Diary of a Network Geek

How much money have you spent on gadgets?

No, seriously, have you ever totaled it up?  If you’re like me, you’ve spent a bundle.  And, I’m not even an “early adopter” or an Apple fanboy who has to replace his iPhone with the latest version every time a new feature is added, either.  Does all that feel like a waste of money to you sometimes?  Well, what if you’d invested it, instead?
What if, instead of buying the latest Apple, or whatever brand, gear, you had invested in stock in the company?  Imagine, if you’d taken the price of a first generation iPod and bought Apple stock, instead.  Or a G4 or a MacBook or whatever.  How much money would that be now?

Well, wonder no more, because Kyle Conroy has done the work for  you.
He asks the question; What if I had bought Apple Stock instead?  He charts how much money he’d have now if he’d invested the purchase price of the latest Apple gear in Apple stock instead, from the release date until now.
The results may make your buyer’s remorse just a little worse.

Remember how I mentioned the new Microsoft Office replacement last month?
Well, it’s golden, finally.

A number of months ago, my favorite free office suite, Open Office, forked for various reasons relating to the “openness” of the open source of that project.  The forked code, or, for those of you not familiar with the terminology, the new branch of the on-going project, was called LibreOffice and drew most of the heavy-hitters development-wise from the old project.  They’ve been working quite hard and have gotten their new release out; LibreOffice 3.3.
There’s a pretty good review of what’s new and great about this latest release over at eWeek.com.  Check it out and then go download the latest version and install it for yourself.  Trust me on this.  It’s pretty great.

Advice from your Uncle Jim:
"If someone keeps having things go wrong, try out the assumption that it's because that someone wants them to go wrong."
   --George Scithers

No, not your personal name, network names!

Yeah, since I’ve been thinking about computer security a little in this new year and new decade, I’ve noticed a slightly disturbing trend.  Spammers have been working at redirecting you to compromised domains.  One way they do it is something called DNS cache poisoning.  Another is straight-up DNS hijacking.

Okay, let me back up a second.  For my slightly less-technical readers, DNS stands for Domain Name System.  That’s the system of servers that translates website names, like “www.google.com”, into addresses that your computer understands and can connect you to via a browser.  It’s how you found my blog, though you may not have even realized it.
DNS Hijacking is usually accomplished via a “rouge” server, which is a server setup by spammers to publish bad information.  The more usual method, I think, and more insidious, is DNS cache poisoning.  With that method, spammers trick good, valid DNS servers into updating their records with bad information.  Giving them poisonous information, if you will.

So, now, back to the hard-core server admins.  Last week I was reminding everyone that the start of a new year is a great time to change passwords, but it’s also a great time to check on other security issues, like your DNS.  Luckily, Michael Kassner over at TechRepublic has written a blog post titled Test your DNS servers for spoofability.  It’s worth a read and worth running through.  Maybe even making it a regular practice, to see if your DNS has been compromised.

Oh, and if you all want to read more about DNS, and how to implement it, there’s a great book from O’Reilly titled [amazon_link id=”0596100574″ target=”_blank” ]DNS and BIND[/amazon_link] that’s well worth owning.  Trust me.

Advice from your Uncle Jim:
"The whole purpose of religion is to facilitate love and compassion, patience, tolerance, humility, forgiveness."
   --Dalai Lama

Wow, my High School English teachers would kill me for letting that participle dangle like that.

Good thing I went into IT, I guess, isn’t it?
But, I still love to write, as I think is evidenced by this blog.  And, I love Linux and open source software, too.  So, what could be better than combining those two things?
As it turns out, nothing.  So, here are some Linux and open source tools to help you write the next Great American Novel, brought to you by Linux Journal.

Advice from your Uncle Jim:
"Millions long for immortality who don't know what to do with themselves on a rainy Sunday afternoon."
   --Susan Ertz

It’s a dangerous digital world out there!

As I’m sure you’ve seen this year, there have been lots of warnings about increased malicious activity.  Everything from phishing to new malware, the cyber-criminals are really working overtime to make your life a living hell.  There’s plenty you can do to stay safe, like only going to sites that you know and not opening attachments from strangers, or even from friends that don’t normally send you attachments.  But, let’s face it, sometimes, things slip by you.  So, what else can you do, especially when you don’t have money to spend on high-end security tools?

Well, check out eWeek’s list of 9 Free Security Tools to be Thankful for and start using them.  At least make sure you have some kind of anti-virus installed.  There are several suggestions on that list.
And, be careful out there!

Advice from your Uncle Jim:
"If we only wanted to be happy, it would be easy; but we want to be happier than other people, which is almost always difficult, since we think them happier than they are."
   --Montesquieu

It’s almost the end of the year and most people are wrapping up projects and thinking about how they’re going to squeeze in their last vacation days.

But, not if you’re in IT.
No, if you’re one of the over-worked, under-paid technology “elite” in the corporate world, you’re working harder than ever right now.  While everyone else is taking time off, you, like me, are trying to get all the system maintenance done that requires everyone else to be off your systems.   Well, while you’re waiting for them to get out of the office so you can start your work, here are some things to think about.

When was the last time you had to restore a backup?  Have you ever even tried to restore any files from those backups that you worked so hard to get running right when you setup your servers?  Well, now is the time to try it.  Trust me on this, but you don’t know how good your backup is until you try to restore.  Now, you may not be able to do a full server restore on fresh hardware, but, if you can, do it.  That’s the only true test of your disaster recovery plan.  Barring that, though, at least try to restore some files from random places on the server, just as a check to make sure it works.

And, while we’re talking about backups, how is your off-site rotation working?  If you’re in a large company, you probably have a long-standing system for rotating backups off-site in case of a massive disaster, but many smaller companies don’t.  Generally, what I suggest to people is that there should be one full backup off-site, one coming back or leaving, and one on-site.  The most current, usually, should rotate off-site just after completion and be off-site for two weeks, or, really, off-site for one week and coming back on the second.  There are plenty of  services to do this, but even just taking them to the network manager’s house is better than nothing.  Just somewhere relatively secure that’s not the same as the site you’re backing up, just in case the entire building catches fire or is demolished in a hurricane.  You get the idea.

Now, something else to consider, if you run Windows Server is Active Directory.
Mostly, your backup program should be taking care of this, but sometimes funky change creeps in when you don’t expect it.  Back in the days when I was more than an IT department of one, I was a big believer in getting baselines.  Every once in a while, it’s nice to take a snapshot of what’s working so that when it inevitably breaks, you can see what might have changed to break it.  This is especially true of things like Active Directory.  Every year, AD gets more and more complicated and, as your network grows, your individual AD tree will get more complicated, too.  Now, assuming that things are running well, is a great time to take a snapshot of your AD tree for a baseline to use in the coming year.
Tech Republic has a good article on how to use a free tool from Sysinternals to do just that.  Check it out.

And, for those of you who don’t have an IT department, or are a sole-proprietor, don’t think you can just slide, either.
Chances are your clients are taking more time off and you’ll have some down-time, too, so now is the perfect time to review your backup plans.  Many of you may not have much of a plan, or much of a budget to get something working for you.  Well, don’t worry, Tech Republic has some creative suggestions for backups to fit most situations. Do yourself a favor and go check them out now.  Then actually implement one before the start of the new year.  Do it now, before you need to restore data from a crash.

Trust me.  Make sure your backups are running before you need them.  You’ll thank me later.

Advice from your Uncle Jim:
"A successful man is one who makes more money than his wife can spend. A successful woman is one who can find such a man."
   --Lana Turner

No, not the old “Net Hack” game you remember.

No, this game is from Hack-A-Day’s site and a very custom job.  Seems like this hardware hacker guy got an old, toy electronic combination vault and made it a little more interesting.  He added a USB interface to it and a multi-level security “game”.  You have to attach a terminal to the USB interface and get root access to each level of the simulated computer environment to unlock the vault and get the goods.  Pretty cool, if you ask me!  Hollywood should go get this guy to make their interfaces more realistic!

Seriously, go check out “Playing hacker with a toy vault” on Hack-A-Day.  You’ll like it!

So, I promised you more technical stuff here, right?

Well, stop yer grinin’ and grab yer linen, ’cause here come a fist full of links with some great advice for network administrators, all from TechRepublic:
First, if you’re a real network admin, you’ve dealt with traffic issues on file servers.  Issues that have hidden sources.  Unknown processes that jam up your network connections until your users scream for your head.  So, how do you deal with that when you’re on a budget and don’t have a lot of tools?  Well, one way is to use “netstat” to look at what process is running on what port and sending what volume of data.  If you’re on Unix, you probably already know about this tool, but if you’re on Windows, check out “Netstat tips and tricks for Windows admins“.  It may save your bacon one day.

Second, you probably have wireless in your network now, too, right?  But, it may not always work quite the way you want.  Once again, users will scream bloody murder if they can’t read their blogs on their iPhone, so, how do you find out what’s jamming up your WIFI network so that no one can connect?  Read through “Troubleshooting for wireless connectivity issues” to get you started on running down the problem.

Thirdly, if you’re a REAL network administrator, you probably have at least one Linux box in your network.  Something that runs an open source network inventory or monitoring tool or, maybe even, an actual Linux file server.  In any case, sooner or later, even that sad, little, neglected Linux box will have disk space issues, so here are “10 things you can do when the drive on your Linux box is full“.

And, finally, my personal favorite.  You hear a lot of buzzwords floating around these days in IT shops, but “the cloud” is the most common magic cure for all ills.  Personally, I’m not so sure.  I worry about things like, oh, you know, security and auditing and connectivity issues and little details like that which seem like they might be an issue for the magic cloud computing panacea.  Turns out, I’m not the only one.  So, go see why Patrick Gray says “The cloud doesn’t matter“.

Advice from your Uncle Jim:
"A hero is no braver than anyone else. A hero is only brave five minutes longer."
   --Anonymous

I spent two days trying to teach someone just part of this once.

Now, you may think my failure in this regard is due to me being a bad teacher.  Sadly, it was not.  Two other people, one of whom I had already taught about RAID, and more specifically, SCSI RAID configurations, couldn’t teach this to my failed student either.  Shockingly, when I was “encouraged to find other opportunities to excel”, outside that company, naturally, that student took over my job.  Oddly enough, a few years later, I heard the person who had made that organizational choice had also been encourage to find other opportunities to excel.  Funny how that works.

So, now, in part to make up for not being able to educate that person, and also to spare someone the same teaching fate I faced, here are two articles about RAID.
First, from ExtremeTech, RAID 101, Understanding Multiple Drive Storage.
And, secondly, from TechRepublic, Choose A RAID Level that works for you!

You can go to those articles and get lots of detail, but I’ll break it down for you in brief here.
Something that people tend to forget, for some reason, is that RAID stands for Redundant Array of Inexpensive Disks.  That’s not as true as it used to be, thanks to server pricing and how cheap SATA drives have become compared to SCSI drives.  Back in the day, we always used SCSI and I still do for server systems, mostly, because it tends to be faster and more reliable than anything else.  That’s not as true as it used to be thanks to improvements in SATA, but if you still want to do a BIG array of disks, SCSI is pretty much the only real option.
There are a bunch of RAID “levels”, but, realistically, you’re mostly going to deal with three or four: RAID 0, RAID 1, RAID 5 and, maybe, RAID 10.

RAID 0 is generally referred to as “disk striping”.
In a nutshell, what this configuration does is stripe data across multiple drives.  Generally, this is done to make more available disk space and improve performance.  The down-side is that there is no redundancy.  In other words, with RAID 0, you can take several disks and make them perform like one larger, faster drive, but if one disk crashes, they all do.

RAID 1 is generally referred to as “disk mirroring.”
And, that’s essentially what it is, a system which saves everything to a duplicate drive or drives.  Most often in server configurations, you’ll find the operating system on two drives that are mirrored.  That means that if one drive goes bad, the admin can reconfigure the other drive to take over running the server.  In theory, this works pretty well.  In practice, it takes a little finagling sometimes to get that mirror drive reconfigured as the primary.  The other thing to remember is that the second drive is essentially lost storage.  In other words, if you put two 1 terabyte drives in a RAID 1 array, you only have 1 terabyte of available storage when the system is running.
This is pretty much bare-bones, bottom-of-the-barrel redundancy.

RAID 5 is what most people think of when you talk about RAID arrays.
In RAID 5, data bits and “pairity” bits are striped across three or more drives.  Basically, data is broken up and written to multiple drives and then another, sort of “record-keeping” bit of data is written, too, so that the RAID 5 system knows where all the pieces of the data are.  Now, that’s a bit of an oversimplification, but, what it means is that if one of the drives in a RAID 5 array fails, the array keeps running and no data is lost.  Also, when a replacement drive is put into place, the RAID 5 array automatically rebuilds the missing drive on the replacement!  This, my friends, is like system administration magic!  Somehow, with a lot of really big math, that I frankly don’t understand, they can tell what the missing bit is based on the stuff they do have and fill it in.  This is the best invention since sliced bread!
Also, an option on many RAID 5 systems is something called the “hot spare”.  The hot spare is a drive that is part of the array but not active, until one of the other drives fails.  Then, the hot spare becomes active and will automatically start to rebuild the missing data on that new drive.  That means that the system admin and order a new replacement drive at their leisure and actually schedule down-time to replace it.  What a concept!  Not always doing things at the last minute or under fire, but planning ahead and taking your time.  It’s unheard of!
Finally, the best option available on many RAID arrays is the “hot swapable” drive.  In that case, you don’t need to schedule downtime at all, but only need to pull the damaged drive out of the array and pop the replacement right in.  All without even shutting the production system down for even a minute!  Again, this is like magic!

The last “common” RAID level is RAID 10.
Basically, this is a combination of RAID 1 and RAID 0.  In other words, it’s a set of mirrored arrays.  This setup requires at least four drives and is fairly pricey.  It’s mainly used for redundancy and speed and, realistically, is almost only used for database servers.  In fact, I can’t think of any other instance that I’ve heard of this being used, outside of database servers.

There are other levels, too, of course, but you can hit the articles for more info about them.  They’re pretty uncommon outside of really high-end or experimental configurations of one kind or another.
Oh, one last thing…  RAID can be implemented either via hardware or software.  In general, software RAID, such as you might find in Linux, is cheaper, but is slower and more prone to having issues if something goes wrong.  Hardware RAID is faster, a little more expensive, but a far more robust solution.

So, there you have it, RAID in a nutshell.
And, yes, for those of you who have noticed, articles like this are me turning this blog back toward its roots as a technical blog.  I hope to have more basic info like this as well as some new projects over the next 18 months or so.  Certainly, more than there have been in the past two or three years.
I hope you’ll keep coming back for more!

Wow, even computer crime is a “family” business these days!

Hey, look, I’m from Chicago, where you can’t hardly swing a dead cat and not hit a mobster, but this surprised even me!  Apparently, according to an article that ran on CNet, 85% of all stolen data last year was linked to some kind of organized crime.  And, 38% of data breaches used stolen credentials.

But, also, people are getting rich protecting us from the threats they create!  Seriously!  According to this article at eWeek, that’s just what some of the botnet crooks are doing.  And, remember, this is BIG business.  We’re not talking about a couple hundred infected PCs, we’re talking about tens of thousands.  There are websites dedicated to the buying and selling of the data these things collect and renting out the zombie PCs to do your dirty work, like send spam.  It’s big business and where there is big money to be made doing illegal things, there’s always been organized crime.

More and more, life is becoming like a William Gibson novel…