Attend our FREE lunch and learn on July 31, 2007

Travis Davies, Network Architect, will discuss the following:

• Learn why you might be bolting down your network too much!
• Learn about "Social Engineering". What is it? Are you guilty?
• Be Password Savvy.
• Learn what you might be doing to compromise your network.
• Are you giving away your Intellectual Property?
• Become educated on these topics and more...

The luncheon will be on July 31, 2007 from 11:30 - 1:00 at Visionpace (17501 E Hwy 40 Suite 218 Independence, MO 64055). Please call Kelly by July 27th at 816-350-7900 to make a reservation.

You have to find the middle ground to keep your network secure and productive. It takes some thought and planning, but once you have the common sense taken care of; you have a good solid base to work from.

Basically high level if you:

• keep all your systems patched with the latest security patches
• have a current standardized firewall
• have current standardized anti-virus/spyware protection
• have common sense password/user policies and procedures
• have a clear understanding of what you have that is sensitive/valuable
• have all sensitive data encrypted
• make your users aware of the Social Engineering aspect of hacking

It will be hard for a hacker to obtain the information they would need to "get" you without a little luck and some social engineering. To put all the pieces together would take a lot of time, effort, and resources. Think like a hacker/thief. What do you have that someone would put forth an extra concentrated effort to "steal" or "cripple" your network? A lot of hackers want your resources not your data. They want a place to store/share data, or use your network to hide their attack on someone else, etc. The common sense steps should protect you from this random opportunistic type of hacker so you can concentrate on the ones that want to cause you specifically harm.

Here is a short topic list of common sense for network security

Social Engineering

One of the best things to do is not computer related but people related. If you have the common sense things taken care of the hackers will have use some aspects of Social Engineering to complete their "puzzle" so they can get what they want. User education is a vital if not crucial part of this.

The good news about hacking today is that many security mechanisms are very effective against most hacking attempts. Firewalls, IDSes, IPSes, and anti-malware scanners have made intrusions and hacking a difficult task. However, the bad news is many hackers have expanded their idea of what hacking means to include social engineering: hackers are going after the weakest link in any organization's security—the people. People are always the biggest problem with security because they are the only element within the secured environment that has the ability to choose to violate the rules. People can be coerced, tricked, duped, or forced into violating some aspect of the security system in order to grant a hacker access. The age-old problem of people exploiting other people by taking advantage of human nature has returned to bypass modern security technology. Protection against social engineering is primarily education. Training personnel about what to look for and to report all abnormal or awkward interactions can be effective countermeasures.

(Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.^[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.)

Public Information

A lot of companies give the CEO elevated privileges. Of course he is the boss, the owner! His name, bio, and email address are all over your website, mailings, public records, etc. Most companies use a username convention of first initial, last name or initials. Now the hackers can guess jboss or jqb as the username and he has half the info he needs to obtain access with elevated privileges. You just did half his work for him. Most organizations freely give away too much information that can be used against them in various types of attacks.

Here are just a few common examples of what anyone can learn about your organization:

• The names of your top executives and any flashy employees you have by perusing your archive of press releases.

• The company addresses, phone number, and fax number from domain name registration.

• The Internet service provider for Internet access through DNS lookup and other tools.

• Employee home addresses, phone numbers, employment history, family members, previous addresses, criminal record, driving history, and more by looking up their names in various free and paid background research sites.

• The operating systems, major programs, programming languages, specialized platforms, network device vendors, and more from job site postings.

• Usernames, e-mail addresses, phone numbers, directory structure, filenames, OS type, Web server platform, scripting languages, web application environments, and more from Web site scanners.

• Flaws in your products, problems with staff, internal issues, company politics, and more from blogs, product reviews, company critiques, and competitive intelligence service.

Passwords

We have been discussing the problems with password security for years. If your IT environment controls authentication using passwords only, it is at greater risk for intrusion and hacking attacks than those that use some form of multifactor authentication. A password is just a string of characters which a person must remember and type when required. Unfortunately, a password that is too complex for a person to remember easily can be discovered by a cracking tool in a frighteningly short period of time. Dictionary attacks, brute force attacks, and hybrid attacks are all various methods used to guess or crack passwords. The only real protection against such threats is to make very long passwords or use multiple factors for authentication. Unfortunately, requiring ever longer passwords causes a reversing of security due to the human factor. People simply do not remember numerous long strings of chaotic characters.

Problems facing password-only authentication systems:

• People who use the same password on multiple accounts.
• People who write their passwords down and store them in obvious places.
• The continued use of insecure protocols that transfer passwords in clear text, such as those used for websites.
• The problem of shoulder surfing or video surveillance.

Password theft, password cracking, and even password guessing are still serious threats to IT environments. The best protection against these threats is to deploy multifactor authentication systems and to train personnel regarding safe password habits.

Default Settings

Nothing makes attacking a target network easier than when that target is using the defaults set by the vendor or manufacturer. Many attack tools and exploit scripts assume that the target is configured using the default settings. Thus, one of the most effective and often overlooked security precautions is simply to change the defaults. To see this problem, all you need to do is search the Internet for sites using the keywords "default passwords". There are numerous sites that have all of the default user names, passwords, access codes, settings, and naming conventions of every software and hardware IT product ever sold. Use standardized customizations, configurations, and settings.

Inside

Majority of security violations actually are caused by internal employees. When someone on the inside decides to attack the company network, many of the security defenses against outside hacking and intrusion are often ineffective. Instead, internal defenses specific to managing internal threats need to be deployed. This could include keystroke monitoring, preventing users from installing software, not allowing any external removable media source, disabling all USB ports, extensive auditing, host-based IDS/IPS, and Internet filtering and monitoring.

This is a very short and high level viewpoint on common sense network security. Like I mentioned at the start it is a very complex and tedious subject. Basically, try using more common sense mixed in with your technology and procedures. .

Travis Davies, MSCE NT 4.0, MCSE 2000, MCSE 2003, MCSA 2000, MCSA 2003, CCNA, CEH, CSSA

Senior Network Architect

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

10 DNS Errors That Will Kill Your Network
http://www.mstraining.com/misc/10_dns_errors_that_will_kill_you.htm
Troubleshooting Active Directory DNS Errors in Windows 2000
http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036
SRV Resource Records May Not Be Created on Domain Controller
http://support.microsoft.com/?kbid=239897
How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515
How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811
How Domain Controllers Are Located in Windows XP
http://support.microsoft.com/?kbid=314861
HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows Server 2003
http://support.microsoft.com/?kbid=816567

Determining the Server GUID of a Domain Controller
http://support.microsoft.com/?kbid=224544
GUID Records Are Not Registered If MX Record with Wildcard Character Is Present
http://support.microsoft.com/?kbid=325208
Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382
Windows 2000 DNS and Active Directory Information and Technical Resources
http://support.microsoft.com/?kbid=298448
Setting Up the Domain Name System for Active Directory
http://support.microsoft.com/?kbid=237675
HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341
HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Travis Davies

Sr Network Architect

Visionpace IT

17501 E US HWY 40

Independence, MO 64055

PH: 816-350-7900 ext 7229

FAX: 816-373-3020

URL: www.visionpaceit.com

EMAIL: tdavies@visionpaceit.com

I started getting an error popup this morning while checking Exchange.
Task 'Microsoft Exchange Server' reported error (0x8004010F) : 'The operation failed. An object could not be found.'

RESOLUTION

Use this method to resolve this problem when you view Properties in the Address lists setting in Exchange System Manager:

1. In Exchange System Manager, expand the Recipients container.
2. Click the Offline Address Lists container.
3. In the right pane, right-click the offline address list object, and then click Properties.
4. On the General tab, verify that a valid address list is populated under Address lists. If a    valid address list is not populated under Address lists, you must add one.

*Note The default address is the global address list.*

5. Click OK.
6. Right-click the offline address list object again, and then click Set as New Default if the offline address list object is not set. 
7. If you made any changes, right-click the offline address list object again, and then click Rebuild.

Next I got a new error.

OALGen encountered error 8004010f while initializing the offline address list generation process.

RESOLUTION
To resolve this problem, follow these steps:

1. Click Start, click Run, type %SystemRoot%\system32\mapisvc.inf, and then click OK. 
2. Locate the [MSEMS_DSA_Admin] section.

3. Locate and then delete the following entry:
   6603001f = Server_Name
   

**Note The Mapisvc.inf file contains a 6603001f entry and a 6603001e entry. When you follow these   steps, do not delete the 6603001e entry.**

Steve Whitcomb
Visionpace-IT
www.Visionpace-IT.com
swhitcomb@visionpaceit.com 

From time to time I run into a issue when a anti-virus programs (usually Symantec) real time protection will quarantine the log files for Exchange. This can happen when someone forgets to set the exception for the Exchange folders for the real time scanning, but I have seen it just happen for no good reason. Here is what I do to correct the issue.

Problem:

E00.log was quarantine

E00193B.log is required for the database to mount

Run Eseutil:

Make sure you are in the exchsrvr\bin folder Type:

eseutil /p "d:\Program files\exchsrvr\mdbdata\priv.edb" | more eseutil /p "d:\Program files\exchsrvr\mdbdata\pub.edb" | more

Perform offline defrag

110% free space is required

eseutil /d "d:\Program files\exchsrvr\mdbdata\priv.edb" /t"X:\tempdfg.edb"

eseutil /d "d:\Program files\exchsrvr\mdbdata\pub.edb" /t"X:\tempdfg.edb"

X: drive there is 110% free space.

Check:

eseutil /mh "d:\Program files\exchsrvr\mdbdata\pub.edb" -> clean shutdown or dirty shutdown eseutil /mh "d:\Program files\exchsrvr\mdbdata\priv.edb" -> clean shutdown or dirty shutdown

Copy the log files to another drive

Mount the database

Dismount the database

Run Isinteg:

isinteg -s sever2 -fix -test alltests

select 1 as an option for private information store isinteg -s server2 -fix -test alltests select 2 as an option for public store

Mount the information stores and test.

Here is a KB article for the process

http://support.microsoft.com/?id=328804

Travis Davies

Sr Network Architect

Visionpace IT

URL: www.visionpaceit.com

EMAIL: tdavies@visionpaceit.com

This has posed a conundrum for Exchange administrators: what's the best way to allow remote users access to their mailboxes?

There are several options to choose from: Microsoft Outlook Web Access does a good job overall, but doesn't allow access to stored mail while users are disconnected; POP and IMAP are useful lightweight protocols, but don't offer the full range of Exchange services; virtual private networks (VPNs) allow secure access, but they also allow the remote machine full run of the connected network, which isn't always desirable; and Internet and Security Acceleration (ISA) Server allows publishing RPC-based services while inspecting inbound RPC traffic to ensure its integrity and harmlessness.

In Outlook 2003 sp1 with Microsoft XP sp2, Microsoft has added full support for tunneling RPC packets inside of Hypertext Transfer Protocol (or, more precisely, Secure Sockets Layer [SSL]-protected HTTP) packets. With the right configuration, a mobile user can launch Outlook, connect to the corporate network on port 443, and have his or her RPC traffic tunneled from the network entry point to the Exchange server. Users get complete Outlook functionality, and administrators enjoy the protection of blocking plain RPC traffic at the perimeter. However, this magic requires some configuration on the Outlook side but once you get it working it is wonderful.

I am currently working on a CRM implementation for a client that is using a older version of Goldmine (5.5). While Goldmine 5.5 had the ability to use a SQL Server database as it backend, it still used the old xBase data structure. Using the CRM Data Migration tool and appropriate Excel spreadsheet provide with the kit, the data mapping will not work because of the Account.AccountID to Contact1.RECID data mismatch. So here is my solution so far, upgrade Goldmine to 5.7 then to 6.7. After that the data structure should match the handy spreadsheet that Microsoft provides to map to the CDF database. Keep visiting, I will be posting the progress as I go.

Steve Whitcomb
Visionpace-IT
www.Visionpace-IT.com
swhitcomb@visionpaceit.com

When you publish the new Microsoft Internet Explorer 7 on your Citrix server you will have problems displaying tranparent GIF's. Instead of being "transparent" they were showing the underlying color. This only happens on the publshed application, not the Citrix desktop or with a RDP session.

Here is how to fix it for now:

"Disable Speed Browser Acceleration on your farm"

Michael Wright
CCEA CSSA
Senior Network Engineer
URL: www.visionpaceit.com
E-Mail: mwright@visionpaceit.com