Updates from August, 2008 Toggle Comment Threads | Keyboard Shortcuts

  • Peter Nikolaidis 2:42 pm on August 25, 2008 Permalink  

    Question for InfoSec Types: Is DHCP a Security Risk? 

    We recently had an IT audit at one of my clients’ locations. One of the issues raised by the auditor was that our DHCP server was a security risk because it would allow anyone to plug in to the LAN, get an IP address, and start browsing or scanning the network for vulnerabilities.  (More …)

    • DamienHull 3:20 pm on August 25, 2008 Permalink

      A few years back I would have said no. Times have changed.

      I don’t view DHCP as a security issue. I see it more as a plug and play issue. It’s been my experience that people who have no idea how a network functions love to plug wireless access points and routers into the network. This makes trouble shooting fun.

      Security could be an issue if data on servers and workstations isn’t protected. If someone can walk in with a laptop, plug into the network and access data, you have a problem.

      When it comes to security one size does not fit all. Security is balancing act. Be safe but not so safe that users can’t get anything done.

    • TedRoche 10:47 am on August 28, 2008 Permalink

      Disclaimer: I’m not truly an InfoSec, though I play one on my own network (don’t we all?)

      I think the auditor may be confusing physical access issues with network access… “if an intruder can just plug in a device” you have far more serious problems. Most offices don’t let people off the street plug in. If your client is in that situation (like a school or a cybercafe or an incubator), then those network jacks ought to be _outside_ the firewall, with VPN access to corporate resources.

      That said, access to the corporate network ought to be limited. MAC address filtering should only allow known devices. An employee bringing in a compromised home computer is just as large a threat. Wireless access should be filtered by MAC address and WPA2 or better (and perhaps firewalled VPN access from the WAP to the intranet). But computer users are going to have authorized devices (iPhones, laptops, etc.) that need to be using DHCP for their access on the road. Accomodating this can be done without significantly compromising the network.

    • bill_mcgonigle 1:14 am on September 1, 2008 Permalink

      I can capture and emulate the MAC of one of your ‘trusted’ machines inside of a couple minutes. There are even things out there to confuse switch ports about which MAC is on which port. MAC addresses should be used for ARP, not security. It’s fine to use them too for static DHCP so you can centralize device addressing.

      That said, if somebody can get onto your network, get an address via DHCP, and is then automatically authorized to do anything other than make recursive DNS queries and access a part of your Internet connection, you’ve got problems.

      Most people don’t need secure switch ports – it’s sufficient to secure services. If you do need secure switch ports, look into 802.1x or VPN’s. And a security guard named Charlie with a .40S&W.

      Note: I’ve met auditors who don’t know what they’re doing and run down a checklist hammered out by college interns. Their fees have nothing to do with their competence, especially their ability to understand protocols.

  • Peter Nikolaidis 8:34 am on August 25, 2008 Permalink
    Tags: corrupt, innodb, mysam, , , tables   

    RT 3.8.0 – Stable Again Thanks To InnoDB 

    Thanks to a couple of helpful folks on the rt-users mailing list, we were able to track down the cause of our problems. We experienced some corruption in our MySQL databases. I found out that you should “never” run RT on MyISAM tables and always use InnoDB. Oddly enough, we’ve run on MyISAM for years and never had this problem. However, we did have issues with slownes, for years, and it’s something we’ve been struggling with constantly.

    for t in $(mysql -unotreal -pdontbother --batch --column-names=false -e "show tables" rt3);
    mysql -e "alter table $t type=InnoDB" rt3;

    Running this script revealed an error with the “Tickets” table. Fortunately, the data itself in our tables was not corrupt, just the indexes were.  myisamchk was able to repair these and allow us to convert all tables to InnoDB format. Once I fixed that error, I was able to convert everything over to InnoDB.

    I was thrilled to see that, once the conversion was finished, RT popped right back up into place, with all of the tickets in their usual spots. And, as a bonus, the thing’s a lot faster than it ever was before.

    Lesson learned. Next time, read the instructions more carefully.

  • Peter Nikolaidis 11:03 am on August 24, 2008 Permalink  

    WordPress 2.6.1 Upgrate 

    I just ugpraded to WordPress 2.6.1, following my usual procedure (backup, download, extract over existing blog). I got some errors when I clicked to update the database:

    WordPress database error: [Duplicate key name 'comment_approved']
    ALTER TABLE nikolaidis_wp_comments ADD KEY comment_approved (comment_approved)

    WordPress database error: [Duplicate key name 'type_status_date']
    ALTER TABLE nikolaidis_wp_posts ADD KEY type_status_date (post_type,post_status,post_date,ID)
    Upgrade Complete

    Your WordPress database has been successfully upgraded!

    Given the last line, I’m inclined to think that these database upgrades may have been done in the 2.6 upgrade I did a while back.

    At least, that’s my hope…

  • Peter Nikolaidis 10:53 am on August 24, 2008 Permalink
    Tags: 3.8.0, corruption, database, myisamchk, , , table   

    RT 3.8.0 Server is Hosed After Corrupt Sessions Table, myisamchk 

    To all of my regular readers, apologies if this post seems a bit out of the ordinary, but if you read on, you’ll see why I’m documenting this here, as opposed to in my ticketing system.

    On Friday afternoon, for no apparent reason, while I was the only user on my RT 3.8.0 system, after clicking a link, I was presented with the logon prompt.

    Puzzled, I entered my username and password and logged back in. Everything seemed normal, and the ticket I was trying to edit was there. I continued my edits, and clicked to update the ticket.

    Login prompt again. (More …)

  • Peter Nikolaidis 6:25 pm on August 14, 2008 Permalink
    Tags: , , , fat, ,   

    Medifast – 2 months, ~25 pounds 

    Medifast progress: 20080814

    Medifast progress: 20080814

    Two months ago, I started on the Medifast plan. I was 208# then, and I’ve been as low as 183.4# a couple of days ago. Weight fluctuates, so I’m up a bit today, but I’ve lost nearly 25 pounds in two months. It doesn’t sound quite as impressive as when I lost 18 pounds in the first month, but I knew that the rate would slow as I got nearer to my goal, so I’m not worried.

    Today was the first time that people commented, unprompted, at how I was losing weight. The were folks whom I hadn’t seen in over a month, so they had the “old me” (read “fat me”) in mind and could really see the difference. Also, today I wore a pair of dress pants which I hadn’t worn in well over a year because I outgrew them – something which really bothered me at the time, because my wife picked them out with me after a time when I had gained weight. So basically, I couldn’t fit into my “fat pants.” That did not feel good, but wearing them today sure did.

    Now I need to replace the four new pairs of jeans I bought back in May. Maybe I can take them in…

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc