date:20110527

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Jon Harris

Cut off their hands would work better I think.

Jon

On Fri, May 27, 2011 at 1:04 PM, Rankin, James R wrote:

> Or cut off their internet access, at least.
>
> Typed frustratingly slowly on my BlackBerry® wireless device
> --
> *From: *Jonathan Link 
> *Date: *Fri, 27 May 2011 12:53:55 -0400
> *To: *NT System Admin Issues
> *ReplyTo: *"NT System Admin Issues"  >
> *Subject: *Re: Today on SANS.ORG : Description: There
> exists a vulnerability in all versions of user.
>
> It would certainly make the job easier.
>
>  On Fri, May 27, 2011 at 12:29 PM, Jacob  wrote:
>
>>   Hmm.. maybe we should ban users.
>>
>>
>>
>> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
>> *Sent:* Friday, May 27, 2011 8:19 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Today on SANS.ORG : Description: There
>> exists a vulnerability in all versions of user.
>>
>>
>>
>> I can almost see where this is going (Evil-Grin),
>>
>>
>>
>> A lot of users are vulnerable, unless you have policies with teeth and
>> enforce them, this madness is going to keep going on. But on the flip side
>> you don’t need the Gustapo going around having a pink-slip sale just because
>> a known good site got owned and redirected you to a bad site which they
>> owned you… ( which happens a lot more than you think)
>>
>>
>>
>> Z
>>
>>
>>
>> Edward E. Ziots
>>
>> CISSP, Network +, Security +
>>
>> Security Engineer
>>
>> Lifespan Organization
>>
>> Email:ezi...@lifespan.org
>>
>> Cell:401-639-3505
>>
>>
>>
>> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
>> *Sent:* Friday, May 27, 2011 11:12 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: Today on SANS.ORG : Description: There
>> exists a vulnerability in all versions of user.
>>
>>
>>
>> “One should strive to similarly reduce the population of vulnerable users
>> on your network.”
>>
>>
>>
>> I have several suggestions for this…
>>
>>
>>
>> -sc
>>
>>
>>
>> *From:* David Lum [mailto:david@nwea.org]
>> *Sent:* Friday, May 27, 2011 10:30 AM
>> *To:* NT System Admin Issues
>> *Subject:* Today on SANS.ORG : Description: There
>> exists a vulnerability in all versions of user.
>>
>>
>>
>> http://isc.sans.edu/diary/Managing+CVE-0/10933
>>
>> *David Lum*
>> Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Mobile 503.267.9764
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: RE: Data Center Shutdown Procedure suggestions

2011-05-27 Thread Jonathan

Thanks for the reply, Terry.

They are APC Symmetrasolder models (5+ years old). I've considered that
as a possibility and I believe they will do it, but not completely sure
about what they are capable of because I have not had a chance to look into
it yet. I don't even know what firmware they are running.

It is a good idea, but I may not want to go that route because of their age
and the possibility that we may be replacing them soon

Jonathan A+, MCSA, MCSE

Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the
Verizon network. Please excuse brevity and any misspellings.

On May 27, 2011 6:36 PM, "Terry Dickson" 
wrote:
> My first thought would be what kind of UPS's, most come with monitoring
software that could be used to automate the process. Start shutting down
least important as soon as you hit battery and set the others to shutdown
when batteries are X percent depleted. Power up is a harder question as it
depends on what tasks are being performed for each server.
>
> 
> From: Jonathan [ncm...@gmail.com]
> Sent: Friday, May 27, 2011 5:28 PM
> To: NT System Admin Issues
> Subject: Data Center Shutdown Procedure suggestions
>
>
> Hi everyone,
>
> I'm looking for any advice, policy templates, scripts, or anything else
any of you would be willing to provide. Here's the background
>
> In my new position, i'm responsible for our secondary Data Center - soon
to be setup with VMWare SRM, and it will function as our primary DR site. A
lot of things need to be formalized, and I've discovered today that there is
no emergency backup power for the facility (that's gotta change, and it
will, but one thing at a time). I have two UPSes that provide a decent
amount of run time, but when we experienced an extended loss of power
recently due to a storm, it still wasn't enough time to shut everything down
gracefully. It quickly became apparent that no one had worked out a formal
shutdown procedure, and it was a matter of, "Crap, start shutting everything
down".
>
> *sigh* - don't get me wrong, I LOVE my job, it is a GREAT place to work,
and I'm glad I'm here.. but I can now see why I'm here!
>
> So, I'm working on a formal document for how to shut everything down along
with a preferred shutdown order. As well as other things to take into
consideration, like automated notification of key people and distribution
lists, physical access, what we want to have happen when the power comes
back on, etc.
>
> Fortunately, we have not implemented VMWare yet, so we didn't have nearly
the server count we could have, but it still wasn't fun.
>
> So I'm thinking about writing some scripts using psshutdown to get servers
turned off gracefully, quickly, and in the proper order. Getting iLO
connections working and documented - particularly the ones on the DMZ that
are not readily accessible via the LAN
>
> Other thoughts revolve around physical access...who has keys and push
button door codes if the batteries in the access control system have become
exhausted due to the power outage.
>
> Any scripts, policy templates, or other suggestions along these lines
would be most appreciated.
>
> Thanks,
>
> Jonathan A+, MCSA, MCSE
>
> Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the
Verizon network. Please excuse brevity and any misspellings.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> 
> CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential.
If you are not the intended recipient, you do not have permission to
disclose, copy, distribute, or open any attachments. If you have received
this e-mail in error, please notify us immediately by returning it to the
sender and delete this copy from your system.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Data Center Shutdown Procedure suggestions

2011-05-27 Thread Terry Dickson

My first thought would be what kind of UPS's,  most come with monitoring 
software that could be used to automate the process.  Start shutting down least 
important as soon as you hit battery and set the others to shutdown when 
batteries are X percent depleted.  Power up is a harder question as it depends 
on what tasks are being performed for each server.

From: Jonathan [ncm...@gmail.com]
Sent: Friday, May 27, 2011 5:28 PM
To: NT System Admin Issues
Subject: Data Center Shutdown Procedure suggestions

Hi everyone,

I'm looking for any advice, policy templates, scripts, or anything else any of 
you would be willing to provide. Here's the background

In my new position, i'm responsible for our secondary Data Center - soon to be 
setup with VMWare SRM, and it will function as our primary DR site. A lot of 
things need to be formalized, and I've discovered today that there is no 
emergency backup power for the facility (that's gotta change, and it will, but 
one thing at a time). I have two UPSes that provide a decent amount of run 
time, but when we experienced an extended loss of power recently due to a 
storm, it still wasn't enough time to shut everything down gracefully. It 
quickly became apparent that no one had worked out a formal shutdown procedure, 
and it was a matter of, "Crap, start shutting everything down".

*sigh* - don't get me wrong, I LOVE my job, it is a GREAT place to work, and 
I'm glad I'm here.. but I can now see why I'm here!

So, I'm working on a formal document for how to shut everything down along with 
a preferred shutdown order. As well as other things to take into consideration, 
like automated notification of key people and distribution lists, physical 
access, what we want to have happen when the power comes back on, etc.

Fortunately, we have not implemented VMWare yet, so we didn't have nearly the 
server count we could have, but it still wasn't fun.

So I'm thinking about writing some scripts using psshutdown to get servers 
turned off gracefully, quickly, and in the proper order. Getting iLO 
connections working and documented - particularly the ones on the DMZ that are 
not readily accessible via the LAN

Other thoughts revolve around physical access...who has keys and push button 
door codes if the batteries in the access control system have become exhausted 
due to the power outage.

Any scripts, policy templates, or other suggestions along these lines would be 
most appreciated.

Thanks,

Jonathan A+, MCSA, MCSE

Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon 
network. Please excuse brevity and any misspellings.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If 
you are not the intended recipient, you do not have permission to disclose, 
copy, distribute, or open any attachments. If you have received this e-mail in 
error, please notify us immediately by returning it to the sender and delete 
this copy from your system.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Data Center Shutdown Procedure suggestions

2011-05-27 Thread Jonathan

Hi everyone,

I'm looking for any advice, policy templates, scripts, or anything else any
of you would be willing to provide. Here's the background

In my new position, i'm responsible for our secondary Data Center - soon to
be setup with VMWare SRM, and it will function as our primary DR site. A lot
of things need to be formalized, and I've discovered today that there is no
emergency backup power for the facility (that's gotta change, and it will,
but one thing at a time). I have two UPSes that provide a decent amount
of run time, but when we experienced an extended loss of power recently due
to a storm, it still wasn't enough time to shut everything down gracefully.
It quickly became apparent that no one had worked out a formal shutdown
procedure, and it was a matter of, "Crap, start shutting everything down".

*sigh* - don't get me wrong, I LOVE my job, it is a GREAT place to work, and
I'm glad I'm here.. but I can now see why I'm here!

So, I'm working on a formal document for how to shut everything down along
with a preferred shutdown order. As well as other things to take into
consideration, like automated notification of key people and distribution
lists, physical access, what we want to have happen when the power comes
back on, etc.

Fortunately, we have not implemented VMWare yet, so we didn't have nearly
the server count we could have, but it still wasn't fun.

So I'm thinking about writing some scripts using psshutdown to get servers
turned off gracefully, quickly, and in the proper order. Getting iLO
connections working and documented - particularly the ones on the DMZ that
are not readily accessible via the LAN

Other thoughts revolve around physical access...who has keys and push button
door codes if the batteries in the access control system have become
exhausted due to the power outage.

Any scripts, policy templates, or other suggestions along these lines would
be most appreciated.

Thanks,

Jonathan A+, MCSA, MCSE

Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the
Verizon network. Please excuse brevity and any misspellings.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Slow dns lookups?

2011-05-27 Thread Level 5 Lists

Kurt - that was our finding as well, the client has a firebox and we were 
seeing odd latency going through the t1 , so even though clients are using the 
cable for their gateway rebooting the firebox seemed to fix our issue.

Thanks everyone.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Friday, May 27, 2011 4:14 PM
To: NT System Admin Issues
Subject: Re: Slow dns lookups?

I had a similar issue with my firewall in the past couple of weeks.

The base issue *looked* like DNS problems, and they were, sorta...

We found that the real issue was a state table on the firewall, limiting UDP 
sessions. It was set at a max of 2500, and when I looked at the table, it was 
sitting at 2499 or 2500 for extended periods of time. So, I doubled the limit, 
monitored it for a while, then found it was hovering between 4500 and 5000 
quite a bit, so doubled it again to 1.

The timeout for sessions was also set to 300 seconds, and I turned that down to 
60 seconds.

Those actions cleared my problem - don't know if it's the same issue for you, 
but it might be worth looking at.

On Fri, May 27, 2011 at 09:34, Level 5 Lists  wrote:
> I have a client with a t1 and cable as a backup for about 50 users and 
> 9 servers.
>
>
>
> The past week their internet became amazingly slow, we pulled opendns 
> out, we pulled the proxy filter out and still same thing.
>
>
>
> Reviewing onsite it seems like when we goto a webpage we get a lot of 
> website found waiting for reply for several seconds.
>
>
>
> I switched gateways between t1 and cable and seemed to have no effect. 
> You eventually get there, but I cant seem to pinpoint whats causing it.
>
>
>
> We tried removing the opendns forwarders, then no forwarders, then 
> some forwarders to some public DNS servers. Always the same thing.
>
>
>
> Internally dns seems fine, no errors, ad replication is functioning 
> okay etc etc .. Kind of at a loss as to where to look next.
>
>
>
> Speedtest/pingtest are showing speeds as expected on both connections, 
> latency everything there seems pretty normal (16dn/6up on cable, A 
> rating on
> pingtest)
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: SAML and Terminal Server / RDS

2011-05-27 Thread Kurt Buff

On Fri, May 27, 2011 at 13:30, David Lum  wrote:
> I’ve been asked to investigate using SAML to create SSO functionality with
> RDS (was Terminal Server) – anyone here ever mess with SAML? I have found
> exactly one thread on it:
> http://social.technet.microsoft.com/Forums/el-GR/winserverTS/thread/fabb663a-200f-49d5-8765-2e97141b3542
>
> Other than this e-mail, I don’t even know all the right questions to ask at
> the moment.
> David Lum
> Systems Engineer // NWEATM
> Office 503.548.5229 // Mobile 503.267.9764

This sounds like a good question to ask on the list at activedir.org -
I've seen similar things discussed there.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

SAML and Terminal Server / RDS

2011-05-27 Thread David Lum

I’ve been asked to investigate using SAML to create SSO functionality with RDS 
(was Terminal Server) – anyone here ever mess with SAML? I have found exactly 
one thread on it: 
http://social.technet.microsoft.com/Forums/el-GR/winserverTS/thread/fabb663a-200f-49d5-8765-2e97141b3542

Other than this e-mail, I don’t even know all the right questions to ask at the 
moment.

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Slow dns lookups?

2011-05-27 Thread Kurt Buff

I had a similar issue with my firewall in the past couple of weeks.

The base issue *looked* like DNS problems, and they were, sorta...

We found that the real issue was a state table on the firewall,
limiting UDP sessions. It was set at a max of 2500, and when I looked
at the table, it was sitting at 2499 or 2500 for extended periods of
time. So, I doubled the limit, monitored it for a while, then found it
was hovering between 4500 and 5000 quite a bit, so doubled it again to
1.

The timeout for sessions was also set to 300 seconds, and I turned
that down to 60 seconds.

Those actions cleared my problem - don't know if it's the same issue
for you, but it might be worth looking at.

On Fri, May 27, 2011 at 09:34, Level 5 Lists  wrote:
> I have a client with a t1 and cable as a backup for about 50 users and 9
> servers.
>
>
>
> The past week their internet became amazingly slow, we pulled opendns out,
> we pulled the proxy filter out and still same thing.
>
>
>
> Reviewing onsite it seems like when we goto a webpage we get a lot of
> website found waiting for reply for several seconds.
>
>
>
> I switched gateways between t1 and cable and seemed to have no effect. You
> eventually get there, but I cant seem to pinpoint whats causing it.
>
>
>
> We tried removing the opendns forwarders, then no forwarders, then some
> forwarders to some public DNS servers. Always the same thing.
>
>
>
> Internally dns seems fine, no errors, ad replication is functioning okay etc
> etc .. Kind of at a loss as to where to look next.
>
>
>
> Speedtest/pingtest are showing speeds as expected on both connections,
> latency everything there seems pretty normal (16dn/6up on cable, A rating on
> pingtest)
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IE 0 Day, Heads up, Cookiejackin

2011-05-27 Thread Kurt Buff

On Fri, May 27, 2011 at 09:33, Ziots, Edward  wrote:
>
>
> http://www.networkworld.com/community/blog/ie-flaw-could-allow-hackers-a
> ccess-your-faceb?source=NWWNLE_nlt_security_2011-05-27
>
> Microsoft is not too worried about this zero-day hole in all versions of
> IE. Microsoft spokesman Jerry Bryant said, "Given the level of required
> user interaction, this issue is not one we consider high risk. In order
> to possibly be impacted a user must visit a malicious website, be
> convinced to click and drag items around the page and the attacker would
> need to target a cookie from the website that the user was already
> logged into."
>
> /My Slant on the situation..
> Honestly, visiting a malicious website is about as easy is getting
> re-directed from a supposed known Good site, due any number of web
> application vulnerabilities ( XSS, malicious iframes come to mind). And
> given if the user is already getting re-directed or hits the bad site,
> there is no telling what they might be tricked into doing.
>
> I do agree there might not be a high likely-hood that the site that the
> attack stole the cookie from is the same site that the user is currently
> logged into, but if the attacker did steal the cookie ( abeit
> credentials and otherwise) and replayed them to the sites they belong,
> it possibly could allow that attack to impersonate the legitimate user
> and do any number of things.
>
> Heads up gang, might be seeing a security advisory on this soon enough,

Few standard users understand how complex web pages are anymore. I
thought I had a good grasp on this, because of the NoScript addon in
Firefox, until I added the Request Policy addon as well. It's amazing.
While this isn't a critical security hole, it's going to be an
important one, I think.

Kurt

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Slow dns lookups?

2011-05-27 Thread Level 5 Lists

It seems to be just workstation related, although we are seeing some ping 
timeouts to the 4.2.2.2's on the T1, we took off forwarding but that didn't fix 
it. All the websites are external, could be anything from cnn.com to 
foxnews.com whatever. They all load a little, hang, load a little, hang, then 
finish.

We are testing a few different things now by having some workstations just use 
an external dns of the provider. Internally pinging, nslookups , network 
browsing all is fast and without any issue.

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, May 27, 2011 12:55 PM
To: NT System Admin Issues
Subject: RE: Slow dns lookups?

You can check your DNS lookups via nslookup both looking internally and 
externally.

You say going to webpage ( is this webpage internal? Or External to the 
organization?)

I am assuming that all users are seeing the same thing ( Correct) or is it 
localized?

What is the Network Bandwidth out the Internet Router? ( Is the available 
Bandwidth Pegged? Which would make everything slow?)

Any issues with dropped packets at the firewall/External Router to the Internet?

Any issues querying DNS Server upstream of your business like L3 communications 
at 4.2.2.2 and 4.2.2.1.

Here is an example:
C:\windows\system32>nslookup
Default Server:  DNS
Address:  Internal_IP

> set d2
> set type=A
> server 4.2.2.1

SendRequest(), len 38
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
1.2.2.4.in-addr.arpa, type = PTR, class = IN



Got answer (73 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
1.2.2.4.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  1.2.2.4.in-addr.arpa
type = PTR, class = IN, dlen = 23
name = vnsc-pri.sys.gtei.net
ttl = 84623 (23 hours 30 mins 23 secs)


Default Server:  vnsc-pri.sys.gtei.net
Address:  4.2.2.1

> .microsoft.com.
Server:  vnsc-pri.sys.gtei.net
Address:  4.2.2.1


SendRequest(), len 36
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
.microsoft.com, type = A, class = IN



Got answer (52 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 0,  additional = 0

QUESTIONS:
.microsoft.com, type = A, class = IN
ANSWERS:
->  .microsoft.com
type = A, class = IN, dlen = 4
internet address = 67.215.65.132
ttl = 0 (0 secs)


Non-authoritative answer:
Name:.microsoft.com
Address:  67.215.65.132

You can see I did a fully qualified dns lookup for Microsoft.com ( using the 
trailing . so that domain names aren't appended in the lookups)

Came back pretty snappy ( I would defintely put Wireshark on your PC and try 
and see the response times, because you might be dealing with a Layer 1-2 
problem at the router/switch/firewall interface or uplink on the TXX line to 
your ISP, rather than your DNS Servers.

HTH
Z


Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

From: Level 5 Lists [mailto:li...@levelfive.us]
Sent: Friday, May 27, 2011 12:34 PM
To: NT System Admin Issues
Subject: Slow dns lookups?

I have a client with a t1 and cable as a backup for about 50 users and 9 
servers.

The past week their internet became amazingly slow, we pulled opendns out, we 
pulled the proxy filter out and still same thing.

Reviewing onsite it seems like when we goto a webpage we get a lot of website 
found waiting for reply for several seconds.

I switched gateways between t1 and cable and seemed to have no effect. You 
eventually get there, but I cant seem to pinpoint whats causing it.

We tried removing the opendns forwarders, then no forwarders, then some 
forwarders to some public DNS servers. Always the same thing.

Internally dns seems fine, no errors, ad replication is functioning okay etc 
etc .. Kind of at a loss as to where to look next.

Speedtest/pingtest are showing speeds as expected on both connections, latency 
everything there seems pretty normal (16dn/6up on cable, A rating on pingtest)



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbe

RE: PowerBroker application

2011-05-27 Thread Joseph Heaton

Thanks to all for the replies on this.  I have added the other two products to 
our investigation list.

>>> Dennis Hoefer  5/27/2011 5:55 AM >>>
We've used it for 3 years.  At the time I believe they were really the
only game in town with this type of product, but as normally happens,
success brings competition so you now have other options, including
Viewfinity and ScriptLogic.  Our experience has been generally favorable
and pretty much delivers what it promises.  Only complaint would be that
it can be difficult at times to nail down precisely where all the
elevation needs are, and how to handle those within the context of the
software, so we sometimes find ourselves opening things up a bit more
than desired to achieve the desired results, but suspect that may be
true with competitive products too.  Other minor issue is that being
group policy based, there isn't a good way to quickly deal with one off
issues that pop up, have to create new rule, possibly wait for server
replication and force policy update on the client, gets the job done,
but never quick enough for the user who simply needs something like an
ActiveX control to install.

In spite of our favorable experience and no major complaints, we're
about to embark on a trial of Viewfinity's product.  Demo and literature
makes it appear to do everything that PowerBroker does and more, with a
friendlier UI.  We're about 45 days from our maintenance renewal on
PowerBroker so checking some options before renewal.

Bottom line, IMHO, if you're looking for something in this category,
PowerBroker deserves a good look.  

Dennis   

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, May 26, 2011 6:24 PM
To: NT System Admin Issues
Subject: PowerBroker application

Has anyone used this product, from BeyondTrust?  Looks like it would be
useful to minimize permission levels on Win 7 boxes.  We're looking at
using Applocker, and this seems to be a good fit to go along with that,
to automatically raise perm levels for apps in Applocker, so normal
users can install "whitelisted" applications.

Any personal experiences would be most appreciated.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com 
with the body: unsubscribe ntsysadmin





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: dns zone transfer issues

2011-05-27 Thread Don Kuhlman

Sounds like network hiccups Jimmy - anyway I did a quick search and found a 
couple articles that reference the topic of cross forest zone transfers 
if anyone else is interested - 


http://technet.microsoft.com/en-us/library/ee307976(WS.10).aspx

http://exchadtech.blogspot.com/2011/01/setting-up-cross-forest-trust-between.html






From: Jimmy Tran 
To: NT System Admin Issues 
Sent: Fri, May 27, 2011 1:16:58 PM
Subject: RE: dns zone transfer issues


TCP and UDP port 53.  This is too weird… Nothing has changed in the firewall to 
my knowledge but I am now able to add the DNS server into the Name Server tab. 

 
 Thanks!
 
Jimmy
 
From:Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, May 27, 2011 10:59 AM
To: NT System Admin Issues
Subject: Re: dns zone transfer issues
 
Trusts shouldn't be a factor in this.  What DNS ports are open between the two 
locations?

 
ASB (Professional Bio) 
Harnessing the Advantages of Technology for the SMB market...

 


On Fri, May 27, 2011 at 1:29 PM, Jimmy Tran  wrote:
Yes, there is connectivity and the forest trusts are valid.
 
jimmy
 
From:Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, May 27, 2011 9:48 AM
To: NT System Admin Issues
Subject: Re: dns zone transfer issues
 
Hey, Jimmy
 
Have you verified networking connectivity between the two locations?

 
ASB (Professional Bio) 
Harnessing the Advantages of Technology for the SMB market...

 
 
On Thu, May 26, 2011 at 3:11 PM, Jimmy Tran  wrote:
I am trying to add an IP address of a DNS server (in a different forest) into 
the Name Servers list on my DNS server to allow zone transfers but it keeps 
failing.  When I put in the IP address and hit resolve, it gives me an error 
saying “An unknown error occurred while validating   the server.  

 
When I login to the DNS server trying to accept the secondary zone transfer it 
accepts the transfer but then will fail soon after.  Sometimes I can reload the 
zone, sometimes I can’t.  

 
Does anyone know what’s going on?
 
Thanks,

Jimmy
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: dns zone transfer issues

2011-05-27 Thread Jimmy Tran

TCP and UDP port 53.  This is too weird... Nothing has changed in the
firewall to my knowledge but I am now able to add the DNS server into
the Name Server tab. 

 

 Thanks!

 

Jimmy

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, May 27, 2011 10:59 AM
To: NT System Admin Issues
Subject: Re: dns zone transfer issues

 

Trusts shouldn't be a factor in this.  What DNS ports are open between
the two locations?


 

ASB (Professional Bio  ) 
Harnessing the Advantages of Technology for the SMB market...

 





On Fri, May 27, 2011 at 1:29 PM, Jimmy Tran  wrote:

Yes, there is connectivity and the forest trusts are valid.

 

jimmy

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, May 27, 2011 9:48 AM
To: NT System Admin Issues
Subject: Re: dns zone transfer issues

 

Hey, Jimmy

 

Have you verified networking connectivity between the two locations?


 

ASB (Professional Bio  ) 
Harnessing the Advantages of Technology for the SMB market...

 

 

On Thu, May 26, 2011 at 3:11 PM, Jimmy Tran  wrote:

I am trying to add an IP address of a DNS server (in a different forest)
into the Name Servers list on my DNS server to allow zone transfers but
it keeps failing.  When I put in the IP address and hit resolve, it
gives me an error saying "An unknown error occurred while validating
the server.  

 

When I login to the DNS server trying to accept the secondary zone
transfer it accepts the transfer but then will fail soon after.
Sometimes I can reload the zone, sometimes I can't.  

 

Does anyone know what's going on?

 

Thanks,

Jimmy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: dns zone transfer issues

2011-05-27 Thread Andrew S. Baker

Trusts shouldn't be a factor in this.  What DNS ports are open between the
two locations?



*ASB *(Professional Bio )
 *Harnessing the Advantages of Technology for the SMB market...

 *



On Fri, May 27, 2011 at 1:29 PM, Jimmy Tran  wrote:

>  Yes, there is connectivity and the forest trusts are valid.
>
>
>
> jimmy
>
>
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, May 27, 2011 9:48 AM
> *To:* NT System Admin Issues
> *Subject:* Re: dns zone transfer issues
>
>
>
> Hey, Jimmy
>
>
>
> Have you verified networking connectivity between the two locations?
>
>
>
>  *ASB *(Professional Bio )
> *Harnessing the Advantages of Technology for the SMB market...**
> *
> * *
>
>
>
>  On Thu, May 26, 2011 at 3:11 PM, Jimmy Tran  wrote:
>
> I am trying to add an IP address of a DNS server (in a different forest)
> into the Name Servers list on my DNS server to allow zone transfers but it
> keeps failing.  When I put in the IP address and hit resolve, it gives me an
> error saying “An unknown error occurred while validating   the server.
>
>
>
> When I login to the DNS server trying to accept the secondary zone transfer
> it accepts the transfer but then will fail soon after.  Sometimes I can
> reload the zone, sometimes I can’t.
>
>
>
> Does anyone know what’s going on?
>
>
>
> Thanks,
>
> Jimmy
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: grabbing drivers off a pc

2011-05-27 Thread Erik Goldoff

I've used DriverMax for this type of need :
http://www.innovative-sol.com/drivermax/

On Fri, May 27, 2011 at 1:46 PM, jesse-r...@wi.rr.com
wrote:

> Hello.
> I have a PC that has a Yukon NIC installed on it with appropriate driver.
>
> I no longer have the driver installation file and I'm not sure which NIC is
> it (it lists it as a Generic Yukon driver so I'm not sure which one to d/l
> from Yukon's website).
>
> IIRC, there are some decent utilities that you can run on your PC that will
> gather the appropriate drivers and package them for you along wiht their
> appropriate INF files (in this case, the inf is yk51x86.inf), catalog
> files, driver files, etc. ?
>
> Can someone recommend one of those tools that works well for them?
>
> Thanks.
>
>
> 
> mail2web.com – Enhanced email for the mobile individual based on
> Microsoft®
> Exchange - http://link.mail2web.com/Personal/EnhancedEmail
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: grabbing drivers off a pc

2011-05-27 Thread Shauna Hensala


http://download.cnet.com/Driver-Backup/3000-2242_4-10694017.html

fast and easy

Shauna Hensala






> From: jesse-r...@wi.rr.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Date: Fri, 27 May 2011 13:46:42 -0400
> Subject: grabbing drivers off a pc
> 
> Hello.
> I have a PC that has a Yukon NIC installed on it with appropriate driver.
> 
> I no longer have the driver installation file and I'm not sure which NIC is
> it (it lists it as a Generic Yukon driver so I'm not sure which one to d/l
> from Yukon's website).
> 
> IIRC, there are some decent utilities that you can run on your PC that will
> gather the appropriate drivers and package them for you along wiht their
> appropriate INF files (in this case, the inf is yk51x86.inf), catalog
> files, driver files, etc. ?
> 
> Can someone recommend one of those tools that works well for them?
> 
> Thanks.
> 
> 
> 
> mail2web.com – Enhanced email for the mobile individual based on Microsoft®
> Exchange - http://link.mail2web.com/Personal/EnhancedEmail
> 
> 
> 
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
> 
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> 
  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

grabbing drivers off a pc

2011-05-27 Thread jesse-r...@wi.rr.com

Hello.
I have a PC that has a Yukon NIC installed on it with appropriate driver.

I no longer have the driver installation file and I'm not sure which NIC is
it (it lists it as a Generic Yukon driver so I'm not sure which one to d/l
from Yukon's website).

IIRC, there are some decent utilities that you can run on your PC that will
gather the appropriate drivers and package them for you along wiht their
appropriate INF files (in this case, the inf is yk51x86.inf), catalog
files, driver files, etc. ?

Can someone recommend one of those tools that works well for them?

Thanks.



mail2web.com  Enhanced email for the mobile individual based on Microsoft®
Exchange - http://link.mail2web.com/Personal/EnhancedEmail



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: dns zone transfer issues

2011-05-27 Thread Jimmy Tran

Yes, there is connectivity and the forest trusts are valid.

 

jimmy

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Friday, May 27, 2011 9:48 AM
To: NT System Admin Issues
Subject: Re: dns zone transfer issues

 

Hey, Jimmy

 

Have you verified networking connectivity between the two locations?


 

ASB (Professional Bio  ) 
Harnessing the Advantages of Technology for the SMB market...

 





On Thu, May 26, 2011 at 3:11 PM, Jimmy Tran  wrote:

I am trying to add an IP address of a DNS server (in a different forest)
into the Name Servers list on my DNS server to allow zone transfers but
it keeps failing.  When I put in the IP address and hit resolve, it
gives me an error saying "An unknown error occurred while validating
the server.  

 

When I login to the DNS server trying to accept the secondary zone
transfer it accepts the transfer but then will fail soon after.
Sometimes I can reload the zone, sometimes I can't.  

 

Does anyone know what's going on?

 

Thanks,

Jimmy

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Jonathan Link

They would still bring stuff into the environment...

On Fri, May 27, 2011 at 1:04 PM, Rankin, James R wrote:

> Or cut off their internet access, at least.
>
> Typed frustratingly slowly on my BlackBerry® wireless device
> --
> *From: * Jonathan Link 
> *Date: *Fri, 27 May 2011 12:53:55 -0400
> *To: *NT System Admin Issues
> *ReplyTo: * "NT System Admin Issues" <
> ntsysadmin@lyris.sunbelt-software.com>
> *Subject: *Re: Today on SANS.ORG: Description: There exists a
> vulnerability in all versions of user.
>
> It would certainly make the job easier.
>
> On Fri, May 27, 2011 at 12:29 PM, Jacob  wrote:
>
>> Hmm.. maybe we should ban users.
>>
>>
>>
>> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
>> *Sent:* Friday, May 27, 2011 8:19 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Today on SANS.ORG: Description: There exists a
>> vulnerability in all versions of user.
>>
>>
>>
>> I can almost see where this is going (Evil-Grin),
>>
>>
>>
>> A lot of users are vulnerable, unless you have policies with teeth and
>> enforce them, this madness is going to keep going on. But on the flip side
>> you don’t need the Gustapo going around having a pink-slip sale just because
>> a known good site got owned and redirected you to a bad site which they
>> owned you… ( which happens a lot more than you think)
>>
>>
>>
>> Z
>>
>>
>>
>> Edward E. Ziots
>>
>> CISSP, Network +, Security +
>>
>> Security Engineer
>>
>> Lifespan Organization
>>
>> Email:ezi...@lifespan.org
>>
>> Cell:401-639-3505
>>
>>
>>
>> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
>> *Sent:* Friday, May 27, 2011 11:12 AM
>> *To:* NT System Admin Issues
>> *Subject:* RE: Today on SANS.ORG: Description: There exists a
>> vulnerability in all versions of user.
>>
>>
>>
>> “One should strive to similarly reduce the population of vulnerable users
>> on your network.”
>>
>>
>>
>> I have several suggestions for this…
>>
>>
>>
>> -sc
>>
>>
>>
>> *From:* David Lum [mailto:david@nwea.org]
>> *Sent:* Friday, May 27, 2011 10:30 AM
>> *To:* NT System Admin Issues
>> *Subject:* Today on SANS.ORG: Description: There exists a vulnerability
>> in all versions of user.
>>
>>
>>
>> http://isc.sans.edu/diary/Managing+CVE-0/10933
>>
>> *David Lum*
>> Systems Engineer // NWEATM
>> Office 503.548.5229 //* *Mobile 503.267.9764
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Rankin, James R

Or cut off their internet access, at least.

Typed frustratingly slowly on my BlackBerry® wireless device

-Original Message-
From: Jonathan Link 
Date: Fri, 27 May 2011 12:53:55 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: Today on SANS.ORG: 
Description: There exists a vulnerability in all versions of user.

It would certainly make the job easier.

On Fri, May 27, 2011 at 12:29 PM, Jacob  wrote:

> Hmm.. maybe we should ban users.
>
>
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Friday, May 27, 2011 8:19 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Today on SANS.ORG: Description: There exists a
> vulnerability in all versions of user.
>
>
>
> I can almost see where this is going (Evil-Grin),
>
>
>
> A lot of users are vulnerable, unless you have policies with teeth and
> enforce them, this madness is going to keep going on. But on the flip side
> you don’t need the Gustapo going around having a pink-slip sale just because
> a known good site got owned and redirected you to a bad site which they
> owned you… ( which happens a lot more than you think)
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
>
>
> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
> *Sent:* Friday, May 27, 2011 11:12 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Today on SANS.ORG: Description: There exists a
> vulnerability in all versions of user.
>
>
>
> “One should strive to similarly reduce the population of vulnerable users
> on your network.”
>
>
>
> I have several suggestions for this…
>
>
>
> -sc
>
>
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Friday, May 27, 2011 10:30 AM
> *To:* NT System Admin Issues
> *Subject:* Today on SANS.ORG: Description: There exists a vulnerability in
> all versions of user.
>
>
>
> http://isc.sans.edu/diary/Managing+CVE-0/10933
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Mobile 503.267.9764
>
>
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread David Lum

You're welcome Stu :). Of course if I had actually known, I would have arranged 
for some commission! LOL

I did sign up for the newsletter...

Dave

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Friday, May 27, 2011 8:35 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in 
all versions of user.

Dang, this is SO in my nick of the woods it's scary. This is EXACTLY what
we do in KnowBe4, train the users so they are less vulnerable.

http://www.knowbe4.com/

Warm regards,

Stu

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, May 27, 2011 11:19 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in 
all versions of user.
I can almost see where this is going (Evil-Grin),

A lot of users are vulnerable, unless you have policies with teeth and enforce 
them, this madness is going to keep going on. But on the flip side you don't 
need the Gustapo going around having a pink-slip sale just because a known good 
site got owned and redirected you to a bad site which they owned you... ( which 
happens a lot more than you think)

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, May 27, 2011 11:12 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in 
all versions of user.

"One should strive to similarly reduce the population of vulnerable users on 
your network."

I have several suggestions for this...

-sc

From: David Lum [mailto:david@nwea.org]
Sent: Friday, May 27, 2011 10:30 AM
To: NT System Admin Issues
Subject: Today on SANS.ORG: Description: There exists a vulnerability in all 
versions of user.

http://isc.sans.edu/diary/Managing+CVE-0/10933
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Slow dns lookups?

2011-05-27 Thread Ziots, Edward

You can check your DNS lookups via nslookup both looking internally and
externally. 

 

You say going to webpage ( is this webpage internal? Or External to the
organization?)

 

I am assuming that all users are seeing the same thing ( Correct) or is
it localized? 

 

What is the Network Bandwidth out the Internet Router? ( Is the
available Bandwidth Pegged? Which would make everything slow?) 

 

Any issues with dropped packets at the firewall/External Router to the
Internet? 

 

Any issues querying DNS Server upstream of your business like L3
communications at 4.2.2.2 and 4.2.2.1. 

 

Here is an example: 

C:\windows\system32>nslookup

Default Server:  DNS

Address:  Internal_IP

 

> set d2

> set type=A

> server 4.2.2.1



SendRequest(), len 38

HEADER:

opcode = QUERY, id = 2, rcode = NOERROR

header flags:  query, want recursion

questions = 1,  answers = 0,  authority records = 0,  additional
= 0

 

QUESTIONS:

1.2.2.4.in-addr.arpa, type = PTR, class = IN

 





Got answer (73 bytes):

HEADER:

opcode = QUERY, id = 2, rcode = NOERROR

header flags:  response, want recursion, recursion avail.

questions = 1,  answers = 1,  authority records = 0,  additional
= 0

 

QUESTIONS:

1.2.2.4.in-addr.arpa, type = PTR, class = IN

ANSWERS:

->  1.2.2.4.in-addr.arpa

type = PTR, class = IN, dlen = 23

name = vnsc-pri.sys.gtei.net

ttl = 84623 (23 hours 30 mins 23 secs)

 



Default Server:  vnsc-pri.sys.gtei.net

Address:  4.2.2.1

 

> .microsoft.com.

Server:  vnsc-pri.sys.gtei.net

Address:  4.2.2.1

 



SendRequest(), len 36

HEADER:

opcode = QUERY, id = 3, rcode = NOERROR

header flags:  query, want recursion

questions = 1,  answers = 0,  authority records = 0,  additional
= 0

 

QUESTIONS:

.microsoft.com, type = A, class = IN

 





Got answer (52 bytes):

HEADER:

opcode = QUERY, id = 3, rcode = NOERROR

header flags:  response, want recursion, recursion avail.

questions = 1,  answers = 1,  authority records = 0,  additional
= 0

 

QUESTIONS:

.microsoft.com, type = A, class = IN

ANSWERS:

->  .microsoft.com

type = A, class = IN, dlen = 4

internet address = 67.215.65.132

ttl = 0 (0 secs)

 



Non-authoritative answer:

Name:.microsoft.com

Address:  67.215.65.132

 

You can see I did a fully qualified dns lookup for Microsoft.com ( using
the trailing . so that domain names aren't appended in the lookups)

 

Came back pretty snappy ( I would defintely put Wireshark on your PC and
try and see the response times, because you might be dealing with a
Layer 1-2 problem at the router/switch/firewall interface or uplink on
the TXX line to your ISP, rather than your DNS Servers. 

 

HTH

Z

 

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Level 5 Lists [mailto:li...@levelfive.us] 
Sent: Friday, May 27, 2011 12:34 PM
To: NT System Admin Issues
Subject: Slow dns lookups?

 

I have a client with a t1 and cable as a backup for about 50 users and 9
servers.

 

The past week their internet became amazingly slow, we pulled opendns
out, we pulled the proxy filter out and still same thing.

 

Reviewing onsite it seems like when we goto a webpage we get a lot of
website found waiting for reply for several seconds.

 

I switched gateways between t1 and cable and seemed to have no effect.
You eventually get there, but I cant seem to pinpoint whats causing it.

 

We tried removing the opendns forwarders, then no forwarders, then some
forwarders to some public DNS servers. Always the same thing.

 

Internally dns seems fine, no errors, ad replication is functioning okay
etc etc .. Kind of at a loss as to where to look next.

 

Speedtest/pingtest are showing speeds as expected on both connections,
latency everything there seems pretty normal (16dn/6up on cable, A
rating on pingtest)

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Jonathan Link

It would certainly make the job easier.

On Fri, May 27, 2011 at 12:29 PM, Jacob  wrote:

> Hmm.. maybe we should ban users.
>
>
>
> *From:* Ziots, Edward [mailto:ezi...@lifespan.org]
> *Sent:* Friday, May 27, 2011 8:19 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Today on SANS.ORG: Description: There exists a
> vulnerability in all versions of user.
>
>
>
> I can almost see where this is going (Evil-Grin),
>
>
>
> A lot of users are vulnerable, unless you have policies with teeth and
> enforce them, this madness is going to keep going on. But on the flip side
> you don’t need the Gustapo going around having a pink-slip sale just because
> a known good site got owned and redirected you to a bad site which they
> owned you… ( which happens a lot more than you think)
>
>
>
> Z
>
>
>
> Edward E. Ziots
>
> CISSP, Network +, Security +
>
> Security Engineer
>
> Lifespan Organization
>
> Email:ezi...@lifespan.org
>
> Cell:401-639-3505
>
>
>
> *From:* Steven M. Caesare [mailto:scaes...@caesare.com]
> *Sent:* Friday, May 27, 2011 11:12 AM
> *To:* NT System Admin Issues
> *Subject:* RE: Today on SANS.ORG: Description: There exists a
> vulnerability in all versions of user.
>
>
>
> “One should strive to similarly reduce the population of vulnerable users
> on your network.”
>
>
>
> I have several suggestions for this…
>
>
>
> -sc
>
>
>
> *From:* David Lum [mailto:david@nwea.org]
> *Sent:* Friday, May 27, 2011 10:30 AM
> *To:* NT System Admin Issues
> *Subject:* Today on SANS.ORG: Description: There exists a vulnerability in
> all versions of user.
>
>
>
> http://isc.sans.edu/diary/Managing+CVE-0/10933
>
> *David Lum*
> Systems Engineer // NWEATM
> Office 503.548.5229 //* *Mobile 503.267.9764
>
>
>
>
>
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: dns zone transfer issues

2011-05-27 Thread Andrew S. Baker

Hey, Jimmy

Have you verified networking connectivity between the two locations?



 *ASB *(Professional Bio )
 *Harnessing the Advantages of Technology for the SMB market...

 *



On Thu, May 26, 2011 at 3:11 PM, Jimmy Tran  wrote:

>  I am trying to add an IP address of a DNS server (in a different forest)
> into the Name Servers list on my DNS server to allow zone transfers but it
> keeps failing.  When I put in the IP address and hit resolve, it gives me an
> error saying “An unknown error occurred while validating   the server.
>
>
>
> When I login to the DNS server trying to accept the secondary zone transfer
> it accepts the transfer but then will fail soon after.  Sometimes I can
> reload the zone, sometimes I can’t.
>
>
>
> Does anyone know what’s going on?
>
>
>
> Thanks,
>
> Jimmy
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: IE 0 Day, Heads up, Cookiejackin

2011-05-27 Thread Andrew S. Baker

It's important, and via FB, there will be lots of ways to make this work for
some subset of the population, BUT, I still rate this as a mid-range threat
in practice.



*ASB *(Professional Bio )
 *Harnessing the Advantages of Technology for the SMB market...

 *



On Fri, May 27, 2011 at 12:33 PM, Ziots, Edward  wrote:

>
>
> http://www.networkworld.com/community/blog/ie-flaw-could-allow-hackers-a
> ccess-your-faceb?source=NWWNLE_nlt_security_2011-05-27
>
> Microsoft is not too worried about this zero-day hole in all versions of
> IE. Microsoft spokesman Jerry Bryant said, "Given the level of required
> user interaction, this issue is not one we consider high risk. In order
> to possibly be impacted a user must visit a malicious website, be
> convinced to click and drag items around the page and the attacker would
> need to target a cookie from the website that the user was already
> logged into."
>
> /My Slant on the situation..
> Honestly, visiting a malicious website is about as easy is getting
> re-directed from a supposed known Good site, due any number of web
> application vulnerabilities ( XSS, malicious iframes come to mind). And
> given if the user is already getting re-directed or hits the bad site,
> there is no telling what they might be tricked into doing.
>
> I do agree there might not be a high likely-hood that the site that the
> attack stole the cookie from is the same site that the user is currently
> logged into, but if the attacker did steal the cookie ( abeit
> credentials and otherwise) and replayed them to the sites they belong,
> it possibly could allow that attack to impersonate the legitimate user
> and do any number of things.
>
> Heads up gang, might be seeing a security advisory on this soon enough,
>
> Z
>
> Edward E. Ziots
> CISSP, Network +, Security +
> Security Engineer
> Lifespan Organization
> Email:ezi...@lifespan.org
> Cell:401-639-3505
> e ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

IE 0 Day, Heads up, Cookiejackin

2011-05-27 Thread Ziots, Edward



http://www.networkworld.com/community/blog/ie-flaw-could-allow-hackers-a
ccess-your-faceb?source=NWWNLE_nlt_security_2011-05-27

Microsoft is not too worried about this zero-day hole in all versions of
IE. Microsoft spokesman Jerry Bryant said, "Given the level of required
user interaction, this issue is not one we consider high risk. In order
to possibly be impacted a user must visit a malicious website, be
convinced to click and drag items around the page and the attacker would
need to target a cookie from the website that the user was already
logged into."

/My Slant on the situation..
Honestly, visiting a malicious website is about as easy is getting
re-directed from a supposed known Good site, due any number of web
application vulnerabilities ( XSS, malicious iframes come to mind). And
given if the user is already getting re-directed or hits the bad site,
there is no telling what they might be tricked into doing. 

I do agree there might not be a high likely-hood that the site that the
attack stole the cookie from is the same site that the user is currently
logged into, but if the attacker did steal the cookie ( abeit
credentials and otherwise) and replayed them to the sites they belong,
it possibly could allow that attack to impersonate the legitimate user
and do any number of things. 

Heads up gang, might be seeing a security advisory on this soon enough, 

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
e ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Jacob

Hmm.. maybe we should ban users. 

From: Ziots, Edward [mailto:ezi...@lifespan.org] 
Sent: Friday, May 27, 2011 8:19 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in
all versions of user.

I can almost see where this is going (Evil-Grin), 

A lot of users are vulnerable, unless you have policies with teeth and
enforce them, this madness is going to keep going on. But on the flip side
you don't need the Gustapo going around having a pink-slip sale just because
a known good site got owned and redirected you to a bad site which they
owned you. ( which happens a lot more than you think) 

Z

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, May 27, 2011 11:12 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in
all versions of user.

"One should strive to similarly reduce the population of vulnerable users on
your network."

I have several suggestions for this.

-sc

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, May 27, 2011 10:30 AM
To: NT System Admin Issues
Subject: Today on SANS.ORG: Description: There exists a vulnerability in all
versions of user.

http://isc.sans.edu/diary/Managing+CVE-0/10933

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Stu Sjouwerman

Dang, this is SO in my nick of the woods it's scary. This is EXACTLY what
we do in KnowBe4, train the users so they are less vulnerable.

http://www.knowbe4.com/

Warm regards,

Stu


From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, May 27, 2011 11:19 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in 
all versions of user.

I can almost see where this is going (Evil-Grin),

A lot of users are vulnerable, unless you have policies with teeth and enforce 
them, this madness is going to keep going on. But on the flip side you don't 
need the Gustapo going around having a pink-slip sale just because a known good 
site got owned and redirected you to a bad site which they owned you... ( which 
happens a lot more than you think)

Z

Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505

From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Friday, May 27, 2011 11:12 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a vulnerability in 
all versions of user.

"One should strive to similarly reduce the population of vulnerable users on 
your network."

I have several suggestions for this...

-sc

From: David Lum [mailto:david@nwea.org]
Sent: Friday, May 27, 2011 10:30 AM
To: NT System Admin Issues
Subject: Today on SANS.ORG: Description: There exists a vulnerability in all 
versions of user.

http://isc.sans.edu/diary/Managing+CVE-0/10933
David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Ziots, Edward

I can almost see where this is going (Evil-Grin), 

 

A lot of users are vulnerable, unless you have policies with teeth and
enforce them, this madness is going to keep going on. But on the flip
side you don't need the Gustapo going around having a pink-slip sale
just because a known good site got owned and redirected you to a bad
site which they owned you... ( which happens a lot more than you think) 

 

Z

 

Edward E. Ziots

CISSP, Network +, Security +

Security Engineer

Lifespan Organization

Email:ezi...@lifespan.org

Cell:401-639-3505

 

From: Steven M. Caesare [mailto:scaes...@caesare.com] 
Sent: Friday, May 27, 2011 11:12 AM
To: NT System Admin Issues
Subject: RE: Today on SANS.ORG: Description: There exists a
vulnerability in all versions of user.

 

"One should strive to similarly reduce the population of vulnerable
users on your network."

 

I have several suggestions for this...

 

-sc

 

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, May 27, 2011 10:30 AM
To: NT System Admin Issues
Subject: Today on SANS.ORG: Description: There exists a vulnerability in
all versions of user.

 

http://isc.sans.edu/diary/Managing+CVE-0/10933

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread Steven M. Caesare

"One should strive to similarly reduce the population of vulnerable
users on your network."

 

I have several suggestions for this...

 

-sc

 

From: David Lum [mailto:david@nwea.org] 
Sent: Friday, May 27, 2011 10:30 AM
To: NT System Admin Issues
Subject: Today on SANS.ORG: Description: There exists a vulnerability in
all versions of user.

 

http://isc.sans.edu/diary/Managing+CVE-0/10933

David Lum 
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764

 

 

 

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Latest Vipre Upgrade - Client Performance Issues

2011-05-27 Thread John Cook

There was an issue with the 4545 build, you need to upgrade to 4547 if you're 
having issues
John W. Cook
Systems Administrator
Partnership for Strong Families

From: Bob Hartung 
To: NT System Admin Issues 
Sent: Fri May 27 10:40:55 2011
Subject: Latest Vipre Upgrade - Client Performance Issues

I've been getting complaints from a number of users about how slow their 
systems are running. These complaints started coming in the day after I applied 
the v4.0.4045 upgrade.

I'm interested to hear if others are experiencing this problem?

Thanks.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
Consider the environment. Please don't print this e-mail unless you really need 
to.

This email and any attached files are confidential and intended solely for the 
intended recipient(s). If you are not the named recipient you should not read, 
distribute, copy or alter this email. Any views or opinions expressed in this 
email are those of the author and do not represent those of the company. 
Warning: Although precautions have been taken to make sure no viruses are 
present in this email, the company cannot accept responsibility for any loss or 
damage that arise from the use of this email or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Latest Vipre Upgrade - Client Performance Issues

2011-05-27 Thread Bob Hartung

I've been getting complaints from a number of users about how slow their 
systems are running. These complaints started coming in the day after I applied 
the v4.0.4045 upgrade.

I'm interested to hear if others are experiencing this problem?

Thanks.

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

2011-05-27 Thread David Lum

http://isc.sans.edu/diary/Managing+CVE-0/10933

David Lum
Systems Engineer // NWEATM
Office 503.548.5229 // Mobile 503.267.9764





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

How Much Are You Using Cloud Services?

2011-05-27 Thread Andrew S. Baker

I'm trying to help the folks at Focus.com who are interested in knowing to
what degree IT professionals and organizations are looking at, or using,
Cloud Services -- whether SaaS, PaaS, or IaaS.

Please see the short survey below:
http://www.zoomerang.com/Survey/WEB22CFEFUAMG6

Thanks!!



*ASB *(Professional Bio )
 *Harnessing the Advantages of Technology for the SMB market...

 *

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: PowerBroker application

2011-05-27 Thread Dennis Hoefer

We've used it for 3 years.  At the time I believe they were really the
only game in town with this type of product, but as normally happens,
success brings competition so you now have other options, including
Viewfinity and ScriptLogic.  Our experience has been generally favorable
and pretty much delivers what it promises.  Only complaint would be that
it can be difficult at times to nail down precisely where all the
elevation needs are, and how to handle those within the context of the
software, so we sometimes find ourselves opening things up a bit more
than desired to achieve the desired results, but suspect that may be
true with competitive products too.  Other minor issue is that being
group policy based, there isn't a good way to quickly deal with one off
issues that pop up, have to create new rule, possibly wait for server
replication and force policy update on the client, gets the job done,
but never quick enough for the user who simply needs something like an
ActiveX control to install.

In spite of our favorable experience and no major complaints, we're
about to embark on a trial of Viewfinity's product.  Demo and literature
makes it appear to do everything that PowerBroker does and more, with a
friendlier UI.  We're about 45 days from our maintenance renewal on
PowerBroker so checking some options before renewal.

Bottom line, IMHO, if you're looking for something in this category,
PowerBroker deserves a good look.  

Dennis   

-Original Message-
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] 
Sent: Thursday, May 26, 2011 6:24 PM
To: NT System Admin Issues
Subject: PowerBroker application

Has anyone used this product, from BeyondTrust?  Looks like it would be
useful to minimize permission levels on Win 7 boxes.  We're looking at
using Applocker, and this seems to be a good fit to go along with that,
to automatically raise perm levels for apps in Applocker, so normal
users can install "whitelisted" applications.

Any personal experiences would be most appreciated.



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Securities "Blue Sky" Docketing System

2011-05-27 Thread Chipshead



I realize this is a long shot. I'm in a legal environment and am looking for a 
securities docketing system that will give multiple users permissions based 
rights to track and modify filings that must be made in connection with private 
offerings of securities. There are many choices for intellectual property but I 
cannot find anything related to securities. Thanks. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

Re: RE: Data Center Shutdown Procedure suggestions

RE: Data Center Shutdown Procedure suggestions

Data Center Shutdown Procedure suggestions

RE: Slow dns lookups?

Re: SAML and Terminal Server / RDS

SAML and Terminal Server / RDS

Re: Slow dns lookups?

Re: IE 0 Day, Heads up, Cookiejackin

RE: Slow dns lookups?

RE: PowerBroker application

Re: dns zone transfer issues

RE: dns zone transfer issues

Re: dns zone transfer issues

Re: grabbing drivers off a pc

RE: grabbing drivers off a pc

grabbing drivers off a pc

RE: dns zone transfer issues

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

RE: Slow dns lookups?

Re: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

Re: dns zone transfer issues

Re: IE 0 Day, Heads up, Cookiejackin

IE 0 Day, Heads up, Cookiejackin

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

RE: Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

Re: Latest Vipre Upgrade - Client Performance Issues

Latest Vipre Upgrade - Client Performance Issues

Today on SANS.ORG: Description: There exists a vulnerability in all versions of user.

How Much Are You Using Cloud Services?

RE: PowerBroker application

Securities "Blue Sky" Docketing System

36 matches

Site Navigation

Mail list logo

Footer information