ALI Blog

Executive and Technical Blogs

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Login
    Login Login form
Recent blog posts
Cisco BotNet Filter Proves Itself (Fast) in a Compromised K-12 Environment
Tony Rector, Sr. Support Engineer, CCIE

 
Botnets are an increasing source of concern for everyone. They are extremely difficult to detect, can propagate and mutate quickly, and pose numerous security risks, from data leakage to denial-of-service attacks. The Cisco ASA 5500 Series Botnet Traffic Filter is a great new feature available with the Cisco ASA 8.2 Software Release for botnet traffic detection. We recently put this solution in place for a school that was struggling with massive traffic issues, rouge devices, compromised PCs and large unnecessary downloads. The reporting functionality gave me so much insight that I was able to help the client rapidly pinpoint problem areas and then correct them.
 
It's a inexpensive subscription based SW solution that provides multiple levels of endpoint protection monitoring. It checks network ports for rogue activity and by detecting infected internal endpoints and bots sending command and control traffic back to a host on the Internet. The command and control domains and hosts associated with botnets and malware distribution are accurately and reliably identified using a dynamic database managed by the Cisco Security Intelligence Operations center. The reporting is very good, and you can easily obtain very important information about your network.
 
A free trial is available for qualified Cisco ASA 5500 users. Please contact your ALI Account Manager to initiate a request. If you are not sure who to contact, a quick email to info@ali-inc.com will get someone in touch with you quickly. As always, if you are experiencing security issues with your network, I am available for assistance via our Service Desk at (800) 283-2648 and push option 1 to speak to Jane Bankovich who schedules me.

August 27, 2010

Every organization's data multiplies every day. This is necessary. Normal. Yet the ugly truth is that often there is so much data, it's overwhelming to cope with how to access or prioritize just certain files. Or make sure certain user identifiable files are archived differently. You could end up with a mountain of data to back up that takes too long and costs a bunch of money that might be unnecessarily spent. So how to do deal with this issue of managing unstructured data?

This topic of conversation got started on a Linked-in Technology forum back in March as we were publicizing a webcast session on managing unstructured data. Some felt that the time had come for this discussion, particularly in the wake of an excellent presentation by Virginia Tech of the challenges they went through after their campus shooting. Some advocated a very short retention policy, which sparked more debate about the life span of "content" and its importance in the organization for documentation and continuity. If you are a member of LinkedIn, you can follow the full discussion on the Region2000 Tech Council Group discussion, or post your comments and questions here.

LEARN MORE ON DEMAND

Want to learn more? If you’d like more information on this topic, be sure to access the webinar on demand. That session really dug into how to address the real challenges of managing all those “unstructured” files: documents, spreadsheets and all the other types of documents that get created each work day.

Linux tip:
How to find out the most recent installed packages with RPM


You probably know the last software package you installed, but are you aware of all the dependencies that were also installed?  Here's a tip to help you.

Use this command to show the newest installed packages at the top:  rpm -qa - -last

The newest packages will be at the top. Since the list is probably long, you might want to pipe the output to less:

rpm -qa - -last | less

Type q to exit less. You can also pipe the output with grep to search for a specific day or date with Jun as an example like this:

rpm -qa - -last | grep Jun

You can also pipe the request to a text file:

rpm -qa --last > filename

Looking for more help with your Linux systems?  Contact us and we'll be happy to set you up with an engineer who can help!

Tuesday, Microsoft released an out-of-band security update to address the .LNK vulnerability described in Microsoft Security Advisory 2286198. Microsoft Security Bulletin MS10-046 addresses one vulnerability in Windows, has a maximum severity rating of Critical, and an Exploitability Index rating of 1. The security vulnerability affects all supported editions of Windows including Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

It is recommended that customers deploy the update as soon as possible to help protect their computers from criminal attacks. The security update protects against attempts to exploit the vulnerability by several malware families.

IT professionals may also want to view the out-of-band bulletin release overview webcast with Christopher Budd, senior security response communications manager, Microsoft, for a quick synopsis of the highest risk and impact scenarios. More information on the webcast can be found on the Microsoft Security Response Center (MSRC) blog.

If you have any questions, please do not hesitate to contact our Technical Assistance Help Desk at (540) 443-3398.

If you find your C drives on Microsoft Small Business Server edition 2008 mysteriously filling up, check the logfile folders in C:\inetpub\logs\LogFiles.

WSUS seems to like to accumulate multiple gigabytes' worth of logfiles in at least one of those folders, with single files clocking up 100-300 MB!

If you need assistance on this issue, don't hesitate to give a call to our Help Desk and we can help.

Brice Stevens
Technical Assistance Center
(540) 443-3398

 

Symantec End-of-Life, End-of-Availability and End-of-Support Announcement

Date:      August 2, 2010

To:       Customers of the following products:

•   Symantec Multi-tier Protection
    (all versions)
•   Symantec Multi-tier Protection
    Small Business Edition
    (all versions)

Re:       End-Of-Life, End-of-Availability and End-of-Support Announcement for Symantec Multi-tier Protection 11.0.2 and Symantec Multi-tier Protection Small Business Edition 11.0.2

Symantec Corporation will be discontinuing the availability of Symantec Multi-tier Protection products. These products have been replaced by Symantec Protection Suite 3.0. This letter details the key dates that are of importance to you.

Version Upgrade: Customers with current maintenance were sent Version Upgrade Notifications and license keys to Symantec Protection Suite 3.0 starting on January 4th 2010. Symantec Multi-tier Protection 11.0.2 customers were upgraded to Symantec Protection Suite Enterprise Edition 3.0, while Symantec Multi-tier Protection Small Business Edition 11.0.2 customers were upgraded to Symantec Protection Suite Small Business Edition 3.0. These new suites include all of the previous Symantec Multi-Tier Protection products and newly added software – such as Symantec Backup Exec System Recovery Desktop Edition 2010 (BESR 2010).

End of Life: As of August 2, 2010, Symantec Corporation will begin to End of Life ("EOL") the product(s) identified in this notification, including any Maintenance Packs and/or patches for each version, in all released languages.

End of Availability: End of Availability will be August 2, 2010. At this time no additional product licenses will be available for purchase. Customers may continue to purchase renewals for maintenance contracts up to June 1, 2015.

Standard Support: Provided the customer maintains a current maintenance contract for the products, Symantec will provide Standard Support for issues at all severity levels until January 13, 2013.

Partial Support: Partial Support begins on January 13, 2013. Our technical support engineers may provide you with known fixes/patches/workarounds, existing Maintenance Packs, or information from our Technical Knowledge Base in response to your request for assistance.

 Additional Resources

For more information regarding Content Updates or the services provided in Standard Support or Partial Support, please refer to the Symantec Enterprise Technical Support Policy at the link below or contact your ALI Account Manager:

http://www.symantec.com/enterprise/support/support_policies.jsp

Hits: 15425