____________________________PLAY INTRO JOKE____________________________

____________________________INTRO MUSIC____________________________

[Keith] Welcome to A Couple Of Admins Podcasting. I'm Keith Albright

[Rich] and I'm Rich Niemeier.

[Keith] This is Episode 8 recorded on July 5th, 2007....... And I think we got ripped off by that "professional" announcer...I don't think he was really a professional. I should have been tipped off when he wanted to be paid in cash.

Chit-Chat - What's going on with you?

[Keith] Nothing much new here. I got my iPhone.....NOT! It would be nice to have a gadget like that, but I can't justify it. I saw a funny advertisement for the iPhone shuffle. It holds 1000 random phone numbers. Maybe that's the drunk-dial feature; Hit the drunk dial button and it dials a random entry from your phone book.

[Rich] I'm all for technology,,,but I think some home computers cost less than an I-Phone. I mean really. It might also be a good idea to make sure we are insuring this technology. Will my home owners insurance cover it?

Well I'm to cheap to carry around anything with an Apple logo.

[KEITH] Hey, speaking of cheap Apple logos, I'm getting my hands on a couple of used iBooks from our school district. Since I can't afford anything new I figured I'd spend $200 and get two used iBooks. They will need a little work, but I figured I could have fun with them. I know they'll need memory and I need to get my hands on an OS X CD since (and I don't know why) they won't give the OS with them. I understand on the Microsoft side, but the Apple side is baffling me.

Other than that, I did a little basement cleaning last weekend. I threw out a bunch of old technology. Solaris 2.6 (I think) for X86. A bunch of old keyboards, adapters, etc. Don't ask me why, but I kept some old junk. If you ever need an AUI to Coax transciever, I'm your guy. I got rid of a bunch of coax stuff though. It was a walk down memory lane.

Housekeeping Items

Rich?

  • Now getting the same Runtime error in iTunes that Keith was getting and talked about last episode.

Link: http://

Keith

  • Kevin Devin is leaving In The Trenches
Hopefully this is not a spoiler for anyone who listens to the ITT podcast, but, Kevin Devin announced on the most recent episode that it would be his last and that George Starcher would be carrying on the show and looking for a new co-host.
I know for both Rich and I, this podcast was one of the first we started listening to and got us hooked. For me, I definitely feel Kevin was an inspiration for me to get into podcasting.
George will be looking for a new co-host....Rich....Rich....are you still there? You better not be working on your resume.... and we wish them all the best and I'm sure it will continue to be a great show.
Many thanks to Kevin for all he has given to the podcast community and we wish him all the success in his endeavors. I'm sure we will see him again in the future.
Link: http://www.kevindevin.com

Listener Feedback

From listener Felicia

Felicia left a comment on Episode 7: "Thanks for sharing your sense of humor, it is nice to know that tech geeks are human."

[KEITH] Thank you for acknowledging our efforts to join the human race. We are continuing to evolve and hope to be fully human someday. Oh, and for putting a pin on the Frappr map.

[KEITH] Speaking of the Frappr Map. A quick welcome to Cate and Dan. Dan is actually a friend of mine and I'm going to try to get him on the show at some point.

____________________________PLAY SHREK SPOOF____________________________

News Items

Apple iPhone released on June 29th

[Keith] There are rumors that Apple is licensing ActiveSync? from Microsoft to enable the device to sync with Exchange and give it the functionality of a Blackberry. It would be much more justifiable in the corporate environment and it wouldn't be the first technology to push into the corporate realm after mass personal adoption.

[Rich]

Link: http://www.apple.com

VoIP? must support disabled users, pay fees

As VoIP? services have gone mainstream, the FCC has increasingly regulated them like traditional phone service, and the Commission recently took this policy one step further by requiring VoIP? operators and equipment manufacturers to support disability access requirements like the 711 dialing service.

The FCC has gradually forced VoIP? operators to behave like traditional phone companies, ordering them to support E911 services, CALEA access for law enforcement, and now to help fund and interconnect with services for the disabled. As FCC Chairman Kevin Martin put it, "VoIP? services are increasingly being marketed and used as a substitute for traditional landline phones. While technologies will continue to revolve, core social goals... regarding the provision of communications services to all remain unchanged."

[Keith]

I understand where the FCC is coming from, but I think they will seriously inhibit the growth of this technology with these actions. Not that I care, I'll never go this route personally since I don't believe the technology is mature enough nor will it ever be as reliable/stable as POTS service. But that's my opinion.

[Rich] I disagree with Keith. I think it is only the natural progression of things in our current world for VoIP? to happen. Why, I have fought getting Highspeed Internet as I believed the costs should be lower and that I did not need this level of service at my house. I am continuosly being proven wrong. With the amount of bills we pay on line, the need for me in my job to connect to remote sites, this podcast, online eduction increasing. Heck my 12 year old may need high speed access for classes in high school soon?

Besides I feel the FCC's actions are proactive rather than reactive. In a government agency this is a good thing. Take a senario where a challenged individual cannot speak and they are in a large buiding. They smell smoke and feel heat when getting near a door. Wouldn't we appreciate them, if the phone were still functional, being able to call 911 and let the firedepartment know where they are?

Link: http://arstechnica.com/news.ars/post/20070702-voip-must-support-disabled-users-pay-fees.html

'Contactless payments' about to explode, but are they secure?

Concerns over the security of contactless systems were heightened last week by a Federal Reserve decision that will allow for even more casual, low-cost purchases to be made across the country. In recent years, credit card companies have waived their signature requirements for so-called "small ticket" items in order to get a slice of the action. Visa, for instance, doesn't require your signature for purchases at or below $25.

The Federal Reserve sets rules for receipts, and last week the Feds said that purchases of $15 or less don't even require a receipt now, let alone a signature. The rule change will usher in a wave of vending machines and other automated payment systems, and many of them will support wireless, contactless payments.

According to the work of security researcher and University of Massachusetts professor Kevin Fu, a number of RF cards in use today transmit credit card account numbers "in the clear" without any encryption. He suggests that the solutions could be far more robust and that it should be an open system that security researchers can examine for flaws. Closed systems cannot be evaluated properly, he says. (This PDF slide show discusses the numerous flaws in the first generation of cards.)

[Keith] I never knew the Federal Reserve set the rules for receipts?! Link to U-Mass presentation on the flaws in the first generation of cards.

[Rich] We'll I geuss it is about time. I still don't like it. Encrypted or not someone is able to get my info by entering the space around me. I liked it better when they had to pick my pocket. I guess it comes down to precieved control?

Link: http://arstechnica.com/news.ars/post/20070701-contactless-payments-about-to-explode-but-are-they-secure.html Link to Presentation: http://prisms.cs.umass.edu/~kevinfu/talks/FC-RFID-CC-slides.pdf

____________________________PLAY TECHNORAMA PROMO____________________________

Rich's Topics

-Link: http://
  • NAC what is it and what does it mean to IT networks
-More secure? yes
-replaces authenication? no
added layers

'What is NAC anyway' Networkworld "Who you are govern what your allowed to do on the network"

-Link: http://www.networkworld.com/research/2006/040306-nac-primer.html

Layers of a compelete NAC security deployment

Agent-Based or Agentless Posture Check Zero-Day Threat Prevention Dynamic Policy Enforcement Surgical Quarantining and Remediation Network Intelligence Policy Decision and Policy Enforcement (inline or out of band >-Link: http://en.wikipedia.org/wiki/Network_Access_Control NAC + controls insider threats Phase of NAC authentication - Identify - Contractor, Employee, outsider Validation - Software, virus protection, OS patches authorization-where can you go on the network , rights inspection - look at traffic for compliance, spyware or worms goto quaranteen phase quaranteen, remediation- non compliant systems zdnet-webcast what is NAC link: http://news.zdnet.com/2036-2_22-6144931.html

-Microphone I wanted not in stock. Had to buy what they have.
-Link: http://

Keith's Topics

  • Symantec Mail Security for SMTP upgrade
-Forces upgrade because Symantec wouldn't support the old version
-Had to upgrade RAM in server.
-It's basically BrightMail? server with Symantec badges on it.
-Install it and come to find it doesn't process the same way as the old one. You specify whether to allow relaying, etc, but unlesss you choose both inbound/outbound filtering it won't allow mail sent outbound. Problem arises in that you MUST have seperate interfaces for the outbound and inbound SMTP processes. We did it before with only one since the outbound stuff is very minimal.
-I couldn't do it with just port assignments because the automated outbound stuff expected the server on port 25 as well as the inbound mail from the internet.
-I solved it by adding a secondary address to the box (on the same subnet) and putting the individual SMTP virtual servers on their own IP on port 25. The internal mail gets routed to the secondary IP on the box for SPAM processing. Kind of like a loopback, but it hits a different virtual interface on which the Symantec engine is listening. The outbound mail gets routed by MX lookup.
-
-So, while my Symantec server is down, I have only one layer of SPAM filtering, ProxMox?. I come into work one day and find that it is down as well. Turns out, the PC I used had a bad hard disk and was hitting bad sectors.
-I was able to restart it and get it up and running and started working on how to rebuild. Since we haven't bought the full version yet (long story) I couldn't use the backup option in the web interface.
-I SSH into the server and poke around and find the 'proxbackup' utility in the /usr/bin directory. You run it and it puts your entire config into a single GZIP file. I was able to connect to an FTP server and upload the configuration.
-Here's the best part. I drop a new hard drive in the box, boot the install CD and let it install. Do the basic config to give it an IP address and SSH into box. FTP the backup file back down and run the 'proxbackup' with the '--restore' option and everything is restored. Whitelist, rules DB, configuration, everything. Total downtime, approx. 30 minutes.
-Link: http://www.proxmox.com
  • Another quick link for USB thumb drive apps
-I've used SnapFiles? for a while (back when it was WebAttack?) and I recently found they now have a section for portable apps.
-Here are a couple apps I've downloaded:
-GreatNews? RSS Reader - Not bad. I need to look into the preferences for flagging posts read. It seems to be flagging everything displayed as read as soon as I click to another feed.
-Check out SmartSniff?. It's a packet capture tool that looks like it will come in real handy when troubleshooting connection problems since you can run it right on the box without installing and view packet level data to and from the box.
-They also have an FTP server called 'Quick N Easy FTP Server Lite' that came in handy when my ProxMox? server was dying.
-FollowMe? IP Lite looks to be pretty handy for giving you your public IP address when you are behind a NAT gateway. It does not work through a Proxy Server, so keep that in mind. (Maybe with the Proxy Client, but definitely not without.)
-Link: http://www.snapfiles.com/features/ed_usb_software.html

____________________________PLAY BUMPER2?/SEGUE MUSIC____________________________

Main Topic: Legacy Devices

  • Legacy devices, What are ones options
-If using a legacy device should one BUY from any source able to produce items?
-ie ebay
What are the risks
how much pain does an end user deserve to endure so that they value replacing legacy devices
Factor's prolonging use of legacy device

=>cost - What cost the cost of buying a new system, or the cost of not being able to run your business effectively? ==>change - traing people to use the system? ===>hmmmm!!!

oops
  • Keith
-Option: P2V? - Virtualize the device if real-time access is required for the data. Remove the physical layer and you've solved one problem.
-You might still be dealing with legacy Operating Systems or underlying software components that represent a security vulnerability.
-Goes back to Episode 7 and how there is a need for the people on the business side to understand more of the IT side. I don't want Windows NT4?.0 to be insecure and no longer have patches available...but that's not my decision. Unfortunately, the end result is that we need a new operating system, possibly new hardware, and possibly newer software versions....all of which cost money
-The business leaders need to acknowledge that this investment, which may come at an in-opportune time, will not add any value to the organization, but merely keep them where they were in the beginning. That is probably the biggest problem they have with these capital expenditures as they don't see any incremental value in them.

From 2005 "When To Upgrade" article from Networkworld:

There are no hard-and-fast rules about the life expectancy of network equipment because it varies by device and situation. But wouldn't it be nice to know industry norms the next time you had to choose between polishing up a box or taking an ax to it?.....Besides upgrading equipment to stave off failure, another classic driver of change is the old software/hardware upgrade cycle, most famously witnessed in the PC/Windows realm.

Fast-evolving performance and capacity demands are, of course, at the root of many decisions to replace gear, from switches to servers and storage.......VoIP? is another new arrival that is spurring network overhauls. Data networks typically have to be spruced up before voice can be introduced into the traffic mix with any confidence.

Security products are probably not the type of equipment that buyers will hold onto for seven or more years. Security gear gets obsolete for two reasons, Snyder says. "One, the loads we put on them increase because bandwidth usage continues to go up, and two, we stretch them by loading up more applications."

...with transaction volumes increasing and the size of transactions going up, companies may face the need to replace some big boxes sooner rather than later, Snyder says.

Life expectancy of network gear in years

All-in-one security appliances3.5IP telephones4.5
Backbone routers5.0Macintosh desktops3.5
Branch-office routers4.0Macintosh laptops2.5
Campus wiring9.5Mainframes8.5
Cell phones2.0Minicomputers7.0
Chassis-based network switches4.5NAS devices4.0
Departmental copiers4.0Office multifunction printers3.5
Desktop monitors4.0PBXs?8.5
Desktop printers3.5PDAs?2.0
Digital telephones6.0Room videoconferencing systems5.0
Enterprise high-volume copiers4.0SAN switches3.0
Enterprise storage arrays5.0Stackable network switches4.5
Firewalls3.5Uninterruptible power supplies6.0
Intel-architecture desktops3.5VPN solutions3.0
Intel-architecture laptops2.5Wi-Fi net-access points3.0
Intel-architecture servers4.0Wi-Fi switches3.0
Intrusion-prevention systems3.5Windows for desktops3.0
IP PBXs?6.5Windows for servers3.5

Link: http://www.networkworld.com/supp/2005/tips/112805-lifecycle-tips.html

Website Picks

Keith - MacorPC?.org

This video is freakin' hilarious. It's a spoof on the Mac Guy/PC Guy commercials. The music is awesome and the people acting in the video are just great. I'll close this show with the song from the video just to give you a taste. Special thanks to Peter Furia at Pantless Knights Productions for giving me the permission to play the song on the podcast. You can download the video in iPod format on their site at MacOrPC?.ORG or the video is also available on YouTube?. Link is in the show notes.

Link: http://www.macorpc.org/

Link: http://www.youtube.com/watch?v=Jkrn6ecxthM

Rich - This site allows you to build a slide show for your website, or for your family and friends. http://www.slide.com/ An example of it in use http://www.artbyfelicia.com/

Last Call

[RICH] All right, well that is it for the show. For listener feedback you can reach us in many ways; you can email us at RichandKeith? [at] gmail.com you can post a comment on the main site at ACoupleOfAdmins.com, As always, you can drop any show ideas or topic requests on the wiki. There is a link to the wiki on the main show site. If you would like to participate in the show; either through an interview, a segment contribution, or any other way, please let us know.

If you are fearful we might retaliate leave feed back using... iTunes, write a review. Especially if you find us funny, I mean INFORMATIVE.

Also for fun and to let us know who's listening... Post a pin on our Frappr map to let us know you are listening.

Thanks everyone... and cheers to the geek in all of us.

[KEITH] Thanks everyone.

____________________________PLAY CLOSING MUSIC____________________________

____________________________PLAY MAC OR PC RAP SONG____________________________