If you have remote offices (even internationally) and need remote hands support, consider using one of the consolidaters such as Crater Communications (http://cratercommunications.com).

Essentially you hire/pay Crater to find a qualified resource in the local area. Billing rates are the same or less than you would be able to find on your own, and it removes all the time/hassle involved in locating local resources on your own. All your disputes are handled centrally and if you’re not happy with the on-site staff assigned to you, Crater will find someone else.

These guys are especially good at finding emergency staff and can have someone on-site in under 4 hours almost anywhere in the world. Your mileage may vary.

If you have PCI requirements or just want to have a consolidated host based IDS system, you should check out OSSEC at http://www.ossec.net

From their website: OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.

It’s open source and available for free. There’s commercial support available for a fee.

I was reminded today of the Zeltser Cheat Sheets – short documents to walk you through the details of a particular topic like malware analysis or or indident response. Check them out at http://zeltser.com/cheat-sheets/

I also like the networking stack cheat sheets put out by Packet Life… check them out at http://packetlife.net/library/cheat-sheets/

See http://www.pcmag.com/article2/0,2817,2356618,00.asp to read about why Google has decided to provide DNS services similar to OpenDNS.

Point your DNS Forwarder to 8.8.8.8 and 8.8.4.4 to try it out. Be aware this, like most things Google, is currently “experimental”.

Save the Date: Tue. Dec 1, 2009
The next Sea-Tug meeting will be held TUESDAY, DECEMBER 1st at 6pm at the Hilton Garden Inn in downtown Portsmouth.

Topic: Data Classification and Audit Reporting. What data classification is and why you need to care.

How do you report file access to your auditors?
Do you know where your Confidential, PII, PCI, HIPAA data is located?
Do you know what your sensitive data is?
What users and groups have access to sensitive data?
What users and groups are accessing sensitive data?
Where is sensitive data most at risk?
Which of my sensitive data is not being used and can be archived or simply deleted?

Meeting Location:
100 High Street, Portsmouth, NH, 03801
Directly across from the parking garage
Plenty of street parking available (meters run until 7pm)
Or you can park in the garage for 75 cents/hour
The Hilton has a full bar and kitchen (open until 10pm) on-site

Need a quick lookup of SQL commands? Go here: http://www.sql-tutorial.net

NetApp is giving away free copies of the new book “Windows Server 2008 Hyper-V: Insider’s Guide to Microsoft’s Hypervisor” co-written by local MS New England rep. John Kelbley.

Go here before November 20th: http://www.netapp.com/us/forms/us-can-200908-hyper-v-book.html and fill out the form. They’ll be mailing the books by Novemeber 30.

Hey-hey… Microsoft has released “Security Essentials” – their new free antivirus/anti-malware tool.

This is the replacement for Onecare and Defender (and I assume for the Malicious Software Removal Tool, too). Seems like MS can’t figure out what their strategy is, or can’t stick to it.

This certainly isn’t an attempt to provide an enterprise-level solution – it can’t be managed via GPO and has no central console.

Either way, this looks like an OK product – certainly a viable alternative to AVG, anyway. It does require a “genuine” OS and XP SP2, Vista, or Windows 7 (so if you’re still on 2000 or an un-servicepacked XP, you need to look elsewhere).

What do you think? Will you try Security Essentials? Will you recommend it to your friends and family for free protection? Will you install it on your own throwaway machines and partitions?

This is a great video on how to use the new process monitor (replaced regmon and filemon) put on by Mark Russinovich.

http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=346

Microsoft has revamped the MCSE credential for 2008. The certifications are now more role-based. There are new credentials for Microsoft Certified IT Professionals in the roles of:
- Server Admin
- Enterprise Admin
- Desktop Admin
- Enterprise Support Tech
- Consumer Support Tech
- Enterprise Messaging Admin

Each of the roles has several test requirements (at $125 each). There’s a surprisingly clear chart here.

For the Enterprise Admin certification, for example, you need the following:
- 70-640 – Windows Server 2008 Active Directory, Configuring
- 70-642 – Windows Server 2008 Network Infrastructure, Configuring
- 70-643 – Windows Server 2008 Applications Infrastructure, Configuring
- 70-647 – Windows Server 2008, Enterprise Administrator
and one of the following:
- 70-620 – Configuring Microsoft Windows Vista Client
- 70-624 – Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops