Thoughts of an Angel
 
I know so many open source and Mac fanboys who will be angry with me after this...
Picture
The SpeedTest results from Google Chrome.

Picture
The SpeedTest results from Internet Explorer 9.

I actually tried both of these browsers in the speed test several times, but to no avail.  While specific results varied, the winner was clear.  What's interesting is that they both perform quite abismally (compared to what this network is capable of giving out) when they are both open.  Chrome and IE do not get along (understandably).  I am not entirely sure how the processes in IE work, but I do know that in Chrome, there is a separate process open for every tab.  This may slow things down a bit. 

However, all of this is rather moot considering the guy next to me gets > 400 mbps.  It sounds like I need to figure out some network connection configurations.  I think I'll Goog...uh, Bing that. 

To make you open source and Mac fanboys happy, I will do the same test when I get back home to Texas.  I am willing to accept that something got rigged (though I doubt it).

-Angela Fox

P.S. I really like Microsoft in general (anyone who knows me knows this), but it sounds really wrong to "Bing" someone.  <*gasp!*  I did NO such thing!!>
 
 

Normally, I avoid "technical women's" events like the plague.  Most of them discuss either how to be a man or how to find other women and seclude themselves from the evil, gross, stinky, sex-ridden, and sometimes creepy men in their workplace (or so the impression seems to be).  So far, however, most of my experiences with working with men in IT and Sound Engineering (my first love) have been positive.  Then again, I'm a bit of a tomboy at heart.  I make friends easier with guys than most women - no drama, no super loud high-pitch squealing and/or screaming on excitement, they get right to the point when they speak (perfect for my attention span...or lack thereof), and being logically wired, most of what they say makes sense.  Men are just mentally wired differently from women.  And frankly, I feel that most women take on a sort of "victimized" mentality in the technical workplace by just automatically assuming that life is out to get them because they were born a woman.  Albeit, it is not easy sometimes.  It's even a little overwhelming at times when your thought process is not lined up with the rest of your team (i.e. left-brainers vs. right-brainers, process-oriented vs. detailed oriented).  It's really not that bad though.

Needless to say, this women's luncheon was quite good (as was the food, though I'm pretty sure my table was served last).  I enjoyed the panelists who were speaking.  They gave good advice to those of us who had questions about working in the industry from how to deal with male family members who are not supportive to how to get the men at work to take us seriously.  There was one question that I had that never got answered however, one of etiquette: I've never had so much problem working with men as I have dealing with their significant others.  For instance, when I started working at the Help Desk, my manager's wife (who is also IT, but different department) gave me the evil eye for the first several weeks.  It seems that after I became engaged, she's a great deal more friendly to me now.  I've come across this before in the work place.  I can't help it - I'm just naturally friendly.  It seems that the best anecdote is communication.  While there are still some women who are just naturally jealous, it usually at least helps to try to talk to the girl more than the guy while in the presence of both of them.  I know I'm not alone though.  When I told all the ladies at my table about this, they all were like, "Hey, that's my problem too!  I thought I was the only one who dealt with that!" I'm glad to know I'm not the only one with that problem.

If you're a guy, how do you suggest you deal with this?  If you're a girl, how do you deal with this? I'm interested in contrasting opinions. 

'Til next time.
Angela


 
 
I promise you that I did not come up with this title.  :)  It was our speaker Andy Malone who came up with this title.  He spoke about the 802.1x protocols, but mostly about others such as GPRS, WAP, Ricochet, Bluetooth, Blackberry, RFID, and NFC.

On Bluetooth - it is meant to be a cable replacement tool and it is a short range communicator (10m).

He then focused on RFID and how it can be hacked: 
RFID Tags can be cloned
Hacking tools are in Backtrack 4
Hardware is getting cheaper, which means that the interrogators (the RFID readers) are also getting cheaper.
Hacked cards with authorized ID numbers can be used to unlock doors
And of course, all RFID tags can be read, some from many meters away

NFC - Near Field Communicator
It's a set of short-range technologies
Requires a distance of at least 4cm
There are ways to configure it through:
Emulation
Reader-active situations
P2P Mode - Two NFC's communicating together and exchanging information
Some security concerns with NFC include:
Difficult due to distance factors
It is a radio signal that can be picked up
Applications use cryptography protocols
They are susceptible to relay attacks
And of course, if you lose your phone, you've lost security of your wireless device

Some of the LAN security goals included:
Access Controls
Key management
No abuse of wireless network
Data Integrity
Data packets are not modified during transit
Confidentiality
Data packets are encrypted

The current wireless standards are as follows:
802.11 WEP
802.11 + 802.1x
802.11 + WPA
802.11 + WPA2
AES

Shared Key Authentication
Utilizes the challenge/response
Requires and matches key
Is very weak

WEP-Wired Equivalent Privacy...or not.
It also utilizes a shared key encryption
Initialization Vector = 24-bit
And it uses RC4 for encryption

TKIP was meant to improve WEP, but ultimately did not because it also uses the RC4 encryption algorithm.

So far, 
 
 
This session discussed the basics of capturing and analyzing network packets using Wireshark.  

First they briefly discussed potential legal issues.  For instance, one should be aware of the local and national laws concerning computer technology and cyber security.  One must have permission to capture and review traffic for purposes of troubleshooting, optimization, security, and application analysis.  I do believe that has to be permission in writing too...

One must know their chain of custody and create SHA1, RIPEMD160, or MD5 hashes of trace files one plans on using as evidence with capinto - the command line for Wireshark.

I also learned that most bot-infected hosts and their Command and Control (C and C) servers can be detected by capturing and analyzing DNS responses.

One of the key points that is important to note is that to know whether or not your server is being attacked is to know how your servers normally behave in the first place.  

Another point discussed was the responses of host-based firewalls.  Many of them simply come back with an ICMP reponse when it detects an invalid host attempting to access it.  However, a host-based firewall should NEVER actually send anything back, but just drop the connection if it is suspicious.  In other words, do not violate the #1 rule of the internet - do not feed the trolls.

Also, ARP does not get past routers for a lack of an IP header - no identification, no access.

Some Active Discovery Processes were discussed here:
  • ARP Scan - local only; can find << hidden >> hosts
  • Ping scan - ICMP type 8/0
  • ACK Scan - TCP ACK - check firewall rules
  • FIN Scan - FIN - illogical TCP fram
  • Xmas Scan - FIN PUSH URG
  • Null Scan - No flags set
  • Maimon Scan - FIN/ACK
  • Idle Scan - Uses zombie; watches IP ID value
  • TCP Port Scan - stealth of full
  • UDP Port Scan - listening for ICMP responses
  • OS Fingerprinting Scan - TCP, UDP, ICMP Probes


Remember, the difference between reconnaissance and a breach is what they are used for.
  • Here are some of the signatures of traffic:
  • Unusual ports in use
  • Unusual protocols in use
  • High TCP "data" rate/Undissected traffic
  • Unusual conversation pairs
  • Unusual endpoints
  • High number of application failures/error responses
  • Higher-than-normal traffic rates
  • Higher-than-normal conversations per user
  • Traffic to/from illegal MAC or IP address

I also learned that a dark MAC address or dark IP address is a bogus address packet treated as a broadcast.  Consequently, the router simply keeps flooding the network in search of a machine that matches the MAC and/or IP address, but of course, never finds it.

I also learned how to create Coloring Rules.  Essentially, you tell it to find certain packets that meet a certain condition.  If it does, then you will notice it highlighted as the color you assign to that. One suggestion is to assign your largest threats the color(s) that is/are most aggravating and/or certain to catch your attention.

And finally, I leave you with two pieces of advice:  
1) Try to stay away from using "!=" in your filter.  Instead, opt for "!<insert condition here> = <insert compared condition here>"  For instance, instead of:
if(x!=y), 

use

 if(!(x==y)).

2) When you look at your trace files, it will come up as several characters.  Just know that the combination letters "MZ" should be treated as an executable file, because it is.  Be very careful with this, however

More to come later today!
 
 
With 10,000 attendees from 84 countries, 800 Microsoft participants, Microsoft TechEd 2011 is hosting 551 unique sessions and 250 hands-on labs (among other things).  As of a bit after 3:00pm, here is my summary of the day:

We (the bloggers and Imagine Cup team) walked in right before the sounds of The Glitch Mob played masterfully as our pre-show entertainment.  Our Imagine Cup team stood up to the sound of applause shortly after talking about their successful project which involved portable medical imaging/ultrasounds in order to give much less expensive access to diagnostic health care for people who are unable to afford it.

Robert Wahbe, CVP Server and Tools was our keynote speaker who talked about many applications of both Public and Private Cloud that included extending existing applications, dealing with large data sets and data warehousing, reaching larger capability of high performance computing, better opportunities for promotion of events and content distribution, and better using the Cloud for marketing campaigns and gaming web sites.

Several demos were put on that I found quite interesting.  
Joey Snow demonstrated a few Cloud services such as requesting Private Cloud capacity, deploying from the System Center via a New VMM Service Deployment, and Public Cloud deployment.
Amir demonstrated one of the ways that the Cloud can be used as a Business Intelligence System by using PowerPivot to create full spreadsheet, database, and graphic functionality.  For those nay-sayers who believe the Cloud is not capable of good speed - think again.  In the time that it takes to blink your eyes, he performed a query on a database consisting of 2 billion records, retrieving a bit more than a million of said record matching his query.
Augusto Valdez demonstrated Cloud-Based Productivity via Windows Phone 7 and its ability to sync with its PC-based software via the Cloud.  He showed us how to sync with Outlook as well as Lync via Lync Mobile.  Finally, he showed us the e-mail security capabilities that one can use on Windows Phone 7.
Edwin Yuen presented what was perhaps my favorite demo - the Worldwide Telescope using the X-Box Kinect.  He was able to show us a literal real-time view of events and objects such as the greatest solar eclipse that will ever happen in our lifetimes in 2014 as well as the entirety of the known universe.
Cameron Skinner discussed managing the life cycle of applications using the example of utilizing the Cloud for communication between the Operations side of IT (Infrastructure) and Developers to meet the needs of the customer, understand the requirements, and agree on the priorities of the application.
There was one more demonstration of making an application to address how a call center assigns tickets to technicians.

After wandering about the Convention Center for a while (this is a HUGE place with SO much to do!  You really should be here!), I went to a session on "Wiretapping."  It is a basic how-to session on using Wireshark to capture and analyze traffic.  This is discussed in the next entry if you're interested...
 
 
I have finally implemented the QuickSort algorithm.  I feel like I've made some progress!  I did have to "borrow" some code from www.dreamincode.net, so all credit given to whom all it is due.  I did at the very least take some very thorough notes about what the code was doing.  You can find this here:

#include "stdafx.h"
#include <iostream>
using namespace std;

/* Note to self: Self, the syntax is not to say "public: class."  This is not Java.*/
class sortOut { 

/*
Intake is responsible for accepting values into an array
The "*" notation is a pointer, allows for passing by reference to memory rather than the value itself.  
This notation is recommended for memory allocation devices (i.e. arrays, vectors, etc). There's not much 
of another way for the main() method to know what values to pass on to other methods being called.
*/
public : void intake(int *store) 
{
int number = 0;
cout << "Please give me 10 numbers: ";
for(int i = 0; i < 10; i++)
{

cin >> number;
store[i] = number;

}//end for

}//end intake function

/*
Exchange tells the arrays in the subsequent methods how to swap numbers.  
It puts int a into a temporary variable to be assigned to b, which will in 
turn equal a.  
*/

public : void exchange(int &a, int &b)
{
int temp;
temp = a;
a=b;
b=temp;
}

/*
sort() is in charge of sorting out the numbers (DUH!).  It accepts the store array passed by reference, 
the int representing the first element in the array, and the int representing the last element in the
array as arguments. 

The pivot point is set to the first element in the store array.
It will check to see if the last element is greater than the first element in the array.
If so, the int dividePoint is assigned to the function split().  split() is called for value assignment.
The pivot point is then assigned as the point of array division.
As recursion works, the sort function is the recalled until the the array is fully sorted.
*/
public : void sort(int* store, int firstElement, int lastElement)
{
int pivot = store[firstElement];
int dividePoint;
if(lastElement > firstElement)
{
dividePoint = split(store, pivot, firstElement, lastElement);
store[dividePoint] = pivot;
sort(store, firstElement, dividePoint-1);
sort(store, dividePoint+1, lastElement);
}

}// end sort

/*
split() is the function that divides the array.  Essentially, the array splits itself in half, sorts those halves, 
then those halves split in halves where those are sorted, and so on.  The process restarts itself until the array
is fully sorted.

The firstElement is assigned to be the leftmost element.  The last element is assigned to be the rightmost element.
While the leftmost is less than the rightmost elements in the array, and the pivot point is less than the rightmost element and
the rightmost element is greater than the leftmst, the rightmost moves to the value left of it (from 9 to 8, etc) and tests to see if that element
is greater or less than the pivot value.
exchange() is called to swap values found unsorted in each round in the loop.

The process is much the same for the while loop testing to see if the leftmost value is less than the value of the pivot.  
As it finds values that are in their proper place, it moves on to the value to the right (from 0 to 1, etc) to test values some more.
It is to return the leftmost value in order to begin the splitting and sorting process all over again until the array is fully sorted.
*/
public : int split(int* store, int pivot, int firstElement, int lastElement)
{
int left = firstElement;
int right = lastElement;

while(left < right)
{
while(pivot < store[right] && right > left)
{
right--;

}
exchange(store[left], store[right]);
while(pivot >= store[left] && left < right)
{
left++;
}
exchange(store[right], store[left]);
}
return left;
}
};

/*
main() is self-explanatory.  Remember to initialize values in the functions that are called.  In most sorting algorithms
involving a pivot point, the pivot is going to equal 0.  The leftmost and rightmost array values are assigned to the
elements that they represent.  Remember also to create an instance of the class you're callling functions for.

exchange() and split() were already called in/by the sort() function, so there is no need to call them in the main() method.

It is best to have the output in the main method so that you know that all methods were implemented properly.
*/
int main()
{

sortOut s; // Need to create an instance of the class
int storage[10];
int left = 0, right = 9;
int pivot = 0;

s.intake(storage); // Small o -> O
s.sort(storage, left, right);

for(int i = 0; i < 10; i++)
{
cout << storage[i] << " ";
}



return 0;
}

 
 
Today is a snow day, probably the coldest day I've seen in Texas in all my 25 years of life here.  How shall I spend this day?  UNT has shut down and venturing down to Fort Worth for work is pretty much out of the question today due to ice.  Snow play is fun, but it's so powdery today that I cannot sculpt anything.  It seems that today will be spent reading for tomorrow's class (assuming there will be a class) and working on this web site.  Meanwhile, I believe that some hot chocolate is in order . 

Cheers!