Learn some helpful IT Administrator tips and tricks.

Welcome to the most comprehensive list of tips and tricks for IT field, you'll find anywhere on the internet. I hope these tips help you get the most out of your internet.

Cloud Computing Next Generation of your company

Benefits of cloud computing is increased efficiency; services are rapidly deployed and ready for use in your company. Find out about the benefits of moving your business to cloud computing....

Support Tips and Tricks

Tips and Tricks for. Learning Before. Helping. Learning. Service. Research Computing... We are ...

Server, Network, System, Application | Diagram

Client-side Examples; Server-side Examples; Client-side Advantages ... this concept is to view the following diagram and considering some examples: ...

Good roadmap for System Engineer, Network Engineer

Roadmap global customer support professionals are focused on crucial, quick issue resolution and uninterrupted service.. HOW?

Wednesday, December 14, 2011

Basic commands

Basic commands, windows admin's should know


Basic commands
View Last Reboot Time
net statistics server | more
Run a program as another user
runas /user:domain\username appname
ex: runas /user:jeffk cmd.exe


Remote Desktop into Console of specific computer
Mstsc /v:computername /console
Ex: mstsc /v:deserver /console
Map a network Drive
Net use drivename: \\server\share
Net use z: \\daserver\music
Force network credentials
Net use \\server\sharename /user:domain\user
Ex: net user \\daserver\music /user:jeffk
Tip: Before using this you may want to issue net use * /d to delete previously stored credentials, or you can view your credentials by just typing net use

Environmental Variables 
use these at start>run to quickly goto or anywhere in explorer
Tip: Type set to see your variables
%windir%
%systemdrive%
%appdata%
%userprofile%
%programfiles%
%allusersprofile%
%temp%


sc queryex - The following command displays the process ID (PID) that corresponds to a service
sc \\ qc - The following command displays the services that the specified service depends on
sc \\ enumdepend - The following command displays the services that depend on the specified service
psservice \\ depend - You can also use the following command

taskkill -pid - The following command kills a process by PID
taskkill /s -im - And this command kills a process by name on a remote server
pskill \\ - The pskill.exe utility works in a very similar manner

tasklist - viewing the running processes via the command line
pslist \\ - The Sysinternals pslist.exe utility is available for Windows Server 2003 or Windows 2008 and can be run against a remote host
top - There is also the top.exe command, which is available in the Windows 2003 Resource Kit. It provides a continually updated view of the top running process (by CPU)

runas /user: "" - The runas.exe command allows you to run a command with alternate credentials
runas /user:AMER\rallen.adm "mmc.exe" -

diskpart - On Windows Server 2008, you can use the diskpart utility to view the disk, drive, and volume configuration. First, get into interactive mode
list disk - to view the list of disks
list vol - to see the list of volume and assigned drive letters,

Location-Aware Printing

Windows 7: Location-Aware Printing
Note: this feature is only available for mobile devices, and not on desktop computers.

       One of  Windows 7's new feature is it can automatically switch your default printer when you move between networks (for example, when you move your laptop from your home network to your business network).

To configure this feature, follow the instructions below:
  • Click the Start menu and in the search field type Devices.
  • Click the link for Devices and Printers.
  • Select a printer and right-click Manage Default Printers 
  • Select Change my default printer when I change networks
  • Select a network, select the default printer you want to use when on that network and press the Add button.
  • Do the same for each network that you joined your laptop to it.
When you connect to a network, Windows will automatically select the default printer that was specified for it. 

Scheduling to Shutdown Automatically

Windows 7: Scheduling Your Computer to Shut Down Automatically
      Do you leave your computer on for extended periods of time, and would like it if your computer would automatically shut down at a specific time of day. Follow the instructions below.


  • Click the Start button, in the search box, type "scheduled tasks" then click the item in the search results.
  • In the Task Scheduler console, in the Actions pane on the right, click "Create Basic Task ...".
  • In the Basic Task Wizard dialog, enter a name for task, such as "Shutdown Computer" and include a optional description such as "Shuts down computer at 12:00 a.m. everyday", press the Next button.
  • On the Task Trigger page, select "Daily" and press the Next button.
  • On the Daily page, enter a start date and time that you want the task to first begin (e.g. 12/1/11 and 12:00 a.m.) and press the Next button.
  • On the Action page, select the "Start a Program" and press the Next button.
  • On the Start a Program page, in the Program/script field, type: %SYSTEMROOT%\SYSTEM32\SHUTDOWN.EXE
  • Press the Next button, review the Summary page and press the Finish button.
     Based on the task that was defined above Windows will now automatically shut down at 12:00 a.m. each day. Although before it does the system will display a pop-up notification, "Windows will shut down in less than a minute."

Tuesday, December 13, 2011

How Many Types Of Servers?

      Servers provide computing power to facilitate transfer of data across a network to enable applications, operating systems, file transfer, email, printing and communications among client computers. Each particular type of server is generally defined by its configuration and software which enables it to communicate with intermediate client machines.     Whether you are powering business communications, web site access, application or distributing computing power across a variety of machines, servers provide the computing power at the core of any network. Each unique type of server is managed by a platform, which pairs specified hardware and software to power data transfer according to incoming requests.
       Modern IT departments can work with a variety of computing configurations to get the very most out of their servers. According to the architecture of a server, defined communications roles improve the ability to secure data and ensure it’s only delivered to its intended recipients. The ability to reliably scale computing power across client requests has been at the core of IT growth in recent years, and understanding server capabilities can provide insights into these trends for professionals, business owners and developers.

Server Application Types
      The application of server computing power to specific data needs has enabled hardware specialization to improve uptimes, efficiency and reliability of networks. While a given hardware setup can often power multiple applications, many times data centers are organized around hardware for a specific purpose to make more efficiency use of the network.

Web Servers
      To power data transfer of hypertext protocol (http), web servers deliver images, text, rich media and data over the Internet. Modern web servers are
optimized to deliver a variety of data sources including VOIP (voice over IP), streaming media as well as hosting files (FTP) and websites. Web servers are optimized for data transfer speed, as well as security with extensive firewalls and incoming request filters to protect against denial of service attempts.

Application Servers
     A subset of traditional data servers, application servers are designed to power frameworks which are involved in extensive processes related to a specific set of software. Application servers can power web-based apps, games, output from scripts and programs as well as serving data from an API
(application protocol interface.) Modern application servers are optimized for load balancing and are often located in a cloud, which enables them to distribute data more efficiently.


Specialized Servers
       File, Printer, Database Servers and Multifunction Server. While modern servers often are involved in multiple tasks, specialized servers provide dedicated support for file transfer, printer communications and database queries. For specific types of uses, having a dedicated server for a specific purpose can speed up processing times and ensure sufficient resources are available during peak volumes. In the shift to cloud based servers, many data centers configure clusters of servers for specific purposes, such as streaming media, storage and SQL query processing. Specialized file servers can store a variety of media for distribution, including movies, audio and animation, rendering media at high speeds to client machines for games, movies and other forms of applications.

Media Servers
     With the growth of streaming audio and video, media servers provide an efficient way to transfer high bandwidth files online. For dedicated media firms,
businesses and producers alike, investing in efficient hardware can lower operational costs from operating a server over time. With the growth of high  definition video and real-time gaming platforms, media servers are under increasing stress to meet growing consumer demands for quality. The hardware configurations often feature impressive quantities of RAM as well as quad-core CPUs to maximize the data transfer rates. To prevent data transfer bit loss, the servers are often hosting in a cloud or cluster of related servers. When end users receive rich media, they receive streams from multiple sources based upon the most efficient way to route traffic. Specialized companies such as Akamai and Amazon have innovated more efficient routing mechanisms to manage the growth demands on media servers. As a result, you can watch high definition video in FPS (frames per second) refresh rates approaching broadcast television over a broadband connection today.

Mail (Exchange) Servers
    Mail servers serve as an outbound client and inbound retrieval server for electronic messages, commonly via the STMP (simple mail transfer) protocol.
Serving as a transfer agent (TA), mail servers communicate with each other according to their set rules, including filters, checks and blacklists to determine whether a message is successfully delivered. All accepted messages can be traced by a mail header to its root receipt. Microsoft Exchange servers are the most common form of mail servers, as they power business communications through MS Exchange, routing desktop and mobile mail, as well as managing attachments and real time calendar synchronization.

Trends in Server Type Configuration and Performance
     For dedicated IT departments, independent development professionals and businesses, proper server deployment can lower costs, improve performance and help to reliably scale operations. While it can be challenging to anticipate future computing needs, a flexible server setup can help to make your cost structure more stable as you adapt. While x86 servers have been around for over two decades now, the new decade brings technical challenges and opportunities for deploying new types of server technology. While many businesses previously utilized independent networks for their client computing, data storage and networking needs, today cloud or cluster hosting can offer a single environment to meet a firm’s complete needs. In fact, the recent move to virtual desktops has made client virtualization even more important, helping to improve local security, file storage and protocols across an organization. With the shift to global operations, IT managers can properly keep track of their assets and resources on a broad scale while also reducing the startup and upgrade costs for new technology.

Green and Energy Efficient Servers
     Power management goes beyond efficient use of the utility grid and can actually improve the speed, longevity and responsiveness of hardware over time. Modern data centers are built in energy efficient buildings which are equipped with high technology climate control systems to provide an ideal operating environment. Many data centers have moved to offer green servers which are net zero carbon emitters based upon their baseline efficiency as well as offsets invested in other areas.
     Leading supplies of green servers include Dell and HP, which have innovated new hardware to more than double server energy efficiency over the past few years in traditional x86 servers. At the core of this technology is a network of servers which instantly adjust to the settings to deploy fans, slow
down processors and distribute power more effectively throughout. Working with world class data centers, these servers now offer a more reliable way to optimize server efficiency while also improving upon performance.
     Driven by cost and flexibility needs, modern servers are more energy efficient, secure and adaptable. Rather than having to upgrade every new technology cycle, modern “thin” servers can easily be upgraded with new components and are designed with sensors for improved power management.
     Whether you host in your own data center, collocate or work with a managed provider, efficient servers can deliver more value for your computing needs.

Blade Servers
     An important trend in computing, blade servers have a much more modular configuration to allow for ease of upgrades. Operating on the basis of minimal components, these servers are capable of impressive benchmarks while fitting in a smaller space than traditional “full” servers. At their base, a blade server has a processor, memory, I/O jacks and a basic operating system. Rather than running a full OS, such as Apache or IIS, these servers are designed as intermediate “computing” servers that deliver data rapidly and efficiently. With their modular configuration, IT departments are able to save substantial resources which can be focused on emerging areas of need.

Mobile Rack Servers
     Another important trend in server technology is the growth of rack mounted, mobile servers. To make more efficient use of finite space, rack mounted servers are built on cabinets that allow them to be upgraded with relative ease, allowing you to upgrade an individual server or cluster of servers. For IT providers on a limited budget, investing in a rack server can give you a flexible structure so you can continue to invest as your data needs grow.
     Built on containers rather than finite hardware configurations, the so-called “pod” servers are lightweight, efficient and flexible servers that adjust to meet your needs.


Efficient Cloud Servers
     For developers and IT departments, having the flexibility to deploy new computing resources on demand is invaluable. Having the right type of servers and hosting configuration can allow your firm or startup to take on an agile structure to quickly implement new ideas, features or services to the market.
     Rather than relying upon a maximum capacity network of servers, hosting servers in a cloud is also an effective way to get more use out of your investment. Even at peak capacity, most dedicated servers use much less than their actual processing power – distributed computing, by contrast, allocates processing power and data transfer in a much more effective way. The recent shift toward efficient cloud hosting is based upon economic as well as efficiency factors. A combination of improved hardware, operating software and monitoring has greatly improved performance-adjusted hardware use in recent years.
       As bandwidth rates have increased, modern servers can handle a larger number of requests, distributing data transfer across a series of servers through a cloud or cluster.

Windows 7 Security

       Many organization implemented the BitLocker and would like to know how it works for the BitLocker. Today I would like to share the knowledge from Orin Thomas that I found on the TechNet Magazine by Oring Thomas. He said that there are several obvious basic steps to securing a computer: Keep it current with the latest operating-system and application updates, ensure you’ve installed the latest antispyware and antivirus software, and use complex passwords, changing them regularly. In this article I’ll cover some security tips that go beyond these basic strategies and help you better utilize the security features of Windows 7.
Prepare for BitLocker
     One of the most notable security improvements in Windows 7 is in BitLocker, the technology for hard-disk encryption and boot-environment integrity-protection that debuted in Windows Vista. In Windows 7, the Enterprise and Ultimate editions include BitLocker. The technology ensures that unauthorized users can’t recover data from the hard-disk drives of stolen or lost laptops, as long as the computer was powered off when it went missing.
     One challenge BitLocker presents, though, is recovering data after a hardware failure that locks protected volumes. So although BitLocker offers excellent protection, many IT professionals find it problematic because they tend to encounter it only when they must perform recovery operations.
     Data recovery requires access to the BitLocker keys or passwords associated with the locked volumes. While it’s relatively easy to keep track of these for a small number of computers, doing so for several hundred is much more challenging.

     Group Policy helps IT professionals configure BitLocker so it can be activated only when the recovery keys and passwords have been successfully backed up to Active Directory. Extracting this recovery data has been vastly simplified by improvements to the Active Directory Users and Computers console in Windows Server 2008 R2 and to the Remote ServerAdministration Tools for computers running Windows 7. Locating recovery passwords and keys is much easier than with the tools in Windows Vista.
     Instead of having to download, install and configure special tools, you can access BitLocker recovery keys and passwords from a BitLocker Recovery tab. You’ll see this when viewing computer account properties in Active Directory Users and Computers. Ensuring that BitLocker keys and passwords are backed up is a three-step process:
  1. In the Group Policy for the computer accounts of the system BitLocker will protect, navigate to Computer Configuration | Windows Settings | Administrative Templates | Windows Components | BitLocker Drive Encryption.
  2. Now, if the computer has only one storage drive, navigate to the Operating System Drives node and edit the Choose how BitLocker-protected operating system drives can be recovered policy. If the machine has more than one storage drive, you should also go to the Fixed Data Drives node and edit the Choose how BitLocker protected fixed data drives can be recovered policy. Note that although you can configure their settings identically, the policies apply to different drives.
  3. To configure BitLocker so that passwords and keys are backed up to Active Directory when BitLocker protection is activated, make sure to enable the settings: Save BitLocker recovery information to AD DS for OS drives (or fixed data drives, where appropriate), Do not enable BitLocker until recovery information is stored in AD DS for OS drives (or fixed data drives, where appropriate)
     Keys and passwords will be backed up for protected volumes only after the policy is applied. Volumes configured for BitLocker protection prior to implementing the policy will not have their keys and passwords automatically stored in Active Directory. You’ll have to disable and re-enable BitLocker on these computers to ensure that this recovery information makes it to the AD DS database.


Configuring a Data Recovery Agent
     There’s another option available if you need to recover BitLocker protected volumes without entering unique passwords or pins for a particular computer account—a Data Recovery Agent (DRA). This is a special type of certificate associated with a user account that can be used to recover encrypted data.
     BitLocker data recovery agents are configured by editing group policy and specifying a DRA certificate through the Add Data Recovery Agent wizard, which I’ll discuss shortly. To use the wizard, though, there must be a DRA certificate available on an accessible file system or published in Active Directory. Computers that host the Active Directory Certificate Services role can issue the certificates.
     When you have to recover data, a user account that has the DRA certificate installed locally will be unable to unlock the BitLocker protected volume. You can access the Add Data Recovery Agent wizard by navigating to the Computer Configuration | Windows Settings | Security Settings | Public Key Policies node, right clicking on BitLocker Drive Encryption, and selecting the Add data recovery agent option.
     To use BitLocker with DRA, you must also select the Enable data recovery agent checkbox in the Choose how BitLocker-protected operating system drives can be recovered policies (as well as in the fixed data drives policy where appropriate). You can use both DRA and Active Directory key/password backups for the recovery of the same BitLocker-protected volumes.
     DRA recovery will work only on BitLocker-protected volumes where BitLocker was enabled after the policy was enforced. The advantage of this method over password/key recovery is that a DRA functions as a BitLocker master key. This lets you recover any protected volume encrypted under the influence of the policy, rather than having to locate a unique password or key for each volume to be recovered.


BitLocker To Go
     Many of today’s removable storage drives have the average storage capacity approaching that of most small and medium-size departmental-level file shares from ten years ago. This presents several challenges.
     First, when a removable storage device is lost or stolen, a significant amount of organizational data can be compromised. And perhaps a bigger problem is that while users will quickly make the IT department aware of a missing laptop computer, they don’t feel the same urgency when a USB storage device that may contain gigabytes of organizational data has gone missing.
     BitLocker To Go, a new feature introduced with Windows 7, lets you protect USB storage devices in a way similar to what BitLocker offers for operating-system and fixed drives. Through group policy, you can restrict computers in your organization so that they can only write data to removable storage devices protected by BitLocker To Go. This increases security by ensuring that if a user does lose a removable device, at least the data on it is encrypted and can’t be easily accessed by unauthorized third parties.
     The relevant BitLocker To Go policies are located in the Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Removable Data Drives node of a group policy object. These policies include:
  • Control use of BitLocker on removable drives. This lets you configure how BitLocker is used on removable drives, including whether ordinary users can enable or disable the facility on removable devices. For example, you may want to let specific users store data on removable drives already configured with the protection capability, but block them from configuring their own devices with it.
  • Deny write access to removable drives not protected by BitLocker. This policy lets you restrict users so they can only write data to devices protected by BitLocker To Go encryption. When this policy is enabled, an unauthorized person can’t easily access data written to a removable device, as it will be protected by encryption.
  • Choose how BitLocker-protected removable drives can be recovered. This policy lets you configure a data recovery agent or save BitLocker To Go recovery information within Active Directory. This policy is important, because if you choose to implement BitLocker To Go to protect data on removable devices, you should have a strategy to recover data for the inevitable case where a user forgets his or her BitLocker To Go password.
     When you’ve configured BitLocker To Go for a removable storage device, a user must enter a password to unlock the device on another computer. When the password is entered, the user will have read/write access to the device on a computer running the Enterprise or Ultimate editions of Windows 7. You can also configure BitLocker To Go to allow the user read-only access to BitLocker To Go protected data on computers running other versions of Microsoft operating systems.
     If your organization is going to use BitLocker To Go, you’ll need some sort of data recovery strategy in the event of lost or forgotten passwords. Configuring BitLocker To Go recovery is similar to configuring BitLocker recovery. In this case, you’ll have to set the Computer Configuration | Windows Settings | Administrative Templates | Windows Components | BitLocker Drive Encryption | Removable Data Drives | Choose How BitLocker-Protected Drives Can Be Recovered policy.
     You can have the BitLocker To Go passwords backed up to Active Directory, where they’ll be available to administrators who have access to the Active Directory Users and Computers console and the computer account where the device was originally protected. You can also configure a policy so that data is protected with a DRA, allowing a user assigned the DRA certificate to recover data from the drives without necessitating the recovery of individual passwords.


Configuring AppLocker
     No anti-malware utility can catch every malicious program. AppLocker can add another layer of protection. This technology lets you create a list of applications known to be safe and limit execution to those that are on the list. While this type of approach to securing a computer would be cumbersome to someone who regularly runs new and unusual software, most organizations have a standard system environment where changes to applications occur more gradually, so allowing the execution of only green-lighted applications is more practical.
      You can extend this set of AppLocker authorization rules to include not only executable files but also scripts, DLLs, and files in MSI format. Unless the executable, script, DLL or installer is authorized by a rule, it won’t execute.
      AppLocker makes creating the rule list for authorized applications simple with a wizard that automates the process. This is one of the significant improvements of AppLocker over software restriction policies, a technology in prior Windows versions that has similar core functionality.
     AppLocker can also use rules that identify files using the file publisher’s digital signature, so you can create rules that include the current and future versions of the file. This saves administrators the chore of updating current rules after applying software updates. The revised executable file, script, installer or DLL will still be covered by the original rule. This wasn’t possible with software restriction policies, which forced admins to update rules when software configurations changed.
     To create a reference set of AppLocker policy rules you can apply to other computers, perform the following steps:

  1. Configure a reference computer running Windows 7 with all the applications you want to execute in your environment.
  2. Log on to the computer with a user account that has local Administrator privileges.
  3. Start the Local Group Policy Editor by running Gpedit.msc from the Search programs and files textbox.
  4. Navigate to Computer Configuration | Windows Settings | Security Settings | Application Control Policies | AppLocker | Executable Rules of the local GPO. Right click on the Executable Rules node and then click automatically generate new rules. This will launch the Automatically Generate Executable Rules wizard.
  5. In the textbox labeled Folder that contains the files to be analyzed, enter c:\. In the textbox labeled Name to identify this set of rules, enter All Executables and then click Next.
  6. On the Rule Preferences page, select Create publisher rules for files that are digitally signed, and in case a file isn’t signed, also select File hash: rules are created using a file’s hash. Ensure that the option Reduce the number of rules by grouping similar files isn’t selected, and then click Next.
  7. Rule generation will take some time. When they’ve been generated, click Create. When prompted as to whether you want to create the default rules, click No. You don’t have to create these—by creating rules for all executables on the reference computer, you’ve created the equivalent of more-comprehensive default rules.
  8. If the computer has applications stored on multiple volumes, repeat steps 5 through 7, entering the appropriate drive letter when running the automatically generated executable rules wizard.
  9. Once rules have been generated, you can export the list of allowed applications in XML format by right-clicking on the AppLocker node, then clicking on Export Policy. You can also import these rules into other group policy objects, such as those that apply to portable computers in your organization. By applying these rules through policy, you can limit the execution of applications so only those present on the reference computer are allowed.
  10. When configuring AppLocker, you need to ensure that the Application Identity service is enabled through the services console and that executable rules are enforced through policy. If this service is disabled, AppLocker policies will not apply. Although you can configure service startup status within Group Policy, you must limit which users have local administrator access so that they are unable to circumvent AppLocker. You enable executable rule enforcement by right-clicking on the Computer Configuration | Windows Settings | Security Settings | Application Control Policies | AppLocker node and then clicking on Policies. Enable the Configured option under Executable Rules and then ensure that Enforce Rules is selected.
      Hopefully this has helped you learn how to implement and recover BitLocker, to use BitLocker To Go and to configure AppLocker Policies. Using these technologies along with normal housekeeping tasks (such as ensuring that computers are kept current with updates, antivirus software and antispyware programs), will enhance the security of computers in your organization running Windows 7.

4 Lessons I Learned About Security

     In my years as a system administrator, I learned that security is much more complex than most people realize. You cannot get away with doing just one thing. One security measure will not save your company server or external server. Your security must be comprehensive and constantly adapting to defend against intruders. 

The following are three lessons I have learned over the years.
       1. A firewall is not enough – This is the perfect example of a single security measure that will not get the job done. Firewalls protect your internal network and may save you from the most basic forms of attack, but cyber criminals are always thinking of new ways to get in and do damage. A firewall cannot protect you from OS and application vulnerabilities anymore than a bullet-proof vest will protect you from a cold.
       2. Attackers love the /tmp directory – Lock this directory down. It will save you from endless headaches and grief. Attackers love to exploit weaknesses in your system and then drop their scripts into /tmp where they can do more damage or attack other servers.
       3. A server hack can go unnoticed – We often assume that any attack on a server will bring it to its knees or at least send up a red flag. In reality, most are subtle, and a hacker may use your server to do something inconspicuous like running an unauthorized chat server. You must be proactive to catch them when they first make their attempt.
       4. Also known as Server hardening, OS hardening and Windows hardening; Operating System hardening is the act of reducing the amount of attack points on a computer by streamlining the running software and services down to the bare minimum required. The benefits of OS hardening: by uninstalling or disabling software that is not actually required you are reducing the routes into your PC that a potential attacker or malicious software can exploit. Security patches for Windows are released every month and it soon becomes a never ending process of having to install new patches for newly discovered security vunerabilities. By reducing the amount of software you have installed you reduce the amount of patching you need to do.
     There are more lessons, not all related to security, that I will share over time on this blog. Hopefully, they will help those new to dedicated servers save time and money.

Monday, December 12, 2011

5 Password Tools for Servers

     Ideally, your server should be an impenetrable fortress, but recent DDoS attacks highlight the security problems even companies that pay thousands or millions to protect their websites face. Nevertheless, nothing is worse than having your server crippled by someone who simply guessed your password. In no particular order, here are five tools to help you have better, stronger passwords:
       1. Bad password List – This is a simple list of the 500 worst passwords that you should most certainly avoid. Unfortunately, people in offices use these all the time, so if you have employees, you need to enforce good passwords.
       2. Online Password Generator – Keep in mind that an online password generator is only as good and secure as the website hosting it, but if you trust PCtools, then this is an excellent way to create passwords, complete with customization and pronunciation guides to help you remember them.      

       3. APG Automated Password Generator For those of you who prefer to roll your own passwords, APG is a Linux/Unix tool that makes it pretty easy to do. It is command-line based, so it works well on a server.
       4. Password Strength Tester – As with the online generator, keep in mind that you are typing a password into a web form, but this is a good tool to help train yourself or your coworkers/employees to make good passwords. It tests for many aspects of strong passwords and gives you detailed results.
       5. Crack your own password – If you are really concerned that someone might be trying to hijack your server, you can use John The Ripper, password cracker, to find out just how easy or difficult that might be. This is a password cracking tool, so please use it only for good.

       Recommended to create strong passwords: A strong password is an important protection to help you have safer online transactions. Here are steps you can take to create a strong password. Some or all might help protect your online transactions:
  • Length. Make your passwords long with eight or more characters.
  • Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
  • Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
  • Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.

Server Network Problems

     Troubleshooting Server Network Problems... when you have problems with a dedicated server, the natural instinct is to check for software failures, hacker attacks, and even hardware issues. But one possible cause for server trouble that should not be overlooked is bad network connectivity.
     On server both Linux and Windows base, there are many ways to evaluate network latency, connection strength, and proper domain configuration. The following are some useful tools you should know.

  • ping The most basic of tools is one of the most useful as well. Just type ping, followed by a hostname or ip address to find out how quickly and consistently your server can connect to other machines. You can also use ping locally on most operating systems to test your server.
  • traceroute This handy tool will give you point-by-point connection information from your server to another machine or a host to your server. This is a good tool if you are not sure if the connection issue is local or not. Try a traceroute from a third-party service to see if anyone else can connect to your server.
  • nslookup Worried your server may not be resolving to the right domain? The nslookup tool is quick and easy, telling you what nameserver your domain is currently using.
  • Other tools You can find a plethora of tools on the Internet that can give you remote network information about your server. Some will even monitor the server and give you regular updates whenever there are connection issues.  Some web hosts, such as 34SP.com, may even offer monitoring tools as part of their server management packages.  Although guessing has its valid place, it is not always the best way to diagnose your server’s problems. Using the right tools and a lot of patience, you can find a workable solution.

Why Frequent Vulnerability Scans

     Why Frequent Vulnerability Scans Are So Important.. some server system administrators, especially those with little experience, may operate under the mistaken belief that they will find security through obscurity. In their minds, as long as their server is small and not hosting major big-name websites, those with malicious intent will leave them alone.

     What these idealists fail to realize is that attackers do not always consciously target specific servers. Instead they look for those that make good targets. To state it more plainly, even if you are not scanning for vulnerabilities, you can bet that they are. They will find them on your server and use them to either take control or launch attacks on other servers.


     The other important point to note is that any user activity on a server heightens the likelihood of vulnerabilities. If you have web applications with multiple users, especially sites that use forms of social media, you run a greater risk of having scripting vulnerabilities that may not be completely obvious. Regular server-wide scanning may reveal vulnerabilities in scripts that your server’s users unknowingly installed.

      By using vulnerability scanners, keeping your web applications and software up-to-date, and by using other security measures, such as application firewalls, you can prevent many attacks and more easily mitigate ones that still occur. When it comes to dedicated servers, being proactive can save you a great deal of time and money.

When Your Server Goes Down

   Although this may be difficult, the first thing to do is to remember not to panic. Staying calm will go a long way in making sure you can resolve the issue quickly and calmly. When operating a server remotely, your only assurance that a server is running is through its websites and through Internet connections.
  1. The first thing to check is whether or not your own network connection is experiencing problems. Although you may be able to connect to some other sites, you may find that you cannot connect to certain sites.
  2. If your connection is fine, check your web monitoring software or services, which should have notified you when there was a web connection problem.
  3. If those indicate your server is down, check your data center or web host’s website for current network status. They may have already been aware of the problem and have posted some information about it.
  4. Next, try connecting to your server via SSH. If you can get in through SSH, it means that a service, such as Apache or MySQL, may just need restarting.
  5. If SSH is not accessible, your server may need a reboot. Follow the normal procedure to either automatically reboot or contact a support person to manually reboot your server.
  6. In the rare case that even rebooting will not resolve the issue, some data centers will setup KVM remote console control so that you can fix whatever network issues your server is having. If you find it to be some type of problem with your operating system you cannot fix, they may have to re-image the machine and/or restore backups.
  7. There are cases when something like KVM may turn up no visible issues. In such a case, the data center may need to fix a hardware or network problem. Be sure to have them investigate for any such issues.
     Staying calm and running through a set lists of protocols should help you resolve your server downtime quickly and safely.

Sunday, December 11, 2011

Good network security practices

     Since the rise in popularity of the Internet, we have started to use our computers for a much wider range of tasks than ever before. At home, we buy our groceries, do our banking, buy birthday presents, send communications via email, write our life story on social networking sites; at work, our businesses provide e-commerce via websites, staff send and recieve emails, phonecalls and video conferencing are done through the network using IP based servcices; all of this is done online and it would present a serious security threat if it wasn't for the fact we have various security measures at our disposal. I would like to cover some basic examples of how network security helps to keep us safe online, both at home and in the workplace.

     Any computer network used for business should employ good network security practices in order to keep free from attacks by hackers. There are a number of ways a hacker can hurt your business:

Denial Of Service
     A denial of service attack is used to make your network, or more precisely your website, unavailable to potential users; they do this by flooding the web server with so many requests for information that it uses up all the resources of the web server, which either makes the web server crash, or slow down so much that it can't handle requests from the websites' intended users, your customers.

BlackHat Hacking
     There are people called hackers with enough technical knowledge to be able to penetrate insecure networks with the intent of doing damage to the devices attached on the network and costing the company as much money as possible. Typical damage would involve changing the configuration of network devices such as servers and routers so that earnings where productivity is drastically reduced. Even worse, a hacker can gain access to sensitive information such as credit card details or client/patient records, they can even take control of your network based phone system and make expensive long distance calls at your expense. The damage done can cost your company thousands of pounds, if not more, over the space of a weekend alone.
At home, a hacker has less scope to do damage, but if you keep sensitive information on your PC, like credit card details or scanned images of important documents such as passports and driving licenses, it's clear to see that a hacker can cause you all sorts of grief.

There are a number of technologies and devices that can help keep your network safe:

Firewall
     A firewall uses a set of rules to allow or deny access to a network; typically a firewall lives inside of a router. This router is likely to be the peiece of hardware that sits on the edge of your network and provides access to the Internet. The set of rules are based on opening and closing ports relating to protocols; if the network users don't use a certain protocol, then the router will keep that port closed. 

Access Control Lists
     An access control list is very much like a firewall; it filters traffic based on a number of metrics contained within an IP packet. The Access Control List (ACL) will be configured to check each packets' source and destination IP address, also the source and destination port number. The network administrator will write the ACL, specifying which range of IP addresses can talk to which other range of IP addresses and which protocols they can use when communicating. This makes it very hard for a hacker to gain access around a network, where each router is doing its best to block unauthorised access.

Encryption
     Encryption is simple; an algorithm is used to turn meaningful information into a format that makes no sense and can only be decrypted by someone with access to the specific algorithm. Whenever sending sensitive information across the internet, it's advisable to send it using high levels of encryption.

WEP / WPA
     Nowadays, everyone has got a wireless network at home, allowing them to access the Internet using their laptop in any room. Protecting your wireless network is a must, otherwise anyone geographically close to you can connect to your network; this is a hackers paradise. Research has shown that WPA and the new version, WPA2, are far more secure than WEP. So when you're next setting up your wireless home router, make sure your security is set to WPA2.
     Simply following the aforementioned advice will stand you in good stead, your computer networks and information will be more secure. 
By: Miragetek
the network becomes unavailable; this can take a long time to fix, which translates to a loss of

Saturday, December 10, 2011

netsh firewall show portopening

     A firewall is a software application, which is a gateway server on the network. It offers a unique level of protection against viruses and nasty infected with the virus that are based on unwanted incoming traffic to attack target computers. It does so by blocking communications to access your system without your permission. Some Microsoft operating systems like Windows XP and Windows Vista and Windows Server 2003 offers a free firewall for users to protect their computers.

     They are known as Windows Firewall and enables home networking and efforts to restrict access to your PC. Windows Firewall has as main purpose the maintenance of traffic between computer networks of different levels. It works most efficiently if it provides the proper configuration. Since no cost to use Windows Firewall which comes bundled with the operating system, you must activate it. If you opt for firewalls such as Norton, McAfee, ZoneAlarm or Comodo, must be chosen according to their work and personal needs. After selecting the firewall is setup.

     Installing a firewall requires careful consideration and planning, because this security system is most often placed on a critical path within a network topology. The next step required to configure the firewall. If you have any confusion during installation of the firewall, you may contact the computer center for assistance. They are certainly better options than doing all the wrong procedure. With a high proliferation of online services computer support, we need not look anywhere except the Internet. The list of good computer support centers to come after you type keywords, such as computer support, computer technical help or online help.computer centers will help not only help with installing the firewall, but also get your own done at any time. They are also available 24x7. Some online computer centers will help provide a complete package of computer support services that include everything you want for your computer and safety. All these characteristics make them superior and preferable to call an expensive technician to your premises or take your system to any showroom computer repair. 

     Here's a sample script that you can run from a command line (cmd.exe):
the following Netsh command will create a local firewall rule to allow certain addresses to FTP into a Windows Firewall-protected computer:

netsh firewall add portopening
protocol = TCP port = 21
name = FTP mode = ENABLE
scope = CUSTOM addresses =
192.168.0.0/255.255.255.0,
10.0.0.0/255.255.240.0


     Want to know which ports are open on your firewall? Just type this from a CMD line:
netsh firewall show portopening

 By: Seno Gendeng & IT administrators