Thursday, 30 April 2015

How to design a more reliable flashlight

In this neck of the savannah we have rolling blackouts. 

Read here about one way of addressing one of the root causes.

Wednesday, 29 April 2015

How to use the Netsh utility to export and import DHCP scopes

View this article here.


Netdot is an open source tool designed to help network administrators collect, organize and maintain network documentation.
Netdot was initially developed by the Network Services group at the University of Oregon, and continues to be maintained and expanded with support from the Network Startup Resource Center and the work of volunteers.
Relevant features:
  • Device discovery via SNMP
  • Layer2 topology discovery and graphing, using:
    • CDP/LLDP
    • Spanning Tree Protocol
    • Switch forwarding tables
    • Router point-to-point subnets
  • IPv4 and IPv6 address space management (IPAM)
    • Address space visualization
    • DNS/DHCP config management
    • IP and MAC address tracking
    • BGP peer and Autonomous Systems tracking
  • Cable plant (sites, fiber, copper, closets, circuits...)
  • Contacts (departments, providers, vendors, etc.)
  • Export scripts for various tools (Nagios, Sysmon, RANCID, Cacti, SmokePing)
  • Multi-level user access: Admin, Operator, User
Access the tool here.


Scrutinizer™ is at the foundation of the Plixer incident response and behavior analysis architecture. It is available as a physical or virtual appliance, or as a windows download. Scrutinizer performs the collection, threat detection, and reporting of all flow technologies on a single platform. It delivers real-time situational awareness into the applications and their historical behaviors on the network.

 Access the product page here.

Tuesday, 28 April 2015

RIRA - Rapid IT Risk Assessment

RIRA (Rapid IT Risk Assessment) is a methodology that been been defined to create and complete and initial assessment with minimal effort and is suitable for project management and even problem management.  

Access the methodology here.

Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds

Access these guidelines here.

What’s Your Security Maturity Level?

Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ‘15 pieces of flair‘). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase.

Read the article here.

Monday, 27 April 2015

The Active Defense Harbinger Distribution

The Active Defense Harbinger Distribution is a security Linux distribution based on Ubuntu 12.04 Long Term Support, Ubuntu LTS has 5 years support from Ubuntu developers Canonical, it is useful for enterprises and those who don’t need to run cutting edge software and are more interested in an stable operating system that will be supported for a long time without the need to constantly upgrade to another version to patch up security holes.
Read the article here.

5 Reasons Every Company Should Have A Honeypot

A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits.

Read the article here.

SANS firewall checklist

SANS firewall checklist is available here.

#234 Super Trouper (ABBA)

#233 Dancing Queen (ABBA)

#232 Waterloo (ABBA)

Sunday, 26 April 2015

The Ultimate Network Security Checklist:

Here it is – The Ultimate Network Security Checklist: a document that provides you with the areas of information security you should focus on, along with specific settings or recommended practices that will help you to secure your environment against threats from within and without.

RIT Information Security checklists

Checklist Name
Desktop and Portable Computer Checklist General User
Compliance checklist for use by self-supported faculty, staff, and students.
Desktop and Portable Computer Checklist ITS-Supported Users Compliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13)
Desktop and Portable Computer Checklist Systems Support
Systems support personnel compliance checklist for computers they support.
Server Security Checklist
Compliance checklist for use with the Server Security Standard
Network Security Checklist
Compliance checklist for use with the Network Security Standard
Web Standard Compliance Checklist
Compliance checklist for use with the Web Security Standard
Account Management Checklist Compliance checklist for use with the Account Management Standard

SSHCure (Flow-based SSH Intrusion Detection System)

SSHCure is an intrusion detection system (IDS) that has been designed as a plugin for NfSen ( It detects and analyzes SSH intrusion attempts.

Access the project here.

Good Practice Guidelines

The Good Practice Guidelines (GPG) are a series of informational documents which provide good practice advice in technology-specific areas of Information Security and Information Governance.
Each Good Practice Guideline is intended to support Department of Health Policy and Information Governance requirements for NHS organisations and suppliers.
These guidelines are updated with the latest security information and if you feel there is something missing please contact
We recognise these GPGs as essential communication from the Infrastructure Security Team and as such are aiming for the documents to be published to the highest possible standard.
All documents on this page have 'Approved' status. As Information Security is an evolving discipline these documents will be updated regularly and should be regarded as 'living documents'.
Last Update
3G / HSDPA Provides guidance for organisations who wish to deploy or operate 3G / HSDPA systems In Progress

Access Control Lists (PDF 77Kb This guide addresses the major issues associated with creating and maintaining secure networks using both the New NHS Network (N3) and other network infrastructures. 11/05/2009 2.0
Anti-Virus and Malware (PDF 305Kb) Provides guidance on the deployment, configuration and management of Anti-Virus software. 01/03/2010 2.0
Application Security (PDF 133Kb)
Provides guidance for organisations providing user applications to users.
Approved Cryptographic Algorithms (PDF 504Kb)
Guidance on Authority standards for cryptographic algorithms and key sizes.
A guidance document on the changes between the previous version (v2.2) and this version (v3.0) of the Approved Cryptographic Algorithms GPG  can be found in "Approved Cryptographic Algorithms Good Practice Guideline – changes between v2.2 and v3 (PDF 299Kb)".
Provides guidance on facial, iris and finger recognition technologies.

Business Continuity and Disaster Planning (PDF 148Kb)
Provides guidance for organisations implementing BCP and DR Procedures
Connecting Modem Devices to Local Area Networks (PDF, 261Kb) Provides guidance on the security challenges associated with connecting modems to Local Area Networks. 25/10/2010 1.0
Content Filtering
Provides guidance for organisations who wish to deploy or operate Content Filtering systems
In Progress

Disposal and Destruction of Sensitive Data (PDF, 331.8kB) Provides guidance for organisations on the disposal and destruction of sensitive data (UPDATED)
Email, Calendar and Messaging Services (PDF 75Kb)
Provides guidance for organisations using Email, Calendar and Messaging Services.
Firewall Technologies (PDF 2Mb)
Provides guidance on the planning, implementation and operation of firewalls and associated technologies
General Principles for Securing Information System (PDF 130Kb)
Provides introductory information on general principles for securing information systems. 26/05/2009
Glossary of Security Terms (PDF 277Kb)
Glossary of Security Terms used in the Good Practice Guidelines
GPRS and PDAs (PDF 371Kb)
Provides guidance for organisations who wish to deploy or operate GPRS and PDA services
IDS and IPS Technologies (PDF 1Mb)
Provides guidance for organisations implementing IDS/IPS solutions
Local Area Network Security (PDF 171Kb)
Provides guidance on security good practice in relation to Local Area Network security
Network Address Translation (PDF 183Kb)
Provides guidance on the implementation of NAT and the possible security implications
Password Policy for Non-Spine Connected Applications (PDF 302Kb)
Provides guidance on the use and control of passwords for organisations deploying and using non-SPINE connected applications.
Patching Management (PDF 168Kb) Provides advice and guidance relating to Patch Management in NHS or other healthcare environments
07/10/2009 1.0
Portable Storage Devices
Provides guidance on security good practice in the implementation of portable storage devices within an organisation

Proxy Services (PDF 86Kb)
Provides guidance on Proxy Services such as web proxies, application proxies and gateway services
Remote Access (PDF 150Kb)
Provides guidance on the implementation of Remote Access technologies
Remote Management
Provides guidance for organisations who wish to deploy or operate Remote Management
In Progress

Secure Use of the N3 Network (PDF 88Kb)
Provides guidance for organisations who wish to move sensitive information using the N3 network.
  Securing Web Infrastructure and supporting services
Provide information on good security practices in relation to the security, and securing of Web infrastructure and associated systems.
26/02/2010  1.0
Security of the Endpoint
Provides guidance on implementing security of endpoint devices such as desktops

Server Virtualisation Security (PDF 307Kb)
Provides security guidance to technical and policy making personnel when deploying virtualisation within their organisations. This document focuses on the security aspects of virtualisation. 06/07/2009 1.0
Site to Site VPN (PDF 97Kb)
Provides guidance for organisations who wish to deploy or operate Site to Site VPNs
Smart Card Best Practices
Provides guidance on the implementation and operation of smartcard based systems.

System Hardening (PDF 96Kb)
Provides guidance on the implementation of security for devices such as firewalls, routers etc
TCP IP Ports and Protocols (PDF 149Kb)
Provides guidance on the security risks associated with common TCP/IP services
Use of Tablet Devices in NHS environments (PDF 213Kb)
Provides vendor and product independent security guidance to organisations wishing to make use of tablet devices in NHS environments 19/12/2011 1.0
VLANs (PDF 104Kb)
Provides guidance on the use of VLANs within a network infrastructure.
Voice Over IP
Provides guidance on the implentation of Voice over IP services and the security issues which may be encountered
In Progress

Provides guidance for organisations who wish to deploy or operate WiMAX or WiBRO wireless systems
In Progress

Wireless LAN Technologies (PDF 123Kb) Covers the design and deployment of Wireless Local Area Networks 08/03/2006

Saturday, 25 April 2015

Grey vs Boishaai 2011

The cobbler's shoes

So I bought a GPS log book.  I need to account for my business versus private travel for SARS.  Now we all know about the cobbler's shoes or the plumber's toilet, meaning the service that someone provides to someone else is typically not of the same quality as what he does for himself.  Hopefully higher?

Read the article on LinkedIn's Pulse here.

Wednesday, 22 April 2015

Business Continuity Planning Manual

Access the planning manual here.

How to build a better flashlight

And rewire the country...

Top 47 Log Management Tools

Operating systems, such as Windows and Unix, as well as networks such as Cisco, typically offer some native log management functionality. But these log and event management mechanisms fall short of consolidating the data in any meaningful way, leaving bits and pieces of event logs scattered across a network. Not to mention, many of those events are lost as a result of overwrites, creating a security and compliance problem.

Access the list here.

#231 She Cranks My Tractor (Dustin Lynch)

We're a cloud of dust once I get her buckled in my pickup truck
She's ten pounds of sugar in a five pound sack
A Hollywood looker in a John Deere cap

#230 Maggie May (Rod Stewart)

The morning sun when its in your face really shows your age
But that dont worry me none in my eyes youre everything
I laughed at all of your jokes my love you didnt need to coax
Oh, maggie I couldnt have tried any more
You lured me away from home, just to save you from being alone
You stole my soul and thats a pain I can do without

Tuesday, 21 April 2015

#229 Combine Harvester (The Wurzels)

I drove my tractor through your haystack last night
(ooh aah ooh aah)
I threw me pitchfork at your dog to keep quiet
(ooh aah ooh aah)
Now something's telling me
That you'm avoiding me
Come on now darling you've got something I need  
Cuz I got a brand new combine harvester
An' I'll give you the key

Reliability engineering

Reliability engineering is engineering that emphasizes dependability in the lifecycle management of a product. Dependability, or reliability, describes the ability of a system or component to function under stated conditions for a specified period of time. Reliability engineering represents a sub-discipline within systems engineering. Reliability is theoretically defined as the probability of success (Reliability=1-Probability of Failure), as the frequency of failures, or in terms of availability, as a probability derived from reliability and maintainability. Maintainability and maintenance is often defined as a part of "reliability engineering" in Reliability Programs. Reliability plays a key role in the cost-effectiveness of systems. 

Read the post on Wikipedia here.

Monday, 20 April 2015

Introduction and Demo to the Elasticsearch, Logstash and Kibana

Using elasticsearch, logstash & kibana in system administration | Alexander Reelsen

ELK is a powerful set of tools being used for log correlation and real-time analytics. This post will discuss the benefits of using it, and be a guide on getting it up and running in your environment. ELK is actually an acronym that stands for Elasticsearch, Logstash, Kibana. In recent months I have been seeing a lot of interest in ELK for systems operations monitoring as well as application monitoring. It was really impressive and I thought of how useful it could be for network operations. Many environments just have the basics covered (up/down alerting and performance monitoring). Some companies go one step further and are logging syslog to a central server. For long time this has been acceptable, but things must change. While this guide is solely meant to show how network data can be captured and used, the real goal is to have all infrastructure and applications log to ELK as well.

Read this great post about ELK and network operations here.

Sunday, 19 April 2015

The Hard-won Triumph of the Apollo 13 Mission - 45 Years Later

Moments after they finished a TV broadcast late on April 13, 1970, a spark ignited one of the oxygen tanks on the Apollo 13 spacecraft. The resulting explosion plunged an entire nation into an anxious three-and-a-half day drama.

Read the article on the NASA site here.

Saturday, 18 April 2015

Installing RedMine on ubuntu 14

This is quick guide on how to install RedMine on ubuntu 14.

Access the guide on LinkedIn's Pulse here.

The Passenger (Siouxsie And The Banshees)

Passengers (Elton John)

Thursday, 16 April 2015

IT Security Self- & Risk-Assessment Tool

The tool is a Microsoft Excel 2003 spreadsheet containing worksheets that guides you through a detailed assessment of your agency’s IT system in three categories:ManagementOrganizational, and Technicaland a fourth category, State and Local Law Enforcement-Specific IT Security Controls, which assists with recording information on additional state and local government issues.

Access the tool here.

Risk Assessment Tools

These tools are considered basic, but they will assist people who may not have extensive experience in risk assessment begin to develop a more comprehensive risk management program.

Access the basic tools here.

ICT Risk Assessment

Organisations may be required to carry out risk assessments for a variety of reasons. But what is risk assessment and how does it relate to information technology specifically?

Read the post here.

Monday, 13 April 2015

Troubleshooting Networks: Tips from a Network Detective

The thrill of the “chase” and the challenge of solving the “who done it”.  I’ve learned a lot over the years. What works… what doesn’t work.  What helps… what hinders.
Like any Detective “on the job” for so many years… it would be impossible to pass on to you everything I would really like to.  So let’s go with the tips I think will give you the biggest ROI if you apply them.

Tips from a Network Detective

  1. Be Methodical
  2. Know What is Normal (Knowledge is Key)
  3. Get to the “Crime Scene” as Fast as You Can
  4. Have “Crime Scene Maps”  that Help and don’t Hinder
  5. Let the Clues and Evidence Guide You
  6. Learn and Improve.
Read the article on PacketPushers by here.

Network Documentation Best Practices: What’s Important & How To Track It

As a consultant, I have done several network assessments for clients. One of the biggest items that is almost always missing is documentation. In my assessment reports, I can’t just say, “You are missing documentation,” and leave it at that. I have to be more specific. I have to specifically call out what should have been documented, how it should be documented, and why it should be documented. These are my opinions of best practice for documenting your network.

Access the post here.

Top 9 tips for better cable management in the data centre

Cable management in the data centre is the most ignored part in my experience. And it always come back to haunt you in one form or another. It could be in form of tracing the wrong cable and unplugging a production host while working on something else, or never able to find what is connected where.

Read the post here.

Syslog Server for Windows (Visual Syslog Server for Windows with a graphical user interface)

Access the software here.


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. 

Download Nikto from here.

Interface Traffic Indicator

Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or cable/modem/ISDN connection to the internet.

Download the tool form here.

Sunday, 12 April 2015

NfSen - Netflow Sensor

NfSen is a graphical web based front end for the nfdump netflow tools.

NfSen allows you to
  • Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database).
  • Easily navigate through the netflow data.
  • Process the netflow data within the specified time span.
  • Create history as well as continuous profiles.
  • Set alerts, based on various conditions.
  • Write your own plugins to process netflow data on a regular interval.

 Access NfSen here.


LFT, short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method. For example, rather than only launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT can send TCP SYN or FIN probes to target arbitrary services. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source and destination), which make its statistics slightly more realistic, and gives a savvy user the ability to trace protocol routes, not just layer-3 (IP) hops. With LFT's verbose output, much can be discovered about a target network. 

Access LFT here.

Advanced IP Scanner (Free Network Scanner)

  What Advanced IP Scanner does:

  • Scans network in a matter of seconds
  • Detects any network devices, including Wi-Fi routers and wireless devices
  • Scans ports and finds HTTP, HTTPS, FTP, RDP and shared folders
  • Lets you connect to PCs running Radmin Server with one click
  • Allows you to shut down computers remotely
  • The opportunity to run ping, tracert, telnet and SSH commands on a selected computer
  • Supports Wake-On-Lan
  • Favorites list for easy network management
  • Export to HTML or CSV
  • Easy and user-friendly interface

Access Advanced IP Scanner here.

Cisco Device Info

Cisco Device Info (CDI) is a free, open-source Windows application to retrieve runtime information from Cisco equipment such as routers and switches. This is achieved using the SNMP protocol. Cisco Device Information supports SNMP versions 1 through 3 and has been tested against a handful of different devices and IOS versions.

Access Cisco Device Info here.

Fing (network toolkit)

Born from the experience of the famous Look@LAN, Fing relies on a fast, network engine. Currently available as a Mobile App (Android and iOS) and Desktop command-line tool (Windows, OS X, Linux), Fing is free of charge and Ads. We intend to support more platforms in the future, including a long-awaited Desktop GUI.

Access Fing here.

Radmin (Remote Control software)

Radmin is one of the safest, fastest and most popular remote access software solutions designed for Windows.

Access Radmin here.

Cisco and networking cheat sheets

Access the Cisco and networking cheat sheets on here.

Monitoring a network link from zero within a few minutes

Most people have broadband connections and when troubleshooting a problem the first port of call is to view the utilization on the link.  Much like the dashboard of a car.  Determining what is using the link is another matter but let us first start and see if it is highly utilized and this will clarify whether it is congested on not.

Read the post on LinkedIn's Pulse here.