Monthly Archives: July 2011

Facebook, Google, Microsoft, Tech

How to live with malware infections

Get used to it: Malware can’t be completely blocked or eliminated. But you can manage your PCs, mobile devices, and networks to function despite being infected

How can you be sure your organization doesn’t have insidious viruses or other malware lurking within systems and applications, waiting to inflict damage? You can’t.

 

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

 

Malware has grown sophisticated to the point where there’s no guarantee that it’s actually gone, even when you’ve applied the latest antivirus software. Making matters worse, IT infrastructures are becoming much more complex — with an ever-growing population of devices that give malware even more possible entry points.

[ Your executives are big, fat, juicy targets for spearphishing attacks. Learn how to protect them from being harpooned. | Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld’s expert contributors in InfoWorld’s “Malware Deep Dive” PDF guide. ]
Malware Deep Dive

These days, you have to assume there are some infected PCs or other devices on the corporate network.

Get used to it: Malware is everywhere you go
The malware problem is getting worse. According to the Ponemon Institute’s 2011 State of Endpoint Risk study, 43 percent of the 782 U.S.-based IT and IT security professionals surveyed reported a “dramatic uptick” in malware in 2010. Fully 98 percent of the organizations surveyed by Ponemon experienced a virus or malware-based network intrusion, and 35 percent said they had experienced 50 malware attempts within a span of just one month, or more than one intrusion per day.

“The current batch of malware we’re seeing is very sophisticated and well written, and it hides itself well and avoids detection well,” says Fred Rica, principal in the information security advisory practice at the PricewaterhouseCoopers consulting firm.

The good news is that this “living with malware” scenario doesn’t have to lead to lost data, unavailable systems, or other problems. Companies can and do function despite these intrusions.

Here are some approaches that can help minimize the effect of malware on your network and in your systems so that your company can carry on with business despite the nagging presence of these troublesome programs.

Malware survival tip No. 1: Practice good data governance
You can help minimize the damage caused by malware by more effectively protecting the specific types of data that many of the malware programs are going after in the first place. In a lot of cases, they’re looking to exploit sensitive data such as personal information, trade secrets, research and development findings, and other intellectual property, Rica says.

PricewaterhouseCoopers is working with many of its clients to create a strong data governance model that helps the organizations better understand what their most critical data is, where it’s stored, how it moves on the corporate networks, and how they can put the right controls in place to maximize the security of that information.

An audit of the information assets at many companies will show that sensitive data such as customer credit card numbers is initially well-guarded, Rica says. But eventually it ends up in less-protected applications such as spreadsheets or emails, where it is more susceptible to malware.

“We’ve seen clients lose tens of millions of credit card or Social Security numbers because they’re in spreadsheets somewhere outside the HR system,” Rica says. “Our approach is to use better data governance models so that this data has the same [security] controls around it regardless of where it resides. Make sure the data is protected through all stages of its lifecycle.”

Because all data is not equal, a key part of data governance involves categorizing information so that you can identify which data is most critical to the company and its customers. From there, you can apply more stringent access controls.

“Start to separate the infrastructure based on what are your crown jewels versus what’s costume jewelry,” says Patricia Titus, chief information security officer at technology services provider Unisys. Titus says Unisys uses guidelines created by the National Institute of Standards and Technology (NIST) designed to help organizations characterize the importance of their data and select the right security controls.

Microsoft, Tech

The Network Performance Management Challenge

When it comes to server virtualization and cloud computing, network performance management may be an Achilles’ heel.

There is no question that server virtualization can help organizations reduce costs while streamlining operations. I constantly hear stories about server provisioning going from weeks to hours now that it is as simple as spinning up a new VM. In theory, this will get even easier as IT develops applications on top of cloud platforms like Azure, AWS, and Google App Engine while leaving all of the infrastructure gorp for others to deal with.

Unfortunately, there is a catch to this Polyanna tale. Server virtualization drives higher utilization of servers, more network I/O, and can distribute workloads that need to communicate. What’s more, VMs are mobile by nature. All of these things — higher density, more I/O, server-to-server traffic, and VM mobility make performance tuning an absolute bear. One VP of network engineering told me, “we are tuning the network all the time,” while another stated, “we did a deep dive on network flows and traffic analysis to understand how server virtualization was impacting network performance. We knew things were running slow but it took a lot of work to figure out why.”

 

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

 

This is a big problem. According to a recent ESG survey, 25% of organizations say that performance management is one of their biggest server virtualization challenges. Hybrid clouds? Burstable applications? Unless we figure out basic performance management in a virtual server environment, the cloud will remain a vision.

How do we address this problem? First, we need visibility up and down the stack — in real-time. Second, we need a better baseline understanding of network behavior. Note that I didn’t say “normal” behavior as nothing will be normal when infrastructure is shared across diverse workloads. We will need to extract operations data from virtualization and cloud platforms (like vCenter or Eucalyptus) and we will also need to store more packet capture data and marry network performance management with big data analytics. Finally, we will need standard ways to share and exchange network behavior data with cloud providers and ISPs.

Some of this work is in progress already — companies like NetScout, Opnet, and SolarWinds recognize IT requirements and are moving quickly to capitalize on the market opportunity. Riverbed may also have an interesting play here with a combination of Cascade and Wireshark. Vendors that are making progress understand that network dynamics are changing rapidly. Keeping up with these changes means capturing and analyzing data to a far greater degree than past LAN/WAN performance management efforts.

When it comes to cloud computing, everyone talks about security as being the biggest impediment. That may be true, but network performance management must become more virtualization aware and cloud-ready before the cloud computing show plays on Broadway. This IT challenge creates a huge market opportunity.

Microsoft, Tech

Diving Deeper with NetFlow Tips and Tricks

Templates, sFlow versus NetFlow, what DNS requests can tell you and other secrets from analysis experts

Readers have told me that they like blog posts with technical tips and tricks. So I asked SolarWinds to write an article about making the most out of NetFlow. The following is a guest post written by Denny LeCompte, SolarWinds VP of Product Management and Mav Turner, SolarWinds Product Manager. SolarWinds makes the popular Orion NetFlow Traffic Analyzer (NTA) that analyzes Cisco NetFlow, Juniper J-Flow, IPFIX, & sFlow data. Got more questions about NetFlow? Leave them as a comment and we’ll see if we can get them answered for you.

 

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

 

This article will provide you with some insight on how to take your NetFlow skills to the next level and provide you insight on some of the more important aspects like templates and what you can do with them. It will also explain how to dissect all of that data you are collecting and how to get on the right path if you want to go full guns a-blazin’ and create your very own NetFlow tool.

When Cisco introduced NetFlow v1 for its routers and switches, it was really onto something. By the time v5 came around, it set the stage to become a ubiquitous traffic monitoring solution, and it is a wonderful tool for collecting critical information on network traffic.

Best of all, NetFlow v5 can be enabled on most network devices, making it easy to deploy and configure across the network. And if a vendor isn’t using NetFlow, chances are they are using something similar called sFlow. So, you should have your bases covered. When deployed correctly, NetFlow provides you with a crystal ball of information that lets you know how your network’s bandwidth is being utilized.

Why would you want to analyze Netflow and, more importantly, why would you want to dive deeper? Well, if you are experiencing a network slowdown, it could be a symptom of something more serious, like bandwidth hogs using YOUR network to torrent movies or host large personal files that are shared out to the world. You could be experiencing network configuration problems, security breaches/attack, or a botnet … oh my!

MCTS, MCTS Certification, MCTS Training, Microsoft

ActualKey 70-680 Exam Profile: MCTS: Windows 7, Configuring

Leave a comment

For those who may think that they are experienced with 70-680, you need to review the objectives to determine if you really know Windows 7. For example, most people who are trying to get a start in Information Technology have installed Windows 7 from the installation DVD, and many people have upgraded Windows Vista to Windows 7. However, unless you work in a corporate environment where you are responsible for deploying Windows 7, most people have not used system images or automatic installation with an answer file.

Another big change from earlier versions of Windows is the repair and recovery options. For example, although safe mode and last known good configuration have not changed, you will need to know how to create and use a system recovery disk and how to use the Windows PE disk and the related commands.

 


Microsoft MCTS Certification, MCITP Certification and over 2000+ Exams at Actualkey.com

Lastly, be sure you review the newer technologies including user account control (UAC), BranchCache, DirectAccess, BitLocker, and BitLocker ToGo. In addition, be sure to know how to recover encrypted files even if the user forgot their BitLocker pass code.

Preparation Hints:
For any exam, always go to the source, which in this case is the Microsoft 70-680 exam page. The exam objectives are listed later in this article as well as posted at the Microsoft site. You need to look at the objectives and rank them for what you think you know and what you think you need to learn about. If the objectives are totally foreign to you, don’t be discouraged; it just means that you have a lot of work ahead of you. Remember, everyone in Information Technology had to start somewhere.

After you know the objectives, you should be using MCITP Certification for several months. You need use the advanced features that deal with recovery and security, and support corporate environments. Again, these features are listed in the objectives but are not usually used by everyday home users.

Next, don’t be afraid to get on the Internet and research some of the topics. Again, take smaller steps so that you are not overwhelmed. Whenever possible, you want to use Microsoft websites because the exam comes from Microsoft.

Look at your local schools. Many schools have excellent programs and include hands-on classes. Remember, that most people in the technical field learn best hands-on.

Don’t be afraid to set up your own network. You will most likely need to install a Windows Server 2008 R2 as a domain controller and use Windows 7 that is both connected as part of the domain and not connected as part of free Microsoft practice IT questions the domain. Also be sure you manually configure IP configuration, wireless connections, and Windows Firewall (Basic and Windows Firewall with Advanced  Security).