Blog

We frequently use comments in Word documents as part of our information security audit process and I finally looked for a keyboard shortcut to insert a comment.  The shortcut is Ctrl+Alt+M.  However, the most useful thing I found when looking for this was a comprehensive Word 2007 keyboard shortcut list at http://www.keyxl.com/aaa367b/5/Microsoft-Word-keyboard-shortcuts.htm.  KeyXL.com has keyboard shortcuts for all types of Microsoft, Adobe, Google, and other applications.  It's definitely worth adding a bookmark for if you're a fan of using shortcuts.

ServerFault.com is a new site that describes itself as "a collaboratively edited question and answer site for system administrators and IT professionals."  It's free and no registration is required.  The site is kind of like a cross between Yahoo Answers, Wikipedia, and Digg.  Anyone can ask questions on the site.  Other users can vote questions up or down and that affects how visible the question is on the site.  As users answer questions, those answers can be voted up or down and marked as "the answer".  All questions and answers can also be edited like a Wiki.  What you end up with when you run accros the site from google is usually the question your looking for and right below it the best answer to the problem.  Unlike forums where the best answer is the last post in the thread or burried in the middle.  Plus if the something changed and a once correct answer is no longer valid then the correct answer can be edited to be made correct again.  The site was basically built because the developers hated the spamy nature of Experts Exchange and how it always ranked high in Google for their own questions they searched for.  You can read the FAQ (http://serverfault.com/faq) or the About page (http://serverfault.com/about) for more details. [more]

I've been using Server Fault's sister site for a while now while and have found it really useful.  It's URL is StackOverflow.com and it's geared toward software developers.  It started up late last year and already has over 190,000 questions.  Server Fault has been up for less time and only has around 6,000 questions, but it has the potential to take off like Stack Overflow.

Out of the box, Windows XP doesn’t have Remote Desktop enabled for connecting in to the PC.  You can access the registry of the remote machine and change the setting that will allow access (at least to administrators).

The target PC must have remote registry service enabled.  If it isn’t, you can open services.msc and connect to the remote PC and start it.

The next step is to open regedit and connect to remote PC.  Look for the following Registry key:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnection

Set the value to 0 to enable Remote Desktop, or 1 to disable.

Sdelete is a small useful utility by Mark Russinovich that will perform a secure delete within Windows.  In addition to deleting files and folders it has an option to cleanse free space on the disk.  This came in very handy when I needed to clean up a PC but couldn’t rebuild it.

You can download the utility and find lots of good information about how this works at http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

You cannot remote control another user’s session in terminal server through terminal server manager when connected to the console.  The only way it works is by originating through another RDP session.  I guess I haven’t been in this scenario before to run into this.

Connecting via VPN to a customer site has always caused problems with me trying to access the local network. My computer would try and use my VPN credentials to access the network, and naturally fail. A co-worker showed me the “cmdkey /delete /ras” command that would clear out those credentials so browsing the local network would work. [more]

So I, running Vista, fired up a command prompt with administrator privileges because I figured the cmdkey command required them. After running the command, I tried browsing the network and failed. Running cmdkey /list showed no credentials but my exchange credentials. I started a command prompt with regular privileges and ran the cmdkey /list. Sure enough, there were my dial-up credentials. Running the cmdkey /delete /ras cleared them out and everything worked.

After a clean install of WSUS 3.0sp1 (including installing several pre-reqs) the application log started getting 'selfupdate tree not working' errors.  I searched the web and found a KB article (http://support.microsoft.com/kb/920659) as well as many forum postings describing similar problems.  Many users think there is a bug in the install.  However, Microsoft does not confirm this.  The error condition can take many forms.  In my situation, I was using the default IIS website.  The 'selfupdate' virtual folder was not created, so I created it, mapping to the actual folder, and then corrected permissions for the local IUSR acct. After restarting the website, I immediately got a 'selfupdate' success entry in the log and PCs started checking in.

During a recent information security audit, I ran across a “unified threat management” system that I had not seen before called Untangle (www.untangle.com).  The bank was using it in place of a traditional firewall.  According the Untangle website, the Untangle Gateway is “the world’s first commercial-grade open source solution for blocking spam, spyware, viruses, adware and unwanted content on the network, provides a free and better alternative to costly, inflexible proprietary appliances.”  The interesting part is that the gateway runs on Linux and all the “modules” (firewall, IPS, web content blocker, etc.) are open source downloads, so the gateway is a free download.  Additionally, the source code for the Untangle gateway is available for download. [more]

You can choose to pay for certain modules such as Untangle support, an Active Directory connector, Kaspersky virus blocker, etc..  However, the rest of the modules can be downloaded and installed from a very simple GUI for free.  So far, I have not been able to find any major vulnerabilities or issues with this software.  Their target market is small to medium businesses that don’t want to pay the big bucks for Cisco, SonicWall, and other proprietary appliances.

Untangle also makes another product called “Re-Router” that is a network gateway/proxy server that runs in background on a Windows XP workstation.

If you are using the Firefox browser, you need to make sure you are aware of the security extensions available to Firefox to help protect you while surfing the Internet.  These extensions; including BetterPrivacy, BlockSite, Dr. Web Anti-virus, FormFox, Ghostery, Locationbar, NoScript, Password Hasher, QuickJava, and Web of Trust are effective in helping protect from worms, hackers, phisher, etc.  While these extensions (and other security software and tools) can be valuable and effective, there is still no better security feature than good, solid, common sense.

To learn more about the security extensions available to the Firefox browser, visit http://news.cnet.com/8301-17939_109-10249214-2.html?tag=newsLatestHeadlinesArea.0