RE: East Coast people out there? (UNCLASSIFIED)
Gotta save somehow... Plus I got family in NJ.. :) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kent, Larry J CTR USARMY 93 SIG BDE (US) [mailto:larry.j.kent2@mail.mil] Sent: Tuesday, October 30, 2012 12:06 PM To: NT System Admin Issues Subject: RE: East Coast people out there? (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Z: Why do you drive all the way to NJ for gas? :) I realize that RI gas prices are higher than Massachusetts but NJ?? Larry -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, October 30, 2012 10:33 AM To: NT System Admin Issues Subject: RE: East Coast people out there? Hey don't Diss WAWA best gas and you don't have to pump it in NJ.. ( I find that wicked Strange)) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Guyer, Don [mailto:dgu...@che.org] Sent: Tuesday, October 30, 2012 10:02 AM To: NT System Admin Issues Subject: RE: East Coast people out there? Worst part of that statement was the Wawa was closed... J Luckily, mine was open. Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: dgu...@che.org Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. Description: Description: Description: InfoService-Logo240 From: Dan Bartley [mailto:bartl...@corp.netcarrier.com] Sent: Tuesday, October 30, 2012 9:56 AM To: NT System Admin Issues Subject: RE: East Coast people out there? SE PA. My power has been out since last night. Apparently I'm at the end of a grid. Neighbors on the right are without power, but immediate neighbors on left still have. Had to take 3 different detours to make it in and parry with the other drivers at dark traffic lights. I saw my Wawa was closed, figured The Day After Tomorrow was coming true. My electric company estimates my power will be restored by midnight 01/01/0001. Yes, they really have the year one in the estimate. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Tuesday, October 30, 2012 09:45 To: NT System Admin Issues Subject: OT: East Coast people out there? Anyone else on the east coast dealing with the aftermath of Sandy? Still waiting to hear how our NY office faired. Chris - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: 7 shortcuts To Get Your Network Hacked (huh?)
1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Yep we have that picture up on the wall at work, its soo true for a lot of places, which is seriously a good way to violate SLA's or not introduce things into production that was never meant to be there. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, October 30, 2012 4:48 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Dos Equis I don't always test, but when I do, I prefer to use the Production environment. /Dos Equis Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) You know, even with the smiley, some people may think you are serious! -Original Message- From: Webster [mailto:webs...@carlwebster.com] Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) But how can you properly test stuff in development unless you test it in (on) production? :) Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) That leads to #7 on my list - not maintaining separate production and dev networks. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Agreed, I definitely like SANS securing the human approach and they Cyber Security Awareness month was a good measure of where we all might be hitting on missing the ticket with our own systems. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 7:15 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) BTW - apropos of this: https://isc.sans.edu/diary/Cyber+Security+Awareness+Month+-+Day+30+-+DSD+35+mitigating+controls/14419 On Tue, Oct 30, 2012 at 10:39 AM, Stu Sjouwerman s...@sunbelt-software.com wrote: Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I would say that BYOD is going to creep up to the top of the list sooner than laters for the following reasons. 1) Lack of security specifications and hardening on users devices. ( Android and IOS have many flaws some we are just finding out about) (Just look at jailbreakme.com. 2) Security solutions like ( Mobile-Iron and others) will help mitigate but not totally reduce issues with endpoint devices to an acceptable level. 3) Again these BYOD devices, are more likely and easily stolen or misplaced as compared to corporate devices ( laptop) these days ( abiet, yes laptops are still getting stolen, but usually they are fully encrypted, so going to be hard to get any information of value off them for a while, note: I didn't say impossible) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Mike Tavares [mailto:miketava...@comcast.net] Sent: Tuesday, October 30, 2012 7:48 PM To: NT System Admin Issues Subject: Re: 7 shortcuts To Get Your Network Hacked (huh?) 1. Listening to Management tell you that security is inconvenience to the end users and keep it as simple as possible. 2. All new users being created with a generic password. 3. Letting users run as Admins (see #1) 4. Letting users BYOD with absolutely no policies in place to control them 5. A fairly new one for some no policies for BYON From: Stu Sjouwerman mailto:s...@sunbelt-software.com Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues mailto:ntsysadmin@lyris.sunbelt-software.com Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 7 shortcuts To Get Your Network Hacked (huh?)
If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use Antivirus or out of date signatures for AV/HIPS to detect common known malware/Trojans ( Again getting less effective by the day since a lot of malware these days is custom and it is used to bypass AV detection. 7) Giving users admin privileges and not controlling code execution on endpoint systems (Again this is how most of the malware/malcode is getting on the systems in the first place ( drive by downloads, etc etc) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 1:39 PM To: NT System Admin Issues Subject: 7
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS's all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 7:16 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:29 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) 1) Failure to properly harden their systems from attack. ( Patching, Access-lists, Firewall settings) 2) Using unapproved software on systems that introduces malware, or Trojan backdoors on systems. 3) Failure to properly use least privilege and separation of duties, to limit exposure to systems and processes. 4) Using vulnerable database/Web applications which are exposed to the internet and are vulnerable to OWASP top 10 (Especially SQLi and XSS) 5) Lack of proper ingress and egress filtering at firewall/VPN access into and out of the corporate network, DMZ and otherwise. 6) Failure to use
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Thanks for the response. From what I've seen in NIPS only finds low hanging fruit attacks - not actual compromises. I suspect this is because most NIPS are only able to detect these reasonably well known attacks, and not the more customised stuff. Anything a NIPS picks up is probably not a successful attack - just an attempted attack. It doesn't mean that the org is vulnerable per se. IMHO, things like default passwords not changed and similar items are things that smaller orgs and home users face. Larger orgs have better policies around this, plus audits that should pick up these types of issues. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 11:09 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS's all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 7:16 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 3:39 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I'm curious to know how people are coming up with these lists. Are they based on personal experience of hacks in your own workplace? Or what you are seeing/reading in the media? My experience is a fair bit different to most of the responses so far. Cheers Ken
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Ok, what would be your list? Op 31 okt. 2012 13:34 schreef Ken Schaefer k...@adopenstatic.com het volgende: Thanks for the response. ** ** From what I’ve seen in NIPS only finds “low hanging fruit” attacks – not actual compromises. I suspect this is because most NIPS are only able to detect these reasonably well known attacks, and not the more customised stuff. Anything a NIPS picks up is probably not a successful attack – just an attempted attack. It doesn’t mean that the org is vulnerable per se.*** * ** ** IMHO, things like “default passwords not changed” and similar items are things that smaller orgs and home users face. Larger orgs have better policies around this, plus audits that should pick up these types of issues. ** ** Cheers Ken ** ** *From:* Ziots, Edward [mailto:ezi...@lifespan.org] *Sent:* Wednesday, 31 October 2012 11:09 PM *To:* NT System Admin Issues *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?) ** ** Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS’s all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ** ** *From:* Ken Schaefer [mailto:k...@adopenstatic.com k...@adopenstatic.com] *Sent:* Wednesday, October 31, 2012 7:16 AM *To:* NT System Admin Issues *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?) ** ** If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? “The media” was just an example on my part. ** ** Secondly, how do you know that “a lot of times the biggest breaches are because the basics are being done from the start”? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? ** ** My questions are purely academic – I’m interesting in knowing more. My experience is different to many of the items so far offered, and I’d like to know whether it’s because my experience isn’t representative, people are in different environments, people read different things to me, etc. ** ** FWIW, I note that you still don’t answer the question ** ** Cheers Ken ** ** *From:* Ziots, Edward [mailto:ezi...@lifespan.org ezi...@lifespan.org] *Sent:* Wednesday, 31 October 2012 7:38 PM *To:* NT System Admin Issues *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?) ** ** I can say this: ** ** **1) **People aren’t going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? **2) **Media sometimes is about as trustworthy as snake-oil potion from back in the 1800’s. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security “solutions” to pad companies bottom line. ** ** But a lot of times the biggest breaches in security is because the basic’s aren’t being done correctly from the start, and the can is getting “kicked down the road” for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) ** ** Z ** ** Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org ** ** *From:* Ken Schaefer [mailto:k...@adopenstatic.com k...@adopenstatic.com] *Sent:* Wednesday, October 31, 2012 4:10 AM *To:* NT System Admin Issues *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?) ** ** I agree with the statement below. But it’s not an answer to my question.** ** ** ** ** ** *From:* Ziots, Edward [mailto:ezi...@lifespan.org ezi...@lifespan.org] *Sent:* Wednesday, 31 October 2012 6:51 PM *To:* NT System Admin Issues *Subject:* RE: 7 shortcuts To Get Your Network Hacked (huh?) ** ** Ken everyone’s experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Honestly, what I have seen from audits, they don't always catching these type of things. Again you basically need to do your own Controls Self Assessment on your systems and doing the proper risk management of your systems. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 8:32 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Thanks for the response. From what I've seen in NIPS only finds low hanging fruit attacks - not actual compromises. I suspect this is because most NIPS are only able to detect these reasonably well known attacks, and not the more customised stuff. Anything a NIPS picks up is probably not a successful attack - just an attempted attack. It doesn't mean that the org is vulnerable per se. IMHO, things like default passwords not changed and similar items are things that smaller orgs and home users face. Larger orgs have better policies around this, plus audits that should pick up these types of issues. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 11:09 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS's all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 7:16 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the statement below. But it's not an answer to my question. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 6:51 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Ken everyone's experiences are different, depends on where they work, which industry and what they are a target from. I am sure in healthcare I have a different risk profile as compared to the Banking industry, as compared to the retail industry. Z Edward E. Ziots, CISSP, Security +,
RE: 7 shortcuts To Get Your Network Hacked (huh?)
1. Running as local admin (or Domain admin for regular usage). 2. Passwords (weak, not changing default, duplicating - using one password for everything) 3. Unapproved/untested apps 4. Unpatched OS, Apps, Devices etc. 5. Poorly configured firewall (allow all type settings) 6. Web filtering 7. Anti-Virus - Non, out of date etc. 8. Training - Poor or lack of, when that responsibility falls to the admins. 9. Allowing customers, vendors, unapproved devices etc. on network 10. Unpatched remote systems (VPN, RDP etc.) 11. Separate development network/domain 12. Not informing management of all the above. From: Stu Sjouwerman [mailto:s...@sunbelt-software.com] Sent: Tuesday, October 30, 2012 12:39 PM To: NT System Admin Issues Subject: 7 shortcuts To Get Your Network Hacked (huh?) Hi Guys, Yes, that was on purpose. In your opinion, what are the most gruesome errors a system admin can make which will result in getting their network hacked? Just jot down a few and reply to the list, I will tabulate and come up with the 7 most mentioned sorted by importance. This should be fun. Have at it !! Warm regards, Stu ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
FW: 1100+ revised updates on WSUS?
From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 1100+ revised updates on WSUS?
Yep saw that one, very interesting, is M$ telling us that they have had a certificate signing breach without coming out and saying it? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, October 31, 2012 11:48 AM To: NT System Admin Issues Subject: FW: 1100+ revised updates on WSUS? From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 1100+ revised updates on WSUS?
I thought it might be related to the recent cert update where it has to be 1024 bits or longer, but I didn't look into it. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, October 31, 2012 8:55 AM To: NT System Admin Issues Subject: RE: 1100+ revised updates on WSUS? Yep saw that one, very interesting, is M$ telling us that they have had a certificate signing breach without coming out and saying it? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, October 31, 2012 11:48 AM To: NT System Admin Issues Subject: FW: 1100+ revised updates on WSUS? From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 1100+ revised updates on WSUS?
Certs after Jan 2014 have to be 2048. If you buy a 1 year cert at 1024 you cant buy after Jan 2013 On Oct 31, 2012 9:04 AM, David Lum david@nwea.org wrote: I thought it might be related to the recent cert update where it has to be 1024 bits or longer, but I didn't look into it. -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, October 31, 2012 8:55 AM To: NT System Admin Issues Subject: RE: 1100+ revised updates on WSUS? Yep saw that one, very interesting, is M$ telling us that they have had a certificate signing breach without coming out and saying it? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Wednesday, October 31, 2012 11:48 AM To: NT System Admin Issues Subject: FW: 1100+ revised updates on WSUS? From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wow, who knew?
MY little tab disappeared when I double clicked on it. how do I get it back? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Tuesday, October 30, 2012 9:44 AM To: NT System Admin Issues Subject: RE: Wow, who knew? Yeah I actually get that, but I still think it's funny (and fun) to find the little things. Funnier is when some non-tech person (however in my experience it's usually someone exceedingly proficient in some MS Office application), shows you a keyboard shortcut and are surprised that we don't know it. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 8:02 AM To: NT System Admin Issues Subject: Re: Wow, who knew? LOL. Being 'senior' is more a matter of attitude and approach than knowing minutae - although sometimes tenure is used as a measure, unfortunately. Kurt On Tue, Oct 30, 2012 at 7:30 AM, David Lum david@nwea.org wrote: Wowgood thing I've already got promoted... -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 7:09 AM To: NT System Admin Issues Subject: Re: Wow, who knew? On Tue, Oct 30, 2012 at 6:33 AM, David Lum david@nwea.org wrote: When full screen RDP’d to a system that gives you the little “tab” at the top where you get minimize, maximize and close buttons, I never knew you could grab and slide that little bar left and right! Very useful when using say, LogMeIn… Yeah, and if you hit the pushpin icon on the left the tab will roll up completely out of the way, too. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wow, who knew?
It went to a window and now I have to scroll up the scroll bar to get to the task bar on the rdc. MY little tab disappeared when I double clicked on it. how do I get it back? -Original Message- From: David Lum [mailto:david@nwea.org] Sent: Tuesday, October 30, 2012 9:44 AM To: NT System Admin Issues Subject: RE: Wow, who knew? Yeah I actually get that, but I still think it's funny (and fun) to find the little things. Funnier is when some non-tech person (however in my experience it's usually someone exceedingly proficient in some MS Office application), shows you a keyboard shortcut and are surprised that we don't know it. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 8:02 AM To: NT System Admin Issues Subject: Re: Wow, who knew? LOL. Being 'senior' is more a matter of attitude and approach than knowing minutae - although sometimes tenure is used as a measure, unfortunately. Kurt On Tue, Oct 30, 2012 at 7:30 AM, David Lum david@nwea.org wrote: Wowgood thing I've already got promoted... -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 7:09 AM To: NT System Admin Issues Subject: Re: Wow, who knew? On Tue, Oct 30, 2012 at 6:33 AM, David Lum david@nwea.org wrote: When full screen RDP’d to a system that gives you the little “tab” at the top where you get minimize, maximize and close buttons, I never knew you could grab and slide that little bar left and right! Very useful when using say, LogMeIn… Yeah, and if you hit the pushpin icon on the left the tab will roll up completely out of the way, too. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Wow, who knew?
For what it is worth. I had to do the following: 1. Startup RDC. 2. Click on Options to expand. 3. Click on the Display Tab. 4. Check the box, Display the connection bar when I use the full screen. 4A. Also, drag the slider bar under Display Configuration to the far right until it says Full Screen. 5. Click on the General Tab. 6. Save the Connection Settings. 7. The click on Connect to start the session. 8. Then went into full screen mode as you said. 9. Clicked on the push pin and everything was groovey after that. Just in case anyone else ever has this challenge. -Original Message- From: Roger Daley [mailto:roger...@tbpenterprises.com] Sent: Wednesday, October 31, 2012 10:01 AM To: NT System Admin Issues Subject: RE: Wow, who knew? It went to a window and now I have to scroll up the scroll bar to get to the task bar on the rdc. MY little tab disappeared when I double clicked on it. how do I get it back? -Original Message- From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org] Sent: Tuesday, October 30, 2012 9:44 AM To: NT System Admin Issues Subject: RE: Wow, who knew? Yeah I actually get that, but I still think it's funny (and fun) to find the little things. Funnier is when some non-tech person (however in my experience it's usually someone exceedingly proficient in some MS Office application), shows you a keyboard shortcut and are surprised that we don't know it. -Original Message- From: Kurt Buff [ mailto:kurt.b...@gmail.com mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 8:02 AM To: NT System Admin Issues Subject: Re: Wow, who knew? LOL. Being 'senior' is more a matter of attitude and approach than knowing minutae - although sometimes tenure is used as a measure, unfortunately. Kurt On Tue, Oct 30, 2012 at 7:30 AM, David Lum mailto:david@nwea.org david@nwea.org wrote: Wowgood thing I've already got promoted... -Original Message- From: Kurt Buff [ mailto:kurt.b...@gmail.com mailto:kurt.b...@gmail.com] Sent: Tuesday, October 30, 2012 7:09 AM To: NT System Admin Issues Subject: Re: Wow, who knew? On Tue, Oct 30, 2012 at 6:33 AM, David Lum mailto:david@nwea.org david@nwea.org wrote: When full screen RDP’d to a system that gives you the little “tab” at the top where you get minimize, maximize and close buttons, I never knew you could grab and slide that little bar left and right! Very useful when using say, LogMeIn… Yeah, and if you hit the pushpin icon on the left the tab will roll up completely out of the way, too. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ http://lyris.sunbelt-software.com/read/my_forums/ or send an email to mailto:listmana...@lyris.sunbeltsoftware.com
RE: 7 shortcuts To Get Your Network Hacked (huh?)
Great line of questioning Ken. I'm curious to know how people are coming up with these lists. Mine is from what I've seen personally or from direct second hand (someone I know pretty well telling me about it). #4 is more opinion than experience, but Stu was really asking our views anyway. Maybe we need a clarification of hacked in this context. To me hacked is someone at least semi-forcibly getting into your systems and data, so while the same password for everyone in the company could allow employees to view data that management doesn't want them to it's not high on my hack list butstill high on my really dumb things to do list. 1. Inadequate/nonexistent web filtering 2. Inadequate/nonexistent firewall at the perimeter 3. Unpatched systems 4. Publicized security settings (firewall or user settings) 5. User training Dave From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 5:32 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Thanks for the response. From what I've seen in NIPS only finds low hanging fruit attacks - not actual compromises. I suspect this is because most NIPS are only able to detect these reasonably well known attacks, and not the more customised stuff. Anything a NIPS picks up is probably not a successful attack - just an attempted attack. It doesn't mean that the org is vulnerable per se. IMHO, things like default passwords not changed and similar items are things that smaller orgs and home users face. Larger orgs have better policies around this, plus audits that should pick up these types of issues. Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 11:09 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) Personal experience, Professional conferences ( SANS, ISC, ISACA otherwise) plus threat intelligence I get from legit sources and from the underground. When you are looking at packets and traffic from IDS/IPS's all day you tend to see similarities in things. Plus when you are doing a lot of Incident response, the same root causes tend to show up when you look at the evidence time and time again. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 7:16 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) If people are not reporting the hacks on their own network, then my question is, again: how are people determining what goes on their lists? The media was just an example on my part. Secondly, how do you know that a lot of times the biggest breaches are because the basics are being done from the start? Is this from your personal experience? From reading things on the internet? From professional conferences? Some other reason? My follow-up question would be: why do you think that the sample size that you have seen is representative? My questions are purely academic - I'm interesting in knowing more. My experience is different to many of the items so far offered, and I'd like to know whether it's because my experience isn't representative, people are in different environments, people read different things to me, etc. FWIW, I note that you still don't answer the question Cheers Ken From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, 31 October 2012 7:38 PM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I can say this: 1) People aren't going to talk about internal hacks on their networks (Op-Sec is in effect from my military days), so why even ask? 2) Media sometimes is about as trustworthy as snake-oil potion from back in the 1800's. I feel that a lot of vulnerabilities that are discussed are sensationalized, and sometimes created to enhance FUD in the consumer base to boost sales of security solutions to pad companies bottom line. But a lot of times the biggest breaches in security is because the basic's aren't being done correctly from the start, and the can is getting kicked down the road for a better term, until something bad happens, a lot are turning a blind eye to the aspect rather than meeting the challenge head-on and working towards a solution and improving their processes so that the risk that was identify and rememdiated does not crop up again in the configuration of systems. (This is where I do a lot of my current work in the %day-job%) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.orgmailto:ezi...@lifespan.org From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, October 31, 2012 4:10 AM To: NT System Admin Issues Subject: RE: 7 shortcuts To Get Your Network Hacked (huh?) I agree with the
Re: FW: 1100+ revised updates on WSUS?
Wait, what? Does this mean that they'll reapply to my servers and just reboot ASAP? That would make me less than happy... Kurt On Wed, Oct 31, 2012 at 8:48 AM, David Lum david@nwea.org wrote: From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 2:56 PM, Kurt Buff kurt.b...@gmail.com wrote: Wait, what? Does this mean that they'll reapply to my servers and just reboot ASAP? For starters, only if you have your servers set to automatically retrieve and install anything and everything Microsoft releases. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: FW: 1100+ revised updates on WSUS?
No, it means unless you're looking at the WSUS console you won't notice a thing. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, October 31, 2012 11:56 AM To: NT System Admin Issues Subject: Re: FW: 1100+ revised updates on WSUS? Wait, what? Does this mean that they'll reapply to my servers and just reboot ASAP? That would make me less than happy... Kurt On Wed, Oct 31, 2012 at 8:48 AM, David Lum david@nwea.org wrote: From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 1:20 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Oct 31, 2012 at 2:56 PM, Kurt Buff kurt.b...@gmail.com wrote: Wait, what? Does this mean that they'll reapply to my servers and just reboot ASAP? For starters, only if you have your servers set to automatically retrieve and install anything and everything Microsoft releases. -- Ben Yabbut I use WSUS, and have approved the previous versions of all of the relevant updates. So, they revise and re-issue the updates - keeping the same numbers AFAICT. I've examined the WSUS console, and they are still approved - so as they stand approved, but are now updated, is there some logic built into WSUS that says it's just the same thing, don't bother notifying hosts to grab it again? BTW - been a while since I've seen you here. Welcome back... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
Well, I'm looking at the WSUS console now, and not noticing anything. I did get that notification email, though... Kurt On Wed, Oct 31, 2012 at 1:23 PM, David Lum david@nwea.org wrote: No, it means unless you're looking at the WSUS console you won't notice a thing. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Wednesday, October 31, 2012 11:56 AM To: NT System Admin Issues Subject: Re: FW: 1100+ revised updates on WSUS? Wait, what? Does this mean that they'll reapply to my servers and just reboot ASAP? That would make me less than happy... Kurt On Wed, Oct 31, 2012 at 8:48 AM, David Lum david@nwea.org wrote: From the patch management list. -Original Message- From: Doug Neal [mailto:] Sent: Tuesday, October 30, 2012 11:17 AM To: Patch Management Mailing List Subject: RE: 1100+ revised updates on WSUS? As part of an overarching strategy to improve the security of Windows/Microsoft Update, many updates were revised in October - and likely more will be revised in November and December. While this is mostly an improvement in the security code signing of these updates, because of the way CBS-based packages are built (Windows-based updates used in Vista/Win7/Win8 platforms), the actual binaries had to change to meet the new signing requirements and improvements. So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. For these revised/re-released updates, there are no functional differences. Just signing improvements that ensure the security and trust in these updates. MSRC bulletins that are revised will have the normal bulletin revision to describe the changes in this updated release in the actual bulletin. doug neal Microsoft Update (MU) -Original Message- From: Surpuriya, Vinay [mailto:*] Sent: Tuesday, October 30, 2012 7:48 AM To: Patch Management Mailing List Subject: 1100+ revised updates on WSUS? Hi Colleagues, Anyone else seeing a gigantic number of revised updates on their WSUS servers today!? We got 1143 revised updates, to be precise, on last night's WSUS sync. What is the exact behavior of revised updates? Are they going to restart computers tonight? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: New Surface RT reviews
One thing bugs me. The Office apps that come with the RT includes language that says they're not for commercial use. Anyone else bugged by this? On Wed, Oct 31, 2012 at 3:53 PM, Rod Trent rodtr...@myitforum.com wrote: More to come. J There’s simply too much about this thing to cover it in a single post. From: Jon Harris [mailto:jk.har...@live.com] Sent: Wednesday, October 31, 2012 6:39 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews For those that are interested Rod Trent has posted his review of his Surface at http://myitforum.com/myitforumwp/2012/10/31/my-review-the-microsoft-surface-rt/ If you are interested and look on the site you will find other interesting articles as he was setting up his machine. Thank you Rod! Jon From: r...@finnesey.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: New Surface RT reviews Date: Sun, 28 Oct 2012 17:39:56 + Is POP3 still widely used? I would like most mail systems would support IMAP now a days. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Friday, October 26, 2012 4:50 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews Doesn’t support POP3, though. One gotcha if you’re going to sync a Windows 8 PC with your Microsoft Surface: http://myitforum.com/myitforumwp/2012/10/26/beware-the-windows-8-to-windows-rt-profile-sync/ From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, October 26, 2012 6:10 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews The integrated Mail and Calendar apps seem pretty nice for a touchpad type scenario. Their certainly leaps and bounds better than the iPad equivalents Thanks, Brian Desmond br...@briandesmond.com w – 312.625.1438 | c – 312.731.3132 From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Thursday, October 25, 2012 11:46 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews I got one tonight. I really like it I just wish it included Outlook. Cheers Ryan From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, October 25, 2012 4:55 PM To: NT System Admin Issues Subject: New Surface RT reviews Has anyone on the list gotten one of the new Surface RT machines and had time to actually play with it. I need to replace my wife's laptop and for what she does 99% of the time I think this would be a good fit. I would prefer to hear from people I know not some magazine reviewer which gets paid for their opinion. Thanks a lot, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 4:28 PM, Kurt Buff kurt.b...@gmail.com wrote: Does this mean that they'll reapply to my servers and just reboot ASAP? For starters, only if you have your servers set to automatically retrieve and install anything and everything Microsoft releases. I use WSUS, and have approved the previous versions of all of the relevant updates. Do you have your servers set to automatically download and install updates? Do you have the WSUS server configured to automatically approve new revisions of updates? All of the above need to be true for an install to happen. If you don't want the installs to happen, don't do that, then. :) BTW - been a while since I've seen you here. Welcome back... I never really left, I've just been too busy to post much. I happened to check in just as your post came in, and it was an easy question to answer. But thanks anyway. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: New Surface RT reviews
More on that: http://www.zdnet.com/microsoft-office-for-windows-rt-how-to-move-to-a-commer cial-use-license-705893/ -Original Message- From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Wednesday, October 31, 2012 6:56 PM To: NT System Admin Issues Subject: Re: New Surface RT reviews One thing bugs me. The Office apps that come with the RT includes language that says they're not for commercial use. Anyone else bugged by this? On Wed, Oct 31, 2012 at 3:53 PM, Rod Trent rodtr...@myitforum.com wrote: More to come. J There's simply too much about this thing to cover it in a single post. From: Jon Harris [mailto:jk.har...@live.com] Sent: Wednesday, October 31, 2012 6:39 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews For those that are interested Rod Trent has posted his review of his Surface at http://myitforum.com/myitforumwp/2012/10/31/my-review-the-microsoft-su rface-rt/ If you are interested and look on the site you will find other interesting articles as he was setting up his machine. Thank you Rod! Jon From: r...@finnesey.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: New Surface RT reviews Date: Sun, 28 Oct 2012 17:39:56 + Is POP3 still widely used? I would like most mail systems would support IMAP now a days. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Friday, October 26, 2012 4:50 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews Doesn't support POP3, though. One gotcha if you're going to sync a Windows 8 PC with your Microsoft Surface: http://myitforum.com/myitforumwp/2012/10/26/beware-the-windows-8-to-wi ndows-rt-profile-sync/ From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, October 26, 2012 6:10 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews The integrated Mail and Calendar apps seem pretty nice for a touchpad type scenario. Their certainly leaps and bounds better than the iPad equivalents Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Thursday, October 25, 2012 11:46 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews I got one tonight. I really like it I just wish it included Outlook. Cheers Ryan From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, October 25, 2012 4:55 PM To: NT System Admin Issues Subject: New Surface RT reviews Has anyone on the list gotten one of the new Surface RT machines and had time to actually play with it. I need to replace my wife's laptop and for what she does 99% of the time I think this would be a good fit. I would prefer to hear from people I know not some magazine reviewer which gets paid for their opinion. Thanks a lot, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
RE: New Surface RT reviews
There is no free lunch. Just because it's a tablet doesn't mean you can have genuine MS Office for free or maybe $1 or even $5. This catch has been discussed in the press. Now, the $64M question, will Microsoft approve the addition of Office-compatible apps in their Windows Store, the ones that do sell for $5, if the software vendors that currently have Office-compatible apps on Android and iDevices choose to offer their products for RT? Rejecting third party apps that compete with the in-house cash cow would not be well received by the developer community, I would think. -Original Message- From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Wednesday, October 31, 2012 6:56 PM To: NT System Admin Issues Subject: Re: New Surface RT reviews One thing bugs me. The Office apps that come with the RT includes language that says they're not for commercial use. Anyone else bugged by this? On Wed, Oct 31, 2012 at 3:53 PM, Rod Trent rodtr...@myitforum.com wrote: More to come. J There's simply too much about this thing to cover it in a single post. From: Jon Harris [mailto:jk.har...@live.com] Sent: Wednesday, October 31, 2012 6:39 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews For those that are interested Rod Trent has posted his review of his Surface at http://myitforum.com/myitforumwp/2012/10/31/my-review-the-microsoft-surface-r t/ If you are interested and look on the site you will find other interesting articles as he was setting up his machine. Thank you Rod! Jon From: r...@finnesey.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: New Surface RT reviews Date: Sun, 28 Oct 2012 17:39:56 + Is POP3 still widely used? I would like most mail systems would support IMAP now a days. From: Rod Trent [mailto:rodtr...@myitforum.com] Sent: Friday, October 26, 2012 4:50 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews Doesn't support POP3, though. One gotcha if you're going to sync a Windows 8 PC with your Microsoft Surface: http://myitforum.com/myitforumwp/2012/10/26/beware-the-windows-8-to-windows-r t-profile-sync/ From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Friday, October 26, 2012 6:10 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews The integrated Mail and Calendar apps seem pretty nice for a touchpad type scenario. Their certainly leaps and bounds better than the iPad equivalents Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Ryan Finnesey [mailto:r...@finnesey.com] Sent: Thursday, October 25, 2012 11:46 PM To: NT System Admin Issues Subject: RE: New Surface RT reviews I got one tonight. I really like it I just wish it included Outlook. Cheers Ryan From: Jon Harris [mailto:jk.har...@live.com] Sent: Thursday, October 25, 2012 4:55 PM To: NT System Admin Issues Subject: New Surface RT reviews Has anyone on the list gotten one of the new Surface RT machines and had time to actually play with it. I need to replace my wife's laptop and for what she does 99% of the time I think this would be a good fit. I would prefer to hear from people I know not some magazine reviewer which gets paid for their opinion. Thanks a lot, Jon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 4:05 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Oct 31, 2012 at 4:28 PM, Kurt Buff kurt.b...@gmail.com wrote: Does this mean that they'll reapply to my servers and just reboot ASAP? For starters, only if you have your servers set to automatically retrieve and install anything and everything Microsoft releases. I use WSUS, and have approved the previous versions of all of the relevant updates. Do you have your servers set to automatically download and install updates? No. Do you have the WSUS server configured to automatically approve new revisions of updates? Ah - here's the thing I'm asking about, and your reply implies an answer, but I'm not getting it. The forwarded message from OP says So while many XP and below updates will be revised (since they are not CBS-based) and will not require you to reinstall them, updates for the Vista and higher platforms will more likely require you to reinstall them (since they are re-releases, not MU logic revisions due to the binary changes). With auto-approval set, you may not even notice the XP based revisions, but are more likely to notice the Vista (and higher) re-releases. This is confusing - I do not have autoappovals set, either on servers directly or in WSUS. But, the above says they should be more noticeable, and they're not - nothing has come up for approval or otherwise changed in the WSUS management interface. That passage also states that on platforms = Vista, reinstallation is more likely to be required. I do have Win2k8R2 servers (and we're mostly on Win7 Enterprise for staff) and all current patches have been approved with deadlines. The servers and staff machines are not rebooting and WSUS isn't asking for new approvals on these old packages, yet the message says it's likely I need to reinstall. If I saw that the patches needed approving again, that wouldn't be a problem - I'd approve them with a deadline at the appropriate time, and let them reinstall during our patch windows, per normal. This makes me nervous. I don't like waiting for the other shoe to drop, especially when it might be in the middle of the day. Or did I just get lucky and none of the patches that were re-issued are relevant to our environment? This seems unlikely... Kurt All of the above need to be true for an install to happen. If you don't want the installs to happen, don't do that, then. :) Eh. Looks like I'm doing things right, it just seems to be a lack of comprehension on my part... Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 7:55 PM, Kurt Buff kurt.b...@gmail.com wrote: Do you have your servers set to automatically download and install updates? No. Then they won't automatically download and install updates. The WU client won't do anything unless it's configured to do so. The WU client behavior is independent of WSUS configuration. If an update isn't approved on WSUS, the WU client won't even consider it. If the WU client isn't told to download/install, it doesn't matter what WSUS is doing. At least, that's the documented behavior, and I've never seen anything else. (Well, the WU client can update the WU client itself without asking, but that's outside the regular update mechanism (at least in XP).) Now, the next time you tell your server (WU client) to check for updates, maybe it will say it needs to download and install 42 billion updates, I dunno. But it won't do it without asking. And I have no idea what is or isn't going on in WSUS server. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: FW: 1100+ revised updates on WSUS?
On Wed, Oct 31, 2012 at 5:13 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Oct 31, 2012 at 7:55 PM, Kurt Buff kurt.b...@gmail.com wrote: Do you have your servers set to automatically download and install updates? No. Then they won't automatically download and install updates. The WU client won't do anything unless it's configured to do so. The WU client behavior is independent of WSUS configuration. If an update isn't approved on WSUS, the WU client won't even consider it. If the WU client isn't told to download/install, it doesn't matter what WSUS is doing. At least, that's the documented behavior, and I've never seen anything else. (Well, the WU client can update the WU client itself without asking, but that's outside the regular update mechanism (at least in XP).) Now, the next time you tell your server (WU client) to check for updates, maybe it will say it needs to download and install 42 billion updates, I dunno. But it won't do it without asking. And I have no idea what is or isn't going on in WSUS server. :-) There is my problem - all machines in the environment are set up via group policy to talk with the WSUS server to download and install any approved updates - logged in users can postpone installs until deadline, and if there's no logged in user, go ahead and install at will. All relevant updates were approved in WSUS at the time of the original release. I would think (just IMHO, you know) that if MSFT releases a bunch of revised updates and says some of these will probably need reinstalling that WSUS would notice and say you need to re-approve these, as they've been updated, but that's not happening. Nor am I seeing new updates for approval that say the previous updates were superseded. So, I can think of three alternatives, though there might be more: o- WSUS doesn't care about the revisions, or at least doesn't believe they require re-installation, and won't raise them for approval, so they won't get re-installed (but if that's the case, why send me a 2mb email telling me about all of them?) o- WSUS cares about the revisions, and since the originals have already been approved, will send the revisions on their merry way, probably causing machines in the environment to reboot (but if that's the case, why aren't any of my machines rebooting now, 24 hours after I received the status update from WSUS?) o- WSUS has sent out the updates, but the machines aren't rebooting. (But if that's the case, why aren't there any event log messages regarding this on, for instance, my Win2k8R2 DCs, which I've just checked?) One alternative I know isn't true: o- WSUS isn't aware of the revisions, so nothing happens. I know this isn't true, because WSUS sent me an 2mb email detailing the revised updates it had just received. Bleh. I'm going home, and hoping the world still exists when I get back tomorrow. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: 1100+ revised updates on WSUS?
You folks saw this today, right? http://myitforum.com/myitforumwp/2012/10/31/a-hot-one-update-causes-wsus-or-configmgr-admin-to-re-download-huge-number-of-updates/ Sent from Windows Mail From: Kurt Buff Sent: October 31, 2012 8:59 PM To: NT System Admin Issues Subject: Re: FW: 1100+ revised updates on WSUS? On Wed, Oct 31, 2012 at 5:13 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Oct 31, 2012 at 7:55 PM, Kurt Buff kurt.b...@gmail.com wrote: Do you have your servers set to automatically download and install updates? No. Then they won't automatically download and install updates. The WU client won't do anything unless it's configured to do so. The WU client behavior is independent of WSUS configuration. If an update isn't approved on WSUS, the WU client won't even consider it. If the WU client isn't told to download/install, it doesn't matter what WSUS is doing. At least, that's the documented behavior, and I've never seen anything else. (Well, the WU client can update the WU client itself without asking, but that's outside the regular update mechanism (at least in XP).) Now, the next time you tell your server (WU client) to check for updates, maybe it will say it needs to download and install 42 billion updates, I dunno. But it won't do it without asking. And I have no idea what is or isn't going on in WSUS server. :-) There is my problem - all machines in the environment are set up via group policy to talk with the WSUS server to download and install any approved updates - logged in users can postpone installs until deadline, and if there's no logged in user, go ahead and install at will. All relevant updates were approved in WSUS at the time of the original release. I would think (just IMHO, you know) that if MSFT releases a bunch of revised updates and says some of these will probably need reinstalling that WSUS would notice and say you need to re-approve these, as they've been updated, but that's not happening. Nor am I seeing new updates for approval that say the previous updates were superseded. So, I can think of three alternatives, though there might be more: o- WSUS doesn't care about the revisions, or at least doesn't believe they require re-installation, and won't raise them for approval, so they won't get re-installed (but if that's the case, why send me a 2mb email telling me about all of them?) o- WSUS cares about the revisions, and since the originals have already been approved, will send the revisions on their merry way, probably causing machines in the environment to reboot (but if that's the case, why aren't any of my machines rebooting now, 24 hours after I received the status update from WSUS?) o- WSUS has sent out the updates, but the machines aren't rebooting. (But if that's the case, why aren't there any event log messages regarding this on, for instance, my Win2k8R2 DCs, which I've just checked?) One alternative I know isn't true: o- WSUS isn't aware of the revisions, so nothing happens. I know this isn't true, because WSUS sent me an 2mb email detailing the revised updates it had just received. Bleh. I'm going home, and hoping the world still exists when I get back tomorrow. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: 1100+ revised updates on WSUS?
AHA! No, I hadn't seen that, and it answers my questions/fears... Now back to our regularly scheduled donations of intoxicating material to tykes for the evening... Kurt On Wed, Oct 31, 2012 at 6:19 PM, rodtr...@myitforum.com wrote: You folks saw this today, right? http://myitforum.com/myitforumwp/2012/10/31/a-hot-one-update-causes-wsus-or-configmgr-admin-to-re-download-huge-number-of-updates/ Sent from Windows Mail From: Kurt Buff Sent: October 31, 2012 8:59 PM To: NT System Admin Issues Subject: Re: FW: 1100+ revised updates on WSUS? On Wed, Oct 31, 2012 at 5:13 PM, Ben Scott mailvor...@gmail.com wrote: On Wed, Oct 31, 2012 at 7:55 PM, Kurt Buff kurt.b...@gmail.com wrote: Do you have your servers set to automatically download and install updates? No. Then they won't automatically download and install updates. The WU client won't do anything unless it's configured to do so. The WU client behavior is independent of WSUS configuration. If an update isn't approved on WSUS, the WU client won't even consider it. If the WU client isn't told to download/install, it doesn't matter what WSUS is doing. At least, that's the documented behavior, and I've never seen anything else. (Well, the WU client can update the WU client itself without asking, but that's outside the regular update mechanism (at least in XP).) Now, the next time you tell your server (WU client) to check for updates, maybe it will say it needs to download and install 42 billion updates, I dunno. But it won't do it without asking. And I have no idea what is or isn't going on in WSUS server. :-) There is my problem - all machines in the environment are set up via group policy to talk with the WSUS server to download and install any approved updates - logged in users can postpone installs until deadline, and if there's no logged in user, go ahead and install at will. All relevant updates were approved in WSUS at the time of the original release. I would think (just IMHO, you know) that if MSFT releases a bunch of revised updates and says some of these will probably need reinstalling that WSUS would notice and say you need to re-approve these, as they've been updated, but that's not happening. Nor am I seeing new updates for approval that say the previous updates were superseded. So, I can think of three alternatives, though there might be more: o- WSUS doesn't care about the revisions, or at least doesn't believe they require re-installation, and won't raise them for approval, so they won't get re-installed (but if that's the case, why send me a 2mb email telling me about all of them?) o- WSUS cares about the revisions, and since the originals have already been approved, will send the revisions on their merry way, probably causing machines in the environment to reboot (but if that's the case, why aren't any of my machines rebooting now, 24 hours after I received the status update from WSUS?) o- WSUS has sent out the updates, but the machines aren't rebooting. (But if that's the case, why aren't there any event log messages regarding this on, for instance, my Win2k8R2 DCs, which I've just checked?) One alternative I know isn't true: o- WSUS isn't aware of the revisions, so nothing happens. I know this isn't true, because WSUS sent me an 2mb email detailing the revised updates it had just received. Bleh. I'm going home, and hoping the world still exists when I get back tomorrow. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin