Dragons, Death Knights and Diversions

I am, as I suspected, running behind in posting a lot of things on here that I wish I would think to post but due to my constant busyness, I have not posted on here. So here are a few fun updates about what is keeping me busy as of late.

As usual, work has been keeping me occupied as well it should. With each project I find steering to completion, four more are placed on my plate. I am rarely bored at work, that’s for sure. My work with ADFS and Office365 is still hovering about and is being tested. I also have learned a great deal about Tomcat, Notepad++, and RSA technologies as I have been working on Multi-Factor Authentication. I am quickly becoming a regular genius in Active Directory as my work has required it. Rarely does my senior AD person have to hold my hand as he once did. He may give me a small kernel of info but the rest I have either found through research or through my own experimentation. I have also started examining some other things including corporate social networks and Microsoft Security Configuration Manager as it plays with MS SCCM. If you don’t know what those words have in common, Google it my good man!

On the personal front, I have been hooked in to George R. R. Martin’s Song of Ice and Fire Series. My eyes would burn at reading all the pages in the books of the series but thanks to Roy Dotrice, I simply listen to the reading when I am driving around in my SUV or working out at the gym. I learned that once you have ‘learned’ a basic task such as driving, your brain can usually process those activities in the lower part of your brain so listening to audiobooks works well because my brain can still comprehend the things being said while keeping me from wrecking into other motorists. I have now completed ‘reading’ the first book Game of Thrones and am well over halfway through the second book Clash of Kings. The series appeals to my RPG spirit with all the knights and sword fighting while still sprinkling in some mythical creatures such as wraiths and dragons. Yet it also appeals to my adult interest as there is a considerable amount of political intrigue, conspirators, and the like and yes… they aren’t shy about having some intimate encounters in it either…not that the scenes are particularly explicit. I have taken quite a liking to Tyrion Lannister, the “Imp” as he is easily the smartest person in the HUGE entourage of characters (and isn’t afraid to slap his whiny little nephew in the face) yet he still has a good heart and strives for what is more ethically right than most of the other main characters.

I also purchased the first season of the Game of Thrones HBO series on 1080p Blu-Ray as I am not wealthy enough to have HBO on my normal channels and thusly have no access to their coveted ‘HBO-Go’ service. I am only four episodes in to the 10 total of the first season but I find my opinions are a little mixed. The visuals of the Westeros world are STUNNING to say the least and 1080p only serves to enhance that. The storyline follows close enough to the book to keep me from disowning it but I don’t like some of the changes made.

First of all, they seem to try and squeeze more sex into a single episode than any other show I have seen. HBO or not, it almost seems to lose some creative value with all the boob shots thrown in for no reason and some of the sex scenes are far cries from the book – most decidedly the first sex between Dany and Khal Drogo. And why the heck did they even given Viscerys Targaryen a sex scene with Jiqui? That NEVER happened in the book and it doesn’t really fit the movie’s plot either. Go figure.

Second of all, they did not use the Starks’ dire wolves as strongly in the movie as they did in the book. I have seen Bran and Summer, I have also seen Sansa and Lady, and I have seen Greywolf with Robb but they appear only rarely unlike the book where they are the constant companions of the children. In fact, they showed Jon Snow’s Ghost ONCE when he was a pup and now Jon is on the wall, they still don’t show Ghost. He is so vital to the personality of Jon Snow that it seems wrong to leave it out. There is a brief scene with Arya and Nymeria but since you never see the wolf until that scene, you don’t care about her as much as the book makes you care about her. Also, I have not even seen Shaggydog and Rickon not that I really care about those two as much right now.

The third complaint I have is in regards to the ages of the characters in the book versus the show. They appear to have added 2 years on to all the children in the book to make the movie ‘more acceptable’. Why? Because Arya is 8 when the book starts and has a scene where she kills someone and therefore a 10 year old is slightly less scary for the public to consider. If you feel that way then why are you even watching this? It’s dramatic, it’s SUPPOSED to offend you sometimes. Sansa is 14 in the movie, presumably because the thought of offering a child as a wife to a young prince (aged 12 in the book, 13 in the movie) when she’s only 12 years old was a bit too much for the average public to deal with. The fact that Robb and Jon are more like 17 or so doesn’t really bother me that much because they act older in the book than their ages. However, I still just don’t like the fact that they felt it was necessary to make all the kids older. What does that really offer anyone else? Just a way to soothe any ruffled feathers I suppose.

Outside of watching and reading Game of Thrones, I have also been on a long break from my college. There was a mix up with my financial aid when the summer semester rolled around caused in part by my inability to dig through the website and partly because my college launched a completely different way to handle financial aid but didn’t give much notice to students about those changes. Either way, I have had some amount of free time when not working or trying to maintain house and have devoted that time to playing my old friend, World of Warcraft. I have finally gotten a character all the way through 3/4 of Outland and am only a level or two away from reaching 80 and heading to Northrend (yes I know that Cataclysm goes to 85 and Panderia 90 but I am not there yet). In the past two or three years since Wrath of the Lich King came out, I have never even made it all the way through the Burning Crusade expansion. I had tried but I always got sidetracked somehow. Now things are different and I expect to play up until at least Northrend (gotta get through Netherstorm first) before my Fall semester starts back at school on September 1st. Another thing I have done is I finally played a Death Knight! I had seen death knights everywhere since WOTLK came out but had never played one of my own, not because I couldn’t get a level 55, I have several of those, but because I simply didn’t have any real desire to try one. I first made my own version of Eddard Stark, aptly making him a human, frost-spec Death Knight. He was fun to play and I got all the way past the “Intro” storyline and was released to Stormwind but once there I found that I missed the fact that the mount I had was not a flying mount (something I had gotten very used to with my high level night elf hunter) and that the frost spec was not the best spec to play solo (I rarely play in groups). After some heartache, I found that I should have chosen Unholy spec and couldn’t afford to unlearn my talents. So, I started a new death knight, this time back to my old friends… the Horde… and made a Blood Elf Unholy DK. I have a LOT of fun with this character but also do not have enough for her to have a flying mount yet and that was truly what kept me alive in Outland so I am temporarily pausing that character. Since then, I started a Troll Warlock. Why? Because I have played every other race but troll and because I wanted to experiment with another solo playable character.

Beyond that, I have simply been too occupied with life in general to do much else fun. I have been doing my best to stay occupied with different activities that will ease the stress of having an 1800 sq ft. house with 8 people living in it. Granted, half of these people are less than 10 years old (and half of them less than 2) but they are still there, still take up space, and still have issues that often come home. I love being a father but it is tiring business and without opportunities to relieve some stress here and there, it becomes hard to be the kind of father I want and need to be. So, I find ways to escape the intensity on occasion so that I am somewhat rested when I must deal with it again. Thankfully, my wife is amazing and understands the challenges. I hope to update more on my blog as time goes by.

Checking in

As I suspected, my demands at my employer have become more and more intensive with each passing day but I look to this with excitement rather than frustration or concern as this shows that I am well needed by my employer. At this time, I have completed three classes toward my MS in Cybersecurity but I am forced to take a summer off because my student loans were not allocated properly to support summer semester. Despite this, I am not unhappy, I will certainly enjoy taking a break for three months as my family and I are in the dead heat of trying to get our current home sold and move to a larger home in the main par

ADFS is keeping me busy

I have been neglecting this poor little blog for some time now and that’s not really fair. I do have a good reason, though. You see, I started my job at a major oil and gas company in Dec. as a result, I have been trying to not only earn my stripes as a security professional (a hat I have worn but never full time) but also to meet the crazy deadlines a company like mine has in place. As a result, I have been devoting a great deal of time and effort to learning of a mysterious piece of software known as ADFS.

To those who are not part of a MS-Centric world, the ADFS server is really what a lot of MS folks have been getting excited about. ADFS stands for Active Directory Federated Services and is something that, although it has been around for several years,  has only recently started growing at such an alarming rate. The reason behind this is that Microsoft is using the ADFS software, a tool that allows you to essentially build a trust between yourself and an MS Cloud server (likely running Azure) or any number of applications that are ‘claims-aware’. The flagship product for using this new ADFS is the Office365 application which is what has been keeping me busy.

After successfully taking ADFS from the birthing floor all the way into what is not a production level test, I have become a small-time expert on the subject. I know all about tokens-aware and claims-aware apps, I am becoming familiar with the often curious ‘SAML” language or “Security Assertion Markup Language” which is used by various “Identity Providers” (software or servers designed to understand SAML) to send ‘tokens’ (little chewy bits of SAML code…basically SAML cookies) from the IdP to the Relying Party Trust (RPT). The program has been fun to learn and I can see a lot of practical uses for the application and what it is capable of. Now, if I can only teach myself more advanced Active Directory topics that were somehow completely absent from my learning and experience in other positions I will be doing just fine. At least then I wouldn’t feel like such a n00b but that’s the way things go when you are starting a new gig, right?

Keep on keepin’ on and so will I.

Reviewing the Logitech Revue

I have been a fan of having a multimedia HTPC for many years… much longer than it has become ‘chic’ to have one but it wasn’t until recent years that the TV technology and the hardware needed to run these services finally caught up with the mainstream market. In this market, we have the AppleTV, the Roku, Boxxee, and the GoogleTV. By and large, the Roku has the highest visibility in the mainstream market and those who are part of the cult of Mac are well familiar with AppleTV. The open source community is taking notice of Boxxee but it has only a minor hold in the appliance market. The last contender is the GoogleTV system which is deployed to various Sony TV’s but also released their appliance, the Logitech Revue which I finally decided to purchase with its nice $99 price tag.

Now, I should mention that a day or two after I purchased my device, Logitech made a public announcement that they feel that the Revue was a massive failure because it didn’t sell well in the Christmas market last year. I think they might change their tune now that the price point has dropped as my favorite vendor, NewEgg, was completely sold out of these devices so I made a deal with the devil and bought mine from BestBuy, rumor has it that they are quickly running out of stock on this device too. Perhaps Logitech should have been more patient? This year might be a real winner for this device as I have already been very impressed with this and I only opened it last night.

The Revue is a small footprint device, only about 12″ by 8″ and by all extents and purchases looks like little more than a black mushroom with green lights on the front. If you check out the back, you will find a power plug, an HDMI In, and HDMI out, two IR Blaster ports, an SDPIF port, an Rj-45 jack, and a Logitech Unifying receiver. The wonderful part about this thing, in my opinion, is the simplicity of it all. You don’t have to connect it to a spare port on your TV which is awesome since my HDTV only has two HDMI ports, one of which goes to my Blu-Ray player, the other going to my cable box. You simply place this device inline with your HDMI (cable from the wall hits your cable box, HDMI out of the cable box goes IN to the HDMI on the Revue, HDMI Out on the Revue goes to my TV), they even give you a nice HDMI cable with the box. Feed your revue a network connection either RJ-45 or my choice, 802.11g Wi-Fi, and the device takes care of the rest.

When I first booted this up, I went through a very simple series of set up screens including a GMail account to link it to, information for my Wi-Fi (the key and so on) and a few other things. It downloaded an update to itself after it got a live internet connection and then rebooted. Once it rebooted, it asked me to provide it with the Make/Model of my cable box, my TV, and my home stereo system as well as the provider for my cable service. After a few inputs, it knew everything it needed to pre-program the keyboard remote control included to control these device. No joke, it searched itself for the codes (like a universal remote would do) and within a few minutes, I could control my cable box, my TV, and my stereo from this nifty little keyboard/touchpad controller. The picture was crystal clear on my HD channels and the guide button on the remote does, in fact, open the guide on my TV but that’s just the beginning of this device’s ability.

I launched the Applications included (appearing in a slightly annoying but not horrible screen overlay) and set up my NetFlix account, my Pandora radio account, and had the option to do the same for Amazon (don’t have one of those yet), CrunchyRoll (same story) and many others. I also really liked that the thing doesn’t interfere with anything already setup on the box, it lets me access my DVR features from my cable box, it lets me easily switch tasks with very little issue and my wife likes the fact she can use the regular TV remote if she wanted to change channels and such.

So far, I am very pleased with this thing. I think Logitech made a bigger failure by deciding to drop support for this device as it will really be awesome if it sells out everywhere this year. As far as I know, Google itself has stated publicly that it will keep supporting this device even if Logitech doesn’t. So basically, I get two bonuses, the thing keeps working and I don’t have to deal with Logitech’s often annoying tech support team. Win Win if you ask me.

Wired and Wireless Security Best Practices

All organizations doing business in the modern world require some sort of network to support the operations of the organization even if the organization is a small local business. Regardless of the size of the organization, the data on their machines is one of their most prized possessions as it can contain everything from financial data to trade secrets can be kept resident on these machines  and must be secured (Caballero, 2009, p. 237). Although wired networks and wireless networks are rather different architectures, they share many similarities in how they are secured, therefore, this discussion will begin with the specific security practices that the networks share and then will expound on the more specialized needs of wireless networks.

In order to create a strong and secure network, the first thing that must be done is to establish a firm boundary at the physical level. The server room or data center should be offered as many physical protection methods as deemed possible by the organization. Some of these safeguards include: security officers, a visible authorization system (i.e. receptionist who checks IDs before allowing building access), a two or three level authentication system such as a user name and password, or a user name, password, and biometric check, and an auditing method (either paper or electronic) that logs access to the room or datacenter. If it is financially feasible, the company should also consider installing a closed circuit security camera system (Caballero, 2009).

Once a physical boundary is established, the attention should be shifted to focusing on the network boundaries (or perimeter). A firm line should be established between where the internet ends and the private LAN begins. Much like a building, the LAN should be protected by security guards that block the entrances and exits until the data has been authenticated. In order to accomplish this, the network should be secured by a network firewall that uses a bi-directional analysis method known as ‘stateful packet filtering’ (Caballero, 2009, p. 240) as this will analyze each packet as it passed through the network. Once the data passes on to the router to enter the LAN, it is wise to include router packet filtering to examine packets to see if they meet security policies that have been implemented. If the router allows for MAC Address filtering on wired connections, these should be activated as well because this adds additional security to prevent unauthorized devices (Prowse, 2011, p. 132). Once the router has been deployed, the next layer to secure the network would be to install an inline Intrusion Detection and Prevention System (IDPS) as this will scan the network for possible intrusions using either a signature analysis system or an anomaly based system (preferably a combination of both) that will flag administrators in the event of a perceived attack (Prowse, 2011, p. 155).

The various safeguards as outlined above are some of the primary practices used to secure wired networks but to secure wireless networks additional measures must be taken. Each wireless network broadcasts to a certain range which will allow some possibility of the signal traveling beyond the physical walls of the building. Because of this flaw in the security of wireless, it is advised that organizations reduce the signal strength incrementally until the signal is no longer detected outside the organization (Valacich & Schneider, 2010, p. 203). Another broadcast item is the Security Set Identifier (SSID) or the network name of the wireless access point which is set up to broadcast itself by default, one should turn this off so as to prevent unauthorized external access to the network. All wireless access points have the capability to use some sort of passkey to permit access including WEP, WPA, and WPA2 encryption schemes, to ensure security and authentication, the WPA2 encryption scheme should be activated and a high entropy password created to secure the access point. Also, it is imperative that MAC filtering be turned on for wireless clients so that only hosts who are added to the MAC filter list are able to receive connectivity. Lastly, if the devices being connected to the wireless point are 802.1X capable, this authentication system should be activated (Vacca, 2009, p. 797).

All of the safeguards above are some of the best ways to secure a network, especially from a hardware level. Despite the best security practices, the human element can still cause challenges to a security infrastructure. Thusly, a wise information security manager will also create a comprehensive security plan for all the users at the facility to follow and remind them often. No network is completely secure but implementing items such as these will allow a decent reduction in risk.

Bibliography

Caballero, A. (2009). Information Security Essentials for IT Managers: Protecting Mission-Critical Systems. In J. R. Vacca, Computer and Information Security Handbook (pp. 225-254). Burlington: Morgan Kaufmann Publishers.

Prowse, D. L. (2011). CompTIA Security+ SYO-201 Cert Guide. Indianapolis: Pearson Education.

Vacca, J. R. (2009). Configuring Wireless Internet Security Remote Access. In J. R. Vacca, Computer and Information Security Handbook (pp. 795-798). Burlington: Morgan Kauffman.

Valacich, J., & Schneider, C. (2010). Information Systems Today: Managing in the Digital World. Upper Saddle River: Prentice Hall.

My First Complaint About my Alienware 17xR3

As I mentioned in an earlier post, I was very excited about my first AlienWare laptop and I was counting down the days as until it arrived. It finally arrived on Wednesday so I took a slightly longer lunch and went back to the house to pick it up (I certainly didn’t want to leave it sitting on the front porch in case a ne’er-do-well decided it looked like it was worth some money).

The device is every bit as powerful as I expected it would be, even with only 8GB of RAM. Yet this brings me to my first gripe about the device. Okay… let’s consider the market for an Alienware laptop… usually a gamer who is all about squeezing as much power out of their laptop as they could possibly accomplish. Odds are, one of those things would be additional RAM. Goodness knows that is one of the things that I wanted to do. If that’s the case… why on earth did Dell make such a dumb choice in RAM placement.

You see… there are two banks of two SODIMM RAM slots on this device. The EASY ones to get to are simply done by taking out the battery, unscrewing the two little screws in the bay and then sliding the back plate off. The OTHER RAM slots require you to do the steps mentioned above as well as remove an additional series of about 8 screws to get the keyboard off, lift it up and disconnect the ZIF connector and slide the keyboard out.

Here’s your pop quiz… WHERE would you install the stock RAM on a device like this? Knowing full well that the tech buying it would likely add more RAM? Of course it is extremely logical to put the stock RAM in the EASY area so that when a gamer with a penchant for upgrading hardware wanted to add more he could… Okay. That’s right it’s NOT logical! Why on earth would you do something so ridiculous? I have no idea why but that is EXACTLY what Dell did on my device. I was expecting that I could simply add the extra RAM in the easy to reach section of the computer and all would be well. Looks like I was wrong.

Other than this obvious logical misstep in placement, I am relatively pleased with the laptop so far. Now if I can just finish this 10-12 page paper for my cyber-security class, I might actually be able to play some games on my laptop!

New Gear Heading My Way

Most IT guys, regardless of the field where they work, are somewhat geeky about gadgets, computers, and general technology. I am no different! Since I began my new Master’s program at UMUC, I have been turning the idea of purchasing a new laptop over and over in my head since my student loans were approved. Finally I made my decision.

I have an aging HP laptop that I purchased in 2008 when I started my M. Div and although it has served me well, it is starting to wear on me. The original build was designed to be Windows Vista and it is an HP Pavilion DV7 running a dual core Intel Centrino with 4GB or RAM and an nVidia GeForce dedicated video card. It works just fine on Windows Vista and I added an additional 2GB to bump it to 6GB of RAM. Once I loaded Windows 7 and updated the nVidia driver to give me the most bang for my buck. However, the dream machine became a nightmare at this point because not only did HP not provide updated features for Windows 7, there was an inherent flaw in the video card driver. If I was using the laptop on its docking station, the video drivers worked just fine but the instant I tried to use the computer off the dock, the screen would black out and then come back, reporting an error with the video card driver kernel and then it recovered from the error. However, I learned quickly that once I saw this event, I had anywhere from 5 to 10 minutes before my computer would completely lock up and require a reboot.

I called HP while on the road in Georgia to and tried to troubleshoot the issue. The technician finally told me that the laptop was designed to work with Vista only and since I was running Win7, HP wouldn’t offer any support. He had me roll back to the basic Windows Vista driver which was the ONLY thing that wouldn’t cause it to choke. That means that since I could never update the video card driver unless I was on a dock (why bother owning a laptop then?) and so my video games have all been using an old antiquated driver for these years. My Sims 3, WoW, and Bastion cannot look as awesome graphically as they are capable of because of the limitations with my hardware. This does not bode well for a man like me with geeky interests!

Last night I finally ordered my new laptop. I labored over the decision for weeks trying to decide how much I wanted to spend, how powerful of a computer I wanted to have, and what vendor to use. I considered the Dell XPS 1720 series but NewEgg has been sold out of them for a week now. I also considered the newest Asus G series laptop but for the cost of the computer and the capabilities, it wasn’t worth it to me. Finally I decided on an Alienware M17 series with an Intel i7 processor (2.o Ghz), 750GB HDD, and AMD Radeon HD video card. The only real downside was that I had not really had much luck with the quality of graphics on ATI/AMD Radeon video cards when they were installed in laptops so I was a little squeamish. However, a NewEgg reviewer posted some of their stats for performance on this machine and I saw what i needed to see. Evidently the Alienware hardware configuration works pretty well when it comes to pure power and graphics boost, the guy is getting over 65 fps on some of the hottest titles out now and his laptop isn’t even batting an eyelash. I purchased an extra 4GB stick or RAM to go with it so I will be running at 12GB when the laptop is fully configured.

I am only a part time gamer but I foresee that I will want to do much more gaming with a rig like this. My old laptop will be re-loaded with WinVista and the latest drivers so I can either use it as a backup for my main rig, or I am thinking of attaching it to my HDTV permanently and buying a new wireless keyboard and mouse so we can have a real media center device for the first time in many years. If we don’t do that, then I will set it up for my wife and then I can take her laptop that she is currently using (slightly older but still has HDMI out) and use it as the media PC. That way I can stream everything from Netflix without having to use the Wii and I can open up the various YouTube videos my daughter likes to dance to without having to struggle with the Wii Remote to type and the painfully slow Opera browser built into the Wii.