Don't Be a Sitting Duck!

Script kiddies test the defenses of FTP servers and SFTP servers (using SSH) every minute of every day.  IT administrators have gotten used to these probes, and smart ones have already enabled IP lockouts on their perimeter servers.  (This setting is on the "Server Settings" pane in Serv-U FTP Server.)

However, there are a number of "well known" usernames that should never be used as usernames on FTP servers and SFTP servers because they are just too easy to guess.

10. administrator -  Very popular in Windows environments.  Don't use it on your FTP server.

9. oracle - Companies that like to write big checks to Larry often cut corners elsewhere to make the payments.  Don't follow the herd using "oracle" on systems that connect to the enterprise database.

8. mysql - Don't use the names of other databases or back-end infrastructure either. (Also avoid "sa", "sqlserver" , "nas", "postgres", etc..)

7. user - Popular test account, often set up with too many permissions, and often rolls over from the evaluation environment to production.

6. guest - "Sure, c'mon in.  You can use the bathroom, the phone and my checkbook."

5. apache - It's also common to see people name accounts after the web application they support with their FTP or SFTP services. (Also avoid "iis", "serv-u", "nginx", "www", etc.)

4. info - I'm honestly stumped on why "info" is popular (if you know, tell me in the comments), but it is.

3. test - "It's just a test account.  I promise I'll delete it - soon."

2. admin - Tempting to use in web applications (including Serv-U) because it's so short. Pick usernames like "[your initials]admin" instead to avoid script kiddies.

1. root - By far, the most popular attack target.  If you're building a honeypot, include root.  If not, don't.

Other Usernames to Avoid

Did I miss some the usernames you expected to see?  If so, tell me about them in the comments section below.

On March 5th of this year, Network Topology Mapper v1.0 was made available to the public.  Since then it has quickly become one of the more popular products that SolarWinds offers.  It’s a great tool for MSPs and IT Consultants that travel from one client location to the next because with only one license of NTM, an unlimited number of networks can be scanned and mapped.  It’s also a nice complement to SolarWinds Network Performance Monitor (NPM) because maps created in NTM can be exported to the Network Atlas format and then imported for use in NPM.

On 5/13/13, the first service release of NTM was made available.  This update includes some great new features.  Among a few bug fixes, this service release includes:

• Nodes with multiple IP addresses are now supported in tooltips, details windows, and search queries
• Spanning tree now reports states in English instead of stored values
• Link speeds of up to 10Gb are now identified
• Maps can now be exported to Visio 2013 vsdx format

For those of you who have already purchased NTM, visit the customer portal and download the latest release for these updates.  If you haven’t tried NTM yet, now is the perfect time!  For those who would like to try NTM, we’ve unlocked a few of the features in the trial to make the experience better. Download NTM v1.0.1 today and see how easy it is to create an accurate and detailed map your network.

Microsoft SharePoint is a web application commonly used for document and file management, collaboration, search, business intelligence, social networking and other functions.  With its widespread use, internal and external customers are dependent upon SharePoint’s availability to get things done.  Below are the top 5 causes of a slow-responding SharePoint application, and how you can proactively identify these problems and fix them before end users even know there is an issue.

1) Network devices and bandwidth:  The most obvious reason for network latency is often bandwidth capacity.  However, latency issues can still exist even in a large bandwidth network, particularly if the *devices* involved in the interconnections – switches, routers, firewalls, etc. are introducing the latency. At its core, these devices are all ‘store and forward’. When the ‘store and forward’ takes longer than optimal, latency is introduced. Locational issues are caused by distance (the round trip takes a while) or due to a location’s network infrastructure where the internal WAN may be slow.
2) Volume of requests/application usage: Each and every click is recorded as a transaction.  If the volume of transactions exceeds the available resources, it causes application latency.  An increase in the number of concurrent users also can cause responsiveness to suffer. A high memory usage, low disk cache memory or a storage I/O may cause latency in loading components required by SharePoint.
3) Load time for integrated components.  SharePoint allows adding widgets, applications like Java, SQL. An issue or delay in loading the components may cause delay and latency issues.
4) Database issues.  SharePoint heavily relies on the database infrastructure. I/O problems could indicate a problem with the disk.  Latency could also be caused by slow queries.

To proactively detect these issues, here is some guidance on what to monitor in your SharePoint environment.
• Monitor the network.  This includes utilization of each interface as well as the network latency and packet loss for each node. 
• Monitor web transaction response times from multiple locations.  With a good website monitoring tool, you can determine if a slow page is locational or if the problem is native to the application. 
• Monitor page load times for the entire transaction.  By monitoring all the pages/steps in a transaction is necessary to pinpointing where the user experience breaks down.

When looking at an individual page, it’s good to have a waterfall chart to view which element is consuming the most time to determine if the issue is related JavaScript, DNS lookup, etc.

• Monitor database performance & query times.  Because a database issue can be the cause of a SharePoint performance problem it is important that your server management tool can monitor key performance metrics of your database.   Key metrics include lock wait time, fragmentation, and deadlocks among others.  You also want to monitor how long it takes for SQL queries to perform to get an indication if the query written requires a change to improve performance.

• Monitor underlying server resources for CPU, Memory and Disk constraints. CPU utilization issues can indicate underperforming hardware or perhaps a virtual machine has insufficient resource allocation.  It is also very important to keep close tabs on disk I/O and disk latency to understand how storage performance is impacting your application.  This is a major issue with heavy data intensive applications like SharePoint.
• Monitor specific SharePoint performance metrics such as:
-SharePoint request wait time.  As the number of wait events increase, page-rendering performance will deteriorate.  If wait time is consistently trending up, you should consider adding additional web servers to support your application.
-SharePoint requests rejected.  If there are any requests rejected (showing a 503 HTTP status code), there are insufficient server resources, and you should consider implementing additional web servers.
-SharePoint Worker process Restarts.  Any worker process restarts can indicate a problem such as a memory leak, access violations or process settings.  Investigate process restarts to prevent issues.

-Requests per second.  This provides an indication of current throughput of the application.  If this metrics gets out of a certain range, you will need to add additional resources to cope with the increased load.

The SolarWinds Web App Monitoring Pack provides the ability to monitor web application page load times and provides out-of-the-box monitoring for SharePoint 2013, 2010 and 2007. Try it free for 30 days.