- updated: i just finished another presentation on stuxnet and moved the presentation over to a prezi. there is still a link to a pdf from my first presentation, along with a link to the stuxnet prezi today i did a presentation for our local infragard chapter on stuxnet. as you can tell from the title, “stuxnet: a technical, political, and business analysis”, it was designed to show how complex and thorough stuxnet is, but then to also look at the political implications, followed up by the most important piece: what this means to the business community.
- last week i installed a digium switchvox 4.5 SMB (my first full fledged VoIP deployment). i thought with this post i could kill two birds with one stone. i wanted to write a review for anyone that might be interested in digiums switchvox product. i always find it hard to find practical, non-biased, real world reviews of products, so i thought i would contribute this one. i also wanted to put in some feature requests with digium and thought this would be a good forum to do it in.
i am going to stray from the tech stuff i usually post. i recently inherited the role of IT project manager. i knew of nothing of project management before, and i know just a little bit more than that now.
i can say three things about project management
- its a whole lot like flossing your teeth. you need to do it, but it is no fun to do.
- i never want to be a full time project manager. i can barely take part time.
- that i could find, there was no documentation on how to manage a project, at least from a 30 thousand foot view, that could be explained in 15 minutes or less.
so, i talked to a co-worker that was PMP certified, partially read a pretty good project management book, and googled project management. what i present to you is a *very* brief how to and explanation, along with links to the docs i found useful, on project management.
recently, i was helping set up a sharepoint intranet site that would house several sites, things like a help desk ticket system, a knowledge base, and some org based group pages for collaboration.
for my part, i didn’t have to do much of the setup, but i did enable and force SSL for any connections made to the site. this brought up an interesting discussion question.
is there any point to force SSL on an intranet site that, by definition, is only used by people internal to the company?
before i get to the reasons for running or not running SSL on an intranet site, let me give a little more background of this specific install.
- i am in the process of changing a server from using a self signed certificate to a wildcard certificate we got from godaddy. like most things, once you do it once its a snap and takes no time at all, but the first time you have to figure it out, which can take a while (i blew an hour on this today). simply put, i needed to create a certificate signing request (a CSR), private key, and then have godaddy give me back a public certificate and a CA certificate.
- i will be the first to admit i am not a coder. i have worked, at different points in my career, to learn c, perl, ruby, java, python, and now assembly. so, i have found i am disfunctional at all of them, but i have learned to copy, paste, and hack with the best of them 😉 about two months ago i started taking offensive security’s pentesting with backtrack course. its been a great course, i have learned a lot (i might do a writeup of it when i am finished).
- i am working on a script to reboot computers in the middle of the day (sounds crazy, i know). the criteria is that the machines have to not been rebooted in the past 72 hours. why? i have some laptop users that never reboot their machines, just dock and undock their machines (heck, they never even log out), so they are not getting some patches and/or software updates. while i was working on the script (i plan on posting it when i get done), i ran into some weird results.
- one thing we noticed in our install of microsoft office 2007 on our terminal servers was initially the user names and company name were not set correctly. this didn’t seem like that big of a deal to me at first, but then i saw the value of this user name. if multiple users have access to the same shared folder and two people are trying to access the same file, the second user trying to modify the file with be told that they can only have read-only access because its being used by “user name”.
since we did a network overhaul (defined in detail shortly) 2 years ago, we have had zero incidents of malware/virus’/badware on any machines that we know of (i know i will probably walk into bedlam tomorrow morning after saying that ;). after a recent mailing list conversation, i thought i would share some stuff we have done in detail to help anyone else going about the same process. here we go.
the 30 thousand foot view is this:
- we reformatted every workstation and every server in one weekend (yes, you read that correctly)
- users given user only rights, no power users or administrators.
- we leveraged ms gpo’s to hide the c drive, limit what type of files could be saved, and prevent applications from running unless specifically allowed (application whitelist), etc.
- we utilized ms’s wsus to apply patches across the board, workstations and servers
- we started using a gateway device that did web filtering and also implemented a squid proxy server with whitelists
- a copy of advanced installer was purchased so we could create msi’s to push all software out via gpo’s (this is great for new versions of software, pulling back software, etc)
- we used gpo’s to config the workstation so that it automatically logged into our terminal server farm via single sign on (sso), more or less creating a pseudo thin client out of cheap desktop machines
- if you want a user to do/not do something, don’t ask them. force them.
- prevention is the best medicine
after a lot of looking and quite a bit of testing and customization, i think i have finally found a replacement for adobe acrobat reader.
why replace acrobat reader? off the top of my head:
- security issues. everywhere. frequently.
- and hence because of the security issues, you have to patch often. very often. which requires time, testing, and a fair amount of good luck to not break *anything*.
- and lastly, i was interested in replacing adobe because of its tendency to crash, specifically in our AD environment (see this post for more details). its not often, but often enough that i get some calls
so here is what i did. i searched. a bunch. i of course found foxit, and i tested foxit pretty heavily. i like foxit, and it was very close to what i was looking for, but then i ran across tracker software’s pdf xchange viewer. not only was it small and fast like foxit, i could mod the heck out of it to get it to look the way i wanted, and it could modify pdf’s, all for free.
heres how i turned this: