For additional reading on the topic, see:


- Eric Reid, Design Expert; CTT+, ACI (Adobe Certified Instructor), ACE (Adobe Certified Expert), i-Net+, IC3
LinkIn with Eric


Bookmark and Share

Wednesday, July 6, 2011

You Want To Be In Security?

As a consultant and instructor, one of the questions I get all the time is "I would like to move into the field of security, what do I need to do?" My answer is "What area of security?" That usually has the person pause and say "Security in general." I say "Well, we all are in security in general."

 

My point in making that statement is to help people understand that in IT we all practice security in some form, but there are a lot of different areas of security and those different areas require a different knowledge base. However there is a base knowledge of security that is needed no matter what area of security you go into. Once this base area of security knowledge is obtained then you can pursue a more distinct area of security.

One of the key components of getting into security is experience, which cannot be taught is must be learned. Experience in IT is crucial no matter what area of IT you currently work. Experience gives you a period of time in which you can learn from troubleshooting and implementation techniques that can you use in security. Lets say for example you have been working as an Exchange Server admin for 5 years. Well you probably have been exposed to email malicious code, smtp relay and spam which in turn will help you when you move into the areas of email security. I usually say at least 5 years of good admin experience with a any vendor is a good starting point for most people.

 

So lets say you have the experience, what type of training can help you get into security? I believe it starts with a good understanding of networking and security. There are three classes I always recommend:

1. Network+ - for a good understanding of all of the areas of networking

2. Security+ - for a good understanding of the basics of security

3. Cisco ICND1 and ICND2 - to understanding how network traffic is moved within different areas of the network. Cisco is not the only vendor, any vendor for routing and switching will due.

 

I would also take them in that order. The reason why is because they build upon each other. Each class provides the basis of information for the next class. It is not required, but recommended.

 

After that, I always encourage certification in these areas as well, but it is not required. Certification in these classes shows you took the time ensure you understand the basics of the areas, however it does not prove proficiency.

Next, then you can explore the different areas of security in which you want to specialize in such as:

1. Firewall

2. IDS/IPS

3. Penetration Testing

4. Vulnerability Testing

5. Auditing

I would also advise taking vendor specific training for these different areas such as VMWare, Cisco, Eccouncil and Microsoft. Finally after a you spend some time in security, you can go after the much coveted and difficult CISSP. The most heralded and sought after security certification.

 

I hope this outline of security areas and training helps you decide what area of security you would like to pursue. When you're ready, be sure to call us here at Centriq about getting the training you need.

 
If you have any questions or comments please feel free to email me.


- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Tuesday, July 5, 2011

Using the Resource Monitor in Windows Server 2008 R2

Students in one of my recent Windows Server 2008 R2 classes, were asking me how to discover what is in SvcHost.exe, as well as what services and ports are in use by any of the running process. I suggested that they take a look at the Resource Monitor. 

To discover what is running in any of the instances of the SvcHost.exe, first launch the Resource Monitor. To launch the Resource Monitor click the Start button and type Resource and select the Resource Monitor. Then click on the CPU tab, as demonstrated below:

In the Processes list, locate a SvcHost.exe.   (It is easiest to click on the Image heading to sort the list alphabetically. )  Select the checkbox to the left of the SvcHost.exe.  This will move the selected SvcHost.exe to the top of the Image list, as demonstrated below:
Now that the SvcHost.exe is selected, expand the Services portion of the window, to reveal the Services running in this SvcHost.exe. 
To view the files that the SvcHost.exe is utilizing, expand the Associated Modules section.
To view the ports that the SvcHost.exe is using select the Network tab, and expand the Listening ports section.
I think you will find the Resource Monitor a very useful tool, in Windows Server 2008 R2 as well as Windows 7.



- Janet Nichols, Windows Server Expert; MCT, MCSE, MCITP: Enterprise Admin, Server Admin; Windows 7 EDA, MCTS LinkIn with Janet

Bookmark and Share


Friday, July 1, 2011

Security+ SYO-301 - New Exam Goes Live. Not Your Same Old Security+ Exam


As promised by CompTIA in 2010, the new Security+ exam (SYO-301) is now live.  It has been 3 years since the Security+ exam has been updated and CompTIA is keeping with a policy of renewing exams every 3 years.  The new exam has a look and feel of more real world objectives along with some content from the ISC2 CISSP exam.  Listed below is the differences between the 201 objectives and the new 301 objectives.


You can still take the 201 exam through the end of 2010.  If you are thinking of taking the new exam, almost 90% of the information from the 201exam is still applicable.

As of July 1, the Security+ class that I teach at Centriq Training will be using new curriculum to reflect the 2011 objectives.

If you have any questions please feel free to contact me.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Have we seen the last of LulzSec?


I don't think so.  LulzSec last week supposedly threw up the white flag last week and decided to disband.  Was this because the Anonymous group was going to go after them or because law enforcement was hot on their trail?  I have a different theory.

I believe we will still see attacks by this group except it will be under a new name or a splinter faction.  LulzSec drew a lot of attention over the last couple of months by their attacks on
PBS and the Arizona DPS, and it was this attention that may have drew the ire of some hacker groups (Anonymous Group) for bringing too much attention or stealing the limelight.  It has been rumored that there may have also been a splintering of LulzSec by those who did not want to draw this attention.  Either way, I still believe we have not heard the last of LulzSec.


- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share