In a support role the idea is to leave the end user happy no matter how frustrated they are.
On March 25, 2008, In General, By t0ta11ed
On March 6, 2008, In Security, By t0ta11ed
Whenever you’re stuck in a small shop with a limited budget, it can be pretty hard to find a good, inexpensive application that can do five things:
Port scanning
Vulnerability scanning
Some kind of patch level detection
Wrap everything up into reporting that can show all the results by machine.
Doesn’t cost an arm, leg, and your first born.
With little to no budget, my auditing tools are varied and I have to cut and paste most of their results into a single report by hand. I’ve gotten pretty nifty with the report formats using color coded Excel sheets, and I get to flex my writing skills but the manual work involved really is frustrating. However, using a combo of the usual free tools (Nessus, Nmap, Microsoft Baseline Security Analyzer, Metaspolit, etc.), I’ve managed to audit a small network of 100+ IPs and 5 subnets in around four to five days, complete with the reports. This also includes external auditing of our two public networks. I still wish I had a free or inexpensive tool that does a lot of what I’m already doing manually, especially bringing in all of the results into a single report complete with an executive summary.
Now, I could be lazy and just compile all the output these tools already generate and call that a “report”, but I’m the creative type and believe in clear documentation that can translate to both non-technical staff and IT staff. They should have a uniform look, because Nessus’ output format is an HTML file and Nmaps’ is a text or XML file. Putting them all together into a printed out clump just looks sloppy, and I don’t go for sloppy with documentation.
There are plenty that do that job, but all of them are pretty hefty pricewise, which leaves those with a low budget for such items in the crunch. There is business opportunity in this area, so you would think this market would have a bit more variety. Changes in the security landscape are pushing it in that direction though, as security and compliance are becoming concerns to even some small businesses. If I was a .NET developer, I think I’d start writing something that did what I wanted. Alas, I’m not, but if any of them are out there lurking, get to coding!
On March 6, 2008, In Exchange, By t0ta11ed
Apple announced a beta of iPhone 2.0 that will include full Microsoft Exchange server support using ActiveSync. This is interesting since I have a small, but growing, base of iPhone users and only recently and reluctantly, opened IMAP up to them for their mail. With iPhone 2.0, I will finally get to use the mobile and ActiveSync features on my Exchange 2007 server, which have gone unused since none of my users have compatible cell phones or devices, and there was no sense in purchasing Blackberry Enterprise Server for the small number of Crackberry addicts in the company unless everyone would be getting one. The iPhone users will be happy because they can sync calendars and contacts, etc.
The key things to planning this will be making sure all pre-requesites are in place by the time one of my users gets impatient and actually wants me to test the 2.0 beta. This is entirely possible since one of the biggest Apple fanatics in the company is the CIO.
I’ll post my adventures/results on this in a future article as I dive into using ActiveSync with iPhones. Hopefully the experience will be smooth and my iPhone users, who happen to be some of the top executives, will be happy. I know my boss and I will, because we can then turn off IMAP and breathe freely knowing they’re getting their mail more securely!