Word of the Day: Microsoft Hyper-V

Hyper-V is Microsoft's server virtualization software for Microsoft Server 2008.

Hyper-V is a native, or bare metal, hypervisor that runs directly on server hardware. Virtual machines are hosted as guest operating systems, one level above the hypervisor at the virtualization layer. Hyper-V supports these hosted OSes by partitioning a given hard drive.
Hyper-V runs in the root partition as the "parent" and then creates "child partitions" to host each virtual machine. Hyper-V can create and run as many child partitions as a given system's memory and processor can support.
According to Microsoft, in addition to the systems requirement for Windows Server 2008, the two key requirements for the Hyper-V platform are the need to ensure that the server is a 64-bit environment and supports hardware-assisted virtualization (Intel VT or AMD-V) technology.

Microsoft originally bundled beta versions of Hyper-V with Windows Server 2008 under the codename Viridian.

What’s the difference between CIO and CTO?

Here’s a quick breakdown of the distinguishing characteristics of those two roles.

Chief Information Officer

• Serves as the company’s top technology infrastructure manager
• Runs the organization’s internal IT operations
• Works to streamline business processes with technology
• Focuses on internal customers (users and business units)
• Collaborates and manages vendors that supply infrastructure solutions
• Aligns the company’s IT infrastructure with business priorities
• Developers strategies to increase the company’s bottom line (profitability)
• Has to be a skilled and organized manager to be successful

Chief Technology Officer

• Serves as the company’s top technology architect
• Runs the organization’s engineering group
• Uses technology to enhance the company’s product offerings
• Focuses on external customers (buyers)
• Collaborates and manages vendors that supply solutions to enhance the company’s product(s)
• Aligns the company’s product architecture with business priorities
• Develops strategies to increase the company’s top line (revenue)
• Has to be a creative and innovative technologist to be successful

What is the OSI model?

The OSI model is a hierarchical model of how different devices, protocols, and applications can interoperate to provide a network. The OSI (open systems interconnect) model was created by the International Standards Organization (ISO).

The applications and protocols that make up the network reside at different layers of the OSI model. Those layers are:

• Layer 7 – Application
• Layer 6 – Presentation
• Layer 5 – Session
• Layer 4 – Transport
• Layer 3 – Network
• Layer 2 – Data Link
• Layer 1 – Physical

Most admins remember these layers by taking the first letter of the layer and matching it with a word. Here are some common ways to remember the OSI model:

• All People Seem To Need Data Processing
• Please Do Not Throw Sausage Pizza Away
• Phew Dead Ninja Turtles Smell Particularly Awful

A common question is, “What application or protocol resides at each of the layers?” Here is a general overview:

Layer 7 - Application
The application layer is where the protocols and services that make up your application reside. Examples of what is located here are: Telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

Layer 6 - Presentation
The presentation layer “presents” the session layer data to the application. Examples of what is located here are: encryption (like IPSec), ASCII, and JPG.

Layer 5 - Session
This layer is responsible for initiating and terminating network connections. Examples of the session layer are Remote Procedure Call (RPC) functions and the login portion of a SQL session.

Layer 4 - Transport
TCP and UDP work at the transport layer. TCP provides the reliable, in-order delivery of your data, as well as error correction, sequencing, and windowing (flow control). Additionally, TCP at the transport layer provides source and destination port numbers that are commonly associated with applications. For example, TCP port 25 is SMTP, 23 is telnet, 22 is SSH, 80 is HTTP, and so on. These port numbers are very important if you are configuring an ACL (see my article, “What you need to know about Cisco IOS access-list filtering“) or studying for a certification test like the CCNA. Data at the transport layer is called a segment.

Layer 3 - Network
The network layer is where the “IP” part of “TCP/IP” happens. IP is responsible for addressing in the network. Because IP works at layer 3, you could also say that routing and routers work at layer 3. Any data at layer 3 is called a packet.

Layer 2 - Data Link
If you think about a WAN, there are many protocols that work at layer 2 (like PPP and Frame-Relay). However, if you just look at the LAN, the most well-known protocol associated with layer 2 is Ethernet. The Ethernet protocol uses MAC addresses to identify unique devices on the network. Any data at layer 2 is called a frame. Ethernet switches work at layer 2 to switch Ethernet packets. To do this, they keep a MAC address table or CAM table — mapping MAC addresses to switch ports.

Layer 1 - Physical
The physical layer provides the actual connection between devices. Ethernet cables and fiber optic cables work at layer 1. Data goes through the cables via electricity or light. That data is now represented as a bit (a one or a zero).

10 ways to build a solid capacity planning effort

Developing a comprehensive capacity plan can be daunting at the outset and requires dedication and commitment to maintain it on an ongoing basis. These 10 tips can help ease some of the challenges and increase the likelihood of an effective, successful program.

#1: Start small

Many a capacity-planning effort fails after a few months because it encompassed too broad a scope too early on. This is especially true for shops that have had no previous experience in this area. It is wise to start with just a few of the most critical resources — say, processors or bandwidth — and to gradually expand the program as you gain more experience.

#2: Speak your customers’ language

When requesting workload forecasts from your developers and especially your end-user customers, discuss the forecasts in terms that the developers and customers understand. For example, rather than asking for estimated increases in processor utilization, ask how many additional concurrent users are expected to be using the application or how many of a specific type of transaction is likely to be executed during peak periods.

#3: Consider future platforms

When evaluating tools to be used for capacity planning, keep in mind new architectures that your shop may be considering and select packages that can be used on both current and future platforms. Some tools that appear well suited for your existing platforms may have little or no applicability to planned architectures. This consideration should extend not just to servers, but to disk arrays, tape equipment, desktop workstations, and network hardware.

#4: Share plans with suppliers

If you plan to use your capacity-planning products across multiple platforms, it is important to inform your software suppliers of your plans. During these discussions, make sure that add-on expenses — the costs for drivers, agents, installation time and labor, copies of licenses, updated maintenance agreements, and the like — are all identified and agreed upon up front. Reductions in the costs for license renewals and maintenance agreements can often be negotiated based on all of the other additional expenses.

#5: Anticipate nonlinear cost ratios

One of my esteemed college professors was fond of saying that indeed we live in a nonlinear world. This is certainly the case when it comes to capacity upgrades. Some upgrades will be linear in the sense that doubling the amount of a planned increase in processors, memory, channels, or disk volumes will double the cost of the upgrade. But if the upgrade approaches the maximum number of cards, chips, or slots that a device can hold, a relatively modest increase in capacity may end up costing an immodest amount for additional hardware. This is sometimes referred to as the knee of the curve, where the previous linear relationship between cost and capacity suddenly accelerates into exponential increases.

#6: Plan for occasional workload reductions

A forecasted change in workload may not always cause an increase in the capacity required. Departmental mergers, staff reductions, and productivity gains may result in some production workloads being reduced. Similarly, development workloads may decrease as major projects become deployed. Although increases in needed capacity are clearly more likely, reductions are possible. A good guideline to use when questioning users about future workloads is to emphasize changes, not just increases.

#7: Prepare for the turnover of personnel

One of the events that undermines a capacity-planning effort early on is to have the individual most responsible for, and most knowledgeable about, the overall program leave the company. Regardless of the preventative measures taken, there is no guarantee that attrition will not occur. But there are several actions that can mitigate the impact. One action to take is to carefully interview and select an individual who in your best judgment appears unlikely to leave your firm anytime soon. You should also ensure that the process is thoroughly documented. If resources are available, training a backup person is another way to mitigate turnover. Finally, in extreme cases, an employment contract may be used to sustain ongoing employment of a key individual.

#8: Strive to continually improve the process

One of the best ways to continually improve the effectiveness of the capacity-planning process is to set a goal to expand and improve at least one part of it with each new version of the plan. Possible enhancements could include the addition of new platforms, centralized printers, or remote locations. A new version of the plan should be created at least once a year and preferably every six months.

#9: Institute a formal capacity-planning program

Some shops initiate a capacity-planning program in a very informal manner to simply get something started. There is nothing wrong with this approach if the intent is merely to overcome inaction and to start the ball rolling. This can also help raise awareness of the need to evolve this initial effort into a formal capacity-planning program. The one major drawback to this method is that all too often shops that start out with this approach never progress beyond it. At some point soon after initiating a capacity-planning effort, a formal process needs to be put in place.

#10: Market the lesser-known benefits of capacity planning

In addition to being able to predict when, how much, and what type of additional hardware resources will be needed, a comprehensive capacity-planning program offers four lesser known benefits that should be marketed to infrastructure managers and IT executives. These benefits are:

• Strengthened relationships with developers and end users. The process of identifying and meeting with key users to discuss anticipated workloads usually strengthens the relationships between IT infrastructure staff and customers. Communication, negotiation, and a sense of joint ownership can all combine to nurture a healthy, professional relationship between IT and its customers.
• Improved communications with suppliers. Suppliers are generally like any other support group in that they do not enjoy last-minute surprises. Involving key suppliers and support staffs with your capacity plans can promote effective communications among these groups. It can also make their jobs easier in meeting deadlines, reducing costs, and offering additional alternatives for capacity upgrades.
• Increased collaboration with other infrastructure groups. A comprehensive capacity plan by necessity will involve multiple support groups. Network services, technical support, database administration, operations, desktop support, and even facilities may all play a role in capacity planning. In order for the plan to be thorough and effective, all these various groups must support and collaborate with each other.
• Promotion of a culture of strategic planning as opposed to tactical firefighting. By definition, capacity planning is a strategic activity. To do it properly, one must look forward and focus on the plans of the future instead of the problems of the present. One of the most significant benefits of developing an overall and ongoing capacity-planning program is the institutionalizing of a strategic-planning culture.

Windows Vista tricks

Instantly access Task Manager

As you know, in Windows XP, you can press [Ctrl]+[Alt]+[Del] and instantly get to Task Manager. In Windows Vista, that same keystroke combination will blank your display and display a full screen menu from which you can launch Task Manager.

In order to get directly to Task Manager in Windows Vista, you need to press [Ctrl]+[Shift]+[Esc].

Toggle Aero off and on

As you know, Aero is the fancy visual interface in Windows Vista that features the transparent glass design with cool window colors and neat animations. However, there are times when you may want to disable Aero to improve system responsiveness. For example, some games or other graphics-intensive applications may perform better with Aero disabled. Fortunately, you can easily do so with a shortcut.

To begin, right-click anywhere on the desktop and select the New | Shortcut command from the context menu. When the Create Shortcut wizard appears, type:

Rundll32 dwmApi #104

in the text box, as shown in Figure C, and click Next. Then, name the shortcut Turn Aero Off and click Finish.

Figure C

Create this shortcut to turn Aero off.

You can then create a second shortcut to re-enable Aero. To do so, launch the Create Shortcut wizard again and this time type:

Rundll32 dwmApi #102

in the text box. Name this shortcut Turn Aero On and click Finish.

Keep in mind that when you turn Aero off, the process will happen without any fanfare. However, when you turn Aero back on, the screen will blink momentarily as Windows readjusts the screen display.

Using Shell command shortcuts

While you can use Explorer, the Control Panel, or the Start menu to access key features in Windows Vista, sometimes a shortcut can be more useful. Hidden underneath the Windows Vista architecture are a whole host of special shortcuts known as Shell commands. To use a Shell command, all you need to do is press [Windows]+R to access the Run dialog box and then enter the word Shell followed by a colon (:) and then command as in:

Shell:command

As you can see there are no spaces between the word Shell and the colon and the command — it is essentially one word.

While there are close to 100 Shell commands, not all of them are very useful. As such, I won’t actually list them. I’ll just discuss the ones that I find most useful in everyday situations first and then I’ll list the other ones that I find occasionally useful.

Keep in mind that not all of these Shell commands will work in all versions of Windows Vista.

Most useful Shell commands

• shell:ChangeRemoveProgramsFolder - opens the Programs and Features (Add/Remove Programs) window.
• shell:Sendto - opens the SendTo folder so that you can easily add more locations to the Send To list.
• shell:Common Administrative Tools - opens the Administrative Tools menu as a folder
• shell:Desktop - opens the Desktop as a folder.
• shell:Downloads - opens your Downloads folder.
• shell:Quick Launch - opens the Quick Launch folder.
• shell:Searches - opens the Search folder showing all your saved searches.

The other useful Shell commands

• shell:AppUpdatesFolder - opens the Installed Windows Updates location in Program and Files.
• shell:Cache - opens Internet Explorer’s temporary Internet files folder.
• shell:CD Burning - opens the folder where Windows Vista temporarily stores files to be burned to a CD.
• shell:Common Desktop - opens the Public User’s Desktop folder.
• shell:Common Documents - opens the Public User’s Documents folder.
• shell:Common Programs - opens the Start menu shortcuts folder.
• shell:Common Start Menu - opens the Start Menu as a folder.
• shell:Common Startup - opens the Startup folder.
• shell:Common Templates - opens the Templates folder.
• shell:CommonDownloads - opens the Public User’s Downloads folder.
• shell:CommonMusic - opens the Public User’s Music folder.
• shell:CommonPictures - opens the Public User’s Pictures folder.
• shell:CommonVideo - opens the Public User’s Video folder.
• shell:ConflictFolder - opens the Sync Center Conflicts folder.
• shell:ConnectionsFolder - opens the Network Connections folder.
• shell:Contacts - opens your Contacts folder.
• shell:ControlPanelFolder - opens the Control Panel.
• shell:Cookies - opens the cookies folder
• shell:Favorites - opens your Favorites folder.
• shell:Fonts - opens Vista’s Fonts folder.
• shell:Gadgets - opens your Windows Sidebar Gadgets folder.
• shell:History - opens the Internet Explorer history folder.
• shell:InternetFolder - opens Internet Explorer.
• shell:Links - opens your Links folder location.
• shell:MyMusic - opens your Music folder.
• shell:MyPictures - opens your Pictures folder.
• shell:MyVideo - opens your Video folder.
• shell:MyComputerFolder - opens Computer window.
• shell:NetHood - opens Network Shortcuts folder.
• shell:NetworkPlacesFolder - opens the Network Places location.
• shell:Original Images - opens Windows Photo Gallery Original Images folder.
• shell:Personal - opens your Documents folder.
• shell:PhotoAlbums - opens your Slide Show folder.
• shell:Playlists - opens your Playlists folder.
• shell:PrintersFolder - opens Printers in the Control Panel.
• shell:Profile - opens your main folder.
• shell:ProgramFiles - opens the Program Files folder.
• shell:Public - opens the Public User folder.
• shell:Recent - opens the Recent Items folder.
• shell:RecycleBinFolder - opens the Recycle Bin folder.
• shell:Start Menu - opens the Start Menu folder.
• shell:Startup - opens the Startup folder
• shell:System - opens the System32 folder location.
• shell:Templates - opens the Templates folder location.
• shell:UserProfiles - opens the Users folder.
• shell:UsersFilesFolder - opens your main folder.
• shell:Windows - opens the Windows folder.

What you need to know about Cisco IOS access-list filtering

Know what an ACL can and cannot do

In the simplest of terms, a Cisco IOS ACL is used to define traffic. Once that traffic is defined, some action can then be taken on that traffic.

Commonly, an ACL is associated with the filtering of IP packets (Network Layer 3 of the OSI Model) as they pass through a router. In other words, it is used to permit or deny traffic through a router. However, if you just define the ACL only and don’t apply it to an interface using the access-group command, nothing happens.

While ACLs can be used for many functions like QoS, route filtering, and allowing access to the router, in this article, we will focus on using ACLs for filtering traffic in and out of the router.

Know the syntax of ACLs

To configure an ACL you need to include some basic information about which packets to permit or deny.

The general syntax for a standard access list is:

access-list {list number} permit | deny | [source address} [source mask]

Note that the standard ACL can only permit or deny traffic based on the source of the traffic.

The general syntax of a TCP extended access list is:

access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]

You should also know that extended ACL can filter IP traffic, TCP, UDP, ICMP, and other types of traffic. The syntax above is to filter TCP traffic.

Know that ACLs use wildcard masks

Cisco IOS ACLs use wildcard masks. These wildcard masks are required anytime you enter an IP address in your ACL. The only way NOT to enter an IP address (thus, using a wildcard mask) is to enter a keyword like “any” or use the keyword “host” before the absolute IP address of a host on the network.

Wildcard masks are the binary reverse of a subnet mask. Thus, to calculate a wildcard mask, you take the subnet mask of a network address or IP address, convert it to binary, turn all the 1s into 0s and the 0s into 1s, and convert it back to decimal. Sounds complicated, but it really isn’t. If the subnet mask is masked at the 8-bit subnet boundaries, then a 0 will turn into a 255 and a 255 will turn into a 0. Here are a few examples:

• SN 255.0.0.0 = wildcard 0.255.255.255
• SN 255.255.255.0 = wildcard 0.0.0.255
• SN 255.255.128.0 = wildcard 0.0.127.255
• SN 255.255.255.224 = 0.0.0.31

Do NOT use a subnet mask in a wildcard mask on a Cisco IOS router or switch, or you will end up with unintended results. (On the other hand, if you are configuring an ACL on a Cisco PIX, use regular subnet masks, not wildcard masks).

Know how to create an ACL and apply it to an interface

For example, here’s how a sample configuration might look for access list 1:

Router(config)# access-list 1 permit 172.16.30.0 0.0.0.255
Router(config-if)# interface e0/0
Router(config-if)# ip access-group 1 out

The ip access-group command is used to apply an ACL to an interface and specify the direction that it applies.

The commands above permit any traffic going to IP network 172.16.30.0 from going OUT the router’s Ethernet 0/0 interface. Any traffic addressed to that network will still be allowed in, but it won’t be permitted to go out interface e0/0.

Know the implicit deny

Let me ask you this: What is allowed through the ACL above? Answer: Only the traffic to the 172.16.30.0 /24 network. Why is that? That is because at the end of every ACL, whether you see it or not, ALL TRAFFIC IS IMPLICITLY DENIED.

So, what traffic is allowed through the ACL below?

Router(config)# access-list 1 deny 172.16.30.0 0.0.0.255

That’s right - NO TRAFFIC is allowed because certain traffic is explicitly denied and ALL OTHER TRAFFIC IS DENIED by the implicit deny.

How do you see the traffic being denied? You can enter your own explicit deny with the log keyword, like this:

Router(config)# access-list 1 permit 172.16.30.0 0.0.0.255
Router(config)# access-list 1 deny any log

Know that ACLs use top-down processing

Cisco IOS ACLs use top-down processing. This means that when a condition in the ACL is met, all processing is stopped. Thus, if there is a permit for network 1.1.1.0 in the fifth line of the ACL but it is denied in the third line of the ACL, then that traffic is denied.

Know the three Ps of ACLs

Remember, you can only apply ONE ACL:

• Per Interface
• Per Protocol
• Per Direction

As most of us are applying IP ACLs, the protocol doesn’t matter that much, but the important thing to know is that you can apply only ONE ACL on each interface in each direction. In other words, you can apply only one INBOUND and one OUTBOUND ACL per interface.

Know how to verify which ACLs are applied and which are configured

Showing what ACLs are created and what ACLs are applied is easy if you know just a few commands. These commands are:

• show access-lists
• show ip interface
• show running-config

Know that there are many methods and types of ACLs

The Cisco IOS supports IP Standard and Extended ACLs in both named and numbered versions. Additionally, there are reflexive, dynamic, and lock-and-key access lists, among many others.

Know how ACLs can be used in the real world

While you may understand the concept of ACLs and how to configure them, it is important to know how to use them in the real world.

Here are a few business applications for ACLs:

1. Basic packet filtering for security: Filter traffic from a host, a network, a protocol, or port.

2. Packet filtering for bandwidth control: Say that a streaming audio or video application was using network bandwidth, and it was on a certain port number. With an ACL, you could discard those video and audio packets to prevent overutilization of bandwidth.

3. Other functions with ACLs: Route filtering, QoS, controlling access to the router, etc.

Word of the Day: Tokenization

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information without compromising its security. Tokenization has become popular as a means of bolstering the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

In a credit card transaction, a token typically contains only the last four digits of the card number. The rest of the token consists of alphanumeric characters that represent miscellaneous cardholder information and data specific to the transaction underway. When an authorization request is made to verify the legitimacy of the transaction, the actual card number is used only in the initial request. The token is returned to the requester instead of the card number along with approval or rejection of the transaction. The token is stored in the point-of-sale (POS) system but the credit-card number is not.

Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored in databases and exchanged freely over networks. Tokenization improves on encryption technology by keeping sensitive information out of the data stream. With the proliferation of identity theft and the consequent increased risk of ruinous civil and criminal proceedings, many corporations are turning to tokenization to minimize exposure and cost while maximizing their own security and that of their customers.

Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Word of the Day: Soft skills

Soft skills are personal attributes that enhance an individual's interactions, job performance and career prospects. Unlike hard skills, which tend to be specific to a certain type of task or activity, soft skills are broadly applicable.

Soft skills are sometimes broken down into personal attributes, such as:

• optimism
• responsibility
• a sense of humor
• integrity
• time-management
• motivation.

and interpersonal abilities, such as:

• empathy
• leadership
• communication
• good manners
• sociability
• the ability to teach.

It's often said that hard skills will get you an interview but you need soft skills to get (and keep) the job.

Cut down on Linux command-line typing with these 10 handy bash aliases

What is an alias?

An alias is basically a shortcut for a command you place in your ~/.bashrc file. Aliases cut down on typing and can save you from having to look up a command. (If your memory is like mine, this can be a real boon!)

Aliases are set up near the bottom of the of the .bashrc file. You’ll see a commented-out section that indicates where you should put them. The format of an alias is:

Alias NICKNAME='full command here'

The keyword alias must be used. The nickname is what you will type at the command line. Make this nickname easy to remember. The = sign must also be used. After the = sign, you enter the full command, including flags and switches, enclosed in single quotes. Once you are done, save the .bashrc file and open up a new terminal. I always find it best to leave the original terminal window open in case there are problems. In the new terminal, type the alias nickname and the command will run.

To get you started, I’ve compiled the following list of aliases I have used over the years to help make my command-line experience a bit easier.

#1: The ssh alias

This one should be a no-brainer for those of you who frequently secure shell into particular boxes. For this I add an alias like so:

alias server_name='ssh -v -l USERNAME IP ADDRESS'

Just change server_name to a memorable name for the server. Then, change USERNAME and IP ADDRESS to suit your needs.

#2: The ls aliases

Some distributions don’t include some of the handier ls commands. Generally, I like to see full listings instead of just filenames. For that I always include this alias:

alias ll='ls -l'

Another handy ls alias is this:

alias la='ls -a'

#3: The rm safety net

I can’t tell you how many times I have “rm’d” a file I shouldn’t have “rm’d”. To avoid this, I add this alias:

alias rm='rm -i'

Adding the ‘-i’ flag it forces rm into interactive mode, which will ask you whether you’re sure you want to remove a file.

#4: The more useful df command

This handy tool tells you how much space you have left on a drive. Only thing is, if you run the command by itself it replies in 1K blocks. Most people would prefer to see this in terms of MB. To make that happen, add this alias:

alias df='df -h'

Now, every time you run the df command, the information will be returned in a human-readable format.

#5: The nonstandard Firefox

Many times, I install Firefox in strange directories (or have more than one version of Firefox installed for testing purposes). For this, I will add an alias to start the correct Firefox. Say, for example, I have the beta of the newest, upcoming Firefox release installed, as well as the current stable Firefox. They are both installed in my home directory in different subdirectories. I will then add two aliases like so:

alias ff1='/home/jlwallen/firefox/firefox'

alias ff2='/home/jlwallen/firefoxb3/firefox'

Now I can start the stable firefox with ff1 or the beta with ff2.

#6: The bookmark alias

Speaking of Firefox, let’s create an alias to open up it to a specific URL:

alias fftr='/home/jlwallen/firefox/firefox http://www.techrepublic.com'

This alias will open Firefox directly to the TechRepublic Web site.

#7: The constant editing of a file

There are certain files that I am constantly editing. For instance, when I used Enlightenment E16 (I now use E17), I was frequently editing the menu file ~/e16/menus/user_apps. Instead of constantly opening up a terminal and entering nano ~/.e16/menus/user_apps, I used an alias that allowed me to type emenu and start editing. I used this alias:

alias emenu='aterm nano -e ~/.e16/menus/user_apps'

Now, I just enter the command emenu (or I can enter that in the run command dialog) to open up this file in an editor.

#8: The apt-get update

There are numerous ways to use an alias to help you with apt-get. One of my favorite is to add this alias:

 alias update='sudo apt-get update'

I only need to enter update and will be prompted for the sudo password. You can modify this to suit your frequent apt-get needs.

#9: The rpm batch install

I like to do a lot of batch installing with rpm. I will typically dump a bunch of rpm files into an empty directory (created for this specific purpose) and run the command rpm -ivh ~/RPM/*rpm. Of course, an alias makes this even easier:

alias brpm='rpm -ivh ~/RPM/*rpm'

You have to create the ~/RPM directory and enter the root password for this to work.

#10: The long, arduous path

There are some paths that I often change to that seem to take eons to type. When I was working on the Afterstep window manager, I had to constantly change to the ~/GNUstep/Library/AfterStep/start to edit menus. After a while, you get tired of typing cd ~/GNUstep/Library/AfterStep/start just to get to the directory. So I added an alias like so:

alias astart='cd ~/GNUstep/Library/AfterStep/start'

Naturally, you can change that to fit your needs. This will save you a lot of typing.

So there you have it: a few simple bash aliases that will ease the load on your fingers. You can modify them to suit you, and they’ll give you a good start on creating your own handy bash aliases.

: Password cracking made easy

One of the basic tenants of information security is to ensure that systems use strong passwords, namely those of a certain length that mix letters, numbers and other special characters. One way to determine if your password is strong is to type it into a password checker, like Microsoft's Password Checker. The software giant's tool checks for sufficient length and complexity.

These more complicated passwords are considered "strong" because they take a longer time to crack than shorter, easier-to-guess passwords. But even strong passwords can be cracked in seconds using an open source tool called Ophcrack.

Ophcrack is an extremely fast password cracker because it uses a special algorithm called rainbow tables. Brute-force cracking tools typically try thousands of combinations of letters, numbers and special characters each second, but cracking a password by attempting every conceivable combination can take hours or days. Rainbow tables pre-computes the hashes used by passwords, allowing for a speedy password lookup by comparing the hashes it has, instead of computing them from scratch.

Thinking of it another way, someone else has already generated the password hashes for millions of potential passwords using the same algorithm as Windows XP and Vista. Ophcrack simply loads the megabytes of hashes it already has and compares the password hash in Windows against its giant database. When it finds a match, Ophcrack reveals the password in plain text.

Ophcrack works on LAN Manager (LM) and NT LAN Manager (NTLM) hashes, and has rainbow tables available for cracking Windows XP and Windows Vista passwords. It comes with a slick GUI and runs on Windows, Linux/Unix, Mac OS X, or from a bootable LiveCD. Ophcrack has the ability to obtain password hashes from the Security Accounts Manager (SAM), the registry database that Windows uses to store protected user passwords.

Ophcrack is not malware and has its legitimate uses. For instance, most Windows password-recovery tools will substitute a new password in place of a lost one, but knowing the actual password may be useful in unlocking other archives found during a forensics investigation. Additionally, testing a known password against Ophcrack, and besting the rainbow tables, can help validate that the password is extremely strong.

However, one of the tools Ophcrack uses to access the SAM is pwdump, which many virus scanners will flag and quarantine as malware during installation because of its ability to create surreptitious remote connections used for spiriting out data. Ophcrack requires pwdump in order to dump the hashes in the SAM, so its association with pwdump may present some ethical hackers with an uncomfortable level of risk.

How do uninstall Microsoft Internet Explorer 7?

If your installation of IE7 was successful and uneventful, then uninstalling it is relatively simple process. The following steps will uninstall IE7 and restore IE 6.

• Click Start, and then click Control Panel.
• Click Add or Remove Programs.
• Scroll down to Windows Internet Explorer 7, click it, and then click Change/Remove.

If for some reason Windows Internet Explorer 7 does not appear in the Add or Remove Programs, you should:

• Open Windows Explorer
• Click Tools | Folder Options
• Click the View tab
• Make sure the radio button next to Show hidden files and folders is on
• Click OK
• Click Start, and then click Run
• Type: %windir%\ie7\spuninst\spunins.exe into the text box and click Enter

Specified user account

In some cases, you may get an error message when you try to uninstall IE7 that says you cannot uninstall from a specified user account. To get around this check you will have to edit the Windows Registry.

Warning: Editing the Windows Registry incorrectly can cause the Windows operating system to stop functioning completely. This is an advanced operation and you are encouraged to back up the Windows Registry before you attempt any editing of the file. You have been warned.

Bypass the user account check with this Windows Registry edit:

• Click Start, click Run, type regedit, and then press ENTER.
• Navigate to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer.
• Right-click the Internet Explorer key, click New, and then click DWORD value.
• Type InstalledByUser as the name, and then press ENTER to finish creating the new registry value.
• Try to uninstall Internet Explorer 7 again.

Word of the Day: holographic disk drive

A holographic disk drive is a holographic storage device that uses a laser to store data to optical media in three dimensions, maximizing storage capacity by using the media's depth. Most optical media, such as CD, DVD, HD-DVD and Blu-ray only offer bit-at-a-time surface or dual-layer writing capacity. A holographic versatile disk is just slightly larger than a DVD and can store 30 times as much data.

InPhase Technologies announced that they would release the first commercially available holographic drive in May 2008. InPhase's drive, the tapestry, costs $18,000 (USD). The first version of the storage media can hold 300 gigabytes (GB) of data on a 5.25-inch-wide, 3.5-millimeter-thick disk contained in a cartridge. The first storage disks cost $180. The media is currently write once read many. InPhase plans to create a re- writable version.

Features of the tapestry drive and media include:

• An archive life of 50 years.
• Does not require strict control of temperature and humidity levels.
• Better data recovery: The holographic nature of the stored data page mean that the whole can be recreated from a fragment.
• 20-120 megabyte per second (MB/s) transfer rate.
• Compatibility with existing small computer systems interface (SCSI), Fibre Channel (FC) and Ethernet interfaces.
• Potential future capacities up to 1.6 terabytes.

Although the first tapestry devices and disks are not practical for the average consumer, they may be a viable option for the targeted video and film archive market as an alternative to using and storing 35mm film. InPhase plans to release drives and media for the consumer market within the next few years.

How should the ipseccmd.exe tool be used in Windows Vista?

Ipseccmd is a command-line tool for displaying and managing IPsec policy and filtering rules. If you type ipseccmd show all at a Windows XP command prompt, you will get a list of Internet Key Exchange Security Associations, IPsec filters and IPsec usage statistics. It is, however, a Windows XP tool, and it is not available in Windows Vista. This functionality has moved to Netsh, a command-line scripting utility.

Netsh uses various helper DLLs, which provide an extensive set of network configuration and monitoring settings. Each group of commands specific to a networking component is called a context. For example, dhcpmon.dll provides Netsh the context and set of commands necessary to configure and manage DHCP servers. The contexts that you can use depend on which networking components you have installed.

Netsh can run in either a wired or wireless context as well; when using the tool, the user must change to the context that contains the desired command. Both contexts allow viewing and configuring connectivity and security settings of both the local and multiple computers, but to view the applied wireless Group Policy settings, for example, the wireless context must be used. For those comfortable with command-line tools, Netsh is a good, lightweight alternative to Group Policy. The help documentation for each available command is reached by the '/?' or Help options.

Vista itself has two new Netsh contexts, which I'm sure you'll find useful:

• ipsec - this context is most comparable to policy creation in XP.
• advfirewall - this context maps to the Windows Firewall with Advanced Security snap-in.

One definite improvement in Vista is the integration of firewall-filtering functions and IPsec protection settings. The design makes it far less likely that new firewall filters will conflict with IPsec policies and prevent network traffic from flowing as intended. It is now possible to confirm, add, modify and delete firewall rules using Windows Firewall with Advanced Security. While most users will still configure their Windows Firewall using the Windows Firewall Control Panel tool, the snap-in allows users to easily perform advanced configuration. Windows Firewall with Advanced Security provides a GUI interface for configuring Windows Firewall on remote computers and via Group Policy.

Word of the Day: virtual networking

Virtual networking is a technology that facilitates the control of one or more remotely located computers or servers over the Internet. Data can be stored and retrieved, software can be run and peripherals can be operated through a Web browser as if the distant hardware were onsite.

Virtual networking facilitates consolidation of diverse services and devices on a single hardware platform called a virtual services switch. The centralization of control reduces the cost and complexity of operating and maintaining hardware and software compared with administering numerous separate devices in widely separated geographical locations. Maintenance personnel and administrators can install device drivers, perform tests and resolve problems on the remote machines from a single location.

It may be necessary to install virtual networking software on the remote computers or servers to take advantage of this technology. Several vendors, including Microsoft and VMware, offer virtual networking software. Some vendors offer comprehensive virtual networking services, allowing business network administrators to outsource labor and resources to the vendor. Virtual networking capability is a standard feature of Windows XP and Vista.

The chief limitation of virtual networking is the fact that certain problems can be resolved only by direct physical contact with the hardware involved. Examples include broken wires, frozen drives and defective chips. In some cases, virtual networking may make it possible to circumvent a damaged component by taking advantage of alternative resources until a technician can perform onsite repair or replacement.

5 ways to secure your Cisco routers and switches

1. Understand the basics of router security

You must understand the basics of router security. Here are the essentials:

Physically secure the routers
If your routers are not physically secured, anyone can walk up, perform a password reset, and gain full access to that router’s configuration. Even if this isn’t a core router, they could take down your network by poisoning the routing tables on all routers. For this reason, routers should be in a locked room and preferably have video surveillance. Additionally, reliable electrical power and cooling must be provided.

Lock down the router with passwords
Routers must be secured with passwords at both the login mode (to prevent initial access) and the privileged mode (to prevent configuration changes).

Apply login mode passwords on Console, AUX, and VTY (telnet/ssh) interfaces
Password controlled access needs not only to be on the VTY lines to prevent network access, but also on the Console and AUX ports. If the Console port is locked but the AUX port doesn’t have a password, then locking the Console wasn’t of much use, was it?

Set the correct time and date
To ensure that logs are correct and have not been tampered with, you must ensure that the router has the correct time and date.

Enable proper logging
Logging should be enabled, preferably, back to a central source like a syslog server. At minimum, you need to configure a buffered log on the router. Preferably, you should increase the level of logging and even log configuration changes to the router. For example, you can use the following command to enable SNMP traps for configuration changes:

snmp-server enable traps config

Back up router configurations to a central source
Let’s say that someone does take control of your router or wipes out your router configurations. To replace that router quickly or replace the configuration, you need to have a backup of that configuration. To do this, ensure that your routers are backed up whenever configuration changes are made or each week or day.

Secure other network devices such as switches and wireless access
Most of the items listed here also apply to Cisco switches and wireless access points. Two more areas that I consider to be at the basic level of router security are locking down network access to the router with a stateful firewall or ACL and encrypting sensitive network traffic.

2. Know your network: Diagram, audit, and document

If you are responsible for the security of a network you should know that network like you know the vulnerable doors and windows (think entry points) of your house.

You should diagram your network so that you have a map to help you and others visualize the entire network.

You should have the router configurations backed up. Finally, you should periodically audit your network security, both internally and externally (via a third party).

3. Protect your router with a firewall and ACLs

In Reese’s post about the hackers, he mentioned the fact that the company had poor access control lists (ACLs) in place on their routers. ACLs are typically what protect routers from attack. However, due to their complexity, many of them end up being misconfigured or ineffective. Make sure that your ACLs allow only traffic to the router and through the router that should be there. For internal routers this will only be internal traffic.

Make sure you understand that whatever isn’t permitted will be denied (the implicit deny), that ACLs are processed from the top down, that there should never be a permit any in the ACL, and that the ACL must be applied to an interface in the proper direction to be enabled.

Keep in mind that ACLs aren’t just used to prevent traffic from going through the router. They are also used to control SSH traffic, routing update, and to throttle traffic. For more information, see:

• Learn additional uses for Cisco IOS access control lists
• Control unwanted traffic on your Cisco router with CAR

Besides ACLs, the Cisco IOS offers a real stateful firewall if you use the Security/Firewall version of the IOS. A stateful firewall will be much better than just using ACLs. I recommend checking out my article, “Protect your network with the Cisco IOS Firewall,” and consider implementing one on your routers.

4. Change your passwords and make them complex

Another method that hackers use to take control of networks is password guessing or password sniffing. To prevent this, you should CHANGE YOUR PASSWORDS TO COMPLEX PASSWORDS TODAY. Don’t wait another day! An example of a complex password is MySuper!S3cr3tPa$$.

Make sure you always use type 5 password encryption on your routers (see “Be aware of how easily someone can crack a Cisco IOS password“). Make sure this command is on your router to encrypt most (but not all) passwords with type 5 encryption:

service password-encryption

Also, keep in mind that we aren’t just talking about login passwords. This includes all SNMP community strings and routing protocol update passwords. All of those should be complex and changed periodically.

5. Always encrypt sensitive network traffic

Finally, hackers can obtain passwords to your routers by sniffing network traffic when you log in to your router with telnet, perform a “show run” via telnet, or use unencrypted SNMP strings.

You should always encrypt sensitive network traffic by using SSH and SNMP encryption. Start by enabling SSH and disable telnet to all network devices that support it.

If you are using SNMP, enable SNMP v3 with encryption and use it exclusively.

Be careful

The point of this article is to (1) encourage you to take action to secure your network before malicious attackers take control of it and (2) to show you exactly which actions you need to take. You shouldn’t assume that your network isn’t a target because your company isn’t high profile or your data wouldn’t be valuable to an attacker. Take every reasonable step to protect your network; as you can see from this post, these steps aren’t necessarily difficult or costly.

Do you know this?

The new IEEE Energy Efficient Ethernet project aims to deliver major energy savings by combining many small savings.

This initiative is based on the work of Mike Bennett and Bruce Nordman of the Lawrence Berkeley National Laboratory and Professor Ken Christensen of the University of South Florida. They observed that much energy is wasted while the network is idle.

Here are the facts:

1. Most desktop PCs now ship with a 1 Gbps interface, an increase from the 100 Mbps interface that was standard a few years ago.

2. A typical 1 Gbps interface consumes roughly 2W more than a 100 Mbps interface.

3. Ethernet interfaces continue to consume power at this level even when the network is idle.

4. The 1 Gbps interface in the switch port at the other end of the link also consumes 2W more than a 100 Mbps interface.The upgrade from 100 Mbps to 1 Gbps thus consumes an extra 4W for each connected PC.

Security from A to Z

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Worst practices: Encryption conniptions

Here's a list of five worst practices that I'd like to share with you:

1. Using Wired Equivalent Privacy (WEP) encryption
If you're still running WEP encryption in your organization, it's time to face the facts: the simplistic encryption techniques used by WEP may be broken in seconds using freely available tools.

2. Practicing "security theatre"
"Security theatre" is the practice of implementing complex, expensive security measures solely for the sake of making people notice that you're spending a lot of time and energy on security, despite the fact that your controls are easily defeated and largely ineffective.

3. Encrypting email attachments only to include the encryption key in the message
Someone sends a sensitive document by email and, meaning well, uses the encryption feature of Microsoft Office to preserve the confidentiality of the document while in transit. The person then proceeds to praise himself in the body of the message saying something like, "Mike, I know you're always telling me about the security problems with email, so I encrypted this confidential file. The password is football." The simple solution is to use an out-of-band transmission method for the password. For example, send the email and then pick up the phone and call the recipient to provide the password. The likelihood of the same individual intercepting both your email and telephone call is remote.

4. Failing to patch
Sometimes warning of such dire consequences as "a severe flaw…[that] could lead to system crashes, remote execution of code and privilege escalation". Remember, hackers read the same security patch announcements that we do. Leaving networks, databases and third-party applications unpatched is asking for trouble.

5. Failing to encrypt laptops
Fortunately, there's an easy way to avoid this altogether: use disk encryption products to render mobile data unusable if a device is stolen.

10 ways to explain things more effectively

In the course of your work, you may sometimes need to explain technical concepts to your customers. Having them understand you is important not only for technical reasons, but also to ensure customer satisfaction. The ability to explain things clearly and effectively can help you in your career, as well. Here are a few tips to help make your explanations understandable and useful.

#1: Keep in mind others’ point of view

You’ve probably seen the famous illusion that looks like either a young woman or an old woman. Two people can look at that same picture, and they can have opposite views of what they’re seeing. Keep this idea in mind when explaining a concept. Something that might be perfectly understandable to you might be incomprehensible to someone else. Don’t be the person customers complain about as using “geek speak.”

#2: Listen and respond to questions

It’s easy to become annoyed when someone is asking questions. However, try to resist that reaction. A better attitude is to be happy that the other person is interested enough to ask questions. To minimize confusion and misunderstanding, try to paraphrase or summarize a question before you answer it. This step is particularly important if you’re in a group setting, and you’ve just taken a question from someone. Repeating the question for the entire group helps everyone better understand your answer.

#3: Avoid talking over people’s head

When you explain things to people, do their eyes glaze over? Chances are it’s because you’re talking over their head. Symptoms of such behavior include the use of jargon and acronyms. Remember, the people you’re talking to probably lack your specialized knowledge, so you should use readily understandable terms.

The same goes for acronyms. They’re important, but if you use them, define them in “longhand,” followed by the acronyms in (parentheses), so that everyone’s clear. Doing so avoids the scenario of situation normal, all fouled up (SNAFU).

Even within IT, the same acronym can mean different things. For example, both “active server page” and “application service provider” have the acronym ASP. A story from the Vietnam War era further illustrates this point. A young woman brought her boyfriend home to meet her father, a retired military officer. The woman was nervous because the boyfriend was a conscientious objector. When the father asked the young man to talk about himself, the latter replied, nervously, that he was a CO. The father clapped the young man on the back and congratulated him, thinking the latter was a commanding officer.

#4: Avoid talking down to people

Avoid the other extreme as well. Don’t insult people by assuming that they’re only as intelligent as a three-year-old. An attendee at one of my communications training classes described it aptly as “Barney communications.”

Greek mythology has references to two monsters, Scylla and Charybdis, who sat on opposite sides of a narrow strait of water. If a ship sailed too close to Scylla, it was destroyed and the sailors eaten up. If the ship sailed too close to Charybdis, it was destroyed by a whirlpool that Charybdis created. The ship had to go right between them to survive. Follow that same principle with your customers: Make your explanations neither too complicated or too simple.

#5: Ask questions to determine people’s understanding

The people you’re talking to shouldn’t be the only ones asking questions. You should be asking questions as well, to make sure they understand. Your questions can be open ended, which gives people a chance to provide detailed information, or they can be closed ended, which generally calls for a simple yes/no response. In either case, asking questions tells people that you’re interested that they understand.

#6: Focus on benefits, not features

What’s the difference? A feature is some inherent property of an object. A benefit, on the other hand, is a way the feature helps a person. For example, one of the features of a Styrofoam cup, because of the material used, is insulation. Someone who’s planning a party probably doesn’t care how the cup provides insulation. That person is more interested in the fact that such a cup keeps hot things hot and cold things cold.

In the same way, try to focus on benefits of technology rather than features of technology. This distinction becomes more important the higher the level of the person you’re talking to. The CFO probably has little need to know about the specific commands and steps involved in setting up database mirroring. That person will want to know, however, that such a practice reduces the chances of data loss.

#7: Use analogies to make concepts clearer

An analogy involves explaining an unfamiliar concept in terms of a familiar one. For example, in drawing an analogy between a firewall and a bank teller, you could say that people don’t just go directly into a bank and take money out. They go to the teller and identify themselves; the teller makes sure they have enough money; and then the teller gives them the money. Similarly, a firewall ensures that people who want access to a system really are permitted to have that access.

When choosing an example for an analogy, first figure out the general principle you’re trying to explain. Then, choose something from real life that illustrates that principle. Say, for example, that you’re trying to explain memory leaks. Suppose you conclude that the principle involved is that of taking without giving back completely. An example/analogy might be the consequences of pouring a cup of pancake batter into successive measuring cups, or the consequences of lending money to your brother-in-law.

#8: Compare new concepts to familiar ones

Another illustrative technique is to use a familiar or existing product as a comparison. If you’re explaining a new release of a software product, the comparison is easy. Simply discuss the additional capabilities it has over the previous one or how key features are different. If the person hearing your explanation is also an IT person and is familiar with different or older technology, try explaining in those terms if you can. For example, when explaining thin clients, consider a comparison to the old 3270-type terminals that IBM once used for connection to mainframes.

#9: Use the concepts of subsets and supersets

Brooklyn is a subset of New York City, because all of it is a part of that city. Conversely, New York City is a superset of Brooklyn, because the former contains, in addition to all of the latter, other boroughs as well. These concepts are helpful in describing, for example, a “lite” versus a “professional” version of a software product. If the latter does everything the former does, plus more, it truly is a superset of the former, and the former is a subset of the latter. Be careful, though: If the “lite” version does even one thing that’s missing from the professional version, there’s no longer a subset/superset relationship.

#10: Confirm that your explanation makes sense

Once you’ve finished explaining your point or answering a question, ask a final question yourself. Make sure the people who heard your explanation truly did understand it. Consider asking them to give you the explanation in their own words, just to double-check.

Word of the Day: Securities and Exchange Commission (SEC)

The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception. The SEC consists of five commissioners who serve staggered five-year terms. No more than three of the commissioners may belong to the same political party.

The SEC has four major divisions.

• The Division of Corporation Finance ensures corporate disclosure of important information to the investing public.
• The Division of Trading and Markets ensures fairness, order and efficiency in market activities.
• The Division of Investment Management helps protect investors and encourages capital formation through oversight and regulation of the investment management industry.
• The Division of Enforcement investigates securities law violations and initiates civil and criminal actions.

The SEC was created during the Great Depression with the passage of the Securities Exchange Act of 1934, which was designed to bolster confidence in capital markets by providing investors with reliable information and by requiring that individuals and corporations deal with each other honestly.

Word of the Day: Data Center Chiller

A data center chiller is a cooling system used in a data center to remove heat from one element and deposit it into another element. Chillers are used by industrial facilities to cool the water used in their heating, ventilation and air-conditioning (HVAC) units. Round-the-clock operation of chillers is crucial to data center operation, given the considerable heat produced by many servers operating in close proximity to one another. Without them, temperatures would quickly rise to levels that would corrupt mission-critical data and destroy hardware.

The development of powerful chillers and associated computer room air conditioning (CRAC) units has allowed modern data centers to install highly concentrated server clusters, particularly racks of blade servers. Like many consumer and industrial air conditioners, however, chillers consume immense amounts of electricity and require dedicated power supplies and significant portions of annual energy budgets. In fact, chillers typically consume the largest percentage of a data center's electricity.

Manufacturers also have to account for extreme conditions and variability in cooling loads. This requirement has resulted in chillers that are often oversized, leading to inefficient operation. Chillers require a source of water, preferably already cooled to reduce the energy involved in lowering its temperature further. This water, after absorbing the heat from the computers, is cycled through an external cooling tower, allowing the heat to dissipate. Proximity to cold water sources has led to many major new data centers being sited along rivers in colder climates, such as the Pacific Northwest. The chillers themselves, along with integrated heat exchangers, are located outside of the data center, usually on rooftops or side lots.

Manufacturers have approached next-generation chiller design in a number of ways. For large-scale systems, bearingless designs significantly improve power utilization, given that the majority of chiller inefficiency results from energy lost through friction in the bearings. Smaller systems use SMART technologies to rapidly turn a chiller's compressor on and off, letting it work efficiently at 10% to 100% of capacity, depending on the workload. IBM's "Cool Battery" technology employs a chemical reaction to store cold.

To maintain uptime, data center managers have to ensure that chillers have an independent generator if a local power grid fails. Without a chiller, the rest of the system will simply blow hot air. While any well-prepared data center has backup generators to support servers and other systems if external power supplies fail, managers installing UPS and HVAC systems must also determine whether a facility provides emergency power to the chiller itself. Data center designers, for this reason, often include connections for an emergency chiller to be hooked up. Multiple, smaller chillers supplied with independent power supplies generally offer the best balance of redundancy and efficiency, along with effective disaster recovery preparation. As recent major outages at hosting providers like Rackspace have demonstrated, however, once knocked offline, chillers may take too long to cycle back up to protect data centers, during which time servers can quickly overheat and automatically shut down.

Failure mode and effects analysis: Process and system risk assessment

Failure mode and effects analysis (FMEA) is widely used by corporations, manufacturing firms and the U.S. military to evaluate processes or systems (e.g. an incident-response process or a three-tiered application). It prioritizes potential failures by impact severity, probability of occurrence and likelihood of detection.

FMEA risk ratings and narrative rationale can be used to quantify exposure to management and facilitate remediation. Most recently, FMEA was incorporated into Six Sigma and the Information Technology Infrastructure Library (ITIL).

Read this tip

Word of the Day : The 1998 Data Protection Act

The Data Protection Act of 1998 (DPA 1998) is an act of the United Kingdom (UK) Parliament that defines the ways in which information about living people may be legally used and handled. The main intent is to protect individuals against misuse or abuse of information about them. The DPA was first composed in 1984 and was updated in 1998.

The text of DPA 1998 contains six major sections called Parts, followed by 16 explanatory notes called Schedules. The Parts outline the basic rights of data subjects, methods in which data may be handled by those who possess it, special exemptions and modes of enforcement. The Schedules explain the Parts in greater detail and elaborate on diverse contingencies and legal interpretations.

The fundamental principles of DPA 1998 specify that personal data must:

• be processed fairly and lawfully.
• be obtained only for lawful purposes and not processed in any manner incompatible with those purposes.
• be adequate, relevant and not excessive.
• be accurate and current.
• not be retained for longer than necessary.
• be processed in accordance with the rights and freedoms of data subjects.
• be protected against unauthorized or unlawful processing and against accidental loss, destruction or damage.
• not be transferred to a country or territory outside the European Economic Area unless that country or territory protects the rights and freedoms of the data subjects.

Trap malware with honeypots

Trap malware with honeypots
Honepots combine the best aspects of detective and preventative technologies in the fight against malware. Honeypots are systems specifically deployed to be compromised. While the development of commercial honeypots seems to have lost steam, there is a plethora of innovative and freely available honeypot technologies. When carefully deployed, they can strengthen an enterprise's defensive posture in several ways:

• Slow down an intruder's progress by having him waste time breaking into a system that offers no value to the intruder. For instance, the free LaBrea tool stalls port scans and worm propagation activities by creatively responding to an intruder's network connections.
• Decrease the rate of false positives, which often plagues network IDS. Since a honeypot, by definition, should not participate in production activities, almost any connection to it is an indication of malice. A free tool Honeyd emulates servers, devices, and even networks to increase the span of such monitoring without requiring multiple physical systems.
• Capture malware samples for analysis. Since malware is a part of most modern intrusions, capturing it before it finds its way to a production system assists in incident response. One of the free tools that can assist in this task is Nepenthes, which can capture malicious software propagating over the network. With copies of malicious samples at hand, they can be analyzed to understand their capabilities. (Coincidentally, I teach a SANS Institute course about this.)
• Understand the intruder's intentions by observing his interactions with the compromised environment. This can be accomplished by deploying a series of honeypots to fool the intruder, whether a human or a program, about the authenticity of the targeted system. The bootable Honeywall disk, distributed for free by the Honeynet Project, can help enable this, and includes excellent monitoring tools.
• Determine whether your users visited malicious websites by employing a client-side honeypot that crawls and examines Web pages. Drive-by downloads, which exploit vulnerabilities through the Web browser, are a common infection technique. Consistently blocking this threat vector may be hard, but you can still detect the incident quickly. If your organization has a mechanism, such as a proxy server, that records visited URLs, you can use the free Caffeine Monkey tool from SecureWorks to automatically examine those sites for Web exploits.

Word of the Day : OpenNMS

OpenNMS (Open Network Management System) is the first enterprise-grade network management platform developed under the open source model. It was designed to manage tens of thousands of devices from a single server as well as manage unlimited devices using a cluster of servers. OpenNMS includes a discovery engine to automatically configure and manage network devices without operator intervention. It is written in Java and is published under the GNU General Public License. OpenNMS is listed as one of the top 400 projects on Sourceforge and won the Best Systems Management Tool at LinuxWorld Expo in August of 2005.

Currently, OpenNMS has three main functional areas:

• Service monitoring, where a number of monitor modules can determine if network-based services (ICMP, HTTP, DNS, etc.) are available.
• Data Collection by using SNMP and JMX.
• Event management and notifications, which includes alarm reduction and a robust notification system with escalations and duty schedules.

OpenNMS is known for its scalability. Although it can be easily used to manage a small SMB network, it is scalable enough to be used in place of large enterprise management products such as HP OpenView, IBM Tivoli or IBM Micromuse.

Windows XP Professional LifeCycle

Products Released	General Availability Date	Mainstream Support Retired	Extended Support Retired	Service Pack Retired	Notes
Windows XP Professional	31/12/2001	14/04/2009	08/04/2014	30/08/2005

The definitions of mainstream and extended can be found in the table here.

Information extract from Microsoft Website.

Word of the Day : Cloud computing

Cloud computing is a computing paradigm in which tasks are assigned to a combination of connections, software and services accessed over a network. This network of servers and connections is collectively known as "the cloud." Computing at the scale of the cloud allows users to access supercomputer-level power. Using a thin client or other access point, like an iPhone, BlackBerry or laptop, users can reach into the cloud for resources as they need them. For this reason, cloud computing has also been described as "on-demand computing."

This vast processing power is made possible though distributed, large-scale cluster computing, often in concert with server virtualization software, like Xen, and parallel processing. Cloud computing can be contrasted with the traditional desktop computing model, where the resources of a single desktop computer are used to complete tasks, and an expansion of the client/server model. To paraphrase Sun Microsystems' famous adage, in cloud computing the network becomes the supercomputer.

Cloud computing is often used to sort through enormous amounts of data. In fact, Google has an initial edge in cloud computing precisely because of its need to produce instant, accurate results for millions of incoming search inquries every day, parsing through the terabytes of Internet data cached on its servers. Google's approach has been to design and manufacture hundreds of thousands of its own servers from commodity components, connecting relatively inexpensive processors in parallel to create an immensely powerful, scalable system. Google Apps, Maps and Gmail are all based in the cloud. Other companies have already created Web-based operating systems that collect online applications into Flash-based graphic user interfaces (GUIs), often using a look and feel intentionally quite similar to Windows. Hundreds of organizations are already offering free Web services in the cloud.

In many ways, however, cloud computing is simply a buzzword used to repackage grid computing and utility computing, both of which have existed for decades. Like grid computing, cloud computing requires the use of software that can divide and distribute components of a program to thousands of computers. New advances in processors, virtualization technology, disk storage, broadband Internet access and fast, inexpensive servers have all combined to make cloud computing a compelling paradigm. Cloud computing allows users and companies to pay for and use the services and storage that they need, when they need them and, as wireless broadband connection options grow, where they need them. Customers can be billed based upon server utlilization, processing power used or bandwidth consumed. As a result, cloud computing has the potential to upend the software industry entirely, as applications are purchased, licensed and run over the network instead of a user's desktop. This shift will put data centers and their administrators at the center of the distributed network, as processing power, electricity, bandwidth and storage are all managed remotely.

Word of the Day : Rootkits

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.

Rootkits have become more common and their sources more surprising. In late October of 2005, security expert Mark Russinovich of Sysinternals discovered that he had a rootkit on his own computer that had been installed as part of the digital rights management (DRM) component on a Sony audio CD. Experts worry that the practice may be more widespread than the public suspects and that attackers could exploit existing rootkits. "This creates opportunities for virus writers," said Mikko Hypponen, director of AV research for Finnish firm F-Secure Corp. "These rootkits can be exploited by any malware, and when it's used this way, it's harder for firms like ours to distinguish the malicious from the legitimate."

A number of vendors, including Microsoft, F-Secure, and Sysinternals, offer applications that can detect the presence of rootkits. If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer's hard drive and reinstall the operating system.

Enterprise security in 2008: Malware trends suggest new twists on old tricks

Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. A phisher's imposter Web site could be taken out. A spammer's mail server could be added to a blacklist. And for bot-herders, an IRC server, historically used by many botnets to distribute commands to all of the bot-infected hosts, could be shut down.

So, how have today's enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.

Read here for more info

Word of the Day : Spear phishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

According to an article in the New York Times, spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by "sophisticated groups out for financial gain, trade secrets or military information."

Here's one version of a spear phishing attack: The perpetrator finds a Web site for a targeted organization that supplies contact information for employees and other relevant data about the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail appearing to come from an individual who might reasonably request confidential information, such as a network administrator. Typically, a spear phisher requests user names and passwords or asks recipients to click on a link that will result in the user downloading spyware or other malicious programming. The message employs social engineering (fraudulent, non-technical) tactics to convince the recipient. If a single employee falls for the spear phisher's ploy, the attacker can masquerade as that individual and gain access to sensitive data.

Most people have learned to be suspicious of unexpected requests for confidential information and will not divulge personal data in response to e-mail messages or click on links in messages unless they are positive about the source. The relative success of spear phishing relies upon the details used: The apparent source is a known and trusted individual, information within the messsage supports its validity, and the request seems to have a logical basis.

At West Point in 2004, teacher and National Security Agency expert Aaron Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message. In response, they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses, and/or other malware.

IBM's Global Security Index research found that, in 2005, intercepted spear-phishing attempts rose from 56 intercepted attempts in January to over 600,000 in June.