Security – Page 6 – A Scott Odyssey

Disk Erasing Is Boring

2018-07-312004-11-27 by scott

I have a stack of older (and not so old) hard drives sitting in my apartment. I have wanted to sell them or just get rid of them for a while. My problem is I have data on them, or had data on them. I am crazy about security. Sometimes not crazy enough, but when dealing with selling drives that once held my personal data on them, I am crazy. So what to do?

I know the multiple ways of removing data from disks. None of them include just formating the drive and selling it. I have wanted to invest in an electromagnet that degausses stuff. But that just screams Geek! it is also costly. I could do what Jay did and just copy lots of stuff onto the disks before formatting them and selling them.

I settled for a free program that will overwrite disks with random data. It is called eraser. it is a free open source product from Sourceforge.net. It is not a fast solution. Of course I selected the department of defense standard scheme for overwriting data. I don’t have state secrets on those drives, but I figured if it is good enough for the CIA to overwrite disks in this way, it is good enough for me. To be honest I selected the lowest DOD spec, but I figured that would be enough. Now I just wait while these drives get written over.

A Single Minded Day

2004-10-22 by scott

Some days I cannot remember what it was that I did at work. Today I only did one thing almost the entire day. I cannot forget what I did if I tried. I worked on fixing our Call Manager all day. Call Manager is the Voice Over IP version of the PBX. It is basically the computers that control our phone system. Last night Kai and Jayson upgraded our Cisco Call Manager’s to version 3.3.3 from 3.3.2. When you read the version number change you (I) think it is a minor fix. Well the latest version (it is the latest version we are using, but there is a 3.3.4, and a 4.0 now) does some things differently. Kai and Jay got the upgrade done, and tested all the phones in our call center. Everything seemed to work. What they couldn’t test was our remote phones. The phones in our NYC office didn’t work. We didn’t know this until hours after they went off to sleep. They left word that we may need to upgrade the firmware on the phones, but that was it. Turns out the firmware upgrades automatically when you reboot the phone and their is a newer version of the firmware.

The problem was the phones could make outbound calls, but could not receive calls. when you called the phones in a remote office the phone would ring but if you picked it up the Call Manager didn’t recognize that the call started. this is not good if we want to our reps to take calls. So off to call Cisco I went. This all happened before or as I got to the office. What a way to start the day that I knew I was going to be short handed anyway. Kai and Jay were both off to sleep because of their overnight. So after a long and drawn out troubleshooting session with Cisco we figured out our problem. I actually spoke to 2 guys over there. the first guy gave me the right answer but could not explain why we had to do what he asked. Since it required me to change firewall rules and we upgraded a phone system not the firewall I was skeptical. So the second Cisco guy came into the picture. He walked me through the same troubleshooting process (a bit quicker than the first guy). he then made some phone calls and got back to me. Turns out the first cisco support guy was right we needed to change some rules on our Cisco Pix’s. Why? Well in the new version of our CCM (Cisco Call Manager) they changed how some protocol’s operate. So what worked in older versions of CCM didn’t work in the newer version. We had to remove to fix-up protocol lines on all of our Pix’s that are involved in the VPN that makes up our WAN. Sure enough Kai was right. Kai as in Kai the cisco rep I spoke to, not Kai the guy I work with. I made the two firewall rules and the phones started working. Elapsed time on the whole saga, 8 hours. I got the phones working exactly at 5PM.

During this adventure I had other fun things to think about. Sean and danny dealt with problems with an index on a database somewhere that was causing one of our websites to be slow. Word of advise to people I work with. When I am fiddling with one phone, on another phone and talking to someone on a nextel and you know a system is down, don’t come and tell me about another problem that you need me to work on. I can only do 4-5 things at once. Thankfully Sean was able to get a handle on the index problem and fix it with little to no help from me.

Danny was helpful in my network trouble shooting saga today. Everyone else was surprisingly not bothersome. usually when I have a major problem people come out of the woodwork to bug me about minor issues, or that is how it feels.

I was crazed today. Am I glad it is over? Of course I am, but there is something to be said about days like this. First, it goes by so quick. Second, it is the type of day that you earn your salary. You get a few of the each year, and when you live it you hate it, but after you live through those days you are a better person for surviving them. On a personal note I am glad I got through the issue mostly by myself. Danny did give me great assistance in the network trapping, but allot of it was second opinion from what we got from Cisco. It is good having someone else around who you can sound off ideas to. I think Danny and I work great in that respect. On a whole I had to tackle most of this issue by myself. In the past that is not a big deal. Recently I have been delegating allot of the day to day technical responsibilities. It is something that I have to do, but I feel like I get rusty by not doing hands on work all the time. Days like today keep me sharp and lets me prove to myself that I am still in the game and can get dirty with the best of them, or so I think.

More VOIP Updates

2004-10-20 by scott

Several things finally came together on my VOIP odyssey this weekend. For one I solved a problem I have been having for some time. I also got off my ass and plugged in my new Linksys VPN Router. I started to setup static VPN tunnels to work. For one thing I proved I can setup a static IPSEC tunnel to a Pix with a cheap ($150 or cheaper) router. At first I still could not connect to one of our offices. I had the same problem with the Pix 501 I had. Or at first I thought it was the same problem. With the 501 I couldn’t connect to that office either. I was beginning to think it was not me but the Pix at that office. Turns out when I had my Pix 501 I had 1 issue. With the new Linksys VPN router the problem was a new one. Turns out the fail-over Pix we have at the office uses the IP address of 10.1.1.1. That is all nice and good, but that was what I used for my router at home. That didn’t work well. I had to give my router a new address and recreate the VPN tunnel. Everything started working then.

Now I have 2 tunnels (if and when I want them) to work. I don’t need VPN software. This is a good test since now I do not need VPN software on a computer in order to establish a VPN connection. What that means is I can plug in a VOIP phone and connect to my office’s call manager. I did just that. Now I have a 7940 phone connecting into our CCM (cisco call manager) system sitting on my desk at home. This is different to what I was trying to do with the 7940 and my BroadVoice connection. Now I can log into the phone at home and get my extension from work. I can prove that we can do this with remote agents if we choose to do so. We probably won’t but it is a nice technological feat to say we can. We want to go with the cheaper soft-phone option for remote agents, but having the ability to put a phone in someone’s house is nice to know you can. Have I mentioned that I have a cool job, or that VOIP is awesome???

In addition to the work phone I now have setup. I finally got my VOIP ATA adapter from the lovely folks at Broadvoice on Monday. I plugged it in after calling them and changing my account back to use that adapter. In minutes the adapter registered and I was off and running. I plugged in my new cordless phone and I had phone service. Did I mention it is only $10 a month? Now I was an early adopter of not having a home phone. I still use my cell as my main phone, but it is nice to not have to worry about the battery dying on a long call. Truth be told I want the VOIP service for the simultaneous ring option that I have. I am able to have calls ring on my home phone, my cell, blackberry, and work phone at the same time. I have a few kinks I am working out but otherwise that has been very cool.

Some problems I have to work out. I am back to using my old 802.11b wireless point. My 802.11g point was built into my old router. Now that I have a VPN router I can’t use that router. I need to buy a stand alone “g” point. I also need to break out a 5 port switch and daisy chain it off of my router. With the Wifi point, both my personal and work phones, plus my desktop and laptop, plus a tivo I have ran out of network ports on my 4 port router. Thankfully I think I have enough components to build 2 computers and extra network gear in my closet. He I don’t throw out very much stuff.

Ok, time for bed…

Pix Configuration Problems

2016-08-212004-07-11 by scott

I am having a problem with the new Pix. I think it is a minor issue, but I just cant figure it out. I am trying to make a second static VPN tunnel, and the pix keeps telling me the crypto map is not complete. I am doing nothing different from the first tunnel I created but it still wont work. I am going to call Cisco and try to figure out what the deal is.

Mini Pix

2016-08-212004-07-07 by scott

After some consideration I went out and bought a Cisco Pix 501e. You may be wondering why in the world a person needs one of those. Need may not be the word, but I do have uses for it. In the past 24 hours I have learned more about IKE tunnels than I had in the past 12 months. Allot of what I want it for is work related, but I doubt they will pay for it so I got one.

I want to prove (i know it can be done, but me doing it and having someone say it can be done are two different things) that I can setup a static VPN tunnel securely and allow a VOIP phone to connect to our office. I want to be able to lock down the connection so only the voice traffic we want can go over the VPN. It will work since to my office pix, it is just connecting to another office with a pix. The 501 is exactly the same as the larger 515 but you can only do less. The config and the PDM is all the same.

It is very cool. The only problem I am having is that I cannot initiate a VPN client connection through my pix to another pix somewhere else. We have this problem at work, and I have not been able to find a fix for it. I need to call Cisco about it. It is a pain, but not a show stopper.

I showed jayson what we can do with the personal Pix and he wants one, but he just got a big screen tv so he is not spending anything for a while.

VPN Changes, Man I Am Out Of Practice

2016-08-212004-05-21 by scott

I really need to brush up on my firewall rules knowledge. It took me 20 minutes to figure out how to modify a rule. Once I realized how it was setup it was trivial to fix, but that initial learning curve to remember how it was originally configured is the hard part.

When things settle down I need to sit in front of the Cisco simulator software we got and play with some ideas I have regarding new changes I want to make on our system.

Tuesday Late Night, Wednesday Work From Home

2016-08-212004-04-29 by scott

Tuesday was a late night for me. I stayed up late to finish adding Backup Exec agents to some servers that could not be brought down until after midnight. I then did some troubleshooting on some other backup issues. The goal was to get a good backup tuesday night. I was able to do so. I finally finished work at like 2/2:30AM.

By the time I got up and dressed Wednesday morning. it was already almost 11AM. It was then that I decided to work from home. Some people like to do that. I always think I like to do that, until I actually do it. News flash, I don’t like working from home. On one hand I do get allot done since less people bother me for stuff. On the other hand it is lonely sitting in an empty apartment working on the computer. If I lived closer to the office I would have been in.

I finished working on some more backup related issues Wednesday. Also worked through an issue with Kai & Jay related to some phone problems. Dan and I also tracked down an AT&T rep to discuss a bill we have issues with.

I also worked on cleaning up some ACL;s on our firewall’s. Most if not all of our restriction problems have now been resolved.

Friday, Kingston Trip

2018-07-312004-02-29 by scott

Friday I went to kingston for the day. Most of the trip was uneventful. That is good when traveling. I worked on the Group Policy Objects with Kai. I think we ironed out the kinks in what we want to do. For some reason our old profile we made would crash when we modified the security settings, but the new one I just created didn’t. Of course there is no major difference between the two. Go figure.

The trip home wasn’t that good. It took an extra hour or so to get home. Not sure why. the train was late. They said it was due to engine problems. Then we went slow and stopped allot along the way. I tried to sleep a bit on the train. I never do that so it was different for me. I used all my laptop battery power during the day and forgot to charge it. That wouldn’t be a problem if I sat on a window seat with a power outlet, but I sat on the aisle and couldn’t use it. The van wilder dvd I have been meaning to see will have to wait.

People on the train pissed me off. Like 4 people around me were either talking on their cell phones the whole time or one guy was playing a game on his phone with the stupid sounds turned on the whole time. People need to learn some etiquette.

Work Update

2016-08-212004-01-10 by scott

Here is what has been going on at the time sucking void I call work. Kidding. It may be a time sucking void but I wouldn’t be doing anything else…

Fixing our monitoring system. It seems like I am always doing this, but I am spending time tweaking our monitoring system that listens to all our computer systems and pages us when something is wrong.

Keith just finished setting up the VPN link to our Kingston office. Now we have a dedicated link between our offices for just VOIP traffic. We can use an entire T-1 for voice calls. We hope to get 15-20 calls over it. We will test it this week.

We are busy building and configuring new servers. it feels like we are doing this daily. We deployed 2 new box’s this week. Something to QA stuff on, and a new data-warehouse machine.

My mail migration goes slowly since I am busy doing other things. This is not a problem except we are paying for pop accounts on our current provider still when I would like to offload these users to our own hosted mail system. That is the end result. Hopefully when done I will save a few hundred bucks a month on mail hosting.

Gus has been away on vacation and now CES. He returns Wednesday. The rest of our upper management return Monday. No joke it has been quieter without them in the office. it is not them, it is just there is like 10 less people in the office. Back to normal on monday.

Projects Updates

2016-08-212003-12-18 by scott

Finally put into service our first Windows 2003 Active Directory server. I demoted an old 2000 box and transfered its roles to the new server.

Started redirecting call center users in NYC to our new mail server we are using for our Kingston office. The end goal is to have the entire call center on that mail system. Once I get all the alias’s and accounts done I can just delete the old mail accounts and tell everyone they have a new email address. It is a slow process since I need to edit everyones profile when they are not at work. I did about 10 people in 2 days. this rate it will take me a month to get everyone cut over.

We upgrade our Pix firewalls next tuesday to enable us to use a VPN tunnel to send large amounts of VOIP calls between offices. when I mean large amounts I mean more than the 2-3 we can now. Probably like 20 at a time on a dedicated internet T-1.

Other things going on are the guys in Kingston are working on Cisco Softphone setup’s to allow remote agents for our call center. Or to allow us to use the phones from outside the office on our laptops. Also in the works is the ability to move your phone number between desk phones if you need to.