KnowtheNetwork.com

The moral of this story is that if you are experiencing performance issues on a server yelling will only make things worse.

This is a short late night post that will be expanded into a more comprehensive paper, however, due to the extremely nasty nature of some of the viruses in the wild today I wanted to give a quick intro on how to clean an infected PC.

1. Boot to safe mode, then open msconfig (via Start->Run). Open the services tab, check the box to hide all MS services, then disable all remaining services. Open the startup tab and uncheck anything that seems suspicious. Look at filenames and file locations. Anything weird in the C:\windows\system32 directory or the All Users directory should be noted and unchecked.

2. Download the following apps to regain control and clean the spyware. Combofix, Malwarebytes, Process Explorer, Autoruns, Hijackthis, and cCleaner.

3. Unplug any internet connection.

4. Boot into normal mode and be ready to kill any rogue processes and apps via Process Explorer. (IMPORTANT: Disable System Restore. I find this works best if you first reduce the HD space for System Restore to the bare minimum and then disable it. This dumps most of the system restore points.)If you can get control run cCleaner to kill all temp files. Then run Combofix/Malware bytes. (IMPORTANT: Many of the latest viruses are aware of the power of these tools and block the executable by name. Try renaming the exe file prior to running the file). Let the cleaners completely finish.

5. Once you have a relatively stable system you want to install a full Antivirus or Antispyware product, update definitions, and run a full scan of the hard drive. You want to also run Windows Updates and apply ALL of the latest security updates. Ensure your web browser is fully updated and for good measure use Secunia’s Personal Software Inspector to identify any other insecure applications.

Like I said this is by no means complete but in the ongoing fight against malware I wanted to give you an overview of How to clean an infected machine. I welcome your tips and ideas.

As often as I rail against the ridiculous actions of our government it is ultimately the fault of a voting public that is more informed about the latest Lil Wayne lyrics than the actions of their elected representatives. (It bears mentioning that a cursory knowledge of history and economics can be quite handy as well.)

So as a public service here is a list of 5 websites to educate yourself and become a more informed citizen. I highly suggest you Bookmark and Subscribe so that you aren’t surprised when your rights are regulated into oblivion.

1. Govtrack.us – This is the best of the best. You can track specific members of congress, committees, issues, and the progress of individual bills. In addition to offering excellent email and RSS updates for your tracked items it is also the best source for bill information.

2. OpenCongress.org – OpenCongress offers the same tracking features as Govtrack.us (their data is actually provided by Govtrack) but they have added commentary and news coverage to provide a more comprehensive picture of the state of legislation. Check out their Hot Bills page for a start.

3. FedSpending.org – This site details the fiscal spending of the federal government. Don’t expect to be encouraged by their data but you should know where your tax dollars are being spent. To begin choose the contract database and then select your home state to see the amount of money that your state has been awarded in contracts and who it has been awarded to. Where else could you find that General Dynamics was awarded $179M in contracts?

4. VoteSmart.org – The elected official information clearinghouse. Bios, voting records, and committee seats are all found through this bipartisan project.

5. OpenSecrets.org – An amazing resource to gain insight on the bedfellows of money and politics. Discover the top corporate contributors to a candidate or see their which lobbying groups have spent the most for a candidate. You can spend hours digging through the wealth of information at OpenSecrets.

Whenever the people are well-informed, they can be trusted with their own government. — Thomas Jefferson (sadly the inverse is also very true).

I insert very little of my personal life into KnowtheNetwork.com but I’m making an exception for this post.

My wife and I leave for NYC tomorrow and we are ecstatic. It’s always been a dream of ours to spend Christmas in New York City and that’s exactly what we are doing this year. I’ve been to New York City several times on business but I’ve never had the pleasure of being a tourist. There won’t be many technical posts here until after we return but if you follow my twitter stream you’re sure to see updates from our trip.

If you have any tips or advice feel free to pass them along via email (tsudohnimh at Gmail) or twitter.

I’d like to wish you a Merry Christmas. May God bless you and keep you as we celebrate the greatest gift of all, the gift of a Savior, Jesus Christ.

Merry Christmas

But the angel said to them, “Do not be afraid. I bring you good news of great joy that will be for all the people. Today in the town of David a Savior has been born to you; he is Christ the Lord Luke 2:10-11

If you install Symantec Endpoint Protection and you use the Google Chrome browser you are likely to see the following error.

"The Application Failed to Initialize properly (0xc0000005). Click on OK to terminate the application"

If you get this error there is a simple fix. Right Click the Google Chrome Shortcut and select properties, in the Target field add " –no-sandbox"  (w/ out quotes) just behind the …\chrome.exe

Click Ok to save the changes and then Chrome should open. Fix found via Google Code Discussion.

The official Google blog announced that their Google Maps Streetview feature has just received a massive update. Their United States coverage has more than doubled. To get an idea of the scale of the coverage increase check out the before and after.

I dig Streetview and I’m glad to see the coverage expanded. You can find information about their other updates in their original announcement. Including info on international coverage, National Park Coverage, and API features.

If you are a Googlephile or just a fan you should consider joining the Friendfeed Room “All Things Google”. It’s a great room for an insiders view of Google. Thanks to Atul Arora for posting this to the room.

I just wanted to highlight a few minor changes at KnowtheNetwork.com’s homepage.

1. I’ve added a widget for my sharp edged bulletin blog FLASH TRAFFIC. I post there very frequently and I think you’ll get a kick out of it. You can visit FLASH traffic on the web, subscribe via RSS, and if you want you can add the widget to your site as well.

2. I’ve removed the friendfeed widget. I’m still a major fan of friendfeed but I’m not sure the widget is serving a large purpose on the blog. It’s been replaced with simple image links to friendfeed and twitter.

3. I’ve migrated our search functions over to lijit b/c I like their service and I’ve changed the category listing to a “cloud” format.

Anyways, just thought I’d let you know.

I’m all about community and I’ve got some great friends that you should check out. Therefore, I’ve added a sidebar section entitled, "Sites I Follow". The list contains blogs and websites that I regularly read. However, it is a special list because all of these sites are written by good friends of mine and I want to take a moment and introduce them.

Changeforge.com by Ken Stewart - Changeforge is accurately described as the place where business and technology collide. Seldom will you find someone with great technical chops, savvy business instincts, and the talent for good writing but Ken exhibits all three through Changeforge.com

RefusetoSuffer.com by Suffer - RefusetoSuffer is the brainchild of a colleague of mine. He started developing utilities for our use to make our lives as Network Engineers easier. The tools are so good he had to open them to the outside world. He’s always looking for good ideas so visit RefusetoSuffer.com and improve your life as a NetAdmin.

Security Socialbility by SecurityBarbie - Security Socialbility is a perfect mashup of SecBarbie’s tech passions, Security & Social Technology. I got to meet SecBarbie at BlackHat this past summer (thanks to Twitter) and I’m proud to call her a friend. The blog is still young but you can see by the content it is absolutely worth following

IronGeek by Irongeek - Let it be said. Irongeek is the man. From apps and reviews to videos and tutorials Irongeek is the one-stop-shop for Security geeks. His videos are so informative that you will see them in the Certified Pen Tester training. Irongeek is a really nice guy and a true character. (If you ever meet him at a hackercon ask him about his campaign for confunk awareness.) Inform yourself at Irongeek.com

I hope you enjoy their content as much as I have. Thanks for reading.

I love RSS and I often use Yahoo! pipes to help filter and manage some of my feeds. Since I find these useful I thought I’d share a list of My Yahoo! Pipes.

US-Cert Combined Pipe (RSS) - This pipe combines the US-Cert summary and alert feeds.

SearchSecurity.com Combined Pipe (RSS) - This pipe combines 4 of the feeds from SearchSecurity.com

SearchNetworking.com Combined (RSS) - This pipe combines the 2 feeds from SearchNetworking.com

Townhall Best of (RSS) - This pipe combines the articles from the best writers at the Op Ed warehouse of Townhall.com (Sowell,Parker,Greenberg etc…)

Wired Unique Pipe (RSS) - This pipe combines 4 feeds from Wired.com and filters for unique content.

Yahoo Pipes is an amazing resource and I’ve only scratched the surface. If you are new to Y! Pipes start by browsing the most Popular Pipes or create your own from the Pipe Tutorials.

Over the past year I’ve become a big proponent of using Layer 3 (L3) routing protocols within large LAN networks. There are several benefits to using routing protocols at the LAN level but the driving force behind my support of L3 in the LAN is to mitigate Layer 2 (L2) security attacks. (For more information on L2 attacks see Sean Covery’s 2002 BlackHat presentation .pdf) There are a host of L2 attacks that build off the inherent insecurity of the ARP protocol and the ease of spoofing MAC addresses. Admittedly there are other ways to prevent most of these attacks but they are often cumbersome and require a good deal of administrative overhead (read man hours). Layer 3 routing within the LAN is not complex and if you are running a multi tier LAN you should consider implementing Layer 3 routing throughout.

One of the most common L3 protocols used within LANs is OSPF (RFC 2328) and Petri.co.il has a dead simple intro to OSPF. The article briefly covers the need-to-know info of OSPF as well as some of the benefits and features. The final portion covers the configuration commands to implement the protocol in Cisco IOS.

Router (config-if)# bandwidth XX
Router (config)# router ospf {process-ID#}
Router (config-router)# network {X.X.X.X} {Y.Y.Y.Y} area {z}

Obviously there is much more to OSPF than just these 3 commands but I’m hoping this lowers the barrier to entry and you might consider the benefits of using an L3 protocol within your LAN.

The Cisco Documentation for OSPF can be found here and the HP Procurve documentation can be found here (.pdf).

I’m planning on doing a much larger presentation concerning Network Design and Security Practices and you can bet L3 will be a large part of the recommendation. The other half? The nightmare of xTP protocols. Stay Tuned.

LifeHacker has a great post highlighting some excellent applications that deserve your attention. I strongly agree with some of his recommendations and I wanted to take this opportunity to bring them to your attention.

1.) Ubiquity (Firefox Extension) - Ubiquity is one of the best Firefox extensions available. I gave it high praise when it was first announced and it is still on of my best tools. It allows you to interact with different websites without actually visiting the site. (Like Google mapping an address). It is still in protoype phase and they still have some kinks to work out but it is already worth having.

2.) Picasa - I’m amazed out how many people are still unaware of this wonderful photo editor/manager. Picasa 3 was released this year with some nifty improvements and it continues to be my primary photo application. I love the author comment, “Picasa’s the software you want to install on your parents’ computer over the holidays so they can make a photo-mosaic of the grandkids.”

3.) VLC Media Player - I had abandoned VLC a little over a year ago due to some video playback stuttering and so when they released the latest version I was anxious to give it a try. VLC is back with a vengenance. The UI is better, the performance is better, and as always no codecs and it plays pretty much every AV file in the universe. VLC is the only Media Player you need. Download it today.

4.) Evernote - Evernote is the best ways to capture ideas/notes/pics/ramblings I’ve ever discovered. It syncs across mulptiple platforms (PC/Mac/WWW/Mobile) and it is just too easy to use. Admittedly I was slow in finding the right way to use Evernote but once I discovered its power it is one of my essential apps. (PS: if you do lots of screenshots you need Evernote) Did I mention is was FREE?

5.) OpenOffice - Seriously why aren’t you using OpenOffice? Their latest version has really improved performance and I’ve found OO Writer to be more intuitive and better at outlines than MS Word. Honestly are you using $300 dollars worth of office? For a different perspective see how you could save $15,000 by using the 80/20 rule in your organization.

The article also mentions Songbird, an open source music player and library manager. I’ve been tempted to try Songbird for quite sometime but I’m tethered to iTunes. Have you used Songbird? If so I’d love to hear about your experiences. What do you use for music library management?

For more info check out the article, “Best of 2008: Most Underhyped Apps of 2008“.

I love Open Source applications and this is a wonderful list from the folks at DownloadSquad.com

“24 Great Open Source Apps for Admins”

I’ll hit the highlights of the list by sharing my favorites and identifying some of the most promising that I’ve yet to try.

My favorites from this list.

JkDefrag - The absolute best defrag in the world. See my tools page for an auto-installer.

InfraRecorder - great CD/DVD burning solution (portable and installer available)

PuTTY - a wonderful telnet and SSH client

7-zip - Handles zip/rar files like a champ. Makes Winzip obsolete

DBAN - When you need to wipe a HD this is all you need.

Promising Apps I’ve yet to try

NTRegEdit - Registry Editor with color coding, better searching, and quick editing

Vispa & Xpy - Tweak XP or Vista by turning off unwanted services and features.

HealthMonitor -  Monitor HD, RAM, Services, Events and supports SMS/Email notification of problems.

For the full list visit “24 Great Open Source Apps for Admins“. If you try any of these apps please let me hear about your experiences.

This is a simple but very useful tip for making downloads easier in Firefox.

Add the downloads icon to your firefox toolbar. Then when you are ready to download a file just drag the file onto the icon and presto Download begins. How easy is that?

To add the icon to your toolbar just right-click the toolbar and click customize to find the icon.

I found this tip via a great blog Firefox Facts. If you are a Firefox junky you should really check them out.

TechRadar.com has a great post on modifying Firefox to achieve maximum performance. Personally I don’t implement all of their recommendations but several of the tweaks are really useful. Here is my subset of their list.

1.) Enable Pipelining: Type about:config in the address bar, double-click network.http.pipelining and network.http.proxy.pipelining so their values are set to true, then double-click network.http.pipelining.maxrequests and set this to 8.

2.) Render pages Quicker: Type about:config and press [Enter], then right-click and select New > Integer. Type content.notify.interval as your preference name, click OK, enter 500000 (note that is 5 Zeroes) and click OK again.

Right-click again in the window and select New > Boolean. Create a value called content.notify.ontimer and set it to True.

3.) Faster Loading:Type about:config and press [Enter], right-click in the window and select New > Integer. Type content.switch.threshold, click OK, enter 250000 (a quarter of a second) and click OK to finish.

4.) Block Flash: Use Flashblock

The article, 8 hacks to make Firefox ridiculously fast, lists some more tweaks for braver tweakers but I’ve found these four work great for me. Happy Firefoxing.

What are you favorite Firefox tweaks or extensions?

I’ve added some apps and firefox extensions to our tools page that I would like to bring to your attention. The apps are listed by category.

Wireless
inSSIDer - Free Wi-Fi network scanner compatible with XP & Vista
Vistumbler - Free, Open SourceWi-Fi network scanner compatible with Vista

Firefox Extensions
Compact Menu - replaces the standard menu bar (File, Edit, View etc…) with a single button. If you like a minimalist browser experience this is a great addon to give you more screen real estate.
Better Gmail - Collection of UI tweaks for Gmail
Better GCal - Collection of UI tweaks for Google Calendar
Better GReader - Collection of UI tweaks for Google Reader

Misc Apps
InfraRecorder - Free CD/DVD burning software with excellent audio/data/ISO features. There is an installer and a portable version available. I used to need Nero for ISO support until I found InfraRecorder. Must have.
FastStone Photo Resizer - Image converter/resizer that provides great batch functions. If you need to edit a group of pictures (batch editing) this is the one-stop-shop.
MagicISO - Virtual CD-ROM that allows you to mount/create/edit ISOs. How did I live before Magic ISO? In the past you had to burn the ISO to disc and then run the disc to access the software. Well those days are gone. Magic ISO will mount and ISO as a virtual CDROM and you are off to the races. You should add this app to your toolbox immediately.

What are your favorite apps? What is missing from my list?