My web wanderings

The Ten Commandments of system administration, part I

Part 1. Backups!!

So google has added another notch in their belt towards their goal of information domination. Want to search for a book containing some bit of infomation you have been looking for? No problem just google for it. http://print.google.com/ Good work Google. You keep impressing me all the time.

A look at Microsoft’s internal SDL with the new Trustworthy Computing initiative.

Since my company was recently aquired we needed to sync Contacts between two organizations prior to connecting our Active Directories. In order to facilitate this we first assumed we could do it like in Exchange 5.5 via admin.exe. WRONG. After much hunting and some ADSI hacking we found this page. It was extremly helpful. Shortly I will post some modified scripts that Jason developed.

Ten Tips for Corporations to Protect Customer Information from Identity Theft

1. Unless there is a specific reason that personal information is being stored, get rid of it. If information needs to be there, set a timetable for its length of stay and when it can be disposed of.
2. Make sure that the server holding personal information is isolated to its own network with limited access. The network should be secured/protected by a strong firewall that protects from attacks at the network, protocol and most importantly the application layer.
3. The server that contains the personal information should NOT allow direct connectivity to any user on the public Internet.
4. The isolation of the database server should provide protection not only from the Internet but from other Internet facing servers as well as the internal network.
5. Under no circumstance should the database server be permitted to initiate connections to the Internet.
6. The controls afforded by the application layer defenses must include the ability to control not only what the database can query, but the explicit commands that can be run, as well as the number of responses per query.
7. Both the security mechanisms and the database server should be operated on kernel hardened operating systems to mitigate the risk of operating system bugs or vulnerabilities.
8. Strict controls of who can access the server should be in place, be enforced, and reviewed to validate the need for access rights.
9. A multi-defense is your best defense; take full advantage of both security mechanisms available within the database application and strong encryption as well as security mechanisms of the application level firewall.
10. All communication of personal data sent to/from the database across public and private networks should be permitted over encrypted channels (HTTPS / SSL SSH).

Hacking Google for fun and profit

Information of the new homeland security badge. We are looking for something similar at work.