Best IT Blog

Realtime Information Breeds Success

Posted in Business (600) by Guest on the December 31st, 2014

With Realtime Business Information at their finger tips,

People make their best & most informed decisions


Comments Off on Realtime Information Breeds Success

Password Cracking Testing

Posted in Security (1500) by Guest on the December 27th, 2014

Password cracking is the process of validating password strength through the use of automated password recovery tools that expose either the application of weak cryptographic algorithms, incorrect implementation of cryptographic algorithms, or weak passwords due to human factors. This module should not be confused with password recovery via sniffing clear text channels, which may be a more simple means of subverting system security, but only due to unencrypted authentication mechanisms, not password weakness itself. [Note: This module could include manual password guessing techniques, which exploits default username and password combinations in applications or operating systems (e.g. Username: System Password: Test), or easy-to-guess passwords resulting from user error (e.g. Username: joe Password: joe). This may be a means of obtaining access to a system initially, perhaps even administrator or root access, but only due to educated guessing. Beyond manual password guessing with simple or default combinations, brute forcing passwords for such applications as Telnet, using scripts or custom programs, is almost not feasible due to prompt timeout values, even with multi-connection (i.e. simulated threading) brute force applications.

Once gaining administrator or root privileges on a computer system, password cracking may assist in obtaining access to additional systems or applications (thanks to users with matching passwords on multiple systems) and is a valid technique that can be used for system leverage throughout a security test. Thorough or corporate-wide password cracking can also be performed as a simple after-action exercise and may highlight the need for stronger encryption algorithms for key systems storing passwords, as well as highlight a need for enforcing the use of stronger user passwords through stricter policy, automatic generation, or pluggable authentication modules (PAMs). 

Expected Results

  • Password file cracked or uncracked
  • List of login IPS / IDS with user or system passwords
  • List of systems vulnerable to crack attacks
  • List of documents or files vulnerable to crack attacks
  • List of systems with user or system login IPS / IDS using the same passwords

Tasks to perform for a thorough Password Cracking verification

  • Obtain the password file from the system that stores usernames and passwords
    1. For Unix systems, this will be either /etc/passwd or /etc/shadow
    2. For Unix systems that happen to perform SMB authentication, you can find NT passwords in /etc/smbpasswd
    3. For NT systems, this will be /winnt/repair/Sam._ (or other, more difficult to obtain variants)
  • Run an automated dictionary attack on the password file
  • Run a brute force attack on the password file as time and processing cycles allow
  • Use obtained passwords or their variations to access additional systems or applications
  • Run automated password crackers on encrypted files that are encountered (such as PDFs or Word documents) in an attempt to gather more intelligence and highlight the need for stronger document or file system encryption.


Comments Off on Password Cracking Testing

Electro Magnetic Radiation – Testing

Posted in Compliances (1300) by Guest on the December 26th, 2014
Comments Off on Electro Magnetic Radiation – Testing

Sample Excel – Guardium Access Monitoring Deployment

Comments Off on Sample Excel – Guardium Access Monitoring Deployment

Sample Visio – Bluecoat Proxy Stencils

Comments Off on Sample Visio – Bluecoat Proxy Stencils

Sample PowerPoint – Many many free PowerPoint Images

Posted in Business (600) by Guest on the December 19th, 2014
Comments Off on Sample PowerPoint – Many many free PowerPoint Images

Top Vertical Business Industries and Business Markets

Posted in Business (600) by Guest on the December 17th, 2014

We will be posting some basic business requirements for the following business Verticals.

Energy and Utilities Healthcare Business Services
Oil and Gas Pharmaceutical Information Technology
Solar Biotechnology Consulting
Geo Thermo Chemical Computer Software / Hardware


Telecom, Retail Insurance Automotive
Electronics Banking / Finance Education
Engineering Federal, state and local governments Manufacturing
Printing / Publishing Transportation Construction
Military and homeland security Media / Marketing / Advertising HVAC
SMB / SME Outsourced HR Food and Beverage


Comments Off on Top Vertical Business Industries and Business Markets

Enterprise Integration Service Considerations

Posted in Compliances (1300),Security (1500) by Guest on the December 16th, 2014

 Challenges for your business…

  1. How do you guarantee suitable infrastructure at all locations?
  2. How do you handle the design, deployment and integration of new technologies into your global network global network?
  3. How do manage the deployment of new technology across thousands of miles, customs barriers, language differences and local regulations ?
  4. How do you ensure that you can deploy your network as quickly and efficiently as possible?

Many network managers are being asked to do more with less and with cost a major issue we are seeing more and more of our customers looking to reduce costs and limit their number of maintenance suppliers.


Comments Off on Enterprise Integration Service Considerations

Common – IT Corporate Initiatives for 2015

Posted in Compliances (1300),Policies - Standards (600) by Guest on the December 15th, 2014

Application consolidation will be a key theme to reduce costs and complexity. 

Application Lifecycles will need to accelerate, while the of complexity of applications increase.

Multiple delivery options will be available to businesses (internal and external).

  • Computing architecture evolves to become more green, agile, and cost effective
  • Unified Computing (compute, network, storage)
  • Heterogeneity across infrastructure, applications, virtualization, cloud 
  • Continued pressure to demonstrate economic value while reducing costs
  • Many Organizations have fixed cost associated with the operations of their compute environment
  • Multi-sourcing becomes viable strategy for enterprise– combination of internal IT, external SaaS, Cloud


Comments Off on Common – IT Corporate Initiatives for 2015

Sample – High Level LAN Architecture Considerations

Posted in Compliances (1300),Data Center - SOC - NOC,Networking (340) by Guest on the December 14th, 2014

Standards-based: Implementation, Monitoring and Break / Fix.

  1. Green Initiatives – reduce power, space, & cable plant requirements.
  2. High Speed Backup Infrastructure design.
  3. Wireless Standards for Trusted Laptops and BYOD.
  4. Deployment in new office build-outs.
  5. Implement Global LAN Multicast Architecture
  6. Migrate LAN infrastructure of recently acquired sites to corporate standards.
  7. Evaluate NextGen Data Center Network Architecture.
  8. Enhance Wireless and BYOD standards for Guest Workers.
  9. Develop Port-Level Authentication Control Architecture.
  10. Support Network Security objectives for segmentation and role-based access to network resources.

WAN MPLS Architecture

Standards-based Architecture in place.

  1. Client Connectivity Service Models Established.
  2. IPSEC encryption service offering available where required.
  3. Implement Global WAN Multicast Architecture.
  4. Enhance QOS architecture for Voice & Video.
  5. Evaluate GET VPN for NextGen Encryption Standard.
  6. Enhance traffic classification.
  7. and prioritization across WAN.
  8. Deploy NextGen encryption standard.

Extranet / Internet Architecture

Standard Extranet & Internet infrastructure deployed globally.

  1. Data Services consolidated regionally.
  2. Continue support for Global DC Consolidation Projects.
  3. Enhance FlexWorker Remote Access service models.
  4. Implement Out of Region Recovery Requirements for Inter-Agency applications.
  5. Provide a consistent infrastructure for system access across the global enterprise via secure private and public network access.

Network Security Architecture

  1. Next Gen architecture for Firewall, Intrusion Detection, Vulnerability Scanning, Web Proxy, DNS and Remote Access installed Globally.
  2. Centralized logging of network access for employees, clients and vendors in place.
  3. Evaluate Intrusion Prevention/Anomaly Detection Solutions
  4. Develop Cyber Security Architecture (DD0S).
  5. Implement NextGen Load Balancing Architecture.
  6. Enhance Risk Management processes in support of Compliance and Audit Requirements.
  7. Implement controls to protect voice services.
  8. Migrate from Device based to Entitlement based access controls for network resources.
  9. Integrate Logging Data Sources to support Event Correlation capability.


Comments Off on Sample – High Level LAN Architecture Considerations

Corporate – Hypothetical Pandemic Virus Outbreak Planning Scenarios

Posted in Business (600),Compliances (1300) by Guest on the December 13th, 2014

This is purly a Hypothetical Pandemic Virus Outbreak Scenarios that corporations should consider the impacts to your organization and it’s impact on business and IT supporting your business.

Time = Day 0 

Your government health agency, in coordination with the World Health Organization (WHO), this morning announced that new outbreaks of the H5N1 virus within the last week in Thailand have been identified as a new highly virulent variant of the H5N1 virus, capable of human-to-human transmission. 

More than three dozen cases have been reported, affecting all age groups and seemingly spread among extended families living in the same household. Although no cases of the virus have been reported outside of Thailand, U.S. health officials and hospitals have been notified to be on the alert for patients with severe respiratory symptoms and a history of travel to Thailand. 

Cultures have also been sent to your government health agency, so that work can begin to produce an effective vaccine. Vaccine manufacturers have also been placed on alert. In this scenario, the world is currently at WHO Alert Phase 3. 

This is a hypothetical situation only. 

Time = T + One Month 

International news services are reporting outbreaks of the new highly virulent strain of H5N1 in small pockets of China outside Beijing and Shanghai, Ankara Turkey and Baghdad Iraq. Health officials believe the virus most likely spread by ill airline passengers. 

Although the virus appears to be confined to only four countries, several major airlines have begun restricting or canceling their international flights. 

This is a hypothetical situation only. 

Time = T + Two Months. 

Pandemic influenza cases have now been confirmed in your region, as well as other major cities throughout your country. Government health officials believe that the virus will spread to the remainder of your country within two months or less. They are emphasizing frequent hand- washing and social distancing as the best preventative measures. Some local health departments in affected areas have begun to distribute antivirals, ensuring that medical personnel and first responders receive priority distribution. 

Corporate employees at your location have begun to inquire whether the organization plans to provide antivirals and facemasks to the workforce. Others are asking whether they can work from home until a vaccine is developed. Still others are asking whether Corporate has any plans to test potentially symptomatic employees prior to allowing them to enter corporate work places.

The vaccine is not expected to be available for another two months at the earliest. Even then, supply will be limited to health care providers and other first responders. 

This is a hypothetical situation only. 

Time = T + Four Months

Thirty-three percent (33%) of corporate employees worldwide have become ill as a result of the pandemic. Absentee rates continue to rise, with only 60-75% of the workforce continuing to report for work in some affected areas. Some locations have already seen a second wave of infections leading to high absenteeism again. Only a small percentage of Corporate’s critical employees are willing to come to work because they are dealing with a sick loved one, they are unable to find child care or simply don’t want to take a chance. Employees in all walks of life admit to being more afraid of catching the virus than of losing their jobs. 

Police forces are understaffed and local utility personnel shortages have led ton blackouts and unreliable phone service. The extremely high use of the Internet by other companies’ employees working from home has slowed the Internet to a point where it is virtually unavailable. Higher than expected absenteeism among postal service employees has led to extremely slow mail processing and delivery. Grocery stores are suffering from shortages of food and other basic supplies because of trucker and railroad worker “sick-outs” and travel restrictions. 

This is a hypothetical situation only 

Time = T + Twelve Months 

Infections worldwide have begun to level off and health experts and media commentators are positing that the rate of new infections will continue to decline. A vaccine that is effective on the original strain has been developed and is being distributed globally. However distribution and administration in less industrialized countries is very slow. Based on current infection rates in Asia, there is fear that a second wave of infection will occur within the next few months. It is unknown whether the current vaccine will be completely effective in the next wave.

The current death toll in your country alone stands at approximately 1% of the population.

The toll on the global, country and local economies has been devastating. Global GDP is estimated to be down 5% for the year representing a loss of approximately $800 billion. The travel and resort industries have been hit hardest with many companies declaring bankruptcy. Port and other freight operations have slowed due to worker shortages and severe back-ups for trucking and other intermodal forms of transport. Share prices of most major manufacturing firms – including Corporate – have dropped markedly as a result of the heavy absenteeism rates and inconsistent schedules for critical supply chains. 

This is a hypothetical situation only.


Comments Off on Corporate – Hypothetical Pandemic Virus Outbreak Planning Scenarios

Sample Visio – Deploying Bluecoat Appliance Requirements

Posted in Business (600),Compliances (1300),Visio Samples - Stencils (457) by Guest on the December 12th, 2014
Comments Off on Sample Visio – Deploying Bluecoat Appliance Requirements

What is key about ITIL and a Life Cycle approach

  1. Improved quality, cost, value and effectiveness of IT
  2. Improved IT Productivity
  3. Improved IT Services
  4. Managed expectations
  5. Improved Customer Satisfaction
  6. Reduce Operating costs


Organizations can clearly align themselves with the business by agreeing on a service portfolio that describes what customers use, in business language.

A strategic lifecycle framework for quality service

Globally used and non-proprietary

Convergence of Strategy, Governance & Management practices for IT service

Measurable IT in business value outcomes

Functional elements help deliver real value


Comments Off on What is key about ITIL and a Life Cycle approach

Sample Excel – F5 – Big – IP Request form

Comments Off on Sample Excel – F5 – Big – IP Request form

Sample Visio – Enterprise IT Infrastructure

Comments Off on Sample Visio – Enterprise IT Infrastructure

Sample – Clinical Vendor Proof of Concept Criteria

Posted in Health Care HIPAA - HITECH - HITECH (98),Security (1500) by Guest on the December 8th, 2014
  1. Understand Clinical workflows 
  2. Understand the emphasis on Security
    • User enrollment , provisioning / de-provisioning (integration with Active Directory)
    • Password management (self service)
    • Auditing / reporting
    • Flexible and strong two factor authentication
  3. Vendor
  4. Capacities
  5.  Viability (longevity, experience, financials, market standing)
    • Product
    • Ease of use,
    • Ease of maintenance / customer support (help desk, customer support / vendor support required)
    • Co-location Scalability
    • Operational overhead
    • Application Extensibility
    • Developer resources required
    • Enterprise deployment
    • Extent of training required
  6. Vendor Scorecard format
  7. Vendor Scorecard ranking
  8. Vendor Selection


Comments Off on Sample – Clinical Vendor Proof of Concept Criteria