Digital Choke Daynotes

Daynotes	a daily journal of our activity	Send us email
Digital Choke	an action that is sometimes needed for your computer; also a short techno-story available here.

Sunday, September 7, 2003

Another Pleasant Valley Sunday. The day's high temperature in the upper-80's, a nice cooling breeze from the ocean, just a few clouds (that made a nice colorful sunset of pinks and purples), and some time spent with the family. A nice call from Stacy (youngest daughter in college in Idaho). Dinner of lasagna, a short walk to the neighborhood park with the grandkids, and relaxing in front of the TV watching an old "Rockford Files".

That's about the extent of it. Hope your Sunday was just as pleasant.

Monday, September 8, 2003

Worked on the new mail systems today. I enabled more fuller auditing, and then a few security policy settings. Last Friday, we looked at the default settings of Windows 2003 (Web Server edition) and found that security has been tightened up considerably from Windows 2000. I only had to enable full auditing, set up the login message text, and change the setting so that the last user name is not displayed. There are some additional settings that might be useful, but overall the default installation seems quite secure.

In fact, the folks at SANS (www.sans.org) have a lot of checklists for servers, along with some "best practices" and a ton of computer security papers. They have not come out with the Win2003 Server setup checklist, so I used the Windows 2000 one. It looks as though they might use server security recommendations from Microsoft as their baseline checklist.

Then I spent some time setting up some admin-level users, and installed Network Associates Netshield/NT (anti-virus) on the two mail and one SQL server. I had to change a few default settings, and then set up for automatic one-hour updates. Not hard to do, just a bunch of clicking and typing. Now that that is all done, the next task is to install MS-SQL Server on the SQL machine, check the security settings, and then I can install the email filtering software (SurfControl EMAIL SMTP) on the other two servers. Once that is all tweaked, those servers will be ready to test in the lab, along with some final auditing for patches and other settings. I will use HFNETCHK from Shavlik, along with some of the free tools from Foundstone.

I also need to work on some project planning and do some more research on the incident response plan. And perhaps some updates on our internal security web pages. With any luck, a productive day will be the result, especially since there are no meetings scheduled.

I spent most of the evening surfing the web, there was not anything interesting on the television. I spent a lot of time on the Security Focus web site, which has some interesting information on it (if you are a security dweeb like me). But it is getting late, so time to quit for now.

Note to Brian C.: please notice that there are no apostrophes in the post for today. Although there are probably some grammatical errors. <grin>

Tuesday, September 9, 2003

Well, I failed the "Brian C test" again. There is a grammatical error in the Monday post. I will let you find it. Most of those errors are because I type this late at night just before going to bed. So there is very limited proofreading. Brian C keeps in touch as my unofficial editor (it is always nice to hear from him). I also forgot to move the "current" anchor, for those of you that may have noticed. It is now where it belongs.

I got a few things accomplished today at work. I am still doing some scanning for the Nachi worm vulnerability. We are getting a lot of port 135 traffic on the network. I am using the Foundstone scanning tool (RPCScan) to find computers that are still infected. The count is down to under a dozen, but they sure put out a lot of traffic. We have a large network, so there are lots of places to look.

I installed MS-SQL 2000 on the new server. It was quite painless. Then I installed SQL SP3, which strongly advises you to set the 'sa' user password before the update will continue. A very common exploit against MS-SQL systems uses the 'sa' account, which is administrator-level. If the password is blank, it is much easier to hack into the system. I will do an audit of the SQL part of the system tomorrow. I did set up a temporary network switch so that the three systems will talk to each other. The SQL server is not talking right now, but it is probably a simple configuration problem. Or, as Jerry Pournelle often says, it could be the patch cable. I just grabbed one out of the spare parts box, so it could be defective.

Pam and I went to the gym this evening on the way home. That is a place that I need to visit more often. I managed to get my heart rate up to about 75/minute. That is a pretty good increase for me, since the medication I take for atrial fibrillation keeps my resting heart rate around 45-55/minute.

When we got home, I fired up the barbeque for some chicken breasts. I put my share on a salad (greens, celery, tomato) with a bit of salad dressing. It was accompanied by a red potato (microwaved for five minutes), and a half-glass of milk. So that was a healthy meal that was quite tasty and filling. Although I did grab a couple of bite-sized Baby Ruth bars later in the evening, a personal weakness I try to keep under control.

After dinner, I connected the laptop to the dial-up line, and did a bit of surfing (including reading various Daynoters). And I got my VPN connection to the office to work. I even got the mail client to connect, after enabling a setting in the firewall to let through that particular traffic. This is all useful to do in preparation for the DSL line that is arriving later this month. So, it was a productive day and evening.

Wednesday, September 10, 2003

"There is nothing to see here." -- Zork I

Thursday, September 11, 2003

"There is nothing to see here." -- Zork I

Friday, September 12, 2003

He's back! (All is well, just got busy.)

I spent some time working on some follow up to the Nachi incident. Some fine-tuning of the incident response process was in order, along with some recommendations to upper management. And we are still dealing with it. There are still some infected computers on our network, and then there is the new patch from Microsoft to deal with the similar vulnerability. We have noticed some problems getting the patches installed, or our scanners (such as the one from Foundstone) are not sensing the installed patches, or the two patches are fighting with each other. We haven't come to a conclusion yet on this problem.

And I note that John Dominik has got a permanent gig with a large consulting company in his area. This is really good news for John, who has been out of work for a bit over a year. And it will be good news for the companies he will be helping out. Although I have only met him electronically, he has great computer skills, so he will be an asset to his new company.

Not much planned for the weekend. A bit of puttering around the house and yard, some grandchildren babysitting (we purchased the "Sleeping Beauty" DVD), and preparation for teaching the church class on Sunday.

Saturday, September 13, 2003

"There is nothing to see here." -- Zork I

Digital Choke Daynotes