ad.min.i.an

I was just voting against Obama, but I am starting to re think it… I may windup voting for McCain.

But Cochran said he observed McCain engage in a physical confrontation with a Sandinista while participating in a diplomatic mission led by Sen. Bob Dole and others in the fall of 1987. Cochran, McCain - who had won election to the Senate that year - and other members of a bipartisan committee of lawmakers called the Central American Negotiations Observer Group - met with Nicaraguan President Daniel Ortega, head of the left-wing political party known as Sandinistas, about tensions in the region.

The atmosphere was tense, as the U.S. was pressing “pretty hard.” Cochran noticed a disturbance at the meeting table in a room lined with armed personnel.

“McCain was down at the end of the table and we were talking to the head of the guerilla group here at this end of the table and I don’t know what attracted my attention,” Cochran said. “But I saw some kind of quick movement at the bottom of the table and I looked down there and John had reached over and grabbed this guy by the shirt collar and had snatched him up like he was throwing him up out of the chair to tell him what he thought about him or whatever. I don’t know what he was telling him but I thought, good grief, everybody around here has got guns and we were there on a diplomatic mission. I don’t know what had happened to provoke John but he obviously got mad at the guy and he just reached over there and snatched him.”

-SunHerald.com

Again, April has been a busy month. I’ve gotten my MCSE:Security certification, MCTS in Vista and ISA, CTT+ and MCT, Deployed Exchange 2007, System Center Configuration Manger, Worked on a project team to install a Hotsite (secondary fail over for exchange, SQL, and AD), thought a class on deploying Office 2007, changed the breaks on both my cars and Finished up my Project based information systems class at UMass and made an A.

Besides that I’ve started running; I haven’t smoked in like forever. I’m looking into getting back into martial arts…as if I don’t have enough going on. Yes I’ve found time to spend with the wife…we’ve been out on a couple of dates. We’ve taken Bree to the park a few times and she made a new friend in the back yard.

I’ve been having a blast…

Wow, May has been great for me too. More certs, which is going to be a normal thing. I am looking at a couple certs that aren’t M$ and more security related for next month. I have also had the chance to help out a regional ISP. A web server, a DNS server and a file server all got pretty hosed. I was able to get them up after identifying who, what, when, where…why who knows. It’s in their hands now how to pursue the incident. I also had a really awesome experiance at a power plant.

Anyhow, nothing is slowing down — just the contrary.

/ip

That’s right folks I’ve chosen SCCM to deploy vista clients at the training center. I decided this for a few reasons least of which has to do with the fact that we are a Microsoft Training Solution Provider. I am going to be deploying this at a client in the near future and it fits what we are trying to do. I’ve used ghost in the past. Everything from the Enterprise Solution Suite to just floppy’s with a script to run Ghost off a network share. I’ve also been a fan of SMS since version 2.0 when I used it to deploy apps to about 900 workstations. I have not had the pleasure of using SCCM yet till now and its pretty intuitive. I’ve been going by the book (BDD) for my “lab” environment. I’ll post some updates on how it goes and what my struggles were. And yes I will be getting this cert in the near future as well…

/ip

This week i deployed Exchange 2007 for a client. I setup an Edge and a Hub/Client Access/Mailbox server. I deployed them pretty much in parallel. The Edge went on a locked down member server of the clients perimeter domain. The Hub/Client/Mailbox server went into the production domain. All in all it took a couple of hours. This was a new install not an upgrade so there wasn’t much to it. I found Microsoft’s approach pretty interesting and think they are making some headway by way of security. Anyhow, I suppose I will go after that cert after I finish my others…

/ip

After you enable an Edge server and configure EdgeSync the message routing changes in the exchange organization (obviously).

Outbound Messages

• User to Mailbox server
• Hub scoops it up from mailbox server and determines its heading to the internet
• Hub to Edge
• Edge uses the edgesync - sitename (internet send connector) to send to internet

Inbound messages

• Sending Server to Edge using the Default internal receive connector server name
• Edgesync-inbound to sitename connector to Hub
• Hub uses the Default Server name connector to receive
• Hub to mailbox server

Just a brief overview…for more info: Google

/ip

Zero touch installs have always fascinated me, but spending big bucks to do it isn’t always an option. I’m not out to provide away of doing this, but I am developing some ideas. Some of my posts may contain information that will not be used, but I’ve found it relevant. Providing a base profile for users can be accomplished numerous ways. This is just one of them…

Create a profile and configure it how you want it setup. Then under the Advanced tab in the System applet select User Profiles. Select the user profile you just setup and select Copy to (set the appropriate permissions) the netlogon share. Then rename the folder to Default User.

ref: 168475

If you want to setup Mandatory profiles, copy the profile in the same way to a folder called Mandatory. Rename Ntuser.dat to Ntuser.man. In AD Users and Computers select the users properties and set the Profile Path to the “Mandatory” folder.

ref: 323368

/ip

I don’t know about you, but it would be helpful for me to have computer/user accounts created in an OU instead of the default CN-Users location. Microsoft provides a solution for this, granted it’s not the best but it will do. The following commands are used to do this.

User accounts: redirusr ou=myusers,DC=corp,dc=com
Computer accounts: redircmp ou=mycomputers,DC=corp,dc=com

In mapping the computer build process for zero touch deployment this was a problem area as I use GPOs heavily. Now I can have all computer accounts created in a “staging” OU that GPOs apply too. Sure they still have to be moved, but with proper naming and maintenance scripts this also can be accomplished.

ref: Q324949

/ip

As a group project for my Project Based Information Systems class at UMass, our group chose to write on the subject of Identity Theft. We’ve tried to show that government and the private sector are struggling to reduce the threat while most of the cost and burden falls on the merchants and individuals. I will be posting each individuals portion and and the final paper here. I had the intro and it is as follows…

Imagine you wake up one morning to a phone call. The person on the other end is the HR manager for the company you just interviewed at. She informs you that they found a problem with your background check. You think to yourself — for sure that ticket last August wouldn’t cause an issue. Only to find out that it shows you’re in a federal prison on a drug trafficking charge. You’re floored and assure her that you are not in prison and certainly not for drug trafficking.

After 40 plus hours of stressful phone calls to people who you can only describe as less than helpful, you feel like you’ve been beaten with a baseball bat. Even so, you think that you’ve gotten you’re name cleared and all the fraudulent charges removed from your credit report. You vow to never be caught in this situation again. You pick up the phone, hopefully for the last time, to call a fraud alert place you’ve read some good reviews about. Finally get on the line with someone helpful.

Over the next few minutes you explain to the person on the other line what’s happened. First someone stole your mail, you didn’t think anything about it — just a slow day at USPS. It turns out that it was a drug addict that used your mail to get a fix. The dealer, with his new identity, proceeded to use your good name to launder his ill gotten gains. He even used your name when he was arrested. The person on the other end knew just what to say and for $210 dollars a year they assure you this will not happen again.

If you think this isn’t common you’re mistaken. Scenarios like this happen every day. People’s mail is stolen, cars broken into, even the retailer up the street who forgot to turn on encryption for their wireless network gets hacked. This happens to 1 out of every 30 Americans. The yearly losses for identity theft range from $48 to $56 million dollars.

Identity theft, defined by Bruce Schneier, is when a criminal collects enough personal data on the victim to impersonate him to financial institutions. Government and the private sector are struggling to reduce the threat while most of the cost and burden falls on the merchants and individuals. Identity theft, fraudulent transactions, and data breaches in the news are becoming the norm. Many financial institutions lobby congress to keep litigation from passing, because having readily available and identifying information on your clients is good for business.

This type of crime involves two issues. One is the privacy of data and the other is the how easy it is for a criminal to use this data. We’ve focused a lot of our efforts on keeping the data private and verifying if someone is who they say they are, but not on authenticating the actual transaction. Some credit card companies are starting to do this. If they see a purchase or multiple purchases that are “out of character” they flag the transactions and alert the card holder.

Many state governments are trying to provide new ways to reduce the likely hood this will happen to an individual. Seventeen states have passed “credit freeze” laws and giving harsher penalties to criminals. While these are good things, people don’t realize how often their credit is used. This can cause a very large inconvenience when you’re trying to switch cell providers for example. There is always a line between security and convenience. Often times we err on the side of convenience and that is where many of these problems arise.

A new trend coming into the public spot light are companies disclosing data breaches. This has made a lot of headway in forcing companies to secure their data. It’s also given way to new standards and regulations like PCI-DSS or Payment Card Industry Data Security Standard. This was developed by major credit card companies and is a guideline for companies. It is a security framework for companies that puts forth requirements for storage, transfer, and deletion of credit card information.

Protection against Identity Theft falls on everyones shoulders. Merchants need to find better ways of verifying people. Financial institutions need to start authenticating transactions and we need to be a little more careful with out own information. What is the final answer? That is yet to be seen, but more can be done that is for sure.

Resources:
Forbes: Solving Identity Theft
NYT: Technology and Easy Credit Give Identity Thieves an Edge

Tags: IdentityTheft, School, Paper

Hoff over at Rational Survivability brings a good point (read, duh [but most don't do]) to light — Follow the suggested security guidelines. How many times have we followed the step-by-step setup instructions, and we don’t give security a second thought. Could it be because the security guidelines are not step-by-step…who knows? If Schneier is right, and security will just become part of it…maybe a good place to start is to integrate the security into the setup and documentation. Even if the vendor doesn’t — you should.

An interesting quote on VMWare from his post.

Jon Oberheide, a researcher and PhD candidate at the University of Michigan, is releasing a proof-of-concept tool called Xensploit that lets an attacker take over the VM’s hypervisor and applications, and grab sensitive data from the live VMs.

Really?  Take over the hypervisor, eh?  Hmmmm.  That sounds super-serious!  Oh, the humanity!

I’ve got to agree…

Tags: Security, Thoughts, VMWare, Hypervisor, Xensploit, Shoutout

Wow, somedays you look forward to being over. You keep your door shut and do what have too. Even then people knock, call, email, IM, SMS, Skype…but hey that’s the gig right. Anyhow I just thought this was a good picture and wanted to drop it on the site.

It’s taken from a PS3 wallpaper for the downloadable game called PAIN. It’s a lot of fun if you haven’t tried it. Grab a beer (…is my favorite color) and catapult dude across town and see what he hits…holla.

Tags: PAIN, PS3, Image, Wallpaper, Junk