back to article A sysadmin always comes prepared: Grasp those essential tools

We have prizes up for grabs. The first 30 people to sign up for a GFI Cloud free trial and add two or more devices to the console get a limited edition T-shirt from The Register. All signs ups that add two or more devices before this competition ends will be entered into a draw to win a 10-user licence of GFI Cloud’s AntiMalware …

  1. weathertop

    All the best tools in the world mean nothing

    All the best tools in the world mean nothing if the staff behind them have no clue what they are doing.

    SMB is the most obvious area lacking expertise (read: inundated by half-wit consultants who sell Exchange servers yet know nothing about Exchange beyond that it exists), but Enterprise/MNC level IT have also shown ineptitude (ala Target). And then you have those admins that create needlessly complex, highly customized networks and environments and then expect off-the-shelf security software to be compatible with their hair-brained scheme.

  2. Daggerchild Silver badge
    Boffin

    That word you keep using...

    "Entropy assurance tools have one job: to generate high entropy to secure system and service access and manage all of it in a human-compatible fashion"

    Erm. The most effective way of generating high entropy in anything is to set it on fire.

    Is this a joke, a H2G2 reference to an *extra* hot cup of tea, or are people actually toting 'Chaos Assurance' as increasing Order?

    1. Anonymous Coward
      Anonymous Coward

      Re: The most effective way of generating high entropy in anything is to set it on fire.

      I think he wants a good "random" number generation to seed his crypto agorithms. He may well agree to set stuff on fire if he can get good random numbers out of it, and will pay extra to buy something which manages the fire-based random number generation in an easy-to-use but reliable way :-)

      1. Trevor_Pott Gold badge

        Re: The most effective way of generating high entropy in anything is to set it on fire.

        I now want a fire-based random number generator. That sounds awesome.

        1. John Gamble
          Meh

          Re: The most effective way of generating high entropy in anything is to set it on fire.

          It's not quite OpenFlame1, but there is Lavarnd (<http://www.lavarnd.org/>, yes, randomness from a lava lamp) and Hotbits (<http://www.fourmilab.ch/hotbits/>, "Genuine random numbers, generated by radioactive decay").

          For varying definitions of "hot".

          ---

          1. Damn, thought I made something up, but searching does show an OpenFlame project exists.

          1. Trevor_Pott Gold badge

            Re: The most effective way of generating high entropy in anything is to set it on fire.

            Lava Lamp-based entropy is almost as cool, I do have to admit.

        2. dan1980

          Re: The most effective way of generating high entropy in anything is to set it on fire.

          @Trevor_Pott

          "I now want a fire-based random number generator."

          You could attach a wireless motion tracker (of the kind coaches stick on athletes) to that one manager who always complains about having to enter a complex password* and then set him/her on fire.

          Those systems sample around 25Hz so you'd only need 5 seconds of flailing and screaming to generate 128 bits of entropy. Given normal clothing adhering to flammability regulations, it shouldn't cause any serious physical injury if you put him out after you've got your seed.

          * - And thus helps undermine the whole system.

          1. Trevor_Pott Gold badge

            Re: The most effective way of generating high entropy in anything is to set it on fire.

            You are a terrible person. I like the way your mind works. :)

            1. dan1980

              Re: The most effective way of generating high entropy in anything is to set it on fire.

              I get that . . .

            2. dan1980

              Re: The most effective way of generating high entropy in anything is to set it on fire.

              Actually, upon further reflection, a wireless tracker might be unnecessary - especially seeing as you would need to actually attach it to said manager before commencing.

              A Kinect (2) sensor would seem to be a superior choice, assuming line of sight. You'd have to be relatively close (<4m) but you could generate a stupendous amount of entropy in a short time that way, given you are monitoring the simultaneous movements of potentially dozens of joints* even before you add in heart rate, muscle and microphone data.

              Actually, with that many available data points to generate your entropy, you wouldn't even need to set your boss on fire - you'd only need to startle him/her.

              That would be a good entropy generation 'device': a suitably obnoxious horn wired to a large red button on your desk, with the results monitored by a Kinect. Whenever you need a PRNG seed, just hit the button and presto - a colossal stream is on its way.

              If you wanted it fire-related I suppose you could hook it up to the fire alarm but first, I'm pretty sure that's illegal and second, if the office is anything like mine, you'd get next to no useful movement.

              * - The earlier version could track 20 joints in two active users - 40 total.

  3. Anonymous Coward
    Anonymous Coward

    Java - banned. Can I ban Flash yet?

    Java is banned in our environment and only installed on specific machines (E.g. blackberry servers).

    Adobe Reader can finally be configured to auto-update unattended.

    Sadly I have been unable to ban Flash yet. What do readers think? Can I ban it?

    1. dogged

      Re: Java - banned. Can I ban Flash yet?

      Where I work, the ITOps department in its undoubted wisdom has allowed the use of Flash but required admin permission to get the bloody auto-upgrade to run.

      /facepalm

      1. Thomas Letherby

        Re: Java - banned. Can I ban Flash yet?

        This is probably not their fault per se, we had endless trouble with later versions of Adobe Reader as well as Flash ignoring the no-autoupdate flag Adobe provide to avoid this. Unfortunately you only find out that it's broken when the next patch comes out and everyone complains that it's asking them to update but they can't.

        You can test the patch for longer, but Flash 0 day exploits are not exactly uncommon, so you want it out among the users quickly. You don't want the auto-upgrade to work because you want to test it first against your critical systems.

        Java is another one like this, where I used to work had a lot of broadcast kit, if you didn't have the exact version of Java the box expected you couldn't configure it. You want to push the latest version, but you need to test it against your systems first.

        You can of course run multiple versions of Java on the same box quite well, but sometimes a new Java install will break the old ones and you have to reinstall them all in the right order.

    2. Trevor_Pott Gold badge

      Re: Java - banned. Can I ban Flash yet?

      What do you honestly need flash for that isn't covered by HTML5? Most places you'd go fetch a training video will offer it up through HTML5 if flash isn't there. Maybe you can ThinApp a browser with flash for the really rare instances there's a business case for flash?

  4. Primus Secundus Tertius

    Cover ups

    A relative of mine worked for a FTSE 250 company. One day there was a problem; then there was a problem with the backup; and all their accounts were lost. They had to write to their customers saying, "be reasonable and cough up, chaps; this could easily happen to you".

    Cost them a fortune, but I never saw any report of it in the finance pages of the mainstream press.

    No, it was not HP nor Autonomy.

  5. Michael H.F. Wilkinson Silver badge
    Joke

    What? No cattleprod!!

    Indispensable, I would say

    1. Anonymous Coward
      Anonymous Coward

      Re: What? No cattleprod!!

      Indeed... he forgot about the hardware...

      Like a decent selection of screwdrivers, multimeter, network cable-tester etc...

    2. Trevor_Pott Gold badge

      Re: What? No cattleprod!!

      A clear oversight. I shall flog myself appropriately.

  6. Anonymous Coward
    Anonymous Coward

    Skipping over the sarcasm about shilling and the cloud in general. Rest assured, I'm feeling sarcastic, but that's been done already. A couple of useful tools are:

    Axense Net Tools (free, but naggy)

    http://www.axencesoftware.com/en/nettools

    IntoDNS (free online DNS checker)

    http://intodns.com/

    1. Anonymous Coward
      Anonymous Coward

      IntoDNS appears to not understand IPv6 or display AAAA records, making it much less useful than it could be.

  7. Zacherynuk

    Adverts aside.

    Putty - (can be used for a massive variety of things)

    https://testconnectivity.microsoft.com (simple indispensable)

    wakemeonlan - http://www.nirsoft.net/utils/wake_on_lan.html - (excellent for identifying equipment by mac address, not just waking them up)

    AngryIP - http://angryip.org/ - obvious uses

    Ninite - http://ninite.com/ - probably saves us 100 hours a month or more. each.

    And includes, WinSPC & Notepad++

    RunAsSPC - http://robotronic.de/runasspcEn.html - allow users to run individual apps / updates / scripts as another user without giving away credentials.

    Puretext - http://www.stevemiller.net/puretext/ - stop having to paste into out of notepad to strip formatting

    gpodder.net - so you can centrally dictate to which of your windows, linux and android devices you want which podcasts to go to from a central web interface to listen to when nothing is going right.

    I think that's 10.

  8. Anonymous Coward
    Anonymous Coward

    I'm a tool

    If you don't monitor your systems you will be toast. My little firm looks out for >1000 servers and systems. Our Icingas et al have around 5000 odd services being monitored, disc space, service/daemon status, AD, DNS, NTP, Equallogics, ESXi, Cisco/Dell/HP/Netgear switch statuses, UPS and many many more including backups. If it's switched on and provides a service, we monitor it.

    Nagios/Icinga/Check_MK/NagViz/Nagstamon are my current weapons of choice. I've tried the lot and none comes close. Having said that OpenNMS is looking promising again - I'm probably due another go, the last one was a couple of years ago. If you are a Windows bod then give Spiceworks a go. Its very good.

    Netdisco - brilliant if you have a lot of CDP talking network gear. Bit of a pest to get the dependencies sorted out at install. A doddle to use and maint free.

    WireShark, nmap - Windows versions are available - compulsory if you go anywhere near a network

    Gentoo Linux - mmm compilers n USE flags. Funnily enough my smart new laptop can update itself faster from source code than many Windows update sessions I endure! LibreOffice in an hour and a kernel compile in a fag break. Of more use to the usual mob around here - grab a copy of the System Rescue CD. It will save your bacon one day, even if its simply resetting a forgotten Windows password. That's as close as many will want to get to Linux, but just get it.

    Exim, ClamAV and SpamAssassin. Right, that's email sorted. All of that will run on Windows incidentally. Exim can be a bit tricky to set up. Just Goo-Bing-Hoo for a recipe. It can do things with email routing that is amazing. Great to put in front of the usual corporate mail systems thing and rather handy for migrations from one to another system or corp mergers.

    Security Onion - it's big and very clever. It will eat disc space if allowed but is a neatly packaged IDS/IPS etc. Expect to spend some time tuning it though.

    Graylog2 + ElasticSearch + Logstash. They are all a doddle to install. Logstash can take some configuring. Use nxlog on your Windows servers and send their events using GELF to Graylog. Graylog etc running on my desktop PC (it was top of the line five years ago) for eval ate our external router's Netflow output plus a couple of DCs event and a slack handful of other Win servers plus a mail log and our telephony server logs and Squid logs. Well you get the idea. I run X Windows and KDE on top of that with no slow down. Oh and the query speed is phenomenal. I got up to 40 million records and queries still run in a very few seconds.

    FreePBX distro. I can jimmy up a telephone exchange in a VM in under 30 minutes from slapping in the ISO. That includes external trunks and a handful of extensions.

    pfSense - it's an amazing firewall, router and VPN concentrator. Works nicely in a VM.

    Pretty much everything I've mentioned here is Open Source.

    Cheers

    Jon

  9. Anonymous Coward
    Anonymous Coward

    tools or suites?

    nmap

    telnet

    netcat

    tcpdump

    bash

    gcc

    What it sounds like you are talking about is not really tools that you can grab, but more like something that you'd want installed and monitoring the network/services. Icinga version 2 is looking pretty nice. Packetfence is nifty software. OpenVAS can help as well.

  10. dan1980

    Tools

    On the hardware side, I always try to carry:

    • Cisco console cable
    • USB/serial adapter
    • A laptop USB KVM switch ('Crash Cart')

    For software, beyond those already mentioned, I am always digging up:

    • Process Explorer
    • Process Monitor
    • DumpSec - mostly to dump registry permissions
    • Notepad++ - can be invaluable due to occasional weirdness with some Windows outputs - dump an icalcs output in Windows 7/2008R2 and try to read it in Notepad - eugh!
    • ForensIT User Profile Wizard Pro - $100 (AUD) was cheap for the time it has saved me
    • Treesize Free
    • Autoruns
    • Disk2VHD
    • NTBackup - installable on up to Win 7 if you have the right files; my USB stick also contains a text file with my instructions for doing this - I never remember*.
    • All current Windows Service Packs - many a problem has been fixed quickly in that fashion
    • Current - or close to - ATI and Nvidia graphics drivers. Less commonly used now with Intel graphics but the downloads are usually pretty large so having them handy can save time.
    • Civilization II - progress bars make for poor company through a long night.

    * - That's a good point, actually (if I do say so) - for seldom-used tools, I often save some instructions to my USB drive to help in those instances where Internet access is affected and thus I find myself sans-Google. It's as easy as just saving the HTML page - usually sufficient to get you through.

  11. G Olson

    Where's the sysadmin work?

    Trevor I understand the bulk of your work is smaller organizations which cannot have a FTE specialist for every function -- but; I don't see a lot of sysadmin work and/or tools. I see Systems Security I/II/III which in the SMB is very likely a function of IT; but is it as responsibility of IT? Business owners and management foisting security off on the SysAdmins because they are too lazy or cheap. Sure IT can install the security systems; but IT should not operate nor be responsible for their function.

    Business Assets management which is a function of the Financial/Operations management which too many IT people have allowed the Business to foist off on the continually overburdened SysAdmin. Ain't nothing technical about counting assets.

    Now I have eliminated half your list.

    One of the most important monitoring tools of the sysadmin: the random walk and talk. Take a break from staring at the screen and use that all access pass to wander around and talk to people. Go to those company meetings everyone can avoid if they have to; then BS afterwards in the hallway. Openly and calmly discuss with some schmuck who using the latest, coolest Cloud-Stores-My-Department-Data, or this app lets me share all my data all the time with my whole team instantaneously -- and the entire world, or other such technical cockroach. Never ever get excited or confrontational or question their use of said tool during the walk and talk. Just smile, return to your desk, search for all other instances of Things-Which-Should-Not-Exist, and take appropriate action.

    Tech toys only get you so far; people are the problem.

  12. dan1980

    Hey Trevor - what's with all the mod deletions?

    1. Anonymous Coward
      Anonymous Coward

      Re: all the mod deletions?

      I recall (not entirely clearly) that at one point I refreshed to find almost every post mod deleted, so perhaps there was a gremlin of some kind, and recovery was only partial. I don't recall thinking before then that there was a lot of spam/abuse etc that might have led to it.

      1. dan1980

        Re: all the mod deletions?

        Actually, looking through, it seems they are the posts (and replies) where Trevor elaborated on the situation with GFI and this article.

  13. Anonymous Coward
    Anonymous Coward

    Thoughts...

    Trevor, for the small business space (where there are fewer economies of scale to be had unless you already have a plethora of clients) are there any specific recommendations you would make? I know of a couple of small business owners who I know for a fact have jack-all in the way of backups, little to no protection from anything (intrusion, virus, spam etc) and free-for-all windows setups (isn't full admin so much easier?). I'm thinking perhaps introducing a small server unit such as a HP Microserver hosting CentOS/ClearOS or similar hosting proxy, files and other monitoring services to try and get them a little more resilience. Cost is always a key function here as we are talking <10 employees at present. Anon because with their setups they need to be too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like