Alexander’s Blog

Thanks to a virus infection, a Japanese power plant worker has inadvertently leaked nuclear secrets onto the Web. The unnamed employee had stored about 40MB of confidential reports on his home PC. When the system was infected with a virus the details were leaked. The data is said to have been distributed to users of the Winny peer-to-peer system, the most popular file-sharing network in Japan.

“If you allow your employees to put sensitive company data onto their home computers, you are running the risk that they will not be as well defended as the PCs within your organisation,” said Graham Cluley, senior technology consultant at Sophos.

More info…

The Microsoft Certified Architect Program identifies top industry experts in IT Architecture. These professionals have 10 or more years of experience, possess strong technical and leadership skills and form an elite community. Unlike other IT certifications, this credential was built and is granted by industry architects, as candidates must pass a rigorous review board with previously certified architects.

This certification is targeted to practicing solutions architects and infrastructure architects who have successfully applied frameworks and methodologies to create an architecture that serves the entire IT lifecycle. These architects can employ multiple technologies to solve business problems and provide business metrics and measurements to describe the success or failure of the projects they drive.

More info…

We all have seen spoofed e-mails at times. For IT professionals these are relatively easy to pinpoint. Some bad guys are educated, others are not so lucky. Here’s an example of a spoofed e-mail from not a very bright individual. As you can tell by some of the red highlights I’ve made, there are too many hints in this e-mail that this is not a legitimate e-mail from Microsoft.

First of all, notice that the entire message is centered. In your entire life, have you ever seen a message from Microsoft that was centered? Here are some other dead giveaways.

1. The word Microsoft is spelled MicroSoft in two places but Microsoft in the rest of the message.
2. The abbreviation MS is used in several places. Microsoft never uses the abbreviation MS in their official communication.
3. Web site is mentioned twice in this e-mail and spelled incorrectly both times. Microsoft (and other leading publishers) use the term Web site, not website, or web site.

Unfortunately, an average user doesn’t pay that close attention to the e-mails and may be fooled just by the fact that it resembles a legitimate e-mail. I keep on reminding my friends that Microsoft will not contact you via e-mail to give you security warnings. I think my friends are finally catching up on that but even if 1% of people are fooled by the bad guys, it can cause significant damage.

Whether you are troubleshooting a program or preparing for a Microsoft exam, you may find it useful to understand how different applications (MSDOS, Win16, and Win32) run on Windows.

All NT-based operating systems, such as Windows NT/2000/XP/2003, use the NT Virtual DOS Machines (NTVDMs). Applications running in an NTVDM acts as if they are the only application running on that virtual machine. Let’s look at the behavior of all types of applications.

MSDOS-based applications
All MSDOS-based applications run in a separate NTVDM. If one NTVDM crashes, it doesn’t affect the other DOS applications.

Windows 16-bit applications
All 16-bit Windows applications (Win16) run in a single virtual machine by default. If one Win16 application crashes, it can potentially bring down the entire NTVDM and affect all other Win16 applications in that VDM. By default, an NTVDM is created as soon as you start the first Win16 application. When you start additional Wn16 applications, they all run in the same NTVDM. You could start a Win16 application in its own NTVDM if you want to ensure that it doesn’t affect other applications, or that other applications don’t have any impact on it. Obviously, it won’t be able to share information with other Win16 applications and there’s an overhead to run a Win16 application in its own NTVDM. The overhead is 2MB of pagefile and 1MB of RAM per separate memory space.

NOTE: The Task Manager will show each NTVDM that’s started and indents the application processes running within those VDMs.

Windows 32-bit applications
Windows 32-bit applications (Win32) do not run in an NTVDM. Instead, each Win32 application runs into its own 2GB address space. If a Win32 application crashes, it doesn’t affect any other MSDOS-based, Win16, or Win32 application because it does not share the memory address space with other applications.

The following graphic shows you how these applications run on Windows-NT based computers.

When configuring ISA Server 2004, one challenge a lot of people face is how to design the services so you can use Active Directory groups to configure ISA Server rules. If you want to use users or groups in ISA Server 2004 rules, you must make ISA Server a member of Active Directory domain so it can communicate with Active Directory. As a member server, ISA Server can be configured to take advantage of specific users or groups in Active Directory by creating User Sets. A User Set is a group of users that are defined together as a single set. The set can include three types of users or groups:

1. Windows users and groups
2. RADIUS
3. SecurID

For example, if you want only the members of Information Technology (IT) department to access the internal network when they use a Virtual Private Network (VPN), you can create a network rule where the source network will be VPN Clients and the destination network will be Internal network. You can create a User Set that includes only the members of IT department and configure the network rule to apply only to the IT User Set.

For security reasons, administrators prefer not to add their ISA Servers to the corporate Active Directory domain. One solution is to create a separate forest in the DMZ, add ISA Server to that forest and configure ISA Server to use domain accounts for access policy rules. However, this is a lot of work and it would require you to maintain separate accounts in two different forests.

If you only want to use users and groups for authentication (instead of access rules) then you can use a RADIUS server. Microsoft’s RADIUS server is called Internet Authentication Server (IAS) and is included in Windows Server 2003. This will eliminate the need for you to add ISA Server 2004 to the Active Directory as a member server. However, there’s one thing that you should know about this solution. It may seem like you can add a group from the RADIUS server to a User Set but you can’t. You can either add an individual (Specified User Name) from the RADIUS server or add everyone (All Users in Namespace), as shown in the screen shot below.

Another option is to use SecurID option, which will add additional cost. RSA SecurID for Microsoft Windows software offers better security by combining something the user knows (a secret PIN) with something the user possesses (a unique RSA SecurID token).

The token generates a one-time password every 60 seconds. The options for adding SecureID are identical to the RADIUS options. You can add either a Specified User Name or All Users in Namespace.

SecureID also offers other advantages. You can find out more about SecureID on TechGalxy’s ISA Server page. Look for Secure ID for Windows under ISA Server 2004 topics on that page.