Tag Archives: security

Asset Discovery Tools

automated network asset discoveryKnowing what hardware is connected to your (or your clients) office network is obviously good to know, for one thing if you’re charging clients by the number of assets managed you’ll obviously make more money with more assets! Another reason is security – you don’t want stray systems sitting around unsecured/unpatched waiting to be hacked.

Knowledge is power and so proper documentation for every asset is essential to ensure they are maintained properly. Manually keeping track of all the company IT assets might be ok in a very small office with just a few machines which can all be seen from one place but for anything larger, with many machines which can change frequently and new ones arriving all the time, automation is the name of the game.

Fortunately there are a number of tools which make the job of asset discovery or network discovery very simple and which provide data which can then be imported or integrated with asset management or PSA applications.

If you have 100k assets to manage (and your pockets are very deep) then you may need something ‘enterprisey’ such as IBM Tivoli or the HP Configuration Management System, or so their sales people will tell you anyway. For the rest of us there are slightly more down to earth and affordable alternatives, including ones for free.

Open-AudIT is a network auditing application which works with Windows and Linux machines and will find out exactly what is on your network. Data is stored in MySQL and can be exported to PDF, CSV and other formats and reports can also be generated if needed. The word “open” in the name is a clue – it’s all open source (and free!) so you can see what is going on in the code if you feel the urge to look inside.

OCS Inventory NG is another free application which will scan your network and produce a detailed inventory of every device found which can then be imported into other applications as required.

Long a favorite of script kiddies and hackers everywhere but also of course a very useful admin tool is Nmap. It comes with command line and GUI options and can quickly scan entire networks then output the results in XML format (or even a special script kiddy format!) so it can easily be parsed and imported elsewhere.

Automated asset discovery of one kind or another is also commonly included in network monitoring systems such as OpenNMS as well as various RMM services and these can be particularly useful if they also integrate with your PSA application.

Using the tools mentioned above makes it easy to keep on top of your IT assets and ensure the smooth running of the networks and hardware your clients hire you to manage.

Firewall Management Tools

Firewall Management ToolsWhether you are a provider of general IT services, an MSP, or if you specialize in managed security services also known as an MSSP (which sounds cool but unfortunately doesn’t mean you are managing MI6 like M in a Bond movie), one of the major components of the security system you manage for your clients is going to be firewalls of one kind or another.

To quote Wikipedia, a firewall is a:

“software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.”

Which means when you are managing a firewall you could be doing anything from fiddling with arcane configuration settings in a text file or command line, to clicking some big shiny buttons on a fancy interface with a smart wizard to make it all automagically work for you. These firewalls can be installed on a server or desktop PC, or can be dedicated appliances protecting your network in the office or datacenter.

Those which are typically installed on a desktop computer include apps like ZoneAlarm, Avast and AVG while commonly on a server running Linux for example you would likely be dealing with IPtables which is a whole lot of fun! Fortunately there are some wrappers for IPtables which aim to make it just a tiny bit less complex, for example CSF which is popular on CPanel servers (but doesn’t require it) and UFW which is widely used on Ubuntu and others of that ilk.

On the hardware side there is of course the big names you’d expect in this space such as Cisco as well as Checkpoint which does a nice line in firewalls for small to medium sized businesses, and Fortigate which also has a nice range from the entry level 100 series and on up to the big and expensive enterprise systems. I’m quite partial to the Fortigate solution and use it with a number of clients where suitable, for example in the datacenter protecting their servers or in their office protecting the corporate network. It’s easy to remotely manage with a web based interface as well as command line (ssh) and a VPN.

These days as with other aspects of computing, “The Cloud” has moved into the firewall arena as well in the form of Cloud Based Security Services such as that provided by CheckPoint and others and for a monthly fee your network security is handled for you or of course for your clients if security is not your area of expertise. If it is your area then the many MSSP tools around these days will be right up your alley.

With the prevalence of ever more advanced (while also easier to use) security scanning tools it is something of an arms race in the computer security world so you have to stay up to date with the latest happenings in order to fully protect your own systems and those you manage for your customers, from malicious hackers and script kiddies, not to mention a widening array of three letter agencies as well!

Security Scanning Tools

Security Scanning ToolsHackers are everywhere these days, not just in the movies but in real life too, doing their best to wreak havoc for fun or profit or who knows what other reasons. So it is now all the more important to find the vulnerabilities in your computer networks and servers so you can patch them before the hackers find their way in. To that end there are a number of great security scanning tools, software and even hardware tools which every serious technician should get to grips with to become competent pentesters (it also looks good on your CV!).

Some vulnerability scanners are pretty much click & run and will do their thing then report back to you with their findings. Others are much more complex and you can develop your own custom exploits with them  allowing you to really attack a system even if it is not a standard setup.

While many hackers are what is known as ‘script kiddies’ who just run the pentesting scripts created by others, there is certainly no shortage of very skilled hackers that are more than capable of developing their own custom attacks and so you should make every effort to learn the tools which they use and learn how to defend against them.

Any sysadmin who has looked at logs for more than a minute (and what sysadmin hasn’t wiled away many an hour trawling through the logs on numerous occasions?) will be familiar with the endless stream of automated attempts at logging in to a server, whether by ssh, ftp, a web based admin panel or others. You can watch in real time as the hackers tool goes through all the usual patterns trying to find a way in and hopefully they fail because you have adequately secured your systems and/or they are looking for things which don’t exist on your system. They don’t just try guess passwords or scan ports of course, many are looking for sql injections or other weaknesses in popular web applications as they provide a very easy way in when left unpatched as they so often are.

Metasploit is one of the best known and most popular tools for pentesting as it provides a mature and highly advanced platform for exploits which caters to all levels of hacker.

IBM also offers security software in the form of QRadar Vulnerability Manager which they say “proactively discovers network device and application security vulnerabilities, adds context and supports the prioritization of remediation and mitigation activities.”  and is as expensive as it sounds. (as you’d expect from IBM).

On the hardware side there are some nice “toys” for security techs to play with such as those made by Pwnie Express – the Pwn Pad for example is a tablet customized for pen testers. It features an Android frontend and a Kali backend and is packed with hacking tools ready to run with the swipe of a finger. Of course you could just install Kali Linux (formerly Backtrack) on your own devices but it wont have the same catchy name as the Pwn Pad.

GFI seem to have their finger in every pie and security is no exception as along with managed antivirus, they also have Languard for “vulnerability management”, for a fee of course.

For a list of scanning apps you can check out this page which has plenty to assuage the desires of the most ardent hacker.

To learn how to use the many pentesting tools out there you can do a course such as Certified Ethical Hacker or those offered by various security companies such as Offensive Security (who also make Kali Linux).  Doing suitable training will naturally help you get up to speed far faster so you will be better prepared to deal with the cyber threats to your business.

 

 

Conferences for IT Services Professionals: the what, why, where and how.

Conferences for IT Services ProfessionalsAs we’ve said before, IT tools are not just physical gadgets that you can pick up and wave around the datacenter, they also include knowledge and connections or in other words – people. While there are many online communities for IT pros which we talked about in that  linked article, there are of course offline ‘meatspace’ places for meeting and greeting and learning and sharing. The infamous conference circuit is where the action is and there’s plenty of conferences to keep you busy all year around.

If you’ve never been to a conference you may be wondering what goes on there? How should you prepare? Is it worth the often not inconsiderable cost? Well the answers to those questions depends very much on what you are expecting to get from the event, what kind of event it is etc..  and yes you generally should prepare to some extent to ensure you get  the most out of it.

Excuses
For many people conferences are just an excuse to get a day or three away from the office to party in a fancy hotel in Vegas on the company expense account (and of course what happens in Vegas, stays in Vegas). However besides partying there are actually other reasons to attend..  networking is a big one as it’s a great chance to meet potential clients and partners, thrash out lucrative new business deals and perhaps co-found what seems like it will surely be the next hottest thing, until you sober up the next morning..

Besides that, a good conference will be packed with informative sessions by industry experts and you can certainly learn a lot so don’t forget to bring a pen & paper (or tablet/netbook if you want to go all hi-tech 😉 ) and take notes!

Schwag
There will of course be schwag, or there should be as no conference could get away without the giveaway these days – the “schwag bag” is one of the key reasons for attending such events – we attendees need our free rubber stress balls, mouse mats, pens, hats, t-shirts, bags, badges, stickers, USB thingymajigs and assorted shiny things, all of course stamped with a company logo or domain name so you wont forget who provided the freebie sat on your desk or at the back of a drawer six months later.

The Events
So what does the coming year have in store for the prospective IT conference attendee? Read on for our current recommendations for IT services events..

If CISCO is your thing then you will want to be at CISCO Live which provides a working weeks worth of fun with routers. Whether you are a CCNA or CCIE or just want to get your hands on some Cisco schwag, this is the place to be.

HDI offers the ‘World Conference for Technical Services and Support’ which is attended by over 2000 people and lasts for 4 days, not including multiple pre-conference breakfasts and the like.

If you’re in the MSP line of work then you wont want to miss MSP World – you might even win $5k!

RMM service provider GFIMAX also has their own IT events around the world each year which are popular with MSP’s and IT techs.

Interop is yet another event worth checking out and as good an excuse as any to visit Las Vegas for a few days.

Gartner has events all over the place for a whole range of IT related themes so pick your poison and off you go.

Over in Europe there is the ridiculously large CeBIT conference (in fact the worlds largest IT conference) which runs for 5 days and features hundreds (if not thousands) of sessions and exhibitors and hundreds of thousands of visitors.

These days ‘the cloud’ is red hot so of course you’ll just have to head for CloudExpo in Europe if you want to stay on top of the game.

Also in Europe (UK to be precise), there is IPEXPO which bills itself as the the UK’s number one enterprise IT event. If that isn’t enough to tempt you – the whole event, featuring hundreds of sessions and hundreds of exhibitors, is FREE to attend!

If you want to get in on the latest tips, tricks and news from the search engine world then SMX is the place to be and they have events all over the world.

There are of course many, many more IT events including offerings from IBM, Microsoft, Citrix, Oracle, ASCII, CompTIA, Asterisk, VMware, SITS, HP, Parallels, Infosec, RSA, HostingCon, and not forgetting of course CES.

If you manage to attend all those and live to tell the tale – let us know!

So what are your plans for the conference circuit this year? Do you have any favorite events to recommend? Or any to avoid even? Feel free to comment below.

 

Backup Tools

Backup ToolsIf there’s one thing that keeps IT Managers and business owners awake at night it is the thought of catastrophic data loss, typically due to hardware failure but it could also be due to failed software upgrades , database updates, human error or even malicious hackers. So in order to sleep better it is of course essential to have good backup tools.

Backups can be done in many ways, even manually with a simple copy command, however manually created backups are not something to be relied on because it is only a matter of time before a backup is forgotten or it fails to include some essential data and you may never know about it until you need it and find your critical data is not there. You do not want that to happen! Proper backup tools which are automatically run on schedule and which make incremental backups containing data updates and additions along with periodical full backups with all your data are the order of the day. There are quite a few solutions which provide just this, as you would expect as backups are not a new thing, some of which are software you must install and manage, some are complex backup server systems and some are remotely managed services so you only have to deal with defining what and when to backup and the rest is done for you.

For Linux based systems a popular backup utility is rsnapshot which is basically just a Perl script that wraps around rsync and is run by cron every hour or at intervals you define. It creates the incremental backups as you would expect and rotates them all for you. Once configured it works well. It does of course depend on your own backup hardware and you need to make sure it is configured correctly and actually runs as and when required.

For a more ‘enterprise’ level backup system you could use something like Bacula which is an open source system featuring a linux/unix based server along with client daemons which run on multiple OS’s including Windows.

Once you have a backup system in place you need to know it is actually running and doing its job so you could use your monitoring tools to keep an eye on it and alert you if things go wrong so you can hopefully fix it long before you ever need to access your backed up data.

So called ‘Cloud’ backup tools are another option and there are many to choose from, quite a few of which depend on Cloud storage systems such as AWS (Amazon). Having your data managed and hosted by another company may be something you would need to consider carefully for various reasons from legal to security. Is your data secure there and do your terms of service or client contracts allow you to store data in such a way? There are undoubtedly benefits to using a managed backup service but make sure to do your due diligence before trusting your precious data to a 3rd party. Services for MSP’s to consider include Kaseya, Datto and GFI, amongst others.

Either way it is certainly wise to have more than one backup location anyway so your backups do not go up in smoke along with your primary systems!

Whichever backup tools you choose to use you also need to make sure that you can get your data back from your backups should you ever need to. It is essential to test that your backups are working and the right data from the appropriate snapshots is easily and quickly available – data recovery is just as important as data backup!

Which are your favorite backup tools? Let us know in the comments..