Sunday, July 8, 2012

How to secure an inbound policy with a secondary user authentication

 

It is possible that you’d want to allow access to an inbound “service” that needs authentication before you actually hit the service it’s destine for.  Lets say you have a web-server on the inside of your firewall.  It has semi-private data on it, that you can’t easily secure with the web-application.  Maybe you have a situation where you just want the service to be protected with a pre-authentication so brute-force against the web-application won’t work correctly.

Here’s how:

  • Create your VIP – If you don’t have one.
image_thumb

    config firewall vip

    Enter into VIP
    edit External_HTTPS_T11443_w1 Name 1st VIP (I uses _w1 because you could create multiple for multiple WAN connections)
    set extintf wan Set External Interface
    set mappedip 10.11.3.254 Set Internal IP
    set portforward en Enable PAT
    set extport 11443 This is your External Port to Access GUI (I suggest not using 443)
    set mappedport 443 This is the Internal Mgmt Port (443 is default)
    End End
  • Create a local user account – You could use LDAP if you wanted, but not covered in this tutorial.

image

config user local Enter Local User Creation
edit allow Enable the Account
set passwd SecurePassword Set a Secure Password
end End to save
  • Create a group to use for policy

image

config user group Enter Group Creation
edit ServiceAuth Name the group
set member “allow” set the members, “allow” is the local account create previously
  • Config firewall policy - If you don’t have one.

image

image

    config firewall policy

    Enter Firewall Policy Creation
    edit 0 “edit 0” creates a new entry after the biggest number.
    set srcintf wan set the Source Interface (wan) in this instance, probably a port or wan1/2 for you
    set dstintf InternalSwitch set Destination Interface (InternalSwitch). Likely a port or internal for you.
    set srcaddr “all” Set your Source Address. This is the group you created in previous steps
    set dstaddr “External_HTTPS_T11443_w1” Set your Destination Address. This is your VIP Group you created earlier
    set action accept Accept the traffic
    set identity-based enable Enable the ability to do Identity Based
    edit 0 Create next ID
    set schedule always Set schedule
    set logtraffic enable Set logging of traffic
    set groups “ServiceAuth” Set the group (Created earlier)
    end End the Identity policy
    end End the Firewall Policy Save

How to use this new policy

  • Regardless of service needed, port forwarded/authenticated or any other application using this policy, you must first authenticate to the firewall before using it.
    • It is extremely important that you authenticate using HTTPS and not HTTP.  Otherwise, your credentials pass in the clear.
    • Ex. if protecting RDP, you have to first go to https://ExternalIP:3389 and login with the local/group that is allowed into the policy
    • Once you authenticate, you can then RDP directly into the ExternalIP
  • Once you authenticate, the authentication timer is started.  It is possible you’d want to extend this
    config user setting Enter the User Setting
    set auth-timeout 240 Set the timeout in minutes for 4 hours, 480 minutes is the max.
    end end and save

Friday, July 6, 2012

Securing down your FortiGate UTM appliance

 

Securing it for a Static IP

If you have a Static IP or group of Static IP’s that you use to connect remotely to your Fortinet device, there is an easy way to map external services, secure it down to a group of subnets and allow only a few IP’s to remotely manage the firewall from the Internet.  There are other ways, this is my favorite with the most amount of control and logging available for the remote connections.  Let’s get started.

Scenario (My Setup)

  • WAN IP = Dynamic (wan)
  • LAN IP = 10.11.3.254 (InternalSwitch)
  • Internal Management Port (HTTPS) = 443
  • Internal Management Port (SSH) = 22
  • Trusted External Subnets =
    • 12.166.20.0/23
    • utm.doesntexist.com (DynDNS)

 

Let’s get started with a Dynamic or Static IP

  • Log into firewall
  • Create a new VIP for HTTPS Access
  • image

      config firewall vip

      Enter into VIP
      edit External_HTTPS_T11443_w1 Name 1st VIP (I uses _w1 because you could create multiple for multiple WAN connections)
      set extintf wan Set External Interface
      set mappedip 10.11.3.254 Set Internal IP
      set portforward en Enable PAT
      set extport 11443 This is your External Port to Access GUI (I suggest not using 443)
      set mappedport 443 This is the Internal Mgmt Port (443 is default)
      next Next to start SSH entry, end to not setup ssh
  • Create a new VIP for SSH Access

image

edit External_SSH_T11022_w1 Name this VIP, using _w1 to separate multiple WAN connections
set extintf wan Set External Interface
set mappedip 10.11.3.254 Set Internal IP
set portforward en Enable PAT
set extport 11022 This is your External Port to Access GUI (I suggest not using 22)
set mappedport 22 This is the Internal Mgmt Port (22 is default)
end end to save
  • Create a VIP Group

image

config firewall vipgrp Enter VIP Group Entry
edit ExternalManagement_w1 Create a group for the External Management using _w1 to define the one for WAN1
set interface wan Set the Group’s interface (wan) in this scenario
set member “External_HTTPS_11443_w1” “External_SSH_T11022_w1” Add the two members to the group
  • Create address object for trusted IP

image

config firewall address Enter Address Creation
edit “TrustedSubnet_1” Call this what you want, but you are creating a name for this trusted IP
set subnet 12.166.20.0/23 Add the trusted subnet
next or end Next or end to create more
  • Create address object for trusted FQDN

image

config firewall address Enter Address Creation
edit “Trusted_FQDN_1” Call this what you want, this is a trusted FQDN example
set type fqdn Setup a type FQDN
set fqdn “utm.doesntexist.com” Add your trusted FQDN
  • Create address group object

image

config firewall addrgrp Enter Address Group Creation
edit “Trusted_Remote_w1” Create a group name for Trusted addresses on w1
set member “TrustedSubnet_1” “Trusted_FQDN_1” Add members to the Group
end End to save
  • Create new ExternalAdmin account

image

config system admin Enter Address Group Creation
edit ExternalAdmin Create your ExternalAdmin Account
set accprofile super_admin super_admin is a full rights admin, but I suggest creating a restricted user for External Access
set password SecurePassword Change SecurePassword with a secure password
End Save and create new Account
  • Lockdown admin to local subnet only

image

config system admin Enter Address Group Creation
edit ExternalAdmin Create your ExternalAdmin Account
set accprofile super_admin super_admin is a full rights admin, but I suggest creating a restricted user for External Access
set password SecurePassword Change SecurePassword with a secure password
End Save and create new Account

 

  • Create firewall policy
    image
  • config firewall policy

    Enter Firewall Policy Creation
    edit 0 “edit 0” creates a new entry after the biggest number.
    set srcintf wan set the Source Interface (wan) in this instance, probably a port or wan1/2 for you
    set dstintf InternalSwitch set Destionation Interface (InternalSwitch).  Likely a port or internal for you.
    set srcaddr “Trusted_Remote_w1” Set your Source Address.  This is the group you created in previous steps
    set dstaddr “ExternalManagement_w1” Set your Destination Address.  This is your VIP Group you created earlier
    set action accept Accept the traffic
    set service “HTTPS” “SSH” Set the two services you need.  These are the “internal” services and not the external.  If you management port is not standard you may need to create a service object for this.
    set logtraffic enable Enable logging for your sanity.
    end  
 

This will in effect do the following:

  1. Allow the default “admin” to only login from inside the network
  2. Create a new user for ExternalAdmin of the firewall
  3. Create 2 VIP’s to allow inbound mapping for alternative ports to the inside management ports
  4. Allow you to ping the firewall from anywhere
  5. Trust just a few IP/FQDN’s for remote management
  6. Log traffic accessing the VIP
  7. Apply inbound UTM if you wanted, not in this tutorial though

To use this you will want to either:

  1. To use web-management, use the IP of the External Interface to use
    1. https://externalIP:11443
      1. Use DynamicDNS to “find easier”
    2. Putty via externalIP:11022
  2. Login with ExternalAdmin and password

Hope this helps you create a secure access method to your firewall. 

 

Enjoy!

Monday, February 20, 2012

Bit Torrents Killed My Internet, but not My Internet Connection.

 

Wazzup:

Ok, so I have this small fascination with having downloaded the Internet, so in my life, I have found that Bit Torrent used in a semi-legal way is a great tool.  Since I’m paying more child support than what any child needs, I have to cut where it doesn’t really matter and TV is the start.  So between watching lots of ROKU and downloading/watching TV shows/movies… I have found that I can pretty much watch anything anyone else does, but it might be a day or so later.  Not to mention listen and play whatever I want, but that’s a different story. 

The Setup:

Charter was gracious enough to give me one heck of a deal to replace my outdated worn out 5mb ATT DSL Line (though it was one stable and reliable services… Thank you ATT).  I spied Charter for a long time and found a deal I couldn’t go wrong with, $50 install, $200 modem, $200 rebate on Modem and $50 rebate on install, with a $29/mo fee for a whopping 40Mb/Sec, of course that’s only for 6 months, then its $50/mo, which is what I was paying ATT for.  Nice deal on my side and I get +35mb/sec for about $2/mo.  WOW.

The Issue:

Trying to update large list of torrent files with some “friends” I started to notice that once I changed to charter I could either surf the Internet OR download torrents.  At first I didn’t quite catch what was going on, as I figured it had something to do with the speed I had and how much I was downloading, but it started to be a PITA so I decided to tackle the task of finding out why if uTorrent was running, I had to pause them to browse the Internet.  So just to get some keywords out there: Can’t browse the Internet while uTorrent is running on Charter Service with Motorola Modem but pings and other devices and/or computers work just fine.

Research:

So as any good person that knows how to Google, I started with some generic Google searches. 

Some people were complaining about the same thing but most blamed the modem or the router.

So I decided to rule that out, I’d remove my Router and just plug into the modem.  At the same time, I’d connect a laptop (2nd computer) and just verify that it couldn’t be the modem.  So I fire up the laptop, my phone, a tablet, another phone and connect to the wifi.  Then on my desktop I fired up uTorrent then WHAM… Desktop looses IE (started to think TCP) connection but the rest of the computers were just flying.  Not the modem, if it was going to be the modem, my other devices would have died also.

Some people blaming uTorrent.

Not really wanting to leave uTorrent (as it was required for one of my “friends” sites) I found another compatible torrent program.  qTorrent, surely it’s something with the torrent program…. Right?  Well after learning a much less featured and slower program (man qTorrent takes forever to load), I was surely surprised to find that it was the program.  Here we go with the real tech work.

Some posts pointed at the TCP sessions were being exhausted.

This is a fair statement.  If I were to give one session/files (not torrent).  The program would surely use over 65,000 connections.  So off to the CLI.

nbtstat –an

Not really an impressive number came back, so I put that idea on the back burner, though it made sense.

Finding it was a TCP session issue… A breakthrough?

I don’t know if it was any sort of breakthrough, but it was however a great way to start testing and find when the issue happened.  But how to test a TCP session?  Pings always worked, even when the Internet was running, but that’s ICMP and Bit-Torrent kept running, but that’s UDP traffic.  For those that don’t get this part, skipSmile  So I figure if the UDP works, ICMP works, then TCP has to be the issue.  Found this nice little utility here, big thanks to Eli Fulkerson!  This tool allowed me to start a continuous "ping” to a TCP port, which I used 80 and 3389, just to make sure it wasn’t an issue with HTTP browsing but more like an issue with TCP connections.

Sure enough, it was a TCP session issue where once uTorrent, now qTorrent started, it blocked all TCP sessions, but why?

How to diagnose TCP Sessions and why they were failing.

Using Netstat –abn and Resource Monitor built into Windows 7, I found that there were no obvious issues.  Back to the research board…

Tweaking TCP for broadband….

Surely this was it, it made so much sense.  I get faster Internet, I have more bandwidth, it has to be TCP settings to low for my new bandwidth (NOW… AFTER ALL OF THIS, IT DOESN’T MAKE AS MUCH SENSE, but I was desperate)  I used this utility here TCPOptimizer. Had some nice settings some seemed legit, so after a reboot, I fired up my test (which had become, TCPPing, qTorrent and 3 minutes of waiting at this point).  And WHAM… it works.. yay, I’m at 3 minutes, still working, 5 minutes… Still working.. YAY, I’m about to write a nice UTM blog on this until… Death to my TCP.  So maybe that didn’t fix it.  I’ll leave the boring tweaking settings out of this blog, because it’s already long enough, and IT’S STILL NOT FIXED.

Maybe some Crazy Filtering/RST bomb from Charter?

I started to think maybe this was some reverse attack against P2P traffic.  It didn’t’ make much sense, but… either did anything else.  I found this site that confirmed they don’t much care…. on to the next idea.

I got it… Ethernet Driver

Of course, I’m such an idiot… It’s an issue with the Ethernet driver, I have to update it, that will fix my world.  The driver had to be at least 6-12 months old, I’m running a new bit-torrent client… yadda… yadda.  That’s it, my driver was almost a year old, of course… Download, Install, Update, Reboot, Wham… Bam… Damn, that wasn’t it. 

Dedicating my upcoming life to fixing this issue… ONE WAY OR ANOTHER.

Ok, it didn’t take that long, but I had decided that this was a me against the machine.  Nobody on the Internet had a clue, forums were spread with similar, less technically detailed questions, with the same answers I’ve tried 5 paragraphs up.  So, if it took me a case with Microsoft (yes I’d have thrown a Microsoft Partner Case at it), I will do it.. DAMN IT!

The Fix (almost but not quite):

Starting from what I know

I know that it has to do with TCP Sessions, I know it has to do with running bit-torrent applications and I know there are no logs or known signs of the reason it was failing both on the routers and computer… That was just about it.

Lets go from what it’s not

  • I know it’s not the version, application, driver, etc…
  • I know it’s not the router being “junk” like I kept reading
  • I know it’s not my version of Windows being corrupt (ran SFC /scannow)
  • I know it’s not possible this is happening to me, I am IT.

The start of thinking and breaking into this is critical at this point.  My sanity depends on it.

Time to consult my consultant… You might know him as Yarbi say what?, but I know him as a super smart dude I respect and we both bounce ideas off each other to come up with some real good solutions to real world scenarios (not all technical).  We are still working on Vacation Return Policies.

New network card… This should rule a lot out

After talking with Yarbi over lunch, I decided that it almost had to be my Network card.  It was really the only thing that made sense.  Yarbi just happened to have a decent PCI 100/1000 NIC that was sitting on his shelf.  I must borrow. 

Installation… I noticed this was another Realtek card, but heh, what can it hurt.  Reboot, change the patch cable.  BAM, (Like it blew up).. NOGO, back to the drawing board.

The Fix.. Yes a FIX

I really hope this helps someone out, going to quickly outline the issue, what I know it is not and what the fix was.  This could possibly apply to many routers, but the screenshots I’m going to include are from a Motorola Surfboard.  Having seen lots of modems in my IT history, I know this setting is on A Lot of them.  I hope this helps.

  1. Issue with TCP connections, including HTTP when Bit Torrent Application running.
  2. ICMP (Ping) and UDP (Bittorrent) are not affected
  3. It only affects the computer bittorrent is running on, it does not affect the other devices on the exact same network and Internet connection.
  4. Drivers updated and no virus present.

Drum Roll…

Accessing the Motorola Surfboard modem.

image

There it is.  The two options in question were:

  1. Port Scan Detection
  2. IP Flood Detection

Disable both, make your screen look like this and it should resolve your issues.  I really hope this helps someone out there!

It all makes sense.  Damn, why didn’t I think about this 16 hours ago.

 

Post Analysis

Now that we know the issue was Port Scan Detection and/or IP Flood Detection.  What do they do.  Do we need them?  Why turn them off?  Why does Bit Torrent trigger these.  Well here we go, from my Security Mind.

Port Scan Detection (disable)

This is defined as: “Port Scan Detection detects and blocks port scan activity originating on both the LAN and WAN”

What does this mean for P2P apps?  Well, P2P creates a lot of outbound connections to multiple destinations, those destinations return the favor and then some by trying to spread the joy of P2P (the reason it works).  This quick spread of P2P reconnects look like a Port Scan because of the large quantity of return ports that each destination returns.  Also from the inside it is possible that the P2P application is triggering it due to the large quantity of ports is uses to communicate, but it is more likely on the WAN side.

IP Flood Detection

This is defined as: “IP Flood Detection detects and blocks packet floods originating on both the LAN and WAN”

But why does P2P trigger this effect, well, it’s really likely that the either LAN or the WAN could be blocking these large quantities of P2P connections that connect to many sources, seed in many directions and just plain out look like a flood of IP type traffic.

So why does UDP, P2P and ICMP work.

UDP is connectionless and would be very hard to close a connection with, it could be denied but the way I was testing UDP was with the P2P client, which would have had connections to the destination servers before the protection kicked in and dropped the new connections, but… it is also possible that the firewall can only truly block TCP sessions, I don’t  really want to spend hours figuring this out, there is likely some manual or blog about this, I just haven’t found one.

 

Enjoy, now I can surf and P2P all at the same time… YAY!

Thursday, September 8, 2011

Exchange 2007 to Exchange 2010 Public Folder Migration

This Episode

This episode of UTM comes from a recent experience when migrating a customers HUGE public folder database during an Exchange 2007 to 2010 migration.  Doing it manual wasn’t a solution and how I pulled if off, way to easy.

The Delima

This customer had WAY too many public folders to go in and manually create the boring task of manually tying the replication together.  So I thought back to this great PS1 script that had so much promise.  I went in, ran the script, it ran w/o issue.  Waited several hours, no such luck.  So I sat down this morning and said to myself, there has to be a way to do this and I put my mind to sitting down and working on it.

The Stage

You must have a working Exchange 2010 and built a Public Folder Database on the new server. 
EXCHMB01 = Exchange 2007 Mailbox Server (Old)
EX-MB-01 = Exchange 2010 Mailbox Server (New)
Moving from Exchange 2007 to Exchange 2010.  If you didn’t read above!

The Solution

My PowerShell skills are a 7 out of 10, so there may be a few steps that are easier that I make them, but this is how I did it and it worked, so here we go.

Setting the stage

To make life easier and to make sure that I named things correctly, I used a bit of manual configuration for the first step.
  1. Open EMC (Exchange Management Console)
  2. Open toolbox then open “Public Folder Management Console”
    1. image
  3. We are going to quickly add a manual entry to one of the Public Folders to make it easy to copy and paste DB names and Paths.
  4. Rt. Click a folder on the Right Pane, Click Properties
    1. image
  5. Click the “Add” to add all of your Replicas.  For this instance I have an old server EXCHMB01 (Ex07) and a new Mailbox Server EX-MB-01 (EX10)
    1. image
  6. Now for the fun part.  Like I said these steps might be easier from a CLI, but this way, I can know for sure, just in case not all my Mailbox Servers are Public Folder Replicas.

Setting up the Replicas

  1. Open the ESM
  2. Run the following:
    1. get-publicfolder -recurse |fl Name, Replicas
  3. You will get a full list of all your public folders, find the one you edited in “Set the Stage”
    1. image
  4. Copy the “Replicas data to your clipboard, we will use this for 2 steps.

Making all folders a replica to the new and old server both (For Migration)

When migrating, you temporarily want all data on both Public Folder Databases, so that users in both environments work, using replication to replicate the changes.  So I always setup replicas so that can start replicating as we complete mailbox and other migration tasks.
  1. Open ESM
  2. Run the following:
    1. get-publicfolder -recurse | set-publicfolder -replicas "EX10_PublicDB1","EXCHMB01\Public\Public Folder Database"
  3. It is VERY important to notice 2 things here.  From the copy and paste, you will get {} and will need to put quotes between the databses.
    1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db
  4. Wait, this will take awhile to run, pending on many things.
  5. You will get some error about “/” can’t be set, that’s fine.
  6. Run the next step to replicate the System Folders
    1. get-publicfolder "\NON_IPM_SUBTREE" -recurse | set-publicfolder -replicas "EX10_PublicDB1","EXCHMB01\Public\Public Folder Database"
  7. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
    1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db

Checking your work

  1. Simply run the following:
    1. get-publicfolder –recurse |ft Name, Replicas –auto –wrap
    2. get-publicfolder “\Non_IPM_Subtree” –recurse |ft Name, Replicas –auto –wrap

Removing the Replicas

Once you are done with the Old server and ready to Decommission the old server, you need to remove the old server from the replica list.  To do this you just modify the above syntax how you added them to remove the old server
  1. Open ESM
  2. Run the following:
    1. get-publicfolder -recurse | set-publicfolder -replicas "EX10_PublicDB1"
  3. Notice the missing old server!
  4. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
    1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db
  5. Wait, this will take awhile to run, pending on many things.
  6. You will get some error about “/” can’t be set, that’s fine.
  7. Run the next step to replicate the System Folders
    1. get-publicfolder "\NON_IPM_SUBTREE" -recurse | set-publicfolder -replicas "EX10_PublicDB1
  8. Notice the missing old Server!
  9. It is VERY important to notice 2 things here. From the copy and paste, you will get {} and will need to put quotes between the databses.
    1. So make sure to edit the part after “Replicas” to Quote and Separate with a comma, each Replica has to be comma separated with quotes around the db

Checking your work

  1. Simply run the following:
    1. get-publicfolder –recurse |ft Name, Replicas –auto –wrap
    2. get-publicfolder “\Non_IPM_Subtree” –recurse |ft Name, Replicas –auto –wrap

Conclusion

I’m not really sure why this was so hard to find, but the solution is pretty simple.  There are other ways to inject the server names, but for a novice to use this guide and with them possibly not knowing where their Public Folders were located, I wanted to show the GUI part and then the commands using copy and paste on how to build the Replicas.

I hope this helps someone and somebody out there thinks… UTM.

Friday, August 12, 2011

My Experiences with OCZ Technology SLD3-25SAT3-120G

 

Doing a little review here, I have an older Acer Laptop.  It’s about 3 yrs+ old, and was one of the first dual core laptops on the market.  When I bought it, I had to wait for about 9 weeks for it to come out.  I have a docking station and I have very little trouble with it.  I replaced the hard drive when I started a new job in 2010 and it’s done nothing but get slower since.  I always noticed that when I was noticing the slow down, the Hard Drive (HD) light was lit solid.

So I’ve been eye-balling SSD drives.  They seem quicker and the fact that there isn’t a spinning platter in a mobile device really sold it.  After lots of research, I decided on the OCZ Technology SLD3-25SAT3-120G from Newegg via: Newegg.com

The disk looked very fast, was compatible with SATA2 and would last until I received my next laptop that will for sure have SATA3 in the next year or so.  So after ordering the drive, I decided that I had WAY too much on my laptop to reload so a clone it was.

Review starts here:

I received my drive, unboxed the Newegg box, to find a sexy little package that was almost like an envelope.  Opening the box I find this sexy little drive that was super light and was build decent enough:image

This Looked semi-normal and not much to the outside.  But of course I bought it for the insides.  And don’t think if that “Warranty Void” sticker wasn’t there, I wouldn’t have opened it up.

On to the imaging.

Downloaded the latest Acronis, started a clone and when the clone finished, I shutdown my laptop, plugged in the new drive and started it back up, with a huge kid-like grin on my face.

First boot-up with the SLD3-25SAT3 was normal, lots of Hard Drive light activity and was able to boot straight into windows.  For the search engines, I have to type this out: Acronis Clone works to SSD Drive and Windows 7.

Windows 7 boots up, I login, it says new hardware.  I rebooted as requested.

Next startup.  The next startup seemed much quicker, but I was pulled away for a second to chat with a co-worker, so maybe it wasn’t, hard telling.  Logged into Windows, desktop pops up and once again says New Hardware found.  2nd Reboot on the way.

3rd start after cloning the drive with Acronis.  The BIOS post starts, Windows flashes, and WHAM.. I’m at the login.  Now let me explain a bit to you about this (Please read next section if you don’t care, there is a lot more that matters!).  When I usually turn my laptop on, it takes somewhere between 2-4 minutes to get to the point where my fingerprint reader is working properly.  If I want to login before that time, I had to actually type my password, then wait for what seems to be forever, for it to load Windows and my desktop.  This was not the case, it was ready to roll.

So, I boot up fast, it looks good, I start working and “playing” to see if it’s any faster.  And it was in so many ways, Outlook flying, desktop responsive, almost no HD flashing.  Opening local PDF files that were pretty large was near instant.

YAY for me, new laptop…. Well…. Almost.

Going along about 15 minutes..> BSOD, Blue..Screen…Of….Death.  Reboot and back we go.  After analyzing the dump, it was for sure something HD related.  I go home for the night and computer locked up when I return in the AM.  Time to switch HD’s back or WTF.

So off to the Forums, and I hope if you have this issue, you may have found me here.  I find where there is a newer firmware and even though they are unsure what causes random BSOD for different people, they suggest the upgrade. 

Now here is the kicker:

You can not update the firmware of a Hard Drive you are using.  You must either boot to a boot CD or load the firmware via a computer booted to another hard drive.

So, I finally found a boot ISO as I didn’t want to take my laptop apart again, I found via: Guide Latest version numbers for the Vertex3-Agility3-Solid3 drives

I personally downloaded the latest ISO, booted the computer and followed the prompts to update the firmware.  It was successful and life is good.

I want to tell you what.  After about a month of using this new drive, I’m not sure I could go back to a normal drive, at least on my older laptop.  This thing flies and I’d put it up against most any laptop for most any daily activity that normal and power users do. 

So my thought, 100% worth the $200 for the drive. (Period)

If you have a laptop that is decent, has SATA2 interface and just has a lot of hard drive activity, try this.  Nice thing is that you can move this drive right into your new laptop, do a repair and you have one hell of a SATA3 processing machine.

Thursday, August 11, 2011

18 year sentence for Wi-Fi Hacking… Say What?


So I ran across this article Wi-Fi-hacking neighbor sentenced to 18 years - CNN.com as I was surfing through the news of the Inter-webs.  At first sight I was like WTF is going on here.  A dude hacked his neighbors Wifi and ends up with 18 years prison.
So here’s the deal and I must say, I’m not sure 18 years is enough for this one.
Matt and Bethany Kostolnik had reported to police that their neighbor, Barry Arndolf had kissed their 4-year old son on the lips.  Police show up, tick the neighbor off, not enough information to press further charges.
Barry Arndolf reads a few guides (a few have been some personal favorites myself) on “How to Hack WIFI”
Barry reads up, starts hacking at his now hated neighbors.  Once inside their network, he hijacks yahoo e-mail accounts sending some hate and death threat letters to people like Joe Biden and other figures that have big guys in black suits that care.
Barry continues to plant child porn on the users My Space and work e-mail addresses.  He even went to the point of sending the poor neighbors copies of their tax returns, just to show that he had possession of everything.
So this guy only gets 18 years, seem not enough, probably ruined the Kostolnik’s life.

So at this point, I’m going to write a nice article on how to use a Fortinet to protect you from this crazy work. 

Will be working on this very soon, “How to secure your WIFI router from external users”  This should help you if you ever have a chance to live next to a total crazy bastard that has some reading and IT skillz.

Wednesday, August 10, 2011

OPFacebook–Project Hack Facebook by Anonymous because Facebook sells and shares “private” data.

 

OK, so I wish I could get a poll going but how many of you readers out there think that launching a slimy Distributed Denial of Service (DDoS) attack against someone is actually a “hack”, but the group “Anonymous” looks to be loosely organizing an attack against Facebook because they feel that Facebook “Sells user information and data to government agencies and security firms”.  Now disregard that comment if they pull off a nice site defacement hack or prove some big security hole that will legitimately hinder the company.

Now here’s my beef.  If a government agency wanted some sort of data from Facebook, nobody can stop them.   A judge signs a warrant, the FBI/Other Agency serves the warrant to the company, the company must do ‘it’s best” to provide any information that was described in the warrant.  These warrants can be obtained quickly and using the USA Patriot Act, so would it really matter if they gave it up willingly? 

Regardless if they do this or not, why attack Facebook for it.  Are they just bored?  Trying to make some news?  From the reports I’ve read, it seems that the followers are limited at best and I’m unsure if they could actually pull it off, though they’ve DDoS some major players in the Multi-Tier WAN environment. 

Though I am really interested in what these Facebook junkies will do if the page times-out.  I mean watch out Charter/ATT tech support… The Internets are broken.

Resources the Peak my Interest for this Article:

Hacker group vows to 'kill Facebook' - CNN.com