Well added a few more cards to the pack.
I think I am about ready for this exam now 🙂 so hopefully a week more and it will be behind me. Bring on ROUTE!!
Flash card update
Reply
USB Security Issues.
The US defence officials have recently released information about a security breach they suffered back in 2008.
It seems some one placed a USB flash drive in to a government computer that contained malicious code placed on it by a forigen intelligence agency. This spread to other systems and opened up the Defence network to allow data to be transferred to rogue servers.
USB seems to have become the new medium for spreading virus and malware, and to be honest its hardly a surprise. Many companies seem to react to the growing security threats by creating stronger and stronger network gateways. In many cases these become so secure and so restrictive that they prevent the staff they are designed to protect, from actual carrying out there jobs.
And then the problems really start, people start to despair at the work provided service and will carry out the downloads at home and bring them in on there USB sticks. Completely circumvention the security policies in place.
There is of course the option to restrict access to only authorised USB devices, but to actual set this up is a major headache, and a large cost is involved. Especially when the Client PC’s are spread over a number of sites and you don’t have complete and utter control over them. Also by restricting the USB devices you hit the same issue as when you lock down the firewalls. People unable to carry out there jobs effectively.
It’s surprises me the number of times a valid request from a user to run an application or run some java code, gets turned down with a “its against company security policy”, when what the help desk engineer really means is ” I don’t know what the security policy is and I don’t have the time to look in to this for you fully to see if we can help”.
When “security policies” effect the efficiency in how some one can do there work, or even worse push people to find ways around them, then there is a problem with them. Good security policies, and set ups should be invisible to the end user, they should also be implemented in such a way that when users have valid reasons that cause them to come up against them, there are clear processes of how to take it forward for quite and decisive resolution.
Losing your users confidence in this area, and they will go from helping to being the major week link in the system. Many companies seem to see there security policy as a fight against the stupidity and malicious activity of there user, shutting them out of this loop of IT. Rather the users should be a central part of the policies, when you think that a huge % of breaches are caused by user “error”, there education should be where at least some of the money that funds the security should go.
I know at home using some common sense I have managed to survive many years now with out any security issues with only a basic consumer hardware firewall (linksys), and some well known free virus software. Where as friends and family regularly hit issues despite having paid for every virus scanner under the sun.
Spending 10’s of thousands of pounds on software to block USB devices, and more on IPS scanning, and still more on you hardened firewall, you will still never cover all the bases, while giving your users the freedom they need, and as soon as they hit that wall they will look for ways around it.
Making a network secure is easy, making a secure network that is usable… That what require the skill.
DevilWAH
A day off.
Well any one who actually comes to this blog would have noticed I was away yesterday.
There was good reason for this, we had a welcome to the world party for my 3 month old daughter. Was a wonderful day, full of friends and family to hold the baby for us, so my wife and I could relax 🙂
But back to business today, got some QoS to revise tonight and have a few other bits I want to discuss.
And it doesn’t matter if no one actual reads this blog.. I was reading today that the more you talk to your self the more intelligence you are (new scientist magazine), and boy do I talk to my self. Maybe its because I am the only one who can put up with listing to me?
Any way of to do the washing up and hang the washing out, back later.
DevilWAH
Now that’s Old
Today I have not really done interesting IT stuff, but I did happen to see a artical on long lived organism.
To put this in to prespective the oldest person on recourd is a lady by the name of Jeanne Calement who passed away aged 122 in 1997. However compared to other things this is hardly being born..
Animals don’t do so well in terms of long lives, the oldest recorded tortoise is in the region of 175 years and the oldest clam was though to be around 400 at the time if its death (in a lab as it was being measured). For the real old stuff you need to look at plants and bacteria.
I am sure you have heard of the Bristlecone pines, some of which are known to be over 5000 year in age.
Clonal plants, where a single plant self clones to produce a never ending and unbroken chain of life, have been found that a several tens of thousands of years old. In these cases the original plant growth will be long dead, but they still form some impressive stats.
One in particular is an underground forest in Africa, these trees are completely buried with only the tips of there branches above the soil. Some of these clonal species are over 13,000 years.
A Honey Mushroom in eastern Oragon US is not only 2,500 years old, but is also over 8 square kilometres making it one of the largest organism alive at 605 tons.
But this pales next to Pando (meaning I spread), this is a single Quaking Aspen in Utah USA. with 47,000 stems (each looks like a single tree) connected via one gigantic root system, this single organism is thought to weight in at over 6000 tons. Estimate of age put it at between 80,000 and 1million years old. There is debate over if it is still truly one organism but what ever it is one mammoth tree..
But for the oldest single organism that is no a clone of an original and has been living continuously for its life, Bacterium are where you need to look. You will find some claims of 250 million year old bacteria, but what they mean is spores that have been in a dormant state for 99.99999% of that time, which it really cheating a bit.
But the siberian actinobacteria, that live in permafrost have been shown not only to be 500,000 years old, but also activate in DNA repair, there is even some evidence of them metobilising nutrients from there surroundings.
To think of it another way, these individual bacteria have lived in the ice covering the permafrost of Siberia, when humans first started to venture out of Africa and move across Europe to eventually spread ourselves all over the world. These permafrosts are now melting and as they do these bacteria will die…
View The Oldest Living Things in the World in a larger map
The natural world is a crazy place, maybe next time I will tell you about how it is possible for a bumble bee to fly, it puzzled scientists for years!
Enjoy the weekend
DevilWAH
Minority Report The Reality
OK not 100% there, but it’s amazing to think how far we have moved on in such a short time. When he says it will be in every PC within 5 year, I have my doubts, but with in 10 I am almost sure.
Enjoy
DevilWAH
Slip Streaming XP,
Today I was upgrading some from windows 2000 to XP, and 99% of the upgrade I was able to do over the network. The only part I needed to go out to the PC was due to the network card not getting picked up correctly. While the PC is in the building next door this is not really an issue. But the next block are on some farms a mile or so from the main site.
The system I was using to install is straight forward.
First copy the i386 folder from a windows XP CD to a network drive and make it available via a share. The users who will be running the install needs read access to this folder.
Second go in to your group policy editor and create a new policy called “upgrade XP”
Edit this policy and chose User Configuration –> Software Settings.
Right click software insulation and chose new –> package.
in the box that pops up browes to the i386 folder on the share and choses the Winnt32.msi file. Click OK.
Now when you log on to a windows 200 PC, and either the user or the PC has that GP applied to them, by going in to add/remove programs and then clicking Add new Programs, you will see the upgrade to XP insulation.
But as I said the big problem is the default XP CD does not have many network drivers and many PC’s although will run the upgrade will not be able to connect to the network, requiring a you to visit the PC’s with a pen-drive and a copy of the correct drivers.
Many years ago I remember slip streaming office on to an XP CD, and I remember at the time it was a right pain and took me for ever to get it working, requiring manually editing config files and many attempts before I got it to run. But knowing that slipstreaming drivers is possible I thought I would take a look at how things are now.
All I can say is Nlite, This tool has come on massively and even tough it has not been in active development for a while now, it still does every thing you need. Where are before slipstreaming was copy this there, edit this file, run this, copy that back there……
Now the process is simple.
Install nlite.
Copy your XP insulation CD in to a folder on the hard drive.
Run nlite and point it to the folder.
Chose what you want t0 add/remove, drivers, packages, set up default settings…
Decided if you want to build the boot-able ISO image
Click GO.
Nlite
And its all done for you…
If you still do install from disk and you find your self having to do the same tidy ups after every install, slipstreaming is a great method to automate the process.
Now I can upgrade the PC’s remotely and they pop back on to the network after a reboot to let me complete the upgrade, going to save a few miles of travel 🙂
Old but still useful.
DevilWAH
Lunch Time Break
Another good site for taking your mind of work at lunch is
The author keeps it consistently updated and it is full of interesting and humorous posts.
Enjoy,
DevilWAH
The Peculiar case of the missing bandwidth.
Where I work we have a slightly strange network set up, as an agency of the government we run under what is knows as the GSI (government secure internet). What this means in practice is that our main site + the 16 or so regional sites have there WAN routers managed by a central government IT centre, and all traffic to the outside world has to pass through there systems. This in its self causes no end of issues in terms of restrictions such as no VPN access and no FTP allowed. But leaving that aside it does mean we sit behind a very secure gateway. All you really need to understand is that we have “10mbs” full duplex fibre as our primary link of the main site, through which both internet and WAN traffic is routed. Oh and of course we have no access to the WAN router to see what is going on.
Well last Friday, the network grinds to a screeching halt.. What was a 20msec latency link to the regional sites has now become 4000msec (yep that’s right 4 seconds!!). As I say no access to the WAN router but from out 4506 that connects to it I can see the link to it is looking fine. So nothing for it but to call the service provider, after a short chat they agree that traffic has dropped and latency has shot up and start looking in to it for me.
A few hours pass (well 3 days to be more correct during which time we have moved over to the 4 mbs backup link) and they finally come back saying that the link seems to have dropped and the most data they can push through it is 1.6mbs, and they think it is a routing issue on our sites subnet as latency to the outside address of the router seems fine.
Now at this point my mine is saying 1.6mbs??? hmmm why does that number sound familiar, may be if they measured it a bit more accurately they would find it was actually 1.54mbs which of course is a T1 link speed. Which suggests to me either some one added a bandwidth policy along the link or the route had changed to pass across a T1 link. But no “defiantly not!!”, I am told with absolutely certainty that no changes have been made to the configuration and some one will attend site to test it out.
Following day the service provider has an engineer on site, after hours of testing the local loop section on the fibre can’t find anything wrong signal strength is perfect and router on site has low latency to next hop. After hours on the phone and a few more suggestions from me that 1.6mbs suggests a T1 link some where along the line. I am told again there have been no changed to the configure or routes, but he say he will call head office and have them check the configs. He come of the phone and says he will try one last test… And what do you know the Link is suddenly back working, latency’s dropped back to the 20msec region and pushing about 9mb of data across the link.
So what did they change? “Nothing”, all they did was set a 10mbsec bandwidth policy on one of the interfaces along the router… So why did it drop in the first place “no idea, some times these things happen”. Hold on so they are telling me they changed nothing, the link just stopped working on its own, and where as it had worked fine for the last 4 years with out the policy configured, it now just happens that adding it has solved the issue??
Forgive me for feeling that someone made a cock up, and had to fix it in a hurry, and I have not been told the full story.
So great after 4 days all back up and working. Or is it? For a long time now I have been suggesting that we don’t have the 10mbs full duplex link we have been paying for. In tests I have never been able to get more than 9mbs total throughput. As I push the outgoing traffic if pulls the incoming down. (Of course as I said I don’t have access to the routers so all I can do is push traffic from our devices at either end). But one of the engineers mentioned in passing that our link was 2 X 4.5mbs??? Which is exactly 9mbs which is what my test show… So not only did they muck up the link for 4 days but for the last 4 years they have not been providing the service we pay for!!
Not really impressed with them over the last week (not that I have been overly impressed with them before, although a few members of there staff I have to say have been very helpful to me over the years), but maybe some thing good will come out of it and I will have the full 10mbs full duplex link promised.
It is also quite nice in the sense that I informed management and the service providers of my consern’s about the link speed, about 2 years ago when I first really had reason to look at it. All of who dismissed me, and told me it was a 10mbs full duplex and that I was only seeing 9mbs due to the type and volume of traffic. So I would be laying if I said I didn’t slip the “as I told you 3 years ago” in to my report to management this time round. 🙂
I still can’t believe that no one can hold there hands up though and tell us what really happened last Friday. This is where network device management accounting comes in handy, can’t even log on to my devices, let alone update config with out it getting logged. It’s not just I like to spy on people, but if all changes are logged on the syslog server, then if some one does make a change, and the next day when they are off it all falls apart. I can view the last 24 hours, 3 days, etc, of changes at a glance and see what has happened. No need for them to remember to document every change they make, that’s all done for them.
Well I wait to see what come of this episode. But after this I not sure I will ever trust a service provider again.
laters all
DevilWAH
TED Ideas Worth Spreading
I have had this site in my book marks for ages, but only today have I had a proper look in to it. IT is a non profit organisation who have got together with many world leaders in the fields of science, technology, politics, business and more to produce hundreds of short videos on there chosen field. (How about learn what the higgs boson partical is in 10 minutes, as well as see the ultimate formula that describes the whole universe written on a single page here! I do like my physic)
Defiantly a good site for the lunch time bookmarks.
Enjoy
DevilWAH
I had to come bacck and post this video from the site.
The Beauty of data Visualisation
And for thoses of you interested in news then you might like this page, this one kind of leads on from the video above.
The Four Classes of Socity
Time from some light entertainment… Which class are you?
I am a Geek
One of four titles used to classify someone based on their technical and social skills. The other three titles are nerd, dork, and normie. The difference between the four titles can be easily shown in table form:
| Title | Tec Skills | Social Skills |
| Nomie | No | Yes |
| Geek | Yes | Yes |
| Nerd | Yes | No |
| Dork | No | No |
Normie: A normal person. Blah.
Geek: An outwardly normal person who has taken the time to learn technical skills. Geeks have as normal a social life as anyone, and usually the only way to tell if someone is a geek is if they inform you of their skills.
Nerd: A socially awkward person who has learned technical skills due to the spare time they enjoy from being generally neglected. Their technical knowledge then leads normies to neglect them even further, leading to more development of their technical skills, more neglection, etc. This vicious cycle drives them even more into social oblivion.
Dork: A person who, although also socially awkward, doesn’t have the intelligence to fill the void with technical pursuits, like a nerd, and is forced to do mindless activities. Almost always alone. Usually with an XBox. Like playing Halo. All day. Every day. Not even understanding how the Xbox is making the pretty pictures on the screen. Very sad.
(Now forgive me I forget where I picked this up, But if any one knows the original author please let me know so I can give credit where it is due. )