Posts made by NetworkNerd

A few months ago I agreed to participate in a beta test program for Artic Wolf. They are a Spiceworks partner and have a really interesting product. They send you an appliance that just analyzes traffic on your network, nothing more than a passthrough device. But they have a security concierge service that actively watches and manages customer devices for threats. They've detected some threats that we did not even know existed (some that even VIPRE did not catch).

Today we got an alert from VIPRE about active protection and it blocking an attempt to run FileExtractorSetup.exe on someone's machine. That was good. We started scrubbing that machine pretty soon afterward. Then, only a few minutes later, we get the following message from Artic Wolf:

Nick,
A file was recently seen being downloaded to a workstation within your network that may have undesired results if installed. The file is called "FileExtractorSetupG.exe", and was downloaded to the following workstation: ipdaddress\WorkstationName.
I ran an analysis on the file and it came back with the following results:
SHA256: 6f8f317a612e1f20a5810210554ef24fb099a0b2263bef429c58cfd1f3723eac
File name: FileExtractorSetupG.exe
AV Detection ratio: 3 / 50
Analysis date: 2014-03-07 15:41:44 UTC ( 0 minutes ago )

AV Agent Virus Signature AV Date
DrWeb Adware.Downware.1838 20140307
Norman FakeNSIS.A 20140307
VIPRE InstallCore (fs) 20140307
If you have any questions please let me know.

I must say I have been very impressed with their product, especially the security concierge service. They analyze traffic to see trends, if devices on your network might be attempting to access systems in other countries, etc. They do all of the analysis and log review that you wish you did. Definitely check them out if you get the chance.

Now I just need to try and convince management to keep their service for the next year (which will be a paid endeavor).

I was thinking @john-nicholson was conducting a funeral for XP. He mentioned that when we were in Austin at Tech Talks Live in December.

Water Closet, Favourite, .... I feel like this is a British community. Where's @huw3481 when you need him?

@scottalanmiller said:

It is on www.scottalanmiller.com/linux

Don't have the exact link where I am at the moment.

There's a TON of good content in there.

I only use Cloudflare for hosting of DNS records. They do not provide web hosting to my knowledge.

We use CloudFlare for DNS, and it works wonderfully. We are gearing up for an ISP switch this weekend, and someone above me advised we make our DNS changes on Friday evening to ensure all was well by Monday.

I actually created a new A-record in CloudFlare yesterday afternoon for something, and by the time I could get to the command prompt to try and ping it, it was online already. That's pretty impressive if you ask me. And I specifically remember switching to CloudFlare from another provider in the middle of the night on a weekend and things being fine by Monday.

So, the real question here is...am I rolling the dice by waiting until Saturday afternoon / evening to make those DNS changes?

What is the longest it has ever taken your DNS records to propagate?

I'll always have a soft spot in my heart for Zimbra, but I completely understand preferring not to use it for this.

@ajstringham said:

@hubtech Ok. Maybe it's just me but I've never had ANYTHING but problems with Dell. A couple of places I've been/are are Dell shops. @networknerd can keep his Dells!

I've just not had that many issues with Dell equipment. On the server side, I think Dell and HP make good products. In terms of workstations, my loyalty is with Dell. But @ajstringham and I won't debate that here.

I like the idea of a brand new server here with ESXi / Hyper-V and some consolidation. You can get enough fire power in one box that will suit their needs for a while (given your solution will meet their RTO / RPO).

We're beginning to accumulate many a scheduled task around these parts. Some run as frequently as every 5 minutes, while others run a couple of times per day, once a week, etc. Most of these scheduled tasks run ASP scripts my boss wrote for our company intranet, which means the scheduled task opens a web page. And if I do not kill the browser on the server's process after the task is complete, it will not close the browser window once the page loads, and we will have a browser with tons of tabs open (especially with some running every 5 minutes). So if I am killing browser processes at the end of the script what often happens is one script may kill another script / prevent it from running fully.

Could some of these tasks be re-written as SQL scripts / something that would not open a web page? Yes. Do we have the resources to do that right now? No.

And then there's the issue of needing to have an account under which to run the scheduled task. That becomes quite a few passwords to change when the time comes.

So, other than the Windows Task Scheduler, what else is out there and used for stuff like this? It would be really nice to get an alert if a task failed in any way. What do you use for task management?

You could do Sharepoint Foundation 2013, but that may be overkill in terms of what you want to do and managing it moving forward. I don't think I would use it just for a wiki.

Maybe so....

Can you say beta test?

I agree with @minion-queen whole heartedly. You want to be covered so that others can pick up the pieces but also have enough to remember what you did. If you're a MSP, it is important to document what the project requires before you start so you have a clear scope of work and that you are giving your customer only what they paid for in the beginning. That can properly set expectations for the project at the whole and avoid issues on both sites.

For internal IT stuff I can see this to some extent. Defining scope could save trouble later down the road, and documenting all of the config could help pick up the pieces later if there is a phase 2.

It sounds to some extent like you need to get a standard template going for these projects (just a general one that can be changed as needed specific to the project you are doing).

I just watched a webinar sponsored by SmartDeploy about a new product they will be deploying later this year. This will compliment their core capabilities and will bring a cloud piece that will allow patch management, assist with application deployment, and several other capabilities. All I can tell you is that it sounds pretty useful if you are a SmartDeploy customer.

@ajstringham
I would say you cannot assume it as a general rule, but is possible: http://advancedtel.com/products/nec-ipdigital-phone-systems. Older NEC systems may be digital. We have one at a location for which I manage the phones and PBX...soon to be replaced with Elastix.

And it could be digital phones connected to a back end VOIP system like the one you see here. The phone system itself can be VOIP / digital / analog. The phones themselves could fall into one of those categories as well when we speak in general.

@ajstringham
Digital phones do not have an ip address on the network and are going to require rj11 cables to them wherever they are located. It's an additional cabling need that is introduced that is not as nice as having everything ride your existing network cabling. They often have fewer features as well. For example, we used to have Avaya 5410 phones with our IP Offcie 406. The phones were easy to use and setup with the IP Office, but if we needed to put a new user somewhere that had no cabling for phones to it (though it likely had network cabling already), we'd have to pay for it. It's not as easy as throwing a switch in like with ethernet.

I will also say that they make TVAs for the digital phones that you could use to connect them to a back-end Asterisk system without having to replace the phones or cabling right at first. Then you could replace as needed as you go.

Do you have specific must-haves in terms of PBX functionality that you would like to share? That would help determine whether something like Elastix / FreePBX / some other Asterisk system would work for you.

Someone brought this to my attention today - http://www.amirunningxp.com/. I laughed out loud at the need for something like this.

@dashrender - I did mean ISP pricing, yes.

I tend to agree with Hubtech about the possibility of getting another connection installed for VOIP traffic (whether it be point-to-point SIP from a telco or just an internet connection and 3rd party SIP provider). Point-to-point SIP does bind you to the provider as you say. So then it comes down to what is more important to management - the guarantee of call quality or the flexibility to get calls anywhere if the worst happens.