I'm not a huge fan of Facebook as I really don't see the point of sites like these. Generally, If I've not spoken to anyone in a number of years then there is a reason for it so I really don't want to hook up with them again thanks to facebook.
At the end of June I wrote that facebook users provide far too many personal details and were at risk of identify fraud. Well it seems that others are just catching on to this idea with several horror stories of exactly that in the media and then today The Register has this little gem of a story.
So it seems privacy settings on facebook are absolutely meaningless and staff consider snooping a 'perk'. If users privacy is treated in such a cavalier fashion by those that administer the site I can for see a risk that users will become more blasé about risks surrounding identity theft which will, in turn, create an entire identity theft industry around facebook.
Monday, October 29, 2007
Thursday, October 25, 2007
Centralised Logging
One of the essential features for even a small network is a centralised logging solution.
Having a centralised logging tool makes for much easier trouble shooting as it becomes possible to review logs and search for related events or even search for the same event on separate machines, traditionally this has required quite expensive software such as HP open view in order to implement but a fairly new company might be about to put an end to that.
Enter Splunk, The 'Google of IT data'. This application will happily collect all sorts of different logs once configured and the configuration is not too difficult.
Splunk needs to be installed onto a Linux, Mac or Solaris environment although a Windows version is promised soon. As a workaround Splunk recommend that SNARE is installed on Windows servers. This software will convert event logs into syslog format and send them to a named server.
Putting Splunk in the center of you logging infrastructure as a syslog server and pointing all your syslog capable devices at it and then using SNARE to roll up event logs as syslogs which also get sent to Splunk is very easy to do. Within a few hours you have a surprising amount of data available to be searched by splunk.
And the price for all this information?
SNARE is free, Splunk is free if the amount of data you send to the Splunk server is less than 500mb a day although some of the features are limited.
I will admit to being a fan of Splunk after playing with it in VMWare. Over the next few weeks I'm going to describe how to configure a simple splunk installation for Linux, Windows, NetApp filers and Cisco switches.
Having a centralised logging tool makes for much easier trouble shooting as it becomes possible to review logs and search for related events or even search for the same event on separate machines, traditionally this has required quite expensive software such as HP open view in order to implement but a fairly new company might be about to put an end to that.
Enter Splunk, The 'Google of IT data'. This application will happily collect all sorts of different logs once configured and the configuration is not too difficult.
Splunk needs to be installed onto a Linux, Mac or Solaris environment although a Windows version is promised soon. As a workaround Splunk recommend that SNARE is installed on Windows servers. This software will convert event logs into syslog format and send them to a named server.
Putting Splunk in the center of you logging infrastructure as a syslog server and pointing all your syslog capable devices at it and then using SNARE to roll up event logs as syslogs which also get sent to Splunk is very easy to do. Within a few hours you have a surprising amount of data available to be searched by splunk.
And the price for all this information?
SNARE is free, Splunk is free if the amount of data you send to the Splunk server is less than 500mb a day although some of the features are limited.
I will admit to being a fan of Splunk after playing with it in VMWare. Over the next few weeks I'm going to describe how to configure a simple splunk installation for Linux, Windows, NetApp filers and Cisco switches.
Tuesday, October 02, 2007
NT4 Emulator Key
If you happen to run a large Windows environment you might be familiar with the in place upgrade method of upgrading your domain to Active Directory. If you run a large Windows environment that spans several sites over a variety of links then you will know that an in place upgrade can be a pain.
The main problem with an in place upgrade stems from the fact that client machines will always prefer to talk to the Active Directory server instead of the Windows NT4 Backup Domain Controller. This means you can end up in a situation where a remote sites clients are traversing a poor link to authenticate against the Active Directory server and ignoring the local NT4 Domain Controller.
To work around this issue Microsoft provide a registry hack called the Windows NT4 Emulation key. If a DWORD key called NT4Emulator is created in HKLM/System/CurrentControlSet/Netlogon/Parameters and given the value of 1 is created then the server will 'pretend' to be a Windows NT4 server thus the client machines do not see any Active Directory domain controllers on the network and so will be quite happy to authenticate locally.
I'll cover this key and some of it's drawbacks in some later articles.
The main problem with an in place upgrade stems from the fact that client machines will always prefer to talk to the Active Directory server instead of the Windows NT4 Backup Domain Controller. This means you can end up in a situation where a remote sites clients are traversing a poor link to authenticate against the Active Directory server and ignoring the local NT4 Domain Controller.
To work around this issue Microsoft provide a registry hack called the Windows NT4 Emulation key. If a DWORD key called NT4Emulator is created in HKLM/System/CurrentControlSet/Netlogon/Parameters and given the value of 1 is created then the server will 'pretend' to be a Windows NT4 server thus the client machines do not see any Active Directory domain controllers on the network and so will be quite happy to authenticate locally.
I'll cover this key and some of it's drawbacks in some later articles.
Subscribe to:
Posts (Atom)