Archive for June, 2010

Enable of Windows 2008 R2–the Active Directory Recycle Bin

Thursday, June 10th, 2010

Even in professionally managed network environments it is still possible for mistakes to happen. If an Active Directory object such as a user or computer account is accidentally deleted  network access will be lost. Worker productivity will decline until the account is restored and IT support costs will add to the total expense incurred by the organization.

In the past the best method to restore a deleted AD object is to reboot a domain controller into Active Directory Restore Mode, logon the computer with a special administrative account, and restore the Active Directory database from a backup file. The final steps are to run the NTDSUTIL command line utility to authoritatively restore the object in question and then reboot the computer into normal mode. This procedure is cumbersome, time consuming and requires that the backup file selected contains the most current version of the object.  Many administrators have wished that an easier method was available.

With the introduction of Windows Server 2008 R2 it is possible to enable an Active Directory Recycle Bin. Deleted AD objects can be restored complete with all object related attributes intact. These attributes includes user and computer account group memberships. In order to enable the Active Directory Recycle Bin all Domain Controllers in the Domain must first be upgraded to Windows Server 2008 R2. The Domain functional level of the Domain and the Forest must be raised to 2008 R2 functional level. This can be accomplished in the Domains and Trusts administrative console. If the Active Directory Forest was created using Windows 2000 or 2003 Server it is also necessary for a member of the Schema Admins group to update the Active Directory Schema by running the ADPREP /Forest Prep command on the Schema Master domain controller and the ADPREP /DomainPrep command on the Infrastructure Master computer. Raising functional levels may affect some applications that integrate with Active Directory, therefore it is important to research possible issues before raising the levels.

Once the functional levels are raised the Recycle Bin can be enabled using the following PowerShell command: “Enable-ADOptionalFeature -Identity <ADOptionalFeature> -Scope <ADOptionalFeatureScope> -Target <ADEntity>”. This command must be run using the Active Directory Module for Windows PowerShell  by an member of the Enterprise Administrators group.  Microsoft gives us an example of how this command would look when it is used to enable the Recycle Bin for the Contoso.com domain:

“Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature, CN=Optional Features,CN=Directory Service, CN=WindowsNT, CN=Services, CN=Configuration, DC=contoso, DC=com’ –Scope ForestOrConfigurationSet –Target ‘contoso.com’”

Now that the Recycle Bin is enabled, deleted object can be recovered using either PowerShell or the ldp.exe utility. This process is described by Microsoft here: http://technet.microsoft.com/en-us/library/dd379509(WS.10).aspx

Save yourself time and aggravation by enabling the Active Directory Recycle Bin soon!

How Sarah Palin Yahoo email account got hacked?

Thursday, June 10th, 2010

The trial of David Kernell, the alleged Sarah Palin hacker, has started, and he could face up to 20 years in prison if convicted.  In this case, the defendant is accused of hacking into Sarah Palin’s Yahoo email account.  The account was breached when the attacker was able to guess the values for the password reset.  Many online services allow you to reset passwords if you can answer several cognitive questions such as your date of birth, your zip code, where you met your spouse, or maybe what high school you attended.  While some might argue that this attack was not even a real hack, the potential jail time is. The defendant could be sentenced to many years in prison if found guilty.

The real moral of this story is the accessibility of information and how this accessibility can work for or against you. The attacker used available information to figure out the answers required to reset the email account password.  Once the hacker had access to the email account, screen-shots of the email account were posted online for everyone to see.  These screen-shots not only showed the content of the email account, but also the URL of the proxy server that was being used to hide the hacker’s true identity.  This information ended up being the hacker’s undoing as it allowed authorities to track the suspect by his IP address and tie the activity to Mr. Kernell.

Keep the “Advanced Features” view always on in Active Directory Users and Computers MMC

Tuesday, June 8th, 2010

“Is there a way to keep the “Advanced Features” view always on?”

If you start a blank management console, add the ADUC snap-in, turn on Advanced Features view, and save the console, whenever you use *that* console file, Advanced Features will be on.

1. Launch a blank Microsoft Management Console: Start-> Run… mmc.exe

2. In the MMC menus, choose File->Add/Remove Snap-in… (or Ctrl+M)

3. Select “Active Directory Users and Computers” and hit the “Add >” button in the middle.

4. Hit OK to finish adding the snap-in.

5. Back in the console, select the Active Directory Users and Computers node under the “Console Root.”

6. Right-click on that ADUC node and choose “New Window from Here” in the menu.

7. In the MMC menus, choose  View->Advanced Features (this turns on the Attribute Editor, Security, Object, and other tabs as well as several other features in menus and makes other objects visible).

8. In the MMC menus, choose  File->Save (or Ctrl+S), specify a file name folder, file name, and hit the Save button.

9. In the MMC menus, choose  File->Options… and choose “User mode – limited access, single window,” then check the “Do not save changes to this console” checkbox, and finally hit OK.

10. In the MMC menus, choose “Save As…” and save under a different file name, and choose “Yes” when warned about the single window interface option.

11. In the MMC menus, choose File->Exit

12. Launch the second console you saved (in step 10) and use it – it should always have Advanced Features turned on.

13. If you need to make changes to other settings in the console, open the first console you saved (in step 8), adjust whatever other options you want, then repeat steps 9, 10, and 11 using a different file name in step 10 this time to distinguish the new settings.

Five Keys to Security Fundamentals

Tuesday, June 8th, 2010

(Excerpted & condensed from the Cisco Press book Network Security Auditing, by Chris Jackson, available June 4, 2010)

To understand security, it is critical that you realize that security is a process, not a product. Security is a broad topic, and one of the few in information technology that literally touches all aspects of a business. To focus security efforts and to make them manageable, it helps to break down the various aspects of security into the five pillars of security.

1. Assessment

Assessments document and identify potential threats, key assets, policies and procedure, and management’s tolerance for risk. Assessments are not something that are done once and then forgotten. As the business needs change and new services and technologies are introduced, regularly scheduled reassessments should be conducted. Doing this gives you an opportunity to test policies and procedures to ensure that they are still relevant and appropriate.

2. Prevention

Prevention is not just accomplished through technology, but also policy, procedure, and awareness. Expect individual security controls to fail, but plan for the event by using multiple levels of prevention.

3. Detection

Detection is how you identify whether or not you have a security breach or intrusion. If you can’t detect a compromise, then you run the risk of having a false sense of trust in your prevention techniques.

4. Reaction

Reaction is the aspect of security that is most concerned with time. The goal is to minimize the time from detection to response so that exposure to the incident is minimized. Fast reaction depends on prevention and detection to provide the data and context needed to recognize a security breach.

5. Recovery

Recovery is where you play detective to determine what went wrong so that you can get the systems back on line without opening up the same vulnerability or condition that caused the problem in the first place. There is also the post-mortem aspect that determines what changes need to be made to processes, procedures, and technologies to reduce the likelihood of this type of vulnerability in the future.

About the Author

Chris Jackson, Technical Solutions Architect in the Cisco Architectures and Verticals Partner Organization, has focused for the past six years on developing security practices with the Cisco partner community. During a 15-year career in internetworking, he has built secure networks that map to strong security policies for organizations, including UPS, GE, and Sprint. Chris is an active speaker on security for Cisco through TechwiseTV, conferences, and web casts. He has authored a number of whitepapers and is responsible for numerous Cisco initiatives to help build stronger security partners,. He holds dual CCIEs in security and routing and switching, CISA, CISSP, ITIL, seven SANS certifications, and a bachelors degree in Business Administration.

Top 10 Must-Have Skills for IT Pros

Tuesday, June 8th, 2010

There are many skills that IT Pros should know about in doing their day-to-day jobs. That is one of great benefits of being in the IT industry – learning new platforms and products as they are released. The following list has many of the most common ones that most IT Pros should have. While there are ten skills listed, they are not in an ordered ranking. Depending upon the size of the IT infrastructure and environment, some of these might not be applicable.

1. Troubleshooting

Is this a skill, an art, or both? If you ask any seasoned IT professionals, they will tell you that troubleshooting skills are important, very important – and not something that can be readily taught. The difficult part is that troubleshooting is a specific skill set that many corporations simply do not have the time or money to invest. Troubleshooting skills could make or break your career. Not having the required troubleshooting skills could become a RGE (resuming generating event), or it could become a career enhancer when you are able to fix a mission-critical server. All of this being said, one would think that there would be more emphasis on teaching and sharing troubleshooting skills; unfortunately, this is not the case. This is one skill that must be learned only after mastering a particular platform or program.

2. PowerShell and Scripting

No, you don’t have to be a programmer to be a successful network engineer (or vice-versa for that matter), but you do have to know PowerShell. More platforms from Microsoft (Exchange 2007 and Exchange 2010 have some features that can ONLY be implemented with PowerShell) are managed through PowerShell – including the recently released SharePoint 2010. Being able to script many day-to-day tasks will make more time available for proactive tasks.

3. Networking and Interoperability

Interoperability is the key to networking. We live in a highly connected world, a world of disparate platforms. Networking is understanding how to make these platforms communicate. As an IT Pro (and this includes programmers to a certain extent), you must understand the communications protocols, OSI Model layers, and connectivity required for systems to communicate. This also includes understanding connecting and securing wireless networks. This is one skill that is common to almost all IT Pros, whether they are programmers, security personnel, auditors or the help desk personnel.

4. Virtualization

It doesn’t matter which Virtualization technology you use (Microsoft’s Hyper-V, VMware, or even Sun’s VirtualBox), it is the use that is important. Virtualization is being adopted by companies of all sizes as a means to reduce costs through consolidation of servers and lower cooling requirements. Application Virtualization has become very popular with businesses. Having the skill set to deploy applications that connect securely through a browser is critical for companies that have numerous offices.

Virtualization can aid in near real-time response to network conditions by providing for more disaster recovery capabilities. Another interesting area of virtualization is through the use of desktop virtualization. This involved configuring and maintaining the virtual environment whereby users can connect to their own virtual desktop remotely or through the web. Another use for virtualization is for improved instruction for IT education and elsewhere, since there is no longer a need to have large numbers of computers for classrooms.

5. Wireless

As part of our highly connected world, we expect to able to connect wirelessly from almost anywhere at any time. Those IT Pros who can install, configure, and maintain secure wireless networks have a skill that is in high demand. The key word here is secure wireless network. IT Pros with this skill set are in high demand as we expect to be able to securely connect to wireless networks in almost all locations at any time. Implementing a secure wireless environment also means being able to plan and troubleshoot interferences as well. Anyone managing wireless environments must be able to handle the calls that come in from remote users who are having problems with their wireless equipment, and different operating systems capabilities and limitations.

6. Disaster Recovery

This is as much a methodology as a skill set. IT Pros must be able plan, test, and implement a disaster recovery (DR) plan. This is critical for the survivability of a data center or network. One of the hardest tasks is being able to test disaster recovery plans. There is hardly enough time available to perform the critical tasks that need to get done while adding a yearly or semi-yearly test of the DR plan. An integral part of the disaster recovery process is implementing fault-tolerant systems and providing for redundancy in your network.

7. Security

All IT Pros must have a good understanding of both physical and electronic security. One of the most difficult tasks with IT security is educating users. Company information can be gleaned through social engineering that most companies would rather not have divulged. Training users (and IT staff) to be cognizant of and prevent social engineering is extremely difficult. IT Pros must always be aware of security issues and understand the vulnerabilities within their networks (from operating systems, servers to the lowly cable closet). This does not mean that every IT Pro must be able to perform a penetration test against his or her own network, but they must understand and prevent attacks against their network.

8. Database Administration

Corporations retain more information than ever before and are quite dependent on their databases. Regulatory compliance has had a huge impact on database management and data retention. Corporations are required to retain information for a number of years and, in some cases, emails as well. Storage space and solutions have become much cheaper, so there is more emphasis on data retention. Having the ability to create and extract information from one of these databases is critical. Many IT Projects use a SQL backend, Archiving information from Microsoft’s Office Communication Server requires a SQL backend. If you are going to deploy Microsoft Office SharePoint Server (MOSS), this will require a SQL backend. IT Pros these days do not need to be DBAs, but they must be able to administer and maintain these servers. There are several database systems commonly used: SQL, Oracle, and MySQL.

9. Desktop Imaging

Imaging of desktop systems is a critical skill as companies are shifting to standardized desktops and deployments. Part of this is done to deploy a consistent and secure platform as well as to provide ease of management. There are many imaging programs available, as well as Microsoft’s Windows Deployment Services and imaging utilities.

10. Helpdesk (People Skills)

One of the most critical skills that IT Pros need to learn is how to interact with non-technical people. The Help Desk is the first interaction most users have with the IT department, and it should be a positive experience. IT Pros are very good at their jobs, but sometimes lack the ability to relate to their non-tech colleagues. Users just want their computers fixed or their data recovered; they are not concerned with the processes behind our actions. IT Pros should have some experience working at the Help Desk.

These are some of the most important skills that an IT Pro should know. If you don’t know some of these areas, now is the time to learn them. One thing to keep in mind is that you are your own best career manager! You are the only one who can decide where you want to head your career.