1. Nagios: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.
2. Logwatch: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs
3. Mon: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls
4. Snort/ACID: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.
5. Nessus: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.
There's more, but you should really do some of your own homework.
'It's about CloudShield Technologies... recently announced CS-2000', and nothing but a fluff peice meant to sell some hardware. Sure, Akami's DDOS is discussed ("DDOSs are ba-ad, mmkay."), but then it just goes on to talk about the CS-2000.
Really? I can think of a lot of applications for this. How about live traffic updates for your car? Dynamically update the route when there's an accident. How about using your laptop on the beach? There are all sorts of uses....
I'd go with knoppix (via usb cdrom if there's not cd) and use NFS/usb to save docs & keep personal settings. Heck, you could probably even get a usb HD and be good to go.
As for some other options, a web-filtering proxy comes to mind. Opera also comes to mind as another browser option. I'm sure you'll be able to come up with others.
Write a proposal which details the problems which you are trying to avoid, the costs of such a problem as well as impact on doing business while the problem occurs. Propose a number of different solutions, so management has a choice in implementing them. The proposal should look something like:
I. Intro
A. Problem
B. Why it is a problem
C. What has caused this to come to light now.
D. Three options
(body)
II. Option 1.
A. What this solves
B. Costs
C. Pros and cons
(repeat II for each option)
III. Conclusion
A. review of the options
B. Compare and contrast pros/cons
C. Personal recommendation.
You need to do this on paper, so they know it's something serious enough for you to write a proposal. They also will realise that since you have put this on paper you have brought up the issue and are "covered" in case it happens, again, they will see this as proof of seriousness. Lastly, you have involved them in the decision makeing process, and neatly skipped over the "do we need to get rid of IE?" question and onto the solutions part of the question.
sigh.... sure, but they have to register the domain. With a credit card. Therefore it's easy to track down the people who send spam. That makes it easy(er) to enforce anti-spam laws, and fine the people who send the emails. If you register a domain, and spam is coming from that domain from an authorized mailserver, you're liable.
it would certainly be easy enough to have a plugin that automatically decrypted rot13 emails if they were detected. Then ISPs would have a clear indication that the email should not be read, Hell, if I remember correctly, almost every usenet client from back in the day had a rot13 decrypter.
This is a technical site, right? Has been for a while? Presumabley staffed with people who are technical to moderate stories and the like? How the heck would anyone with a modicum of knowlege post an article like this? Even if this wasn't a unique situation, we can fix email. It's not that big of a deal. All you need to do is modify DNS so that is the single MX record is replaced w/ a "MS" (Mail sender) and a "MR" (Mail Receiver) record. Mail is ONLY accepted by a MR if it comes from an address listed as an "MS" for the sending domain. Done. It's just a hassle. We'd have a period of two years where there is a transition, and it just hasn't gotten that bad yet.
I'm not sure if you can do it with MAC addresses, but acid, on top of snort will show to from. Also, it would be pretty easy to pull that data from the db, and graph it. Sure, it takes a litte glueware, but it shouldn't be too hard.
They're much better off taking one of the @stake classes. They don't pretend to teach you how to be a 'hacker', but how to secure your systems. They do show several (four or five) outdated scriptkiddy hacks, but mostly, the focus is making people aware of issues and giving them a toolkit to try and secure it.
I wish it had been a/little/ more technical, but in their defense, we did spend 90% of the time actually doing lab exersizes, and I did take some good stuff away from it. My boss, who is our director of IT, went with me, and really loved it; His focus is not as security focused as mine, so I think a lot more of it was new to him. Anyway, at least you know you've got really good instructors, so if you are curious about a specific aspect of security, they can sit down and teach you about that, or if they don't know, they can get somone who does to answer it.
Also, it was pretty cool to have the guy who wrote The Sleuth Kit as an instructor. Needless to say, the forensics section was pretty interesting.
I'm guessing he actually did mean 62 miles. The point is to reduce the cost of getting things out of orbit. Once there, if you want to get up further, you launch a shuttle from the top of the elevator. 'Sides, I would think they'd want to keep the costs down as much as they can. There is a/slight/ difference in costs between 62 Miles, and 62,000 miles.
I work for a software company that develops software that help plan mortgages and realestate documents. One of the features of the product, since they're often used by realestate agents, is customer/lead management. Since they are liable for any calls they make if a lead is in the DNC list, we added a feature that checks to see if a number is in the list and if it is, we highilight is as do not call. The point is we had to buy the list. It's about $7k. That's not bad for us, we do enough business where that's feasable, but for small companies, that could kill you. Realestate agents, for example, don't do massive cold calling, but they do have to figure out a way so that they can be covered. That way they don't fined 11k. That could drive an independant agent, or a small company out of business.
1) Get rid of MX record. 2) Add MR record (Mail Receiver) 3) Add MS record (Mail Sender)
All mail from a given domain must come from a server with an MS record. Now you have accountability, w/ accountability comes prosecuting people who violate laws.
or they could just be sending mail to every single possible combination of letters+numbers,-_. It's not like logins, where there is a three second delay to slow it down. Break it up into segments, and it would take no time.
That account was probably *already* getting emails, but since it wasn't a vaild account they would just bounce.
It's really annoying for me that slashdot is really ugly in a text based browser. It would be really nice if they:
a) created a http://text.slashdot.com site w/ better text formatting or b) put the menus in frames. Lynx(-color) and links both support frames, iirc, and display nicely.
I can't believe that no one mentioned them, but having an email program that can integrate with your calendar as well as has a to-do list is great. If you get an email for a meeting, accept, schedule, setup reminders, etc. The to-do list is for general stuff, but it's nice to have a calander so you can get those pop-up reminders.
It's pretty nice. I have my "run nessus scan of network" pop up every wendnesday, and my "go through tripwire logs" pop up everyday at three o'clock. After a while, you just get in the habit of doing these things, but it's nice to have the reminders for busy days, or when you're not feeling motivated.
screw it, use driverloader
on
Linux Unwired
·
· Score: 3, Insightful
So I had a belkin card which was supposed to be based on an orionco chipset; it wasn't and it didn't work. I got a netgear, because that's what they had at comp-usa and I didn't want to waste all my freetime driving around looking for a prism2 chipset where I could be sure it was a prism2.... I got the thing, tried it, didn't work, got a copy of driverloader : done.
I'm three days into the evaulation period and I'm giving them my $20 for the software. It's too easy this way to go the free/annoying route. 'Sides, at the amount of money I end up earning/hour, spending two hours of my life to get a wireless card working it costing me more that $20.
I don't know... You remember those stickers that you had when you were a kid? the ones with the ridges, where if you tipped it one way it showed one picture and if you tipped it another it would show you a different one? Say each pixel is mapped to a tiny camera on the opposite side, then say each light was seperated by a small dividing wall:
.\ ./.
(where . = light, / = divider)
if you were looking at it from straight ahead, you would see one image, from the side, another... it's complicated, and they would need to be *really* tiny, but it could be possible.
If AOL decides to charge for hosting AIM Service, then people will switch to yahoo chat, MSN, or jabber. Such is the free market. If they only charge a little, and the software is good, and the servers are good, and people want to pay for it, great. If they don't they'll go elsewhere. Jabber is getting along very well. There are a few issues with some jabber v. 1 add ons being moved to jabber v. 2, but those will get ironed out, so there is at least one alternative; this isn't something to worry about.
Should have just tried windowmaker. It takes a little while getting used to the idea of not having a file browser, but once you do, it's amazingly lightweight, clean and neat. I use it on all my older machines.
I'm a unix administrator. I believe in unix's flexibility and open architecture allows for better system administration, and thus better service/uptime/etc. However, I also firmly believe in using the best tool for the job. If a windows system will allow you to do what you need to do with a minimal amount of work, and a linux solution is not available, or will require a lot of work, use the windows program. That's just common sense.
Slashdot Mirror
1. Nagios: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.
2. Logwatch: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs
3. Mon: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls
4. Snort/ACID: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.
5. Nessus: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.
There's more, but you should really do some of your own homework.
'It's about CloudShield Technologies ... recently announced CS-2000', and nothing but a fluff peice meant to sell some hardware. Sure, Akami's DDOS is discussed ("DDOSs are ba-ad, mmkay."), but then it just goes on to talk about the CS-2000.
Really? I can think of a lot of applications for this. How about live traffic updates for your car? Dynamically update the route when there's an accident. How about using your laptop on the beach? There are all sorts of uses....
I'd go with knoppix (via usb cdrom if there's not cd) and use NFS/usb to save docs & keep personal settings. Heck, you could probably even get a usb HD and be good to go.
The editors here are getting paid right?
As for some other options, a web-filtering proxy comes to mind. Opera also comes to mind as another browser option. I'm sure you'll be able to come up with others.
Write a proposal which details the problems which you are trying to avoid, the costs of such a problem as well as impact on doing business while the problem occurs. Propose a number of different solutions, so management has a choice in implementing them. The proposal should look something like:
I. Intro
A. Problem
B. Why it is a problem
C. What has caused this to come to light now.
D. Three options
(body)
II. Option 1.
A. What this solves
B. Costs
C. Pros and cons
(repeat II for each option)
III. Conclusion
A. review of the options
B. Compare and contrast pros/cons
C. Personal recommendation.
You need to do this on paper, so they know it's something serious enough for you to write a proposal. They also will realise that since you have put this on paper you have brought up the issue and are "covered" in case it happens, again, they will see this as proof of seriousness. Lastly, you have involved them in the decision makeing process, and neatly skipped over the "do we need to get rid of IE?" question and onto the solutions part of the question.
Just for the record, I was using unix at 11.
sigh....
sure, but they have to register the domain. With a credit card. Therefore it's easy to track down the people who send spam. That makes it easy(er) to enforce anti-spam laws, and fine the people who send the emails. If you register a domain, and spam is coming from that domain from an authorized mailserver, you're liable.
it would certainly be easy enough to have a plugin that automatically decrypted rot13 emails if they were detected. Then ISPs would have a clear indication that the email should not be read, Hell, if I remember correctly, almost every usenet client from back in the day had a rot13 decrypter.
This is a technical site, right? Has been for a while? Presumabley staffed with people who are technical to moderate stories and the like? How the heck would anyone with a modicum of knowlege post an article like this? Even if this wasn't a unique situation, we can fix email. It's not that big of a deal. All you need to do is modify DNS so that is the single MX record is replaced w/ a "MS" (Mail sender) and a "MR" (Mail Receiver) record. Mail is ONLY accepted by a MR if it comes from an address listed as an "MS" for the sending domain. Done. It's just a hassle. We'd have a period of two years where there is a transition, and it just hasn't gotten that bad yet.
I'm not sure if you can do it with MAC addresses, but acid, on top of snort will show to from. Also, it would be pretty easy to pull that data from the db, and graph it. Sure, it takes a litte glueware, but it shouldn't be too hard.
They're much better off taking one of the @stake classes. They don't pretend to teach you how to be a 'hacker', but how to secure your systems. They do show several (four or five) outdated scriptkiddy hacks, but mostly, the focus is making people aware of issues and giving them a toolkit to try and secure it.
/little/ more technical, but in their defense, we did spend 90% of the time actually doing lab exersizes, and I did take some good stuff away from it. My boss, who is our director of IT, went with me, and really loved it; His focus is not as security focused as mine, so I think a lot more of it was new to him. Anyway, at least you know you've got really good instructors, so if you are curious about a specific aspect of security, they can sit down and teach you about that, or if they don't know, they can get somone who does to answer it.
I wish it had been a
Also, it was pretty cool to have the guy who wrote The Sleuth Kit as an instructor. Needless to say, the forensics section was pretty interesting.
I'm guessing he actually did mean 62 miles. The point is to reduce the cost of getting things out of orbit. Once there, if you want to get up further, you launch a shuttle from the top of the elevator. 'Sides, I would think they'd want to keep the costs down as much as they can. There is a /slight/ difference in costs between 62 Miles, and 62,000 miles.
I work for a software company that develops software that help plan mortgages and realestate documents. One of the features of the product, since they're often used by realestate agents, is customer/lead management. Since they are liable for any calls they make if a lead is in the DNC list, we added a feature that checks to see if a number is in the list and if it is, we highilight is as do not call. The point is we had to buy the list. It's about $7k. That's not bad for us, we do enough business where that's feasable, but for small companies, that could kill you. Realestate agents, for example, don't do massive cold calling, but they do have to figure out a way so that they can be covered. That way they don't fined 11k. That could drive an independant agent, or a small company out of business.
1) Get rid of MX record.
2) Add MR record (Mail Receiver)
3) Add MS record (Mail Sender)
All mail from a given domain must come from a server with an MS record. Now you have accountability, w/ accountability comes prosecuting people who violate laws.
DONE.
uhrm........
or they could just be sending mail to every single possible combination of letters+numbers,-_. It's not like logins, where there is a three second delay to slow it down. Break it up into segments, and it would take no time.
That account was probably *already* getting emails, but since it wasn't a vaild account they would just bounce.
thbbbbt!
a) created a http://text.slashdot.com site w/ better text formatting
or
b) put the menus in frames. Lynx(-color) and links both support frames, iirc, and display nicely.
I can't believe that no one mentioned them, but having an email program that can integrate with your calendar as well as has a to-do list is great. If you get an email for a meeting, accept, schedule, setup reminders, etc. The to-do list is for general stuff, but it's nice to have a calander so you can get those pop-up reminders.
It's pretty nice. I have my "run nessus scan of network" pop up every wendnesday, and my "go through tripwire logs" pop up everyday at three o'clock. After a while, you just get in the habit of doing these things, but it's nice to have the reminders for busy days, or when you're not feeling motivated.
So I had a belkin card which was supposed to be based on an orionco chipset; it wasn't and it didn't work. I got a netgear, because that's what they had at comp-usa and I didn't want to waste all my freetime driving around looking for a prism2 chipset where I could be sure it was a prism2.... I got the thing, tried it, didn't work, got a copy of driverloader : done.
I'm three days into the evaulation period and I'm giving them my $20 for the software. It's too easy this way to go the free/annoying route. 'Sides, at the amount of money I end up earning/hour, spending two hours of my life to get a wireless card working it costing me more that $20.
I don't know... You remember those stickers that you had when you were a kid? the ones with the ridges, where if you tipped it one way it showed one picture and if you tipped it another it would show you a different one? Say each pixel is mapped to a tiny camera on the opposite side, then say each light was seperated by a small dividing wall:
.\ . /.
(where . = light, / = divider)
if you were looking at it from straight ahead, you would see one image, from the side, another... it's complicated, and they would need to be *really* tiny, but it could be possible.
If AOL decides to charge for hosting AIM Service, then people will switch to yahoo chat, MSN, or jabber. Such is the free market. If they only charge a little, and the software is good, and the servers are good, and people want to pay for it, great. If they don't they'll go elsewhere. Jabber is getting along very well. There are a few issues with some jabber v. 1 add ons being moved to jabber v. 2, but those will get ironed out, so there is at least one alternative; this isn't something to worry about.
Should have just tried windowmaker. It takes a little while getting used to the idea of not having a file browser, but once you do, it's amazingly lightweight, clean and neat. I use it on all my older machines.
I'm a unix administrator. I believe in unix's flexibility and open architecture allows for better system administration, and thus better service/uptime/etc. However, I also firmly believe in using the best tool for the job. If a windows system will allow you to do what you need to do with a minimal amount of work, and a linux solution is not available, or will require a lot of work, use the windows program. That's just common sense.