RE: The list status
Alex, A lot of us have moved to Rod Trents myITforum list in the meanwhile just as a FYI Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: al...@eckelberry.com [mailto:al...@eckelberry.com] Sent: Friday, May 03, 2013 9:12 AM To: NT System Admin Issues Subject: The list status I'm a little confused about this whole list thing myself. I've mentioned it to Stu and I think he's still in the middle of working through the migration, and also dealing with a few other fires. The list still works and is active. Until you hear otherwise, keep posting and nevermind the noise. I'll try and get to the bottom of this. Alex Eckelberry ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: PowerEdge R520 installation
Maybe create a volumne using GPT rather than MBR which is limited to 2TB. I ran into this a while ago in HP land... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: Tuesday, April 30, 2013 7:46 AM To: NT System Admin Issues Subject: RE: PowerEdge R520 installation Whoops I mean I cant create a windows volume over 2TB I can see the remainder of the raid volume but windows doesn't allow me to do anything with it I presume the UEFI boot mode writes something to the disks and this code isn't on the dell build disk Thanks -Original Message- From: Nigel Parker [mailto:nigel.par...@ultraframe.co.uk] Sent: 30 April 2013 12:30 To: NT System Admin Issues Subject: PowerEdge R520 installation Ok this may be a dumb question but... We purchased a new Dell poweredge 520 everything was ok; but Either we; or dell had missed something on the config and it was setup as a raid 5 without a hot spare No problem just trash the array and recreate it with a hot spare done Quick config It has 8 x 600 gb drives 7 in one array and 1 as a dedicated hot spare I had to use the Bios boot mode and not the uefi and now the server can't use anything other than 2GB Started again and selected UEFI boot and put in the del build CD and it refuses to boot from this disk I can boot from the windows 2008 server disk via UEFI but of course the drivers are missing for the disk and would prefer to use the dell server assist So HELP :-) I just want one raid volume with a hotspare Nigel Parker Systems Engineer Ultraframe (UK) Ltd Tel: 01200 452329 Fax: 01200 452201 Web: www.ultraframe.com Email: mailto:nigel.par...@ultraframe.co.uk Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, any disclosure, copying, distribution or other use or any action taken or omitted to be taken in reliance on it, is prohibited and unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Please consider the environment before printing this e-mail. The statements and opinions expressed in this email are my own and may not represent those of Ultraframe (UK) Ltd. This email is subject to copyright and the information contained in it is confidential and may be legally privileged. It is sent out only for intended recipient(s). Access to this email by anyone else is unauthorised. If you are not an intended recipient, any disclosure, copying, distribution or other use or any action taken or omitted to be taken in reliance on it, is prohibited and unlawful. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: End of month plan B for list shutdown.
Sounds good to me and post the link so we can start over there… Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Monday, April 29, 2013 9:05 AM To: NT System Admin Issues Subject: RE: End of month plan B for list shutdown. I vote do it. I prefer e-mail to web forum for this stuff. From: rodtr...@myitforum.commailto:rodtr...@myitforum.com [mailto:rodtr...@myitforum.com] Sent: Monday, April 29, 2013 5:23 AM To: NT System Admin Issues Subject: Re: End of month plan B for list shutdown. I can set up a list in a few minutes, just say the word. We already host over 25 lists and have plenty of bandwidth to spare. Sent from Microsoft Surface Pro From: Kennedy, Jim Sent: Monday, April 29, 2013 8:14 AM To: NT System Admin Issues The end of the month and allegedly the end of the list is tomorrow. We need a plan B to get back in contact to get this going again if possible. Someone got a blog we can bookmark for new/announcements that would be willing to post anything they hear? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: So where is this new list signup?
http://myitforum.com/myitforumwp/services/email-lists/ Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Michael Leone [mailto:oozerd...@gmail.com] Sent: Monday, April 29, 2013 11:06 AM To: NT System Admin Issues Subject: So where is this new list signup? The list is moving, right? (I don't get to read it every day, so I probably missed something). So do I need to go and sign up for the new home of the list, or will I be migrated over as an existing user? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Disk space management software
+1 FOR TREESIZE been using it for years.. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Steve Ens [mailto:stevey...@gmail.com] Sent: Friday, April 26, 2013 10:14 AM To: NT System Admin Issues Subject: Re: Disk space management software It's not comprehensive, but treesize pro works quite well. On Fri, Apr 26, 2013 at 9:04 AM, Tammy George tammy.geo...@acadiau.camailto:tammy.geo...@acadiau.ca wrote: Looking for opinions on disk space management software. We're getting low on space and would like to analyze our user data to find out what is using up the space. Thanks in advance! - Tammy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Over and Out
Jets= Just the end of the season... (Again...) GO steelers! The drive for 7! Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Steve Ens [mailto:stevey...@gmail.com] Sent: Thursday, April 25, 2013 3:48 PM To: NT System Admin Issues Subject: Re: Over and Out Keep in touch on FB...go Jets! On Thu, Apr 25, 2013 at 2:38 PM, Clayton Doige clayton.do...@gmail.commailto:clayton.do...@gmail.com wrote: Heya folks, some of you will recognise my name, probably most won't. I've been on this list at one email address or another since 1998, and in those years I have learned so much from fellow IT Pro's, many of you have made your way to my Facebook friends list! In my current Pre-Sales technical role over the last 3 years I have not really participated on the list as I felt that to be somewhat a conflict of interest, where I would inevitably be tempted to say Oh I can help with that - not fair really, and not in the spirit of what this list is all about. With that in mind, and the changing of the hosting Stu has just announced, I have decided not to move over, so just wanted to say do reach out to me on Facebook/Linked In if you want (the name Clayton Doige is very easy to find on both lol). Thanks for you longer termers for helping me do my job better, and schooling me on so many things, and for providing good source of laughter at times as well. Thanks Stu for creating such a valuable source if information, support and encouragement. Best regards, and Over and Out! Clayton Citrix - AppDNA ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Cross post on latest round of Java Bugs from Bugtraq
And here is a writeup about the attacks that are starting on these: http://malware.dontneedcoffee.com/ Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 22, 2013 3:08 PM To: NT System Admin Issues Subject: Cross post on latest round of Java Bugs from Bugtraq Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed). What's interesting is that the new issue is present not only in JRE Plugin / JDK software, but also the recently announced Server JRE as well [1]. Those concerned about a feasibility of exploitation of Java flaws in a server environment should consult Guideline 3-8 of Secure Coding Guidelines for a Java Programming Language [2]. It lists the following software components and APIs as potentially prone to the execution of untrusted Java code: - Sun implementation of the XSLT interpreter, - Long Term Persistence of JavaBeans Components, - RMI and LDAP (RFC 2713), - Many SQL implementations. In Apr 2012 [3], we reported our first vulnerability report to Oracle corporation signaling multiple security problems in Java SE 7 and the Reflection API in particular. It's been a year since then and to our true surprise, we were still able to discover one of the simplest and most powerful instances of Java Reflection API based vulnerabilities. It looks Oracle was primarily focused on hunting down potentially dangerous Reflection API calls in the allowed classes space. If so, no surprise that Issue 61 was overlooked. Thank you. Best Regards Adam Gowdiak Looks like more Java patching to come.. and the flaws continue... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Cross post on latest round of Java Bugs from Bugtraq
Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed). What's interesting is that the new issue is present not only in JRE Plugin / JDK software, but also the recently announced Server JRE as well [1]. Those concerned about a feasibility of exploitation of Java flaws in a server environment should consult Guideline 3-8 of Secure Coding Guidelines for a Java Programming Language [2]. It lists the following software components and APIs as potentially prone to the execution of untrusted Java code: - Sun implementation of the XSLT interpreter, - Long Term Persistence of JavaBeans Components, - RMI and LDAP (RFC 2713), - Many SQL implementations. In Apr 2012 [3], we reported our first vulnerability report to Oracle corporation signaling multiple security problems in Java SE 7 and the Reflection API in particular. It's been a year since then and to our true surprise, we were still able to discover one of the simplest and most powerful instances of Java Reflection API based vulnerabilities. It looks Oracle was primarily focused on hunting down potentially dangerous Reflection API calls in the allowed classes space. If so, no surprise that Issue 61 was overlooked. Thank you. Best Regards Adam Gowdiak Looks like more Java patching to come.. and the flaws continue... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Cross post on latest round of Java Bugs from Bugtraq
Good one.. so true Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, April 22, 2013 3:20 PM To: NT System Admin Issues Subject: RE: Cross post on latest round of Java Bugs from Bugtraq One more time: Just Another Vulnerability Announcement Thanks... -- richard From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, April 22, 2013 2:08 PM To: NT System Admin Issues Subject: Cross post on latest round of Java Bugs from Bugtraq Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed). What's interesting is that the new issue is present not only in JRE Plugin / JDK software, but also the recently announced Server JRE as well [1]. Those concerned about a feasibility of exploitation of Java flaws in a server environment should consult Guideline 3-8 of Secure Coding Guidelines for a Java Programming Language [2]. It lists the following software components and APIs as potentially prone to the execution of untrusted Java code: - Sun implementation of the XSLT interpreter, - Long Term Persistence of JavaBeans Components, - RMI and LDAP (RFC 2713), - Many SQL implementations. In Apr 2012 [3], we reported our first vulnerability report to Oracle corporation signaling multiple security problems in Java SE 7 and the Reflection API in particular. It's been a year since then and to our true surprise, we were still able to discover one of the simplest and most powerful instances of Java Reflection API based vulnerabilities. It looks Oracle was primarily focused on hunting down potentially dangerous Reflection API calls in the allowed classes space. If so, no surprise that Issue 61 was overlooked. Thank you. Best Regards Adam Gowdiak Looks like more Java patching to come.. and the flaws continue... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
RE: Dropsmack Malware CC via Dropbox
Agreed, same solution I am using, does the same function and if there is any blocks, its dealt with quickly before going live. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Tuesday, April 16, 2013 11:47 PM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox The software I use has an endpoint analysis mode, kinda like a passive mode, that creates whitelists for you. Using this, you should be able to ensure everything works before going live. Add to this the alerting is very good so false positives get quickly dealt with. Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com Date: Wed, 17 Apr 2013 00:27:19 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Dropsmack Malware CC via Dropbox What happens when the business relies a lot on Access DBs, Excel spreadsheets etc.? Do I have to whitelist every macro? Am I still at risk of data loss/corruption/exfiltration? Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, 17 April 2013 12:54 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Whitelisting can be a lot of work, if you haven't got a flexible technology. There are various vendors in the space and some of them take a lot of the donkey-work out of it for you, whilst still maintaining (as far as I've seen) decent security. But I totally agree that it's still at the whim of the person with their fingers on the controls - if the admin allows a bad executable, then you're in trouble. That can only be mitigated by belt-and-braces approaches, really, relying on old-style reactive AV or IDS/IPS or whatever to catch the bad executable that's somehow bypassed your processes and controls. There is another load of tech springing up around MDM, MIM, MAM or whatever TLA you choose to describe it. It's another big set of challenges though. At the moment I am concentrating on extending the agents I have to MacOS devices rather than worrying about tablets and mobiles yet. I can avoid some of the pain at the moment by deploying Windows apps and desktops via Citrix to the mobile devices rather than letting users manipulate corporate data directly, but it's something I will no doubt get asked to get involved in sometime in the future :-) But it's all so fun keeping up with user trends, isn't it? Maybe if we try really hard to get on top of the possibilities right now we can approach BYOD from a security perspective rather than just getting bullied into making it happen too quickly and having to catch all the security issues while firefighting :-) Cheers, JR On 16 April 2013 15:36, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: James, I agree on the application whitelisting front. But its a lot of work and its still based on trust. ( If you trust something bad) then you have still let the determined attacker in the door, but the caveat is if you control the code execution on your endpoints, then you change the game into your favor. Other aspects to think of: Will application whitelisting work for mobile devices: (Iphone, Android, Tablets, all of which can act like storage devices in a way. Questions to be answered: Which devices do you allow to be attached to your systems to transfer data? (Policies, procedures, enforcement with technical controls and auditing and followup with administrative controls for compliance? (Do we allow the Apple devices, but not the Android, or do we allow just Ironkey devices, and whom should have them and what data should they be able to take ( DLP/DRM etc etc) And we all should know by now that AV is next near worthless against current malware trends, so why does the compliance regulations still require this ( PCI-DSS especially). Working on App whitelisting right now, its been interesting and complex at the time, but at the end I feel it will be worth it. ~ Finally
RE: Dropsmack Malware CC via Dropbox
I think Bud looks pretty good for getting punched in the snout Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, April 17, 2013 11:26 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Actually I didn't go to the pub last night for a change, being as I am stuck in London town :-) We're not all horse-punching drunken alcoholic unemployed layabouts from up my way, you know (see http://www.dailymail.co.uk/news/article-2310139/I-acting-self-defence-says-drunken-fan-disabled-benefits-threw-punch-police-horse.html for details) :-) And incidentally, we're the original football ;-) using as we do our feet for more than a few seconds per game On 17 April 2013 15:47, Webster webs...@carlwebster.commailto:webs...@carlwebster.com wrote: James, It is very hard for a Brit to recall anything after spending all night at the pub watching what you call football. :) Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.comhttp://www.carlwebster.com/ From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Wednesday, April 17, 2013 9:58 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox I was wondering what you were replying to till I realized it was something I sent...but I don't remember sending it. Then I saw the sending time of 4.47am. I must have woken up, looked at the time on my phone and replied to an email as well. Strange I don't recall it! On 17 April 2013 14:32, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Agreed, same solution I am using, does the same function and if there is any blocks, its dealt with quickly before going live. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: On the subject of security...
I agree, without the data you have nothing, protecting the data is what its about. Why have controls in systems if you aren't trying to protect the crown jewels which is the data in which your organization/business used to get its job/mission accomplished. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, April 17, 2013 2:43 PM To: NT System Admin Issues Subject: Re: On the subject of security... On Wed, Apr 17, 2013 at 11:36 AM, Ben Scott mailvor...@gmail.com wrote: On Wed, Apr 17, 2013 at 2:29 PM, Kurt Buff kurt.b...@gmail.com wrote: On Wed, Apr 17, 2013 at 1:59 AM, James Rankin kz2...@googlemail.com wrote: ...today's XKCD sums it up nicely http://xkcd.com/1200/ So, yeah, that's true if you don't use full disk encryption, or a password on your computer/domain account ... You're missing the point. A lot of devs and admins fall into the trap of protecting the system and forgetting that there's a reason why we have the system in the first place. I ultimately don't care about my root account. Protecting it is just a means to an end -- protecting my data, most of which lives in my user account. No, I'm not missing the point. Protecting the end-user account and its data is what those techniques are for - and they also need to be applied to the root/administrator account. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Since we are on the subject of malware and hacking
MY bad, sorry I have been way buried. Also you can see my presentation and download the slide deck at the following location: http://boston.naisg.org/archive.asp Included video of the presentation and the slide deck. Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Alan Davies [mailto:adav...@cls-services.com] Sent: Tuesday, April 16, 2013 6:55 AM To: NT System Admin Issues Subject: RE: Since we are on the subject of malware and hacking Sorry ... must pay attention and notice that some lists reply to individuals; some reply to the list! Walking to naughty corner now ... a From: Alan Davies Sent: 16 April 2013 11:54 To: 'NT System Admin Issues' Subject: RE: Since we are on the subject of malware and hacking Hi Edward, I'd be interested if you could send it over please. Sorry for the late reply! Cheers, Alan Davies. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: 21 March 2013 21:23 To: NT System Admin Issues Subject: Since we are on the subject of malware and hacking I just did a security presentation for NAISG Security Group last night which was well received and informative, it discusses incident response, malware analysis and traffic analysis of current malware trends so if you would like to have a copy of my presentation email me directly, and I will send you a copy. Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Dropsmack Malware CC via Dropbox
Here is the slide deck on this: https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf Good reading, scary thought but a lot are using Dropbox and not thinking about the consequences http://www.techrepublic.com/blog/security/dropsmack-using-dropbox-to-steal-files-and-deliver-malware/9332?tag=nl.e036s_cid=e036ttag=e036 Food for thought, especially from regulatory compliance standpoint. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image002.jpg
RE: Dropsmack Malware CC via Dropbox
James, I agree on the application whitelisting front. But its a lot of work and its still based on trust. ( If you trust something bad) then you have still let the determined attacker in the door, but the caveat is if you control the code execution on your endpoints, then you change the game into your favor. Other aspects to think of: Will application whitelisting work for mobile devices: (Iphone, Android, Tablets, all of which can act like storage devices in a way. Questions to be answered: Which devices do you allow to be attached to your systems to transfer data? (Policies, procedures, enforcement with technical controls and auditing and followup with administrative controls for compliance? (Do we allow the Apple devices, but not the Android, or do we allow just Ironkey devices, and whom should have them and what data should they be able to take ( DLP/DRM etc etc) And we all should know by now that AV is next near worthless against current malware trends, so why does the compliance regulations still require this ( PCI-DSS especially). Working on App whitelisting right now, its been interesting and complex at the time, but at the end I feel it will be worth it. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, April 16, 2013 10:21 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Way to beat that nasty...whitelisting. I guess that vector would work for a lot of these synchronization clients, so I guess good whitelisting is the only way. Luckily as I've started using AppSense DataNow instead of DropBox for mine, I get AppSense Application Manager along with it, which is probably the best whitelisting product I've seen. Very interesting read though, just shows that traditional AV can't really fend off a determined hacker. Cheers, JR On 16 April 2013 15:07, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Here is the slide deck on this: https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf Good reading, scary thought but a lot are using Dropbox and not thinking about the consequences http://www.techrepublic.com/blog/security/dropsmack-using-dropbox-to-steal-files-and-deliver-malware/9332?tag=nl.e036s_cid=e036ttag=e036 Food for thought, especially from regulatory compliance standpoint. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.ukhttp://appsensebigot.blogspot.co.uk/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read
RE: Dropsmack Malware CC via Dropbox
Well said James, Well said. I think we are going to have to approach BYOD from a lot of angles the two I think of are Privacy and Security, which will rule the ruse for the time to come. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: James Rankin [mailto:kz2...@googlemail.com] Sent: Tuesday, April 16, 2013 10:54 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Whitelisting can be a lot of work, if you haven't got a flexible technology. There are various vendors in the space and some of them take a lot of the donkey-work out of it for you, whilst still maintaining (as far as I've seen) decent security. But I totally agree that it's still at the whim of the person with their fingers on the controls - if the admin allows a bad executable, then you're in trouble. That can only be mitigated by belt-and-braces approaches, really, relying on old-style reactive AV or IDS/IPS or whatever to catch the bad executable that's somehow bypassed your processes and controls. There is another load of tech springing up around MDM, MIM, MAM or whatever TLA you choose to describe it. It's another big set of challenges though. At the moment I am concentrating on extending the agents I have to MacOS devices rather than worrying about tablets and mobiles yet. I can avoid some of the pain at the moment by deploying Windows apps and desktops via Citrix to the mobile devices rather than letting users manipulate corporate data directly, but it's something I will no doubt get asked to get involved in sometime in the future :-) But it's all so fun keeping up with user trends, isn't it? Maybe if we try really hard to get on top of the possibilities right now we can approach BYOD from a security perspective rather than just getting bullied into making it happen too quickly and having to catch all the security issues while firefighting :-) Cheers, JR On 16 April 2013 15:36, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: James, I agree on the application whitelisting front. But its a lot of work and its still based on trust. ( If you trust something bad) then you have still let the determined attacker in the door, but the caveat is if you control the code execution on your endpoints, then you change the game into your favor. Other aspects to think of: Will application whitelisting work for mobile devices: (Iphone, Android, Tablets, all of which can act like storage devices in a way. Questions to be answered: Which devices do you allow to be attached to your systems to transfer data? (Policies, procedures, enforcement with technical controls and auditing and followup with administrative controls for compliance? (Do we allow the Apple devices, but not the Android, or do we allow just Ironkey devices, and whom should have them and what data should they be able to take ( DLP/DRM etc etc) And we all should know by now that AV is next near worthless against current malware trends, so why does the compliance regulations still require this ( PCI-DSS especially). Working on App whitelisting right now, its been interesting and complex at the time, but at the end I feel it will be worth it. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: Tuesday, April 16, 2013 10:21 AM To: NT System Admin Issues Subject: Re: Dropsmack Malware CC via Dropbox Way to beat that nasty...whitelisting. I guess that vector would work for a lot
Possible issue with this months patches, MS13-036 patches.
The KB that provides guidance for the issue with the NTFS.SYS package(KB2823324) for MS13-036 is live! * KB2839011 You receive a Stop 0xc00e startup error in Windows 7 after you install security update 2823324 https://support.microsoft.com/kb/2839011 We will be revising the bulletin shortly. Thanks, CSS Security Readiness Response Team EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Windows DNS scavenging..
We have it turned on, and to clean up issues with stale entries and some DDNS issues with our DHCP appliance. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Monday, April 08, 2013 10:33 AM To: NT System Admin Issues Subject: Windows DNS scavenging.. Do you guys have it turned on? Have you seen any issues from it, any caveats? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Since we are on the subject of malware and hacking
Thanks Dave, Next time I will show more of the packet level stuff I was finding, since its every day that I am looking and dealing with malware like I said there tends to be similarities. Especially lately has been multiple samples of postal receipt malware that is bypassing the AV filters. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Dave Vantine [mailto:dvant...@gmail.com] Sent: Friday, March 22, 2013 8:07 AM To: NT System Admin Issues Subject: Re: Since we are on the subject of malware and hacking It was a great presentation. Would have loved more of the examples you provided of what you were finding egressing through your firewall! Regard Dave On Thu, Mar 21, 2013 at 5:22 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: I just did a security presentation for NAISG Security Group last night which was well received and informative, it discusses incident response, malware analysis and traffic analysis of current malware trends so if you would like to have a copy of my presentation email me directly, and I will send you a copy. Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Thanks Dave Vantine ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Since we are on the subject of malware and hacking
Surely glad to share… I am going to be starting a virtualization auditing and security presentation focusing on ESXi systems for presentation later on this yr. Should be a doosey but I need to do the research first. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, March 22, 2013 1:12 PM To: NT System Admin Issues Subject: Re: Since we are on the subject of malware and hacking Thank you sir. Much appreciated. Kurt On Thu, Mar 21, 2013 at 2:22 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: I just did a security presentation for NAISG Security Group last night which was well received and informative, it discusses incident response, malware analysis and traffic analysis of current malware trends so if you would like to have a copy of my presentation email me directly, and I will send you a copy. Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org Work:401-444-9081tel:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: virtualization question
If POS terminal is taking CC information then your IPAD's and the Wireless Network and the system that holds the POS Software is in scope for PCI, something you might want to think about. Along with having to store and encrypt that CC data until it gets to the upstream acquiring bank... Also transmitting of PCI data needs to be encrypted and best to isolate to reduce scope, Food for thought. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Stephen Holtz [mailto:ste...@addisonreserve.cc] Sent: Friday, March 22, 2013 1:59 PM To: NT System Admin Issues Subject: virtualization question Ok, another newbie to the world of virtualization here. I have a POS (point of sale) program that I want to be able to be accessed by iPads using a RDP client. However, I would like to put multiple instances of the program on a server so that each iPad can access the POS program and keep it open during service. Any help even a starting point would be helpful. TIA, Stephen L. Holtz, MCSE, MCT Director of Information Technology Addison Reserve Country Club 7201 Addison Reserve Blvd. Delray Beach, Fl. 33446 Ph: 561-455-1220 Cell: 561-441-0646 www.addisonreserve.cchttp://www.addisonreserve.cc/ [ARLogo][PlatinumClub][DistinguishedEmerald] Proudly recognized as a 5-Star Platinum Club of America. This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please notify me by replying to this message and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image004.jpginline: image005.jpginline: image006.jpginline: image007.jpg
RE: Difference between port forwarding and DMZ
I will make some assumptions. 1) You have allowed the port forwarding through the firewall ( therefore no inspection into the traffic to truly determine if it is what it proports to be) 2) If I can compromise the box in the DMZ, then I can use this to push into the Internal network based on the trust you have established via port forwarding. ( Evil hat on, setup a Netcat shell or Cryptcat shell to do the same thing and then sell the bandwidth and access to your compromised DMZ box to participate in global botnet fun, serve up malware, etc etc) (Ok evil hat off) 3) Leverage this trust on port forwarding to explore your internal network, or to compromise your internal network and have another system to leap frog to other systems and establish foothold, after this its game over... ( I just use your outbound bandwith with multiple compromised boxes, to attack other networks, etc etc) I hope this opens the window to the dark side of thinking in hacker methodology :) Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Thursday, March 14, 2013 11:22 AM To: NT System Admin Issues Subject: Difference between port forwarding and DMZ What's the risk difference between a server in a DMZ (firewalls on each end) and port forwarding from the Internet to a machine inside a network perimeter? Scenario : I have PC's that use port to talk to a management server, I'm wondering of that server needs to be in the DMZ (with that port opened), or if forwarding that port through is functionally the same thing? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Difference between port forwarding and DMZ
Kurt hit the bingo... what I was covering from a evil prespective earlier... Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 14, 2013 3:04 PM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ Section 2.2 says This is a more secure approach because an attacker has to break both firewalls in order to get to the internal network. This is incorrect. All he has to do is subvert the machine in the DMZ, and he has access to all of the resources in the production network to which the machine in the DMZ has access. You've already done the work of subverting the second firewall. I suppose you could set up IPSec connections, or perhaps as suggested an SSL tunnel, but ISTM that it my caveat about the subverted machine in the DMZ still holds. Kurt On Thu, Mar 14, 2013 at 11:34 AM, David Lum david@nwea.org wrote: I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. How does this work, then? RDS Gateway servers need to be domain-joined http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-i n-a-perimeter-network-firewall-rules.aspx Dave -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, March 14, 2013 9:34 AM To: NT System Admin Issues Subject: Re: Difference between port forwarding and DMZ On Thu, Mar 14, 2013 at 8:22 AM, David Lum david@nwea.org wrote: What’s the risk difference between a server in a DMZ (firewalls on each end) and port forwarding from the Internet to a machine inside a network perimeter? Scenario : I have PC’s that use port to talk to a management server, I’m wondering of that server needs to be in the DMZ (with that port opened), or if forwarding that port through is functionally the same thing? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Go back to the fundamentals. Why do you have a DMZ - that is, what is the fundamental reason that you have a DMZ? It is to have a place where you can put machines that are untrusted, but to which your production network (and perhaps other untrusted networks) need access. So, if it's untrusted, and you need access, what is the fundamental thing you *DON'T* do? You don't allow untrusted machines unrestricted access to your production network. In particular, you don't allow machines in the DMZ to initiate traffic to the production network. Machines in a DMZ should only respond to requests for traffic from the production network, or if they need to initiate traffic to the production network, that traffic should be strictly limited and throughly examined by a proxy that understands the traffic in question. So: o- Where are the machines located that need access to your management server? o- Does the server initiate any traffic, or is it just the clients? If all of the clients are in the production network, and you have all of them under your control, then putting the management server in the DMZ is not required. If the clients are both in and out of the production network, put the management server in a DMZ and make sure you have a firewall that understands the traffic (an application layer gateway, or proxy). Simple port forwarding doesn't examine the traffic. I'll make another sweeping statement here: Don't put any machine in the DMZ that requires membership in your production domain. At that point you don't have a DMZ, you merely have another subnet of your production network, and basically no protection. It's possible that TMG could act as a proxy for something like this, but I'd be very nervous about it. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint
RE: DNS settings for Trusts
http://support.microsoft.com/kb/179442 I would look here. How to configure a firewall for domains and trusts Just because you can't ping the endpoint doesn't mean it isn't available. You can do the following if you need to determine if an endpoint is open. Get a copy of Nmap or if you have a Linux Box you can use tcptraceroute or Nmap also. To test you tell Nmap not to ping the host. Nmap -sS -sV -P0 -p- ip address of endpoint. ( this will do all 65535 ports and tell you what you have open from your system) Tcptraceroute IP_addresss dest_port ( so if I wanted to tcptraceroute to 123.45.67.89 port 135 I would do the following) Tcptraceroute 123.45.67.89 135 HTH I think you up against a FW issue nobody on the other side is telling you about.. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org Work:401-444-9081 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: N Parr [mailto:npar...@mortonind.com] Sent: Tuesday, March 05, 2013 4:29 PM To: NT System Admin Issues Subject: RE: DNS settings for Trusts From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Tuesday, March 05, 2013 2:42 PM To: NT System Admin Issues Subject: RE: DNS settings for Trusts a) DomainA and DomainB are in separate Forests? - Yes b) Where does the PDCe in DomainA look first for name resolution (itself? Another DNS server?) Itself (Secondary Forward Lookup Zones created on both sides) c) The DNS server in (b) - how does it know where to send requests for DomainB? Does it host a secondary copy? You have configured forwarders? You have glue records? Hosts secondary Copy. Tried Forwarders but from what I'm ready you use either a zone or a forwarder, not both. I tried a forwarder any way and it didn't make a difference. Glue Records? I don't think these come in to play internally. d) For the DC in domainB where you are attempting to create the trust: where does it look for name resolution (itself? Another DNS server?) Can't get to the point of making a trust yet because domainB can't ping domainA.local e) The DNS server in (d) - how does it know where to send requests for DOmainA? Does it host a secondary copy? You have configured forwarders? You have glue records? Answered in C) Cheers Ken From: N Parr [mailto:npar...@mortonind.com] Sent: Wednesday, 6 March 2013 6:46 AM To: NT System Admin Issues Subject: RE: DNS settings for Trusts Domain B can't resolve Domain A. Can't ping domain.local or any host. And if we can't ping domain.local then we can't begin to create the trust. No errors in the event log. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, March 05, 2013 12:20 PM To: NT System Admin Issues Subject: Re: DNS settings for Trusts Can you describe the type of lookup failures you are receiving? ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Mar 5, 2013 at 12:43 PM, N Parr npar...@mortonind.commailto:npar...@mortonind.com wrote: I'm having some issues getting DNS to resolve properly on a trust we are trying to set up and it doesn't make much sense why I'm having problems. Domain A can resolve everything on Domain B just fine but Domain B can't resolve Domain A. Both are 08 Domains. The zones are fully populated and there's no issues replicating records. All the ports are open across the VPN, I can telnet back and forth, I can ping any IP. According to this article I need to make sure my SRV and Host A records are properly created. But we didn't have to do this on Domain A to get it to work. Either way where am I suppose to create these records? Under my primary Zone? It doesn't give any detail and my Google is failing me. http://technet.microsoft.com/en-us/library/ee307976%28v=ws.10%29.aspx Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource
Java 0 day again...
And the Java 0-days just keep on coming http://isc.sans.edu/diary.html?nstoryid=15310 Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: IIS reporting/monitoring free tool
Fiddler can tell you some of the same information but httpwatch is a good tool to troubleshoot client side issues when looking at web information. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 28, 2013 3:19 PM To: NT System Admin Issues Subject: Re: IIS reporting/monitoring free tool That's pretty cool. I'm going to try that. Kurt On Thu, Feb 28, 2013 at 12:02 PM, Kevin Lundy klu...@gmail.com wrote: I think you are looking for something like http watch http://www.httpwatch.com/ On Thu, Feb 28, 2013 at 1:13 PM, itli...@imcu.com itli...@imcu.com wrote: That is basically it. The application developer says that brute force testing on my server shows response time for 1000 pages on 10 accounts concurrently have an average 1.55 second response with is below their required 2.00 response. But the users are showing as much as 5 minutes from Get to Post. On their workstation on a 10/100 switch. No WAN traffic all on the same LAN and same SWITCH for 20 of the 23 users. So I am game for anything I can do to show the developer there are issues my users can not live with. But for now I am limited to their tools and their results. Thanks for all the help. From: Ken Schaefer [mailto:k...@adopenstatic.com] Posted At: Wednesday, February 27, 2013 5:01 PM Posted To: itli...@imcu.com Conversation: IIS reporting/monitoring free tool Subject: RE: IIS reporting/monitoring free tool The best way you are going to get a true picture of this if is you run the tool on the client machine, or at the client’s location. Not on the server. On the server you can look at the Time-Taken field in the IIS logs to get some idea of how long it takes IIS to put the page onto the wire. That’s not the same as the client actually receiving the packet, and doesn’t take into account any proxies, accelerators, caches etc. between the server and the client. Anyway, if you have some more requirements, then perhaps we can help with your searching. Cheers Ken From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, 28 February 2013 7:56 AM To: NT System Admin Issues Subject: RE: IIS reporting/monitoring free tool Solarwinds, didn’t give me the results I wanted, I need to know how long each page is taken to return to the client workstations for a particular app. Couldn’t get AWSTATS to even give me one result.(Had it working on another server last year but can not get this one to configure properly.) IIS reporter but it is only giving me active connections to IIS not per page or duration times? I saw Beta 7.0 had a IIS reporting tool but dev decided it wasn’t need for admin tools of IIS 7.5??? Seems like that would be a good thing, unless they were borrowing someones code to get their results??? Anyways, thought I would try here?? From: Andrew S. Baker [mailto:asbz...@gmail.com] Posted At: Tuesday, February 26, 2013 10:31 AM Posted To: itli...@imcu.com Conversation: IIS reporting/monitoring free tool Subject: Re: IIS reporting/monitoring free tool Given the number of google entries that cover this request, what have you already ruled out and why? ASB http://XeeMe.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Tue, Feb 26, 2013 at 10:19 AM, itli...@imcu.com itli...@imcu.com wrote: Looking for a free IIS monitoring or reporting tool for IIS 7.5 on server 2008 r2. Any suggestions? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: IIS reporting/monitoring free tool
Nice one I totally didn't know that on IE by default. And this is my first email as a newly minted CISA, Sincerely, EZ Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Steven Peck [mailto:sep...@gmail.com] Sent: Thursday, February 28, 2013 4:24 PM To: NT System Admin Issues Subject: Re: IIS reporting/monitoring free tool For basic testing from a client machine you can also use F12 in IE. Go to Network, Start Capture Type in the URL Click around, do stuff. Stop Capture. It will at least get you response request information, various calls etc. and it's most likely on the client system already. That said, play around with the other tools, this just happens to already be there. :) On Thu, Feb 28, 2013 at 12:47 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Fiddler can tell you some of the same information but httpwatch is a good tool to troubleshoot client side issues when looking at web information. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Thursday, February 28, 2013 3:19 PM To: NT System Admin Issues Subject: Re: IIS reporting/monitoring free tool That's pretty cool. I'm going to try that. Kurt On Thu, Feb 28, 2013 at 12:02 PM, Kevin Lundy klu...@gmail.commailto:klu...@gmail.com wrote: I think you are looking for something like http watch http://www.httpwatch.com/ On Thu, Feb 28, 2013 at 1:13 PM, itli...@imcu.commailto:itli...@imcu.com itli...@imcu.commailto:itli...@imcu.com wrote: That is basically it. The application developer says that brute force testing on my server shows response time for 1000 pages on 10 accounts concurrently have an average 1.55 second response with is below their required 2.00 response. But the users are showing as much as 5 minutes from Get to Post. On their workstation on a 10/100 switch. No WAN traffic all on the same LAN and same SWITCH for 20 of the 23 users. So I am game for anything I can do to show the developer there are issues my users can not live with. But for now I am limited to their tools and their results. Thanks for all the help. From: Ken Schaefer [mailto:k...@adopenstatic.commailto:k...@adopenstatic.com] Posted At: Wednesday, February 27, 2013 5:01 PM Posted To: itli...@imcu.commailto:itli...@imcu.com Conversation: IIS reporting/monitoring free tool Subject: RE: IIS reporting/monitoring free tool The best way you are going to get a true picture of this if is you run the tool on the client machine, or at the client's location. Not on the server. On the server you can look at the Time-Taken field in the IIS logs to get some idea of how long it takes IIS to put the page onto the wire. That's not the same as the client actually receiving the packet, and doesn't take into account any proxies, accelerators, caches etc. between the server and the client. Anyway, if you have some more requirements, then perhaps we can help with your searching. Cheers Ken From: itli...@imcu.commailto:itli...@imcu.com [mailto:itli...@imcu.commailto:itli...@imcu.com] Sent: Thursday, 28 February 2013 7:56 AM To: NT System Admin Issues Subject: RE: IIS reporting/monitoring free tool Solarwinds, didn't give me the results I wanted, I need to know how long each page is taken to return to the client workstations for a particular app. Couldn't get AWSTATS to even give me one result.(Had it working on another server last year but can not get this one to configure properly.) IIS reporter but it is only giving
For your virtualization reading library recommended book
Virtualization Security By: Dave Shackleford Sybex Publishing ISBN:978-1-118-28812-2 Covers ESXi, XenServer and HyperV. EZ Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Java 7-15 failures.
So true ASB Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues (numbered 54 and 55), which when combined together can be successfully used to gain a complete Java security sandbox bypass in the environment of Java SE 7 Update 15 (1.7.0_15-b03). Following our Disclosure Policy [1], we provided Oracle with a brief technical description of the issues found along with a working Proof of Concept code that illustrates their impact. Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way. Without going into further details, everything indicates that a ball is in Oracle's court. Again. Thank you. Best Regards Adam Gowdiak - Security Explorations http://www.security-explorations.com We bring security research to the new level - References: [1] Security Explorations - Disclosure Policy http://www.security-explorations.com/en/disclosure-policy.html Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, February 26, 2013 8:46 AM To: NT System Admin Issues Subject: Re: Java 7-15 failures. Have no fear: at the rate that Java exploits and vulnerabilities are being found in Java, they'll be providing more updates shortly. Maybe they'll fix that problem, or maybe more people will get the impetus to work around them. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Feb 25, 2013 at 9:31 PM, Jon Harris jk.har...@live.commailto:jk.har...@live.com wrote: I am having similar issues. I just wish I did not need this crapware for work. Jon From: kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org To: ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Java 7-15 failures. Date: Mon, 25 Feb 2013 17:23:12 + I am seeing the IE activation issue on multiple machines myself when I get the exe to work. -Original Message- From: Sam Cayze [mailto:sca...@gmail.commailto:sca...@gmail.com] Sent: Monday, February 25, 2013 12:20 PM To: NT System Admin Issues Subject: RE: Java 7-15 failures. No issues with the actual installer... But I'm having a heck of time having the IE pluggin actually work after an upgrade. It's getting tiresome trying to fix this after each update. IE says the add-on is enabled and all that jazz. But no Java will actually load in IE. Haven't pinpointed the actually fix yet, but it usually requires a mix of rebooting, disabling, re-enabling plugins, and re-installing java. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Friday, February 22, 2013 3:14 PM To: NT System Admin Issues Subject: RE: Java 7-15 failures. Not sure how to say this...but glad to hear that. So it isn't just me, there are others. So there is hope Java will release a fixed patch. -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.commailto:jcas...@activenetwerx.com] Sent: Friday, February 22, 2013 3:55 PM To: NT System Admin Issues Subject: RE: Java 7-15 failures. Ditto here, sigh... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
RE: Remote Desktop Server (Formerly known as Terminal Server)
Here is a weird one that I am seeing with RDP on Windows 2008. Remote Desktop Services is running on the server and the port is open (3389) You can connect to the server and enter your AD credentials, and then it tries to show you the desktop and sure enough claims there is a network error and kicks you out. I Have checked the following. 1) Network settings on NIC (In Network Fault Tolerant Pair, how its always configured) no errors seen. 2) Negoiate is set for the session security 3) RDP Services has been recycled numerous times.(At least 5) 4) Check to make sure the account logging in with didn't have a specific program to run at login and showed it to always show desktop Still get Event ID 7034 with Remote Desktop Services. Any ideas? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, February 22, 2013 5:43 PM To: NT System Admin Issues Subject: Re: Remote Desktop Server (Formerly known as Terminal Server) Not that easy with published apps to be fair, and apps that don't exit properly at some times. Some users have published apps with local file associations, some users have a blend of streamed, local and remote apps. And sometimes you can end up with disconnected sessions the users are unaware of in a big and/or complicated environment. Cheers, JR Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Ken Cornetet ken.corne...@kimball.commailto:ken.corne...@kimball.com Date: Fri, 22 Feb 2013 17:28:53 -0500 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Well, if you mean corruption as in the last session to write the profile wins, that's true, but it is handled by user education. From: kz2...@googlemail.commailto:kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, February 22, 2013 10:31 AM To: NT System Admin Issues Subject: Re: Remote Desktop Server (Formerly known as Terminal Server) Multiple sessions also tend to cause corruption issues IMHO Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Webster webs...@carlwebster.commailto:webs...@carlwebster.com Date: Fri, 22 Feb 2013 15:11:50 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) Using Roaming Profiles in a large enterprise environment with sub-par WAN links makes for problematic roaming profile issues. Also some people forget to implement folder redirection with roaming profiles and you get profile bloat and a very bad user logon/off experience. Also, not everyone does the share and folder permissions properly for roaming profiles and or folder redirection and that can really screw things up. Thanks Webster From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, February 22, 2013 9:03 AM To: NT System Admin Issues Subject: RE: Remote Desktop Server (Formerly known as Terminal Server) I'm using roaming profiles in a XenApp 5 system with around 1000 users. No problems whatsoever. I think a lot of the common wisdom about not using roaming profiles is a combination of bad history and FUD spread by vendors of profile management software. Not using roaming profiles sounds good in theory, but may be problematic in practice. If you have a user base with very simple requirements, a mandatory profile can work well - you only need to back up and restore a few settings from the registry (Outlook profiles, default printer, etc). Otherwise, roaming profiles make life much easier. I'll try to highlight the group policy I have in place: User lockdown - implemented via loopback - Set security to deny apply of this GP for admin users. Turns off most of the things in control panel Hide Desktop network
RE: Highly recommended - I have a paper copy
Kurt Thanks for the recommendation I just got my copy of the book and started to read through, definitely good so far. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 07, 2013 5:20 PM To: NT System Admin Issues Subject: Highly recommended - I have a paper copy -- Forwarded message -- From: InfoSec News ale...@infosecnews.org Date: Wed, Feb 6, 2013 at 11:41 PM Subject: [ISN] Security Engineering -- The Book - For Free! To: i...@infosecnews.org http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering -- The Book ‘I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining - and far more useful - than novels (and my normal science fiction). When I first got it in the mail, I said to myself I'm never going to read all of that. But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.’ Don Norman ‘The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...’ Gary McGraw ‘It's beautiful. This is the best book on the topic there is’ Bruce Schneier All chapters from the second edition now available free online! Table of contents Preface Acknowledgements Chapter 1: What is Security Engineering? Chapter 2: Usability and Psychology Chapter 3: Protocols Chapter 4: Access Control Chapter 5: Cryptography Chapter 6: Distributed Systems Chapter 7: Economics Chapter 8: Multilevel Security Chapter 9: Multilateral Security Chapter 10: Banking and Bookkeeping Chapter 11: Physical Protection Chapter 12: Monitoring and Metering Chapter 13: Nuclear Command and Control Chapter 14: Security Printing and Seals Chapter 15: Biometrics Chapter 16: Physical Tamper Resistance Chapter 17: Emission Security Chapter 18: API Security Chapter 19: Electronic and Information Warfare Chapter 20: Telecom System Security Chapter 21: Network Attack and Defence Chapter 22: Copyright and DRM Chapter 23: The Bleeding Edge Chapter 24: Terror, Justice and Freedom Chapter 25: Managing the Development of Secure Systems Chapter 26: System Evaluation and Assurance Chapter 27: Conclusions Bibliography Index When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to have as a conveient shelf reference: Buy from Amazon.com Buy from Wiley Buy from Amazon.co.uk (Kindle version) Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication. Supplementary materials: If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge: * the first part in second-year Introduction to Security (course material and past exam questions) * the second in third-year Security (course material and questions), and * the third part in our second-year Software Engineering (course, questions and still more questions). I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website. __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the
RE: Backup to cloud?
Nice, definitely relates to the cloud... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, February 14, 2013 1:09 AM To: NT System Admin Issues Subject: Re: Backup to cloud? On Wed, Feb 13, 2013 at 9:18 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Feb 13, 2013 at 6:55 PM, Ken Schaefer k...@adopenstatic.com wrote: Let’s not get carried away with calling this proposal ‘cloud backup’. Why not? Everyone else is. -- Ben LOL If all your friends jumped off a cliff... OB xkcd : http://xkcd.com/1170/ Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Backup to cloud?
Have you thought about the confidentiality aspects of putting your data in the cloud, especially if its under regulatory compliance ( PCI, HIPAA, Sox) if you haven't you might be getting yourself in a lot of hot water. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Sam Cayze [mailto:sca...@gmail.com] Sent: Wednesday, February 13, 2013 1:01 PM To: NT System Admin Issues Subject: RE: Backup to cloud? Amazon has some super high speed pipes linked to various centers for situations like this. (Called Direct Connect?). Not too familiar with it. I think connections as fast as 10Gbps. You could design your DR strategy around a data center supporting this. Mozy also supports shipping DVDs/Drives. There are also some solutions that allow you to 'spin-up' your backups at the cloud location on a VM. (Check out Unitrends. Veem?). Then, you don't have to download the backups. I put all my 'cloud' backups into the same remote data center I would restore to in a disaster. And some of that even gets backed up to the 'real' cloud (Amazon S3). From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, February 13, 2013 11:36 AM To: NT System Admin Issues Subject: Re: Backup to cloud? I have 498GB of data stored in the cloud that would take about six weeks to download. The send me it on a USB drive option that Ben mentioned is my DR choice :-) On 13 February 2013 17:27, Rod Trent rodtr...@myitforum.commailto:rodtr...@myitforum.com wrote: Why would retrieval take that long? Are you talking more about disaster recovery? From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Wednesday, February 13, 2013 12:21 PM To: NT System Admin Issues Subject: Backup to cloud? Does backup to cloud even matter if the time to retrieve it spans 20+ hours? If I were to consider hosting a clients' backups at my location, where do I go to find what liabilities I need to worry about. Coincidentally the client in mind is a law firm of all places... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- James Rankin Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Another Java Update to close in the wild exploits Feb 19, 2013
http://nakedsecurity.sophos.com/2013/02/04/another-java-update-oracle-brings-patch-tuesday-forward-to-close-in-the-wild-hole/ According to the latest Oracle Risk Matrixhttp://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html#AppendixJAVA there are 50 fixes, 49 of which might be remotely exploitable. That means merely visiting a web page might be enough to infect your computer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
Recall: Another Java Update to close in the wild exploits Feb 19, 2013
Ziots, Edward would like to recall the message, Another Java Update to close in the wild exploits Feb 19, 2013. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Another Java Update to close in the wild exploits Feb 19, 2013
Sorry included an internal group on the email, that I fubbed when sending the email. But yes Java is going to be patched again, another 50 fixes, maybe that will take care of what Security Explorations has sent to oracle. I am sure this will not be end of this. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, February 12, 2013 9:06 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 Too late. Thanks Webster -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: Recall: Another Java Update to close in the wild exploits Feb 19, 2013 Ziots, Edward would like to recall the message, Another Java Update to close in the wild exploits Feb 19, 2013. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Another Java Update to close in the wild exploits Feb 19, 2013
This is supposed to be post Update 13, which happened about a week ago. This is to fix the other flaws that Security Explorations sent to Oracle and I am sure there will be more. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ben M. Schorr [mailto:b...@rolandschorr.com] Sent: Tuesday, February 12, 2013 10:52 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 That update was from a week ago wasn't it? Ben M. Schorr Chief Executive Officer Roland Schorr Tower - Flagstaff Office 928-526-3970 www.rolandschorr.com * www.twitter.com/bschorr * www.facebook.com/RolandSchorr -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, February 12, 2013 8:32 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 Sorry included an internal group on the email, that I fubbed when sending the email. But yes Java is going to be patched again, another 50 fixes, maybe that will take care of what Security Explorations has sent to oracle. I am sure this will not be end of this. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, February 12, 2013 9:06 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 Too late. Thanks Webster -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: Recall: Another Java Update to close in the wild exploits Feb 19, 2013 Ziots, Edward would like to recall the message, Another Java Update to close in the wild exploits Feb 19, 2013. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Another Java Update to close in the wild exploits Feb 19, 2013
Thanks for the update and no we are not wrong there is more fixes coming, like I posted before... https://blogs.oracle.com/security/entry/updates_to_february_2013_critical Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, February 12, 2013 11:22 AM To: NT System Admin Issues Subject: Re: Another Java Update to close in the wild exploits Feb 19, 2013 http://www.computerworld.com/s/article/9236657/Oracle_to_release_yet_more_patches_for_Java?taxonomyId=17 ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Feb 12, 2013 at 11:05 AM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: This is supposed to be post Update 13, which happened about a week ago. This is to fix the other flaws that Security Explorations sent to Oracle and I am sure there will be more. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ben M. Schorr [mailto:b...@rolandschorr.commailto:b...@rolandschorr.com] Sent: Tuesday, February 12, 2013 10:52 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 That update was from a week ago wasn't it? Ben M. Schorr Chief Executive Officer Roland Schorr Tower - Flagstaff Office 928-526-3970tel:928-526-3970 www.rolandschorr.comhttp://www.rolandschorr.com * www.twitter.com/bschorrhttp://www.twitter.com/bschorr * www.facebook.com/RolandSchorrhttp://www.facebook.com/RolandSchorr -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.orgmailto:ezi...@lifespan.org] Sent: Tuesday, February 12, 2013 8:32 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 Sorry included an internal group on the email, that I fubbed when sending the email. But yes Java is going to be patched again, another 50 fixes, maybe that will take care of what Security Explorations has sent to oracle. I am sure this will not be end of this. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Webster [mailto:webs...@carlwebster.commailto:webs...@carlwebster.com] Sent: Tuesday, February 12, 2013 9:06 AM To: NT System Admin Issues Subject: RE: Another Java Update to close in the wild exploits Feb 19, 2013 Too late. Thanks Webster -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.orgmailto:ezi...@lifespan.org] Subject: Recall: Another Java Update to close in the wild exploits Feb 19, 2013 Ziots, Edward would like to recall the message, Another Java Update to close in the wild exploits Feb 19, 2013. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com
RE: Security Firm Bit9 Hacked, Used to Spread Malware
Very interesting article, it does underline the importance of using application whitelisting and protecting your systems, but this is definitely a black eye Bit9 doesn’t need. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: Sunday, February 10, 2013 5:03 PM To: NT System Admin Issues Subject: RE: Security Firm Bit9 Hacked, Used to Spread Malware fair enough. Next step: spin - see what happens when you don't use our product? :) Sent from my Windows Phone From: Andrew S. Baker Sent: 2/10/2013 3:27 PM To: NT System Admin Issues Subject: Re: Security Firm Bit9 Hacked, Used to Spread Malware The reporting was vague, but Bit9 was more clear in their own blog. https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/ In brief, here is what happened. Due to an operational oversight within Bit9, we failed to install our own product on a handful of computers within our network. As a result, a malicious third party was able to illegally gain temporary access to one of our digital code-signing certificates that they then used to illegitimately sign malware. There is no indication that this was the result of an issue with our product. Our investigation also shows that our product was not compromised. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Sun, Feb 10, 2013 at 2:03 PM, Crawford, Scott crawfo...@evangel.edumailto:crawfo...@evangel.edu wrote: You could interpret that sentence two ways: A: We didn’t have it installed on the compromised systems. B: It was installed, but did not protect them. B says the software doesn’t work. A says there was simply a mistake made. Phrasing it like they did, allows B to be true, while implying A. From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Saturday, February 9, 2013 9:51 PM To: NT System Admin Issues Subject: Re: Security Firm Bit9 Hacked, Used to Spread Malware The company said attackers managed to compromise some of Bit9′s systems that were not protected by the company’s own software. And this was because of... ? ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market… On Fri, Feb 8, 2013 at 5:59 PM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. OUCH ! More at: http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/ Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Highly recommended - I have a paper copy
Thanks Sam, going to get this ordered also, will make a nice edition to my reading collection. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Sam Cayze [mailto:sca...@gmail.com] Sent: Friday, February 08, 2013 5:03 PM To: NT System Admin Issues Subject: RE: Highly recommended - I have a paper copy Just read a chapter, and I have a say, I'm hooked. Looking through the TOC, there are so many aspects of security in the book that I have been wanting a better understanding of. All in one place. I already downloaded and combined the PDFs... but heck, I'm buying the paper version of this one! http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering -- The Book 'I'm incredibly impressed that one person could produce such a thorough coverage. Moreover, you make the stuff easy and enjoyable to read. I find it just as entertaining - and far more useful - than novels (and my normal science fiction). When I first got it in the mail, I said to myself I'm never going to read all of that. But once I started reading I just kept going and going. Fantastic: well done. Now, let's hope that all those in charge of security for information technology will also read the book and heed the lessons.' Don Norman 'The book that you MUST READ RIGHT NOW is the second edition of Ross Anderson's Security Engineering book. Ross did a complete pass on his classic tome and somehow made it even better...' Gary McGraw 'It's beautiful. This is the best book on the topic there is' Bruce Schneier All chapters from the second edition now available free online! Table of contents Preface Acknowledgements Chapter 1: What is Security Engineering? Chapter 2: Usability and Psychology Chapter 3: Protocols Chapter 4: Access Control Chapter 5: Cryptography Chapter 6: Distributed Systems Chapter 7: Economics Chapter 8: Multilevel Security Chapter 9: Multilateral Security Chapter 10: Banking and Bookkeeping Chapter 11: Physical Protection Chapter 12: Monitoring and Metering Chapter 13: Nuclear Command and Control Chapter 14: Security Printing and Seals Chapter 15: Biometrics Chapter 16: Physical Tamper Resistance Chapter 17: Emission Security Chapter 18: API Security Chapter 19: Electronic and Information Warfare Chapter 20: Telecom System Security Chapter 21: Network Attack and Defence Chapter 22: Copyright and DRM Chapter 23: The Bleeding Edge Chapter 24: Terror, Justice and Freedom Chapter 25: Managing the Development of Secure Systems Chapter 26: System Evaluation and Assurance Chapter 27: Conclusions Bibliography Index When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them - and I hope you'll buy the paper version to have as a conveient shelf reference: Buy from Amazon.com Buy from Wiley Buy from Amazon.co.ukhttp://Amazon.co.uk (Kindle version) Here are the errata for the second edition, and here's a page of notes and links concerning relevant topics that I've come across since publication. Supplementary materials: If you're a college professor thinking of using my book in class, note that we use my book in three courses at Cambridge: * the first part in second-year Introduction to Security (course material and past exam questions) * the second in third-year Security (course material and questions), and * the third part in our second-year Software Engineering (course, questions and still more questions). I hope you find these useful. You're welcome to use and adapt any of my slides if you wish under this Creative Commons license. Also, if you're an instructor at an accredited institution, you can request an evaluation copy via Wiley's website. __ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Require Network Level Authentication to RDP
We are running it also, means you need to have latest version of RDP client running and doesn't always work with downlevel XP clients. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Monday, February 11, 2013 11:15 AM To: NT System Admin Issues Subject: Re: Require Network Level Authentication to RDP We are running it on our network. PCI auditors require it. We have Mac and Linux clients and everything is working fine. On Mon, Feb 11, 2013 at 9:55 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: I'm doing it on my network, but I haven't seen a lot of people do it so far. But I have started to recommend it to some customers. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Mon, Feb 11, 2013 at 9:56 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Are you guys enforcing this on your networks? I'm not seeing any reason NOT to at this point, but would like to know if anyone here has and if there are any caveats. The only thing that comes to mind is a Linux (MacOS, etc.) user with an older RDP client. Anyone? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Exchange 2003 to Office 365
Been a Pain in the arse migrating so far, as for new users that are totally in the cloud it depends on a lot of things. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Monday, February 11, 2013 2:17 PM To: NT System Admin Issues Subject: Exchange 2003 to Office 365 Is there a benefit to moving to Microsoft's cloud for general users?? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Security Firm Bit9 Hacked, Used to Spread Malware
Just shows anyone is a target Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Shane Mullins [mailto:tsmulli...@gmail.com] Sent: Monday, February 11, 2013 4:10 PM To: NT System Admin Issues Subject: Re: Security Firm Bit9 Hacked, Used to Spread Malware If major security vendors get hacked on a regular basis, then us little guys don't really stand a chance! On Fri, Feb 8, 2013 at 5:59 PM, Stu Sjouwerman s...@sunbelt-software.commailto:s...@sunbelt-software.com wrote: Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known safe files from computer viruses and other malicious software. OUCH ! More at: http://krebsonsecurity.com/2013/02/security-firm-bit9-hacked-used-to-spread-malware/ Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: OT: Guest network security
I Love the wildfire piece, its amazing what I get from it. 125% recommend that you turn it on if you haven't. The sandboxing reports I get I review and then update my security controls accordingly. Its been a real eye opener for some here. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 4:42 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.commailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much
RE: OT: Guest network security
Hell I'd vouche for the PA's for ya, because I have been working with them directly for about a year and done alot of lockdown based on the functionality that isn't in ASA's or other FW's I have worked with. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 4:45 PM To: NT System Admin Issues Subject: Re: OT: Guest network security We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018.. No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy klu...@gmail.com wrote: I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body:
RE: OT: Guest network security
Adaptive out of Portsmouth NH is who we work with. All they do is PA…. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Pete Howard [mailto:pchow...@yahoo.com] Sent: Wednesday, February 06, 2013 4:59 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Anyone have a favorite VAR to work with for PA's ? A few of my usual vendors dont carry them From: Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, February 6, 2013 4:08 PM Subject: RE: OT: Guest network security If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn’t have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though
RE: OT: Guest network security
I will be learning Fortinet soon enough since we got a bunch of them in as replacements for Juniper's. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 06, 2013 5:02 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I'll choose a Fortinet over an ASA every day of the week... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Feb 6, 2013 at 3:44 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: LOL Cisco bigot... why is that sooo familiar. He would probably like Fortinet better if he knew the price and performance was way better than ASA's. ( Found those to be clugy)_ Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.commailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:21 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com
RE: OT: Guest network security
Honestly, the complexity is not that much harder than regular firewall administration. I have been using Palo's for about 1 yr+ and self taught just reading the admin manuals and working with my traffic patterns during work and been able to inspect a lot of traffic and do a lot of lockdown and I am using mine for FW, IPS and Web Filtering. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, February 06, 2013 5:04 PM To: NT System Admin Issues Subject: Re: OT: Guest network security If you have someone to manage them, the PA devices are very, very robust. But they do bring some complexity for all that power. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Wed, Feb 6, 2013 at 4:45 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: We have 15 Cisco 1240AGs, which were apparently announced of End of Sale, though EOL is apparently 2018.. No controller, but I just talked with our supplier, who is recommending the 2504. There's a unit that comes with a 15-WAP license, for not too expensive. *Very* good to know about the captive portal capability. The recommendation of CCIEs for the PA over the ASA is, well, interesting. I wonder if I can find someone he will believe on that... Kurt On Wed, Feb 6, 2013 at 12:48 PM, Kevin Lundy klu...@gmail.commailto:klu...@gmail.com wrote: I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful
RE: Wow. Just what we need
Just what I was reading, use Ping with a Backtrack R3 machine, I am trying to find a way to see if I can send pings to entire subnets to see if stuff will drop... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 8:24 PM To: NT System Admin Issues Subject: Wow. Just what we need A limited threat, but a good one: Packet of death http://blog.krisk.org/2013/02/packets-of-death.html Also, https://isc.sans.edu/diary/Intel+Network+Card+%2882574L%29+Packet+of+Death/15109 - see the comment... What a brilliant sleuthing job, though, and a mention of a tool that's new to me and possibly quite promising. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
It gets worse UPNP root access exploit more info
- ADSL Router - Router Sagem - AFAQ DSL SHAMEL ROUTER Sagemcom - ADSL Router - ADSL Router SemIndia Systems Private Ltd. - SemIndia ADSL2Plus Modem/Router SemIndia Systems Pvt. Ltd. - SemIndia Systems ADSL2Plus Modem Router - SemIndia Systems ADSL2Plus Modem/Wireless Router SIEMENS - alice.box Siemens - ADSL SL2-141 - ADSL SL2-141-I - Gigaset SE515B - SL2-141-I SimpleTech - OdenShare - SimpleShare Sinus - 1054 DSL SmartLink - ADSL Router Sparklan - Internet Gateway Device Speedport - 500V - W 500V Starbridge Networks - Broadcom ADSL Router Star-Net - Broadcom ADSL Router STAR-NET - Broadcom ADSL Router Sveasoft Inc. - Residential Gateway Device TARGA WR 500 VoIP - TARGA WR 500 VoIP Tecom - DSL Router TeleWell Oy (http://www.telewell.fi) TeleWell Oy (http://www.telewell.fi) - TeleWell.gateway Telsey - ADSL Router TELUS - VSG1432 Tenda - ADSL2/2+ Modem Router Tenda/Imex - W150D Tenda/lmex - ADSL2+ Ethernet Modem Router - ADSL Router - Gateway TOPTRONICS - ADSL Router TP-LINK - ADSL Router - 54M Wireless ADSL2+ router - ADSL2+ Modem Router - ADSL2+ Router - ADSL2+ Router Modem - ADSL Router - Wireless ADSL2+ Modem Router - Wireless ADSL2+ router - Wireless ADSL2+ Router - Wireless N ADSL2+ Modem Router TD-W8960N U.S. Robotics Corporation - Internet Gateway Device U.S. Robotics - USRobotics ADSL2+ Router - ADSL 4 Port Router - ADSL 4-Port Router - USR8561 UTStarcom Inc. - UTStarcom ADSL2+ Modem Router UTstarcom Inc. - UTstarcom ADSL2+ Modem/Wireless Router - UTStarcom ADSL2+ Modem/Wireless Router - VSG1432-B101 - VSG1435-B101 WIN - eNet660S WorldNet - ADSL Router XAVi - DSL Router Zhone Technologies. - UPnP v1.0 Zhone - Gateway - Wireless Gateway ZISA - ADSL Router ZTE - ADSL Router - Broadcom ADSL Router ZTE Corporation - ZXDSL 931 Series Device - Home Gateway - ZXDSL 531B ZyXEL Communication Crop. - P-870H-51A V2 UPnP - P-870H-51b UPnP - P-870H-53A V2 UPnP - P-870HN-51b UPnP - P-870HN-51D UPnP - P-870HN-53b UPnP - P-870HNU-51b - VSG1435-B101 - Wireless Broadband Router - ZyXEL UPnP v1.0 ZyXEL - P-660HN-51 - P-870HN-53b - P-873HNU-51B - P-873HNUP-51B - Qwest TR-064 v1.0 - VMG1312-B30A - VSG1432-B101 - VSG1435-B101 - ADSL Router - TR64 Router - UPnP Router - VDSL Router ZYXEL - ZyXEL VDSL Router - xDSL Router Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, February 07, 2013 8:58 AM To: NT System Admin Issues Subject: RE: Wow. Just what we need Just what I was reading, use Ping with a Backtrack R3 machine, I am trying to find a way to see if I can send pings to entire subnets to see if stuff will drop... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 8:24 PM To: NT System Admin Issues Subject: Wow. Just what we need A limited threat, but a good one: Packet of death http://blog.krisk.org/2013
RE: OT: Guest network security
Full Subscription... been using for last 3 months. Caught over 1000+ unique malware samples to include payloads and back-channels of what the malware will do and where it comes from. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Thursday, February 07, 2013 9:16 AM To: NT System Admin Issues Subject: Re: OT: Guest network security Are you still using the free entry level version, or have you upgraded to the paid subscription yet? Thanks for the feedback. On Thursday, February 7, 2013, Ziots, Edward wrote: I Love the wildfire piece, its amazing what I get from it. 125% recommend that you turn it on if you haven't. The sandboxing reports I get I review and then update my security controls accordingly. Its been a real eye opener for some here. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'klu...@gmail.com');] Sent: Wednesday, February 06, 2013 4:42 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Yep PA=Palo Alto When we made the switch, our ASAs were due to be replaced. Our Websense subscription was up for renewal at the same time. The PA's were about the same price as new ASAs + Websense renewal. Made for a no brainer decision. Curious Z, are you using the Wildfire piece? On Wed, Feb 6, 2013 at 4:08 PM, Ziots, Edward ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); wrote: If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgjavascript:_e(%7b%7d,%20'cvml',%20'ezi...@lifespan.org'); This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'klu...@gmail.com');] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.comjavascript:_e(%7b%7d,%20'cvml',%20'kurt.b...@gmail.com'); wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look
RE: Guest network security
Kurt, Even with the password idea, you would have to rotate it daily if not weekly or someone will just leave it out where others can gain access. Honestly, anyone smart enough with AirCrack could get the password you put on the SSID. You could limit the DHCP scope to say 64 address and that might help limit the scope or number of people that can get on the Wireless network, or setup MAC filtering ( Again can bypass that with MAC Spoofing) but it would be a bit more manual process. I am thinking your idea about a portal process and authorization is probably the way to go, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 2:36 PM To: NT System Admin Issues Subject: OT: Guest network security All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
LOL Cisco bigot... why is that sooo familiar. He would probably like Fortinet better if he knew the price and performance was way better than ASA's. ( Found those to be clugy)_ Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, February 06, 2013 3:21 PM To: NT System Admin Issues Subject: Re: OT: Guest network security Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Guest network security
If you mean PA=Palo Alto, they are dead on (scary CCIE would say that being from the CISCO house) I work on Palo Alto Daily, and its sick how much these things can do. Been finding a lot that I wouldn't have been able to obtain but regular firewall log parsing, and being able to quantifiy you own applications and make traffic rules based on them is pretty killer. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Wednesday, February 06, 2013 3:48 PM To: NT System Admin Issues Subject: Re: OT: Guest network security I have two CCIE's that work for me. Both also used to work for a Cisco VAR - so obviously Cisco bigots. They both recommended PA to me over the ASA. From a security perspective, the PA do so much more than ASAs. We still use ASAs for some intranet firewalls. Are you using the Cisco controllers with your WAPs? If so, they have captive portal capability. They call it Lobby Ambassador. On Wed, Feb 6, 2013 at 3:20 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: Our Sidewinders are EOL at the end of April, and my manager doesn't like them. He's a Cisco bigot, and wants ASAs in here. I'm fighting him to at least take a look at the Palo Alto platform, or perhaps the newest iteration of the Sidewinders (which are now called McAfee Enteprise Firewalls). That's an interesting tip on the Sophos solution. What did you use for the hardware? Kurt On Wed, Feb 6, 2013 at 11:59 AM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: I was going to suggest using the SonicPoint solution from SonicWall, but you've got Sidewinders, don't you? Does McAfee have anything like SonicWall's wireless solution where it's all managed from the firewall? PS Sophos has this too, and they give their UTM firewall away free for home use. Just bring your own hardware. I just switched to this the other day and love it so far. I should write a blog post about it. (But then I'd have to create a blog...) On Wed, Feb 6, 2013 at 2:36 PM, Kurt Buff kurt.b...@gmail.commailto:kurt.b...@gmail.com wrote: All, Quite some time ago, I set up an unsecured guest VLAN in our network, providing wireless access to all of the sundry devices that staff and visitors carry. I set up a small FreeBSD machine to serve IP addresses via DHCP, and that was dead simple. It is a layer2 VLAN, traversing our backbone, and terminating on our corporate firewall. However, there are now other tenants in our building, and the subnet is getting too much bandwidth and address consumption - the range I set up is completely filled, and the VLAN is consuming about half of our Internet pipe, which is far too much for my comfort. I suspect the other tenants are leeching. What I've read of captive portals seems to indicate that the portal is part of the firewall. I could be wrong about that, though. Regardless, the corporate firewall will not be allowed to be part of this solution. The only other alternative I see right now is to set up a password on the SSID, and have the front desk hand it out to guests, after mailing it to staff, and I'm getting pushback on that from my manager. Does anyone have some ideas I could pursue on this? Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Java 7 patch 13 out...
Did I not say like 1-2 days after Java updated to version 7.0 update 13 that the Security explorations folks would post what is still broken in java security wise, expect a update 14 or even 15 soon enough. Cross post from Bugtraq Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today's most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50 in the embedded space (which embedded systems are vulnerable to it, whether any feasible attack vectors exist, etc.). So, it's up to Oracle to clarify any potential concerns in that area. [Issue 52] Issue 52 relies on the possibility to call no-argument methods on arbitrary objects or classes. The vulnerability has its origin in com.sun.jmx.mbeanserver.Introspector class which is located in the same package as the infamous MBeanInstantiator bug found in the wild in early Jan 2013. The flaw stems from insecure call to invoke method of java.lang.reflect.Method class: if (method != null) return method.invoke(obj, new Object[0]); In our Proof of Concept code we exploit the above implementation by making a call to getDeclaredMethods method of java.lang.Class class to gain access to methods of restricted classes. This is accomplished with the use of the following code sequence: Introspector.elementFromComplex((Object)clazz,declaredMethods) Access to public method objects of arbitrary restricted classes is sufficient to achieve a complete Java VM security sandbox compromise. We make use of DefiningClassLoader exploit vector for that purpose. [Issue 53] Issue 53 stems from the fact that Oracle's implementation of new security levels introduced by the company in Java SE 7 Update 10 did not take into account the fact that Applets can be instantiated with the use of serialization. Such a possibility is indicated both in HTML 4 Specification [5] as well as in Oracle's code. HTML 4 Specification contains the following description for the object attribute of APPLET element: object = cdata [CS] This attribute names a resource containing a serialized representation of an applet's state. It is interpreted relative to the
RE: Java 7 patch 13 out...
Snap no feebees for me, I am sure the Security explorations are going to be dogging Oracle about the java issues until they get with the program and get stuff fixed, so expected more upgrades to Java coming. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, February 05, 2013 9:21 AM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... You'll notice that no one took you up on your bet... There's a reason for that. :) ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Feb 5, 2013 at 9:05 AM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Did I not say like 1-2 days after Java updated to version 7.0 update 13 that the Security explorations folks would post what is still broken in java security wise, expect a update 14 or even 15 soon enough. Cross post from Bugtraq Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today's most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50 in the embedded space (which embedded systems are vulnerable to it, whether any feasible attack vectors exist, etc.). So, it's up to Oracle to clarify any potential concerns in that area. [Issue 52] Issue 52 relies on the possibility to call no-argument methods on arbitrary objects or classes. The vulnerability has its origin
RE: Java 7 patch 13 out... how to attack Servers via RMI protocol
And guess what here is a way to exploit the servers also, so the Java flaws aren't just for workstations anymore. Cross post from Bugtraq Hello All, Due to the inquiries received regarding our claims pertaining to the possibility of exploiting Java SE vulnerabilities on servers, we've published our Proof of Concept code that illustrates this. The code relies on RMI protocol [1] to deliver a malicious Java class file to a target RMI server. It can be downloaded from our project details page: http://www.security-explorations.com/en/SE-2012-01-details.html Thank You. Best Regards, Adam Gowdiak - Security Explorations http://www.security-explorations.com We bring security research to the new level - References: [1] RMI Wire Protocol http://docs.oracle.com/javase/1.5.0/docs/guide/rmi/spec/rmi-protocol.html Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, February 05, 2013 9:05 AM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... Did I not say like 1-2 days after Java updated to version 7.0 update 13 that the Security explorations folks would post what is still broken in java security wise, expect a update 14 or even 15 soon enough. Cross post from Bugtraq Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today's most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50
RE: On a lighter note for a Friday, Passed my CISA exam
Something like that… I forget anymore… And hell Kurt you probably know more than I will ever be able to fit in my brain… Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 01, 2013 6:04 PM To: NT System Admin Issues Subject: Re: On a lighter note for a Friday, Passed my CISA exam So this is what - your 37th cert, or something like that? Give us a list of your current certs, won't you? We all need to feel a little inadequate on a Friday. :) Kurt On Fri, Feb 1, 2013 at 11:54 AM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: Java 7 patch 13 out...
Good one I am sure they will bypass the protections in this version within the week, I will just wait for the Post from the Polish Team on Bugtraq. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Mathew Shember [mailto:mathew.shem...@synopsys.com] Sent: Friday, February 01, 2013 8:15 PM To: NT System Admin Issues Subject: RE: Java 7 patch 13 out... O So there is only one exploit! It's Groundhog Day! Patch the exploit. It's Groundhog Day! Patch the exploit. ... From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Friday, February 01, 2013 2:52 PM To: NT System Admin Issues Subject: Re: Java 7 patch 13 out... Exploit to follow tomorrow, which is Groundhog Day. :-) On Friday, February 1, 2013, S Powell wrote: no that's it... i'm off to update... - Sub ubi semper ubi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.comjavascript:; with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: On a lighter note for a Friday, Passed my CISA exam (UNCLASSIFIED)
Thanks all, on to the next episode :) or Certification. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Mark Boeck [mailto:netadmin...@gmail.com] Sent: Monday, February 04, 2013 10:44 AM To: NT System Admin Issues Subject: Re: On a lighter note for a Friday, Passed my CISA exam (UNCLASSIFIED) congratulations! good work! :D - mark On Sun, Feb 3, 2013 at 10:47 AM, Andrew S. Baker asbz...@gmail.commailto:asbz...@gmail.com wrote: Congrats, Z... ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Fri, Feb 1, 2013 at 4:09 PM, Kent, Larry J CTR (US) larry.j.kent2@mail.milmailto:larry.j.kent2@mail.mil wrote: Classification: UNCLASSIFIED Caveats: NONE Congrats! -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.orgmailto:ezi...@lifespan.org] Sent: Friday, February 01, 2013 2:54 PM To: NT System Admin Issues Subject: On a lighter note for a Friday, Passed my CISA exam Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. Description: Description: Lifespan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Classification: UNCLASSIFIED Caveats: NONE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Robocopy reliability
Yeah I have to agree, never had a problem with Robocopy and the mirror command or any of the switches and done terabytes of data copies with this utility. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Monday, February 04, 2013 2:05 PM To: NT System Admin Issues Subject: RE: Robocopy reliability Alluding, but I digress :) I believe he is misinformed. I have *never* seen that. Sounds more like something he heard through a grapevine vs. experienced directly. I'd wager if pressed for details on this opinion he will be short on specifics. Don't trust pneumatic tires, they all leak, I know this because my friend's mother's teacher had a flat once... From: Tigran K [mailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 10:13 AM To: NT System Admin Issues Subject: Re: Robocopy reliability So his reliability comment was directed more toward robocopy utility itself. Eluding to the fact that he's seen robocopy copy files that turned out to be not the same as the original. We're not doing anything complex. We want to copy some files from source control and catch deleted files at the same time. So instead of deleting the entire destination folder and copying new files from source control. I'm saying it's as simple as robocopy /mir and that's it. That way whatever file is removed from source control will get removed on the destination servers as well. On Mon, Feb 4, 2013 at 9:08 AM, Tom Miller tmil...@sfgtrust.commailto:tmil...@sfgtrust.com wrote: I've used it many times for file migration moves and even for permissions copies. Just this past weekend I migrated a pretty complex old Windows 2008 server shared to Windows 2008 R2 this past weekend. I didn't copy permissions since they were a mess. The only errors I've seen were my own, usually syntax or spelling. What are you trying to do? From: Tigran K [mailto:tigr...@gmail.commailto:tigr...@gmail.com] Sent: Monday, February 04, 2013 11:34 AM To: NT System Admin Issues Subject: Robocopy reliability Having a discussion with the boss on how we should do something I suggested robocopy. His reply was a strict NO. Reasoning was that it's not reliable. He said I've seen it break. So my question is have you seen it break? Is robocopy any more or less reliable than built in copy? I did point out that robocopy is built in to windows as well at least for Windows7. Didn't seem to help. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: 2013: Already a very active year for Information Security
Thanks for the info ASB, good reading. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, February 04, 2013 3:06 PM To: NT System Admin Issues Subject: 2013: Already a very active year for Information Security http://freebeacon.com/cyber-breach/ http://www.zdnet.com/netseer-suffers-hack-triggers-google-malware-warnings-710776/?s_cid=e589 ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Ouch - UPnP
Yes Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, January 31, 2013 6:24 PM To: NT System Admin Issues Subject: Re: Ouch - UPnP Are you actually able to download via that link? ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Thu, Jan 31, 2013 at 4:07 PM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp Nice detection utility which will help out the home users. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Ziots, Edward [mailto:ezi...@lifespan.orgmailto:ezi...@lifespan.org] Sent: Thursday, January 31, 2013 1:04 PM To: NT System Admin Issues Subject: RE: Ouch - UPnP Importance: High Cross post from Bugtraq, DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28 Software: Broadcom UPnP software Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31 Risk: Critical 1. General Overview === During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges. Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router model is vulnerable - WRT54GL. We have continued with our research and found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable firmware component is also used across many other big-brand router manufacturers and many smaller vendors. Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers that produce or produced routers based on Broadcom chipset. We have contacted them with vulnerability details and we expect patches soon. However, we would like to point out that we have sent more than 200 e-mails to various router manufacturers and various people, without much success. Some of the manufacturers contacted regarding this vulnerability are Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so on. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom UPnP chipset. You can check how many manufacturers use Broadcom chipset here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or bcm). We don't know exactly how many of them are affected, since we were unable to contact all of them, but we suspect there are probably tens of millions vulnerable routers out there. Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended
RE: MS site?
Yes Microsoft had a big hiccup earlier that took out some stuff. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, February 01, 2013 1:33 PM To: NT System Admin Issues Subject: Re: MS site? YES! +1 I've used this site before, but only for the sites it tracks of course: http://downrightnow.com/ --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 01 Feb 2013 10:17:13 -0800 Subject: Re: MS site? On Fri, Feb 1, 2013 at 10:00 AM, Webster webs...@carlwebster.com wrote: http://www.downforeveryoneorjustme.com/support.microsoft.com Thanks to the prevalence of cloud computing/distributed server farms, we need http://www.downforsomebutnotall.com/ -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
On a lighter note for a Friday, Passed my CISA exam
Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: On a lighter note for a Friday, Passed my CISA exam
Thanks, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: kz2...@googlemail.com [mailto:kz2...@googlemail.com] Sent: Friday, February 01, 2013 2:59 PM To: NT System Admin Issues Subject: Re: On a lighter note for a Friday, Passed my CISA exam Congrats, have fun auditing! Sent from my Blackberry, which may be an antique but delivers email RELIABLY From: Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org Date: Fri, 1 Feb 2013 19:54:05 + To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com ReplyTo: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: On a lighter note for a Friday, Passed my CISA exam Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin inline: image001.jpg
RE: On a lighter note for a Friday, Passed my CISA exam
Thanks all, Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Guyer, Don [mailto:dgu...@che.org] Sent: Friday, February 01, 2013 4:00 PM To: NT System Admin Issues Subject: RE: On a lighter note for a Friday, Passed my CISA exam Ditto, Z! Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.orgmailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. [Description: Description: Description: InfoService-Logo240] From: Don Ely [mailto:don@gmail.com] Sent: Friday, February 01, 2013 3:56 PM To: NT System Admin Issues Subject: Re: On a lighter note for a Friday, Passed my CISA exam Congrats! On Feb 1, 2013 11:55 AM, Ziots, Edward ezi...@lifespan.orgmailto:ezi...@lifespan.org wrote: Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpginline: image002.jpg
RE: On a lighter note for a Friday, Passed my CISA exam
I have been told I am that when I am more than a little incessant about getting security vulnerabilities and the like fixed. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Friday, February 01, 2013 4:28 PM To: NT System Admin Issues Subject: Re: On a lighter note for a Friday, Passed my CISA exam On Fri, Feb 1, 2013 at 2:54 PM, Ziots, Edward ezi...@lifespan.org wrote: Just got the official email that I passed my CISA exam, so I guess another Certification on the title and looking forward to the auditing work that comes with it. I propose that CISA should stand for Certifiably Insane System Administrator. (Seriously, though, good for you.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile Device Management
WTMI :) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Kat Aylward Langan [mailto:messagel...@gmail.com] Sent: Wednesday, January 30, 2013 5:26 PM To: NT System Admin Issues Subject: Re: Mobile Device Management LOL My house is MUCH mo' attractive to me now that it has been completely remodeled AND has my new hubby living in it with me On Wed, Jan 30, 2013 at 1:24 PM, Webster webs...@carlwebster.commailto:webs...@carlwebster.com wrote: Your house was very attractive at the time? What is it now? :) Thanks Webster From: Kat Aylward Langan [mailto:messagel...@gmail.commailto:messagel...@gmail.com] Subject: Re: Mobile Device Management Damn - almost went to work for them many years ago - I could have been rich from the buyout! They were less than 2 miles from my house at the time, which was very attractive at the time! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Kat Aylward Langan ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Password complexity question
Basically if you have enough time and computer power any password can be cracked, it makes it only easier with Rainbow Crack and Rainbow tables, where all the hashes are pre computed and just need to match. (See Cain and Abel tool). I would use passphases with complexity in them and change it often enough along with disable storing of the LM hashes on systems. For systems that need extra protection look into 2 factor authentication. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Thursday, January 31, 2013 9:17 AM To: NT System Admin Issues Subject: Password complexity question I have seen a few articles on password cracking and using unrelated words, so I have a question Given the Making complex passwords section here: http://www.digitaltrends.com/mobile/crack-this-how-to-pick-strong-passwords-and-keep-them-that-way/ Could you use a fairly simple method to identify what the password is for and still have it tough to crack? I'm guessing no, but have to ask For a twitter account: Twitter1 vodka eagles! Then for a Facebook account:Facebook2 vodka eagles! Ebay: Ebay3 vodka eagles! Then follow that same pattern for the various accounts. While it seems like bad practice to include the service name as part of the password I thought I'd ask your guys' opinion. It's at least better than using the same password for everything...or is it? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Ouch - UPnP
Cross post from Bugtraq, DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28 Software: Broadcom UPnP software Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31 Risk: Critical 1. General Overview === During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges. Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router model is vulnerable - WRT54GL. We have continued with our research and found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable firmware component is also used across many other big-brand router manufacturers and many smaller vendors. Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers that produce or produced routers based on Broadcom chipset. We have contacted them with vulnerability details and we expect patches soon. However, we would like to point out that we have sent more than 200 e-mails to various router manufacturers and various people, without much success. Some of the manufacturers contacted regarding this vulnerability are Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so on. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom UPnP chipset. You can check how many manufacturers use Broadcom chipset here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or bcm). We don't know exactly how many of them are affected, since we were unable to contact all of them, but we suspect there are probably tens of millions vulnerable routers out there. Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Thursday, January 31, 2013 12:37 PM To: NT System Admin Issues Subject: RE: Ouch - UPnP See the thread called Shocking? Somehow, not... Having a more descriptive subject line like yours is far too logical :) From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, January 31, 2013 9:30 AM To: NT System Admin Issues Subject: Ouch - UPnP http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757s_cid=e757 Guess it would mostly affect home users but they are going to be the ones who would never hear about it for be able to fix it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Ouch - UPnP
http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp Nice detection utility which will help out the home users. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, January 31, 2013 1:04 PM To: NT System Admin Issues Subject: RE: Ouch - UPnP Importance: High Cross post from Bugtraq, DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28 Software: Broadcom UPnP software Vulnerable: Multiple router manufacturers Vendor Status: Vendors contacted Initial Release Date: 2013-01-15 Release Date Postponed To: 2013-01-31 Risk: Critical 1. General Overview === During the security evaluation of Cisco Linksys routers for a client, we have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges. Upon initial vulnerability announcement a few weeks ago Cisco spokesman stated that only one router model is vulnerable - WRT54GL. We have continued with our research and found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. Moreover, vulnerability turns out even more dangerous, since we have discovered that same vulnerable firmware component is also used across many other big-brand router manufacturers and many smaller vendors. Vulnerability itself is located in Broadcom UPnP stack, which is used by many router manufacturers that produce or produced routers based on Broadcom chipset. We have contacted them with vulnerability details and we expect patches soon. However, we would like to point out that we have sent more than 200 e-mails to various router manufacturers and various people, without much success. Some of the manufacturers contacted regarding this vulnerability are Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, US Robotics, and so on. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom UPnP chipset. You can check how many manufacturers use Broadcom chipset here: http://wiki.openwrt.org/toh/start (search for Broadcom, brcm or bcm). We don't know exactly how many of them are affected, since we were unable to contact all of them, but we suspect there are probably tens of millions vulnerable routers out there. Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Thursday, January 31, 2013 12:37 PM To: NT System Admin Issues Subject: RE: Ouch - UPnP See the thread called Shocking? Somehow, not... Having a more descriptive subject line like yours is far too logical :) From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, January 31, 2013 9:30 AM To: NT System Admin Issues Subject: Ouch - UPnP http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/?tag=nl.e757s_cid=e757 Guess it would mostly affect home users but they are going to be the ones who would never hear about it for be able to fix it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email
RE: 2 TB disk size possible problem
Nope we ran into the same thing with HP's was a limit of there RAID controllers, so the new partitions we created GPT and got past the 2TB limit. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Reimer, Mark [mailto:mark.rei...@prairie.edu] Sent: Thursday, January 31, 2013 4:00 PM To: NT System Admin Issues Subject: 2 TB disk size possible problem I have a raid 5 disk that is just under 2 TB. The server (Dell 2950) in front is Windows 2003 R2, 64 Bit. The raid unit is in a Dell MD1000 with 5 500GB disks. In Windows, it's listed as a Basic disk, with MBR Partition style. I did some Googling with conflicting answers on whether I can make it bigger and how. I think the bottom line is: I can make it bigger, but I have to reformat it as a GPT Partition (of course, saving all the data before the format, and restoring afterward). Is my research/thinking correct, or is there another option? Thanks for all help/pointers/tips. Mark Reimer, A+, MCSA Servers Network Administrator Prairie Bible Institute Box 4000 Three Hills, AB T0M-2N0 Canada Tel: 403-443-5511, Ext. 3476 Fax: 403-443-5540 Email: mark.rei...@prairie.edumailto:mark.rei...@prairie.edu www.prairie.eduhttp://www.prairie.edu/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Shocking? Somehow, not...
Just tried to run it on my systems and sure enough since I have totally disabled java it barfs. That and Zero Vulnerability Exploitshield catches its .dll being invoked into java as an exploit and stops it. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david@nwea.org] Sent: Wednesday, January 30, 2013 9:27 AM To: NT System Admin Issues Subject: RE: Shocking? Somehow, not... Rapid7 has a tool to scan for this vulnerability, it does require Java(!) and registration, but is otherwise free. From: Patrick Salmon [mailto:psal...@gmail.com] Sent: Tuesday, January 29, 2013 1:01 PM To: NT System Admin Issues Subject: Re: Shocking? Somehow, not... Not surprisingly, you're going to see a lot of alerts coming out on this subject. Here's the Cisco one: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp which you can expect to be updated as more is learned about which products are affected. On Tue, Jan 29, 2013 at 9:44 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/ David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Cell (voice/text) 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Been a long day today, but I won...
Or over zealous and disabled a lot of the ICMP type messages you can always use hping to craft packets that will test what responses are utilized when sending packets asking for fragmentation and just use tcpdump to look at the return packets. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Randal, Phil [mailto:phil.ran...@hoopleltd.co.uk] Sent: Wednesday, January 30, 2013 6:31 AM To: NT System Admin Issues Subject: RE: Been a long day today, but I won... Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), then? A common firewall admin beginner's mistake :-) http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/ Cheers, Phil -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 30 January 2013 06:42 To: NT System Admin Issues Subject: Been a long day today, but I won... So, it's month end, and our UK office is noticing that emails are not processing outbound from their office. All of their emails come through the US server, to be delivered wherever, and there are some big emails (4-8mbytes) with proposals and orders and such, and they're getting desperate. Lots of little emails are stuck in queue too, though if left alone they seem to trickle out, while the big messages go to retry status. It's already been a long day for me, having been woken up at 3am because they switched over to a new DSL provider, and couldn't log into the router to set up the PPOA configuration. (pay attention - that's a clue...) While I'm trying to troubleshoot this, the nominal IT manager above me is freaking out and deleting messages from the outbound queue on the UK Exchange server, restarting services multiple times, rebooting the UK server, and generally showing all of the patience and investigative skill of a 4yo. I leave the office at 18:00 to pick up my son at daycare, and arrive home and start ignoring everything else except the problem with Exchange. (I have a very good wife, and I deeply appreciate her patience with me!) I get frustrated, and turn up logging on a bunch of Exchange services, then bounce both the UK and US servers remotely, just so I have a clean starting point in the logs. Finally I notice a 4000 message from MSExchangeTransport on the US server (along with some 4006 messages from the same source on the UK server), and hit paydirt. EventID.net turns up reference to MTU sizes. I adjust the firewall in our UK office from 1500 to 1450, and transport of my test message with a 12mbyte text attachment flies through. I test once more with the same attachment, just to be sure. Success. I am now going to bed. Good night. Kurt PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe at work. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin “Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an
RE: Been a long day today, but I won...
Ouch on the nothing is blocked outbounds, especially in these days of malware where it hits the endpoint and start attacking other systems out on the internet at reckless abandon. I have looked at enough malware samples in the last 2 months to prove without a doubt egress filtering is needed and works. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, January 30, 2013 10:26 AM To: NT System Admin Issues Subject: Re: Been a long day today, but I won... No icmp is blocked - hell, nothing is blocked outbound, which I'm unhappy with, but have to follow policy. Don't know why it wasn't detected. Kurt On Wed, Jan 30, 2013 at 3:30 AM, Randal, Phil phil.ran...@hoopleltd.co.uk wrote: Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), then? A common firewall admin beginner's mistake :-) http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/ Cheers, Phil -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 30 January 2013 06:42 To: NT System Admin Issues Subject: Been a long day today, but I won... So, it's month end, and our UK office is noticing that emails are not processing outbound from their office. All of their emails come through the US server, to be delivered wherever, and there are some big emails (4-8mbytes) with proposals and orders and such, and they're getting desperate. Lots of little emails are stuck in queue too, though if left alone they seem to trickle out, while the big messages go to retry status. It's already been a long day for me, having been woken up at 3am because they switched over to a new DSL provider, and couldn't log into the router to set up the PPOA configuration. (pay attention - that's a clue...) While I'm trying to troubleshoot this, the nominal IT manager above me is freaking out and deleting messages from the outbound queue on the UK Exchange server, restarting services multiple times, rebooting the UK server, and generally showing all of the patience and investigative skill of a 4yo. I leave the office at 18:00 to pick up my son at daycare, and arrive home and start ignoring everything else except the problem with Exchange. (I have a very good wife, and I deeply appreciate her patience with me!) I get frustrated, and turn up logging on a bunch of Exchange services, then bounce both the UK and US servers remotely, just so I have a clean starting point in the logs. Finally I notice a 4000 message from MSExchangeTransport on the US server (along with some 4006 messages from the same source on the UK server), and hit paydirt. EventID.net turns up reference to MTU sizes. I adjust the firewall in our UK office from 1500 to 1450, and transport of my test message with a 12mbyte text attachment flies through. I test once more with the same attachment, just to be sure. Success. I am now going to bed. Good night. Kurt PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe at work. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin “Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Java 7 0day actively exploited in the wild | BeyondTrust
I believe M$ also published a registry file that disabled invocation of Java in Internet zone. But I also use ZeroVulnerabilityLabs exploitshield and Sandboxing, when looking at anything on the net these days. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Sam Cayze [mailto:sca...@gmail.com] Sent: Friday, January 25, 2013 11:33 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust This is exactly what we have done. Thanks. Good to hear others recommend it. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 25, 2013 10:09 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust If it is over the internet...add that site to trusted and disable java in the 'internet zone'. http://blogs.msdn.com/b/ieinternals/archive/2011/05/15/controlling-java-in-internet-explorer.aspx From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Friday, January 25, 2013 11:04 AM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust Be advised that the primary vector for Java exploits into an organization is via the web browser plugin. So, unless your B2B app is over the public network, or requires that the browser plugin be operational, you have some measure of risk reduction. ASB http://XeeMe.com/AndrewBakerhttp://xeeme.com/AndrewBaker Providing Virtual CIO Services (IT Operations Information Security) for the SMB market... On Tue, Jan 15, 2013 at 1:21 PM, Sam Cayze sca...@gmail.commailto:sca...@gmail.com wrote: Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.commailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.commailto:netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Director and Files size utility
Treesizepro Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, January 22, 2013 11:43 AM To: NT System Admin Issues Subject: Re: Director and Files size utility Windirstat? On Tue, Jan 22, 2013 at 11:37 AM, Stefan Jafs stefan.j...@gmail.commailto:stefan.j...@gmail.com wrote: I currently use Treesize Pro by Jam software to check files and folders for size on my Windows 2003 fileserver, however it always seem to cause load problem on the server, even after I have turned down the Scan option to low priority for the program. Are there any other that you can recommend, that could safely be run on the server? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: image001.jpg
RE: Director and Files size utility (UNCLASSIFIED)
Sorry late to the conversation Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. -Original Message- From: Kent, Larry J CTR USARMY 93 SIG BDE (US) [mailto:larry.j.kent2@mail.mil] Sent: Tuesday, January 22, 2013 12:33 PM To: NT System Admin Issues Subject: RE: Director and Files size utility (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO Isn't that what the OP had a problem with? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, January 22, 2013 11:55 AM To: NT System Admin Issues Subject: RE: Director and Files size utility Treesizepro Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. Description: Description: Lifespan From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Tuesday, January 22, 2013 11:43 AM To: NT System Admin Issues Subject: Re: Director and Files size utility Windirstat? On Tue, Jan 22, 2013 at 11:37 AM, Stefan Jafs stefan.j...@gmail.com wrote: I currently use Treesize Pro by Jam software to check files and folders for size on my Windows 2003 fileserver, however it always seem to cause load problem on the server, even after I have turned down the Scan option to low priority for the program. Are there any other that you can recommend, that could safely be run on the server? -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Classification: UNCLASSIFIED Caveats: FOUO ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Patch management recommendations
Shavlik if not mentioned already Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: joseph palmieri [mailto:jpalm...@yahoo.com] Sent: Wednesday, January 16, 2013 9:58 PM To: NT System Admin Issues Subject: Re: Patch management recommendations look at LANDesk security suite (not cheep) it has all the functionality you need and more...only downside is tech support reps look to close trouble ticket without resolving issue --- On Wed, 1/16/13, Charlie Kaiser charl...@golden-eagle.orgmailto:charl...@golden-eagle.org wrote: From: Charlie Kaiser charl...@golden-eagle.orgmailto:charl...@golden-eagle.org Subject: Patch management recommendations To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Wednesday, January 16, 2013, 6:03 PM I work for a consulting firm that manages a variety of SMB clients. As we increase our client load and the size of the clients (moving from the 3-10 seat to the 50-1000 seat clients) we are implementing more advanced products for a variety of tasks. We are currently looking at patch management solutions. Our current paradigm is a mix of WSUS and manual intervention, but it's not enough, obviously. I haven't used a centralized patch management system for around 5-6 years (used to use early versions of Shavlik) so I haven't been keeping up with the market. We're now looking for something that does 3rd party apps, not just MS stuff, so WSUS is off the table. Our clients are all on MS platforms, though; almost no *nix or Apple. I don't envision a one-size-fits-all product. I expect that we'll want a variety of solutions tailored to the size and complexity of the client. And I have no illusions about the ease of patch management given any product. :-) My boss would love an MSP-style of centrally managed product that can handle all our clients, but my belief is that trying to go that route is much more difficult than doing per-client implementations, especially without dedicated patch management admins. Having said all that, is anyone working with patch management systems that they really like for this space? Also, any you really DON'T like? Thanks! *** Charlie Kaiser charl...@golden-eagle.org/mc/compose?to=charl...@golden-eagle.org Kingman, AZ *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com/mc/compose?to=listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 86 fixes in Oracle released today
Smile, surprised, I am not. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, January 16, 2013 6:21 PM To: NT System Admin Issues Subject: RE: 86 fixes in Oracle released today new zero day for java http://m.krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/ From: Ziots, Edward [ezi...@lifespan.org] Sent: Wednesday, January 16, 2013 10:23 AM To: NT System Admin Issues Subject: 86 fixes in Oracle released today http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Fear it, and they still can't get Java Fixed... Oracle=Unbreakable? Naaa its just broken... period. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
By default yes Adobe renders PDF with Javascript, which allows both good and evil javascript to execute, as we all know the various flaws in adobe, this definitely leads to an attack vector which has been exploited time and time again. But seriously I still see Java as the bigger threat, and as others have said it will continue to be this for years to come. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 6:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? --Matt Ross Ephrata School District - Original Message - From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary richard.mccl...@aspca.org wrote: http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ Just now checked the FoxIT web site. The currently offered version is 5.4.4.1128, which the article mentions as being vulnerable (as are older versions). May end up having to use Adobe anyway… I strongly suspect FoxIt licenses at least their core code from Adobe. Many features and vulnerabilities seem to track on a one-to-one basis. FoxIt is a lot more lightweight, though, so it prolly has a smaller attack surface overall. It may be they just don't include all the bloat that Adobe does. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FoxIT reader vulnerability
Took Fortran in College, honestly, hated it... but alas I am an engineer not a code writer :) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 9:49 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability I took USCD Pascal, RPG III, COBOL, Fortran, 360 assembler, JCL and probably a couple of other languages as well in a failed attempt at an Associates about then. I heard of the language about then as well, but didn't try to tackle it until I had an Amiga. None of it really stuck - I just wasn't of a mindset to sit and program, and I would have been a whole lot better off if I had been. Kurt On Tue, Jan 15, 2013 at 5:06 PM, Michael B. Smith mich...@smithcons.com wrote: I learned Forth when I was 17, in 1980. It blew my mind. Before that, I knew WATFOR, UCSD Pascal, 6502 assembler, and 8008 assembler. Forth's RPN and its low-level power made me feel as if I could do anything! :) -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, January 15, 2013 7:51 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability On Tue, Jan 15, 2013 at 4:45 PM, Ben Scott mailvor...@gmail.com wrote: On Tue, Jan 15, 2013 at 6:29 PM, Matthew W. Ross mr...@ephrataschools.org wrote: Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a dumb .pdf reader. Is it just me? The real irony here is that Adobe originally created PDF to be a safe version of PostScript[1] -- basically disabling the capabilities beyond what's needed to display static content on a page. Those who don't learn from history... -- Ben [1] PostScript can do all sorts of things, including file I/O. Someone implemented a web server in PostScript. PostScript: A Forth generation language... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
86 fixes in Oracle released today
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html Fear it, and they still can't get Java Fixed… Oracle=Unbreakable? Naaa its just broken… period. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: hakin9.org magazine
They are legit for the l33t... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 15, 2013 2:00 PM To: NT System Admin Issues Subject: hakin9.org magazine Anyone know about this magazine? I got SPAM from them and it did make me curious so I did take a look and it looks legit, but... David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Java 7 0day actively exploited in the wild | BeyondTrust
LOl is it a moot point, still going to be old version that are vulnerable on the networks, same old exploits same old issues. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 1:29 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust I totally understand your risk vs reward scenario. We are in the same boat. Yea, in Feb this is all a moot point. -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 1:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Does the reward outweigh the risk? The reward is we get to stay in business :) We have a major partner that requires us to run it for a B2B app. So, we have to use it. But I've made it so just one user uses that app. That and the occasional WebEx stuff, but I uninstall it from people's PCs right afterwards. So looks like 6 is now the flavor of the month. Hard to keep track. Speaking of months, v6 is EOL in FEB. We'll no longer have the options between 6 and 7 going forward to sidestep all these issues :( Sam -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Tuesday, January 15, 2013 12:10 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Correct, but 6 is vulnerable to it's own set of exploits that were never fixed and they are well known. Arguably the bad guys are paying more attention to attacking 7 now so theoretically you are safer with 6. Bottom line, java is insecure no matter what you do and will be that way for several years to come, imho. Risk vs reward. What is the reward for your org for continuing to allow java to run? Does the reward outweigh the risk? -Original Message- From: Sam Cayze [mailto:sca...@gmail.com] Sent: Tuesday, January 15, 2013 12:24 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Am I right in assuming that the latest version of version 6 is, or was, NOT affected by this? Can't find anything out there that suggests it was... -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 1:34 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-f law-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmanager@lyris.sunbeltsoftwa re.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/
RE: Java 7 0day actively exploited in the wild, update
Java 7 update 11 security patch fixes nothing: http://betanews.com/2013/01/14/java-7-update-11-security-patch-fixes-nothing/?utm_source=feedburnerutm_medium=feedutm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN Oracle has issued an emergency fix for its cross-platform Java software. Java 7 update 11 for Windows, Mac and Linux, and Java 7 Update 11 64-bit for 64-bit versions of Windows and Linux, aims to plug a number of alarming security holes that were being used for phishing attacks and other crimeware. While update 11 should be considered an essential update for all Java users, researchers have warned that the new build is little more than a sticking plaster for the problem, and recommend users actually disable Java from running inside web browsers. Update 11 specifically acts on a Java exploit in web browsers that the US Department of Homeland Security warned is being actively exploited by malware. This allows code to be executed outside of Java's sandbox, allowing keyloggers and botnet code to be distributed through the Java exploit. The update basically sets Java's default security settings to High, which means all code from unknown sources will be flagged before running on the user's say-so. Researchers warn that despite this new setting, the security can be bypassed by hackers able to mask their code through social engineering, which allows them to mask its true origins and claim to be from a trusted source, encouraging users to accept the code even though it's been flagged. As a result, the Department of Homeland Security's Computer Emergency Readiness Team has recommended users should actually disable Java from running in web browsers -- even after applying the latest update. The warning is echoed by other experts, including Rapid 7 and Polish company Security Explorations. At the present time, Mac OS X disables Java browser plug-ins by default, while Firefox has implemented click-to-play protection on recent updates (but not for this newer build). Users of other web browsers and OSes should check their browser's add-on settings and - if wishing to follow the recommended advice - disable Java manually. In the meantime, Java 7 Update 11 32-bit and Java 7 Update 11 64-bit are both available as free downloads for Windows, Mac and Linux. Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 14, 2013 10:50 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust They bumped the security settings up. It prompts every time now. -Original Message- From: Richard McClary [mailto:richard.mccl...@aspca.org] Sent: Monday, January 14, 2013 9:32 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Wonder if there's a negative-one-day exploit? Thanks, though, just now got through doing a bunch of JRE upgrades. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Monday, January 14, 2013 8:22 AM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust Java released update 11 last night. -Original Message- From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Friday, January 11, 2013 2:36 PM To: NT System Admin Issues Subject: RE: Java 7 0day actively exploited in the wild | BeyondTrust http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-709713/ From: Mark Boeck [netadmin...@gmail.com] Sent: Friday, January 11, 2013 12:15 PM To: NT System Admin Issues Subject: Re: Java 7 0day actively exploited in the wild | BeyondTrust lol - a friend of mine, a microsoft security mvp, starts her blog off like this: how to uninstall java! http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html only after that does she post some links about the threat - - ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
Out of band IE patch issued
This alert is to provide you with an overview of one new security bulletin being released (out of band) on January 14, 2013, for a new vulnerability in Internet Explorer. Microsoft Security Bulletin MS13-008 Security Update for Internet Explorer (2799329) Full Details: http://technet.microsoft.com/security/bulletin/MS13-008. Regards, Microsoft CSS Security Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Fine unused folders
AFind v2.0 - Copyright(c) 2000, Foundstone, Inc. NTFS Last Access Time Finder Command Line Switches [dirname] Directory to search -f [filename] List last access time of file -s [seconds]Files accessed less than x seconds ago -m [minutes]Files accessed less than x minutes ago -h [hours] Files accessed less than x hours ago -d [days] Files accessed less than x days ago -a [d/m/y-h:m:s]Files accessed after this date/time -ns Exclude sub-directories - or / Either switch statement can be used -? Help Additional time frame usage: afind /s 2-4 Files accessed between 2 and 4 seconds ago afind /m 2-4 Files between 2 and 4 minutes ago afind /s 2-4 Files between 2 and 4 seconds ago afind /a 14/7/1998-3:12:06-15/7/1998-2:05:30 Files between these dates COMMAND PROMPT MUST HAVE A MINIMUM WIDTH OF 80 CHARACTERS See http://www.foundstone.com for updates/fixes Probably help u out in this reguard. Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Monday, January 14, 2013 3:41 PM To: NT System Admin Issues Subject: Fine unused folders Is there a tool that can report on folders that have files with a modified date of no more recent than n and give me a report? Example Scan S:\Users Contents S:\Users\Bill\Stuff0 S:\Users\Heather\Stuff1\Stuff6 S:\Users\Steve\Stuff2\Stuff3 And tell me any folders at name level that have no files modified in the last x days? Essentially I want to know if that after Steve, etc left that nobody is using any files in any of his folders so I can remove them. What I don't necessarily want is a detail of ever folder under each users ID, just to know there are no files anywhere in that users' folder structure being used. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Trying to get a .PFX file from a .CER file in Windows 2008
Created a Certficate file from a Base 64 Certificate request on our CA, and imported the certificate via Certificates Snapin. Now the vendor needs the certificate in .PFX format. I got to the Certificates snapin in the personal folder and click on export but the PFX version is grayed out. I did create it with a template that specified it to be exported with encryption. Still no luck. I have been google searching and winding up empty, different things ask to try and none work. Anyone got a clue on this? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Thursday, January 10, 2013 12:53 PM To: NT System Admin Issues Subject: Re: Max Password Age Yep - the workaround to a flood of angry users who suddenly can't do non-interactive logins would be to identify folks in the ~50-90 day window ahead of time, and set their pwdLastSet to 0 and then to -1, which has the effect of setting pwdLastSet to the current time. --Steve On Wed, Jan 9, 2013 at 10:50 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Everyone in the 60-89 day window will expire as soon as the policy takes effect. -Bonnie From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, January 09, 2013 7:36 AM To: NT System Admin Issues Subject: Max Password Age If my policy currently is 90 days, and I then shorten that to 60 days, does the clock reset to 0, or will everyone that's in the 60-89 day window going to have expired passwords? Thanks, Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 557-3422 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Trying to get a .PFX file from a .CER file in Windows 2008
Yes Mike, I finally figured it out. I needed to request the certificate from the Server via the Certificates Wizard on advanced request and then got to the template which allowed me to export it to a .req file and then I submitted it to the CA and it dumped me a cert with the private key. Joy you don't do the stuff for a few months and forget everything. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, January 10, 2013 2:19 PM To: NT System Admin Issues Subject: RE: Trying to get a .PFX file from a .CER file in Windows 2008 That generally means the private key is missing. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, January 10, 2013 2:15 PM To: NT System Admin Issues Subject: Trying to get a .PFX file from a .CER file in Windows 2008 Created a Certficate file from a Base 64 Certificate request on our CA, and imported the certificate via Certificates Snapin. Now the vendor needs the certificate in .PFX format. I got to the Certificates snapin in the personal folder and click on export but the PFX version is grayed out. I did create it with a template that specified it to be exported with encryption. Still no luck. I have been google searching and winding up empty, different things ask to try and none work. Anyone got a clue on this? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Thursday, January 10, 2013 12:53 PM To: NT System Admin Issues Subject: Re: Max Password Age Yep - the workaround to a flood of angry users who suddenly can't do non-interactive logins would be to identify folks in the ~50-90 day window ahead of time, and set their pwdLastSet to 0 and then to -1, which has the effect of setting pwdLastSet to the current time. --Steve On Wed, Jan 9, 2013 at 10:50 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Everyone in the 60-89 day window will expire as soon as the policy takes effect. -Bonnie From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, January 09, 2013 7:36 AM To: NT System Admin Issues Subject: Max Password Age If my policy currently is 90 days, and I then shorten that to 60 days, does the clock reset to 0, or will everyone that's in the 60-89 day window going to have expired passwords? Thanks, Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 557-3422 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Trying to get a .PFX file from a .CER file in Windows 2008
He is my imaginary friend from the planet Zork :) J/K Michael :) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, January 10, 2013 3:21 PM To: NT System Admin Issues Subject: RE: Trying to get a .PFX file from a .CER file in Windows 2008 Who is this Mike person of whom you speak? -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, January 10, 2013 3:15 PM To: NT System Admin Issues Subject: RE: Trying to get a .PFX file from a .CER file in Windows 2008 Yes Mike, I finally figured it out. I needed to request the certificate from the Server via the Certificates Wizard on advanced request and then got to the template which allowed me to export it to a .req file and then I submitted it to the CA and it dumped me a cert with the private key. Joy you don't do the stuff for a few months and forget everything. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, January 10, 2013 2:19 PM To: NT System Admin Issues Subject: RE: Trying to get a .PFX file from a .CER file in Windows 2008 That generally means the private key is missing. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Thursday, January 10, 2013 2:15 PM To: NT System Admin Issues Subject: Trying to get a .PFX file from a .CER file in Windows 2008 Created a Certficate file from a Base 64 Certificate request on our CA, and imported the certificate via Certificates Snapin. Now the vendor needs the certificate in .PFX format. I got to the Certificates snapin in the personal folder and click on export but the PFX version is grayed out. I did create it with a template that specified it to be exported with encryption. Still no luck. I have been google searching and winding up empty, different things ask to try and none work. Anyone got a clue on this? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Thursday, January 10, 2013 12:53 PM To: NT System Admin Issues Subject: Re: Max Password Age Yep - the workaround to a flood of angry users who suddenly can't do non-interactive logins would be to identify folks in the ~50-90 day window ahead of time, and set their pwdLastSet to 0 and then to -1, which has the effect of setting pwdLastSet to the current time. --Steve On Wed, Jan 9, 2013 at 10:50 AM, Miller Bonnie L. mille...@mukilteo.wednet.edu wrote: Everyone in the 60-89 day window will expire as soon as the policy takes effect. -Bonnie From: Heaton, Joseph@Wildlife [mailto:joseph.hea...@wildlife.ca.gov] Sent: Wednesday, January 09, 2013 7:36 AM To: NT System Admin Issues Subject: Max Password Age If my policy currently is 90 days, and I then shorten that to 60 days, does the clock reset to 0, or will everyone that's in the 60-89 day window going to have expired passwords? Thanks, Joe Heaton Enterprise Server Support CA Department of Fish and Wildlife 1807 13th Street, Suite 201 Sacramento, CA 95811 Desk: (916) 557-3422 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: AIX and Windows
I would also make sure your AIX systems are hardened to the CIS Guidelines below, so give you a head start. Covers 5.3 and 6.1. http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.aix5361.100 Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, January 09, 2013 12:05 PM To: NT System Admin Issues Subject: RE: AIX and Windows If you are responsible for the support of the system, I'd make sure they have budget to send you for training. http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=pagec=a607 http://www-304.ibm.com/jct03001c/services/learning/ites.wss/us/en?pageType=pagec=a607 Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com mailto: The Guardian Life Insurance Company of America www.guardianlife.com http://www.guardianlife.com/ From:itli...@imcu.com itli...@imcu.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date:01/09/2013 11:53 AM Subject:RE: AIX and Windows Being told we are going to be required to maintain the AIX system as a part of the contract cuts. ….. From: Guyer, Don [mailto:dgu...@che.org mailto:dgu...@che.org ] Posted At: Wednesday, January 9, 2013 11:18 AM Posted To: itli...@imcu.com Conversation: AIX and Windows Subject: RE: AIX and Windows What exactly are the concerns? Wouldn’t the “Tellering” system just be browser-based or run in an emulation program within Windows? Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org mailto:dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. From: itli...@imcu.com mailto:itli...@imcu.com [mailto:itli...@imcu.com mailto:itli...@imcu.com ] Sent: Wednesday, January 09, 2013 10:49 AM To: NT System Admin Issues Subject: RE: AIX and Windows We are a Credit Union so it is our Tellering system that would host member transactions and data. Yes it will be our first nx envnironment. We are currently windows based and the idea of bringing in the AIX is a little intimidating. From: Christopher Bodnar [mailto:christopher_bod...@glic.com mailto:christopher_bod...@glic.com ] Posted At: Wednesday, January 9, 2013 9:48 AM Posted To: itli...@imcu.com mailto:itli...@imcu.com Conversation: AIX and Windows Subject: Re: AIX and Windows Can you elaborate more on your environment? And when you say your Core employee program what specifically do you mean by that? ERP (SAP)? Or your identity management system (RACF/ ITIM)? Is this your first UNIX/Linux system in your environment? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com mailto: The Guardian Life Insurance Company of America www.guardianlife.com http://www.guardianlife.com/ From:itli...@imcu.com mailto:itli...@imcu.com itli...@imcu.com mailto:itli...@imcu.com To:NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com mailto:ntsysadmin@lyris.sunbelt-software.com Date:01/09/2013 08:39 AM Subject:AIX and Windows We will most like be going to an AIX solution for our Core employee program. Does anyone work with an AIX system and if so do you also have Windows AD 2008R2 running alongside it?? Just trying to get ahead of this. Thanks David ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
RE: Cisco ASA question
Remember even with the Egress filtering you are looking to do outbound, it could be an internal compromised host or account that is using your legitimate email servers to send the email out, but I would drop and log all other traffic from trust to untrust on port 25 and eliminate the hosts. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Tom Miller [mailto:tmil...@sfgtrust.com] Sent: Tuesday, January 08, 2013 10:54 AM To: NT System Admin Issues Subject: Cisco ASA question Hi Folks, At a new job here. I have a few Cisco ASA. One of them, an ASA 5510, seems to be not very strict on outbound rules. I'm new to ASA (came from the Fortinet world), so any advice on setting up outbound rules? In particular we've been on spamhaus and I think there is an internal machine sending out smtp messages. Short term solution would be to restrict out smtp to our mail servers only. On the ASA | Configuration | Access Rules, I created an inside à outside rule. Traffic from mail server out, smtp, permit. Other rule has traffic as deny. This does not seem correct, even me being new to ASA. Suggestions appreciated, Tom ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: TechEd vs TechMentor
I have to agree with Webster, I would side with Tech Ed, especially when you go to the whiteboard sessions in which you can draw out your solutions with MVP's and other folks that are SME's on their particular areas. I remember a few years ago going over a IIS 7.0 design and one of the M$ folks basically told me they just setup something like it just a few months ago. I was pretty impressed. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, January 08, 2013 5:49 PM To: NT System Admin Issues Subject: RE: TechEd vs TechMentor You will get nothing on the last two at either conference. IMO, TechMentor is for more Beginner to Intermediate level folk. The one I went to in August was an anomaly. It was at MS HQ and most sessions were extremely technical. TechEd runs the range from Beginner to Advanced but the average is Intermediate. Thanks Webster From: Damien Solodow [mailto:damien.solo...@harrison.edu] Subject: RE: TechEd vs TechMentor Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp. From: Rod Trent [mailto:rodtr...@myitforum.com] Subject: RE: TechEd vs TechMentor Which apps do you deal with the most? From: Damien Solodow [mailto:damien.solo...@harrison.edu] Subject: TechEd vs TechMentor It looks like I might be able to make one of these for the first time. Any advice on which is the better/more useful event? Are they about the same price for registration normally (TechEd registration isn't open yet to check)? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: TechEd vs TechMentor
Last time I remember it was like 1,500 or something. I am not sure what the price is now.. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Damien Solodow [mailto:damien.solo...@harrison.edu] Sent: Tuesday, January 08, 2013 5:59 PM To: NT System Admin Issues Subject: RE: TechEd vs TechMentor Good to know. J What has TechEd pricing been like? DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, January 08, 2013 5:57 PM To: NT System Admin Issues Subject: RE: TechEd vs TechMentor I have to agree with Webster, I would side with Tech Ed, especially when you go to the whiteboard sessions in which you can draw out your solutions with MVP's and other folks that are SME's on their particular areas. I remember a few years ago going over a IIS 7.0 design and one of the M$ folks basically told me they just setup something like it just a few months ago. I was pretty impressed. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, January 08, 2013 5:49 PM To: NT System Admin Issues Subject: RE: TechEd vs TechMentor You will get nothing on the last two at either conference. IMO, TechMentor is for more Beginner to Intermediate level folk. The one I went to in August was an anomaly. It was at MS HQ and most sessions were extremely technical. TechEd runs the range from Beginner to Advanced but the average is Intermediate. Thanks Webster From: Damien Solodow [mailto:damien.solo...@harrison.edu] Subject: RE: TechEd vs TechMentor Windows Server, Exchange, SQL, PowerShell, VMware vCloud, Citrix XenApp. From: Rod Trent [mailto:rodtr...@myitforum.com] Subject: RE: TechEd vs TechMentor Which apps do you deal with the most? From: Damien Solodow [mailto:damien.solo...@harrison.edu] Subject: TechEd vs TechMentor It looks like I might be able to make one of these for the first time. Any advice on which is the better/more useful event? Are they about the same price for registration normally (TechEd registration isn't open yet to check)? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 'Dementia' Wipes Out Attacker Footprints In Memory - Dark Reading
Seen it already... its another tool in the anti-forensics suite... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, January 07, 2013 10:05 AM To: NT System Admin Issues Subject: 'Dementia' Wipes Out Attacker Footprints In Memory - Dark Reading http://www.darkreading.com/advanced-threats/167901091/security/attacks-b reaches/240145524/dementia-wipes-out-attacker-footprints-in-memory.html You have to be sure to use more than one method of data extraction in live forensics, to ensure that you're not dealing with an anti-forensics mechanism... ASB http://XeeMe.com/AndrewBaker http://xeeme.com/AndrewBaker Providing Expert Technology Consulting Services for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Occasional local admin needed
Restricted Group GPO or do it via GPP... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: David Lum [mailto:david@nwea.org] Sent: Friday, January 04, 2013 10:40 AM To: NT System Admin Issues Subject: Occasional local admin needed How would you guys handle this? I have a server that the developers use that they occasionally (once a month or so) need local admin access for to install/upgrade an app or feature they use. This is a new-ish server that previously I have just added a user (it's the same one each time) to the local admin group then a week later took them out, but that's cumbersome and I become the single point of failure on remembering to back them out. I could 1. create a special AD account for this user to be local admin, or 2. create an AD group, put this person in it, then GPO that group into local admins on that server. Suggestions? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Time sync
I was thinking the same thing. Actually IMHO VM still does more than Hyper-V does... Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Chinnery, Paul [mailto:pa...@mmcwm.com] Sent: Friday, January 04, 2013 11:23 AM To: NT System Admin Issues Subject: RE: Time sync Slightly OT, Ken, but why are you moving away from VM? Cost or something else that HyperV gives you that VM doesn't? Paul Chinnery Network Admin Memorial Medical Center 231.845.2319 From: Ken Cornetet [mailto:ken.corne...@kimball.com] Sent: Friday, January 04, 2013 10:30 AM To: NT System Admin Issues Subject: RE: Time sync We run the Meinberg NTP port as well. We will soon start migrating from VMWare (where the Meinberg NTP port works great) to HyperV. Care to elaborate on what you mean by except on HV guests? From: Eric Wittersheim [mailto:eric.wittersh...@gmail.com] Sent: Friday, January 04, 2013 9:24 AM To: NT System Admin Issues Subject: Re: Time sync We run the product from Meinberg. It works very well except on HV guests. On Fri, Jan 4, 2013 at 8:10 AM, Richard McClary richard.mccl...@aspca.org wrote: Greetings! I'm sure I and many others have asked this (but are still stumped). Ken S's reply yesterday pointing to ultimately a chain of TechNet articles has shed some light and will start us digging. Microsoft admits W32Time is sloppy (http://support.microsoft.com/kb/939322) - mainly meant to make Kerberos v5 work. Our issue is, W32Time lets things drift enough for weird things to occur in our medical records. We have a veterinary toxicology consulting hotline. Because things get out of sync a bit, we frequently have medical records opening before a client's telephone call is received. The article referenced above essentially says to go find an alternative to W32Time. NIST has gathered a list of time sync software. QUESTION: has anyone on the list used (and would recommend) anything on that list to fix the record created prior to the call situation? (http://www.nist.gov/pml/div688/grp40/softwarelist.cfm) Thank you... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Happy New Year everybody!
Likewise, hope for a brighter 2013 for everyone this year. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, December 31, 2012 3:28 PM To: NT System Admin Issues Subject: Happy New Year everybody! Thanks to everyone for all your help throughout the past year. May you have a joyous and prosperous new year! -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin