Diary of a Network Geek

No, this is not a post about sexual performance.
Pervs.

I use my iPhone for a surprising variety of things, even at the office.  For around $14, I threw together a suite of network scanning and testing tools that let me get a pretty good look at any network I manage.  But, that’s another post.
Today, I thought I’d bring to your attention a great blog post by Nicholas M. Petty tittled “iPen: Hacking with the iDevice“.  What he’s got is a set of instructions and tools for turning your iPhone, or, presumably, your iPad, into hand-held computer security penetration testing tool.  Yeah, I know, it still sounds dirty when you say “penetration”.  Grow up.

If you’re into security, whether you own an iPhone or not, it’s worth going to take a look at just to see the thought process and methodology.
Now, as much as I love this idea, I probably won’t actually do it myself because the first step is to “jailbreak” your phone and, frankly, as tight as money is and as important as my phone is to me, I can’t afford to have problems with it.  Still, it is an interesting idea, especially considering how many of these little devices are wandering loose out there and how many wifi access point exist out in the world.  I often wonder how secure any of them really are, especially in corporate environments.

Anyway, this should be something for network managers to think about the next time they see someone in the lobby of their building “playing a game” on their iPhone!

Pardon the pun, but I hope it got your attention.

If you’re like most people who read this blog, you probably have at least one laptop.  Now, it may run Windows or Mac or even Linux, but, you likely have one and you wonder what might happen if it gets stolen.  Wonder no more.

Now, there’s free, Open Source software called Prey, hence the pun, that will track your stolen laptop.

This is only of interest to people who have webservers, but it’s worth writing about.

According to TechRepublic, QualsysGuard Malware Detection is letting you scan your webservers for free.
You have to be able to verify the domain with an e-mail address, so it really is for serious folks who actually have a webserver and verifiable e-mail, but it is free.  No word on how long it will be free, but, for the moment, it is, so go get it!

So, I’ve been thinking about getting yet another professional certification.

I’ve been a Certified Novell Engineer for about fifteen years now.  In fact, I upgraded that cert three times after initially certifying back in 1993.  In 2003, I got the CompTIA Linux+ certification.  All at more or less my own expense.  Now, I haven’t heard anything about Novell updating their certification requirements lately, but I suppose it might happen one day.  I don’t think I’ll pay to re-up that cert, though.  I haven’t really used Novell in any significant sense for about five years now, so there’s not much point in maintaining it.
The lack of continuing education requirement is one of the things I liked about getting the CompTIA Linux+ certification.  One test, one cert, for life.  It seemed like a good idea to me, a good investment.  About the time I ended up getting divorced, I gave up on studying for the CompTIA Security+ certification.  There seemed plenty of time.  Well, as it turns out, there may not be after all.

Earlier this year, CompTIA announced that there would be continuing education requirements for several of their certifications.  Well, the great mass of IT professionals raised such a hue and cry about it that they modified that stance somewhat.  We not have until the end of this year to get the certifications if we want to escape the re-up requirements.  That goes for the A+, the Network+ and, yes, the Security+ certifications.
So, it looks like I’ll be buying the Exam Cram Security+ book and, probably, investing in the SelfTest Software pre-exam study software, too.  It’s not that big an investment monetarily, but I suspect it will be a little more difficult to knuckle down and study to take the test.  I haven’t worked at that sort of thing for quite some time now, and I’m almost afraid I’ve forgotten how!

Of course, the real question is, in a way, whether or not it’s even worth getting the certification at all.  I mean, it just sucks me even deeper into the bottomless pit that is the IT profession.  It’s a never-ending treadmill of oppressive hours and thankless work that few people truly appreciate.  Of course, it does pay pretty well.  And, it does beat digging ditches.  Most days.
Naturally, my hope is that the Security+ certification will make me more marketable in the long-term, should something happen to my current job.  Not that I think that’s likely, but still, it never hurts to be prepared.  And, frankly, security is going to continue to be a big issue going forward, so getting this particular certification surely can’t hurt my resume any.

Over all, the investment is small for the potential return.  And, it will probably do me good to stretch my poor, feeble, little mind to work at something like this again.
Besides, I may know a beautiful, young college student or two who could help me study.
Stranger things have happened!

What?  Doesn’t every one run servers at home?

Okay, so maybe not everyone does, but some of us hard-core geeks do.  And, some of those hard-core geeks are Lifehackers, too.  Thanks to that group of obsessed efficiency geeks, I can bring you a link to the Lifehacker Best Home Server software packages.  I can’t say that I’ve really worked with any of these, so I can’t chime in on which is best, but certainly the Lifehackers have done their research and left their comments.  If you’ve been thinking about setting up server for the family, this would be a good place to start.

And, if you want to add a DIY firewall, try hitting this article on TechRepublic about setting up a free pfSense firewall.  It’s Linux based, but I can’t vouch for it.  The author seemed to think a lot of it, though, so I’d be interested in what anyone thinks of it.  If you try it, give me a shout and we can talk about doing a guest post/review.

I saw this article on Boing Boing last week about a guy who’d made a fake DHS Photographer’s License.

At first, it seemed like a great idea.  Right up until I started thinking about the penalties for producing false identification for a police officer.  Not good.  But, I was put in mind of two things that are substantially more useful.

First there’s Bert  P. Krages’ Photographer’s Rights Flier.  Now, keep in mind that I am not a lawyer, and I’m not clear on just how far this can be pushed, but, if I’m taking pictures in a public place of people who have no reasonable expectation of privacy, it should be legal.  Luckily, I don’t have to work that stuff out for myself, though, because the author of the flier is, in fact, a lawyer and a photographer and he’s done a bit of research into this.  He’s also the author of the Legal Handbook for Photographers.  Mostly, if I’m taking pictures from a public space of non-classified areas, it’s pretty much okay.  I’m not sure I’d try to take photos of the C.I.A. Headquarters in Langley, even from a public area, for instance, but, I think you get the idea.

But, I know that having a badge of some kid often makes minimum wage rent-a-cops feel better, so, secondly, there’s the BigHugeLabs Badge Maker.  This would let you make a semi-official looking badge or ID to wear and seem like more than just a hobbyist photographer to slide past most of the low-end yahoos.  Probably wouldn’t do much with a real police officer, but, how often do you really see them these days?  Honestly, I think I see cops at the local theater more than I do anywhere else!  And that one is a dork riding a Segway!  (Okay, actually, in the town I live, surrounded by Houston, I see our police officers all the time, but they’re really nice to me because I’m a resident.)

Also, as a follow-up, if you live in New York, read this article at the New York Post: Shutterbugged.  Then, go to Craphound, Cory Doctorow’s website and download this JPG copy of the New York City Police Department’s operating orders about photographers.  Everybody else, though, should be covered with the other stuff.
Good luck and enjoy!

This is a quick and clever idea!

Okay, so you remember a week ago the Internet was supposed to melt because of all the problems with this Conficker worm? Did you even notice anything amiss at all? Yeah, me neither.
But, still, if you’re like me, you stay awake at night worrying about all the potential worms and virii that might be sitting on your computer, waiting silently, hiding from the security software that you most certainly keep updated, waiting until your guard is down to pounce! Well, okay, maybe it’s just the full-time, professional geeks like me that worry about that. And, yeah, maybe I worry about it happening on my work network more than I do at home, but, still, you get my point. So, how can you know? Well, thanks to Lifehacker, I bring you the Conficker “Eye Chart”.

The principal is simple, really. Conficker blocks access to several security sites so you can’t download updates or removal tools that would clean it from your system. The Eye Chart simply links to graphics from those sites, and several others as a control set. So, if you can’t see images from the security sites, you know that you most likely have Conficker and have to get the removal tool from somewhere else to clean your system. Pretty neat idea, I think. So, go ahead and click the link to the Conficker “Eye Chart” and check for yourself.

Now, if you do have it, I suggest going to either the Microsoft page about Conficker and its removal, or download the Symantec removal tool from another PC and then take that to your infected PC via a USB drive and run it. Though, to be honest, I think the whole thing was blown out of proportion by a few alarmists in the media. (Though not Houston’s Dwight Silverman, I might note! Which is one of the reasons I follow his blog!)

Are you worried about this?

So, this whole “the Internet is going to melt and your computer is going to explode on April 1” thing has really reached a fever pitch. Are you worried? Should you be? Look, I know that 60 Minutes did a thing about it, but, honestly, I think it’s mostly been blown out of proportion. For one thing, it takes advantage of an old, well-known flaw in Windows that was patched back in October, which was months before this worm got out into the wild. So, if you’ve been doing your updates like you should, chances are that you’ll be fine. And, if you haven’t, well, thanks to a couple of security researchers, there are some tools to take care of the problem.

So, if you haven’t done it yet, update your antivirus programs. And, then do your Windows updates. The rest should pretty well take care of itself.
Oh, also? Don’t open e-mail from strange people, especially if the name on the e-mail sounds a little off. Don’t go to shady or sleazy websites, either. Those warez sites all are just as likely to have infected programs as they are “legitimately” pirated ones. So, just don’t use them.

As usual, the press are making a really big deal about this, but most people probably won’t be effected. Just do your updates like you’re supposed to and don’t break the law, no matter how you feel about copyright and software prices.

So, uh, stay calm and carry on.

Advice from your Uncle Jim:
"It is never too late to be what you might have been."
   --George Elliot

“If you’re reading this, I must already be dead…”

No, I’m not actually dead, something which no doubt has disappointed a number of people, including my ex-wife. However, as a single man with few attachments, it does occur to me that I could go missing for several days before anyone thought to look for me. What’s more, I can think of several people who wouldn’t be too broken up over my untimely demise. Besides my ex-wife, I mean.

So, what to do? We live in a modern age filled with technology and wonder, but also, a few modern problems. If I were to die unexpectedly, there are certain bits of information that it might be nice to pass on to the right folks. Things like security passwords and bank access information and the like. You know, all those clever logins and sign ons and “super sekret” passwords that we all have accumulating like so much karmic sedimentary rock in our oh, so very modern lives. These aren’t things I want just anyone to have, nor do I necessarily want anyone to have them just yet. For that matter, there may be things I want gone, too. Files that would be better deleted than passed on to scar loved ones and that sort of thing. So, again, what to do?

Well, someone has started a service called Death Switch. This is a service that gives you a login to an automated system which prompts you for a password on a regular schedule. If you don’t enter the password on schedule, it sends several addition, emergency-level queries to you and, if those go unanswered, fires off e-mail to the recipient of your choice. If you pay for an account, you can attach files and send the e-mail to multiple recipients.
Naturally, being the cheapskate that I am, I searched around a bit for other services. I mean, if I’m loose with what little money I have left, I won’t have much to leave behind, outside of a brilliant library and a fascinating personal journal. (Remember, kids, the juiciest bits of my life don’t really make it into this blog!) Well, what I found was another, free, service calling itself Dead Man’s Switch. Naturally, the service is somewhat more limited, but, again, it’s free. Oh, and I would assume that the level of security is somewhat less, too. Hey, you get what you pay for.

The only thing is, neither of these address the problem of files on a hard drive. Well, I have an answer for that, too. Now, this option is a little more “do-it-yourself” as it’s no longer supported by the author, but it does have the bonus of running right on your computer. Well, your Windows computer. Sorry, this is a Windows-only solution. The bit of freeware is called, not surprisingly, Dead Man’s Switch, though it was most often referred to as “DMS“. You can still download it for free from PC World, though and install it. I used it for quite some time when I was working someplace I didn’t trust. You see, this little doosie can be set to encrypt files, too. So, for instance, if you’re not dead, but you’ve been suddenly let go from a consulting gig, you can set this to run on your workstation and encrypt your files which you were forced to leave behind. Oh, sure, it may not be ethical, but, well, at least you know it can be done.

So, rest easy now, dear readers, and know that I can e-mail postings to this blog should the unthinkable happen. Hell, for all you know, it may have happened already and these posts are all just a sendmail shell script. With the Network Geek, almost anything is possible.
See you on the other side!

Advice from your Uncle Jim:
"If we only wanted to be happy, it would be easy; but we want to be happier than other people, which is almost always difficult, since we think them happier than they are."
   --Montesquieu

It’s vital to good server management to maintain a change control log.

Really, it’s best for everything in an IT department to keep a good set of change control logs, but most of us don’t do it. Well, a great little blog called Ask The Admin has an article on the Importance of Change Management Record Keeping that is a “must read” for anyone who has to keep track of more than one system.

Now, I have to admit, I don’t do a great job of maintaining documentation myself, but that’s not such a big deal since I’m a one-stop IT shop. However, if something should happen to me, it would make things better, and easier, for the next poor schmuck who has to take over. Mostly, when I get somewhere new, I’m confronted with a jungle of systems and armed with little more than a password. Sometimes, it’s not even the admin password. When I leave, though, I always try to leave behind updated, accurate, useful documentation. My desk may be a mess, but my documentation is at least usable.
The first guy I used to work for always would ask me what I’d do if he were trapped under a rock. Check the documentation was often the first thing. So, I learned, whenever possible, leave good documentation for the next guy.

Think of it as the Golden Rule of Documentation; Document for others what you would have them document for you.
In any case, read the article. Then go forth and sin no more.