Digital Choke Daynotes

Daynotes	a daily journal of our activity	Send us email
Digital Choke	an action that is sometimes needed for your computer; also a short techno-story available here.

Sunday, July 13, 2003

Spent the day with my granddaughter and her family.

Monday, July 14, 2003

I usually write these things in the evenings, in the family room, with the TV in the background. So that's where I am now. It's a bit dark in here; the sun has set, and I haven't turned on the family room light (it's way over there, and I can't reach it). So I am using my little LED light that plugs into a USB port. It is bright enough to let me see the keyboard, and it is directional enough that it doesn't glare into my highs. And it wasn't that expensive. I got it from Cyberguys (www.cyberguys.com), which I've found to be very reasonable with their prices. In my previous position at the company, I used them for all the pre-built network cables, which were at a good price.

The only problem with the lighting in this room is that I am getting old. If you are in my age range (ok, I'm 51), presbyopia creeps up on you. That's a weakening of the eye muscles, which means that you need to use reading glasses most of the time. Well, only if you want to read things. That means that I need it for work on the computer (even with a 17" monitor, which is set at 1024 x 800), and using large fonts. I suppose that if I upgraded the work computer to WinXP, and put ClearType on it, the screen text would be clear enough.

On the laptop here at home, I have a 15" screen, but the small text gets a bit fuzzy. The dimness of the room makes it harder to see. The smaller the text, and the dimmer the light, the harder it is to read without glasses. So, I probably should turn on the room light and go upstairs and get my glasses. And then I can stop whining about fuzzy text.

Anyhow, I am writing this in the family room, during commercials, while watching "Monk". It's a really good show; highly recommended. It's on USA network several times during the week; I think the new ones are on Friday nights (which I keep forgetting to watch). But I can do without the Adam Sandler commercials there.

Your security site of today is www.sans.org . Good information there; today I wandered through the "SCORE" area. Lots of good checklists and tools to evaluate how your security plan compares to a comprehensive standard, and to evaluate the security level of servers and other devices. Try out the WIndows workstation scoring tool. Then you can be as paranoid about security as I am. (No, I am not going to tell you my score.)

Tuesday, July 15, 2003

Remember when we discussed on these pages the importance of being aware of when important people leave for any reason? Especially network administrators?

The network admins carry a lot of the keys to your network. They have full access and control of all devices, and the data, on your network. If a network admin needs to leave for any reason, there needs to be a careful transfer of power from that person. While the departing network administrator may not the inclination to do any damage on his way out, it is important to be protective of your network. The admin's access to the network needs to be carefully disabled. Even physical access to devices needs to be considered, along with any remote access. You need to make sure that the departing network administrator is fully excluded from doing anything to the network. And this exclusion needs to be promptly done. The data is too important to your company to allow the departing admin any access at all.

All of this is important to remember. Access needs to be taken away immediately. There is too much potential for damage otherwise. It may not happen, but you have to protect against the possibility.

This is a lesson that was missed in my company today. No details are necessary. Lesson given. Hopefully, a lesson learned.

So that occupied most of my day. And will probably be the main focus for the next couple of days.

We did barbequed hamburgers tonight; they tasted good. I also barbequed a couple of chicken breasts that we'll use for sandwiches tomorrow. We're trying to do a bit less eating out for lunch and dinner. And I will need to stay close to the office during the day.

After dinner, we got a call from Stacy at college. She is very busy with her classes. It is normally a full-semester class that they are cramming into one summer session, so it is quite compressed. It's the first time they have done it, so it is a bit intense. She is doing quite well, though, getting very high marks on her tests. It was good to hear her voice.

Afterwards, Pam and I took a walk. Even though it was hot today (mid-90's), it cooled off nicely this evening. We walked to the local frozen yogurt shop about 3/4 of a mile away, had dessert (I had a very small one, so as to not negate the value of the walk). So it was a relaxing way to end the day.

Wednesday, July 16, 2003

More work on administrative access; password changing, etc. A little bit of email checking, and some planning for the new mail system. I need to spend some quality time with some of the protection devices on our network to become more familiar with their operation and maintenance.

After work, we went over to Pam's parent's house. Pam and her two sisters are putting together a 50th anniversary party this weekend, so there was much visiting going on over Chinese food from Hop Sing's Palace in old town Folsom. (Folsom is originally a gold rush town, and the Chinese restaurant there is quite good. So we had a pleasant evening.

We got home rather late, so have just been relaxing. Not much else to report than that.

Thursday, July 17, 2003

Hot today. It got up to 103 degrees. Not too much humidity, though. It's unusual for the humidity to get above 30% around here; it usually is under 20%. That makes the heat a bit more bearable. But this heat wave, according to the weather dweebs, will be sticking around until Sunday. Luckily, it cools off fairly well at night, getting down to 65-68 degrees.

While I am writing this, I've got the DIscovery channel on. It's "Prehistoric" night, the interesting series about the really old days. The CGI is quite good; lots of prehistoric animals to show how it might have looked according to current research. It's done by the BBC, which did the "Walking WIth..." series, I think.

The usual stuff at work. The most interesting part was when I walked into one office and found that our missing network administrator is back. He's a consultant that has been working for the company for several years, and is very knowledgeable about the security of the network. His abrupt departure on Tuesday was due to funding problems, and a misunderstanding of the message from the CIO to review his funding. The person that did that made the decision that since the money had run out, the consultant had to go. That was not the intent of the big boss, but it had the result of a lot of man hours spent changing access and passwords on lots of devices. The big boss was not pleased about that, and got the consultant back. I was quite pleased to see him back this morning.

I need to spend a bit more time with him understanding all of the devices that help protect our network. It was a bit scary for a couple of days to think that I was responsible for things that I knew little about. More knowledge is needed.

For instance, I've been reading about Nessus, a free network scanning/auditing tool. It requires a server (Linux-based) to act as the auditor, but has a Windows client to configure and run the program. The Linux box, as is typical, doesn't need to be very high-powered. So I'll be grabbing an old computer box, hooking it up to my KVM switchbox (one keyboard/mouse/monitor, four computer boxes), and giving it a try. The first step is to download the software onto bootable CD's, then do an install of the Linux OS on the 'collector' box. I've been reading up on how to do this (I think it's www.techweb.net where I found a good short tutorial; and info about Nessus is at www.nessus.org ), and it doesn't look too complex. Nessus has a good reputation as a network scanner/auditor; all I need to do is be careful about how I scan so as not to affect the production network. (And, to make sure that I have the authority to scan the network. Some companies can get quite upset if scanning is not in your job description. But, that's part of my job, so I am OK on that score.) It should be an interesting excercise that will improve my skills and knowledge.

After work, we went over to Quizno's for dinner. This is a sandwich place that builds deli-type sandwiches with salad-type dressings, in an open-faced manner. Then the sandwiches are run through a toaster oven, where the sandwich is toasted. At the other end of the oven, the tomato and lettuce is added, the two halves are put together, and you have a tasty and filling toasted deli sandwich.

During dinner, I got a call from a person that wanted to look at the trailer. So we went over to my in-laws (that's where the trailer is), and showed it when the guy arrived. He was mildly interested; his wife needs to look at it first, and that might happen this weekend.

Last weekend, someone else came to look at the trailer. He brought along his buddies, who became interested in the big old motor home that has been sitting out in the in-law's back forty. It wasn't running; I think it needed a new fuel pump. My father-in-law is from Maine, so he can be a bit frugal, wanting to fix things himself rather than paying others to do it. But he is fighting a form of leukemia, so he is not able to do as much as he'd like. But he is a tough old bird; three years ago the doctor gave him about six months. But they've been using some of the new cancer-fighting drugs, so he is still hanging in there.

Anyway, the one guy was looking at my trailer. And his buddies got to talking with my mother-in-law, who just wanted to get rid of the motor home. They ended up getting the motor home for about $3500, then fixed it up in a couple of hours and drove it off. Meanwhile, my trailer is still for sale.

Friday, July 18, 2003

Big to-do in the security world the past couple of days. Seems that someone found a pretty widespread vulnerability with the Cisco router operating systems. Routers are the workhorse of networks and the Internet, and this particular problem affects all of them. The vulnerability can cause the router to die, and the only way to fix it is to do a power reset. Since there are routers everywhere, and the code to kill the routers was making the rounds of the 'black hat' crowd.

So everyone is patching the routers, which is something that we took care of yesterday, and we finished checking on today. The design of our network keeps us fairly safe from that particular type of problem. Although the doomsayers are really worried about the problem, it seems a bit over-hyped. That particular equipment is mostly found in the corporate and large operation environment, who are more likely to have better protection. The real problem out there is all the home users with broadband connections that have old (or none) virus protection, haven't installed any updates, and don't have any firewall protection. The result is virus-infected systems sending out more viruses, home computers being used for hosting offensive ad banners, computers being used for massive denial of service attacks, computers sending out confidential information, etc., etc.,

Besides making sure that our systems are OK, I did a little planning for the big email reconfiguration. The servers arrived today, all 13 boxes. That will keep us a bit busy next week.

Showed off the trailer again tonight; they seemed interested, but no offers. They did spend quite a bit of time looking at it. Perhaps they will give us a call this weekend.

Speaking of which, it looks like a busy one. Pam's parents are celebrating their 50th wedding anniversary tomorrow, with a party for all of their friends and their family. Lots of visiting to be done.

And the weather is still supposed to be above 100 degrees. But, minimal humidity, so that's helpful.

Saturday, July 19, 2003

"There is nothing to see here." -- Zork I

Digital Choke Daynotes