Look out Network Admins

I know alot of IT admins that dont stay up on alerts, so the more the beter. It time to upgrade to the newest IOS version as many flaws are found in the current version. This was announced at the previous BlackHat Conference which caused alot of controversy.

Time to patch your Cisco routers by ZDNet's George Ou -- While Cisco isn't alone in upgrade complexity, the end result is that most end users never patch their routers and switches and just assume they never needs patching. This probably won't change until a conventional PC worm makes the jump to attack IOS vulnerabilities and causes massive damage.

Windows 2000 Security

Windows 2000 Security
By Benjamin Hargis

I was asked recently to go to a car dealership and do a security analysis on their Windows Server 2000 machine.

This is what I recommend doing to any Windows 2000 machine where applicable.

Make sure that the guest account is disabled. It comes disabled by default.

A problem I notice allot is when I go to companies, lots of accounts are still active for employees who no longer work there. They should be removed when the employee is terminated or leaves on their own accord. Disgruntled employees have been known to wreck havoc.

Group policies can and should be implemented in a Windows 2000 environment and audited to make sure there are no extra accounts or accounts with weak passwords.

Password security is also important; if your password is weak it will be cracked. I have been in companies where your password is your initials. That is to simple. Implement password policies and account lockouts after multiple failed login attempts. WARNING this can create a denial of service attack. Create multiple admin accounts and give them different rights. A strong password policy for administrative tasks.

Run Net Share from the command line to view open shares on your network and shut those down unless needed.

Go into the BIOS and set a user password and disable the ability to boot from a floppy, USB, or CD. People can easily grab the SAM file which is a password hash stored on your system from a Linux boot CD or other tools. Then attempt to crack the hash.

Change the administrator account to a different name. That is usually a crackers first attempt. Rename it to something other than root as well.

Use NTFS on all partitions this gives you more control and security than using the FAT file system.

Make sure that the "Everyone" permission is not allowed on your resources, directories, etc.

Have the last user logged on turned off. This makes it easier for an attacker to guess passwords. There already half way there the have the username.

Apply appropriate access control lists.

Don’t forget about the people around you and either lock your workstation when you leave or have a screensaver enabled with a strong password. Insider threats are a reality.

You can enable EFS encryption file system; you can encrypt whole directories as well. I suggest if your really paranoid or smart to look into a utility that allows you to choose different encryption algorithms. I do not like encryption standards that are closed. Meaning we cant see the source code. I prefer open source its easier to look for holes and attacks.

Make backups of all your important files. This is the most important thing I learned in System Administration. Backup, Backup, Backup to something that cannot be overwritten such as a CD-R.

To configure Security Policies use the Security Configuration Toolset you can make your job allot simpler by using snap-ins.

I visited Microsoft’s site to see everything they had, I have to say there is plenty of information.

Shut down services that are not needed. The more ports that are open and the more applications running the more avenues of attack.

Restrict access to Local Security Authority only to admin.

Change log in warning to something like. Authorized Personnel only, "all activities are logged and monitored. Violators will be prosecuted to the fullest extent of the law."

Shut down individual ports, that are not used.

I personally like smartcards for two form authentication. I recommend RSA secure ID for machines that need more security.

Enable auditing to track what users and possible intruders are doing on your system.

Everything from login attempts to access of objects can be audited in Windows 2000.

Protect the registry from anonymous access.

Make sure the audit logs are locked down so they cannot be erased, or tampered with. Only the admin should have rights to these files.

Install service packs.

Make sure that your antivirus is up to date with the latest signatures.

Run a Spy-Ware utility.

You can also run an online vulnerability checker such as Shields Up by Gibson Research.

Get automated patch software.

Remember that security is not something that can be finished. Keep up to date.

Benjamin Hargis CEO & MCP

Phuture Networks

Visit us on the web! http://www.phuturenetworks.com

Article Source: http://EzineArticles.com/

Free Micorsoft Security Toolkit

Follow this link to get a informative newsletter and a free security CD from Microsoft.https://microsoft.order-7.com/sbsnewsletter/addrform.asp

A great article on Spyware definitions

Spyware definitions released by ZDNet's Suzi Turner -- The Anti-Spyware Coalition (ASC) released their definitions of spyware today, available at the website. The document includes a table of technologies that could be classified as spyware, depending on factors including control, notice and consent. Another document (PDF) is available, with a summary of the nearly 400 public comments and the ASC's response. The coalition also outlined their [...]

I liked this article and thought it provided good information.

Google Base

Google Base: What might Google be up to? by ZDNet's Garett Rogers -- Google is smart, they know what they want, and more importantly they know what people want. The answer to both is "information" and "money". Looking at both of these "wants", they must decide how they can do this and stick to their "do no evil" guns.

Google has alot of information this is a good thing but also a concern about privacy. I like Google, they have great technology and I cant wait to see whats going to happen know that they are partnered with one of my favoite companies Sun Microsystems.

Open Source Firewall Scripts

I came across Bill Stearns website today. I have to say I'm quite impressed. Been doing research on open source software security solutions. This site has scripts for rulesets and IP Table configuration.

Ezine Directory

I put up some more articles this time on Wireless Security.

Service Pack 2 For Micorosft Exchange Server Released

Microsot unleashed Service Pack 2 for Microsoft Exchange Server, some improvements are email push capability for BlackBerry and larger mailbox storage. Which can be more of a nightmare than added feauture. Spent most weekend studying Firewalls, packet inspection and ACL's. Learning about chokepoints, DMZ, dual homed servers.

Microsoft Security

It amazes me that Microsoft has already released nine patches this month alone. These vulnerabilities range from remote execution to tampering with your FTP clients. Some of the vulnerabilities allow attackers to take complete control of your system as well. All I can say is backup, backup, backup. I recommend turning on automatic updates as well. I also suggest reading Micrsoft Security Advisories.

Ezine Directory

I got published on Ezine directory for some of my articles on security.They even gave me expert author status. I like this. I plan to continue writing articles to help home users and small businesses with security issues. Im currently reading Practical Unix and Internet Security.

LISA '05

Im stoked. I will be going to San Diego for Large Installation System Administration conference. Ill be booking a room at the hotel and I'm thinking of becoming a member of . I will proabably be going to Sea World as well.

Im also looking forward to Southern California Linux Expo in Feburary:

Website Development

I'm still working on my company website Phuture Networks http://www.phuturenetworks.com figuring out front page extensions. I'm thinking of creating a security alert newsletter for home users. I have been writing content for the site on almost a daily basis and plan to do this for a year straight. I'm happy to announce that I'm a soon to be father, with my lovely lady Jenny. Between work, studying, baby and Phuture Networks I dont understand how I manage and it fires me up to do even more. There is great site I would like to mention that offers SEO information its . This is my friends site. Thats all for today.

Microsoft releases new security product.

Microsoft released "Microsoft Client Protection" It's supposed to protect you from Spyware, Viruses and worms. There is also MS Antispyware in build 615 released on Monday. They also offer a Enterprise addition. I think Microsoft should focus more on designing a secure OS and not needing to produce addons and SP's IMHO.

Phuture News

I've been extremely busy. Studying FreeBSD
Its a UNIX operating system based on the BSD Berkely System Development kernel.It works on Pentium x86 and RISC based processors also Alpha Chips.Unix was designed by Dennis Ritchie and Ken Thompson. I've been working on my website and analyzing good keywords for more traffic. I own a computer security consulting business. It's called Phuture Networks. We can also perform search engine optimization and do consulting on hardware and software. Currently reading alot of psychology and talking to my friend about affiliates.

My company website

I have started working on my company website and I can say its coming along nicely. http://www.phuturenetworks.com
Ive been real busy lately studying books for MBA, learning all I can about marketing prospecting, search engine optimization.Its awesome. I got my IPOD Nano, I love it it is well designed and simplistic the way hardware and software should be. My time and life is consunmed with devouring material on finances, real estate, technology and girlfriend. I love educating myself college taught me to learn and I can cover more material on my own rather than class. I will be enrolling back into college to pursue degrees.

Organic Search Engine Results

It is possible for real estate agents to rank high in the search engines organically. It takes time and effort. But it can be done. It does take a while for the sites to be indexed by search engines. Anybody looking for higher SERP's search engine reults should focus on content, reciprocated and unreciporcated links. Google and Yahoo both pay attention to these. If you want to see immediate traffic, instant gratification I would use PPC or pay per click thru Overture or even Google Adwords. Once you get people visiting your site you need content and fresh content to keep them interested, and hopefully they will fill out a form that will turn into a lead, which could lead to more sales for you.

Real Estate Technology Analyst

I work for a large web deisgn company that specializing in providing website services to Realtors. I educate real estate agents on marketing strategies on the Internet. I also explain and implement things like Pay Per Click, Search Engine Optimization and webpage analysis. I learn daily about how to do more effective keyword analysis, and acheiving high results in organic search results. There is so much to this business. Analyzing Meta-Tags, Headers, Title names. Not to mention link popularity, inbound links and outbound links as well. These are some of my duties:
Skills in Search Engine Optimization, Page Rank, Link Popularity, SEO, PPC, drip systems.
Familiar with Multiple Listing Services, and paid directories.
Website optimization for search engines: HTML, site structure, and page layout issues.
Identify and implement strategies for increasing traffic through organic search listings without creating the risk of sites being blacklisted.
Tracking and Reporting
Continually monitor organic search rankings to maximize traffic and sales
Keyword research including cataloging and indexing target keyword phrases
Keyword research using Word Tracker, Overture, Google and internal tools
Plans, organizes, and implements sales programs for the region. Coordinate directly with outside sales reps. Responsible for marketing and booking appointments for outside sales reps.
Provide realtors with product and service information to assist them in determining appropriate website, e-marketing and hosting solutions

Basic Astronomy

Hipparchus came up with magnitude
The moon is 240,000 miles away.
Ptolemy is one of the most famous astronomers.
Nova means new in Latin.

Kepler's three laws of planetary motion.
1. Planets move ecliptically (egg shaped)
2. Planets do not move at constant speeds but speed up when closer to the sun.
3. A closer planet moves faster than one that is farther than the sun.

Hans Lippershy built first telescope.
Newton- gravitation, nature of light, color, calculus.

Labor Day Weekend

Not much going on. Same thing different day. Currently Reading: Stephen Hawking Universe in a Nutshell. Listening to Nirvana Very Ape, plan to code today and hang out with my lady, which we are working out relationship issues. Aww the wonderfull world of relationships . Have the ring two which I will watch today as well.

Python

Python is a programming language that looks very interesting. This is from Python.org site: What is Python?
Python is an interpreted, interactive, object-oriented programming language. It is often compared to Tcl, Perl, Scheme or Java.

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac, MFC). New built-in modules are easily written in C or C++. Python is also usable as an extension language for applications that need a programmable interface.

The Python implementation is portable: it runs on many brands of UNIX, on Windows, OS/2, Mac, Amiga, and many other platforms. If your favorite system isn't listed here, it may still be supported, if there's a C compiler for it. Ask around on news:comp.lang.python -- or just try compiling Python yourself.
Many of Google's engineers code in Python.