As other posters have mentioned, the ability to report problems, e.g.: potholes, bad traffic signals, but also to request things like a stop sign at intersection X. This should be put into something akin to Bugzilla or RT and the actual follow-up and resolution kept open for review. Requests for new things should be added to council meetings agenda for review.
Any controversial zoning issues (e.g.: strip clubs, major retail development, polluting factories, etc.) be posted for public comment.
Ability to order municipal-specific supplies online (e.g.: lawn waste bags, dump passes, recycling bags).
Log of where all of those _freakin'_ sirens are going -- sometimes a local paper will print a log of emergency calls, but not always. Nicer to link into police/ambulance/fire systems.
Scheduling for public resources, e.g.: pavillion at a town park.
Town calendar featuring both private and public events, integrating the police ball with the memorial day parade with the local high schools homecoming game on one calendar.
Allow the entry of an arbitrary address and get back relevent informaiton, such as school district including which elementary school & bus schedule, tax records, building permits, sale records, neighborhood information -- including things like how much police/criminal activity is in the area, etc. Make it easy to like this with MLS (real estate listing) systems.
Registry of tradespeople (roofers, plumbers, sewer & drain, odd-jobs, etc.) detailing their certifications, licenses, insurance status, and providing a amazon.com-like rating system where you can post your good/bad experience with them.
Don't you use a firewall? You can't attempt to log in remotely if you're blocking the typical remote access ports -- SSH, telnet, etc.
So you've got a machine sitting on the internet, home to a million and one active worms, and are surprised that it gets scanned constantly?
Don't bother with the abuse reports -- more than likely it's just worm activity from computers whose clueless owners don't realize have been infected. A more recent one attempts SSH logins, which may be what you're seeing.
It it was a _real_ crack attempt then you: 1: Wouldn't know about it. 2: Would be unable to pin it down. It would be bounced through several victim networks, so your ability to see where it's "coming from" is really just the last victim machine in the chain.
Third possibility is script kiddies, in which case you would know about it and where they were coming from, but they would have no chance of success unless you are unwilling to keep up on patches and follow basic security practices like decent passwords.
Best would be to close off remote-login ports altogether. If you need remote login then block for all but the address range you'd be coming from. If you need remote access from random locations, then at least consider using a heavily locked down system (e.g.: OpenBSD) or work _really hard_ to get your systems firewall/logging/etc. set up well.
One OpenBSD/pf feature you might be interested in (also available from other systems) is the ability to tie Snort into the pf ruleset so that remote scanners, once detected, are ignored.
We use rsync to mirror (back up) about 200GB worth of data from a remote office via partial T1 line. Would work well enough over ssh too I suppose.
Our setup actually runs the rsync server on the windows machine. Main problem is that the default one with cygwin dies mysteriously for no apparent reason. Some googling found us a fixed version to use -- 18 months on, no issues.
I'd go with 2003 though -- aside from extremely annoying problems porting apps over from NT due to new security settings (which you wouldn't have as an AD controller) it's been completely trouble free, stable, and quite frankly rock solid. Oh great, now I feel like a microsoft whore.
Do something else. Be a missionary. Join the peace corps (do they take people w/out college degrees?). Hike the appalachian trail.
Main point is to get your know-it-all attitude fixed. Can't focus on something for long periods of time? You _need_ to learn to stick with things or you'll never get anywhere in life.
The real winners in our society are not the smartest, brightest people. They are the ones who through sheer effort of will and unwillingness to give up force success on themselves. This goes for anything - managers (even PHBs), athletes, government workers (ever seen the battery of tests and bureaucratic stuff these people live with?), startup businesses, rich people, poor people (yes, you can succeed at being poor if you try hard enough). Smartness helps -- becoming an M.D. takes more than hard work (lots of that though) -- but it's hardly the major determining factor for most things.
So once you've figured that out, _then_ go to college. It doesn't much matter what the degree is in or where you get it from. People with college degrees are the aristocrats of the current era. Without a degree you can't go very far. With a degree (even a fine arts from a local college) you can get a lucrative position in a stable organization (assuming thats what you will eventually want, which it will be once you settle down and have kids).
Of course sysadmins are going to be in strong demand. Automated systems can only do so much, someone has to fix things when they break down, and the workload keeps increasing.
This isn't unlike a fighter pilot who has too much to think about. Innovations like a heads-up-display and fly-by-wire don't make their job easier -- it just allows for more things to get done.
The complexity of a typical corporate network is absolutely mind boggling, and it is completely unrealistic to suppose that automated systems are going to 'self heal'. Someone has to understand what's going on and how to add and modify things.
I prefer a unix-ish type system, so run Linux or Mac OS X. Since there is no specific need for my desktop to run windows... I don't. I like linux/bsd X-Windows and the multiple desktops, cut-and-paste mouse clicking, and a host of other things. I like Mac OS X for being able to run more proprietary software and being pretty slick visually while giving nothing up in terms of scripting, command line, etc.
Another big reason is not having to worry about licensing -- at least for linux/bsd. No product codes, no worries about an impending audit, no getting budget approval for the $200-500 microsoft OS tax, no worries about how many users access the system, or how many CPUs it has. Not having to worry about it on server systems is a huge relief.
Simulate a hardwall office with a door. Fill the cube walls with concrete powder then soak them with water (best done after hours when no one is around). Build a ceiling for the cube out of 4x8 sheets of 3/4" plywood (or the euro/metric equivalent). Cover this with 2-3 inches of concrete & wet it. You may need to reinforce with a support column to hold up the ceiling. Fit a sheet of plexiglass entryway with some gasket material and maybe a bungee cord or something similar to keep it tightly shut. You'll probably need to rig a 2-layer with air gap piece for the door to prevent sound from leaking out. Finally fill the bottom 2-3 inches of the cube with concrete. This will provide you with a virtually soundproof box in which to work.
There are some drawbacks of course: 1: It will get quite warm. 2: It's rather odd. Most non-idiots use headphones. 3: $$$ Cost 4: Oportunity cost of getting fired and paying for the damages.
First we use rats to get the mines Then we use giant snakes to get the rats then mongoose to get the snakes killer bees to get the mongoose venus flytraps to get the bees agent orange to get the venus flytraps mines to stop the paramilitaries using agent orange
First, "Intangible Assets" are generally accounting conveniences like "goodwill" and have nothing to do with intellectual property. Company A buys company B for $1 billion. Company B's assets are only $100million, the other $900 million is counted as 'goodwill'. Given our screwball stock market the past 20 years or so no wonder tangible vs. intangible is so out of whack.
Second, if a company spends $1 million of Microsoft licenses, it's revenue for Microsoft, but it's not exactly an asset for the company -- it is in the sense they will depreciate it over time perhaps, but it's not as if there is any residual value to a license (which probably can't be transferred anyway). The real value is what is locked up in the software -- the business processes arbitrated by e-mail systems, database systems, etc. $1 million in Oracle licenses pales in comparison to the $1 billion in information stored in that database.
If a company (U.S. or offshore) uses open source software then the effect is the comparable to pirating proprietary software at least to the proprietary software vendor -- they don't get any revenue, but it's actually worse since the proprietary vendor loses the user mindshare (a developer working on pirated oracle is still an oracle developer. A developer working on postgres or mysql is lost to oracle). However to the company that uses free software they derive the same business value and save the bulk of the licensing expense. This is painful for proprietary vendors, but healthy for the businesses who use software.
This is just a fundamental shift in how the software market works. The age of pre-packaged commercial software is (slowly) coming to a close. Are we supposed to mourn the passing? Proprietary vendors are getting a clue though -- IBM is the worlds biggest software company and they are also the worlds biggest proponent of Linux.
It's actually a trackball. I've been using their various incarnations for almost 10 years now, and can heartily recommend the latest one -- it's black, has a ring around the ball that acts as a scroll wheel, and is optical (the older mechanical ones needed cleaning every month or so).
They are large, but extremely comfortable use (possibly because it's large). Cost is around $100, and worth every penny.
I also use a little gel wrist cushion in front of it (it comes with a leatherette thing but it's not as good as the little oval gel cushions you can get.
Pretty easy to get -- CompUsa stocks them for example.
Not all plumbers do sewer and drain work -- there is a lot of new construction and remodeling.
On the other hand I've dealt with 4 different sewer and drain people in the last 18 months (too many trees in the front yard). All of them seemed not only happy to be there, but delighted in figuring out what was plugging things up and operating the various power cutters etc.
For sale: P4 1.4GHz, two 3,000,000GB hard drives (6PB (petabyte) total). See below for a screenshot of the hard drive size. This is an unusual item used for secret cryptography research. Hard drives seem to have some sort of encrypting file system. Boots OK but I'm not all that bright so sold as-is. Own a piece of NSA history today!
I've been using Activestates "PerlMX" through a few name and company revisions -- ActiveState "PureMessage", now Sophos PureMessage.
Anyway, it does anti-spam and anti-virus and general policy type stuff. It has been extremely reliable and has been really excellent -- great spam filtering and now with the sophos AV very up-to-date virus signatures.
Licensed per CPU. We run about 1000 users behind a 1-cpu box and it could easily go to many more users.
Too noisy? Just open up the case and snip the wires going to the fans -- no more noise. The hard drive might still make some noise, so cover the whole case with several layers of quilts -- this will also aid in thermal conservation.
This will work for maybe a minute or two before the computer overheats and permamently dies. But hey -- for that couple of minutes -- man is it quiet.
I know one of the techs that got this going. One day it was announced that they were switching. A timeline was developed and _bam_ the desktops rolled out.
They didn't have time to figure out an e-mail client, so everyone used "pine" for several weeks (in a terminal window) until somone figured out a GUI e-mail client (evolution I think, possibly kmail).
My impression is that user satisfaction was not exactly 100% with the move -- which is a major problem for people contemplating a migration away from windows.
Of course longer-term people will probably get used to it and be very happy with extra stability etc. Just don't get the impression that this was a case of warm-fuzzy feelings and friendly guys with beards floating around and making all of your computer problems go away by putting linux on your desktop -- this was the shotgun approach. Like it or not it's happening. Suddenly it got harder to do your job.
Part 1: Rant (stay tuned for part 2) Why debian? Don't get me wrong -- debian is great for a lot of things, but... sheesh. Are you making a political statement or trying to support an enterprise need?
Focus on the tools you need _first_ and the OS they run on second. Getting a great OS with no tools is a lousy place to be, especially after a few months when the client has refused to pay some bills because things aren't working and you have to explain at a meeting between their CEO/CFO/VP of whatever and your CEO/VP/whatever exactly why not, and that to fix it they need to invest $X more in some other platform along with $Y to migrate.
Part 2: Some ideas The TP monitor (e.g. CICS) is frequently done now in a database, so use begin trans, commit trans or rollback trans, and you've got transactions. At least until your database or number of users gets too big. Postgres is a good open-source database that has commercial support options and supports transactions. There are several others, sapdb I think is one. Not sure if mysql supports transactions or not. This is an area where a commercial app (DB2, Sybase, Oracle) may be a worthwile investment, especially if you get into clustering or HA hardware setups.
Many people use the J2EE framework. In open source that pretty much means jboss. Runs great on linux and you get to deploy lots of apache servers and use buzzwords like 'entity bean' and 'xml'.
What in the h*ll do you need to do schedule-wise that can't be done in anacron and some simple shell-scripting? There is a reason there aren't really any open source schedulers: cron and anacron are ubiquitous and do what they do extrememly well.
[links not provided: it is assumed you can google]
First you'll want "nessus" -- this scans and attempts to exploit vulnerabilities. Comes complete with up-to-date 'signatures' for attacks to ensure that systems are patched or that firewalls are blocking access.
Second you'll want "GFI Languard" and run that to scan the internal Windows PCs -- it will give a nice report of each machine and patches needed (assuming you've got approval and admin access on the domain). This costs like $1k, but has a 30 day free trial to get the client started. Can also be used to deploy patches.
If you don't want to use Languard, which is really quite a bit better, you should at least use Microsofts "Baseline Security" tool. Again, requires admin access, but gives a nice report for each machine you scan.
nmap is nice to document open ports on machines, particularly so-called DMZ or other firewalled internet-accessible hosts.
dsniff is a good tool to watch for insecure protocols. Always fun to report that everyones pop3 password seems to be the same as their domain login password.
lopht crack is good to give a baseline indication of how secure user passwords are. Run it for a set amount of time -- 1 hour say -- using all of the passwords found by dsniff over a day or two as part of it's dictionary.
There's a lot more to do -- check routers etc. for default passwords, war-dial all phone numbers of the company looking for rogue modems and more default passwords, etc. But the tools above should give a pretty good start.
All of these tools produce reports in some flavor, which you can then combine manually. I assume the client is paying you for the report, so some manual effort is OK.
Make sure to push for a 'follow-up' audit after the client has remediated the problems.
Slashdot Mirror
As other posters have mentioned, the ability to report problems, e.g.: potholes, bad traffic signals, but also to request things like a stop sign at intersection X. This should be put into something akin to Bugzilla or RT and the actual follow-up and resolution kept open for review. Requests for new things should be added to council meetings agenda for review.
Any controversial zoning issues (e.g.: strip clubs, major retail development, polluting factories, etc.) be posted for public comment.
Ability to order municipal-specific supplies online (e.g.: lawn waste bags, dump passes, recycling bags).
Log of where all of those _freakin'_ sirens are going -- sometimes a local paper will print a log of emergency calls, but not always. Nicer to link into police/ambulance/fire systems.
Scheduling for public resources, e.g.: pavillion at a town park.
Town calendar featuring both private and public events, integrating the police ball with the memorial day parade with the local high schools homecoming game on one calendar.
Allow the entry of an arbitrary address and get back relevent informaiton, such as school district including which elementary school & bus schedule, tax records, building permits, sale records, neighborhood information -- including things like how much police/criminal activity is in the area, etc. Make it easy to like this with MLS (real estate listing) systems.
Registry of tradespeople (roofers, plumbers, sewer & drain, odd-jobs, etc.) detailing their certifications, licenses, insurance status, and providing a amazon.com-like rating system where you can post your good/bad experience with them.
You wanted ideas --there ya go.
Like this Donut
'course it might be a bit embarassing to sit on a donut all day, but if it helps...
Don't you use a firewall? You can't attempt to log in remotely if you're blocking the typical remote access ports -- SSH, telnet, etc.
So you've got a machine sitting on the internet, home to a million and one active worms, and are surprised that it gets scanned constantly?
Don't bother with the abuse reports -- more than likely it's just worm activity from computers whose clueless owners don't realize have been infected. A more recent one attempts SSH logins, which may be what you're seeing.
It it was a _real_ crack attempt then you:
1: Wouldn't know about it.
2: Would be unable to pin it down. It would be bounced through several victim networks, so your ability to see where it's "coming from" is really just the last victim machine in the chain.
Third possibility is script kiddies, in which case you would know about it and where they were coming from, but they would have no chance of success unless you are unwilling to keep up on patches and follow basic security practices like decent passwords.
Best would be to close off remote-login ports altogether. If you need remote login then block for all but the address range you'd be coming from. If you need remote access from random locations, then at least consider using a heavily locked down system (e.g.: OpenBSD) or work _really hard_ to get your systems firewall/logging/etc. set up well.
One OpenBSD/pf feature you might be interested in (also available from other systems) is the ability to tie Snort into the pf ruleset so that remote scanners, once detected, are ignored.
We use rsync to mirror (back up) about 200GB worth of data from a remote office via partial T1 line. Would work well enough over ssh too I suppose.
Our setup actually runs the rsync server on the windows machine. Main problem is that the default one with cygwin dies mysteriously for no apparent reason. Some googling found us a fixed version to use -- 18 months on, no issues.
spent it. not on tunes though.
Sorry. Had to say it.
I'd go with 2003 though -- aside from extremely annoying problems porting apps over from NT due to new security settings (which you wouldn't have as an AD controller) it's been completely trouble free, stable, and quite frankly rock solid. Oh great, now I feel like a microsoft whore.
ughh... dirty. dirty.
Do something else. Be a missionary. Join the peace corps (do they take people w/out college degrees?). Hike the appalachian trail.
Main point is to get your know-it-all attitude fixed. Can't focus on something for long periods of time? You _need_ to learn to stick with things or you'll never get anywhere in life.
The real winners in our society are not the smartest, brightest people. They are the ones who through sheer effort of will and unwillingness to give up force success on themselves. This goes for anything - managers (even PHBs), athletes, government workers (ever seen the battery of tests and bureaucratic stuff these people live with?), startup businesses, rich people, poor people (yes, you can succeed at being poor if you try hard enough). Smartness helps -- becoming an M.D. takes more than hard work (lots of that though) -- but it's hardly the major determining factor for most things.
So once you've figured that out, _then_ go to college. It doesn't much matter what the degree is in or where you get it from. People with college degrees are the aristocrats of the current era. Without a degree you can't go very far. With a degree (even a fine arts from a local college) you can get a lucrative position in a stable organization (assuming thats what you will eventually want, which it will be once you settle down and have kids).
Of course sysadmins are going to be in strong demand. Automated systems can only do so much, someone has to fix things when they break down, and the workload keeps increasing.
This isn't unlike a fighter pilot who has too much to think about. Innovations like a heads-up-display and fly-by-wire don't make their job easier -- it just allows for more things to get done.
The complexity of a typical corporate network is absolutely mind boggling, and it is completely unrealistic to suppose that automated systems are going to 'self heal'. Someone has to understand what's going on and how to add and modify things.
I prefer a unix-ish type system, so run Linux or Mac OS X. Since there is no specific need for my desktop to run windows... I don't. I like linux/bsd X-Windows and the multiple desktops, cut-and-paste mouse clicking, and a host of other things. I like Mac OS X for being able to run more proprietary software and being pretty slick visually while giving nothing up in terms of scripting, command line, etc.
Another big reason is not having to worry about licensing -- at least for linux/bsd. No product codes, no worries about an impending audit, no getting budget approval for the $200-500 microsoft OS tax, no worries about how many users access the system, or how many CPUs it has. Not having to worry about it on server systems is a huge relief.
Simulate a hardwall office with a door. Fill the cube walls with concrete powder then soak them with water (best done after hours when no one is around). Build a ceiling for the cube out of 4x8 sheets of 3/4" plywood (or the euro/metric equivalent). Cover this with 2-3 inches of concrete & wet it. You may need to reinforce with a support column to hold up the ceiling. Fit a sheet of plexiglass entryway with some gasket material and maybe a bungee cord or something similar to keep it tightly shut. You'll probably need to rig a 2-layer with air gap piece for the door to prevent sound from leaking out. Finally fill the bottom 2-3 inches of the cube with concrete. This will provide you with a virtually soundproof box in which to work.
There are some drawbacks of course:
1: It will get quite warm.
2: It's rather odd. Most non-idiots use headphones.
3: $$$ Cost
4: Oportunity cost of getting fired and paying for the damages.
First we use rats to get the mines
Then we use giant snakes to get the rats
then mongoose to get the snakes
killer bees to get the mongoose
venus flytraps to get the bees
agent orange to get the venus flytraps
mines to stop the paramilitaries using agent orange
Whoa - a complete cycle!
First, "Intangible Assets" are generally accounting conveniences like "goodwill" and have nothing to do with intellectual property. Company A buys company B for $1 billion. Company B's assets are only $100million, the other $900 million is counted as 'goodwill'. Given our screwball stock market the past 20 years or so no wonder tangible vs. intangible is so out of whack.
Second, if a company spends $1 million of Microsoft licenses, it's revenue for Microsoft, but it's not exactly an asset for the company -- it is in the sense they will depreciate it over time perhaps, but it's not as if there is any residual value to a license (which probably can't be transferred anyway). The real value is what is locked up in the software -- the business processes arbitrated by e-mail systems, database systems, etc. $1 million in Oracle licenses pales in comparison to the $1 billion in information stored in that database.
If a company (U.S. or offshore) uses open source software then the effect is the comparable to pirating proprietary software at least to the proprietary software vendor -- they don't get any revenue, but it's actually worse since the proprietary vendor loses the user mindshare (a developer working on pirated oracle is still an oracle developer. A developer working on postgres or mysql is lost to oracle). However to the company that uses free software they derive the same business value and save the bulk of the licensing expense. This is painful for proprietary vendors, but healthy for the businesses who use software.
This is just a fundamental shift in how the software market works. The age of pre-packaged commercial software is (slowly) coming to a close. Are we supposed to mourn the passing? Proprietary vendors are getting a clue though -- IBM is the worlds biggest software company and they are also the worlds biggest proponent of Linux.
I can vouch for the mac version of the mouseworks stuff (at least OS X) -- oodles of functions available plus you can define your own.
It's actually a trackball. I've been using their various incarnations for almost 10 years now, and can heartily recommend the latest one -- it's black, has a ring around the ball that acts as a scroll wheel, and is optical (the older mechanical ones needed cleaning every month or so).
They are large, but extremely comfortable use (possibly because it's large). Cost is around $100, and worth every penny.
I also use a little gel wrist cushion in front of it (it comes with a leatherette thing but it's not as good as the little oval gel cushions you can get.
Pretty easy to get -- CompUsa stocks them for example.
Oh, wait... er...
[cough]
I guess that would be "Power to the Faceless Corporate Money!".
If nothing else, it's refreshing to know that Canadians get the best Government that special-interest money can buy too.
Not all plumbers do sewer and drain work -- there is a lot of new construction and remodeling.
On the other hand I've dealt with 4 different sewer and drain people in the last 18 months (too many trees in the front yard). All of them seemed not only happy to be there, but delighted in figuring out what was plugging things up and operating the various power cutters etc.
Yes, I was going for funny. I had the mistaken impression that a 3 petabyte harddrive would be considered funny. Oh well...
For sale: P4 1.4GHz, two 3,000,000GB hard drives (6PB (petabyte) total). See below for a screenshot of the hard drive size. This is an unusual item used for secret cryptography research. Hard drives seem to have some sort of encrypting file system. Boots OK but I'm not all that bright so sold as-is. Own a piece of NSA history today!
I've been using Activestates "PerlMX" through a few name and company revisions -- ActiveState "PureMessage", now Sophos PureMessage.
Anyway, it does anti-spam and anti-virus and general policy type stuff. It has been extremely reliable and has been really excellent -- great spam filtering and now with the sophos AV very up-to-date virus signatures.
Licensed per CPU. We run about 1000 users behind a 1-cpu box and it could easily go to many more users.
Good luck-
Too noisy? Just open up the case and snip the wires going to the fans -- no more noise. The hard drive might still make some noise, so cover the whole case with several layers of quilts -- this will also aid in thermal conservation.
This will work for maybe a minute or two before the computer overheats and permamently dies. But hey -- for that couple of minutes -- man is it quiet.
If Crystal is running the report, then just set up a samba box with printpdf (see this site for some more info.
Works great. It's free. Infinitely configurable.
I know one of the techs that got this going. One day it was announced that they were switching. A timeline was developed and _bam_ the desktops rolled out.
They didn't have time to figure out an e-mail client, so everyone used "pine" for several weeks (in a terminal window) until somone figured out a GUI e-mail client (evolution I think, possibly kmail).
My impression is that user satisfaction was not exactly 100% with the move -- which is a major problem for people contemplating a migration away from windows.
Of course longer-term people will probably get used to it and be very happy with extra stability etc. Just don't get the impression that this was a case of warm-fuzzy feelings and friendly guys with beards floating around and making all of your computer problems go away by putting linux on your desktop -- this was the shotgun approach. Like it or not it's happening. Suddenly it got harder to do your job.
Part 1: Rant (stay tuned for part 2) ... sheesh. Are you making a political statement or trying to support an enterprise need?
Why debian? Don't get me wrong -- debian is great for a lot of things, but
Focus on the tools you need _first_ and the OS they run on second. Getting a great OS with no tools is a lousy place to be, especially after a few months when the client has refused to pay some bills because things aren't working and you have to explain at a meeting between their CEO/CFO/VP of whatever and your CEO/VP/whatever exactly why not, and that to fix it they need to invest $X more in some other platform along with $Y to migrate.
Part 2: Some ideas
The TP monitor (e.g. CICS) is frequently done now in a database, so use begin trans, commit trans or rollback trans, and you've got transactions. At least until your database or number of users gets too big. Postgres is a good open-source database that has commercial support options and supports transactions. There are several others, sapdb I think is one. Not sure if mysql supports transactions or not. This is an area where a commercial app (DB2, Sybase, Oracle) may be a worthwile investment, especially if you get into clustering or HA hardware setups.
Many people use the J2EE framework. In open source that pretty much means jboss. Runs great on linux and you get to deploy lots of apache servers and use buzzwords like 'entity bean' and 'xml'.
What in the h*ll do you need to do schedule-wise that can't be done in anacron and some simple shell-scripting? There is a reason there aren't really any open source schedulers: cron and anacron are ubiquitous and do what they do extrememly well.
[links not provided: it is assumed you can google]
First you'll want "nessus" -- this scans and attempts to exploit vulnerabilities. Comes complete with up-to-date 'signatures' for attacks to ensure that systems are patched or that firewalls are blocking access.
Second you'll want "GFI Languard" and run that to scan the internal Windows PCs -- it will give a nice report of each machine and patches needed (assuming you've got approval and admin access on the domain). This costs like $1k, but has a 30 day free trial to get the client started. Can also be used to deploy patches.
If you don't want to use Languard, which is really quite a bit better, you should at least use Microsofts "Baseline Security" tool. Again, requires admin access, but gives a nice report for each machine you scan.
nmap is nice to document open ports on machines, particularly so-called DMZ or other firewalled internet-accessible hosts.
dsniff is a good tool to watch for insecure protocols. Always fun to report that everyones pop3 password seems to be the same as their domain login password.
lopht crack is good to give a baseline indication of how secure user passwords are. Run it for a set amount of time -- 1 hour say -- using all of the passwords found by dsniff over a day or two as part of it's dictionary.
There's a lot more to do -- check routers etc. for default passwords, war-dial all phone numbers of the company looking for rogue modems and more default passwords, etc. But the tools above should give a pretty good start.
All of these tools produce reports in some flavor, which you can then combine manually. I assume the client is paying you for the report, so some manual effort is OK.
Make sure to push for a 'follow-up' audit after the client has remediated the problems.
10 wireless access points: $1,000
Internet T1: Already in place, so free
dsniff, mailsnarf, etc. sensor: Teds old P-400, so free
Getting thousands of people to provide their personal info unencrypted over our network every day so that we can re-sell it to marketers: Priceless
Sorry. Had to be done.