Also have a look at E-SET NOD32. They've actually got heuristics working properly., the window between virus release, vendor awareness followed by vendor update isn't fast enough these days and NOD32 seems to trump them all with their effective heuristics.
Last week whilst selecting a replacement anti-virus for our existing Symantec Corporate installation, I was lucky enough to receive a virus sample by e-mail (to an otherwise unfiltered mailbox). I received this virus at 18:05, Kaspersky first became aware of the viruses existance at around 21:00, followed by an update at 23:00. Similar stories or worse with Symantec, Trend, F-Prot, ClamAV and various other well known scanners. NOD32 however spotted the virus "blocked looks like xyz submitting sample for further analysis" at 18:05.
Don't ignore this update window, which really isn't working out to well these days.
In addition NOD-32 is really quick, low on resources and has really good anti-spyware detection using the same technology.
VMWare server seems to be working fine, I've installed on a test server and have copied a few existing virtual machines across to see how well they work. The only real problem so far is that the Windows Console app seems to be a bit wobbly over a DSL link, whereas although GSX was slow it was still usable. It took me 10 minutes to login to a windows 2003 server and change a password through the console via DSL.
I built the system up from a CENTOS server 4 CD. Downloaded the main RPM and MUI.tar.gz. Installation was painless an rpm -i and a.tar.gz and install script. Followed by a few trivial configuration options.
The only real gotcha is that the client is incompatible with existing GSX/ESX console application. However you can install the new console on the same system as the new one as long as you don't have any existing workstation or gsx server installs on your machine.
Virtualisation is ready for prime-time, just don't expect back magic. You can't take two heavily loaded systems and fit them in one equivilent VMWARE system. If like a lot of places you have a one service one server policy in order to make configuration and management easier then it's very easy to make some good savings with VMWARE, particularly if you want to maintain an identical test or DR environment.
Grandparent was about the Google Talk system and not the Jabber Network in general. Originally Google Talk was Jabber compatible but closed to connections from other servers, they have now opened it up, but there is still no way to talk using a Google ID and the Google Client to users not on the Jabber Network.
I'm well aware that there are ways to bridge the gap between Jabber and other networks.
Well the only major difference between GSX and workstation is that GSX allows you to control startup / shutdown of virtual machines so that they can start at windows boot, it also supports remote administration and I believe you can manage the machines through their other tools such as VirtualCentre. I don't believe there is any great difference in system requirements for GSX over Workstation.
Ultimately GSX, Workstation and player are all essentially the same technology. ESX only differs by being a custom linux distribution making it very easy to install and a web interface to control operation and a few enterprise features such as VLANS and the VMotion addons. They've also moved some of the virtual machine I/O and handling into a kernel module rather than running in userland to gain some sort of performance advantage. Rather strangely ESX seems to be slow at supporting iSCSI. Of course there are also tools to limit bandwidth and control CPU usage on individual machines, whereas with GSX and Workstation it's a free for all.
Personally after trialling VMWARE ESX and GSX I actually prefer GSX. The "grow on use" disk type available for GSX is certainly better for small single use servers, flexibility to grow and keeps image sizes down for backups. I also really miss the client CD-ROM and floppy support which again is absent from ESX. The control panel also seems quite flakey.
Personally I feel that VMWARE have got the pricing structure wrong somehow. The only way to truely consolidate is to use big machines (20-30GB RAM) the problem here is that the cost of 4GB RAM modules is rather prohibitive, then add in some server redundancy and all the VMWARE licensing fees and it doesn't make sense any more. I'd actually prefer to pay a reasonable cost per active virtual machine, that way we can keep redundant hardware and move machines around as we see fit for performance or DR purposes.
I'm quite keen for GSX to be free or cheap, it'll then make cost sense to consider a VMWare strategy.
The scams ARE sent through hotmails servers. The one difference between the nigerian scams and pretty much any other SPAM is they WANT to receive a reply to the message, so the messages are not forged in any way.
These messages are sent through legitimate hotmail accounts, through what I suspect is the Outlook / Hotmail server transport thingy, giving them enough scripting capabilities to drip feed e-mails out through several accounts below the thresholds that would alert hotmail to an abusive customer.
This does make it very hard to block these messages as they are completely authenticate and are not forged in any way, plus they are sent through one of the worlds largest e-mail providers, making it impractical to block in a commercial environment.
Give greylisting+spf a try. You lose a few messages from retarded mail servers and a slight delay in receiving messages from a sender the first time, otherwise stops virtually all spam and viruses dead and is very lightweight.
You don't need to train anything in order to get it working and is excellent for large scale deployments with lots of users as they don't need to do anything in order to get 100% out of the system.
I measured performance recently by manually filtering two days mail to approx 1200 mailboxes, over 9000 manually messages. NOT a single SPAM and only 3 fraud mails and only 4 e-mail viruses that were detected by additional measures further downstream.
What is also interesting is that once you've been successfully blocking virtually all SPAM for a while, you tend to receive a lot less of it. If your users are not triggering the web bugs or clicking the links then your are targetted by spammers alot less.
Many people are skeptical about greylisting due to the fact that some mailservers are broken and do not work well with it and also the fact that a delay is added onto messages. For the first complaint, at least the same people will be blocked so you will have some chance of detecting the problem and at least it will be consistent, compare that to content matching techniques which will mislabel random messages all over the place. The message delay in practice is not really a problem either, very few users have even noticed the delay as it in most cases it's only a few minutes long and it is only for the first message. People who are being very impatient tend to try sending the message again, this usually forces the mails to arrive quite promptly.
Jason.
Re:More people should use SpamCop.Net
on
Spam is Dead
·
· Score: 1
SpamCop is awful. We've been placed into the blocklist on more than one occassion as a result of one or two completely daft individuals who continually report our messages as SPAM, with no easy way out for us. The messages were sent BY HAND, by a GOVERNMENT agency with whom the individuals regularly have sit down meetings with AND WANT the messages through.
On each occassion I've phoned the individual who made the complaint to see what the problem was, each time it was "oh did I, must have clicked the wrong button", I've actually now threatened to blacklist the two of the most troublesome people and they are absolutely horrified by that idea as they rely on us for grants, free advertising and business advice etc.
The SpamCop system is completely flawed and your comment about those with free time reporting everything just about proves it. I've not seen some of the mail client addons for Spamcop, but it wouldn't at all surprise me if there is a certain class of user who uses it as a delete key.
Jason
Re:Spam is dead for me.
on
Spam is Dead
·
· Score: 2, Insightful
If you forward your mail into your gmail account, the spam checkers don't work anywhere near as well or even at all, google must rely heavily on blacklists.
We've a 4 hour call out contract with dell, it's a standard support offering. Most of the time they don't have any problems getting the components and engineer to us despite being well out in the sticks (West Wales). They will often bike the components down to us, on the off chance the engineer can't make it on time but the part has arrived then in most cases it's a simple enough task to self install.
It is quite funny seeing a part arrive by bike and then a dell engineer seperately turning up to remove a faulty hot swap disk, replace it and go back on his way.
Of course this does rely on being relatively sure what the fault is before the dell engineer arrives. Most of the time they've given us good service under this deal, except in a few exceptional cases where the whole machine needed replacing.
Fairly good point there, mudding will give them really fast typing skills, sharpen up their reading and encourage them to use their imagination. Once they get a bit advanced an introduction to area building and some scripting isn't a bad move either. My kids would probably warm to this now, I keep being pestered to show them how to get into DOS Boxes and Telnet Windows, theres something about the mysterious black boxes gets their interest. Now only to find a MUD suitable for kids, by suitable I mean no adult content and not game complexity.
Still even trading card games such as Pokemon / Yu-Gi-Oh etc. have some educational value if you sit the kids down and actually teach them how to play the game properly, they'll learn to do some integer maths and work out some strategies. Much better than the tap-click-tap of mindless console games.
Actually I don't think it's the corporates that are the issue. Anyone with a large network is using some sort of patch management tools such as WUS or some 3rd party tool, they get to release the patches as and when they wish after they've had the change to test properly.
The real problem with dropping patches all the time is that regular home users will get really pissed off with windows update rebooting their machine several times a week, users pissed off with updates will switch off the updates and no one really wants that to happen.
So the two week cycle is a careful balance between user annoyance vs speed of patching.
Of course any really critical patches should be released as soon as they are ready, the non-critical could wait for the twice monthly slot.
The Knoppix-STD distribution is excellent and I've seen it used and recommended by professional penetration testers.
Example uses of Knoppix-STD in computer forensics, image and checksum the hard drive. Mount a windows partition, crack off the administrator password, browse internet explorer histories and cookies, undelete files, view recycle bins etc. etc. All with well packaged Linux tools.
Knoppix-STD also has a pretty much all you'll need for emergency firewalling, packet sniffing and IDS, vulnerability scanning and pretty much anything else you'd want to do wether you are wearing the white or black hat.
Professional penetration testers use a large number of apps, they might use something like nessus or nmap to get started, but then depending on what they find on the network they'll adjust the tools accordingly. When we were professionally penetration tested we had our internet facing services (ie. e-mail, web, dns, firewall, vpn) checked, plus all our internal servers wether windows, linux, BSD or whatever. Wardialling our dial-in ranges, attempting to hack our Wifi installation and also working out what information could be leaked by a stolen windows laptop.
They used a good chunk of the tools on Knoppix-STD, an assortment of exploits, plus assorted other testing tools such as brute forcers for SQL Server and some of their own internally developed testing tools and scripts.
There is a great deal more to penetration testing than running nessus on a network, particularly if you really want to find where your holes are. Another big area of penetration testing is testing web services and software testing which we didn't cover with our test.
Redstore.com will sell you OEM Windows XP SP2 Professional for £85.20+VAT or the home edition for £56.20+VAT. I suggest you shop around a bit, I'm sure there are other retail suppliers who will give you access to OEM Microsoft Pricing.
I really don't understand why people would buy a home build any more. Dell are selling a reasonable low-end PC (Celeron 2.53Ghz, 512MB RAM, 80GB HDD, 17" CRT, XP Home) for £249 including 15 months McAffe and MS Works, attempting to home build the equivilant system (without the additional software) puts the price at closer to £400. You can chop the operating system and screen from the home build and the price is still far more expensive than the Dell system.
There is a separate problem with USB keys, if you allow their use then there is an opportunity for them to be lost, everyone misplaces things and you couldn't exactly fire someone for that. If they are not allowed then they can't be lost.
If someone is deliberately stealing information you've got an employment contract and the law on your side. There is also only so much you can be expected to do to protect against this in most environments.
In either scenario data can walk out your door. The loss of a USB key is more likely, deliberate theft is likely to cost more, either way around it doesn't do you reputation any good.
Prohibiting USB storage devices is a sensible step to help prevent both loss and deliberate theft of your data.
We've had a big increase in load due to mobile working and a shift from a PC as a calculator / word processor to PC as primary entry point for day to day work (all database driven, document management systems). All of these additional applications require supporting and with each iteration the reliance on reliable and fast WAN and internet links increases.
So while yes, a particular job gets easier and can be automated or delegated, there are however new applications and environments to support, without equiviliant increases in resources.
Yes a toaster, car and oven may contain code. However it's likely to be under 4K of object code and a few thousand lines of assembler / C if that. To top it all off the interactions are limited and the system is running on a known consistent hardware platform. Getting this sort of system bomb proof is far easier than the most trivial windows app. You have no OS to worry about, no 3rd party drivers, no installation routine and more importantly no user tinkering and very clearly defined ways for the user to interact with the system.
Embedded is far easier to develop and get a reliable system for. In addition the code is generally better tested as it's just not practical to upgrade firmware for half a million toasters after the product has shipped.
Jason.
Re:I think I buy into this "ajax" thing
on
Ajax in Action
·
· Score: 1
I'm seeing alot of business apps (CRM, GIS, Accounting, Asset Management etc.) all changing from traditional client-server (Either Windows or Terminal Clients) going over to web based applications, the vast majority of these apps are now going to a web system as the primary interface, even those that have client software usually have a web interface for casual use.
Personally I feel this is a retrograde step for efficiency as a trained data entry operator can work far faster in a text console style accounting program with a few macros than they ever can in a typical web application. Perhaps the improvements available through AJAX style apps can get some of the responsiveness back, typically these applications are all traditional and slow form based web apps.
Interestingly enough it's these apps that are usually the stumbling block to moving an office over to an open source desktop, as historically all these apps have been windows based compiled applications, with this shift to web based applications there is a greater possibility of using a Linux based desktop.
I completed the same course 9 years ago and it was enough to get my first programming job and move up. A degree wasn't essential, but I'm sure if I hadn't had that first opportunity then a degree would have been "essential". It's all luck of the draw, I was employed by my IT lecturers who were setting up a startup. That kept me very occupied for 7 years and gave me some great experience in IT and management. I've now hopped over into local government where I'm Security Officer.
I'd thoroughly recommend getting into local government IT in the UK as they are usually underfunded with poorly trained "lifer" staff, yet have stupidly large WANS and a ridiculous amount of different applications to develop and support all with a relatively small actual user base (150 locations/offices, 150 servers, approx 300 applications, 2000 users, Cisco, Windows 2003, Solaris, SCO, Linux, BSD, SQL Server, Ingres, Oracle). It's certainly worth keeping an eye out for even very poorly paid low-level jobs in your local council, just be sure that they are within their IT department and not an Information Officer in an actual department. It would be very worthwhile taking on summer / work placement type stuff and I'm sure they would be receptive to this.
If you are still not getting anywhere I'd suggest getting your tesco job back and perhaps follow up with a part-time HND, make sure you take the CCNA exam if it is also offered. Also while your doing that try and get some sort of work placement.
I just posted a message on the blog, but I'll reiterate it here.
NOTHING has really changed for firefox if they go for YELLOW/GOLD for SSL sites with bad / unverified SSL certificates.
YELLOW is the current SSL state in firefox for ANY secure site. GREEN is a new additional SSL state for sites with trusted CAs.
This is actually quite good as all users can be taught to treat the YELLOW ones with some caution. Either because they are using an older browser version that doesn't support the GREEN or the site is not properly verified.
I really don't see the problem. It seems like a sensible way to introduce the change.
You can do a lot with Remote Installation Services, Software Installation Services and Group Policy. It's all fairly straightforward and a fair amount of point and click. The end results are something along the lines of kickstart. The only really hairy parts are getting the drivers working right.
There are also 3rd party tools such as a Altiris, Ghost etc. that are reasonable tools for drive cloning and blasting. There is also a fairly good free tool called n-lite that allows you to build new bootable windows CD's with stripstreamed services packs, updates and drivers. If you plug your windows volume license key in here and a few other bits, the whole thing can install completely unattended, a small amount of additional scripting and the machines profile could be fully set up.
RIS does take a while to do an install, but with some scripting the whole thing is hands off. When it's fully automatic it doesn't really matter if a build takes 4 minutes or 4 hours, the important thing is that you can get on with something else in the meantime.
In general it is definitely easier to clone and image Linux machines than Windows as there are none of the sid problems. Network booting over NFS and other funky measures also all work pretty well.
I guess it depends really. If this operation is likely to be repeated in a few different places within your code it makes sense to set it up once as a stored procedure or a view. Particularly if you are going to write a web client in Perl/PHP etc. and again as a compiled windows client. Do the work once.
The other big benefit of stored procedures is that they can be alot more network efficent. Particularly over slower links. Web apps don't tend to be lower bandwidth and fairly responsive even over relatively slow links. However they don't tend to be very efficient for full time data entry, a compiled gui application is better suited to full time use. It's in these circumstances that the savings from views / stored procedures etc. really show through.
Stored procedures can really speed up recursive operations, those really are inefficent even over LAN links.
Root kits will normally includ things such as modded ps and other modified binaries so that the system appears to be running fine, yet has a backdoor and any logging / system monitoring tools will not show any processes or activity.
There is more to a root kit than just a replacement ps, but of course that is a critical element.
No it's not rocket science, but in practice modding system binaries whilst on the outside keeping the system appearing to be running normally is much harder, different library / operating system / architectures to deal with and the fact that you are messing around with core system files.
Slashdot Mirror
Also have a look at E-SET NOD32. They've actually got heuristics working properly., the window between virus release, vendor awareness followed by vendor update isn't fast enough these days and NOD32 seems to trump them all with their effective heuristics.
Last week whilst selecting a replacement anti-virus for our existing Symantec Corporate installation, I was lucky enough to receive a virus sample by e-mail (to an otherwise unfiltered mailbox). I received this virus at 18:05, Kaspersky first became aware of the viruses existance at around 21:00, followed by an update at 23:00. Similar stories or worse with Symantec, Trend, F-Prot, ClamAV and various other well known scanners. NOD32 however spotted the virus "blocked looks like xyz submitting sample for further analysis" at 18:05.
Don't ignore this update window, which really isn't working out to well these days.
In addition NOD-32 is really quick, low on resources and has really good anti-spyware detection using the same technology.
You will not be disappointed!
Jason.
VMWare server seems to be working fine, I've installed on a test server and have copied a few existing virtual machines across to see how well they work. The only real problem so far is that the Windows Console app seems to be a bit wobbly over a DSL link, whereas although GSX was slow it was still usable. It took me 10 minutes to login to a windows 2003 server and change a password through the console via DSL.
.tar.gz. Installation was painless an rpm -i and a .tar.gz and install script. Followed by a few trivial configuration options.
I built the system up from a CENTOS server 4 CD. Downloaded the main RPM and MUI
The only real gotcha is that the client is incompatible with existing GSX/ESX console application. However you can install the new console on the same system as the new one as long as you don't have any existing workstation or gsx server installs on your machine.
Virtualisation is ready for prime-time, just don't expect back magic. You can't take two heavily loaded systems and fit them in one equivilent VMWARE system. If like a lot of places you have a one service one server policy in order to make configuration and management easier then it's very easy to make some good savings with VMWARE, particularly if you want to maintain an identical test or DR environment.
Jason
Grandparent was about the Google Talk system and not the Jabber Network in general. Originally Google Talk was Jabber compatible but closed to connections from other servers, they have now opened it up, but there is still no way to talk using a Google ID and the Google Client to users not on the Jabber Network.
I'm well aware that there are ways to bridge the gap between Jabber and other networks.
It's now possible to talk to other jabber servers, although nothing as yet to bridge other incompatible IM networks.
Well the only major difference between GSX and workstation is that GSX allows you to control startup / shutdown of virtual machines so that they can start at windows boot, it also supports remote administration and I believe you can manage the machines through their other tools such as VirtualCentre. I don't believe there is any great difference in system requirements for GSX over Workstation.
Ultimately GSX, Workstation and player are all essentially the same technology. ESX only differs by being a custom linux distribution making it very easy to install and a web interface to control operation and a few enterprise features such as VLANS and the VMotion addons. They've also moved some of the virtual machine I/O and handling into a kernel module rather than running in userland to gain some sort of performance advantage. Rather strangely ESX seems to be slow at supporting iSCSI. Of course there are also tools to limit bandwidth and control CPU usage on individual machines, whereas with GSX and Workstation it's a free for all.
Personally after trialling VMWARE ESX and GSX I actually prefer GSX. The "grow on use" disk type available for GSX is certainly better for small single use servers, flexibility to grow and keeps image sizes down for backups. I also really miss the client CD-ROM and floppy support which again is absent from ESX. The control panel also seems quite flakey.
Personally I feel that VMWARE have got the pricing structure wrong somehow. The only way to truely consolidate is to use big machines (20-30GB RAM) the problem here is that the cost of 4GB RAM modules is rather prohibitive, then add in some server redundancy and all the VMWARE licensing fees and it doesn't make sense any more. I'd actually prefer to pay a reasonable cost per active virtual machine, that way we can keep redundant hardware and move machines around as we see fit for performance or DR purposes.
I'm quite keen for GSX to be free or cheap, it'll then make cost sense to consider a VMWare strategy.
Jason.
GSX does all you need. So why if GSX is free would you need workstation?
Jason.
I get 10 megabyte a sec downloads from Heanet mirrors no trouble.
The scams ARE sent through hotmails servers. The one difference between the nigerian scams and pretty much any other SPAM is they WANT to receive a reply to the message, so the messages are not forged in any way.
These messages are sent through legitimate hotmail accounts, through what I suspect is the Outlook / Hotmail server transport thingy, giving them enough scripting capabilities to drip feed e-mails out through several accounts below the thresholds that would alert hotmail to an abusive customer.
This does make it very hard to block these messages as they are completely authenticate and are not forged in any way, plus they are sent through one of the worlds largest e-mail providers, making it impractical to block in a commercial environment.
Jason
Give greylisting+spf a try. You lose a few messages from retarded mail servers and a slight delay in receiving messages from a sender the first time, otherwise stops virtually all spam and viruses dead and is very lightweight.
You don't need to train anything in order to get it working and is excellent for large scale deployments with lots of users as they don't need to do anything in order to get 100% out of the system.
I measured performance recently by manually filtering two days mail to approx 1200 mailboxes, over 9000 manually messages. NOT a single SPAM and only 3 fraud mails and only 4 e-mail viruses that were detected by additional measures further downstream.
What is also interesting is that once you've been successfully blocking virtually all SPAM for a while, you tend to receive a lot less of it. If your users are not triggering the web bugs or clicking the links then your are targetted by spammers alot less.
Many people are skeptical about greylisting due to the fact that some mailservers are broken and do not work well with it and also the fact that a delay is added onto messages. For the first complaint, at least the same people will be blocked so you will have some chance of detecting the problem and at least it will be consistent, compare that to content matching techniques which will mislabel random messages all over the place. The message delay in practice is not really a problem either, very few users have even noticed the delay as it in most cases it's only a few minutes long and it is only for the first message. People who are being very impatient tend to try sending the message again, this usually forces the mails to arrive quite promptly.
Jason.
SpamCop is awful. We've been placed into the blocklist on more than one occassion as a result of one or two completely daft individuals who continually report our messages as SPAM, with no easy way out for us. The messages were sent BY HAND, by a GOVERNMENT agency with whom the individuals regularly have sit down meetings with AND WANT the messages through.
On each occassion I've phoned the individual who made the complaint to see what the problem was, each time it was "oh did I, must have clicked the wrong button", I've actually now threatened to blacklist the two of the most troublesome people and they are absolutely horrified by that idea as they rely on us for grants, free advertising and business advice etc.
The SpamCop system is completely flawed and your comment about those with free time reporting everything just about proves it. I've not seen some of the mail client addons for Spamcop, but it wouldn't at all surprise me if there is a certain class of user who uses it as a delete key.
Jason
If you forward your mail into your gmail account, the spam checkers don't work anywhere near as well or even at all, google must rely heavily on blacklists.
So this approach doesn't work very well at all.
Jason.
We've a 4 hour call out contract with dell, it's a standard support offering. Most of the time they don't have any problems getting the components and engineer to us despite being well out in the sticks (West Wales). They will often bike the components down to us, on the off chance the engineer can't make it on time but the part has arrived then in most cases it's a simple enough task to self install.
It is quite funny seeing a part arrive by bike and then a dell engineer seperately turning up to remove a faulty hot swap disk, replace it and go back on his way.
Of course this does rely on being relatively sure what the fault is before the dell engineer arrives. Most of the time they've given us good service under this deal, except in a few exceptional cases where the whole machine needed replacing.
Jason.
Fairly good point there, mudding will give them really fast typing skills, sharpen up their reading and encourage them to use their imagination. Once they get a bit advanced an introduction to area building and some scripting isn't a bad move either. My kids would probably warm to this now, I keep being pestered to show them how to get into DOS Boxes and Telnet Windows, theres something about the mysterious black boxes gets their interest. Now only to find a MUD suitable for kids, by suitable I mean no adult content and not game complexity.
Still even trading card games such as Pokemon / Yu-Gi-Oh etc. have some educational value if you sit the kids down and actually teach them how to play the game properly, they'll learn to do some integer maths and work out some strategies. Much better than the tap-click-tap of mindless console games.
Jason
Actually I don't think it's the corporates that are the issue. Anyone with a large network is using some sort of patch management tools such as WUS or some 3rd party tool, they get to release the patches as and when they wish after they've had the change to test properly.
The real problem with dropping patches all the time is that regular home users will get really pissed off with windows update rebooting their machine several times a week, users pissed off with updates will switch off the updates and no one really wants that to happen.
So the two week cycle is a careful balance between user annoyance vs speed of patching.
Of course any really critical patches should be released as soon as they are ready, the non-critical could wait for the twice monthly slot.
Jason.
His tool set isn't very complete.
The Knoppix-STD distribution is excellent and I've seen it used and recommended by professional penetration testers.
Example uses of Knoppix-STD in computer forensics, image and checksum the hard drive. Mount a windows partition, crack off the administrator password, browse internet explorer histories and cookies, undelete files, view recycle bins etc. etc. All with well packaged Linux tools.
Knoppix-STD also has a pretty much all you'll need for emergency firewalling, packet sniffing and IDS, vulnerability scanning and pretty much anything else you'd want to do wether you are wearing the white or black hat.
Professional penetration testers use a large number of apps, they might use something like nessus or nmap to get started, but then depending on what they find on the network they'll adjust the tools accordingly. When we were professionally penetration tested we had our internet facing services (ie. e-mail, web, dns, firewall, vpn) checked, plus all our internal servers wether windows, linux, BSD or whatever. Wardialling our dial-in ranges, attempting to hack our Wifi installation and also working out what information could be leaked by a stolen windows laptop.
They used a good chunk of the tools on Knoppix-STD, an assortment of exploits, plus assorted other testing tools such as brute forcers for SQL Server and some of their own internally developed testing tools and scripts.
There is a great deal more to penetration testing than running nessus on a network, particularly if you really want to find where your holes are. Another big area of penetration testing is testing web services and software testing which we didn't cover with our test.
Jason.
Redstore.com will sell you OEM Windows XP SP2 Professional for £85.20+VAT or the home edition for £56.20+VAT. I suggest you shop around a bit, I'm sure there are other retail suppliers who will give you access to OEM Microsoft Pricing.
I really don't understand why people would buy a home build any more. Dell are selling a reasonable low-end PC (Celeron 2.53Ghz, 512MB RAM, 80GB HDD, 17" CRT, XP Home) for £249 including 15 months McAffe and MS Works, attempting to home build the equivilant system (without the additional software) puts the price at closer to £400. You can chop the operating system and screen from the home build and the price is still far more expensive than the Dell system.
There is a separate problem with USB keys, if you allow their use then there is an opportunity for them to be lost, everyone misplaces things and you couldn't exactly fire someone for that. If they are not allowed then they can't be lost.
If someone is deliberately stealing information you've got an employment contract and the law on your side. There is also only so much you can be expected to do to protect against this in most environments.
In either scenario data can walk out your door. The loss of a USB key is more likely, deliberate theft is likely to cost more, either way around it doesn't do you reputation any good.
Prohibiting USB storage devices is a sensible step to help prevent both loss and deliberate theft of your data.
Valid point for a relatively static environment.
We've had a big increase in load due to mobile working and a shift from a PC as a calculator / word processor to PC as primary entry point for day to day work (all database driven, document management systems). All of these additional applications require supporting and with each iteration the reliance on reliable and fast WAN and internet links increases.
So while yes, a particular job gets easier and can be automated or delegated, there are however new applications and environments to support, without equiviliant increases in resources.
Yes a toaster, car and oven may contain code. However it's likely to be under 4K of object code and a few thousand lines of assembler / C if that. To top it all off the interactions are limited and the system is running on a known consistent hardware platform. Getting this sort of system bomb proof is far easier than the most trivial windows app. You have no OS to worry about, no 3rd party drivers, no installation routine and more importantly no user tinkering and very clearly defined ways for the user to interact with the system.
Embedded is far easier to develop and get a reliable system for. In addition the code is generally better tested as it's just not practical to upgrade firmware for half a million toasters after the product has shipped.
Jason.
I'm seeing alot of business apps (CRM, GIS, Accounting, Asset Management etc.) all changing from traditional client-server (Either Windows or Terminal Clients) going over to web based applications, the vast majority of these apps are now going to a web system as the primary interface, even those that have client software usually have a web interface for casual use.
Personally I feel this is a retrograde step for efficiency as a trained data entry operator can work far faster in a text console style accounting program with a few macros than they ever can in a typical web application. Perhaps the improvements available through AJAX style apps can get some of the responsiveness back, typically these applications are all traditional and slow form based web apps.
Interestingly enough it's these apps that are usually the stumbling block to moving an office over to an open source desktop, as historically all these apps have been windows based compiled applications, with this shift to web based applications there is a greater possibility of using a Linux based desktop.
I completed the same course 9 years ago and it was enough to get my first programming job and move up. A degree wasn't essential, but I'm sure if I hadn't had that first opportunity then a degree would have been "essential". It's all luck of the draw, I was employed by my IT lecturers who were setting up a startup. That kept me very occupied for 7 years and gave me some great experience in IT and management. I've now hopped over into local government where I'm Security Officer.
I'd thoroughly recommend getting into local government IT in the UK as they are usually underfunded with poorly trained "lifer" staff, yet have stupidly large WANS and a ridiculous amount of different applications to develop and support all with a relatively small actual user base (150 locations/offices, 150 servers, approx 300 applications, 2000 users, Cisco, Windows 2003, Solaris, SCO, Linux, BSD, SQL Server, Ingres, Oracle). It's certainly worth keeping an eye out for even very poorly paid low-level jobs in your local council, just be sure that they are within their IT department and not an Information Officer in an actual department. It would be very worthwhile taking on summer / work placement type stuff and I'm sure they would be receptive to this.
If you are still not getting anywhere I'd suggest getting your tesco job back and perhaps follow up with a part-time HND, make sure you take the CCNA exam if it is also offered. Also while your doing that try and get some sort of work placement.
Good luck!
Jason.
I just posted a message on the blog, but I'll reiterate it here.
NOTHING has really changed for firefox if they go for YELLOW/GOLD for SSL sites with bad / unverified SSL certificates.
YELLOW is the current SSL state in firefox for ANY secure site.
GREEN is a new additional SSL state for sites with trusted CAs.
This is actually quite good as all users can be taught to treat the YELLOW ones with some caution. Either because they are using an older browser version that doesn't support the GREEN or the site is not properly verified.
I really don't see the problem. It seems like a sensible way to introduce the change.
You can do a lot with Remote Installation Services, Software Installation Services and Group Policy. It's all fairly straightforward and a fair amount of point and click. The end results are something along the lines of kickstart. The only really hairy parts are getting the drivers working right.
There are also 3rd party tools such as a Altiris, Ghost etc. that are reasonable tools for drive cloning and blasting. There is also a fairly good free tool called n-lite that allows you to build new bootable windows CD's with stripstreamed services packs, updates and drivers. If you plug your windows volume license key in here and a few other bits, the whole thing can install completely unattended, a small amount of additional scripting and the machines profile could be fully set up.
RIS does take a while to do an install, but with some scripting the whole thing is hands off. When it's fully automatic it doesn't really matter if a build takes 4 minutes or 4 hours, the important thing is that you can get on with something else in the meantime.
In general it is definitely easier to clone and image Linux machines than Windows as there are none of the sid problems. Network booting over NFS and other funky measures also all work pretty well.
I guess it depends really. If this operation is likely to be repeated in a few different places within your code it makes sense to set it up once as a stored procedure or a view. Particularly if you are going to write a web client in Perl/PHP etc. and again as a compiled windows client. Do the work once.
The other big benefit of stored procedures is that they can be alot more network efficent. Particularly over slower links. Web apps don't tend to be lower bandwidth and fairly responsive even over relatively slow links. However they don't tend to be very efficient for full time data entry, a compiled gui application is better suited to full time use. It's in these circumstances that the savings from views / stored procedures etc. really show through.
Stored procedures can really speed up recursive operations, those really are inefficent even over LAN links.
Jason.
Root kits will normally includ things such as modded ps and other modified binaries so that the system appears to be running fine, yet has a backdoor and any logging / system monitoring tools will not show any processes or activity.
There is more to a root kit than just a replacement ps, but of course that is a critical element.
No it's not rocket science, but in practice modding system binaries whilst on the outside keeping the system appearing to be running normally is much harder, different library / operating system / architectures to deal with and the fact that you are messing around with core system files.