Security GuRu

Now available here .

The biggest new enhancements are :-

URLF: URL filtering

NIS : Network Inspection System

Better support with Windows Server 2008 64 Bit versions, Windows 7 and Exchange Server 2010.

Just install your evaluation copy and I will go through it by a presentation very soon.

We have two types of people: Internal Thinkers and Outsiders

The problem with outsiders is that they need to write everything on a paper, sticky notes, flip charts, white boards …etc

I don’t really know how those people concentrate ?? I guess some may use a pen to write on his hand where he parked his car.

Some others, just keep the idea in their brains.

Well…

One of the problem solving methodologies is to turn the problem / idea to a visual format.

I said VISUAL not PAPER !!

We can go and use PDAs, reminders , touch screens, wikis ..etc

I still believe that having an internal portal site on which the teams can collaborate on , share ideas is really good, easier to update and even more environmentally friendly. Even if the agile gurus still believe you have to WALK THE WALLS and use sticky notes.

We are almost 2010 where we can go on a digital paperless environment.

i liked this video

All computer companies follow a process.

MOF , ITIL are the most common for IT infrastructure Management.

MSF and some methodologies like Agile, Scrum, Waterfall,, Spiral, extreme Programming ..etc and lots of others for the software development lifecycle.

It is not about which process you follow. All have pros and cons.

Just remmeber that, that process was made to make people’s life easier. No waste of time and effort.

Make sure you really understand why the process tells you do so.

Sometimes sticking to the process requirements is a waste of time, effort and money and is really away from what it was really intended for.

I need to mention those examples for clarification:-

Documentation:-

Documentation is a core principle in software / IT. Vision documents and business proposals are intended to make a clear understanding of what the client really needs. Show what is to be included in the project and what is beyond the scope. Risk management …etc

Suppose you didn’t make that document and the project is near end. It will be very foolish to make it near the end of the project. It will be useless. It was intended to be the first step of your work.

Technical Design:-

On working on network designs. The MOF and ITIL for example need you to have a monitoring methodology, something for communication, something for deployment.

Imagine you have a 500+ users network. and around 20+ network admins in  dsitributed locations.

You can follow the process recommendations:-

. Have exchange servers

. Have IP phones ( like cisco phones or whatever)

. Have MOM servers to assign tasks for the admins

. SMS Servers and RIS for deployments

. Have backup servers

…….etc

But imagine you have a 10+ network with two admins. If you follow the real process recommendations then you are really wasting a huge sum of money.

. You can use free email accounts

. Just use something like Skype instead of Cisco devices

. No need to use the MOM servers. You only have a limited number of admins. Monitoring and assigning tickets isn’t a big deal then

. Just use ghost or sysprep or whatever imaging to deploy your machines and edit the license keys. Why you really need to purchase something big like SMS ????

. why use backup servers. Just simple daily backups for one server people assign their work to will be enough.

that’s just an example.

THINK PRACTICAL

Remember that the process is a RECOMMENDATION and not a TODO mandatory list.

Design and Management is an art. Better understanding of your actual needs, funds and capabilities will decide what you really have to do not what the process states.

I ‘ve been busy for the last few months.

Back to blogging now with a series on Product Management.

I want to make software management look simple. Some people always avoid high level designs and management tasks. If you have the right passion / vision then you are the right candidate. Otherwise, let somebody else do the stuff ….

Images can be resized in HTML simply.

I used a Link Image ..

<a href=”http//www.theurlyouwanttolinkto.com”>

<img src=”theimagepath” width=”80” height"=”50” />

</a>

So, if your images don’t fit correctly the size you need, the width and height properties will shrink or zoom the image according to your preference

I was changing some of the power options on my laptop for the last few days. Then, now I needed to hibernate my system to complete my work later..

I discovered that the Hibernate option disappeared.

This is a Windows Vista Ultimate machine.

To restore back the hibernate option:

Command prompt –> Run As Administrator –> powercfg /hibernate on

This video is amazing

Check here for what’s new in XNA 3.1

i ‘ve been discussing game programming and XNA game studio recently with Sam Stokes.

He has a nice blog. Just have a look.

Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 is available for download here .

If you feel collecting the 33 Co-Tags difficult, watch the video here.

I really enjoyed this game soooooooooo much that it made me think seriously of trying XNA Game studio. Just have a look on this review..

I usually use Dual boot on my machine, for testing, trials, learning purpose …etc

I had some headache  recently..

I had windows vista ultimate 32 bit installed on my C drive. After wards, I installed Windows server 2008 64Bit on my D drive. On boot, i have a list to choose the boot options. All worked fine.

After a few weeks, i had to reinstall vista on my C drive,
Now, I can't reach the operating system list on my boot to use the server edition.
I tried something like EasyBCD tool but no way .
Then , i tried to use the Windows Server DVD to repair the installation . BUT , the DVD ONLY detects the Vista on C partition for the repair.
The other Windows server 2008 on D partition is not detected at all. Although i checked the D  partition and the files are still there.

The only solution, was to boot again from the Vista DVD, choose the repair option. Afterwards all the stuff is repaired.

Have a look again on how the boot configuration looks like now

Sometimes you need to expand the allocated hard disk space or add a new HDD drive for one of your virtual machines.

I ‘ll show a little explanation for that.

I ‘m using Windows XP virtual machine on a Vista machine.

This snapshot shows the only available HDDs on the XP machine:

You need to shutdown the virtual machine before adding the new Hard Disk.

Edit Virtual Machine Settings

Click Add

Now the new disk has been added

Restart your virtual machine

Nothing new added yet. But, note the new HDD icon on the bottom right icons on the vmware bar.

On the virtual machine, Start > Run > mmc.exe

File > Add / Remove snap-in

Add > Computer Management

Click on Disk Management

(This gives you an option to use a dynamic disc too if you need one)

Right click on the new disk and choose > Create New Partition

Now the new HDD partition added successfully

Synchronizing your Mp3s with Windows Mobile and Windows Media Player is something pretty simple.

Media Player 11 detects the Mobile Device you are using and the the storage card as two separate devices. Just drag and drop the files to the sync list and it is synchronized automatically once you connect your Mobile to the computer

Making your firewall access policy is so simple. You should only have a plan.

What you want to do ( Allow / Deny ) for what type of traffic, the source and destination ( either computers or networks) , users or computers.

If you need to have exceptions, this is easily allowed.

Make sure you use a nice description name for the policy you make. Also take care that the policy order makes a difference.

For exmaple:

If we have  two access rules:

. Allow All Traffic

. Deny All Traffic

This order will allow all the traffic.

But, if they are rearranged as

. Deny All Traffic

. Allow All Traffic

This order will deny all the traffic.

Making your first access policy:

When I tried to access my blog website from the machine hosting the  Forefront Threat Management Gateway I couldn’t.

Have a look on the technical information part that shows that Forefront TMG denied the access

Actually, Forefront Threat Management Gateway, considers the hosting machine ( local host ) as a separate network. So, we will make an access rule to allow the web traffic from the hosting machine.

To have a more detailed look on the  protocols, click (Edit)

Select whether you want your HTTP traffic to be inspected for malware or no

Forefront TMG detects the local host machine as a separate network

You can add multiple source networks or users to the same rule if you want so

Click Add. You can choose “External” form the networks part for the whole internet. You can also make a new URL set. Click new

You can make URL sets specifically to access. In this example, I made my blog url in the list. The /* is necessary to access all the webpages in that domain.

The users pane will be of great use if you are on a domain. You will then be able to make access rules to users by selecting their Active Directory accounts

Again my blog is not accessible.

Forefront TMG is very specific. We made an outbound policy that allows the outbound web request. But the reply packets are still rejected.

So, I made the reverse access policy too

My blog is available now, but doesn’t look cool :( . That’s because the background theme, the pics .. etc are stored on Microsoft servers and not on my blog site. So, I made a more flexible to allow inbound web traffic from the whole internet.

Now, all looks fine.

 

ISA server and Forefront were two separate products. But now, they have become one.

Forefront Threat Management Gateway (TMG) adds the malware protection functionality to the ISA server.

This is a little presentation showing the installation step by step on the windows server 2008 64bit that is NOT a part of a domain ( Just to make stuff simpler at first )

First: Unpack the installation application:

Then, Just follow the wizard:

Choose the installation path

Second: Install the software:

Choose “Install Forefront TMG”

. If you have other machines having the Forefront TMG installed and you want to manage them remotely from the computer, choose the “Install Forfront Threat Management Gateway Management Only ”. But, this option doesn’t install the TMG engine.

. In our case, we will install the first option, this installs the engine and the management interface too.

We need all the stuff to be available on the machine.

choose the network adapter connected to your internal network

You can also add different ip address ranges to your internal network

Check the ranges for confirmation before clicking next

Installation Done

Third: Begin configuring you Forefront Threat Management Gateway:

You have three templates. For the sake of this demonstration, we will select the Edge Template. ( NB. The three templates preview is only to understand what is going on. It doesn’t affect your network configuration at all)

If your network settings were not detected automatically, make sure you enter them

Check the settings if you need to change any before clicking finish

Make sure that the machine name and the domain settings ( if you are connected to a domain ) are detected well, otherwise, enter them manually.

You must have your TMG server up to date, to have your network more secure. New attacks and malware updates are available frequently

You can participate if you like ;)

As a first time installation, you may need to use the Web Access Wizard to make policies for your network users web access, but you can uncheck it and begin making the access rules manually the way you like.

Malware inspection for web  traffic is a new feature. It uses the malware engines in Forefront server

Make sure you read the options carefully (Although it is always recommended to make the access rule manually to make sure you are really allowing access to what you really need and nothing more )

You can selectively Deny Access to anywhere ( Will be discussed in more details in a later article)

It is recommended to use the Malware Inspection feature

If you want to allow web caching to minimize the internet traffic for commonly accessed websites. ( will be discussed later in a separate article for using a web caching server )

Now you have Forefront Threat Management Gateway successfully installed

To view the policies, click on the Firewall Policy on the Left side. You will find the access rule we just created using the wizard. Make sure you click the apply button to have the new settings applied

Also, note the default DENY ALL at the bottom of the list. Make sure this policy is always the last one as it will deny all connections that don’t match the policies above. If it is in a higher position, allowed access by other policies below it will be discarded.

Well..

I 'm using Windows Mobile 6.0 on HTC Touch. I 'm  paying a lot for weather updates !!!! and stuff like that, when I don't need to use the GPRS / EDGE so long as I have the wifi and my laptop available.

There is no clear function to disable that without disconnecting your mobile signals too. I had to make a new NULL !!!! connection for Internet access as the default one, then switch between the network connections when I need to have Internet access form my mobile.

Start > Settings > connections > connections > advanced > Select Networks

The first part showing " Programs that automatically connect to the Internet should connect using" :

Just make a new connection  with no settings and save it. Choose it as the default connection, when you need to have access, choose your mobile network connection back ...

Enjoy :) and save your money :D

Hyper V is a new Virtualization Era. Microsoft has done a big deal of improvements and enhancements on the Virtualization. Now Hyper V is a part of the system.You don't have to go through that headache of implementing Virtualization like that used to be in Virtual server.

When I first tried to try Hyper V, installed a 32Bit server edition. Then I discovered it is not supported. I don't know why Microsoft doesn't support the Hyper V role in a 32 bit server.

So, I had to install a 64 bit version. A strange thing happened ( was my first time to notice it actually) :

. My HDD has 3 partitions :

C : has vista ultimate

D : blank

E : some other files

When I began to install the win2008, I chose the D partition.

On opening the windows explorer from the server, it sees the windows files ..etc on the C partition and the vista on D !!!!!!

why did that happen ? Is it intentionally ?

Why doesn't it support the parallel installation with keeping the drive letters the same as they are ?

(The data is kept actually the same. When I check on vista, I find the vista on C partition and the server on D :( )

Now, lets go a head exploring the Hyper V step by step.

This is a Tutorial for Hyper-V Virtualization beginners. Please make sure you email me or post comments in case you need any clarification.

. I wanted to show first the I have only one NIC now. After installing the Hyper V role, I 'll install other NICs to have more connectivity options with the virtual machines.

. When you first start your server for the first time, it has no roles. Just go and add the hyper V role. ( System updates, securing your server...etc is beyond the scope of this topic. This is a testing machine)

. Just follow the wizard an all goes fine.

. Make sure you select Hyper-V

. An introduction to hyper-V, also the help documents from Microsoft on hyper v.

. Installing

. Restart your system now

. Right after system restart

The installation succeeded.

Now let's begin making our first virtual machine.

. First have a look on the Hyper-V server settings. Make sure you change the default directories for the virtual hard disks and the virtual machines. ( In a business environment, they should be on different physical drives other than your operating system for better performance). Also, change your escape Release Key according to what you prefer.

. . Then. go to the virtual network manager.. Well, now I 'll choose the network option to show a virtual NIC we will use.

. The Virtual NIC appears now. We can treat it as if it were a real one.

Now, we will start creating the first virtual machine.

. Right click your machine --> New --> Virtual Machine.

The hard disk and floppy disk can be used too to make expansion for your virtual machines as if you were adding some new hardware. ( amazing ;) )

. Just follow the wizard ...

Assign the Ram you like for your virtual machine

Now choose the network card we made before.

Choose the virtual hard disk configuration. (Here we will make a new one as shown)

Choose the installation source.

Make sure you have all the things right and click finish.

Now you have a new machine on your system :)

You can have as much virtual machines as you like so long as you have enough hardware support.

I 'll wait for your comments..