10 New Social Media Scams to Watch Out For | CIO

Link to article

Scams on social networks are nothing new, but they’re constantly changing to keep up with and take advantage of the latest apps, trends, and news. Here are some of the most recent scams that are making the rounds. (more…)

Registrations Open

I would like to apologize to all of my regular readers.   I discovered today that my spam registration plugin was blocking ALL registrations.  This was a huge mistake on my part.  I have resolved the issue and users should be able to register at this time.  I apologize for the inconvenience.

Intra-Team Competition and Motivation

Competition is good for a team when it is provided in a healthy way and allowed to spawn motivated team members.  I have been in the IT industry for around 14 years and have worked in various specialties such as system administration, network management,  and team leadership.   I have seen the value of a competitive team in a results driven enterprise and I believe it is very valuable.

Competition is just one dynamic of a great team.  Alone, it could tear apart a group, but can push all members to strive for their best when paired with the right personalities.  The right team personality must be in place for competition to thrive without destroying a team.

In a past job, I worked with a guy who was much smarter than myself about the work that I was hired to do.  He was a senior team member and I had a lot of respect for him.  He was always polite, but I could tell that I had something to prove to him.  When presented with this situation, some people become fearful or frustrated.  I turned the situation into a competition.  I had to prove that I was good enough to be a part of the team.

I showed up early and volunteered often to learn more about our work.  I read in my spare time and I asked relevant questions after taking time to research for myself.  I eventually did earn his full respect and I also gained a lot of knowledge in the end.  My boss used to hear the two of us competing and saying that we would figure something out first and he knew it was healthy do us to push each other.  We each had a personality that would not be bent because of the stress and we did not get hurt feelings over stupid comments.  It was the perfect opportunity for me to begin my IT career.  I would like to hear your stories as well.  Comment below or send me an email and tell me your thoughts on competition.

Protection of IP rated higher than customer data | ZDNet

ZDNet article

A new global data security survey by the Ponemon Institute has found Australia’s IT security professionals believe that company executives would prefer to spend money on the protection of intellectual property over customer data security.

I wish I could say that this article surprised me.  I would also like to think that it was a problem only in Australia, but neither are true.  It is evident, with the volume of breaches reported in recent years, that companies we trust in our business relationships care little about the safety of our data.  Many breaches go unreported out of fear.

Corporate reputations have gone the way of personal reputations.  Just as one can rarely get a signature loan in this age, due to lack of societal integrity, it is now almost impossible to trust those we do business with.  Consumers must hold corporations responsible and urge them to be more responsible with our data.  It is our job to protect ourselves and we should expect more.

MIT FastPass Arbiter | Network World

Network World article

It is interesting to see another technology which aims to speed communications within a datacenter.  Tests have been performed at Facebook’s datacenter and documentation is forthcoming, but the prospects look good for this project so far.  Basically, an arbiter directs datacenter traffic in such a way as to increase flow rates through the datacenter even with the bump on the wire. 

Integrity in Sales


In my daily work, I am often on the phone with vendors or meeting with them in person for discussions over products that my organization owns or is interested in owning. In most cases, these meetings are mutually beneficial in that the sales engineer is able to show us something that we might decide to purchase while we are able to get more insight into a particular offering from that company. However, many times, these meetings are completely frustrating and lead one to feel like cutting all ties with said vendor.

All engineers expect hardware and software vendors, or more respectively their sales team, to lie. This is just how things are done. Engineers undetstand that it is their job to make the product live up to the hipe built by the sales and marketing teams. We have come to accept this and regardless of which side of the purchase we are on, we make the best of the situation. However, there is a big difference between marketing and lacking integrity. Marketing, in its truest since, is shining light on what makes a product stand out. Being completely dishonest about a product is just wrong and will end a fruitful long-term relationship with a customer.

Sales teams need to understand that purchases over time from a solid customer relationship will mean future commissions and better word of mouth advertising. Word of mouth is far more valuable than any paid advertising in my opinion. I have not been in marketing or sales, but I have been on this side of many campaigns and I can tell you that I value the recommendation of a colleague far more than any PDF or slide presentation that I have seen. This is something that cannot be forgotten when competing for business.

I also want to mention that I find it abhorrent for a company to sell a product when it is not necessary. I have seen this done many times in regard to hardware that is overkill for a project, software that is not needed, or licensing that exceeds the reasonable amount to cover a project while allowing for overhead or unexpected requirements creep. Integrity is key in sales and marketing. This is my personal opinion and I know there are those who would disagree, but I think it is in the best interest of companies, sales teams, and marketing teams to give this some thought and really investigate their motives and incentives to push products.

Six Things C Level Execs Overlook | TechRepublic.com



This was an interesting article.  I was particularly drawn to the 3rd item in the list.  It is interesting to me how so many executives and managers are so worried about being replaced by the employees that they mentor.  I have worked for managers who took pride in preparing the next person to succeed them.  Part of career progression is understanding that you will eventually move on and it is much easier to convince your management to let you move up if you have taken the time to groom a successor.

I understand that some things are different at the executive level and that there are not as many opportunities at that level in many companies to which someone could move.  However, the need to have someone groomed who is capable of doing the job still exists.  CXOs will take vacation.  Many of them have vacation packages that allow them to be out of the office for extended periods of time or their positions require high levels of travel.  That is the perfect time to allow an employee to step up and help out.

In my personal opinion, it is more valuable to have an executive who mentors and grooms the next wave of successful business professionals than to have a successful business professional who is unwilling to share information or teach employees.  As a manager, you are no longer graded on your own success, but rather by the success of your team.  As your team, department, or business unit grows in their ability to meet demands and exceed goals, you will be recognized as a good leader.

Who Is Touching Your Configuration Files?


In an enterprise environment with thousands of servers, who has time to constantly review configuration files to see if they have been modified?  If you have managed a large number of servers then you understand the importance of this issue.  Configuration files not only support your production environment.  Many of them are used to lock down your system to prevent unauthorized access.  You simply do not want to have people editing files that are crucial to your business services.

This is where a free tool called AIDE can help.  Well, it can help you in the area of Unix systems.  This is a GPL licensed tool that monitors configuration files on your Unix systems.  Advanced Intrusion Detection Environment is your open source alternative to commercial monitoring tools that focus on file watching.  There are many commercial and open source tools on the market that focus on creating hashes of files and alerting administrators when those files have been edited.  Aide is included with Red Hat Enterprise Linux as well as other popular distributions.  It works on most Unix variants.


This tool is useful for detecting unwanted access to systems, and specifically system files.  This is basically one more tool in the security engineer’s toolbox.  Reports can be generated on a regular basis by using cron to schedule a run of the AIDE command.  After installation on your preferred Linux distribution, you will need to run the following command to generate a database file which can take some time:


aide –init

NTP – Network Time Protocol

The Network Time Protocol (NTP) is widely used to synchronize
   computer clocks in the Internet.  This document describes NTP version
   4 (NTPv4), which is backwards compatible with NTP version 3 (NTPv3),
   described in RFC 1305, as well as previous versions of the protocol.
   NTPv4 includes a modified protocol header to accommodate the Internet
   Protocol version 6 address family.  NTPv4 includes fundamental
   improvements in the mitigation and discipline algorithms that extend
   the potential accuracy to the tens of microseconds with modern
   workstations and fast LANs.  It includes a dynamic server discovery
   scheme, so that in many cases, specific server configuration is not
   required.  It corrects certain errors in the NTPv3 design and
   implementation and includes an optional extension mechanism.

 - http://www.ietf.org/rfc/rfc5905.txt

NTP, or network time protocol is a necessity for a management network.  This is not only for accuracy in time from the user perspective, but also for event correlation and authentication mechanisms.  Certain authentication mechanisms, such as Kerberos, rely heavily on time synchronization.  It is also difficult to correlate events, operational or security related, without time synchronization across the enterprise.  NTP V4 is the most recent implementation of the protocol and integrates with IPV6 and also provides some fixes based on issues with NTP V3.

Network time is critical on an enterprise network to ensure the integrity of the network.  Many facets of the integrity of the network are affected when time is not properly synchronized.  For example, audit logs become unreliable and there is no way to properly account for actions taken on the network.  This could cause a loss to a organization with no way to determine who or what caused the loss and thereby make it impossible to take the appropriate administrative actions to prevent a future occurrence.  The NTP protocol can be used in this case to ensure that an accurate time stamp is placed in the logging system to point to the user and change that made caused the issue.

Implementation of NTP within a management network is relatively simple.  There are hardware clocks available on the market that will sync with GPS (global positions system) and provide reliable time for the network.  NTP servers are also included in most Linux distributions for organizations who are willing to include open source options in their management network.  For commercial use, this might simply require the purchase of an enterprise license for Linux.  In some cases, a purchase might not be necessary at all, outside of the normal hardware procurement for a server.

In many cases, such as it is with Kerberos, security is based around time.  Whether it be the need to place a small window on the validity of a ticket or the need to control access based on time of day, it is important for your systems to be on a synchronized time source.  It is also crucial, in the case of a logging infrastructure, to ensure that your systems are in the same time zone.  Time zone conversion can be done on a receiving system, but it is preferable not to manipulate the original logs received as this can bring into question the integrity of the logs themselves.  Having worked in a military environment for over 10 years, I have found that one of the best ways to manage time is to use GMT/UTC and synchronize all systems in the network with one or more stratum 1 time clocks.

For the purposes of NTP, a primary NTP server is considered stratum 1.  A server who gets its time from a stratum 1 server is considered stratum 2.  As stratums increase, there is naturally a drift in time that occurs.  While NTP clients on operating systems are configured to allow for a small amount of drift, I would recommend two best practices.  First all systems within the enterprise should be receiving time from the same stratum level.  Second, I would suggest that the primary (stratum 1) time server in your environment be a hardware clock and not sync with an outside time source as this would actually make it a stratum 2 time source.

If you have additional comments related to time service on a management network or other advice you would like to share with our readers, please do so in the comments below.  As always, I appreciate your constructive criticism as I intend to use this blog to provide my personal experience and also as a means to gain more experience from our readers.

Time For a Spring Cleaning | WildPackets Blog


I think this article provides some significant options for spring cleaning your network. However, I believe that an organization should have a team of analysts performing this level of analysis,  and more, on a regular basis. Through the use of Netflow,  SNMP, and other protocols/tools, this is not a difficult process and could provide benefits such as reduced budgets, better performance, and tighter security.

What are your thoughts on this subject?  What are some of the most important topics for analysts to investigate?

%d bloggers like this: