[Guest Post]

This guest post was provided by Lee Munson on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI vulnerability scanning software.

All product and company names herein may be trademarks of their respective owners.

Nowadays many companies will scan their corporate networks in order to identify security issues. A vulnerability scanner may be employed once per year or, preferably, more often, and can be run either in-house or by a third party.

Typically, the results that come back from the vulnerability scan are used to identify and rectify any security concerns, as well as to remain compliant with the company’s own internal policies and procedures.

The Regulations

There is a whole raft of regulations that either do, or could, have a significant effect on information processing and security. The key regulations for the USA, Europe and the United Kingdom –include:

• Payment Card Industry Data Security Standard (PCI DSS)
• Health Insurance Portability Act 1996 (HIPAA)
• Sarbanes-Oxley Act 2002 (SOX)
• Gramm-Leach-Bliley Act 1999 (GLBA)
• Family Educational Rights And Privacy Act (FERPA)
• The EU Data Protection Directive
• The EU Directive On Privacy And Electronic Communications
• The Computer Misuse Act 1990
• UK Data Protection Act 1998

Many of the above regulations either require, or at the least imply the need for, regular vulnerability scanning across the organisation’s network.

The Consequences Of Non-Compliance

There are, of course, many possible penalties associated with non-compliance of the regulations listed above. The first such penalties that you would likely think of would be immediate, legal and financial in nature but there would also be a longer-term concern as well.

In business, reputation is everything, and a company that is not compliant with the regulations will suffer as a result, either through that knowledge becoming known to prospective partners and customers, or as a direct consequence of a breach occurring.

Vulnerability Scanning and Compliance

By using a vulnerability scanner – that also includes the ability to patch vulnerabilities and provide audits – on a frequent basis, a company can detect security threats before they can affect the network. This is especially important in an environment where hardware and users are changing regularly.

Network security is a fluid process that changes all the time with new threats emerging on a regular basis. A vulnerability scanner is an essential tool for combating these new threats as these would be updated regularly by their vendors in pretty much the same way that antivirus programs are updated with new virus definition files.

Another benefit to running regular vulnerability scans is that it helps with security audits and, therefore, helps you meet compliance with the regulations mentioned above.

In the future, the need for compliance is only going to grow due to the fact that there will undoubtedly be a raft of new regulations being released and, also, because the existing regulations will almost certainly begin to encompass more and more companies, regardless of their size.

A vulnerability scanner is your virtual security consultant and can aid your organisation to pass all the appropriate legal audits as well as your company’s own internal policies, protecting all your customers’, partners’ and employees’ data and privacy in the process.

I have been struggling for a while to identify why Wake On LAN is not working since I installed Windows 7 on my computer. It worked fine with Windows XP but after moving to windows 7, it never worked. After lot of testing and trying various things, I finally reached the solution.

So, here you go…

There is something called PME(Power Management Event) in Network connection properties which should be in enabled state to make your Windows 7 computer process the magic packets to wake up your computer.

To enable PME, follow the below steps.

•  Go to Start -> Run -> Type “ncpa.cpl” and click OK
• This opens up the network connections available in the computer. Here identify the NIC on which your computer will receive magic packets and go the properties of it.

• Click on Configure and Switch to advanced tab and select “Enable PME” property list and change the value to “Enable”

• Click on OK to complete the configuration.

This will make your network connection to blip briefly. Once your network connection is back your computer is ready to process the WOL packets. Shutdown your computer and try sending magic packet again. It should work without any issues.

Relavant articles:

http://www.intel.com/support/network/sb/cs-008459.htm

Feel free to post any questions that you have about WOL in windows.

While looking for a quick way to check when a SQL database was last backed up, the immediate thing that came into my mind is this post. I trolled around the parameters and functions of  ‘Microsoft.SqlServer.Management.smo.Server’ object and developed below tiny script to list the last backup date time of databases in a SQL server.

function Get-SQLLastBackupTime {

param(

[Parameter(mandatory=$true)]

[string]$DBServer

)

[System.Reflection.Assembly]::LoadWithPartialName(‘Microsoft.SqlServer.SMO’) | Out-Null

$server = New-Object (‘Microsoft.SqlServer.Management.Smo.Server’) “$DBServer”

$server.databases | select Name, LastBackupDate

}

Hope this help …

My wordpress dashboard showing notifications for while about new updates of some of the plug-ins I use. Since the updates are for important plug-ins I decided to install them. The moment I select the plug-ins and upgrade, the dashboard started showing the message that entering maintenance mode and upgrading the plug-ins. I thought it is expected and left the window like that and searching in google for something else. After sometime, I accessed my blog URL and it gave me a message that “Briefly unavailable for scheduled maintenance. Check back in a minute”. I waited for some more time but no change in status. It didn’t took me much time to realize that some thing has screwed my blog. Surprisingly the dashboard also not available and throwing same message.

I googled about this error  and understood that it is a sort of bug with WordPress which leaves website in maintenance mode while upgrading the plug-ins. The solution to this problem is as follows…

1. Connect to your site using FTP. I prefer using some rich clients than using ftp from command line. My favorite is FileZilla
2. Go to the WP installation directory where you will find wp-admin, wp-content folders.
3. Locate .maintenance file and delete 
4. Access your website now and it should be back. So did mine.

Have you ever had a requirement to see when a process is started? I generally come across this requirement. Every time, I use process explorer to fetch this data, but today I decided to have my own powershell function.

The Get-Process cmdlet will not provide you any details about process creation time. You definitely need to rely on a WMI query against win32_process class for this information. So, here is the code.

function Get-ProcessCreationTime {
param(
[string]$Name,
$Processid,
$computer = $env:COMPUTERNAME
)
if($Name) {

([wmi]””).ConvertToDateTime((gwmi -Class Win32_Process -computer $computer -Filter “Name=’$Name'”).CreationDate)

}

if($Processid) {

([wmi]””).ConvertToDateTime((gwmi -Class Win32_Process -computer $computer -Filter “handle=’$Processid'”).CreationDate)

}

}

Usage :

Get-ProcessCreationTime -Name notepad.exe

Get-ProcessCreationTime -ProcessId 1234

Use -Computer parameter if you want to query process creation time from remote computer.

Note: Currently this function won’t support if there is more than one instance of a given process. For example, this might throw errors if multiple notepad processes are running in computer and you query for notepad.exe process creation time. In such case I prefer using -ProcessID parameter. Soon I will update this function to handle multiple processes as well.

Hope this helps…. Happy learning…

Below small function helps you to list databases in a given database server using powershell. This will come handy for you when you quickly want to check the databases list without logging on to the server.

function Get-SQLDatabases {
param(
[Parameter(mandatory=$true)]
[string]$DBServer
)
[System.Reflection.Assembly]::LoadWithPartialName(‘Microsoft.SqlServer.SMO’) | Out-Null

$server = New-Object (‘Microsoft.SqlServer.Management.Smo.Server’) “$DBServer”
$server.databases | select Name

}

Usage :

C:>Get-SQLDatabases -DBServer MSSQLSRV1

Hope this helps…

Since last one and half year, I have been working on Windows 7 Operating system and in my experience “Auto Tuning” in windows 7/vista/windows 2008 R2 is the most possible culprit for any network related problems. If you see a network related problem in these operating systems and cannot determine what is the cause, I suggest you try disabling “auto tuning” first.

I know that “auto tuning” is one of the features introduced with windows 7/vista to improve OS operations on network. Basically what it does is, it adjusts the TCP window size to improve the network operations. Though it sounds good in theory, I have seen numerous amount of posts over internet where disabling “auto tuning” addressed many issues like, slow data copy, slowness in email delivery, slow outlook mail caching times, and a few application data transfer related issues. Most of these issues you will see when performing the transfer operations over a WAN link.

So, considering above all, I would like to share the procedure for disabling/enabling “Auto Tuning” in windows 7 environment which may come handy for you in troubleshooting network related issues…

Procedure:

1. Open Command prompt with elevated rights
2. Run the command netsh interface tcp set global autotuning=disabled
3. This disables the auto tuning
4. Similar to enable auto tuning back, use the command netsh interface tcp set global autotuningl=normal

 If you want to see the current status of auto tuning, use netsh interface tcp show global

Hope this helps you.

Today I got a requirement to convert a normal string with value “20100610” to date format using powershell. I thought I will be able to do it easily with “Get-Date” cmdlet but it never happened that easy. After some searching, I figureout the way.

$strtime = “20100610”
[datetime]::ParseExact($strtime,”yyyyMMdd”,$null)

While doing the conversion from string value to date/time format, first you should know what you are trying to convert. The string in my case is a eight character string in which first 4 characters belongs to year(yyyy), the next two belongs to month(MM) and the remaining two belongs to date(dd). That is why I used yyyyMMdd format in the parseexact function.

Executing above code results in below output.

If you are not interested about time details in output, just make the code a bit complex like below.

([datetime]::ParseExact($strtime,”yyyyMMdd”,$null)).toshortdatestring()

Today, I quickly wanted to check to which AD site a IP belongs to. If I am the computer where that IP is assinged, it is wasy to find out this information. Since that computer is offline/not reachable, I need some other way.

After bit of googling, I came across below usage of dfsutil. I am very familiar with DFSUTIL but never focused much on the “/sitename” parameter.

So, here you go, if your computer IP is, 192.168.10.130 you know to which AD site it belongs by executing “dfsutil.exe /sitename:192.168.10.130” and outlook will display the site name.

C:>dfsutil /sitename:192.168.10.130

Microsoft(R) Windows(TM) Dfs Utility Version 4.2
Copyright (C) Microsoft Corporation 1991-2005. All Rights Reserved.

 Site for 192.168.10.130 is INDIA

Done processing this command.

C:>

In above example INDIA is my active directory site name.