Think back many years to when AMD was known as "Advanced Micro Devices" and made Intel compatible chips. That's why we had the "Pentium(tm)" and not "586" being marketted.
Boss: jgrumbles, our company is growing fast; we've doubled in
size over the past 48 months. We need you to design, build and implement an
EDI to replace our AS/400 system. Plan for expansion into RFID, shipping and
automated tracking & billing. Would you mind using Ask Slashdot for
guidance in this risky, company-wide endeavour?
I'd rather use a text editor. If your server is colo'd across the country do you really need a bunch of windows popping open via X or whatever MS' thing is called just to change some settings?
I was thinking the exact opposite. I like editting a plain ol' text file by hand. Editting XML is a pain; yeah it's all text but then so is Postscript.
Another concern, and a lesson learned from the last launch, was that Japanese gamers at the were hesitant to buy into a new, wholly unfamiliar console.
So let's introduce this new console in Japan after it's been introducd everywhere else on Earth. That'll warm them up to us.
I forgot about this one too. At home I took the hosts file which you can get for Spybot Search & Destroy and used some of the names from there. Of course you'll have to nslookup machines from the hosts file and add the real IPs to your firewall.
Googling for that will get you some nice hosts files.
We have a bunch in our PIX configs. Here's a few to start (and some may be old or broken, we don't actively check) I usually google around for the spyware places.
Not sure how this will wrap...
: www.xcelent.biz evilness. see http://www.theregister.co.uk/2004/09/22/opt-out_ex ploit/ access-list CSM-acl-Ginside deny ip any host 61.218.79.53
: gator.com [SPYWARE] access-list CSM-acl-Ginside deny ip any 64.94.89.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 204.238.120.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 64.162.206.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 63.197.87.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 216.30.17.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 208.184.198.0 255.255.255.128 access-list CSM-acl-Ginside deny ip any 216.141.76.128 255.255.255.248 access-list CSM-acl-Ginside deny ip any 64.152.73.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 66.35.229.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any 64.152.64.0 255.255.255.0
: cydoor access-list CSM-acl-Ginside deny ip any host 209.10.17.133 access-list CSM-acl-Ginside deny ip any 209.73.225.0 255.255.255.0 access-list CSM-acl-Ginside deny ip any host 212.29.215.3 access-list CSM-acl-Ginside deny ip any host 209.11.42.240
: friendgreetings.com "worm", see :http://securityresponse.symantec.com/avcente r/venc/data/friendgreetings.html access-list CSM-acl-Ginside deny ip any host 207.21.232.104 access-list CSM-acl-Ginside deny ip any host 65.89.168.69 access-list CSM-acl-Ginside deny ip any 216.34.38.64 255.255.255.192 access-list CSM-acl-Ginside deny ip any host 216.65.63.139
: activex viruslike crud, see http://zdnet.com.com/2100-1105_2-1026228.html acc ess-list CSM-acl-Ginside deny ip any 216.187.107.0 255.255.255.0
: www.freescratchandwin.com <- spyware, logger, hijacker. access-list CSM-acl-Ginside deny ip any 206.161.193.0 255.255.255.0
: zotob worm. Mainly for detection internally. grg 20050817 :diabl0.turkcoders.net port 8080 normally. access-list CSM-acl-Ginside deny ip any host 84.244.5.237
I like the DMZ method as another layer of security. A laptop that has been on the road for a while may not have had updates installed. So the person hooks it up when they get back home from a trip and whammo the latest Windows worm gets them.
Put your laptops on a DMZ-like subnet. Don't allow unrestricted
access from that to the rest of the LAN. ie.: only allow them access to your
servers and other necessary resources. If they don't need to access Bertha's
PC in Accounts Receivables then block it.
Block spyware sites on
your firewall and log it. If you see a laptop trying to get to $SPYWARESITE
you know they've installed crap. Go remove it.
Make sure they have
antivirus and antispyware stuff installed, up to date and running. A
lot of people turn it off because "it slows my machine down"
Ideally you won't let them have admin access. Far too often laptops show
up with Kazaa or other shit installed because they let their kids play with
the machines at home. Bad move, it's company property with
company information but many people think the other way around.
Assuming you're the IT manager you should have every right to remove such
crap. Check your policies first.
Very important: Make a log of everything you have to fix If and
when you start to enforce policy you need hard data to back up your
actions.
We have the Fluke Optiview stuff too. I don't know if it came cheaper because we bought a Fluke LAN meter (~$12K at the time) as well. Handy piece of software.
We're doing something similar at work so it's still fresh in my
mind. First off: lose the Photoshop crud. Assuming your switches are
managed or have at least some smarts in them I'd suggest using
SNMP, $LANGUAGE and PHP to track your port information. Then any of
your admins can access it via a webpage on your intranet. ($LANGUAGE
can be anything but we like python and perl)
Consider replacing the
hubs in your diagram with switches that have some smarts and SNMP. Not
a crap LinkSys thing for $19 at BestBuy or whatever. A real, managed
switch with a serial console port would be best IMHO.
Consider an
"out of band" private network too. Something you can use to connect to
another machine in the closets with a serial link to the switch console
ports. That way if a switch/firewall/router stops talking you can remotely get to it
via the console. We just received a bunch of old fibercopper media
converters for this purpose (some of the runs are long)
You're
there to manage the network, not just pretty up diagram in
Photoshop, right?
[...] at the moment computer security is rather basic and mostly
reactive.
OpenBSD has been
proactive since Day 1. And, really, can anyone speak authoritatively
on computer issues 5 years in advance let alone 50?
If I drank a strong
tea brewed from Theo de Raadt's toenail clippings I could glean knowledge
from perhaps a couple of days in the future, but beyond that you're getting
into the realm of Xenu.
Yep. A while back now (just over a year I think) I had a "call for beers" for other Winnipeg/.ers to meet at the Kings Head downtown. Nice and central for everyone. One other fellow showed up at the time but others had replied.
Slashdot Mirror
Think back many years to when AMD was known as "Advanced Micro Devices" and made Intel compatible chips. That's why we had the "Pentium(tm)" and not "586" being marketted.
I wish slashdot would stop posting this crap.
Too bad slashcode won't let you post that to *
Boss: jgrumbles, our company is growing fast; we've doubled in size over the past 48 months. We need you to design, build and implement an EDI to replace our AS/400 system. Plan for expansion into RFID, shipping and automated tracking & billing. Would you mind using Ask Slashdot for guidance in this risky, company-wide endeavour?
I'd rather use a text editor. If your server is colo'd across the country do you really need a bunch of windows popping open via X or whatever MS' thing is called just to change some settings?
When I got my divorce the ~2200 ft^2 here got a lot bigger. Food costs went down by about 80% too.
I was thinking the exact opposite. I like editting a plain ol' text file by hand. Editting XML is a pain; yeah it's all text but then so is Postscript.
Another concern, and a lesson learned from the last launch, was that Japanese gamers at the were hesitant to buy into a new, wholly unfamiliar console.
So let's introduce this new console in Japan after it's been introducd everywhere else on Earth. That'll warm them up to us.
why read or write when you can listen or speak?
TV was made for losers like this.
I forgot about this one too. At home I took the hosts file which you can get for Spybot Search & Destroy and used some of the names from there. Of course you'll have to nslookup machines from the hosts file and add the real IPs to your firewall.
Googling for that will get you some nice hosts files.
We have a bunch in our PIX configs. Here's a few to start (and some may be old or broken, we don't actively check) I usually google around for the spyware places. Not sure how this will wrap...etc etc etc
I like the DMZ method as another layer of security. A laptop that has been on the road for a while may not have had updates installed. So the person hooks it up when they get back home from a trip and whammo the latest Windows worm gets them.
Put your laptops on a DMZ-like subnet. Don't allow unrestricted access from that to the rest of the LAN. ie.: only allow them access to your servers and other necessary resources. If they don't need to access Bertha's PC in Accounts Receivables then block it.
Block spyware sites on your firewall and log it. If you see a laptop trying to get to $SPYWARESITE you know they've installed crap. Go remove it.
Make sure they have antivirus and antispyware stuff installed, up to date and running. A lot of people turn it off because "it slows my machine down"
Ideally you won't let them have admin access. Far too often laptops show up with Kazaa or other shit installed because they let their kids play with the machines at home. Bad move, it's company property with company information but many people think the other way around. Assuming you're the IT manager you should have every right to remove such crap. Check your policies first.
Very important: Make a log of everything you have to fix If and when you start to enforce policy you need hard data to back up your actions.
Microsoft's marketting gurus will come up with a slogan like "Celebrate the 42nd anniversary of JFK's assassination with a brand new XBOX 360!"
They found the planet where the Loyal Officers are holding Xenu captive?
NetAdmins don't do Photoshop.
:)
That should be in your sig.
We have the Fluke Optiview stuff too. I don't know if it came cheaper because we bought a Fluke LAN meter (~$12K at the time) as well. Handy piece of software.
We're doing something similar at work so it's still fresh in my mind. First off: lose the Photoshop crud. Assuming your switches are managed or have at least some smarts in them I'd suggest using SNMP, $LANGUAGE and PHP to track your port information. Then any of your admins can access it via a webpage on your intranet. ($LANGUAGE can be anything but we like python and perl)
Consider replacing the hubs in your diagram with switches that have some smarts and SNMP. Not a crap LinkSys thing for $19 at BestBuy or whatever. A real, managed switch with a serial console port would be best IMHO.
Consider an "out of band" private network too. Something you can use to connect to another machine in the closets with a serial link to the switch console ports. That way if a switch/firewall/router stops talking you can remotely get to it via the console. We just received a bunch of old fibercopper media converters for this purpose (some of the runs are long)
You're there to manage the network, not just pretty up diagram in Photoshop, right?
[...] at the moment computer security is rather basic and mostly reactive.
OpenBSD has been proactive since Day 1. And, really, can anyone speak authoritatively on computer issues 5 years in advance let alone 50?
If I drank a strong tea brewed from Theo de Raadt's toenail clippings I could glean knowledge from perhaps a couple of days in the future, but beyond that you're getting into the realm of Xenu.
Yep. A while back now (just over a year I think) I had a "call for beers" for other Winnipeg
Should do it again before the snow falls.
Thanks, but I found this eMule link earlier. I forgot about this album after my initial look. Not my cup of tea but the subject matter could be funny.
Not a shithole but it's cold in the winter :) I've been looking for that album for a while after hearing about it actually.
In Winnipeg we just leave water outside for a few minutes.
Be careful, it seems the christian mythologists have mod points...
Search for something like: http://an.tacoda.net/an/11711/slf.js Unless you're using blocker which smites the offending site already I guess.
We all know why this is happening to us.
Yep, because terrorists hate our freedom.