Posts

Showing posts from April, 2015

Netdot

Image
Netdot is an open source tool designed to help network administrators collect, organize and maintain network documentation. Netdot was initially developed by the Network Services group at the University of Oregon, and continues to be maintained and expanded with support from the Network Startup Resource Center and the work of volunteers. Relevant features: Device discovery via SNMPLayer2 topology discovery and graphing, using: CDP/LLDPSpanning Tree ProtocolSwitch forwarding tablesRouter point-to-point subnetsIPv4 and IPv6 address space management (IPAM) Address space visualizationDNS/DHCP config managementIP and MAC address trackingBGP peer and Autonomous Systems trackingCable plant (sites, fiber, copper, closets, circuits...)Contacts (departments, providers, vendors, etc.)Export scripts for various tools (Nagios, Sysmon, RANCID, Cacti, SmokePing)Multi-level user access: Admin, Operator, User Access the tool here.

Scrutinizer

Image
Scrutinizer™ is at the foundation of the Plixer incident response and behavior analysis architecture. It is available as a physical or virtual appliance, or as a windows download. Scrutinizer performs the collection, threat detection, and reporting of all flow technologies on a single platform. It delivers real-time situational awareness into the applications and their historical behaviors on the network.
 Access the product page here.

RIRA - Rapid IT Risk Assessment

Image
RIRA (Rapid IT Risk Assessment) is a methodology that been been defined to create and complete and initial assessment with minimal effort and is suitable for project management and even problem management.  
Access the methodology here and download the latest tool here.

Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds

Image
Corporate Governance constitutes the accountability framework of a bank. IT Governance is an integral part of it. It involves leadership support, organizational structure and processes to ensure that a bank’s IT sustains and extends business strategies and objectives. Effective IT Governance is the responsibility of the Board of Directors and Executive Management. Access to reliable information has become an indispensable component of conducting business, indeed, in a growing number of banks, information is business.  Today, almost every commercial bank branch is at some stage of technology adoption: core banking solution (CBS), or alternate delivery channels such as internet banking, mobile banking, phone banking and ATMs.  Access these guidelines here.

What’s Your Security Maturity Level?

Image
Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ‘15 pieces of flair‘). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase.
Read the article here.

5 Reasons Every Company Should Have A Honeypot

Image
A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits.
Read the article here.

SANS firewall checklist

Image
SANS firewall checklist is available here.

The Ultimate Network Security Checklist:

Image
Here it is – The Ultimate Network Security Checklist: a document that provides you with the areas of information security you should focus on, along with specific settings or recommended practices that will help you to secure your environment against threats from within and without.

RIT Information Security checklists

Image
Checklist Name
Use Desktop and Portable Computer Checklist General UserCompliance checklist for use by self-supported faculty, staff, and students.Desktop and Portable Computer Checklist ITS-Supported UsersCompliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13)Desktop and Portable Computer Checklist Systems SupportSystems support personnel compliance checklist for computers they support.Server Security ChecklistCompliance checklist for use with the Server Security StandardNetwork Security ChecklistCompliance checklist for use with the Network Security StandardWeb Standard Compliance ChecklistCompliance checklist for use with the Web Security StandardAccount Management ChecklistCompliance checklist for use with the Account Management Standard

Good Practice Guidelines

Image
The Good Practice Guidelines (GPG) are a series of informational documents which provide good practice advice in technology-specific areas of Information Security and Information Governance. Each Good Practice Guideline is intended to support Department of Health Policy and Information Governance requirements for NHS organisations and suppliers.
These guidelines are updated with the latest security information and if you feel there is something missing please contact infosecteam@hscic.gov.uk.
We recognise these GPGs as essential communication from the Infrastructure Security Team and as such are aiming for the documents to be published to the highest possible standard.
All documents on this page have 'Approved' status. As Information Security is an evolving discipline these documents will be updated regularly and should be regarded as 'living documents'.
TitleDescriptionLast UpdateVersion3G / HSDPAProvides guidance for organisations who wish to deploy or opera…

Business Continuity Planning Manual

Image
Business Continuity Planning (BCP) can help NHS organisations to reduce the effects of disruption upon services, systems and business processes caused by service interruptions and failures. Whatever the cause, the consequences of such interruptions and failures should be analysed. Business Continuity Planning can reduce the effects of these to an acceptable level. This can be best achieved through the application of a combination of preventive and recovery controls.  Contingency and recovery plans for each of the organisation's core services, key systems and business processes should be developed, w herever possible forming an integral part of existing management processes. They should be regularly maintained and tested to enable implementation when circumstances dictate.  Following any implementation they should be  evaluated and reviewed.
Access the planning manual here.

Top 47 Log Management Tools

Image
Operating systems, such as Windows and Unix, as well as networks such as Cisco, typically offer some native log management functionality. But these log and event management mechanisms fall short of consolidating the data in any meaningful way, leaving bits and pieces of event logs scattered across a network. Not to mention, many of those events are lost as a result of overwrites, creating a security and compliance problem.
Access the list here.

Combine Harvester (The Wurzels)

Image
I drove my tractor through your haystack last night
(ooh aah ooh aah)
I threw me pitchfork at your dog to keep quiet
(ooh aah ooh aah)
Now something's telling me
That you'm avoiding me
Come on now darling you've got something I need  Cuz I got a brand new combine harvester
An' I'll give you the key

Reliability engineering

Image
Reliability engineering is engineering that emphasizes dependability in the lifecycle management of a product. Dependability, or reliability, describes the ability of a system or component to function under stated conditions for a specified period of time. Reliability engineering represents a sub-discipline within systems engineering. Reliability is theoretically defined as the probability of success (Reliability=1-Probability of Failure), as the frequency of failures, or in terms of availability, as a probability derived from reliability and maintainability. Maintainability and maintenance is often defined as a part of "reliability engineering" in Reliability Programs. Reliability plays a key role in the cost-effectiveness of systems. 
Read the post on Wikipedia here.

Using elasticsearch, logstash & kibana in system administration | Alexander Reelsen

ELK: powerful tool for log correlation and real-time analytics

Image
ELK is a powerful set of tools being used for log correlation and real-time analytics. This post will discuss the benefits of using it, and be a guide on getting it up and running in your environment. ELK is actually an acronym that stands for Elasticsearch, Logstash, Kibana. In recent months I have been seeing a lot of interest in ELK for systems operations monitoring as well as application monitoring. It was really impressive and I thought of how useful it could be for network operations. Many environments just have the basics covered (up/down alerting and performance monitoring). Some companies go one step further and are logging syslog to a central server. For long time this has been acceptable, but things must change. While this guide is solely meant to show how network data can be captured and used, the real goal is to have all infrastructure and applications log to ELK as well.
Read this great post about ELK and network operations here.

The Hard-won Triumph of the Apollo 13 Mission - 45 Years Later

Image
Moments after they finished a TV broadcast late on April 13, 1970, a spark ignited one of the oxygen tanks on the Apollo 13 spacecraft. The resulting explosion plunged an entire nation into an anxious three-and-a-half day drama.
Read the article on the NASA site here.



IT Security Self- & Risk-Assessment Tool

Image
The tool is a Microsoft Excel 2003 spreadsheet containing worksheets that guides you through a detailed assessment of your agency’s IT system in three categories: ManagementOrganizational, and Technical and a fourth category, State and Local Law Enforcement-Specific IT Security Controls, which assists with recording information on additional state and local government issues.

Access the tool here.

Troubleshooting Networks: Tips from a Network Detective

Image
The thrill of the “chase” and the challenge of solving the “who done it”.  I’ve learned a lot over the years. What works… what doesn’t work.  What helps… what hinders.
Like any Detective “on the job” for so many years… it would be impossible to pass on to you everything I would really like to.  So let’s go with the tips I think will give you the biggest ROI if you apply them.

Tips from a Network Detective
Be Methodical
Know What is Normal (Knowledge is Key)
Get to the “Crime Scene” as Fast as You Can
Have “Crime Scene Maps”  that Help and don’t Hinder
Let the Clues and Evidence Guide You
Learn and Improve. Read the article on PacketPushers by here.

Network Documentation Best Practices: What’s Important & How To Track It

Image
As a consultant, I have done several network assessments for clients. One of the biggest items that is almost always missing is documentation. In my assessment reports, I can’t just say, “You are missing documentation,” and leave it at that. I have to be more specific. I have to specifically call out what should have been documented, how it should be documented, and why it should be documented. These are my opinions of best practice for documenting your network.
Access the post here.

Top 9 tips for better cable management in the data centre

Image
Cable management in the data centre is the most ignored part in my experience. And it always come back to haunt you in one form or another. It could be in form of tracing the wrong cable and unplugging a production host while working on something else, or never able to find what is connected where.
Read the post here.

Nikto2

Image
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. 
Download Nikto from here.

Interface Traffic Indicator

Image
Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or cable/modem/ISDN connection to the internet.
Download the tool form here.

NfSen - Netflow Sensor

Image
NfSen is a graphical web based front end for the nfdump netflow tools.
NfSen allows you to Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database). Easily navigate through the netflow data. Process the netflow data within the specified time span. Create history as well as continuous profiles. Set alerts, based on various conditions. Write your own plugins to process netflow data on a regular interval.
 Access NfSen here.

LFT

Image
LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method. For example, rather than only launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT can send TCP SYN or FIN probes to target arbitrary services. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and …

Advanced IP Scanner (Free Network Scanner)

Image
What Advanced IP Scanner does: Scans network in a matter of secondsDetects any network devices, including Wi-Fi routers and wireless devicesScans ports and finds HTTP, HTTPS, FTP, RDP and shared foldersLets you connect to PCs running Radmin Server with one clickAllows you to shut down computers remotelyThe opportunity to run ping, tracert, telnet and SSH commands on a selected computerSupports Wake-On-LanFavorites list for easy network managementExport to HTML or CSVEasy and user-friendly interface
Access Advanced IP Scanner here.

Cisco Device Info

Image
Cisco Device Info (CDI) is a free, open-source Windows application to retrieve runtime information from Cisco equipment such as routers and switches. This is achieved using the SNMP protocol. Cisco Device Information supports SNMP versions 1 through 3 and has been tested against a handful of different devices and IOS versions.
Access Cisco Device Info here.

Radmin (Remote Control software)

Image
Radmin is one of the safest, fastest and most popular remote access software solutions designed for Windows.
Access Radmin here.

Cisco and networking cheat sheets

Image
Access the Cisco and networking cheat sheets on packetlife.net here.

TTG (SNMP Text Traffic Grapher)

Image
TTG is a small command line utility that displays current throughput (bandwidth usage) on an interface of a remote device such as router, switch, firewall, etc., over SNMP. You can think of TTG as command line version of STG or a high-interval/ad-hoc query/test tool for MRTG, etc. The output is very similar to ping(1) command. You can use it to quickly check/measure traffic before waiting 5 minute cycle when configuring MRTG, as a means of using the data in text form (eg. copy&paste in to an email or spreadsheet) or just a general purpose command line network administration aid.
Access TTG here.

STG (SNMP Traffic Grapher)

Image
This freeware utility allows monitoring of supporting SNMPv1 and SNMPv2c devices including Cisco. Intended as fast aid for network administrators who need prompt access to current information about state of network equipment.
Access STG here (original site) or alternatively here.

MassConfig

Image
A small but powerfull excel application for mass devices configuration and backup.   Helps with management configuration and understanding the network configuration.
Access MassConfig here.

Flaps

Image
Flaps monitors the mac-address table of switches by SNMP and alert on any mac flap.
Access Flaps here.

9Ping (split window with ping results from 9 different pings)

Image
9Ping can help you monitor your network  9Ping have a split window with ping results from 9 different pings
Access 9Ping from here.

BRST - Border Router Security Tool

Image
The BRST - Border Router Security Tool is a web based utility for generating secure configuration files for Cisco routers in a border configuration. The administrator fills out a web form, clicks submit, and receives a router config file.
Access BRST here.

Switch Miner (Cisco switch port mapper)

Image
Switch Miner is a free lightweight open source command line utility for Windows that acts as a switch port mapper/switch port discovery tool. It helps network engineers discover the devices that are connected to the all the ports of a switch. It will even discover neighboring switches via CDP and scan them also. Using SNMP it scans switches and creates excel .xlsx or .csv files.
Access Switch Miner here.

Open Visual Traceroute (Open source cross-platform - Windows/Linux/Mac - Java Visual Traceroute)

Image
Access Open Visual Traceroute here.

BGINFO4X (BGINFO for X and for Windows! Shows desktop information on your screen )

Image
BGINFO for X, also called BGINFO4X , is a clone of the popular program BGINFO for Microsoft Windows created by Sysinternals.  BGINFO4X is designed for pretty print useful information (CPU model, Hostname, IP address, OS version, Office version, and much more ...) on your desktop background or wallpaper. FeaturesMulti Platform: Windows, MacOSX, Linux, BSD, UNIX, embedded systems (ARM,RASPBERRY).Highly Customizable: configure easily any setting of the program.Open Source: you can benefit from it and from the community forums.Dynamic Data: the information is not static. Refreshed it with a configurable timer.Modular System: designed as a modular system, you can use different modules.Out Module: write any information. Use bash, powershell, wmi, vbs, perl, python, snmp, ....Alarm Module : write an alarm by threshold. Use a different color, size, format.Script Module: execute any script or program, such as as sending an email with the result.Export Module: export the information to a html…

ipSpace.net: ntopng Deep Dive with Luca Deri on Software Gone W...

ipSpace.net: ntopng Deep Dive with Luca Deri on Software Gone W...: PF_RING is a great open-source project that enables extremely fast packet processing on x86 servers, so I was more than delighted when Paolo...

Overview: Cisco CleanAir Technology

Image

NetResView

Image
NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares
Access NetResView here.

QuTTY = PuTTY + Qt

Image
QuTTY is a multi-tabbed, multi-paned SSH/Telnet client with a terminal emulator. The goal is to support advanced features similar to iterm2. 
Access QuTTY here.

storageim

Image
StorageIM is a monitoring console for storage systems and networks designed around industry standards. StorageIM supports most storage arrays, switches, HBA's and storage libraries.
Access storageim here.

OpenACS

Image
Automatic configuration server (ACS) implementing CPE configuration protocol CWMP as specified in TR-069.
Access OpenACS here.

cmdow (Win32 console application for manipulating program windows)

Image
Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.
Access cmdow here.

jNetMap Network monitoring

Image
jNetMap helps you to keep an eye on you network. You can draw a graphical representation of your network, and jNetMap will periodically check if the devices are still up or a service is still running. You can also set up E-mail notifications or let jNetMap execute a script when a device goes down or comes up again. Additionally, you may attach notes to a device, initiate an RDP/VNC/SSH connection to a device and much more.
Access jNetMap here.

Script Your Documentation Instantly

Image
SYDI is a project aimed to help system administrators in getting started with their Network Documentation. It can document Windows Servers, MS SQL Servers, Exchange Organizations and Linux systems.
Access SYDI here.

PuTTY Session Manager

Image
PuTTY Session Manager is a tool that allows system administrators to organise their PuTTY sessions into folders and assign hotkeys to favourite sessions. Multiple sessions can be launched with one click. Requires MS Windows and the .NET 2.0 Runtime.
Access Putty Session Manager here.

i-doit - CMDB and IT documentation

Image
The CMDB is the central resource for IT administrators and managers. 

Features
CMDBITILIT DocumentationInventoryAsset ManagementInfrastructure PlanningTicket SystemCable ManagementPatch ManagementIP Address ManagementVirtual systemsClusterStorage Area Networks  Access i-doit here.

RoboCop RoboCopy

Image
RoboCop RoboCopy is a GUI skin and script generator for Robocopy.exe (Win NT Resource Kit). RoboCop RoboCopy is unlike any other robocopy script generator available.

What makes this one different?
Well in a nut shell the ability to monitor the progress of the robocopy job. RoboCop RoboCopy allows for real time monitoring of all its running robocopy jobs with the inclusion of: Current speed in MBs,Completion time, &Real time progress bar indication. Access RoboCop RoboCopy here.

RackTables

Image
Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much much more! Features:IPAM (IPv4/IPv6 address management)rackspace documentationfull support of Unicode for user's datatags802.1Q VLAN managementpermission controlCWDM and DWDM channel gridspluggable (SFP, XFP, XENPAK...) transceiversneighbor discovery via CDP and LLDPintegration with Cacti and Muninpatch cables accounting Access Racktables here.

Your on-site PBX can kill your small business

Image
As a small business owner be aware of the pros and cons of a site-based PBX versus a hosted PBX and how each solution addresses your requirements. Do you require flexibility to scale your business telecoms up and down and can you afford to be locked into a long-term contract? Perhaps your business is ultra-mature and you’re not considering offering your staff a hot-desking or telecommuting option.
Read the article here

Step-by-Step Setup of ELK for NetFlow Analytics

Image
ELK is a very open source, useful and efficient analytics platform, and we wanted to use it to consume flow analytics from a network. The reason we chose to go with ELK is that it can efficiently handle lots of data and it is open source and highly customizable for the user’s needs. The flows were exported by various hardware and virtual infrastructure devices in NetFlow v5 format. Then Logstash was responsible for processing and storing them in Elasticsearch. Kibana, in turn, was responsible for reporting on the data. Given that there were no complete guides on how to use NetFlow with ELK, below we present a step-by-step guide on how to set up ELK from scratch and enabled it to consume and display NetFlow v5 information.
 Reference this guide here.

LDWin: Link Discovery for Windows

Image
LDWin supports the following methods of link discovery: CDP - Cisco Discovery ProtocolLLDP- Link Layer Discovery Protocol Download LDWin from here.