20 Best Online Project Management Tools to Manage Your ...

ShardingSphere 4.x Orchestration - Data Masking

Background

Security control has always been a crucial link of orchestration; data masking falls into this category. For both Internet enterprises and traditional sectors, data security has always been a highly valued and sensitive topic. Data masking refers to transforming some sensitive information through masking rules to safely protect the private data. Data involves client's security or business sensibility, such as ID number, phone number, card number, client number and other personal information, requires data masking according to relevant regulations.
Because of that, ShardingSphere has provided data masking, which stores users' sensitive information in the database after encryption. When users search for them, the information will be decrypted and returned to users in the original form.
ShardingSphere has made the encryption and decryption processes totally transparent to users, who can store desensitized data and acquire original data without any awareness. In addition, ShardingSphere has provided internal masking algorithms, which can be directly used by users. In the same time, we have also provided masking algorithm related interfaces, which can be implemented by users themselves. After simple configurations, ShardingSphere can use algorithms provided by users to perform encryption, decryption and masking.

Preface

Apache ShardingSphere is an ecosystem of open source distributed database middleware solutions. It consists of Sharding-JDBC, Sharding-Proxy, and Sharding-Sidecar (in planning) which are independent of each other, but can be used in mixed deployment. All of these can provide standardized data sharding, distributed transactions, and distributed governance functions, and can be applied to various situation such as Java homogeneous, heterogeneous languages, containers, cloud native, and so on.
The data encryption module belongs to the sub-function module under the core function of ShardingSphere distributed governance. It parses the SQL input by the user and rewrites the SQL according to the encryption configuration provided by the user, thereby encrypting the original data and storing the original data and store the original data (optional) and cipher data to database at the same time. When the user queries the data, it takes the cipher data from the database and decrypts it, and finally returns the decrypted original data to the user. Apache ShardingSphere distributed database middleware automates and transparentizes the process of data encryption, so that users do not need to pay attention to the details of data decryption and use decrypted data like ordinary data. In addition, ShardingSphere can provide a relatively complete set of solutions for the encryption of online services or the encryption function of new services.

Demand Analysis

The demand for data encryption is generally divided into two situations in real business scenarios:
  1. When the new business start to launch, and the security department stipulates that the sensitive information related to users, such as banks and mobile phone numbers, should be encrypted and stored in the database, and then decrypted when used. Because it is a brand new system, there is no inventory data cleaning problem, so the implementation is relatively simple.
  2. For the service has been launched, and plaintext has been stored in the database before. The relevant department suddenly needs to encrypt the data from the on-line business. This scenario generally needs to deal with three issues as followings:
    a) How to encrypt the historical data, a.k.a.s clean data.
    b) How to encrypt the newly added data and store it in the database without changing the business SQL and logic; then decrypt the taken out data when use it.
    c) How to securely, seamlessly and transparently migrate plaintext and ciphertext data between business systems

Detailed Process

Overall Architecture

Encrypt-JDBC provided by ShardingSphere are deployed with business codes. Business parties need to perform JDBC programming for Encrypt-JDBC. Since Encrypt-JDBC implements all JDBC standard interfaces, business codes can be used without additional modification. At this time, Encrypt-JDBC is responsible for all interactions between the business code and the database. Business only needs to provide encryption rules. ** As a bridge between the business code and the underlying database, Encrypt-JDBC can intercept user behavior and interact with the database after transforming the user behavior. ** ![1](https://shardingsphere.apache.org/document/current/img/encrypt/1_en.png)
Encrypt-JDBC intercepts SQL initiated by user, analyzes and understands SQL behavior through the SQL syntax parser.According to the encryption rules passed by the user, find out the fields that need to be encrypted/decrypt and the encryptodecryptor used to encrypt/decrypt the target fields, and then interact with the underlying database.ShardingSphere will encrypt the plaintext requested by the user and store it in the underlying database; and when the user queries, the ciphertext will be taken out of the database for decryption and returned to the end user.ShardingSphere shields the encryption of data, so that users do not need to perceive the process of parsing SQL, data encryption, and data decryption, just like using ordinary data.

Encryption Rule

Before explaining the whole process in detail, we need to understand the encryption rules and configuration, which is the basis of understanding the whole process. The encryption configuration is mainly divided into four parts: data source configuration, encryptor configuration, encryption table configuration, and query attribute configuration. The details are shown in the following figure: ![2](https://shardingsphere.apache.org/document/current/img/encrypt/2_en.png)
Datasource Configuration:The configuration of DataSource.
Encryptor Configuration:What kind of encryption strategy to use for encryption and decryption. Currently ShardingSphere has two built-in encryption/decryption strategies: AES / MD5. Users can also implement a set of encryption/decryption algorithms by implementing the interface provided by ShardingSphere.
Encryption Table Configuration:Show the ShardingSphere data table which column is used to store cipher column data (cipherColumn), which column is used to store plain text data (plainColumn), and which column users want to use for SQL writing (logicColumn)
How to understand Which column do users want to use to write SQL (logicColumn)?
We can understand according to the meaning of Encrypt-JDBC. The ultimate goal of Encrypt-JDBC is to shield the encryption of the underlying data, that is, we do not want users to know how the data is encrypted/decrypted, how to store plaintext data in plainColumn, and ciphertext data in cipherColumn. In other words, we do not even want users to know the existence and use of plainColumn and cipherColumn. Therefore, we need to provide users with a column in conceptual. This column can be separated from the real column of the underlying database. It can be a real column in the database table or not, so that the user can freely change the plainColumn and The column name of cipherColumn. Or delete plainColumn and choose to never store plain text and only store cipher text. As long as the user's SQL is written according to this logical column, and the correct mapping relationship between logicColumn and plainColumn, cipherColumn is given in the encryption rule.
Why do you do this? The answer is at the end of the article, that is, to enable the online services to seamlessly, transparently, and safely carry out data encryption migration.
Query Attribute configuration:When the plaintext data and ciphertext data are stored in the underlying database table at the same time, this attribute switch is used to decide whether to directly query the plaintext data in the database table to return, or to query the ciphertext data and decrypt it through Encrypt-JDBC to return.

Encryption Process

For example, if there is a table in the database called t_user, there are actually two fields pwd_plain in this table, used to store plain text data, pwd_cipher, used to store cipher text data, and define logicColumn as pwd. Then, when writing SQL, users should write to logicColumn, that is, INSERT INTO t_user SET pwd = '123'. ShardingSphere receives the SQL, and through the encryption configuration provided by the user, finds that pwd is a logicColumn, so it decrypt the logical column and its corresponding plaintext data. As can be seen that ** ShardingSphere has carried out the column-sensitive and data-sensitive mapping conversion of the logical column facing the user and the plaintext and ciphertext columns facing the underlying database. **As shown below:
![3](https://shardingsphere.apache.org/document/current/img/encrypt/3_en.png)
** This is also the core meaning of Encrypt-JDBC, which is to separate user SQL from the underlying data table structure according to the encryption rules provided by the user, so that the SQL writter by user no longer depends on the actual database table structure. The connection, mapping, and conversion between the user and the underlying database are handled by ShardingSphere. ** Why should we do this? It is still the same : in order to enable the online business to seamlessly, transparently and safely perform data encryption migration.
In order to make the reader more clearly understand the core processing flow of Encrypt-JDBC, the following picture shows the processing flow and conversion logic when using Encrypt-JDBC to add, delete, modify and check, as shown in the following figure. ![4](https://shardingsphere.apache.org/document/current/img/encrypt/4_en.png)

Detailed Solution

After understanding the ShardingSphere encryption process, you can combine the encryption configuration and encryption process with the actual scenario. All design and development are to solve the problems encountered in business scenarios. So for the business scenario requirements mentioned earlier, how should ShardingSphere be used to achieve business requirements?

New Business

Business scenario analysis: The newly launched business is relatively simple because everything starts from scratch and there is no historical data cleaning problem.
Solution description: After selecting the appropriate encryptor, such as AES, you only need to configure the logical column (write SQL for users) and the ciphertext column (the data table stores the ciphertext data). It can also be different **. The recommended configuration is as follows (shown in Yaml format):
yaml encryptRule: encryptors: aes_encryptor: type: aes props: aes.key.value: 123456abc tables: t_user: columns: pwd: cipherColumn: pwd encryptor: aes_encryptor
With this configuration, Encrypt-JDBC only needs to convert logicColumn and cipherColumn. The underlying data table does not store plain text, only cipher text. This is also a requirement of the security audit part. If users want to store plain text and cipher text together in the database, they just need to add plainColumn configuration. The overall processing flow is shown below:
![5](https://shardingsphere.apache.org/document/current/img/encrypt/5_en.png)

Online Business Transformation

Business scenario analysis: As the business is already running online, there must be a large amount of plain text historical data stored in the database. The current challenges are how to enable historical data to be encrypted and cleaned, how to enable incremental data to be encrypted, and how to allow businesses to seamlessly and transparently migrate between the old and new data systems.
Solution description: Before providing a solution, let ’s brainstorm: First, if the old business needs to be desensitized, it must have stored very important and sensitive information. This information has a high gold content and the business is relatively important. If it is broken, the whole team KPI is over. Therefore, it is impossible to suspend business immediately, prohibit writing of new data, encrypt and clean all historical data with an encrypter, and then deploy the previously reconstructed code online, so that it can encrypt and decrypt online and incremental data. Such a simple and rough way, based on historical experience, will definitely not work.
Then another relatively safe approach is to rebuild a pre-release environment exactly like the production environment, and then encrypt the ** Inventory plaintext data ** of the production environment through the relevant migration and washing tools and store it in the pre-release environment. The ** Increment data ** is encrypted by tools such as MySQL master-slave replication and the business party ’s own development, encrypted and stored in the database of the pre-release environment, and then the refactored code can be deployed to the pre-release environment. In this way, the production environment is a set of environment for ** modified/queries with plain text as the core *; the pre-release environment is a set of * encrypt/decrypt queries modified with ciphertext as the core **. After comparing for a period of time, the production flow can be cut into the pre-release environment at night. This solution is relatively safe and reliable, but it takes more time, manpower, capital, and costs. It mainly includes: pre-release environment construction, production code rectification, and related auxiliary tool development. Unless there is no way to go, business developers generally go from getting started to giving up.
Business developers must hope: reduce the burden of capital costs, do not modify the business code, and be able to safely and smoothly migrate the system. So, the encryption function module of ShardingSphere was born. It can be divided into three steps:
  1. Before system migration
    Assuming that the system needs to encrypt the pwd field of t_user, the business side uses Encrypt-JDBC to replace the standardized JDBC interface, which basically requires no additional modification (we also provide SpringBoot, SpringNameSpace, Yaml and other access methods to achieve different services demand). In addition, demonstrate a set of encryption configuration rules, as follows:
    yaml encryptRule: encryptors: aes_encryptor: type: aes props: aes.key.value: 123456abc tables: t_user: columns: pwd: plainColumn: pwd cipherColumn: pwd_cipher encryptor: aes_encryptor props: query.with.cipher.column: false
    According to the above encryption rules, we need to add a column called pwd_cipher in the t_user table, that is, cipherColumn, which is used to store ciphertext data. At the same time, we set plainColumn to pwd, which is used to store plaintext data, and logicColumn is also set to pwd . Because the previous SQL was written using pwd, that is, the SQL was written for logical columns, so the business code did not need to be changed. Through Encrypt-JDBC, for the incremental data, the plain text will be written to the pwd column, and the plain text will be encrypted and stored in the pwd_cipher column. At this time, because query.with.cipher.column is set to false, for business applications, the plain text column of pwd is still used for query storage, but the cipher text data of the new data is additionally stored on the underlying database table pwd_cipher. The processing flow is shown below:
    ![6](https://shardingsphere.apache.org/document/current/img/encrypt/6_en.png)
    When the newly added data is inserted, it is encrypted as ciphertext data through Encrypt-JDBC and stored in the cipherColumn. Now it is necessary to process historical plaintext inventory data. ** As Apache ShardingSphere currently does not provide the corresponding migration and washing tools, the business party needs to encrypt and store the plain text data in pwd to pwd_cipher. **
  2. During system migration
    The incremental data has been stored by Encrypt-JDBC in the ciphertext column and the plaintext is stored in the plaintext column; after the historical data is encrypted and cleaned by the business party itself, the ciphertext is also stored in the ciphertext column. That is to say, the plaintext and the ciphertext are stored in the current database. Since the query.with.cipher.column = false in the configuration item, the ciphertext has never been used. Now we need to set the query.with.cipher.column in the encryption configuration to true in order for the system to cut the ciphertext data for query. After restarting the system, we found that the system business is normal, but Encrypt-JDBC has started to extract the ciphertext data from the database, decrypt it and return it to the user; and for the user's insert, delete and update requirements, the original data will still be stored The plaintext column, the encrypted ciphertext data is stored in the ciphertext column.
    Although the business system extracts the data in the ciphertext column and returns it after decryption; however, it will still save a copy of the original data to the plaintext column during storage. Why? The answer is: in order to be able to roll back the system. ** Because as long as the ciphertext and plaintext always exist at the same time, we can freely switch the business query to cipherColumn or plainColumn through the configuration of the switch item. ** In other words, if the system is switched to the ciphertext column for query, the system reports an error and needs to be rolled back. Then just set query.with.cipher.column = false, Encrypt-JDBC will restore, that is, start using plainColumn to query again. The processing flow is shown in the following figure:
    ![7](https://shardingsphere.apache.org/document/current/img/encrypt/7_en.png)
  3. After system migration
    Due to the requirements of the security audit department, it is generally impossible for the business system to keep the plaintext and ciphertext columns of the database permanently synchronized. We need to delete the plaintext data after the system is stable. That is, we need to delete plainColumn (ie pwd) after system migration. The problem is that now the business code is written for pwd SQL, delete the pwd in the underlying data table stored in plain text, and use pwd_cipher to decrypt to get the original data, does that mean that the business side needs to rectify all SQL, thus Do not use the pwd column that is about to be deleted? Remember the core meaning of our Encrypt-JDBC?
    This is also the core meaning of Encrypt-JDBC. According to the encryption rules provided by the user, the user SQL is separated from the underlying database table structure, so that the user's SQL writing no longer depends on the actual database table structure. The connection, mapping, and conversion between the user and the underlying database are handled by ShardingSphere.
    Yes, because of the existence of logicColumn, users write SQL for this virtual column. Encrypt-JDBC can map this logical column and the ciphertext column in the underlying data table. So the encryption configuration after migration is:
    yaml encryptRule: encryptors: aes_encryptor: type: aes props: aes.key.value: 123456abc tables: t_user: columns: pwd: # pwd与pwd_cipher的转换映射 cipherColumn: pwd_cipher encryptor: aes_encryptor props: query.with.cipher.column: true
The processing flow is as follows:
![8](https://shardingsphere.apache.org/document/current/img/encrypt/8_en.png)
So far, the online service encryption and rectification solutions have all been demonstrated. We provide Java, Yaml, SpringBoot, SpringNameSpace multiple ways for users to choose to use, and strive to fulfil business requirements. The solution has been continuously launched on JD Digits, providing internal basic service support.

The advantages of Middleware encryption service

  1. Automated & transparent data encryption process, users do not need to pay attention to the implementation details of encryption.
  2. Provide a variety of built-in, third-party (AKS) encryption strategies, users only need to modify the configuration to use.
  3. Provides a encryption strategy API interface, users can implement the interface to use a custom encryption strategy for data encryption.
  4. Support switching different encryption strategies.
  5. For online services, it is possible to store plaintext data and ciphertext data synchronously, and decide whether to use plaintext or ciphertext columns for query through configuration. Without changing the business query SQL, the on-line system can safely and transparently migrate data before and after encryption.

Description of applicable scenarios

  1. User projects are developed in Java.
  2. The back-end databases are MySQL, Oracle, PostgreSQL, and SQLServer.
  3. The user needs to encrypt one or more columns in the database table (data encryption & decryption).
  4. Compatible with all commonly used SQL.

Limitation

  1. Users need to deal with the original inventory data and wash numbers in the database.
  2. Use encryption function + sub-library sub-table function, some special SQL is not supported, please refer to SQL specification
  3. Encryption fields cannot support comparison operations, such as: greater than less than, ORDER BY, BETWEEN, LIKE, etc.
  4. Encryption fields cannot support calculation operations, such as AVG, SUM, and calculation expressions.

Solution

ShardingSphere has provided two data masking solutions, corresponding to two ShardingSphere encryption and decryption interfaces, i.e., ShardingEncryptor and ShardingQueryAssistedEncryptor.
On the one hand, ShardingSphere has provided internal encryption and decryption implementations for users, which can be used by them only after configuration. On the other hand, to satisfy users' requirements for different scenarios, we have also opened relevant encryption and decryption interfaces, according to which, users can provide specific implementation types. Then, after simple configurations, ShardingSphere can use encryption and decryption solutions defined by users themselves to desensitize data.

ShardingEncryptor

The solution has provided two methods encrypt() and decrypt() to encrypt/decrypt data for encryption.
When users INSERT, DELETE and UPDATE, ShardingSphere will parse, rewrite and route SQL according to the configuration. It will also use encrypt() to encrypt data and store them in the database. When using SELECT, they will decrypt sensitive data from the database with decrypt() reversely and return them to users at last.
Currently, ShardingSphere has provided two types of implementations for this kind of masking solution, MD5 (irreversible) and AES (reversible), which can be used after configuration.

ShardingQueryAssistedEncryptor

Compared with the first masking scheme, this one is more secure and complex. Its concept is: even the same data, two same user passwords for example, should not be stored as the same desensitized form in the database. It can help to protect user information and avoid credential stuffing.
This scheme provides three functions to implement, encrypt(), decrypt() and queryAssistedEncrypt(). In encrypt() phase, users can set some variable, timestamp for example, and encrypt a combination of original data + variable. This method can make sure the encrypted masking data of the same original data are different, due to the existence of variables. In decrypt() phase, users can use variable data to decrypt according to the encryption algorithms set formerly.
Though this method can indeed increase data security, another problem can appear with it: as the same data is stored in the database in different content, users may not be able to find out all the same original data with equivalent query (SELECT FROM table WHERE encryptedColumnn = ?) according to this encryption column.Because of it, we have brought out assistant query column, which is generated by queryAssistedEncrypt(). Different from decrypt(), this method uses another way to encrypt the original data; but for the same original data, it can generate consistent encryption data. Users can store data processed by queryAssistedEncrypt() to assist the query of original data. So there may be one more assistant query column in the table.
queryAssistedEncrypt() and encrypt() can generate and store different encryption data; decrypt() is reversible and queryAssistedEncrypt() is irreversible. So when querying the original data, we will parse, rewrite and route SQL automatically. We will also use assistant query column to do WHERE queries and use decrypt() to decrypt encrypt() data and return them to users. All these can not be felt by users.
For now, ShardingSphere has abstracted the concept to be an interface for users to develop rather than providing accurate implementation for this kind of masking solution. ShardingSphere will use the accurate implementation of this solution provided by users to desensitize data.

Continuance

This article describes how to use Encrypt-JDBC, one of the ShardingSphere products, SpringBoot, SpringNameSpace are also could be the access form , etc. This form of access mainly focus to Java homogeneous, and is deployed together with business code In a production environment. For heterogeneous languages, ShardingSphere also provides Encrypt-Proxy client. Encrypt-Proxy is a server-side product that implements the binary protocol of MySQL and PostgreSQL. Users can independently deploy the Encrypt-Proxy service, User can access this virtual database server with encryption through third-party database management tools(e.g. Navicat), JAVA connection pool or the command line, just like access ordinary MySQL and PostgreSQL databases.
The encryption function belongs to distributed governance of Apache ShardingSphere. In fact, the Apache ShardingSphere ecosystem also has other more powerful capabilities, such as data sharding, read-write separation, distributed transactions, and monitoring governance. You can even choose any combination of these functions, such as encryption + data sharding, or data sharding + read-write separation, or monitoring governance + data sharding. In addition to the combination of these functions, ShardingSphere also provides various access forms, such as Sharding-JDBC and Sharding-Proxy for different situations.
submitted by Sharding-Sphere to u/Sharding-Sphere [link] [comments]

Part 2: Tools & Info for Sysadmins - Mega List of Tips, Tools, Books, Blogs & More

(continued from part 1)
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments or suggestions.
u/crispyducks
submitted by crispyducks to sysadmin [link] [comments]

IT Pro Tuesday #64 (part 2) - Mega List of Tips, Tools, Books, Blogs & More

(continued from part 1)
Captura is a flexible tool for capturing your screen, audio, cursor, mouse clicks and keystrokes. Features include mixing audio recorded from microphone and speaker output, command-line interface, and configurable hotkeys. Thanks to jantari for the recommedation.
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments.
Graham | CEO | EveryCloud
submitted by crispyducks to ITProTuesday [link] [comments]

Tools & Info for MSPs #2 - Mega List of Tips, Tools, Books, Blogs & More

(continued from part #1)
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments.
Graham | CEO | EveryCloud
Fyi - I've set up a subreddit /itprotuesday, where we feature / encourage posts of some additional tools, tips etc. throughout the week. Pop over and subscribe if you’re interested.
submitted by crispyducks to msp [link] [comments]

MAME 0.207

MAME 0.207

It’s almost the end of February, and more importantly it’s time for MAME 0.207 to be released! We’ve added two Nintendo Game & Watch titles this month: Fire (wide screen) and Snoopy Tennis. If you’re at all interested in plug-and-play TV games, this is going to be a huge update, with all the newly-supported JAKKS Pacific titles, including Disney Princess, Dragon Ball Z, Nicktoons, Spider-Man, and Wheel of Fortune, as well as a number of matching Game-Keys. The other big batch of additions this month comes in the form of a whole lot of e-kara cartridge dumps from Japan. For younger players, we’re steadily filling out the V.Smile software list, with eighteen newly supported titles. The VGM software list has been updated with the latest video game music rips, and we’ve added some more original floppy dumps and clean cracks to the Apple II software lists.
With the latest improvements to the MIPS R4000 CPU, WD33C93 SCSI and SGI Newport graphics emulation, it’s possible to install and run IRIX in MAME. This is a milestone achievement, and wouldn’t have been possible without some amazing dedication and collaboration on the part of the contributors and team members involved. With the addition of graphics and mouse support, Windows 1.0 runs on MAME’s Tandy 2000 emulation. MAME continues to add additional variants of supported systems, including the HP 9825T and the Esselte Modulab educational system.
Newly supported arcade games include an earlier prototype of Rise of the Robots, bootlegs of Ghost Chaser Densei and The Glob, and additional versions of Raiden Fighters 2, Guardian Storm, Pasha Pasha Champ, Lethal Enforcers, and X-Men. General usability improvements include friendlier Apple II disassembly, the restoration of key map support in SDL builds (Linux/macOS), and better initial window positioning on Windows.
You can get the source and Windows binary packages from the download page.

MAMETesters Bugs Fixed

New working machines

New working clones

Machines promoted to working

Clones promoted to working

New machines marked as NOT_WORKING

New clones marked as NOT_WORKING

New working software list additions

Software list items promoted to working

New NOT_WORKING software list additions

Translations added or modified

Source Changes

submitted by cuavas to emulation [link] [comments]

TEAMS - רכיב צ'אט {N} Air 5 - NativeScript Plugins - the {N} Team view TRADING OPTIONS: BINARY OPTIONS REVIEW - HOW TO TRADE BINARY OPTIONS (TRADING STRATEGY) Binary Options Trading is a Scam and Please avoid this kind of shit (Hindi) BINARY OPTIONS TRADING STRATEGY VS FOREX STRATEGY: TRADING FOREX OR OPTIONS TRADING Binary Options Guaranteed Latest Digits Differ No Loss Volatility strategies $20usd in 20 MIN Binary Options - Binary Options Trading with Binary Option Strategy (Binary Options 2016)

We will keep monitoring and update this section if necessary. Read More. DBot – Binary Options No Deposit Trading Bot by Deriv Broker . Posted Deriv Broker is an online binary options and forex trading service provider offering a comprehensive suite of products with flexible pricing, where its customers can trade currencies, indices, commodities, and volatility indices 24/7. Committed to ... The best online project management tool to manage your projects is monday.com. It is a highly capable and customizable cloud-based project management software best known for features, such as advanced scheduling tools, effective collaboration & communication, efficient task management & team monitoring, and comprehensive visualized reports. Similarly, a binary options broker is a platform that specializes in offering binary trading services through online platforms. Both regulated and unregulated brokers have direct contact with traders. Furthermore, some brokers have their proprietary trading platform, while some widely use third-party trading applications such as MetaTrader. 20 Best Binary Options Brokers 2020: This is a review of some of the best binary options brokers. The review is essentially a binary options brokers list 2020. The review will give you a deeper understanding of how they operate. The review seeks to arm you with relevant information before you get involved with binary options. Ganon Forex Robot uses what the page refers to as “exclusive Strand Theory”. This allows the EA to find the healthiest trend trades and removes “fake outs”. A report states that the strategy was worked on for a period of 6 years and it locates the best trend signals. Users can choose from two modes to be used. Binary Option Strategy Deutsch And Third Party Monitoring Wollen Sie weiter erforschen und gefährden, was gut für mich los. Sie sagte etwas über Webinare, Sie mir bitte sagen können, wann es ist? sehe keiner viel Geld und wenig Angst vor dem großen Schritt voraus. machen Sie das schon seit mehr als 2 Jahren auf live-System und angemessenes Einkommen auf wöchentlicher Basis. Binary Options Brokers Binäre Optionen Broker Mindesteinzahlung: 200 Minimum Trade Größe: 20 Akzeptiert nicht US-Kunden Erfahren Sie mehr ü... 12 Best Remote Monitoring Software 1. Atera. Topping our best remote monitoring software list is Atera, an all-around MSP toolbox that comes with various business tools for remote PC monitoring and management, ticketing, customer management and automation. With its RMM module, you can enable on-demand IT support for your business through ... The strength of their third party signals varies and provides information as to the most likely direction of the underlying asset. However, the expiry time is determined by the trader. With the exception of High/low trades, they offer two additional means of trading: including One-Touch option, which lets the trader decide if the underlying asset will hit a certain value before the expiry time ... This way, you can successfully craft a winning strategy with the free account. platform cloud based trading software, versatile design catering all experience levels and a professional, effective and attentive customer support team. rated feature when it comes to brokers, binary strategy party option third and monitoring. In fact, the demo account is an excellent first pillar for the success ...

[index] [10366] [365] [1047] [25293] [27439] [4848] [27386] [24053] [1006] [27712]

TEAMS - רכיב צ'אט

Binary Options Trading is a Scam and Please avoid this kind of shit (Hindi) Let's find out all I collected all the information for you. If you enjoyed this video please like it and share with your ... Binary Options: Binary Options Trading with Binary Options Strategy (Binary Options 2016) ★ GET FREE BONUS http://iqopts.com/bonus - [On first deposit on ... Binary options trading strategy play important role in options trading, as well as forex strategy in trading forex. Irrespective of the options trading hours, knowing the trend in tandem with ... Binary Options trading Strategy Drip Feed Up down 90 percent guaranteed Winning method - Duration: 32:25. Proudly Tech Money General Tips And Tricks 5,953 views 32:25 Binary Options Review: Trading Strategy For Trading Options (How To Trade Binary Options) If you want to know how to trade binary options you need learn many information about trading options ... Best Binary Options Strategy 2020 - 2 Minute Strategy LIVE TRAINING! - Duration: 43:42. BLW Online Trading Recommended for you. 43:42. Using Third Party iOS Libraries in NativeScript Tutorial ... Best Binary Options Strategy 2020 - 2 Minute Strategy LIVE TRAINING! - Duration: 43:42. BLW Online Trading Recommended for you

https://binaryoptiontrade.matchyl.cf