Jon's Network

Fortinet

Jon — Mon, 01 Feb 2010 14:00:43 +0000

(Link: Fortinet) started out about 10 years ago as a small company making this new-fangled thing dubbed later by IDC a UTM device. They have been the market leader in the UTM market for a while now and offer appliances for every size network. They offer a variety of solutions beyond firewalls including endpoint security, antispam, database security, vulnerability management and web application security.

(Link: Fortinet)

What to Do While Under a DDOS Attack

Jon — Tue, 26 Jan 2010 21:48:07 +0000

The Top 10 Things To Do While Under DDoS Attack by Barret Lyon

Virus Bulletin Spam Test Jan 2010

Jon — Fri, 22 Jan 2010 23:07:49 +0000

Virus Bulleting evaluated 15 anti-spam vendors this month. I would love to post the pretty picture where they plot the vendors on a scale of spam catch rate vs false positive rate but I don’t think they would approve. You can sign up to get a copy here.

The formula for the final scores was the catch rate minus three times the false catch rate. Only five scored higher than 98% and one scored above 99%, which was M86 Mailmarshal. Of course this is on the VB test set. Your mileage may vary.

packeteer.com

Jon — Fri, 22 Jan 2010 21:58:31 +0000

In a big acquisition, some things are bound to be neglected. Take the Packetshaper forum at techexchange.packeteer.com for example. It’s spammed regularly.

On a perhaps not unrelated note, packeteer.com is offline (500 error). I would have thought Blue Coat would just 301 redirect it to Bluecoat.com but what do I know?

Fortinet IPO

Jon — Fri, 22 Jan 2010 06:09:22 +0000

Fortinet went public in November 2009 and it went well. The ticker is FTNT. There is a press release here. Cramer spent a whole segment teaching everyone about the UTM market.

BigFix Installation Notes

Jon — Tue, 19 Jan 2010 23:55:11 +0000

BigFix Guides

Deployment Guide

User Guide

Admin Guide

BigFix Network Traffic Guide

BigFix Server Hardware/Software Specifications

BigFix Server Requirements

Provision a dedicated server or virtual image with at least 20 GB of free disk space and 2 GB of RAM
Perform a clean install of a Microsoft Windows Server 2003 | 2008 with all critical patches and Service Packs applied
Install a default instance of Microsoft SQL Server (Standard or Enterprise) locally on the server. If you do not have a license for SQL server, download and install the free 6 month evaluation version from Microsoft.

Network Specifications

Allow the BigFix server to have direct Internet access without going through a proxy.
Allow TCP and UDP traffic on port 52311(default) across any internal firewalls and centrally managed personal firewalls.
Define and propagate an internal DNS entry for the BigFix server so its IP address can be resolved through a fully qualified domain name, for example: bigfix.OrganizationName.TopLevelDomain. If a DNS name is not used, the BigFix server must have a fixed IP address.

Other than applying all relevant patches to the Server OS, also download and install the following software as well prior to our meeting:

BigFix Software Download

BigFix Enterprise Suite is located here (get the evaluation version unless you have received a license already).

If we have a WebEx scheduled for the installation, just download the installer to the server and reboot the machine prior to the meeting.

Installing the BigFix Agent

A complete list of options can be found in the BES System Administrator’s Guide.

For environments with no existing software deployment methods (GPO, login scripts,etc.), the BigFix Deployment Tool may work. For the BigFix Deployment tool, it is important that you are able to meet the requirements outlined at this BigFix KB article.

Using the BigFix Deployment tool to install the BigFix Client to workgroup or domain computers requires the following configuration only during the period of agent installation:

RPC must be enabled
File and print sharing must be enabled
Any local firewalls on the endpoint must be disabled

If you have problems with the deployment tool, it is usually because of one of the following reasons:

RPC is not enabled
File and Print Sharing is not enabled
A personal firewall or other endpoint security tool is blocking the connection (AV, HIPS, etc.)
An internal firewall is blocking the connection
The person using the Deployment tool does not have the correct domain permissions to remotely install software; or, if they are using a local administrative account, they do not have the correct local administrative password

Installing the BigFix Client with MSI

You can use the Microsoft Installer (MSI) version of the BES Client to interpret the package and perform the installation automatically. This MSI version of the client (BESClientMSI.msi) is stored in the BESInstallers\ClientMSI folder. You can run this program directly to install the client or you can call it with arguments. Here are some sample commands, assuming that the MSI version of the Client is in the C:\BESInstallers\ClientMSI folder: msiexec.exe /i c:\BESInstallers\ClientMSI\BESClientMSI.msi /qn

The \qn command performs a silent install. msiexec.exe /i c:\BESInstallers\ClientMSI\BESClientMSI.msi INSTALLDIR="c:\myclient"

This command will install the program to the given directory. You can find the full list of installation options at this Microsoft site.

With the MSI version of the client installer, you can create a Group Policy Object (GPO) for BESClientMSI deployments. For more information on Group Policies, see the Microsoft knowledge base article 887405.

Installing the BigFix Agent on Macs

Installation instructions for the Mac BigFix Agent are here. You may want to use the Apple Remote Desktop feature to automate the delivery.

AppZapper 2 for Snow Leopard

Jon — Wed, 06 Jan 2010 22:54:06 +0000

AppZapper 2 is out and it is really nice. It works for OS X 10.6 or higher. It’s a free update for current users or you can get $3 off a new copy until Friday using the code MACHEISTER or follow this link. It even has a way to store all of your app license information for the apps you want to keep. I have been using 1Password for that so I’ll have to see which is more convenient.

Block or Not

Jon — Thu, 10 Dec 2009 20:29:49 +0000

Marketing game by Palo Alto Networks:

Block or Not

Verizon DBIR 2009 Supplement

Jon — Thu, 10 Dec 2009 06:53:53 +0000

Verizon just released a supplement(pdf) to their 2009 Data Breach Investigations Report

This supplement describes the top 15 threats encountered in the Verizon caseload with recommendations on how to detect and prevent them. A must read for anyone in charge of prioritizing security efforts.

More info here

BigFix Asset Management

Jon — Wed, 09 Dec 2009 21:49:54 +0000

Here is a short podcast on the strategy behind BigFix’s software asset management solution:

How BigFix DSS-SAM Changes the Game of Software Asset Management

According to BigFix research, most organizations overpay for software licenses that they aren’t using. An easy way to save 10-15% off the top of software licensing costs is to use a solution that tracks your assets in real time with useful analytics that you can trust. The flip side to this is that you can also prove you are buying enough licenses which helps when you are audited by your software vendor.

If you are still using spreadsheets to track assets or don’t trust the results of your current asset management software, you may want to try out BigFix.