Best IT Documents.com Blog


Linux / UNIX Basics

Posted in O S (375) by Guest on the August 27th, 2010

Login:

login: <user account>

password: <user password>

Logout:

logout
exit

Ctrl-D

File Systems:

pwd: print current working directory

ls [-l] [-a]: List the contents of current directory

File attributes:

drwxr-xr-x  2 root  root  1024 Jun 4 17:01 bin/

  • d: [-dlsbc] -> [file,directory,link,special,block,char]
  • permission modes:
    • user (owner)                read
    • group    ó          write
    • others                 execute
  • Change permission mode of files or directories:
    • chmod <mode> <filenames>
    • <mode>: [ugo][+-][rwx] or an octal number
  • Change owner of files
    • chown <user>.<group> <filenames>

Linux system directories:

/                           root directory

/bin                      binary files

/dev                     device files

/etc                      configuration files and initialization scripts

/home                  root of user home directories

/lib                       programming language library

/lost+found         lost files

/proc                    Linux system information

/root                     root home directory

/sbin                     binary files for system management

/tmp                     temporary directory

/usr                      user files

/var                      various files

/mnt                     a temporary mount point

Special directories:

~                 : home directory

~<user>      : home directory of <user>

.                  : current directory

..                 : parent directory

Directory-related commands:

cd <directory>          : change directory

mkdir <directory>    : make directory

rmdir <directory>    : remove directory

File-related commands:

cp <filename> <destination>        : copy files

mv <filename> <destination>       : move or rename files

rm <filename>                               : remove files

more <filename>                           : display file by page

cat <filename>                              : display the whole file

ln [-s] <oldname> <newname>   : make links to files

I/O redirection:

<     : input

>     : output

|      : pipe

Online manual pages:

man <command>: display manual page for <command>

User Info

User information commands:

who                        : display who is logged in on the system

w                            : display who is logged in, and what are they doing

whoami                  : display current user name

finger <user>         : display information about <user>

Changing user information:

passwd    : change password

chsh         : change shell

chfn  &nb

sp;    &
nbsp;

: change finger information

Process & Job Control

Terminating processes or jobs:

Ctrl-C: interrupt current process

Ctrl-D: terminate file input

Ctrl-Z: suspend current process

Process-related commands:

ps [-x] [-a]: display information of processes

kill -9 <PID>

Job control:

<command> &      : run command in background

bg                           : put current suspended job into background running

fg                            : continue suspended job

jobs                         : list background jobs

Alias:

alias <name> = <command line>         : assign command line to the alias

unalias <name>                            : remove alias

File Editors: joe, vi, ed, emacs, pico, …

  • Basic operation of joe:

Ctrl-KX: save file and quit

Ctrl-C: quit

Ctrl-KB: mark beginning

Ctrl-KK: mark End

Ctrl-KC: copy marked text

Ctrl-KM: move marked text

·         Basic operation of vi:

(1)    In command mode:

arrow keys    change cursor position

i                    insert (change into editing mode)

a                   append after cursor (change into editing mode)

x                   delete this character

dd                 delete this line

:w                 write to file

:q                  quit

:q!                 quit without saving changes

(2)    In editing mode:

ESC              change back to command mode

Printing commands:

lpr <file>   : print a file

lpq              : list printer queue

lprm [-]      : remove a printing job

Miscellaneous commands:

clear                             : clear screen

date                              : display current date and time

which <command>     : display the pathname of <command>

Environment variables:

set                                                         : display current environment variables

echo $PATH                                        : display current setting of PATH

<name>=<value>; export <name>   : define a variable <name>

Shell scripts ó batch files in DOS

Local Configuration Files:

~/.cshrc         : C Shell rc file

~/.login          : Login scripts

~/.plan           : personal plan à for finger

~/.forward     : e-mail forward list

Becoming superuser:

su <root>
sudo <command>

Useful tools:

find <dir> [-name <filename>] [-print]            : find <filename> from <dir>

grep <string> <files>                             : search <string> in <files>

diff <file1> <file2>                                 : display the differences between <file1> and <file2>

Comments Off on Linux / UNIX Basics

PowerPoint – Blackberry Enterprise Server

Posted in eMail (66),Sample - IT Spreadsheets - PowerPoints (251) by Guest on the August 25th, 2010
Comments Off on PowerPoint – Blackberry Enterprise Server

Sanctions for Regulatory Non-Compliance

Posted in Compliances (1300) by Guest on the August 21st, 2010

There are penalties for stakeholders; CISO is liable.

The first column indicates when the year when the regulation came into existence

The next column shows the fine the maximum fine.  As you can see, there are some hefty fines associated with non-compliance. 

This is driving behaviour.

The next column shows the imprisonment that is associated with non-compliance to each of these regulations.  This is also driving behaviour.

The last column shows the other negative consequences of non-compliance.

For PCI, rescinding the right to accept credit card data is devastating.  It is much worse than any fine that Visa / MasterCard to impose

Regulation

Date of
Enforcement

Fine

Imprisonment

Industry

HIPAA 1996 $250,000 10 years Health
GLBA 1999 $100,000 per incident 5 years Financial
PCI 2005 $500k per incident + $100k if VISA is not notified None—Rescind the right to accept credit card payments Credit Card Security

Others to consider:

AR 335–15, Management Information Control System

DA Pam 25–1–1, Information Technology Support and Services

DODD 5015.2, Department of Defense Records Management Program

http://www.bestitdocuments.com/Services.html

 

Comments Off on Sanctions for Regulatory Non-Compliance

Excellent windows Tweaks and Internal Information

Posted in O S (375) by Guest on the August 20th, 2010

Great site for Tweaking Windows and understanding some of the internals.

http://www.blackviper.com/

Comments Off on Excellent windows Tweaks and Internal Information

Viruses, Worms and Trojan Horses

Posted in Security (1500) by Guest on the August 19th, 2010
Author unknown it was still worth publishing
         Virus
         program that reproduces by attaching to another program
         may damage data directly or it may degrade system performance by taking over system resources, which are then not available to authorized users
         Worm
         an independent program that reproduces by copying itself from one system to another, usually over a network
         may damage data directly, or it may degrade system performance by consuming system resources and even shutting down a network
         Trojan horse
         an independent program that appears to perform a useful function but that hides another unauthorized program inside it. When an authorized user performs the apparent function, the Trojan horse performs the unauthorized function as well (often usurping the privileges of the user)
Malicious Programs
         Those that need a host program
         Fragments of programs that cannot exist independently of some application program, utility, or system program
         Independent
         Self-contained programs that can be scheduled and run by the operating system
Trapdoor
         Entry point into a program that allows someone who is aware of trapdoor to gain access
         used by programmers to debug and test programs
         Avoids necessary setup and authentication
         Method to activate program if something wrong with authentication procedure
Logic Bomb
         Code embedded in a legitimate program that is set to “explode” when certain conditions are met
         Presence or absence of certain files
         Particular day of the week
         Particular user running application
Trojan Horse
         Useful program that contains hidden code that when invoked performs some unwanted or harmful function
         Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly
         User may set file permission so everyone has
Viruses
         Program that can “infect” other programs by modifying them
         Modification includes copy of virus program
         The infected program can infect other programs
Worms
         Use network connections to spread form system to system
         Electronic mail facility
         A worm mails a copy of itself to other systems
         Remote execution capability
         A worm executes a copy of itself on another system
         Remote log-in capability
         A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other
Zombie
         Program that secretly takes over another Internet-attached computer
         It uses that computer to launch attacks that are difficult to trace to the zombie’s creator
Virus Stages
         Dormant phase
         Virus is idle
         Propagation phase
         Virus places an identical copy of itself into other programs or into certain system areas on the disk
Virus Stages
         Triggering phase
         Virus is activated to perform the function for which it was intended
         Caused by a variety of system events
      

   < /span>Execution phase

         Function is performed
Types of Viruses
         Parasitic
         Attaches itself to executable files and replicates
         When the infected program is executed, it looks for other executables to infect
         Memory-resident
         Lodges in main memory as part of a resident system program
         Once in memory, it infects every program that executes
Types of Viruses
         Boot sector
         Infects boot record
         Spreads when system is booted from the disk containing the virus
         Stealth
         Designed to hide itself form detection by antivirus software
         May use compression
Types of Viruses
         Polymorphic
         Mutates with every infection, making detection by the “signature” of the virus impossible
         Mutation engine creates a random encryption key to encrypt the remainder of the virus
         The key is stored with the virus
Macro Viruses
         Platform independent
         Most infect Microsoft Word
         Infect document, not executable portions of code
         Easily spread
Macro Viruses
         A macro is an executable program embedded in a word processing document or other type of file
         Autoexecuting macros in Word
         Autoexecute
         Executes when Word is started
         Automacro
         Executes when defined event occurs such as opening or closing a document
         Command macro
         Executed when user invokes a command (e.g., File Save)
E-mail Virus
         Activated when recipient opens the e-mail attachment
         Activated by open an e-mail that contains the virus
         Uses Visual Basic scripting language
         Propagates itself to all of the e-mail addresses known to the infected host
Comments Off on Viruses, Worms and Trojan Horses

Sample Excel – Technical Reference Model Sample Descriptions

Posted in Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the August 18th, 2010
Comments Off on Sample Excel – Technical Reference Model Sample Descriptions

Cross Industry Document Retention

Posted in Compliances (1300) by Guest on the August 15th, 2010

Banking – FDIC/OCC

Brokerage – SEC Rule 17a3 and 17a4

Telecom – Title 47, Part 42

Pharmaceutical – FDA Title 21, Part 11

Healthcare – HIPAA

Defense – DOD 5015.2 Standard

All publicly held – Sarbanes Oxley Act

There is a renewed focus of these retention requirements have documented retention requirements for electronic records including email.

Clinical Laboratory Information Act to protect critical laboratory data HIPAA 1996

http://bestitdocuments.com/Services.html

 

Comments Off on Cross Industry Document Retention

Windows Service Checks

Posted in O S (375) by Guest on the August 14th, 2010

User mode services:

Service name :Browser

Display Name :Computer Browser

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

The Computer Browser contains a denial of service attack where many spoofed entries can be added. There are many occasions when the browse list is requested from the maintainer or backup browser eg. when a user opens up their “Network Neighbourhood” or when the Server Manger is opended and the whole list is sent across the network. If enough entries are added to the browse list then it can grow to hundreds of megabytes causing machines to hang and utilize available bandwidth on the network cable. If this poses a risk on your network then this service should be disabled.

Service name :cisvc

Display Name :Indexing Service

Binary Path :E:WINNTSystem32cisvc.exe

Service is running in the security context of LocalSystem

The Index Server service is running. Ensure that only files you want indexed are indexed and no sensitive files are otherwise users may be able to access them.

For example the Index Server Service indexs ASP pages and it will be possible for remote users to gain access to the source of the pages.

Service name :Dhcp

Display Name :DHCP Client

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :dmserver

Display Name :Logical Disk Manager

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :Dnscache

Display Name :DNS Client

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :Eventlog

Display Name :Event Log

Binary Path :E:WINNTsystem32services.exe

Service is running in the security context of LocalSystem

Service name :EventSystem

Display Name :COM+ Event System

Binary Path :E:WINNTSystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

Service name :IISADMIN

Display Name :IIS Admin Service

Binary Path :E:WINNTSystem32inetsrvinetinfo.exe

Service is running in the security context of LocalSystem

Service name :lanmanserver

Display Name :Server

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :lanmanworkstation

Display Name :Workstation

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :LmHosts

Display Name :TCP/IP NetBIOS Helper Service

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

Service name :Messenger

Display Name :Messenger

Binary Path :E:WINNTSystem32services.exe

Service is running in the security context of LocalSystem

The Messenger service allows a user to send a message across the network that will pop up on the target’s computer screen. This can be abused in social engineering attacks eg. one user trying to get another to change their password. Added to this the name of user currently logged on to the system is registered in the NetBIOS name table which can be retrieved remotely by issuing an nbtstat -A x.x.x.x command. If this presents too much of a risk the Messenger service should be disabled.

Service name :Netman

Display Name :Network Connections

Binary Path :E:WINNTSystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

Service name :NtmsSvc

Display Name :Removable Storage

Binary Path :E:WINNTSystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

Service name :PlugPlay

Display Name :Plug and Play

Binary Path :E:WINNTsystem32services.exe

Service is running in the security context of LocalSystem

Service name :PolicyAgent

Display Name :IPSEC Policy Agent

Binary Path :E:WINNTSystem32lsass.exe

Service is running in the security context of LocalSystem

Service name :ProtectedStorage

Display Name :Protected Storage

Binary Path :E:WINNTsystem32services.exe

Service is running in the security context of LocalSystem

Service name :RasMan

Display Name :Remote Access Connection Manager

Binary Path :E:WINNTSystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

The Remote Access Service allows users to dial in to the server. Ensure that only those users that require remote access are given the RAS Dial in permission.

Service name :RemoteRegistry

Display Name :Remote Registry Service

Binary Path :E:WINNTsystem32regsvc.exe

Service is running in the security context of LocalSystem

Service name :RpcSs

Display Name :Remote Procedure Call (RPC)

Binary Path :E:WINNTsystem32svchost -k rpcss

Service is running in the security context of LocalSystem

Service name :SamSs

Display Name :Security Accounts Manager

Binary Path :E:WINNTsystem32lsass.exe

Service is running in the security context of LocalSystem

Service name :Schedule

Display Name :Task Scheduler

Binary Path :E:WINNTsystem32MSTask.exe

Service is running in the security context of LocalSystem

Service name :seclogon

Display Name :RunAs Service

Binary Path :E:WINNTsystem32services.exe

Service is running in the security context of LocalSystem

Service name :SENS

Display Name :System Event Notification

Binary Path :E:WINNTsystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

Service name :Spooler

Display Name :Print Spooler

Binary Path :E:WINNTsystem32spoolsv.exe

Service is running in the security context of LocalSystem

Service name :TapiSrv

Display Name :Telephony

Binary Path :E:WINNTSystem32svchost.exe -k netsvcs

Service is running in the security context of LocalSystem

Service name :TrkWks

Display Name :Distributed Link Tracking Client

Binary Path :E:WINNTsystem32services.exe

Service is running in the security context of LocalSystem

Service name :W3SVC

Display Name :World Wide Web Publishing Service

Binary Path :E:WINNTSystem32inetsrvinetinfo.exe

Service is running in the security context of LocalSystem

Service name :WinMgmt

Display Name :Windows Management Instrumentation

Binary Path :E:WINNTSystem32WBEMWinMgmt.exe

Service is running in the security context of LocalSystem

Service name :Wmi

Display Name :Windows Management Instrumentation Driver Extensions

Binary Path :E:WINNTsystem32Services.exe

Service is running in the security context of LocalSystem

Driver services:

Service name :ACPI

Display Name :Microsoft ACPI Driver

Binary Path: Syst
emRootSystem32DRIVERSACPI.sys

 

Service name :AFD

Display Name :AFD Networking Support Environment

Binary Path: SystemRootSystem32driversafd.sys

 

Service name :atapi

Display Name :Standard IDE/ESDI Hard Disk Controller

Binary Path: SystemRootSystem32DRIVERSatapi.sys

 

Service name :Beep

Display Name :Beep

Binary Path:

 

Service name :Cdrom

Display Name :CD-ROM Driver

Binary Path: System32DRIVERScdrom.sys

 

Service name :Disk

Display Name :Disk Driver

Binary Path: SystemRootSystem32DRIVERSdisk.sys

 

Service name :Diskperf

Display Name :Diskperf

Binary Path:

 

Service name :dmio

Display Name :Logical Disk Manager Driver

Binary Path: SystemRootSystem32driversdmio.sys

 

Service name :dmload

Display Name :dmload

Binary Path: SystemRootSystem32driversdmload.sys

 

Service name :Fips

Display Name :Fips

Binary Path:

 

Service name :Ftdisk

Display Name :Volume Manager Driver

Binary Path: SystemRootSystem32DRIVERSftdisk.sys

 

Service name :i8042prt

Display Name :i8042 Keyboard and PS/2 Mouse Port Driver

Binary Path: System32DRIVERSi8042prt.sys

 

Service name :IPSEC

Display Name :IPSEC driver

Binary Path: System32DRIVERSipsec.sys

 

Service name :isapnp

Display Name :PnP ISA/EISA Bus Driver

Binary Path: SystemRootSystem32DRIVERSisapnp.sys

 

Service name :Kbdclass

Display Name :Keyboard Class Driver

Binary Path: System32DRIVERSkbdclass.sys

 

Service name :KSecDD

Display Name :KSecDD

Binary Path:

 

Service name :mnmdd

Display Name :mnmdd

Binary Path:

 

Service name :Mouclass

Display Name :Mouse Class Driver

Binary Path: System32DRIVERSmouclass.sys

 

Service name :MountMgr

Display Name :MountMgr

Binary Path:

 

Service name :MRxSmb

Display Name :MRxSmb

Binary Path: System32DRIVERSmrxsmb.sys

 

Service name :Msfs

Display Name :Msfs

Binary Path:

 

Service name :Mup

Display Name :Mup

Binary Path:

 

Service name :NDIS

Display Name :NDIS System Driver

Binary Path:

 

Service name :NetBIOS

Display Name :NetBIOS Interface

Binary Path: System32DRIVERSnetbios.sys

 

Service name :NetBT

Display Name :NetBios over Tcpip

Binary Path: System32DRIVERSnetbt.sys

 

Service name :Npfs

Display Name :Npfs

Binary Path:

 

Service name :Null

Display Name :Null

Binary Path:

 

Service name :Parport

Display Name :Parallel port driver

Binary Path: System32DRIVERSparport.sys

 

Service name :PartMgr

Display Name :PartMgr

Binary Path:

 

Service name :ParVdm

Display Name :ParVdm

Binary Path:

 

Service name :PCI

Display Name :PCI Bus Driver

Binary Path: SystemRootSystem32DRIVERSpci.sys

 

Service name :PCIIde

Display Name :PCIIde

Binary Path: SystemRootSystem32DRIVERSpciide.sys

 

Service name :RasAcd

Display Name :Remote Access Auto Connection Driver

Binary Path: System32DRIVERSrasacd.sys

 

Service name :Rdbss

Display Name :Rdbss

Binary Path: System32DRIVERSrdbss.sys

 

Service name :Serial

Display Name :Serial port driver

Binary Path: System32DRIVERSserial.sys 

Service name :Tcpip

Display Name :TCP/IP Protocol Driver

Binary Path: System32DRIVERStcpip.sys 

Service name :VgaSave

Display Name :VgaSave

Binary Path: SystemRootSystem32driversvga.sys 

There are 30 user mode services running and 37 driver services running. Total = 67

http://bestitdocuments.com/Services.html

Comments Off on Windows Service Checks

What is the ITIL IT Service Request Catalog

Posted in Business (600),ITIL - Change Management - Help Desk (95) by Guest on the August 13th, 2010

 The IT Service Request Catalog is usually a web portal inside your organization that contains information about your organization IT Services. It optimizes IT services and improvements over the current methods that your organization used to request, assign, and fulfill IT service requests.

The IT Service Request Catalog provides:

· Central repository to document IT services

· Consistent, streamlined, end-to-end fulfillment workflows

· Systematic, robust approval features

· Two-way communication between fulfillment team and service requestors

· Service Categories

Some examples of Service Categories in the IT Service Request Catalog include:

· Application & System Services

· Data Center Hardware Services

· Database Administration

· Desktop Computer Services

http://www.bestitdocuments.com/Help-desk_solutions.html 

 

Comments Off on What is the ITIL IT Service Request Catalog

Active Directory Structure

Posted in O S (375) by Guest on the August 7th, 2010

To understand Active Directory, the reader should have some knowledge of object oriented concepts. It should be helpful to read the Object Guide on this site.

Features:

· Network resources are easy to find.

· Uses group policies for easier administration

· Scalability

· Flexibility with the ability to add new classes, attributes, and objects.

· Fully integrated security

· Extensibility

· Works on any network.

  

Parts and Structure

The domain is the core unit in the Active Directory structure. Active Directory includes:

· A database of information about network users and resources.

· A service managing the database.

· Active directory is organized hierarchially and contains information about:

· User Accounts

· Computers

· Shared folders

  

Printers

Active directory depends on and requires Domain Name Service (DNS) to be implemented on the network.

Functions

· Users can logon and are authenticated.

· Users can locate network resources.

· Administrators manage user and group access to network objects (resources).

· Users can have some administrative rights to some parts of the Active Directory database.

  

Object Oriented

Active Directory is object oriented. This means that items in active directory is treated as objects. Objects contain both behavior (executable code) and attributes (data or characteristics). Objects are constructed using classes, similar to the way a cookie cutter is used to construct cookies. Classes are templates for objects.

  

Active Directory object classes include:

· Domain

· Organizational Unit – Contain either objects and/or other organizational units and are also called container objects. The OU simplifies administration by allowing the organization of objects and other OUs (Its primary purpose).

· Group

· User

· Computer

· Contact

· Shared folder

· Printer

 

 

A domain tree is a hierarchial group of one or more domains with one root domain.

  

Structure of Active Directory Database

All databases have a schema which is a formal definition (set of rules) which govern the database structure and types of objects and attributes which can be contained in the database. The schema contains a list of all classes and attributes in the forest. The schema keeps track of:

· Classes

· Class attributes

· Class relationships such as subclasses (Child classes that inherit attributes from the super class) and super classes (Parent classes).

· Object relationships such as what objects are contained by other objects or what objects contain other objects.

  

The Active Directory database is stored in the SystemRootNTDS directory. The file “ntds.dit” contains the directory and schema data, and the file “schema.ini” contains the information to control Active Directory security and create the default directory. Changes to the database are stored temporarily in log files in this directory until changes are finalized to the database with replication to other controllers complete.

· A forest is the set of all domains in an organization’s network. It consists of one or more trees, combined with two way transitive trusts. It represents a non-contiguous or disjointed namespace in Active Directory.

· A tree represents a contiguous name space in Active Directory and consiste of a hierarch of domains.

· A Global Catalog is a searchable master index with data about all objects in a forest. The schema is stored in the global catalog. Only information required to find an object is stored in the global catalog. When the first domain controller in the forest is established, a default catalog is created automatically on that controller. More than one server can house the global catalog.

· An Organizational Unit (OU) is an Active Directory container object that contains other organizational units or objects.

Changing the Active Directory Database Structure (Schema)

There are several ways to change the schema of Active Directory:

· Application vendors can provide the capability to change the schema.

· MMC – The Microsoft Management Console snap-in is a tool provided by Microsoft to allow the schema to be changed. The Windows 200x Administration Tools (ADMINPAK) must be installed. The snap-in is called Active Directory Schema. The group that can use this tool is called “Schema Admins”. This is a new group for Windows 200x just for administering the Active Directory database schema.

  

Domain Controllers

When Active Directory is installed on a Windows 200x server computer, that computer becomes a domain controller. Domain controllers are used to authenticate users and control access to objects in the Windows domain. A windows domain is a partial or full organizational structure which may or may not coincide with DNS domains on the internet. Active Directory allows these Windows domains to be structured into a tree relationship using trusts which are described later.

Domain controllers each contain a “replica” which is a copy of the domain directory.

Comments Off on Active Directory Structure