Category Archives: Security

Best practices, network outages and…..resolutions !!!

Security, , , , ,

 

One of the first things I would advise for any IT Guy is to profile his network and system infrastructure. It is very essential that you document all and every network-enabled device. It will assist you to greatly in planning any upgradation to your company’s IT infrastructure, you want to take a system offline for maintenance, OR more importantly you have to quickly and effectively resolve any outage. Some of the key things to include would be as follows:

    • Architechture of the network.
    • Public IP addresses and their mappings if NAT is assigned to devices within network.
    • Number of Routers / Switches / Firewall devices / Modems / Access Points / VoIP phones.
    • OS and firmware versions running on each of these network devices.
    • Always Backup ALL configurations on a network repository or on a DVD/CD.
    • Take snapshots of the configurations of critical resources like Firewall settings / AV Server settings / DHCP / Routers etc. It may be more than handy when you are configuring a newer device or rebuilding the device if the backup configuration is not working.
    • IP Addresses and more importantly MAC addresses of all the network enabled devices.
    • Network points/node numbers assigned to each user.
    • Remembering a series of usernames/passwords can be quite a task for anyone. Storing them in a Excel or Word with password protection is not recommended because they can be cracked. Instead, Store the Passwords/usernames in an excel file and then encrypt it with a key. You can use a tool like PGP for this.  [UPDATED] You could use Keepass / Lastpass for password management!
  • Also, make sure that the employees in the company are aware of the Threats / Trends/ best practices for safe computing. For the starters, clearly communicate the IT Policies, Do’s and Don’ts.

Let me share an experience with you that happened few days back in the office:  It was the day as usual at the office – corporate mails, checking router health, Backup status on the drive, Server health, MRTG graphs, Helpdesk stats…. Since ours is an R & D company lot of devices are in and out of the LAN frequently. Around afternoon that I got a call from couple of users complaining that they are not able to access the internet, our web-based helpdesk is located in a Co-Lo and it was inaccessible as well….hmm… getting ready for another day in the paradise.

First things first, I telnetted to router to see if the Internet link was down. There were no problems with the link and it was working fine. Now the slightly scary situation…..I logged into the our Unified Threat Management system to check if there were any issues with it, and was hesitantly scrolling down the list and all of a sudden i see that the number of sessions had quadrupled to around 1000 and still increasing! Under normal circumstances, the number of sessions always used to hover around 200 and the maximum supported by the device was 2000.

What could have caused this? Intrusion? Virus attack? Switch poisoning? My heart was pounding as I was going through pages and pages of logs and at last I got hold of the culprit. It was another DHCP server on the LAN! A rouge DHCP server, you can call it.It was not over, as the log generally tracks the MAC address only with no inbuilt functionality to capture device name. The next thing I checked was the excel file where I had stored all the MAC addresses of the network enabled devices in the company using an Open Source utility called Angry IP scanner. The MAC address matched with one of the LAPTOP, it was a Fujitsu laptop, but it was used for testing, hmmm…kinda floating laptop.

I wasnt sure who was using it and the thoughts of running three floors up and down was lingering in my mind. I checked with the QA team, Hardware team which led me to the Apps team. There, was our user blissfully ignorant about the issue he had created.He was testing an app called winproxy, which apart from acting as a proxy also functions as DHCP server. What amazes me is the ignorance of the users when it comes to reading the Readme file or the Do’s and Dont’s of using an application. I did give my piece of advise to our dude, and henceforth any testing of newer equipments on our LAN will be on an isolated network. This is what prompted me to jot down the points that helped me resolve this issue in under 15 minutes. Hope you find it useful. Regards,

 

BSOD…..eeerghhhhh in Vista?

Security, ,

I was testing Windows Vista recently and this came as a shocker to me….guess my expectations were too high. I am sure any Windows user has come across the infamous BSOD-Blue Screen Of Death while working on Win98/Me/2000 or even XP. But I was stunned to see it on Vista. May be this is still a beta build. This reminds me of the days while in college how we used to make fun of someone who had his OS crashed while working on some important project documentation. Not that we were geeks or linux freaks but a sheer mention of BSOD was enough for ‘making fun of oneself’ sessions. Also reminds of me an incident that took place while we were in 6th semester of Engineering, where the Win98 crashed during our computer lab and one of my friend who was working on it had no clue about wat happened apart from the Blue Screen and some hexadecimal code it showed before dying. The lab incharge was furious with us and if it was not for another geek in our circle, he would had to do lot answering, not to mention about the fines , writing an apology letter to HOD for messing up the so called state of the art computer lab.

So far it has been a rollercoaster ride while working with Vista beta build. I remember having read somewhere that nearly 40% code for Vista would be redone. If you are aware this product was supposed to kill the competetion and was scheduled for launch in 2006. It looks like a distant dream for MSFT….with so much competetion around.

Watch out for more….I will be posting my experience with Vista soon.

So much for the Blue Screen Of Death !

Regards,
Prasanna