Skip navigation

E-Privacy (Postscript)

Posted by Bronx Dec 31, 2012

I find it ironic that as the author of E-Privacy, my own personal PayPal account got hacked into over the weekend. Needless to say, I was robbed of more than $300. I understand the humor here so please take a moment to laugh. Done? Good, now let's learn from this unfortunate event.

 

Password Protection

After speaking at length with the security people at both PayPal and my bank, I have a pretty good picture of how the thieves pilfered my account. My account was the victim of a brute force attack. From what I've learned, the thieves used this method to attack multiple random accounts until access was granted. Once access was granted, the thieves would steal a small sum of money in the hopes of having hacked a corporate account, where the absence of such small sums often goes unnoticed. At the time, my password was eight characters long and a mixture of various alphanumeric characters. I thought a password of this strength was fairly safe seeing as how the code to launch nuclear weapons in the movie WarGames was only ten characters. (Let's pray the government sees this article and ups their nuclear warhead codes to at least 128-bit encryption!)
codes.jpg

The Discovery

Saturday morning I received several emails from PayPal confirming that my "donation to Africa" had been processed. At first, I thought this was just your typical phishing scam. However, as a matter of practice, I manually logged into my accounts (as opposed to clicking the links in the emails - never do that) to verify my money was safe. It was not. The money actually was removed from my bank account via PayPal and transferred out of the country.

 

SolarWinds Customer?

Fortunately for the SolarWinds customer, our products, like NPM, SAM, and WPM, among others, are very secure and continue to grow stronger at breakneck speed.

 

The Postscript

Even after taking all possible precautions, I was still vulnerable. At this point, the only thing left to do was to create longer and more difficult passwords and disassociate my bank account with PayPal (at least temporarily). The good news is I will get my money back. The bad news is...the hassle just sucks.

While Nagios is open source and "free," it has hidden time and effort sinks that can really add up.

 

ChristineB has a blog that outlines Five Reasons Free Costs Too Much.

 

Here's a the big five:

  • Time consuming
  • Poor scalability
  • Diffuculty adding apps
  • DIY attitude
  • High switching costs

 

Read more about these money sinks here.

Getting Serious About Network Management

Inevitably, if you are serious about managing your network, you're going to need to address the issues of packet errors and discards. Sure, you can ignore them, but, ignore them long enough, and I'm pretty sure the VP of Finance at your current place of employment just might start ignoring the part of the IT budget earmarked for your personal health and well-being. Basically, if your network infrastructure is not doing a good job of maintaining packet integrity (errors), of if you're dropping packets entirely (discards), you've got problems.

 

And this is where I tell you that SolarWinds has solutions for your problems.

 

What are Errors and Discards?

In a previous post, actually, we talked about errors and discards. Check it out for the lowdown on how errors and discards are defined and how you might encounter them on your network.

 

In a non-network context, but one that is certainly relevant at this time of the year, let's talk about toys, specifically, the brand new bicycle your kid just got a few days ago.

 

See, here he is, grinding his way up the grassy hill in the park down the street from your house.

bicycles,bikes,boys,children,grasses,helmets,kids,leisure,males,pedals,people,photographs,rides,sneakers,sports equipment,tennis shoes,training wheels

It must be unseasonably warm where you are right now.

 

Since you are awesome and got your kid a bicycle, you are no doubt familiar with the following promise of imminent joy:

 

SOME ASSEMBLY REQUIRED

 

If you aren't, come over to my place, I'll be assembling toys well into the new year...

 

Anyway, if the box emblazoned with the promise above arrived undamaged at your house with all the pieces inside (i.e. two wheels, two training wheels, a frame with a seat, two crank arms, and two pedals, etc.), we can say that your box o' bike parts arrived with NO ERRORS. If it came missing a seat, you don't need your kid to tell you that have yourself a serious error.

 

And, if, after receiving all those bike parts, you were able to successfully complete the assembly of your kid's steel steed without burning the instructions on the Yule log or tossing the mangled frame into the neighbor's swimming pool (not that I would know personally what that might look like) you have passed the bike to your adoring child with NO DISCARDS.

 

With that, on behalf of SolarWinds, I wish you a Happy New Year!

 

This holiday season, we here at SolarWinds are digging through the Geek Speak archives to find relevant blog posts from years back that continue to get traffic. Since these posts have stood the test of time, we're bringing them to your attention here so you don't have to wait until you have a specific question to enrich your knowledge.

 

One such post is Understanding SNMP Polling and Counters. In this post, the blogger mentions two frequently-asked SNMP questions:

  • How often should I poll my devices?
  • How do SNMP counters work?

 

The actual post goes into a lot more detail than this, but in brief, the answers are:

  • Most organizations poll their devices for statuses every 5 minutes.
  • An SNMP counter is one of two types of MIBs, the other type being a guage. Poll counters to get statistic information, such as traffic rates, as opposed to status information. Sometimes, statistics polling can be less frequent than status polling, with a common interval of 15 minutes for non-critical connections.

 

If you're interested in similar topics, plug a few keywords into the search bar and see what strikes you.

Riddle Me This...

Posted by Bronx Dec 28, 2012

You are a geek, if for no other reason than reading this post. That's right, I said it. You're a geek, a nerd, a brainiac, and every other name in the book that was meant to be derogatory, yet you secretly embrace. Time to renew your geek license, buddy!

 

Prove Yourself.

Sure, you can quote Star Trek lines, recite the Quadratic Equation, and monitor at least a hundred applications on your network, all without breaking a sweat. So what? All that proves is that you have a decent memory and SolarWinds Server & Application Monitor installed! Let's see if you've still got what it takes to be called a geek. Is your brain still running in high gear? We shall see.

 

The challenge, if you choose to accept, is to solve a riddle. This riddle has two variations and I will present them both to you. (Cheating is always an option, but really, you'll just be cheating yourself.)

 

The Scoring

  • Answer the easy variation correctly, and you get your geek license renewed.
  • Answer the harder variation correctly, then you will be awarded your geek license for life!
  • Answer both variations correctly, then you should apply to Mensa and ask for a raise because you're really bright!

 

The Riddle of Riddles

My eleventh grade trigonometry teacher told the class this riddle (Difficult Variation) ages ago. We were stupified! Simply comprehending the correct answer gave us a headache back then. So, as a gift, I offer you my headache. It goes something like this:

 

In ye olden days, a king had captured a strange man he believed to be dangerous. To have the man prove himself, the king ordered the stranger to be placed in a dungeon. In the dungeon, there were two doors. Behind one door was freedom. Behind the other door was a dragon, which meant certain death. Guarding each door was a single guard. One guard lied, the other did not. The guards knew which one of them lied and which door was which; however, the stranger knew none of this. All the strange man knew was that one of the two doors led to freedom and that one of the two guards lied.


Easy Variation:

As the stranger, you are allowed to ask each guard one question. The guards can only answer, Yes or No. What are the two questions you need to ask in order to leave the room safely?


Difficult Variation (Headache Version):

As the stranger, you are allowed to ask one guard one question. The guard can only answer, Yes or No. What is the one question you need to ask in order to leave the room safely?


Note: Both variations are independent of one another, meaning you do not need to get the correct answer to one in order to solve the other.


Postscript

Since you're probably using NPM for monitoring your network, SAM for monitoring your applications, and WPM for monitoring web performance, you will probably have a great deal of free time to think on the answer (as opposed to troubleshooting your network issues). That said, I will not give you the answer to either riddle; however, if someone get's it correct and then posts their answer as a comment, I will comment on the answers.

Over 5000 thwack members have viewed this post since it was published in 2009.

 

The author gives good news that the SolarWinds NetFlow Traffic Analyzer (NTA) supports analysis of flow data collected from Cisco ASA devices.

 

Check-out the linked discussion of how the Cisco ASA devices use NetFlow as a transport protocol for security events; and the linked set of configuration parameters that enable ASA devices to export flow data.

This has been a busy year for changes in WSUS and Patch Manager. In this article I’m going to summarize these changes. Treat this like a checklist. If there’s something on this list you’ve not yet done, use the next couple of weeks to develop a remediation plan. If you need help with any of this, post a message in the Thwack Patch Manager or PatchZone forums, and I’ll be happy to respond.

 

February

Following the EminentWare acquisition, Patch Manager v1.72 was released and implemented a new licensing model (see KB3552) . This new licensing model

  • granted access to the 3rd Party Updates Pack to all Patch Manager customers,

  • eliminated the need for activation on Secondary Application Servers, and
  • changed the methodology of how the 3rd Party Updates catalog is synchronized.

If you’re still running one of the EminentWare Extension Packs – this update should be a New Year’s Resolution for sure! Details on upgrading to v1.72 and troubleshooting a common licensing issue are discussed in KB3602 and KB3562 respectively.

 

June

KB2718704, the first of many updates precipitated by the Flame fiasco, was released. This update replaced the certificates used by the WUAgent to validate digital signatures on files signed by Microsoft, and by WSUS to establish SSL connections for synchronization. I talked about this in the Product Blog (June 4). For some really technical details on what this update does, read these Microsoft Security Research & Defense (SRD) blog posts [ June 3 | June 6 ]


Also in June, we released a free tool - the Diagnostic Tool for the WSUS Agent - designed to make your efforts in troubleshooting communications and behavioral issues with the Windows Update Agent much easier. Most notable about this tool is that it runs on 64-bit systems, and it provides guidance on known causes and the proper solutions for many of the issues encountered with configuring the WUAgent and communicating with a WSUS Server.


July

Two events of significance occurred in July: one from Microsoft, and the other from SolarWinds.


Microsoft KB2720211

KB2720211, a preliminary update to facilitate the changes announced in this SRD Blog (July 10) was released to WU/WSUS. This update provided four items of significance, it:

  • updated the digital signatures on the WSUS resources.
  • updated the Windows Update Agent to use those new digital signatures.
  • updated the WSUS API to create 2048-bit certificates for use with local publishing.
  • rolled up a couple of previous local publishing related hotfixes.


Probably the two most significant issues with this update were

  • that it was exceptionally difficult to successfully install (partly due to Microsoft’s rush to getting it out the door; see these WSUS Support Blog Posts [ June 20 | July 23 ] for guidance installing KB2720211), and
  • that without it, systems that updated the WUAgent via AU/WU/MU were no longer able to communicate with an unpatched WSUS server due to the certificate changes (See KB958045 and this WSUS Support Blog Post for details).


This is a required WSUS update. If you’ve not yet installed it, doing so needs to be at the top of your patch management to-do list. However, you should also consider installing KB2734608 as an alternative to KB2720211. It’s reported to provide a more reliable installation. I discuss it in more detail later in the article.


For Patch Manager customers, this update also presented some minor complications, because it does not detect as installable on WSUS console-only installations. (I asked the WSUS product team about this behavior, and they told me it was “by design”. I told them that I thought it was a bad design, but it is what it is.) So, be sure to install KB2720211 on your WSUS console systems, as well, most notably all of your Patch Manager servers, which also have WSUS console installations. More on this is available in KB4054 and KB4328.

  • If you have WSUS and Patch Manager installed on the same system, you will also encounter an Access Denied failure in the Patch Manager console after installing KB2720211. We discuss this scenario in KB4014.
  • There was some confusion regarding the About->Help dialog in the MMC console after upgrading WSUS or Patch Manager from/to any version. KB4107 discusses this scenario.
  • After installing KB2720211, if you are using local publishing in WSUS to deploy third-party updates, you must create a new publishing certificate, distribute it to all systems, and re-sign all update packages that are needed by client systems. Details on this procedure are available in KB4100. Also there is a minor anomaly that impacts the Server Publication Verification Wizard, which we discuss in KB4127.


Patch Manager v1.73

Patch Manager v1.73 was released, in response to the forthcoming digital certificate changes announced in the July 10 SRD blog posting. I wrote about the proposed Microsoft certificate update in the Product Blog (July 25).


The Patch Manager v1.73 update has some stringent requirements for how it is deployed in environments with more than one Patch Manager server. If you’re still running Patch Manager v1.72, please read the notes in KB4099 and KB4138 very carefully. If you’re still running an older EminentWare Extension Pack, see KB4118 for additional guidance.


August


Microsoft KB2661254

KB2661254 was published, as announced earlier, but only to the Microsoft Download Center, providing a big break to Patch Manager customers. An announcement that the update would be released to WU/WSUS in October was posted to the MSRC Blog.


KB2661254 will break all Local Publishing functionality on a WSUS server that does not have KB2720211 installed, so you need to perform all of the required actions for KB2720211 prior to installing KB2661254 on the WSUS server. This is discussed in greater detail in KB4110.


Microsoft KB2734608

KB2734608 was published, but only to the Microsoft Download Center. This update will not be distributed via MU/WSUS because of the complex requirements for its installation. There are two items noteworthy about this update:

  • It provides the ability to patch Windows 8 and Windows Server 2012 systems from a WSUS v3 server by adding SHA256 hashes to the WSUS content, which is required by the WUAgent v7.8 installed on Win8/Win2012.
  • It rolls up all of the updates contained in KB2720211.


This is an optional update for WSUS! If you don’t need to patch Win8/Win2012 systems yet, I recommend you bypass this update (assuming KB2720211 is already installed). If you choose to install this update, please read the detailed deployment guidance provided in the KB article.


Coming...

What We're Working On

  • full capabilities for patching and managing Windows 8 and Windows Server 2012,
  • managing WSUS v6 installed on Windows Server 2012, and
  • installing Patch Manager on a SQL Server 2012 instance.


PatchManagerBlogCTS.png

What is AJAX?

Posted by Bronx Dec 27, 2012
When I was a kid, my mother used to hand me a can of Ajax to scrub the tub with. (Apparently, I was dirty enough to leave rings behind.) This was my first experience with Ajax, not to mention Comet.can.png

Ajax in the Computer World.

  • AJAX stands for Asynchronous JavaScript and XML.
  • AJAX is not a new programming language; rather, it is a new way to use existing standards.
  • AJAX is the method of exchanging data with a server, and updating parts of a web page - without reloading the entire page.

 

By definition, AJAX is a development technique for creating interactive web applications that is used on the client-side, as opposed to the server-side, to create network/web applications with data exchange running to and from the server in the background. This background data transfer method enables the user to view an existing webpage without interruption. Both HTML and CSS can be used to configure styles of your choice.

 

AJAX uses a combination of: 

  • CSS for styling information.
  • The Document Object Model (DOM) accessed with a client-side scripting language like JavaScript to dynamically display and interact with the information.
  • The XMLHttpRequest object to exchange data in the background with the web server.
  • XML can be used as the format for transferring data between the server and client, although any format will work.

ajax.png

 

One of the most visited posts ever on Geek Speak talks about when to make the move to an Enterprise Operations Center/mutli-Orion core architecture. Now that companies are investing in IT infrastructure again, I think it deserves a second look!

 

http://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2010/02/25/understanding-when-to-deploy-a-distributed-network-management-architecture

 

Enjoy!

'Tis the season to recycle, so we're revisiting some of your favorite Geek Speak blog posts. Today it's Enabling SNMP on Windows Servers and Windows Workstations.

 

Simple Network Management Protocol, or SNMP, is used for managing devices on IP networks. Many  network management and server and application monitoring solutions rely on SNMP to monitor the health, performance, and availability of networks, services and devices.

 

In new Windows environments, SNMP is disabled by default and installing, configuring, and enabling it can be a slow, tedious process. Performing these tasks on a few systems is manageable, but if you need to quickly enable SNMP in larger environments, SolarWinds' free SNMP Enabler for Windows can be a big time-saver. With the free SNMP Enabler for Windows, you can:

  • Remotely install, enable, and configure SNMP on any Windows server or workstation on your network
  • Install, enable, and configure SNMP on multiple Windows machines all at once
  • Save time when deploying applications that rely on SNMP

 

Check out this quick demonstration to see how it works.

There are a few select tools created and designed solely for the purpose of backing up Hyper-V virtual machines. If you are a service provider rolling out one or more new Hyper-V servers in a new environment, or if you just want to evaluate new tools designed just for Hyper-V, re-visit this post regarding the How To's and Why Not's of using Windows Backup Server with Hyper-V.

 


We have been seeing a pronounced trend of customers making the transition to SNMP over the past year. Most of the feedback we get is that the transition was a lot easier that the customer had predicted. Consider the benefits SNMPv3 give you over SNMP v2c.

  • Encrypted Communications - no plain text community strings.
  • User Level Access Control - specific message types according to requesting device.
  • View Based Access Control - allow access to a part of a MIB rather than all or none.

 

Rolling out SNMP v3 should be accomplished is a two step plan:

  1. Place the new SNNP v3 configuration on one device ant test. This will typically be done in a lab environment.
  2. Roll-out the configuration to production devices using a configuration management tool.

 

Here are a couple of reference papers to get you started.

 

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html

http://www.solarwinds.com/documentation/Orion/docs/Implementing_SNMPv3r1.pdf

 

--

 

Andy McBride

VMware and SNMP

Posted by Andy McBride Dec 24, 2012

Virtual servers are perhaps the best technology invention in the past 15 years. Just considering the cost saving and positive impact of doing more with lees, nothing comes close in my opinion. As the virtual server market grew, some server management tool fell behind; SNMP most notably. From thin to non-existent SNMP implementations good solution were hard to find We created a VMware free tool but in ESX 3.5 you had to manually configure the servers by editing the snmpd.conf file. ESXi 3.5 the SNMP agent only had trap capabilities.

 

Along comes Cloud Computing and vShpere!

The concept of cloud computing along and the very large scale deployments that make the cloud possible forced VMWare to create a centralized and intelligent management center. Wikipedia has a very good graphic depicting the inherent complexity of a vShpere environment. This shows the level of complexity in a cloud environment. As you can see, there really is no room for manual configurations to enable SNMP. vSphere is the cookie cutter that enables the infrastructure, all you have to do is point it back to your SolarWinds Virtualzation Management and Storage Manager.

 

This holiday season, we here at SolarWinds are digging through the Geek Speak archives to find relevant blog posts from years back that continue to get traffic. Since these posts have stood the test of time, we're bringing them to your attention here so you don't have to wait until you have a specific question to enrich your knowledge.

 

One post that caught my attention was Understanding how Trace Route Works. This is a good topic of which to have a general understanding, and the blogger shares a useful resource to help with that. The funny thing about this post is he spends more time plugging Wikipedia as a valuable knowledge source than he does on the actual details of how trace route works.

 

This is not to say the post isn't worth reading. On the contrary, I mirror my colleague's sentiments about the free encyclopedia, as I use it all the time, whether blogging or writing "print" documentation. More and more, however, I find myself using Geek Speak in the same fashion.

SQL Server Clustering

Posted by Bronx Dec 21, 2012

We don't have planet clustering yet and it's December 21st, 2012! If the world is ending, stop reading this and save yourself. If not, carry on.

 

What is Clustering?

 

Clustering is a technology that automatically allows one physical server to take over the tasks of another failed physical server. The goal of clustering is to ensure that users running applications will have little or no downtime when a failure happens. What does this mean? Basically, if one server fails in a cluster, another one will automatically take over, keeping downtime to a minimum.

 

To be a bit more specific, clustering refers to a group of two or more nodes that work together and represent themselves as a single virtual server. This means that when a client connects to a cluster, the client observes only one SQL server, as opposed to many. When one of the nodes in the cluster fails, its duties are taken over by another server in that cluster. Theoretically, the user notices nothing when the failure occurs.


Clustering is not a complete backup system for your applications. It is only one part of the equation when it comes to ensuring minimum downtime. Clustering provides the ability to recover from failed server hardware and software. This is the main benefit of clustering.

 

Types of Clustering

 

  • Active/Active SQL Server cluster: An Active/Active SQL server cluster means that the server is running on both nodes of a two-way cluster. Each copy of the server acts on its own and users see two different servers. If one of the servers in the cluster fails, then the failed instance of the server will fail over to the remaining server. This means both instances of  the SQL server will be running on one physical server, instead of two.
  • Active/Passive SQL Server: An Active/Passive SQL server cluster refers to a SQL server cluster where only one instance of SQL server is running on one physical server in the cluster. The other physical server simply waits to takeover should the main node fail.

 

 

Generally speaking, the Active/Passive configuration will provide better performance.

 

So what is Trivial File Transfer Protocol (TFTP), anyway? Why is it important? And what does SolarWinds have to do with TFTP?

 

TFTP is a file transfer protocol that’s been around since the 1970s. It is used for transferring boot, firmware, and configuration files. It’s a very simple protocol that uses very little memory. TFTP is important because it is time-tested, easy-to-use, and robust. The protocol is also ideal for private network hardware that requires firmware updates, but have no data storage, such as routers. SolarWinds’ free TFTP Server is a multi-threaded TFTP server for uploading and downloading executable images and backup configurations for routers and switches.

 

Got more TFTP or SolarWinds TFTP Server questions? We have answers, at the TFTP FAQs... blog.

Cisco's Smart Business Architecture

 

The development of Cisco's Smart Business Architecture (SBA) for Mid-Sized Networks was designed to help you narrow down the number of choices available when designing your network. Cisco SBA provides a series of blueprints designed to simplify solutions for businesses with between 250 and 1000 employees. Specifically, the SBA can help you:

  • Determine which gear combinations work together
  • Configure them to talk to each other.

SBA provides recommended hardware selections and combinations, network designs, and even includes recommended configuration templates. It makes the process of acquiring gear, designing the network, and configuring everything to work together much easier.

If you haven't had a chance to checkout the Cisco SBA I highly suggest that you do. You can read more about it here. It can significantly simplify a sometimes tedious and confusing process

 

See how SolarWinds fits into your SBA solution:

http://www.solarwinds.com/cisco/managing_cisco_networks.aspx

 

Cisco SBA Network Design Guides-

http://www.cisco.com/en/US/netsol/ns982/networking_solutions_program_home.html

 

Also, check out the Cisco SBA blog for Government Solutions.

http://blogs.cisco.com/tag/sba/

The value of bookmarking sites that provide useful reference information can be measured by your repeat visits.

 

In the past couple of months this post on NetFlow drew over 600 views, which is a large number for a page 3 clicks away from the thwack.com landing page.

 

This first part of the 7 part series gives you an overview of the NetFlow standard and a tour of the NetFlow v9 datagram. The post provides links to 6 other parts of the series on flow technology, which cover the NetFlow v9 packet header, template flowset, data flowset, options template, Cisco device models that support NetFlow, and a good example of a flow collector application.

 

As you remind yourself of the basics, and dig into the details of NetFlow, keep in mind that SolarWinds Network Traffic Analyzer incorporates many useful views of the flow data your devices may collect. And NTA provides an excellent extension to a Network Performance Monitor  implementation.

A while back, I wrote a blog post that detailed how patch management products work with the WSUS API to publish third-party updates (see How patch management products work with Microsoft WSUS). Looking back, this got me thinking about how, from a Patch Manager perspective, WSUS patch management and ConfigMgr/SCCM patch management are essentially the same. However, this surface-level understanding of the process is liable to cause some confusion. This post is intended to help clear that up.

 

Understanding How ConfigMgr Works with WSUS

My previous post outlines the Patch Manager/WSUS publishing process like so:

  1. Patch Manager initiates the publishing task:
    1. It loads the update definition into the WSUS database.
    2. It compiles the update installer(s) in a cabinet (CAB) file.
    3. It creates the CAB file on the WSUS server in the ~\UpdateServicesPackages file share.
  2. WSUS simulates the "File Download" task:
    1. It renames the CAB file with a 40-character hexadecimal representation of the original CAB file's SHA-1 hash.
    2. It makes the CAB file available for download by copying it to the appropriate folder in the ~\WSUSContent file share.

The important thing to note here is that the only step ConfigMgr cares about in this process is Step 1.a. So, from a third-party patch management perspective, we initiate the conversation with the WSUS API the same regardless of whether we're publishing updates to WSUS or ConfigMgr; but from a technical perspective, there are a lot of back-end differences between the two procedures. On a side note, even though ConfigMgr doesn't care about the rest of this WSUS procedure, the fact that WSUS still does the work allows third-party patch management products to deploy updates on demand in ConfigMgr environments the same way they can in WSUS-only environments. Here's my blog post about that: Deploy third-party updates to ConfigMgr clients without building deployment packages.

 

Here's what the publishing and deployment process looks like for ConfigMgr:

  1. Patch Manager loads the update definition into the WSUS database.
  2. ConfigMgr admins create deployment packages for target computer groups (called "Collections"). These effectively replace WSUS approvals. More about that here.
  3. ConfigMgr stores the update files on a separate server called a Distribution Point.
  4. The Windows Update Agent on each ConfigMgr client scans the WSUS database to find out what updates it needs.
  5. If a client needs an update, the ConfigMgr agent downloads the requisite files from the ConfigMgr Distribution Point.

 

So, the takeaway here is that, while publishing third-party updates is essentially the same in both WSUS and ConfigMgr environments, the back-end process is significantly more complex from a ConfigMgr perspective. In addition to using the more-complicated deployment packages instead of WSUS approvals, the ConfigMgr process also requires two servers to maintain updates: the WSUS server for the update definitions, and the Distribution Point for the files themselves.

 

So...why use ConfigMgr at all?

This is a question I addressed in a previous post (see The differences between Microsoft WSUS and Configuration Manager), but it's worthwhile to summarize the answer in this context. Basically, while the back-end process for handling updates is more complicated for ConfigMgr than it is for WSUS, ConfigMgr offers a lot more functionality beyond the limited scope of straight patch management. Similarly, third-party patch management applications like SolarWinds Patch Manager can offer a lot more to ConfigMgr admins since ConfigMgr provides a broader base of functionality to extend. For larger organizations, it's often more efficient to leverage a pre-built solution like ConfigMgr than it is to try and recreate that functionality with some combination of WSUS and other free tools.

 

If you're interested in reading more about ConfigMgr and third-party publishing, check out the following post on Patch Zone: Patching 3rd party applications: System Center Configuration Manager compared to 3rd Patch Management Solutions.

 

Open Shortest Path First (OSPF) is an adaptive, interior gateway routing protocol for Internet Protocol (IP) networks. It routes IP packets within a single independent system, detecting changes such as link failures. OSPF determines the shortest path around these failures for each route.

 

Avery important thing to important thing to monitor when managing an OSPF network is how each router in the OSPF network sees other routers in the network. You want to be on the lookout for OSPF neighbor states. Changes may indicate a network problem.

 

For more information on monitoring OSPF networks and OSPF neighbor states, see the blog Monitoring OSPF Neighbor State Changes. You may have some capabilities you didn’t know you had! And don’t forget to check out the Cisco tech link note in the blog too, for detailed information.

One of the cool things about working for SolarWinds is there's always something to learn. Whether I'm learning about a new product or acquisition, diving deeper into a familiar product, or taking a peek at a product I don't even support, learning is a huge part of my job. Today, I'm peeking at Web Performance Monitor (previously Synthetic End-User Monitor).

 

What is website performance monitoring?

When I started looking at this product, my first question was about the fundamental problem it's intended to solve. In short, website performance monitoring is all about maintaining a certain level end-user experience on your websites. It can even extend to internal (or external) web applications. The idea is some piece of software impersonates a user accessing the website or application and reports the results. If the results are poor or indicate some kind of issue, the software also sends you alerts so you can address the issues proactively -- hopefully before any real user experiences a problem.

 

Why is it important to monitor website performance?

My next question was basically, "So what?" As a consumer of websites and web applications, I deal with performance issues all the time. It's a fact of my life; I get over it. But after I looked into the implications these performance issues can potentially have, it became clear to me that poor website performance really is a problem. For example, if you're managing a website that handles sales transactions, poor performance often equates to lost sales. Similarly, if you're managing an application that internal users need to get their work done, poor performance equals decreased (or even halted) productivity. These and other issues of the sort make a strong case for proactive, real-time monitoring.

 

What to look for in a website monitoring solution?

There are several things to look for in a website performance monitor. At SolarWinds we're all about quick deployment and ease-of-use, so those two things almost go without saying. Here are some other, more problem-specific things to look for:

  • The monitoring solution should be flexible -- able to monitor any website and other web-based applications.
  • It should be granular -- capable of identifying a specific fail-point in a problem transaction.
  • It should be proactive -- alerting you when something goes wrong.
  • It should be global, like your users -- able to test transactions and performance from a variety of locations, be they local, domestic, international, or all of the above.

 

For additional information about what to look for in a website performance monitoring solution, check out this slide share that details 3 Smart Tips for Keeping Your Websites Going Strong.

I have a desktop PC connected to my 37” TV where I do most of my personal work on at home, everything except email which is on a different system. Working from a 37” monitor is really sweet. Additionally, when I work from home, I use that PC to Remote Desktop to my SolarWinds notebook where I have all of my work-related applications and documents. In addition to having the work environment on the big screen, I can also leverage the wireless keyboard and mouse that’s connected to the PC.

 

Remote Desktop limitations

But using Remote Desktop has some inherent limitations: first I lose the use of the internal notebook display, because the Microsoft Remote Desktop connection locks it out. Second, streaming video across the RDP connection is not so good. Now, this may be a factor of the 802.11g (54mb/sec) wireless connection that the notebook uses to get on my home network, but that’s what I have to work with at the moment. Third, routing audio via RDP impacts my ability to use a USB or Bluetooth connected headset with the notebook, and while it is possible to switch between the two, it’s not particularly easy to do so on the fly.

 

Directly connected complications

I explored plugging the notebook directly into the TV, via HDMI, which would get me direct sound in my 5x1 (rather than via RDP) and streaming video direct to the TV. But, that would also require implementing a second wireless keyboard/mouse set, and I didn’t really want to plug in (or buy!) an extra keyboard/mouse just to manage that system.

 

A real solution

Then I remembered that DameWare Mini Remote Control (MRC) can solve all of those challenges, most notably because it doesn't take over the display of the remote system. So as of today, I now have the notebook plugged into the TV via HDMI, and the notebook display can also be active. I’m viewing the notebook video directly from the HDMI TV connection, so I’ve completely eliminated my streaming video issues coming across the wireless RDP session. I have a DameWare MRC session initiated from the PC to the notebook, which is giving me wireless keyboard/mouse controls on the notebook.

 

Special tips of importance

Oh, a couple of tips for this scenario, to keep the control PC from stealing mouse control away from the MRC application.ing

  1. Aside from the MRC session needing to be in Full Screen mode on the control PC, you’ll also want to make sure you hide the taskbar on the control PC.
  2. Be aware of the MRC control bar that sits in the top center of the control PC. This will impact your ability to navigate into the Title Bar of the remote PCs windows if they’re open fullscreen. You can move the MRC control bar to a different location on the control PC. I dragged mine down to the farthest lower-left corner of the screen so the only thing it now impacts is the “Show Desktop” button on my left-side positioned taskbar – which I never use anyway. If your taskbar is in the native location at the bottom of the display, you might move the MRC control bar to the far lower-right corner.

 

DamewareBlogCTS.png

A gift from us to you…better application performance! Just what you wanted, right? And no, this isn’t the white elephant gift you get stuck with every year.

 

Troubleshooting web-based application performance is a common task for IT personnel, but not necessarily a simple one. So many different issues can cause performance concerns. You may have employees who telecommute, or who are working at a remote location and they have a lowered performance quality. This article, How to Troubleshoot Web-based Application Performance Issues, discusses several ideas for troubleshooting web-based application performance issues using SolarWinds Web Performance Monitor (formerly Synthetic End User Monitor).

All the reasons to alter the way the internet is governed internationally have little to do with current DNS operations, which are basically excellent in terms of the root server response time for name server queries. And you can bet that among many other stake-holders Google, or more precisely GOOG, has an enormous vested interest in keeping the existing system as stable as possible through whatever changes a governing agency might propose.

 

So nobody can be too surprised that of 143 nations represented at the recently-concluded World Conference on International Telecommunications (WCIT-12), the United States was among the 54 nations who refused to sign the agreements related to internet governance. Most specifically, the US opposes the declaration that all governments should have an “an equal role” in how the internet functions now and through future innovations, especially in terms of “security”.

 

“Security” is a big word when governments might use it to make sure that technical changes in how DNS facilitate preventing their citizens from getting access to information. Imagine the Internet Corporation for Assigned Names and Numbers (ICANN) making changes to its root server delegations so that a nation that doesn’t want you to participlate in a political discussion can more easily redirect your browser’s DNS query away from black-listed domains. Or more simply, imagine you couldn’t register your domain unless the registrar first approved of the content you put up on your site. Finally, imagine that sign-off on actual technical changes to instructure that runs the current internet depends on a politicized committee of decision-makers.

 

The US and its main allies (Canada, UK) cite such scenarios in explaining their oppostion to the UN agreements.

 

Use DNS Tools that Work Now

 

DNS can be difficult enough to manage in its current form. While the political players make moves to “improve” what we have, you need tools that work now. Check-out this online toolbox.

Computer Math (Part 2)

Posted by Bronx Dec 17, 2012

In part one of Computer Math, I explained the virtues of binary and ended with the following questions:

Who uses these numbers for anything when I can just type the letter A? And by the way, computers do more than just splash letters on the screen, buddy.
This is where Hex and Assembly language come into play.

 

Hexadecimal (Hex)

In math and computer science, Hex is a numeric system with sixteen symbols, or digits, as opposed to the ten used in the traditional decimal numeric system.

  • Decimal - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • Hexadecimal - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F (A-F represent values from 10-15.)
  • Binary - 0, 1

Why 16 digits?

Each hex digit represents four binary digits, or bits. The main reason for using hex is because it is more human-friendly than binary. In binary, the highest four bit number is 1111, or 15. 0-15 = 16 digits. Hex is based on 16 digits for this reason. Look at the table below for the differences:

 

BinaryHexadecimalDecimal
10110000     01100001  B0     61  176     97

 

Why not use Decimal? That's the easiest of them all?

Hex works better because one digit in hex represents a nibble, which is half of an octet, or byte (8 bits). For example, byte values can range from 0 to 255, in decimal format (remember that number?), but are more easily represented as two hex digits in the range 00 to FF. Hex is also used to represent computer memory addresses.

 

Assembly language

Assembly language and machine language are considered "low-level" programming languages because these languages deal directly with the computer's architecture. In other words, it's hard. A high-level language, like Visual Basic or C, is built using a low-level language and is made easier to use by incorporating more "human" elements.

 

Look at this line of assembly code and let's examine what this is and how we got here:

MOV AL, 61h

 

Below, the binary numbers, 10110000 01100001, are translated to their Hex representations, B0 61, and then from Hex to an assembly language mnemonic. From Hex, B0 translates to assembly as the MOV mnemonic. Therefore, the previous line of assembly language code means, "'Move a copy of the following value into AL," and 61 is a hex representation of the value 01100001, which is 97 in decimal format.

 

BinaryHexadecimalAssembly Language
10110000     01100001 B0     61 MOV AL, 61h


To sum up:

10110000 01100001 = B0 61 = MOV AL, 61h = Move a copy of 97 to this place in memory.


Examine the code below. The code below is written in two low-level languages (Machine (Hex) and Assembly) and one high-level language (C). This code calculates the nth Fibonacci number, which is a number defined as being the sum of the two previous numbers in the series (1, 1, 2, 3, 5, 8, 13, 21...) Binary numbers are converted to Hex which gives you the "code" for the Fibonacci function in the first column. Translate the Hex into assembly mnemonics and you get the second column.

.code.png

SolarWinds Subnet Calculator

As you can see from the illustration below, Hex and binary are used in the real world. This is a screen grab from SolarWinds' Subnet Calculator. Fortunately for you, this is a free tool.

subnet calculator.png

Brain hurt yet?

Introducing Leaders in Big Data

The craft of generating useful  insights from the compost heaps of big data is still in its infancy. Google Tech Talks: Leaders in Big Data panel explores their experience with big data was well their ideas on what's needed to evolve into the next stages of this promising technology.  The members of the panel are:

  • Theo Vassilakis, Principal Engineer / Engineering Director at Google
  • Gustav Horn, Senior Global Consulting Engineer, Hadoop at NetApp
  • Charles Fan, Senior Vice President in strategic R&D at VMWare

 

Reviewing the 3Vs of Big Data

Understanding the 3Vs of big data, volume, velocity, and variety, is crucial when creating a big data strategy.

  • Volume refers to the amount of digitized data that must be stored and secured before it is used.
  • Velocity is the speed that data is moved, transformed, analyzed, and reported.
  • Variety speaks to the different types of data. Planning for this variety of data is integral to an effective big data strategy

The panel discussed how the 3Vs requires a new IT structure to support big data in Enterprise decision making. Big data strategies must include  current and future needs of the 3Vs.

 

C.R.A.P. Unveiled

Classic data is human-generated and is record-based. It is generally created, read, updated, and deleted. Today, more and more data is machine generated, write-once and read-many, and rarely updated or deleted. Panel member Charles Fan states, "Big Data is C.R.A.P. data" because it is Created, Replicated, Appended, and Processed. Whoever can process C.R.A.P. data will be the big winner in Big Data.

 

Open source standards and solutions

Open source is the primary standard of big data. Big Data is moving from the data storage model where everything is relational to a more chaotic structure with many models of data stores and many ways to query it. Since big data strives to connect disparate data sets, big data solutions will likely continue to rely on open source tools and open source solutions. Open source standards and solutions include:

  • Protocol buffers are an open standard that is an XML-like format of representing data.
  • Apache Hadoop is an open source software library that provides a framework for distributed processing of large data sets across clusters of computers.
  • Vmware's open source Project Serengeti enables the rapid deployment of an Apache Hadoop cluster on a virtual platform.

 

Big Data's four layers of functionality

  • Big data  applications - these are the applications that provide readable, consumable, and relevant information gleaned from the data.
  • Big data analytics is the layer of machine learning and other algorithms.
  • Big data management is the query engines where you can query the data.
  • Big data storage is common sink for all the C.R.A.P. (big data store).

Looking forward, the big data industry might be able to apply standards at the data storage and data management layers. Expect applications to be delivered as a service instead of in a software bundle

 

Data Privacy

 

Privacy is critical. If users don't trust you, they won't use your product or service. Privacy safeguards are key to successful outcomes. Think of your customers' data as money. If you want your customers to keep their data with you, you need to assure it is protected, otherwise your customers will leave their data at home ( in the mattress ) or will find a more secure service provider.

Hey, it's December, which means that It's that time of the year when gifts are given and we reflect on the year that was. 2012 was a great year for SolarWinds, and we hope it was for you, as well.

 

 

So, in the spirits both of giving and of reflection, we'd like to highlight a few of our more popular posts from the year that was. That's right, we're re-gifting, but I promise you'll enjoy these posts more than a box full of these beauties:

 

 

Late last year, SolarWinds acquired IP and domain management megasite DNSStuff, and this past summer we rolled out a bunch of updates to make it even more useful to you. SolarWinds' own, nicole pauls, gave us all a rundown of the updates and some previews of coming attractions in her post, "What's Up with DNSStuff: Professional Toolset, Infrastructure, and What's Next". Enjoy!

Computer Math (part 1)

Posted by Bronx Dec 14, 2012

Have you ever used the Windows calculator, changed the view to Programmer, and then stumbled across the Hex, Dec, Oct, and Bin options? Know what they mean? Well I'm gonna tell you anyway. In order, they mean Hexadecimal (Hex), Decimal, Octadecimal, and Binary. Welcome to computer math!

 


Dr. J.

When I was in the eleventh grade, I was afforded the rare opportunity to learn heavy-duty computer stuff from a visiting college professor, Dr. J (not the basketball player). Think of Dr. J as having the same personality as Doc Brown from Back to the Future. Add glasses and a salt and pepper beard and you now have my mentor, Dr. J.

 

Dr. J's class was programming not only in BASIC and Pascal, but now we were programming in assembly language and machine language, thanks specifically to Dr. J. Our final exam with him was to design a video game on the Commodore 64 in assembly language, pretty much bypassing the OS, or ROM as it was called then! This is tough stuff, even by today's standards.

 

He also taught us how to do arithmetic in binary and hex, using only pencil and paper. (And yes, they did have calculators way back then.)

 

Binary

Why does binary exist and what's it got to do with computers? Good questions. Something that is considered binary can only be in one of two states, on or off, up or down, and so on. In binary computer terms, on and off are represented by one and zero, respectively. This binary system is used because of the computer's CPU and its many transistors. For example, an Intel I7 Quad Core CPU consists of 731,000,000 transistors. Each transistor can either be on or off. The OS reads on or off as 1 or 0, hence the need for binary math.

 

Reading Binary

Reading binary is simple but time consuming. 10010110 is a typical binary number. Notice it is made up of eight number places. Each number place is considered a bit. Hence, this is an 8-bit number. All eight numbers together are called a byte. Therefore, bits create bytes. Incidentally, the binary number 10010110 equals 150 in decimal format.

 

Look at the table below. Notice, from right to left, the header numbers double in value, doubling from 1 to 128. The numbered table headers indicate what a binary value of 1 represents in decimal format. Let's plug our example binary number into the table below to see how it translates to 150. Notice that if you add up all the table headers where a 1 lives, you get a total of 150 in decimal format. In other words, 128+16+4+2 = 150.

 

Now look at the second row below the header. The highest number allowed in an 8-bit binary number is 255. (I bet you've seen that number before.) Using the table below, you can get any decimal number from 0 to 255. The next two questions are obvious:

  • How do I get a value higher than 255?
  • What do the numbers mean?

 

1286432168421Total in Decimal Format
10010110150
11111111255

 

How do I get a value higher than 255?

The simple answer is to add columns to the left. If we were to do that, the next columns would be headed with 256, 512, 1024, etc. Adding a total of eight more columns would allow you to produce 16-bit numbers. The highest 16-bit number is 65,535. Next would be 32-bit, 64-bit, and so on.

 

What do the numbers mean?

Does the image below look familiar? 2,147,483,647 is the highest 32-bit number possible. In this case, it means my monitor can display a maximum of 11111111111111111111111111111111 colors, or, in decimal format, 2,147,483,647 colors.

 

Following is how the computer generates the letter A to your screen. Note the headers are the same as our table above. Each black box is a 1, while each white box is a 0. Each black box is also a pixel on your computer monitor that is turned on, in this case to display the letter A. I've highlighted in red the pixels that are turned on to display the letter A, as represented in binary form.

 

 

The ASCII Character Table

Below is a portion of the ASCII Character Table. Highlighted in yellow is the letter A as represented in the different mathematical formats.

 

More Questions

  • What is ASCII?
    ASCII stands for American Standard Code for Information Interchange. Computers can only understand numbers, so an ASCII code is the numerical representation of a character such as 'A' or '@' or an action of some sort.
  • Why does A = 65 and 41 and 101?
    These numbers refer to the ASCII table so the computer knows where to go.
  • Who uses these numbers for anything when I can just type the letter A? And by the way, computers do more than just splash letters on the screen, buddy.
    This is where Hex and Assembly language come into play. Stay tuned for Computer Math, part 10.

 

Today's article was brought to you by the letter "A."
countvoncount.jpg

We all talk about how you can use Microsoft WSUS to approve and distribute updates to managed clients. WSUS is a great way to keep all of the computers on your network up to date with all of the latest patches. However, there's another side to this equation. What if you want to remove an update? Maybe it's causing problems with one of your applications, or you want to uninstall a program altogether. In these cases, WSUS provides an option to approve updates for removal, which instructs the client systems to uninstall the update the next time they contact the WSUS server.

 

Approving Updates for Removal

The important thing to note about approving updates for removal is that WSUS only supports this function for MSI and MSP updates. If you're curious whether a specific update supports removal, check the details pane for the update in WSUS (or a third-party patch management application). The Removable setting under Additional Details indicates whether or not the update supports removal.

 

Along these same lines, the two types of updates that support removal each support specific types of removal. When you approve an MSI update for removal, the installer removes the entire program. On the other hand, since an MSP is simply a patch applied to a base product, approving the MSP for removal just removes the specific patch, leaving the product installed. If you're looking at third-party updates, two examples would be Java patches (MSI - full uninstall) and Adobe Reader patches (MSP - only uninstalls the patch).

 

Finally, when you approve an update for removal, you have the option to specify a removal deadline. If a client checks in with WSUS after that deadline, it removes the update immediately instead of waiting for its scheduled task or some user intervention. If you want your clients to handle the removal this way regardless of when they check in, specify a removal deadline for some time in the past. If you do not set a deadline at all, the client will remove the update at the same time it installs any other pending updates. WSUS patch management, simplified!

 

For additional WSUS patching information about approving updates for removal, see "Approving updates for removal" in the Microsoft TechNet article, Approve updates.

 

You probably heard about the GoDaddy outage in September (2012). A corruption in routing tables across the company’s network left millions of Godaddy-hosted sites dark for many hours. To mitigate damage, Godday offered impacted customers one month of service.

 

Had Godaddy been publicly traded, an outage of that magnitude easily could have impacted the value of company shares. And that brings us to the topic of this post: when public-facing web resources go down, besides being an IT emergency, it can also quickly become a public relations emergency. How big an emergency depends on the company’s size and primary business focus.

 

Last week both Google and Facebook customers experienced significant outages. Google announced that faulty software updates pushed to production load-balancers in the company’s 9 datacenters around the world led to functioning systems being seen as offline.

 

Within 5 minutes of the push monitoring software picked up associated problems and in another 10 minutes the push was rolled back. During the 15-20 minutes of service disruption Gmail users were the most impacted—40% of whom could not send or receive mail.

 

Facebook reported that its service went offline due to a change in their DNS infrastructure. Their monitoring system detected the problem and IT teams resolved it quickly. However, for a service with over a billion users,  the short outage still had a big impact, at least in terms of being noticed and requiring press statements.

 

Auditing Your Crisis-management Workflow

 

The lesson in these cases seems to be that the bigger your service becomes, the more you depend on your monitoring systems to detect issues at least as quickly as your users. Along with network, storage, system and application monitoring views of your production site, you should have reliable user simulation agents to serve as your canaries in the bit mines.

 

Finally, in the auto-escalating alert workflow you put in place, bring an appropriate public relations expert into your incident management discussion as early as possible, especially if your company is publicly owned.

 

Firewalls play an important role in ensuring your network's security. They prevent unauthorized traffic from entering or exiting your secure network to help avoid infection from viruses, unintentional data loss, or access to sensitive data by unwanted outsiders. In order to maintain a high level of security, it's important to audit your firewalls regularly to ensure they are not allowing any dangerous or even risky services through.

 

Firewall Security Management - What the Experts Say

There are countless authoritative sources out there that make recommendations about what to consider when you configure, update, and audit your firewalls. A few prominent examples include:

 

The gist of all of these recommendations is that they list specific traffic and services that all firewalls should block to avoid infection or breech. They also make recommendations about firewall architecture, including recommendations to use multiple firewalls to segregate the internal secure network from potentially-dangerous outsiders. The latter implies that, depending on the size of your organization, you are going to have at least two -- and probably many more -- firewalls to audit regularly to ensure optimal security.

 

How to Audit Firewall Configurations

To audit your firewalls, first obtain their configuration files and familiarize yourself with how to read them. This might include deciphering rule syntax from disparate vendors. After you have a sense of how your firewalls are currently configured, use one or more of the sources cited previously (or similar) to construct an audit checklist that's suitable for your organization. As a point of reference, the SANS Institute checklist offers 24 items to check. Finally, compare the rules and other configuration details on your firewalls to the checklist you've prepared. If any of your firewalls fails a check, implement a fix right away.

 

I know, this sounds like a lot of work. Collecting the configurations alone can become a nightmare. However, there are tools out there that can help with firewall management tasks such as these. SolarWinds Firewall Security Manager (FSM), for example, has some built-in security checks that you can run -- or even schedule -- against all the firewalls in your inventory. FSM uses the authorities cited previously, along with several others, to provide a security check catalog with over 120 customizable security checks, from ensuring you have rules to block external traffic from reserved or illegal IP addresses to verifying your DMZ blocks all insecure traffic. For additional information about Firewall Security Manager, see Welcome Firewall Security Manager (FSM) to the SolarWinds family.

If you haven't taken the time to try out DNSstuff - now is a good time to do it. We have made all the tools free until March 31, 2013.

 

If you aren't familiar with DNSstuff - in a nutshell - the tools on the site can help you:

 

- Perform forensic analysis of name and email servers, path analysis, authenticate and locate domains.
- Keep an eye on blacklists and monitor web, email and name server compliance and connectivity.
- Dramatically increase the efficiency, accuracy and quality of your searches, lookups and analysis.
- Perform forensic analysis on a variety of domain and email concerns.
- All in one comprehensive report.

 

So please, check out the site, give the tools a try, and as always, let us know what you think on the thwack forum.

I am perusing The Human Face of Big Data, and am wide-eyed with wonder. Not only is this book lovely to leaf through, but each page contains a marvel relating to Big Data. Every major industry is seeing changes through this new technology, and the implications and possibility are the stuff of wonder.

 

Take for example the enormity of the amount of data Google processes and collects. Every day, 50% of the world's internet users visit Google.com. That amounts to about 7.2 billion page views and about 20 petabytes of data - a day. But Google is so much more than a search engine. They have their fingers in all kinds of data pies.

 

  • YouTube gets 4.2 billion views each day. 48 hours of video are uploaded every minute.
  • Project Glass is a work in progress. This pair of glasses packs a camera for still and video recording and the lenses act as a screen where you can project emails, videos, maps, temperatures, and time. It is totally hands free and uses voice controls to respond to emails, send videos, get directions or make phone calls.  And they're sleek looking. I want a pair!
  • Gmail Tap replaces the default keyboard in Gmail application with 2 buttons that provide access to every letter in the alphabet using Morse code.
  • Google Wallet is an app that allows you to use your phone to make payments and purchases. No credit card numbers are revealed at the point of sale, and it's very convenient.
  • Picasa digital photo management lets you organize, edit, add effects, and share your pictures.
  • Google Earth is a wonder of the world: you can take virtual journeys to any location on, in, and around the earth. You can visit a building down the street or across the world, you can take a deep dive into the ocean, or you can take a trip to the moon.
  • Google Translate is an iPhone and Android app that translates 63 languages.
  • Google Maps gets me around town! Its web mapping service provides street maps, route planning, and travel times no matter if I'm in my car, on a bus, or walking down the street.
  • Google + is a social networking tool that strives to help users manage their attention. Its goal is to deliver the information users want to see when they want to see it.
  • DoubleClick allows companies around the world to create and manage their digital advertising.
  • Google Voice integrates all your voice mail into one location. You can tie your work number, home number, and cell number to a Google Voice number. You can control what messages get sent to what number and transcriptions of your voice mail are sent to you so you can conveniently reply with a text message.
  • Google Talk is an instant messaging utility.
  • Google News pulls from 4,500 news sites and is updated every fraction of a second.

 

So Google can collect data on where we are, what we're watching, what we're buying, what languages we're using, what we're talking about, and what images we're recording.  Google uses the data to personalize our experiences with their products, but it also collects impersonal data that is independent of our identity. Some of this anonymous data is used in their applications like Google Zeitgeist and Google Trends.

 

The infrastructure needed to store and process such huge quantities of data is large and diverse. Keeping these system up and churning takes effort and automation. For many small to medium enterprise-size environments, tools to help manage data storage and keep networks running are paramount to the success of their IT environments. The tools and processes for big data processing will become more popular as the value of big data is revealed and enterprises learn to leverage its power.

An article featured in the November issue of an online small business journal recently caught my attention. This summer, I posted here touting the importance of patching third-party software, and this article addresses a relevant scenario: "Protecting your company's online banking account from fraud."

 

The article contains a lot of best-practice security tips for small- to medium-sized businesses, many of which the author quoted from various cyber security experts. One of these tips is to keep the software patched on the computers your company uses to access its online banking sites -- and not just the operating system. That goes for third-party software as well. Left un-patched, your computers are vulnerable to infection, which allows hackers to collect valuable financial data, including your company's online banking usernames and passwords. This is particularly important since some online banking sites, like Chase.com, use Java, which is not patched by the operating system.

 

The experts go on to say that the recommendation to keep system software up to date extends beyond just the online banking terminals. Businesses need to keep all of their systems well-patched with an effective patch management software.

 

It's easy to do that for the operating system and other Microsoft products with the built-in tools in Windows. However, if you want to stay on top of the rest of the software on your computers, you'll need an additional patch management solution to bridge the gap. SolarWinds Patch Manager, is a patch management tool for example, that integrates with the free Microsoft tools and provides an extensive catalog of third-party updates for a variety of software, including Java. With automated third-party patching, this is a patch management solution with which you'll never have to worry about a user accessing an online banking site with an outdated version of Java again.

 

The IPAM DHCP Split Scope Wizard

Split scopes are used to for several reasons, either to perform load balancing between two DHCP servers, or to ensure high availability DHCP services for your network.

When you split a scope, the primary server is responsible for a certain group of IP addresses, and the secondary is responsible for the remainder. An offer delay (generally between 1000 and 5000 milliseconds) is set for the secondary server to ensure that if the primary server is unable to provide an IP address within the offer delay time, the secondary server will do so using its pool of addresses.

Scopes are usually split into one of two configurations:

  • 50/50, where half of the IP addresses are on the primary DHCP server and half are on the secondary server. This configuration is usually used for load balancing.
  • 80/20, where 80% of the IP addresses are on the primary DHCP server and only 20% are on the secondary server. This configuration is generally to ensure high availability.

 

You start with a scope01 on your primary DHCP server. Scope01 includes the entire subnet of 10.10.10.0/24 (254 IP addresses), with no exclusions. You split scope01, and name the second scope scope02 on your secondary DHCP server. You choose an 80/20 split.

Now, scope01 will still span the entire subnet, but will exclude the last 20% of the addresses in that subnet (10.10.10.204-254). Scope02 will also span the entire subnet, but will exclude the first 80% of the addresses in that subnet (10.10.10.1-203).

IPAM 3.1 now includes a Split Scope wizard that minimizes the guesswork.

Here is a quick summary of how the wizard works.

Using the DHCP Split Scope Wizard:

To open the split scope wizard, click the DHCP & DNS Management tab >> DHCP Scopes >> select a DHCP scope to be split >> click Split Scope.

Note: To perform the DHCP split scope operation, ensure you have two DHCP servers added to the IPAM.

splitscope1.png


Defining Split Scope» The split scope wizard shows you the source DHCP server selected for the split scope operation, and allows you to select the target DHCP server to where the scope and its IP addresses need to be split.

Define the Source & Target DHCP Servers for Performing Split Scope Operations.

definescope.png


Range Distribution» This step allows you to specify the percentage of IP addresses to allocate to the source and target DHCP scope servers.» You can just drag the percentage scale to set the split percentage as required. The IP addresses within the DHCP scopes will be changed accordingly to reflect the percentage split.» Or, if you have specific IP address ranges decided for both the servers, you can just enter them in the Include IP Addresses & Exclude IP Addresses text fields, and the percentage scale will be adjusted accordingly.

scopeslider.png


Once range distribution is complete, click Finish, and you will get a pop-up window confirming the successful split scope operation.


Looking Up the IP Address Split (After Performing the DHCP Split Scope Operation)» You can now go to the DHCP Servers tab and do a mouse-over on both the source and target DHCP servers and see the IP address range according to the split Looking up the IP Addresses on the DHCP Servers after the Split Scope Operation


For a more detailed steps walkthrough see: How To Perform DHCP Split Scope using SolarWinds IP Address Manager

For more info on all the new features in IP Address Manager 3.1 see:

IP Address Manager – IPAM Software from SolarWinds

VBScript 101

Posted by Bronx Dec 10, 2012

Perhaps you've read my four part series entitled, Visual Basic 101. In that series I explained how to build a specialized SAM bandwidth calculator. Granted, that series was long and in-depth, but I think it was worth it. However, I am also aware that most sysadmins don't have the luxury of a lot of free time. A four part series on VB may have been overkill, especially if you're sysadmin putting out fires constantly. Enter VBScript. Think of it as Visual Basic without the pesky API. This will be a hit and run lesson/example of how to have a VBScript start another program.


Wrapping VBScript around an executable file.

The following example demonstrates how to write a simple VBScript to open notepad.exe:

1. Open Notepad and paste the following code into a new document:

 

    Set WshShell = WScript.CreateObject("WScript.Shell")
    Dim exeName
    Dim statusCode
    exeName = "%windir%\notepad"
    statusCode = WshShell.Run (exeName, 1, true)
    MsgBox("End of Program")

 

2. Save the file as Example.vbs (manually change the extension to .vbs)

3. Double-click Example.vbs to run the program which launches Notepad.exe, then shows a message box upon closing.

 

Note: To open a program other than Notepad, change the highlighted section above to the path and program you want to execute, for example, "C:\Program Files\Mozilla Firefox\firefox.exe"


SolarWinds SAM has a Windows script monitor that can handle various programming languages, including VBScript. It may behoove you to become familiar with at least one.

 

How to Manage DHCP Servers using SolarWinds IPAM

 

SolarWinds IP Address Manager (IPAM) offers powerful and centralized management of Microsoft DHCP

services.

 

Using SolarWinds IPAM you can easily

• Add new or edit existing Microsoft DHCP servers and scopes.

• Set, update or delete reservations, reservation status and DHCP properties, including IP ranges and

exclusions

 

SolarWinds IPAM solution allows you to manage both Microsoft DHCP servers and Cisco IOS DHCP

servers.

 

Adding a DHCP Server

 

Note: All DHCP servers must already exist as nodes before IPAM can monitor them.

There are two options for

adding nodes.

• Entering nodes manually one at a time

• Using the Network Discovery Wizard to add multiple nodes.

 

Once the DHCP server is added as a node in Orion server, you can add it to the IPAM web console by clicking

IP Addresses tab >> DHCP & DNS Monitoring >> DHCP Servers >> Add New >> DHCP Server

1.png

 

This will open up the Add DHCP Server page. Now, you can choose the required DHCP server from the list of

nodes (already discovered by Network Discovery Wizard or manually added) and create or choose credentials.

Click Test, and once the test is successful, click Add DHCP Server to IPAM web console.

2.png

 

Now you have successfully add a DHCP server to IPAM. From here you can begin to Edit the Properties for each server, split scopes and assign reservations, if needed.

To learn more or see for yourself how powerful IPAM v3.1 is by test-driving our live demo or if you’re ready to take the next step, you can download a free, fully functional 30-day trial.



How’s your VoIP service going? Got jitter? Or latency issues? How about packet loss? Do you know when and why these occur? And do you know what to look for?

 

  • Jitter is when unusual timing occurs between groups of data (also known as data packets)on a network. Jitter happens when your network is really congested or when routing changes.

 

  • Latency is the amount of time a data packet takes to get from one place to another. Latency is an issue when it takes a long time for a data packet to get to its destination. Latency issues can be a problem on high-traffic networks.

 

  • Packet loss refers to data packets that don’t reach their intended destination. Like jitter and latency, packet loss can occur on very busy networks.

 

Troubleshooting VoIP Performance

 

To properly troubleshoot VoIP call quality, you need tools to monitor and measure call quality. Critical troubleshooting tools include the following:

 

  • Network monitoring tools – Network monitoring tools are non-intrusive, or passive, and can be used to examine each stream of voice traffic across the network.

 

  • Protocol analyzers – These hardware and software tools capture VoIP traffic packets and analyze VoIP call degradation issues, such as jitter.

 

  • Dedicated VoIP tools – These tools test IP phone and gateway designs. Although dedicated VoIP tools work best in a design testing capacity, they can also be used for solving network deployment issues.

 

  • Synthetic VoIP traffic generators – Synthetic VoIP traffic generators are software tools that create synthetic VoIP traffic, usually for planning network capacity so VoIP services are available when they’re most needed.

 

For more information on VoIP troubleshooting, check out SolarWinds’ VoIP Troubleshooting Resources page. This page contains links to a wealth of information on advanced VoIP troubleshooting techniques and tools, in video and whitepaper formats.

 

Active Directory (AD) tasks like enabling users and resetting passwords can get pretty monotonous, especially for busy admins. Delegating these tasks can go a long way toward making your day more productive, as well as making the tasks themselves more efficient. One way to do this is to create custom taskpad views from the Microsoft Management Console (MMC) to pass specific tasks off to others on your team. In this article, I'd like to show you how you can create a taskpad view to delegate AD tasks for a specific Organizational Unit (OU) to another user.

 

Creating a Custom Taskpad View

The following procedure requires basic knowledge about the MMC and membership to the domain for which you want to delegate the task. To read a bit about the basics of the MMC before you get started, check out my blog post, Get all of your Windows management tools in a single pane of glass.

 

To create a custom taskpad for AD tasks on a specific OU:

 

  1. Open a new MMC: Click Start > Run, and then enter mmc.exe.
  2. Click the File menu, and then click Add/Remove Snap-in.
  3. Click Active Directory Users and Computers, and then click Add.
  4. Click OK.
  5. In the left pane of the MMC, expand the domain tree until you find the OU for which you want to delegate tasks.
  6. Select the OU, and then click Action > New Taskpad View.
  7. On the Welcome screen, click Next.
  8. On the Taskpad Style screen, customize the taskpad view layout, and then click Next. For this example, I used the default settings.
  9. On the Taskpad Reuse screen, select Selected tree item, and then click Next.
  10. On the Name and Description screen, enter the name and description (optional) you want to display on the taskpad view, and then click Next. For example, enter the name of the OU.
  11. On the Success screen, leave Add new tasks to this taskpad after the wizard closes option selected, and then click Finish.
  12. Complete the New Task wizard for each task you want to add:
    1. On the Welcome screen, click Next.
    2. On the Command Type screen, select the type of command you want to add, and then click Next.
      Note: For this example, I only used Menu command; however, you can also use the Shell command option to add command-line tasks to the taskpad view.
    3. In the right pane of the Menu Command screen, select the command you want to add, and then click Next. For this example, I started with Reset Password.
      Note: The options in this pane are the same options you would see if you clicked the Actions menu for the selected object in the MMC. Different options may appear depending on the object you selected in the left pane.
    4. On the Name and Description screen, change the name or description for the command if you want, and then click Next.
    5. On the Task Icon screen, select an icon for the command, and then click Next.
    6. If you want to add another task, select When I click Finish, run this wizard again on the Success screen.
    7. Click Finish.
    8. Repeat these steps for all of the tasks you want to include in the taskpad view.
  13. Customize the view so the user sees only the menu and navigation options you want them to:
    1. Click the View menu, and then select Customize.
    2. Select or clear the options as appropriate. For this example, I cleared all of the options.
    3. Click OK.
  14. Finalize the taskpad by applying restrictions:
    1. Click the File menu, and then select Options.
    2. In the Options window, select the console mode and customization options.
    3. Click OK.
  15. Save the taskpad view to send it to the appropriate user(s):
    1. Click the File menu, and then select Save As.
    2. Enter a name for the taskpad file, and then click Save.

 

After you finish customizing your new taskpad, you should end up with something like this:

A custom taskpad view to delegate Active Directory tasks

For even more control and flexibility to manage Active Directory in your enterprise, check out DameWare Remote Support. Manage multiple Active Directory sites from a single window, and even remotely control your domain controllers when necessary with DameWare Mini Remote Control, included with every DRS installation.

 

In a previous post I explained that AES is the encryption technology that provides the best chance of keeping your data  secure and private. Even the United States' departments of intelligence use AES (with 192 or 256 bit key lengths) to encrypt ‘top secret’ digital information.

 

I want to follow-up here with a caveat on security for WiFi networks. In this case, instead of the security of transferred data, our focus is on gaining access to a wireless network despite password protection.

 

Brute-forcing Passwords

At the international Black Hat conference in 2011, German researcher Thomas Roth made available his software for cracking passwords on WPA-protected wireless networks. The software itself is of less interest than the fact Roth leveraged Amazon’s cloud computing service for 20 minutes at an estimated total cost of $5.40 to perform the crack.

 

You may say that enterprise wireless networks do not depend on WPA or WPA2 for their security and so are immune to such attacks; the threat is limited to home networks build around a wireless router.

 

Standard practice for enterprise wireless network setup is to use a network access server (NAS) with a RADIUS server as the authentication and authorization points for granting access to the network. This is where the other shoe drops with Roth’s software; massive cloud-computing power also makes it capable of cracking the MD5-hashed passwords used in the communication between the NAS and the RADIUS server.

 

Besides the usual lock-out rules on the access servers for attempts that exceed a threshold, you should also consider monitoring your access points to catch the patterns that imply persisting strategies to infiltrate your wireless network through brute-forcing.

 

 

E-Privacy (Part 2)

Posted by Bronx Dec 7, 2012

In part 1 of this series, I discussed how to keep your email and internet surfing private. In part 2 I’ll show you how to clean the tracks of your online activity from your computer, as well as some cell phone privacy tips.

 

Off Line Privacy

Okay, you’ve read part 1 and your email and internet surfing are secure. Is that enough? That depends. How much privacy do you want? If you want more, one, if not all of these tips, will be useful in ridding your box of unwanted online tracks and keeping things hidden from prying eyes:

  • Use a password to log in to your computer, and not password, qwerty, 123456. or your pet's name.
  • Lock the keyboard when you leave your computer. Windows key + L will do this. You can also have your screensaver do this for you.
  • Empty the Recycle Bin.
  • Shred files beyond recovery and wipe your free hard drive space using Privacy Eraser Pro or CCleaner.
  • Keep your sensitive files encrypted. Winzip will compress and optionally secure your files with a password.
  • Keep your sensitive files hidden:
  • Clean out the temporary files. Temporary files are countless on any given machine. Who knows what information they contain. Since they are dubbed temporary, why not remove them now? I prefer Temp File Cleaner to do the job.
  • Kill the DAT files. DAT files are data files that can contain all of your online activity. Often these files are small and hidden. Additionally, these files are not deleted when you clear your browsing cache of its history and cookies. Index.dat Analyzer will allow you to view them and then optionally remove them.
  • Immunize yourself. Spybot - Search & Destroy not only cleans malware from your computer, it also immunizes it, protecting your machine from potentially privacy compromising software.
  • Clean the registry. In addition to DAT files storing your internet activity, the registry also keeps track of things you may want to keep private. Cleaning it regularly with a registry cleaner will help protect against this vulnerability. I prefer Auslogics Registry Cleaner.
  • Clean everything at once. Both Privacy Eraser Pro and Tracks Eraser Pro do a fine job at cleaning most everything that needs to be cleaned.
  • Go to Download.com and search privacy. Programs abound to suit all of your privacy needs.

 

Cell Phone Privacy

The cell phone is now a computer. That's the bottom line. Now we need to treat it as such. If I'm not mistaken, I believe dialing *67 before you dial a number will block the Caller ID on the recipient's phone. Okay, that's old school. Let's fast forward to today:

  • Turn off the GPS. It kills your battery. Oh, it also allows Google, and anyone else you allow, to see where you are in real-time.
  • Turn the setting off that allows Google, or anyone, to track your location.
  • Turn off the photo GPS option. This option marks the time and place where each photo was taken and stores it in a hidden file.
  • Turn off the Sync feature, unless you know exactly what's going on. A lazy attitude on this can send your files to who knows where.
  • Enable a screen lock pass code or pattern.
  • Get a Google phone number. Google will give you a free phone number with voice mail that you can tether to your cell phone. With this, you never need give out your "real" phone number. You can even dial out using your new number.
  • Have an anti-theft solution in place before you need it. Try SeekDroid AntiTheft and Security.
  • Antivirus software is also a good idea. Take a look at Lookout Mobile Security.
  • You may want to change the settings of your phone to only allow those people on your contact list to call you.
  • Go to the app store and get Mr. Number. This app can unblock blocked Caller IDs, look up unknown numbers, plus a few other cool things.
  • Also, get Vaulty at the app store to hide your personal pictures.
  • Turn the thing off at night.

 

Seeing the Unseen

This is where network, application, and server monitoring comes into play. If you're a network admin and need to see the unseen, check out these gems:

 

 

We’re pleased to announce that version 8 of Mobile Admin is now available to the public.  We’ve made some great enhancements to the product that allow it to integrate seamlessly with other SolarWinds products.  Now Mobile Admin includes support for Network Performance Monitor, Server & Application Monitor, Network Configuration Manager, NetFlow Traffic Analyzer, and User Device Tracker.

 

Mobile Admin integrates with over 40 enterprise technologies allowing IT pros to complete most of the tasks they perform in a day with a mobile device.  Currently, Mobile Admin works on iOS (iPhone and iPad), Android, and BlackBerry platforms.  From Mobile Admin you can manage Active Directory and remotely access computers via SSH, Telnet, RDP, or VNC.  You can manage mail servers like Exchange and Domino and database applications like Oracle and SQL Server.  Mobile Admin integrates with Backup Exec allowing you to restore files while on the go.  And in addition to enhanced integration with SolarWinds NPM, Mobile Admin lets you manage other infrastructure monitoring tools from your mobile device like Nagios and SCCM.

 

Dan Balcauski, Product Manager for Mobile Admin, put together this great blog post about Mobile Admin 8.0 that shows how you can use Server & Application Monitor from a mobile device.  Better yet, visit the app store for your mobile device and download the client.  Then download and install the server application and try out a fully functional copy of Mobile Admin 8.0 free of charge for 14 days.

If you’ve been watching the SolarWinds Product Blog lately, you’ll know that we’ve announced some changes to our Virtualization Manager and the SIEM tool Log & Event Manager (LEM) products. While these changes aren’t monumental from a functionality standpoint, we think they can make a major difference in the way that you manage your desktop infrastructure. YES! I said DESKTOP INFRASTRUCTURE. Let me explain:

 

First, let’s talk about VMware performance monitoring tool, Virtualization Manager. Virtual Desktop Infrastructure (VDI) – or as Gartner calls it, Hosted Virtual Desktop (HVD) or Server Hosted Virtual Desktop (SHVD) – is a growing trend. Organizations do it for lots of reasons – data security, BC/DR, BYOD, etc. The fact is that the majority of organizations that deploy a VDI solution don’t realize any cost savings over their legacy client deployment. The major reason for this is that there is still a lot of infrastructure required for VDI…and there is additional virtualization software cost. Because virtual desktops become so prolific in an organization, issues like VM sprawl become even harder to manage. For example, reclaiming the resources of one orphaned virtual desktop VM doesn’t provide a huge benefit, and it takes about as much time as doing the same for a much larger server VM. However, when you are reclaiming multiple orphaned virtual desktops, the economics become more viable. The problem is that you actually have to FIND them. This is where a virtualization management tool like SolarWinds Virtualization Manager comes in. With version 5.1, released on December 4th, we are now including a VDI dashboard to help you manage your virtual desktop resources more efficiently. We’ve also changed our licensing model to charge on a ‘per socket’ basis so that environments with more VM density – like VDI environments – can derive a greater benefit.

 

Now, let’s talk security. SolarWinds Log & Event Manager has been a great asset to many organizations with its ability to quickly detect and automatically respond to issues in the IT environment through log and event consolidation and correlation. With version 5.5, we’ve made this solution easier to deploy, and we’ve also made it cost-effective for workstation deployments. The event log analyzer, new SolarWinds LEM Workstation Edition now makes it economical to deploy LEM all the way to the endpoints in your environment to enhance your client security. So, if one of your users wants to run off with some data on a USB key or install Dropbox and move confidential information into an insecure environment, LEM Workstation Edition can be configured to automatically eject the USB device or abort the software installation that would make those security risks possible.

 

So, as you can see, we’re working to help you expand the usefulness of SolarWinds tools so you can maximize your investment…and, if you’re not already a customer, don’t just take our word for it. Try the VMware monitoring tool out for free today with one of our free 30-day trials for the ideal vmware monitoring software, Virtualization Manager, or Log & Event Manager.

Looking back at the past decade, its mind boggling to see how the IT model has flipped on its head. Things that were once an exception are now the norm and ironically a lot of organizations aren’t keeping with the pace of change in datacenters and network management.

While IT teams are doing all they can to address increasing scale and complexity, data center networks remain anchored to physical devices and manual processes. This worked OK in the era of static IT, but the enormous growth of network devices in the IT space has led to data center networking discontinuity. This has resulted in significant network operation challenges. Network performance management remains a significant issue for organizations of all sizes as IT departments grapple with emerging technologies and legacy infrastructure.

What’s more concerning, is the amount of time it takes to detect a problem, determine its cause and then going to troubleshoot it. The trouble stems from lack of a robust performance management tool, followed by scalability issues, complex usability, and a lack of real-time reporting. To add more woes, the presence of legacy network performance management tools cannot keep pace with emerging technologies and trends such as virtualization which are creating new challenges for IT departments.

Some basic things you need to check in network management tools:

  • Does your NMS provide a way to proactively detect problems?
  • Does your NMS automate network mapping when new devices are added to the network?
  • Do you have visibility of your network usage?
  • Does your NMS support monitoring your wireless devices?

These networks carry business-critical services and applications, and are required to deliver high-performance while maintaining no downtime. In many cases, these challenges may force you to upgrade the network infrastructure. If this is your situation, it means that your IT management solutions exist as silos and it’s high time that you upgrade them.

Data centers should perform continuous profiling and monitoring of the end-host network stack, coupled with algorithms for classifying and correlating performance problems. Achieving network performance excellence is an essential step toward ensuring overall datacenter excellence. Accurate performance monitoring provides the only way to detect and resolve network issues.

SolarWinds helps you flip the darkness and rise with a network monitoring software. It simplifies the monitoring of your network components by providing a unified view of data center network health through a single pane of glass.

SolarWinds Network Performance Monitor software makes it easy to quickly detect, diagnose, and resolve performance issues before outages occur. It is an affordable, easy to use tool that delivers real-time views and dashboards that enable you to visually track and monitor network performance at a glance.

 

Not convinced? Feel free to try it out yourself with the free 30-day trial and let us know what you feel.



This September, the National Institute of Standards and Technology (NIST) published a public review copy of their "Guide to Enterprise Patch Management Technologies" (NIST Special Publication 800-40, Revision 3). The NIST tests and develops management and implementation strategies for US Federal IT systems, and collaborates with academic, industry, and government organizations to publish standards and recommendations for information security and threat mitigation.

 

In addition to defining patch management and discussing the implications of not implementing a patch management process or system in any organization, the NIST's guide shares some helpful recommendations regarding how to select, deploy, and measure a patch management solution in standard and diverse enterprises. Furthermore, the guide references several other publications that go into more detail about related topics that are beyond its own scope. The references include publications about securing mobile devices on enterprise networks and securing full virtualization technologies.

 

NIST Patching Strategy Recommendations

This publication goes into a nice level of detail about patch management solutions in general, including discussing some of their inherent risks and how to mitigate them. The following is a brief summary of some of the most important takeaways from its sections on patching technologies and implementation/performance metrics (sections 4 and 5, respectively).

  • Agent-based patch management technologies are generally the most capable option for patching servers and clients, especially if the enterprise supports computers that aren't always on the local network (laptops, for example). One possible downside of agent-based solutions, however, is that they might not support systems with a non-standard architecture (like appliances or full virtualization systems).
  • It's best to start small and test regularly all along the way. From initially deploying the technology, to deploying patches to clients, NIST recommends you start with a small group of target systems and test everything before you push it out to the production environment.
  • When you're ready to start measuring the impact of your patching solution, measure adoption rates first, and then move on to measuring more detailed patching statistics and business impacts as the implementation matures. Before measuring anything, though, be sure you clearly define your goals and requirements for the solution to ensure your measurements are relevant.

 

Acting on the NIST Recommendations

The publication does not go into any detail about specific patching solutions, nor does it recommend one vendor or mechanism over another. However, it's clear to me that Microsoft Windows Server Update Services (WSUS) is a great place for any organization to start in an effort to meet the NIST recommendations. WSUS is free, and it comes standard with Windows Server 2003, Windows Server 2008, and beyond. It provides the agent-based patching functionality the NIST recommends, and its approval features are conducive to small-target testing. Furthermore, WSUS provides built-in reports to measure the patching statistics once you're up and running.

 

There are a few downsides to WSUS, however. For one thing, WSUS is limited to managing patches for Microsoft products alone. For another, the native reporting available in WSUS is markedly rudimentary. For a truly comprehensive patching solution, consider extending WSUS with a third-party patch management technology like SolarWinds Patch Manager. With Patch Manager, patch management is simplified and you'll have all the capabilities of WSUS with added features that include a rich catalog of third-party patches (including Chrome, Firefox, and Java patches) and robust inventory and reporting tasks, making WSUS patch management simple and easy!

 

To keep up to date with the latest version of the publication I discussed here, along with many others in the same category, visit http://csrc.nist.gov/publications/PubsFL.html#System & Information Integrity.

 

 

E-Privacy (Part 1)

Posted by Bronx Dec 3, 2012

The average person who uses the internet via computer, tablet, or cell phone, is pretty much unaware that everything they do online is out there for the world to see. I won't argue what should and shouldn't be private and why. I'll let you use your own moral judgement. However, I will tell you how to keep your information as private as possible.

 

Is true privacy on your computer devices even possible?

That's the $64,000 question. The answer lies somewhere between yes and no. The more effort you put in, the more the needle will lean toward yes. That said, legal and technology researchers estimate that it would take about a month for internet users to read the privacy policies of all the web sites they visit in a year. (Gonna have to vote no on reading all that.)

 

Email

Now even the government wants access to your email, among other digital files. Keeping your email private is a bit tricky, but here are some tips:

  • I distinctly remember an uproar over Gmail's privacy policy when someone discovered that Google was basically saying that they can read your emails at any given time. While I'm sure Google's employees have better things to do than read your email about little Johnny's homer in the fifth, they do have programs scouring countless emails looking for keywords and phrases in an effort to target their advertising toward the content of your emails. The tip? Consider using an email service that respects your privacy. Here are a few email providers that do respect your privacy:
  • We all get junk mail and it sucks. Every time we fill out an online form we get added to some marketing list and then your email address gets sold and traded like cattle at auction. The solution? Have a disposable email account just for junk mail. (I personally have three.) Use the disposable account for everything except actual correspondence with friends and family.
  • For even less of a footprint, deploy the ol' General Petraeus trick! Create a disposable email account and give the people you want to communicate with the address and password. Create an email with what you want to say, but don't send it anywhere. Just save it to the Drafts folder. Later, another person can access that draft, delete your text, and then add their own content in the same fashion. This prevents a digital email trail because no email was actually sent and the prior text was deleted before a response was given. This can also work with Dropbox or other cloud-based folders. I would recommend encrypting everything before putting something in the cloud.

 

Web Surfing

Without protection and/or knowledge, everything you do online is visible to anyone who wants it. Following are some tips to keep your activity private:

  • Windows comes with a firewall. At the very least, ensure that it is up and running.
  • If you're using wifi, ensure you have a secured connection so other people don't jump on your network without your knowledge.
  • When surfing, use a Virtual Private Network (VPN). VPNs help shield your IP address from the outside world. These services route your data to a proxy server, where it is stripped of your IP address before it's sent on to its destination. This obscures your identity not only from web sites, but also from your internet service provider (ISP). Here are three of the more popular ones:
  • Use a proxy server via your web browser. Cocoon is an internet privacy toolbar designed for Firefox. When setting up your account, remember to use a disposable email account. To verify that the Cocoon is working, go to http://www.whatismyip.com/ before you enable Cocoon to check your current IP address. Next, enable Cocoon then check your IP address again. If all is well, your IP address should have changed after you enabled Cocoon, meaning your "internet telephone number and location" has changed.
  • Go with TOR. Tor is free software that helps you defend against network surveillance that threatens personal freedom and privacy. There are a host of free products there and I highly recommend them.
  • Use a web browser built for privacy. Try Anonymizer.
  • When using a browser be sure to:
    • Disable cookie tracking;
    • Clear your history and set it so a history is not kept;
    • Use "private mode," if available.
  • As far as social networking goes, I use thwack, anonymously. Other than that, I simply don't use the other outlets. My privacy is more important than reading about "Nancy's bad cough," and other mundane trifles.

 

In part 2 I'll discuss privacy protection for your cell phone and how to keep your computer free of files you didn't know were there.

 

Filter Blog

By date: By tag: