Windows Admins out there?

If you look after a Window Active Directory Domain have a read of this document. It’s a good guide to securing your administrative accounts.

The Administrator Accounts Security Planning Guide


Birthdays, Summer and Lost

Okay, so I guess you could tell I was just a little bit pissed off in my last post. I had a great/awful weekend for one reason or another and works been kinda getting to me lately so it all kinda came to a head and I did some blurting out. Sorry about that – though the content’s honest, I can usually keep a lid on it, I’ve managed it for three years so a few months shouldn’t make too much difference to the game plan. I’ve just gotta kep my head in the right places.

On another note – It’s May tomorrow which is officially wicked as it’s my Birthday month! I’m off to see Bonobo and co at Jam for Bread at the Shepards Bush Empire tomorrow night which I’m well looking forward to. Then it’s off to the Synergy Centre on Friday for Cosmic Tims own Birthday Bash which I’m sure will be good fun what with the Synergy crew being a lovely bunch of people.

Come the end of the month, I’ll be wandering down to Sunrise Celebration for another Birthday-ish bash where I’ll be getting busy with Eat Static and System 7 AND The Orb plus my buddies FireFly Solar are putting on the second stage there so it’ll all be a great weekend I’m sure!

All this after I’ve started Lost Series 4 and DAMITT I’m hooked and can’t stop watching it already! I’m only on episode 3 and I want to just play them one after the other! 🙂

Suffice to say the study for my HIPS exam has kinda fallen by the wayside and I’ve rechduled to the 9th May, but I’ll see how things go and may well re-schedule again. I don’t really wanna be studying too much over my Birthday and all. I’ve noticed it’s kinda dull putting on Host based Intrusion prevention systems on hosts that aren’t even connected to the Internet or some other live network. So given that I’ll soon have my ESX server setup so I can bridge hosts through my router on Global IP addresses, I’ll probably wait till then so I can see some real nasty stuff going on. Winner.

InfoSec Europe

I wandered up to Kensington Olympia exhibition center today to spend some time at the biggest IT security event in the UK. I was a little underwhelmed to be honest. The speakers I saw in the technical arena were basically trying to pimp their warez and I wasn’t really there to be sold to. As an organisation, mine doesn’t have much to throw around and they’ve already invested in plenty of software and hardware to do the jobs they need. The speakers were really talking niche problems too.. Not real world enough for me to be hooked into their train of thought.

IT security tends to live a lot in the WOW factor of things, like for example, a new favourite story is you can freeze the memory of a laptop left in a cab, mount it into another PC which, with a package that’ll be available next week, will be able to read all the good shit out on your PC. Passwords for all your favourite websites, AD domain credentials, Cisco VPN client password hashes, etc etc. But they seem to skim over the chances that someone will be within reach of your PC geeky enough to be skilled in the above procedure in the first place, have a can of spray duster and live near enough to get the laptop to an environment to work on it, or a thermos mug of liquid nitrogen to dump the mem chip into etc. They do all require a pretty far fetched sequence of events to occur for someone to actually be able to sit there and say ‘I’ve got all your credentials’.

We all know that a PC hard disk that’s in the ‘hands’ of a hacker or cracker is compromised. You have to have a pretty incredible security policy, some VERY well trained and paid client OS build staff and a fair amount of monetary resource to be able to put up much of a fight to someone with direct access to your PC, or Server for that matter. The hackers and crackers of this world are always on the front foot, always having more time to dedicate to thinking outside the box and corporates are always playing catch up to the shouts and screams of all the security fraternity with things like the spray can story I’ve just mentioned. To top that corporate staff only work 7/8 hours a day, hacking and cracking to the discerned uber geek is a lifestyle, not a 9 to 5 job. Employees and software solutions find it very, very difficult to match that dedication.

So, I was more than a little disappointed in the Single Sign On and Web 2.0 threats talks I hung out in which were glorified sales pitches, which put me off going to any others.
I did gain a lot more though from speaking to vendors my organisation already has investment in, such as Citrix, IBM/ISS and HP particularly. The guys looking after the HP stand were really friendly and helpful, and the IBM/ISS techs were accommodating to my dumb ass questions about the kit I already look after of theirs! I did come away a little gutted that there really isn’t that much more to tell about the game I already administer and all the interesting stuff was more directed at other teams in my department. So I reckon I should stop guessing there’s more to it and squeeze more from our existing setup.

Hey ho, it’s off to work I go!

New Mission

Your mission should you choose to accept it, is to stick a stone and half on in lean muscle mass.

It’s been a week since the Flora London Marathon now. My foots well on it’s way to recovery, the pain is now isolated to just the tendon and the swelling is all but gone. I started back at the gym on Wednesday and I’ve been mostly cracking out 30/40 minute sessions on the cycling machine and then doing 20/30 minutes of strength training on various bits of my body.

I’ll be looking to spend the next week getting back into the swing of weights by doing some casual training at lunchtime maybe topped up with some more of the same, or some cardiovascular work in the evenings. Then, in a weeks time, I’ll stick a proper 3/4 day cyclic routine down for 6 day a training week and get on the Cyclone to kick start the weight and strength gain. I’ve already got a tub and a half of Cyclone kicking around from earlier this year, so it’s dumb not to use it.
All things being equal, I should be able to gain the weight I want by about February next year. It’ll be good fun being able to eat all the time again and appreciate the weight gain, rather than eat ferociously and watch the weight drop off as you do when you’re Marathon training.

At the end of May, I’ll have monitored my food intake and weight gain and I’ll post my weekly diet so you can see how much I have to eat a week to get by!

Bring on the Beefcake!

Life with a knackered foot

I went back to the scene of the crime today. I was up at London Docklands for a meeting with an ISP and walked the streets that saw me triumph against them, yet kindly gave me all this pain in return. I think I can almost photographically remember the entire route, around every corner I was looking for somewhere to collapse out of sight and get the weight off my foot!

I’m back at the gym now too even though I’m not doing anything with my feet, I’m just getting a few weeks of muscle stimulation out the way before I start weight training properly. Whilst doing some barbell curls I noticed how much my right calf has wasted or just reduced in size from the lack of use. It’s noticeable even standing 10ft away so I’m dead keen for that to stop as I don’t want a weedy leg! I’ve convinced myself it’s only from the direct lack of use over the past 10 days or so and the way I’ve been limping and not bending my ankle. Give it a couple of days of normal use and a weights session and it’ll return to shape and not look out of place.

Thanks again for everyone that sponsored me for Sunday and supported the cause!