elite_fuzz

I hope no one that reads this belongs to Sears (or K-marts) SHC community. I really hope you don't. If you do you're in for a potentially big shock. Normally at this point I would laugh at people for not reading the fine print. Unfortunately it's looking like that wouldn't have helped in this case. To be honest I haven't yet had the time to check these allegations for myself, so take what I say with a grain of salt. When I have a chance to check these things out I'll update this post.
( A very very small grain of salt... )

Recently I have written a few entries highlighting security concerns, especially physical security. I've talked about security policies and why every business should have them, after all your security is only as strong as your worst employee. So while I was searching for interesting news I came across a story that highlights the need for security policies that you might find incredibly funny (in an “oh my gosh I can't believe he did that” kinda way).
( You really won't believe it... )

We all love virtual machines. Ok, not all of us, but they are the “way of the future.” Virtual servers cut down on hardware costs, cooling costs, maintenance costs, and a slew of other things. Not only that, but their cool! One machine that can run your web server, app server, storage server, directory, printing, and whatever else you can think of. Who wouldn't find that cool (probably someone not in an IT department...)? However, we have to remember that having everything on one machine gives us a single point of failure.
( What the heck does XEN stand for anyway? )

A new rootkit is making the rounds that you should be aware about. Rootkits by themselves are nothing new or exciting, but this particular one is using an attack vector that was common during the old MS-DOS days!
( Rootkits and worms and trojans, oh my!... )

You have heard me talk about how easy it is to break wireless encryption, and yes, it is easy. Every time I write an article that mentions this someone invariably asks me if I can tell them how to break some type of wireless encryption. If they're my friends, and they have a legitimate reason I'll do it for them and not tell them how. If its a random stranger my answer is always “I cant do that, but I can point you to a website that has some utilities that might be able to help you out.” Strangely enough, a link to that site is on the side of my webpage... (hint, it rhymes with binsecure and ends with .org...)
( for those that aren't good at rhyming the website is www.insecure.org )

A chain is only as strong as its weakest link, and your security is only as strong as your worst employee. Employees have been, are, and will remain the single biggest threat to network security. Yes, crackers remotely breaking into our network is big and scary and we need to do whatever we can to stop it. However, if you think its easier to do that than to send an email posing as a member of the IT department and ask for a username and password you are very mistaken.
( Shit like this is why I have an ulcer... )

SAFE Act 2007, what a clusterfark. Securing Adolescents From Exploitation-online. This bill was rushed through the House of Rep's, and when I say rushed, I mean rushed! It was sent through the House of Rep's using a mechanism that is supposed to be reserved for non-confrontational bills. On top of that it passed almost unanimously. If I remember correctly, it passed 409 to 2. The two people who didn't vote for it were both republicans, one of whom is Ron Paul (gee, I still cant decide if he's just a classic libertarian or someone who actually does his job).

What is the Aim of this bill? Well, its lofty goal is to help stop the aquisition and spread of child pornography. Holy sh*t! I'll vote for that! Wait, whats that? People that own private (home) wireless access points might be held accountable by this law? The law doesn't clearly define what an "obscene" image is? The law gives no indication on how business or private parties should comply with the law? Hu?... Gee this bill sucks!
( Am I now my brothers keeper? -or- Why the heck are we still talking about 2007? )

Wireless security is one of my favorite soapbox's. Whenever I teach an A+ class or a Net+ class I always spend a few minutes talking about the theory behind cracking WEP and WPA, and how easy it is, to drive home the point that wireless connections are just not secure without advanced encryption and authentication (something a RADIUS server would provide). Researchers at Indiana University have recently given me another talking point when lecturing students on wireless security.
( The worms are everywhere... )

I while ago, as I was teaching an A+ class, the topic of how hard drives store information came up. I was successfully sidetracked (as I'm sure my student hoped I would be) into a brief discussion on the mechanics of hard drives. Of course, once we started talking about that I was forced (forced I tell you) to get up on my soap box about data security.

What does data security have to do with the mechanics of hard drives? As most professional IT people will tell you simply erasing the data off of a hard drive via formatting or deleting files doesn't actually remove the data from the hard drive. “What!? Your saying that deleting the contents of my trash bin doesn't mean the data is lost?”
( Data will self destruct in 10, 9... )

Long title, but accurate. I will attempt to make sense of the OSI seven layer model to networking. Ill explain it in non networking terms then go back and expand a little on it. I wont get in to too much detail, but you should have a working understanding by the time were done here.

But why should you know? Specific problems in networking can be attributed to specific layers of the OSI model. When someone says to you that there is a level 1 problem with the network card it would be good to know what they're talking about. Also, different protocols work at different layers of the networking model. If you cant retrieve emails from your server you might have a POP3 problem, which is a layer 7 issue.

( 7 layer model )

While running the new Novell OES2 for Linux class we ran into a few problems concerning the Xen virtual machines. The class setup called for each student to have a SLES10 sp1 machine with two virtual machines installed on it. One NetWare with an eDirectory tree and one SLED 10 machine. The students then created a new XEN machine and installed SLES10 sp1 in the ambition of installing OES2 on it and adding it into the existing eDirectory tree. Problems in the setup issued by Novell made this impossible without some extensive troubleshooting. This might also help you if your having trouble with your XEN setup.

( XEN troubleshooting )

I recently obtained my CLP certification. CLP stands for Certified Linux Professional and is a certification given by Novell to those that can display moderate to advanced SuSE Linux Administration skills. The CLP covers XEN virtualization, SSH, VNC, apache, tomcat, SSL encryption, disk quotas, permissions, root access, samba, nfs, scripting and a slew of other things.

There are 3 classes covered in the CLP so its quite a lot of information to study. The test is only 3 hours long with 4 major objectives. What does this mean to you? Well, if you know 9 out of 10 objectives, but you get a problem on the one thing you dont know, you will fail the test. Yes, its like that.

Oh, and when i say "objectives" i mean just that. This isnt a pen and paper multiple choice, T/F test. Novell sets up 2 servers which you remote into and then complete the tasks they give you. So that said, im going to give you a few tips on how to take the test. Im not going to tell you what I had on my test, but ill give you some tips so that when you take yours you wont panic like i did.

( The CLP )

Active Directory slows down the entire network for long amounts of time during replication. Active Directory will not Sync properly with eDirectory. Takes a long time to resolve DNS names. Netware servers are not loading NLM's properly.

Synopsis:
A network server crashed. This server was running Active Directory and had to be rebuilt from an older backup. This network is running Active Directory for DNS and DHCP as well as eDirectory (Netware) for users, network storage, Exchange, and other administrative tasks. After rebuilding the windows server the network is slow during directory replication, DNS query resolution, and will not sync properly between the two directories. There are errors while booting the Netware servers. At this company there is only one domain serving two sites on a WAN. There are two servers of each kind at each site on the WAN.

( Problems, Causes and Fix's )

Netware Server Failure to Boot: Active partition and SCSI ID number.

Synopsis:
A newly installed Netware server is shut off for the first time. While turned off the admin adds a SCSI tape drive to his network. Upon reboot Netware fails to load with an error of invalid boot partition.
( causes, testing and fix's )

Troubleshooting Netware Startup

Its happened to almost all Netware admins, definitely not as often as windows, but it happens. You get to work one day and for some reason you have to restart your Netware server. As your booting you get the feeling something isn't going right. Then suddenly, you see them. Errors. Your Netware server has just booted improperly. Something happened, a driver didn't load, a service that should have started didn't, the sys volume has disappeared....

So what do you do? You need to figure out what went wrong when so that you can fix it. Fixing it is usually easy, reorder the NLM's in the startup.ncf file, update a cdm driver, mark a partition active, etc. But finding the problem can be difficult. Errors are vague, or something might simply not work with no warning signs or reasons why this is.

( Fixing Netware Startup Issues )

SP 1 is Here!

Novell has released Service Pack 1 for SUSE Linux Enterprise Desktop 10! Making an already great enterprise desktop even better, SP1 comes with a slew of new features as well as some bug and security fixes. In fact it's so good that DesktopLinux.com writer Steven J. Vaughan says that “...in all seriousness, SLED is simply the best business desktop around, period.”

SP1 brings to the table Xen-based virtualization for all the programs that just have to run in Windows, the latest version of OpenOffice, Firefox 2.0, Flash 9, Helix Banshee 0.12.0 (includes iPod support), Ekiga 2.0.5 (compatible with Asterisk) and many other new programs and improvements.

As far as security goes, SLED 10 now includes home directory and partition encryption via cryptconfig and util-linux-crypt. Administrators can also bar SLED users from unlimited access to system functionality with the new desktop lockdown tool Sabayon. Using Sabayon along with a tighter integration of ZENworks Linux Management means that not only can you deploy updates and patches but you can also use it to enforce desktop policies and lockdowns on both a group and user basis.

As if this wasn't enough incentive to start using SLED, the price at just $50 per desktop is the deal clincher. Compared with using Microsoft Vista Business Edition and Microsoft Office Professional 2006 at a combined cost of almost $800 per desktop you can see why people are getting very excited about SLED.

For SP1 release notes,visit Novell's web page

GPL v3.0 and Novell

To some of you this might be old news. Others might not even know what GPL stands for (that's General Public License). Terms such as copyleft and tivoization might be as mysterious as the names Richard Stallman and Linus Torvalds. The reason these terms and names are important is because it might have an impact on what tools you can or cannot use in your network environment. Tools we use on a daily basis and are integral to the proper functioning of our network, tools such as Samba

Novell's Director of PR, Bruce Lowry, paraphrases Microsofts stance on the new GPL v3 as; “...the certificates [Microsoft] distributes for SUSE Linux Enterprise Server will not entitle the customers to maintenance and support of GPL3 technologies.” Of course this only applies to certificates purchased after the release of the GPL v3.

At this point some of you may be wringing your hands wondering what you are going to do when the need for support comes. Of course you could always call TouchStone Technology (my place of work) to help you out, or you could call Novell directly. That's right, call Novell.

Bruce Lowry continues with “...customers don’t need to worry about this, [Novell will] cover them anyway. Novell will provide maintenance and support for whatever version of SUSE Linux Enterprise Server the customer is running, whether that contains GPL3 licensed components or not and whether they got the certificate from Microsoft or bought SUSE Linux Enterprise directly from us or another partner. So nothing changes for customers—they are fully supported."
I haven't looked but I'm sure that Red Hat is taking a similar stand as Novell. The GPL v3 is long and, at least to me, unintelligible. With Novell's assurance, however, I can sleep easy at night knowing that when I wake up I won't have to scrap my network and start over.

For more information on this visit:
eWeek
Linux Watch
Wikipedia

Copyright Laws Side With Novell

On Janurary 20, 2004 the lawsuit between Novell and SCO began. In reality the battle started much before that. The confrontation actually started when SCO filed suit against IBM, claiming that they owned Unix. If SCO had known that Novell would contest this claim, effectively coming to the aid of IBM, they probably wouldn't have started in the first place. Or they might have, who knows the minds of SCO?

SCO continued with the struggle, however, and pushed it's claim for the Unix copyright despite Novell's emergence onto the scene, and subsequently Novell's counter claim for those same copyrights. The court battle has been fierce on both sides, but recently SCO has run into a snag.

On August 10, 2007, Judge Dale Kimball ruled that “...the court concludes that Novell is the owner of the UNIX and UnixWare Copyrights.” Novell was awarded a summary judgment on a number of claims while many of SCO's claims were denied. In addition to the verdict, SCO was ordered to hand over licenses fee's to Novell!

Novell's statement on the ruling: “The courts ruling has cut out the core of SCO's case and as a result, eliminates SCO's threat to the Linux community based upon allegations of copyright infringements of UNIX. We are extremely pleased with the outcome.”

Novell may be happy with the outcome, but SCO is definitely not! On Friday, August 10th SCO's stock was worth about $1.70/share (trade symbol SCOX). The trading day ended before the verdict was handed down. On the following Monday, SCO's stock price was hovering around $0.40.
*

Not being a stockbroker or an analyst I can't tell you why their stock price dropped so dramatically, but it is suspect that the drop in stock price followed so closely on the heels of the courts decision.

So what does this mean to the average consumer? Should we even care about this other than an interesting side note for the history of Linux?

Actually, the ramifications for this decision are fairly substantial. While SCO was fighting their legal battles, they sent out notices to companies threatening legal actions if they did not cease and desist with their use of Linux. If a company wanted to use Linux, they had to weight the benefits of better platform against the cost of a lawsuit. This threat kept many people from adopting Linux, effectively stunting the growth and adoption rate of Linux.

Now that the threat of a lawsuit is gone, combined with the recent partnership between Novell and Microsoft, companies don't need to have these other concerns when trying to decide what to use in their network. I predict more companies will step away from the platforms they have been pigeonholed in and start adopting more open source solutions.

*Image provided by http://money.excite.com

Along the lines of all the other linux home server stuff I've been doing i am now going to talk about a backup server. Word to the wise, this type of back up is for data only. If you try to back up an entire hard drive (a.k.a. ghosting) i cannot guarantee success. Also, between backup and restoring the same file system must be used. If you pulled data off an NTSF formated file system, don't try to put it on a HDD formated with ext3. It just wont work. That said, here ya go: ( automated data backup with SuSE Linux )

There is no place like home, and ssh allows us to connect to home any time we want to in a secure way. We don't want people to see all the illegal movies and videos you'll be accessing anyway, right? So we use ssh to tunnel into our home network. We looked at that last post, so in this post ill explain exactly how ssh works, or in theory how it works.( SSH Explained )