Diary of a Network Geek

Remember, these are “administrator utilities” not “hacker tools”.

In my business, it pays to make the distinction.
When people call me for help outside the office, the calls usually fall into a couple categories; a virus, a slow computer, a lost password and “how do I do X?”  Sadly, I’ve been doing a lot of virus and spyware removal, but, also, lately, I’ve had a couple of “lost password” calls.  I actually love getting those, for a couple reasons.
First, lost passwords are surprisingly easy to recover if you have physical access to the machine.  It’s funny to me how few people get that.
Secondly, I find recovering passwords fun.  In a way, it was one of the first things that drew me into the business.  I was one of those guys who got hooked by the security bug not by War Games, but by Sneakers.  Yeah, I know, most guys my age especially will tell you it was War Games that really got them hooked.  What can I tell you?  I’ve always been kind of a late bloomer.  And, my dirty, little secret is that after seeing Sneakers, I wanted to be Marty Bishop.  Seriously.

Anyway, my recent experience with Windows password recovery requests gave me an opportunity to refresh my tools.  After Googling a bit, I found a handy About.com page titled “Top 6 Free Windows Password Recovery Tools“.  I downloaded several, most of which were based on bootable CDs of one kind or another.  I like those kinds of toolkits because they don’t require even limited access to operating system, just the ability to reboot the machine from the CD toolkit.
In the end, I tried two; 0phcrack and the Offline NT Password & Registry Editor.

Now, I’m not positive, but I’m pretty sure that 0phcrack is the free, opensource fork of l0phtcrack.  Now, for an old-timer like me, l0phtcrack was THE password cracker to have, back in the day.  Created by a group of well-known hackers, some of whom famously testified before Congress, it was not free.  At least, theoretically.  If you knew where to look, you could get copies.  And, yes, I  them.  But, this version IS free and seems like it had some improvements.
For one thing, the old version had a slightly clumsy text-based interface.  This version has a much nicer interface that seems to use X-Windows.  It’s also far more intuitive to use.  It ran pretty fast, really, though, sadly, didn’t seem to be able to crack the non-dictionary word used as a password on the Windows 7 box I was using it against.

On the other hand, the Offline NT Password & Registry Editor has been around for several years, and had several updates, though it retains the text-based interface.  I don’t remember when I used this the first time, but, so far, it hasn’t let me down in a pinch.  This time was no different.  So, yes, even though it has “NT” in the name, I’ve used it on everything from Windows 2000 through Windows 7 without a hitch.  Of course, your results may vary.  The bonus of this product is also it’s most potentially dangerous drawback; it directly edits the registry and password files.  This is dangerous, in a way, because if something goes wrong, this could, theoretically, lock you out of your machine permanently.  In practice, this has never actually happened to me.
One advantage of this utility is that you can change or simply remove the password for any active user on the system.  Also, you can use it to promote an active user to being an administrator equivalent.  Now, by “active user” what the developers mean is any account that is not disabled.  Though, I think there may be the option to activate a deactivated account.  I’m not positive, though, because I’ve never had to look for it or try to use it.  And, yes, this worked like a charm to simply blank the password on the Windows 7 machine that had apparently forgotten its own password.

So, there you have it.  Two tools to recover lost Windows passwords.
Oh, and, just a quick disclaimer here.  I’m not responsible for any damage you might accidentally do to your machines with these utilities.  Nor am I advocating using them to break into your ex-spouse’s computer to read their adulterous e-mail to their lover.
I’m just sayin’….

No, this is not a post about sexual performance.
Pervs.

I use my iPhone for a surprising variety of things, even at the office.  For around $14, I threw together a suite of network scanning and testing tools that let me get a pretty good look at any network I manage.  But, that’s another post.
Today, I thought I’d bring to your attention a great blog post by Nicholas M. Petty tittled “iPen: Hacking with the iDevice“.  What he’s got is a set of instructions and tools for turning your iPhone, or, presumably, your iPad, into hand-held computer security penetration testing tool.  Yeah, I know, it still sounds dirty when you say “penetration”.  Grow up.

If you’re into security, whether you own an iPhone or not, it’s worth going to take a look at just to see the thought process and methodology.
Now, as much as I love this idea, I probably won’t actually do it myself because the first step is to “jailbreak” your phone and, frankly, as tight as money is and as important as my phone is to me, I can’t afford to have problems with it.  Still, it is an interesting idea, especially considering how many of these little devices are wandering loose out there and how many wifi access point exist out in the world.  I often wonder how secure any of them really are, especially in corporate environments.

Anyway, this should be something for network managers to think about the next time they see someone in the lobby of their building “playing a game” on their iPhone!

Hey, I missed letting everyone know about System Admin Day this year, but, I think this will make up for it.

I’ll be honest, one of the reasons I missed that this year is because I’m so overworked and over-stressed it’s like I was married to the Queen of the Damned again!  Seriously!  I haven’t been this frazzled since my divorce!  In any case, I imagine there are a lot of other server administrators out there with less free time than they’d like, too.  So, I’m sharing a blog post from Tech Republic; 10 Must Have Windows Server Tools.  I don’t know about “must have”, but they are handy for Windows admins, anyway.   I’ll need to scout around and find something similar for Unix admins.  After all, I can’t forget my bearded brethren!

So, hope that helps free up some time for you all, but now I’ve got to get back to work!

I probably should have posted this last week, when it was fresh, but…

So, I have this issue at work.  We run an older version of Autodesk Inventor.  Actually, Inventor 10, which we really only use for AutoCAD 2006.  But, this presents a problem.  You see, this version of Inventor won’t install on Windows 7.  Might work on Vista, but who in their right mind would run Vista?  Right, so, I’ve got a problem.  If I want to upgrade someone’s Windows version, or even their whole machine, I can’t.  So, what to do?

Well, as it turns out, if you get the super, ultimate, Professional version of Windows 7, it comes with a Windows XP “compatibility mode”, which is really just a virtual machine.  If you crank up that virtual machine, it will install that old version of the program my engineers and draftsman absolutely must use.  What’s cool, though, is that once you install it, it makes short-cuts on the Start menu that let you launch the old program encapsulated in that virtual machine.  How cool is that?!  So, problem solved, right?

Well, almost.  Turns out the one guy I installed it for, as a test, is having some issues with adding text to a drawing.  I haven’t quite figured that bit out yet, but, still, I’m working on it.  And, all things considered, it’s a small glitch in an otherwise very clean solution.

Uh, yeah, so you may now return to your regular Memorial Day Weekend time-wasting on the Internet.
That is all.

Pardon the pun, but I hope it got your attention.

If you’re like most people who read this blog, you probably have at least one laptop.  Now, it may run Windows or Mac or even Linux, but, you likely have one and you wonder what might happen if it gets stolen.  Wonder no more.

Now, there’s free, Open Source software called Prey, hence the pun, that will track your stolen laptop.

Right, so you know I love Linux, right?

But, beyond that, I love all the bootable tools and utilities and things that Linux let’s you do to Windows machines.  Well, there was a time I carried several “flavors” of Linux on various USB keys in my pocket, depending on what I wanted to do.  In that spirit, I have another tool to create Linux USB Keys for you; LinuxLive USB Creator

It’s a free, Open Source utility for Windows that let’s you create live USB keys running Linux.  The link will take you to the download page on SourceForge.

If you’re a geek like me, it’s worth a look!

A pretty bold statement, isn’t it?

Well, I’m not going to tell you how to build the “ultimate home network”, but, rather, suggest some things that you may want to consider to build your own, personal, “ultimate” home network.  Everyone needs something different from a home or small office network.  Some of us have side jobs that require a fair amount of data transfer or storage, like, for instance photographers.  For some of us in the IT business, having a home “test” network is almost assumed, though, perhaps not as much as it used to be in the boom days of the Internet.
I’ve been thinking about it this past week because my old BorderManager firewall finally has died.  I’m using a backup firewall at the moment, which is “good enough”, but I’ll be taking this crash as an opportunity to start rebuilding my home network from the ground up, using mainly free, open source software, starting with a Linux firewall.  In fact, I have three that I’ll be looking at and, yes, writing reviews of, in the coming weeks.  This will be an on going series of posts, too, as I evaluate software and, piece by piece, integrate it into my working, live network.  My needs will probably be different than yours, but all home networks will have some similar items and considerations.
So, what should go into your own personal, “ultimate” home network?  It depends on what you do, but here are some ideas.

The Actual Network.
Obviously, the first thing is setting up the actual, physical network.  And, in this case, by physical, I’m including wifi routers and the like.  Back in the old days, having a home network meant running cable.  That’s not as true as it used to be, but don’t just go wireless without considering at least some wired connections.  If you’re concerned about security, for instance, especially, regarding financial transactions, nothing is as secure as a wired connection.  Keep in mind, though, that at some point you still connect to an outside source to get to your bank.  Also, since most laptops have built-in wifi and have gotten so inexpensive, if you don’t already have one, consider getting a laptop.  For most people, laptops can inexpensively do everything we need to do and have the advantage of portability, so if you need to leave, say in case of a hurricane, you can take at least part of your home network with you.
There are a wide range of network switches and routers out there to choose from, but I suggest sticking with a name brand that is relatively well known and established. It’s no guarantee that you won’t have problems, but it’s a good start. I personally like Linksys and DLink brands, but there are many others that will work well, too.

Security.
Don’t forget that you need to have at least some security on that home network.  At a bare minimum, you need a firewall and some kind of antivirus.  If you’re connecting to broadband internet, either cable or DSL, most often the router they give you from the service you use has a firewall on it.  If you’re using wifi, the wifi router almost certainly has a firewall on it.  Use them!  Most importantly, actually set them up and change the default password to something else that you’ll remember but that strangers won’t guess.  If you’re not sure if you have a firewall on your network equipment, then at least use the built-in Windows firewall, but use something!
If you don’t want to spend big money on either McAfee or Norton for antivirus, good news!  You don’t have to spend anything!  Yes, that’s right, you can download AVGFree and run it for nothing at all.  So, now, what excuse do you have to not be running some kind of antivirus again?
And, please, for your own sake, use passwords.  Use hard to guess passwords, not your kids names or your birthday or even your license plate number.  In fact, try not to use dictionary words at all, or, if you do, substitute other characters for letters, like $ for S or @ for A, to make it more difficult to guess.  Also, use numbers with the letters, for the same reason.

Networked Storage.
Just having storage isn’t enough, really.  On a home network now, you may have a laptop, or two, a desktop, a DVR or any number of different networked devices that share data.  They all need to store it somewhere.  And, even if they store the data locally, they need to be backed up somewhere.  The answer is network based storage.  There are a lot of options out there, and Rick Vanover at TechRepublic has a good article on several.  I know one solution that’s popular with photographers is the Data Robotics Drobo series of devices.  I don’t have any direct experience with these, so I have no opinion on them specifically, but these days, decent network attached storage is so cheap, it would be foolish to ignore that as an option.

Virtual Server Environment.
Now, obviously, this isn’t for everyone.  Back in the day, I used to run a small, two server Novell network in my house just to keep everything fresh in my mind.  Novell isn’t always the most popular networking environment, even for hard-core network geeks like me, so I always wanted to make sure I knew how to do some of the more “interesting” and challenging things in that environment and ran a test network at home for that reason.
Now, you can do all that through virtualization.  In fact, that may be the newest buzzword that’s already worn thin on me!  But, buzzword or not, setting up a virtual test network is something that’s been talked to death in the industry, but I’ve only seen one article recently on setting up a home virtual test network.  You can read more about it in an article by Brad Bird over at TechRepublic, but, again, for those of us who work in a lot of different environments, it’s not a bad idea to make a series of virtual machines to experiment on.  There are still some hardware costs involved, of course, but there is the advantage of being able to roll back to an earlier state if something gets too screwed up.  Try that on your old-fashioned home network!

Even Fancier Stuff!
Of course, there’s almost no limit to what you can do on a home network these days.  Many inexpensive printers come with network interfaces built in, some even have wifi networking built in.  Of course, I’ve mentioned things like Windows Home Server and Linux servers here before, too.  It is, after all, what I do.  Though, with the low prices on network attached storage, I’m not sure I’d recommend that option for the average user.
And, this post hasn’t even touched on integrating any audio visual equipment into your network, or a home security system, or some of the fancier bells and whistles that are out there.  The sky, literally, is the limit.

So, the thing is, everyone will have a different idea of what the “ultimate” home network is, but these are some things to consider, and a few you don’t want to forget.

This is only of interest to people who have webservers, but it’s worth writing about.

According to TechRepublic, QualsysGuard Malware Detection is letting you scan your webservers for free.
You have to be able to verify the domain with an e-mail address, so it really is for serious folks who actually have a webserver and verifiable e-mail, but it is free.  No word on how long it will be free, but, for the moment, it is, so go get it!

Wow, maybe Novell isn’t quite dead yet after all!

According to this story at Computer World, the New York-based Elliot Associates, LP, a hedge fund that is already Novell’s largest stock-holder, has made a public bid for the company.  They claim to have extensive experience and good fortune turning around tech companies, and they see the potential in the once great Novell.

I’m not holding my breath, but I hope it works.
It’d be nice to see a company like Novell get turned around.  Their products consistently win awards, but their marketing never seems to get them where they need to be.  Novell basically started the local area network market, but now they’re very much the “also ran” in that category, coming in far, far behind Microsoft.
Again, I’m not holding my breath here, but I hope they can do it.

So, I’ve been thinking about getting yet another professional certification.

I’ve been a Certified Novell Engineer for about fifteen years now.  In fact, I upgraded that cert three times after initially certifying back in 1993.  In 2003, I got the CompTIA Linux+ certification.  All at more or less my own expense.  Now, I haven’t heard anything about Novell updating their certification requirements lately, but I suppose it might happen one day.  I don’t think I’ll pay to re-up that cert, though.  I haven’t really used Novell in any significant sense for about five years now, so there’s not much point in maintaining it.
The lack of continuing education requirement is one of the things I liked about getting the CompTIA Linux+ certification.  One test, one cert, for life.  It seemed like a good idea to me, a good investment.  About the time I ended up getting divorced, I gave up on studying for the CompTIA Security+ certification.  There seemed plenty of time.  Well, as it turns out, there may not be after all.

Earlier this year, CompTIA announced that there would be continuing education requirements for several of their certifications.  Well, the great mass of IT professionals raised such a hue and cry about it that they modified that stance somewhat.  We not have until the end of this year to get the certifications if we want to escape the re-up requirements.  That goes for the A+, the Network+ and, yes, the Security+ certifications.
So, it looks like I’ll be buying the Exam Cram Security+ book and, probably, investing in the SelfTest Software pre-exam study software, too.  It’s not that big an investment monetarily, but I suspect it will be a little more difficult to knuckle down and study to take the test.  I haven’t worked at that sort of thing for quite some time now, and I’m almost afraid I’ve forgotten how!

Of course, the real question is, in a way, whether or not it’s even worth getting the certification at all.  I mean, it just sucks me even deeper into the bottomless pit that is the IT profession.  It’s a never-ending treadmill of oppressive hours and thankless work that few people truly appreciate.  Of course, it does pay pretty well.  And, it does beat digging ditches.  Most days.
Naturally, my hope is that the Security+ certification will make me more marketable in the long-term, should something happen to my current job.  Not that I think that’s likely, but still, it never hurts to be prepared.  And, frankly, security is going to continue to be a big issue going forward, so getting this particular certification surely can’t hurt my resume any.

Over all, the investment is small for the potential return.  And, it will probably do me good to stretch my poor, feeble, little mind to work at something like this again.
Besides, I may know a beautiful, young college student or two who could help me study.
Stranger things have happened!