When your monitoring and reporting solution overwhelms you with noise, it is going to be human nature for you to simply ignore it. You’d never get anything done otherwise. And while you may have the best intentions, when it comes to reviewing all those folders, far too often it is to find that one alert email that you should have seen before something became a critical failure. Your monitoring has put you into information overload, and it’s time to troubleshoot your way out of that mess.

How much is too much?

Real-time alerts, or those that the monitoring system sends you as soon as it detects a condition that requires immediate attention, should be kept to a minimum. Service failures, low disk space warnings, failed backups (that don’t automatically schedule themselves to try again), virus detections, privileged account lockouts – these are the things you really should be looking at fairly quickly. Anything else is noise. The first thing that as a team you need to do is look at a representative days’ worth of alert messages, and as a team, identify the ones that don’t need immediate attention. Anything that can be safely ignored or looked at later, is something that shouldn’t be an immediate alert. Informational messages are the same way. If you really need to know about every success, then you need a NOC or dedicated monitoring team. The idea here is to weed out all the noise so that when your phone buzzes in the middle of a meeting, it is only because there’s something you really need to look at.

Who’s on deck?

Another common problem I see is alerts that go to a distribution list, and everyone assumes someone else has got it covered. D/Ls are the right thing to use for alerts, but you need to set up a rotation of who is the first responder, and who is the backup, and when an alert is received, whoever is actually going to respond needs to reply-all that they have it covered. That way you all know it is getting taken care of, and you don’t have two (or more) people trying to do the same thing.

But it’s during scheduled maintenance

If you have maintenance windows, make sure your monitoring system is configured to stop alerting during that window. Whether you are doing system upgrades, patching, recabling, or anything else, you don’t want alerts waking people up during the expected reboots for patching.

Oh yeah, you can ignore that, I rebooted

Look for monitoring systems that have a really simple pause button, and then make sure that you press that pause before doing something that would trigger an alert, like restarting a service or rebooting a server. We don’t want others to respond to a perceived service failure when you are actively working with the box; it’s those sort of “boy who cried wolf” alerts that make people start ignoring them.

PING doesn’t mean all is well

Pinging a box to make sure it is online and reachable is great, but that doesn’t tell you anything about the running services. Implement monitors that actually test services, either by generating queries, submitting GETs, logging on, checking mail, etc. I’ve seen servers hard crashed whose NICs still responded to PINGs, so don’t rely on just that to be sure everything is up.

Daily summaries are your friend

Remember all those extra alerts we weeded out in the first step? Those should be moved to daily summaries that hit the team’s inboxes first thing in the morning. Once you get logged on and down to business, each team member should take turns reviewing the summary alerts so that those things that could wait until the next day do get the attention they need.

Automate your responses

If the appropriate response to an alert in the middle of the night is to restart the service, run a script, or bounce the box, let your monitoring solution do that for you. Only if the service doesn’t come back up after the automated action should the on-call admin have to remote in for further investigation.

Use SMS to get people’s attention

Ideally, you should use SMS to send text alerts to admins’ phones, instead of email. We all get far too much email around the clock, and the on-call guy shouldn’t have to lose sleep unless something really goes wrong. Silencing your email alerts while keeping SMS alerts audible lets you sleep through the night, but will actually wake you up if something critical does occur.

By reducing the noise to manageable levels, automating responses, and moving informational alerts to daily summaries, you can get a better handle on your monitoring and alerting, actually provide appropriate and timely responses to the alerts that need you, and start moving away from that daily firefighting mode.

Hardware

1. Standardize on one USB plug size
I have dozens of portable devices including phones, mp3 players, still cameras, video cameras, portable disks, and the list goes on; and it seems like no two of them use the same cable. I want to see the industry standardize on one plug type, and whether the device is data capable or not, make every rechargeable device work on that one plug. The micro USB looks like the one to go with, but I’m dreading the next round of gear with yet another plug type.

2. USB power ports in cars, airports, and hotels
I rented a car the other day for business travel, the Chevy Sonic. It had a USB port in the dash box and a grooved channel to run the cable through so I could charge my phone easily while it was on the center console and the door to the dash box was closed. That one little feature was the smartest thing I have seen in a car in years, and enough to make me consider it for my next purchase. All cars should have USB ports for power (and to play music through the stereo), hotels should have USB ports instead of dead analog phone ports in their desk lamps, and more airports should add the charging ports that are starting to crop up in places like San Jose, Dulles, SEA-TAC, and others. Instead of eight travelers all jockeying for the two open A/C adapters to plug their chargers into, have a bank of 5V USB ports and everyone wins.

3. Put all the plugs on one side of the network equipment
There’s simply no good way to do all your cable management since no two pieces of gear seem to have all their cables set up the same way. Some have all the Ethernet ports on the “front” and power and console on the “rear” but others just seem random. Pick a side and put all the connectors on one side!

 4. Smaller bricks
I see why we call the A/C adapters for our computer equipment bricks – the adapter for my work laptop is larger than a brick and weighs as much as a cinder block. But my personal laptop, which essentially has the same hardware, screen size, processor and graphics, has an adapter less than half that size. Let’s get bricks down to a manageable size.

5. Reversible fans
Another important point is to make fans reversible so we can rack gear based on our cabinets and cable management. In this way we can keep everything pulling cold and pushing hot without having to completely redo cable management.

6. A “personal” server
Whether you are a fan of Hyper-V, VMware, Xen, or VirtualBox, having a small form factor machine with a pair of processors, a ton of RAM, and some decent drive space would make home labs much more functional. The price, size, and noise of a ‘real’ server just won’t fit under the desk well, but you also don’t need that kind of capacity when your user count is at most four or five.

7. USB 3.0 for all
It’s the standard – nothing should come out with anything but USB 3.0 ports anymore: desktop, laptop, tablet, or server. Make sure there are lots of ports, and don’t go stingy on the current either.

8. SSD Drives
With capacities climbing and prices falling, it won’t be long before I can swap out that old 5400 RPM drive in my laptop for a shiny new, wicked fast, completely silent, and power sipping solid state disk drive. I don’t know which will be better, the extended battery life or the faster performance, but either way, I’ll be happy.

9. More RAM
For my laptop, my netbook, my tablet, my servers; there’s never enough memory to go around, and RAM intensive applications and the desire to run more virtual machines on practically any kind of hardware means this isn’t going to change any time soon.

10. Gadget USB drive
Every admin likes USB drives. Whether it looks like a Lego brick, a banana, or a piece of steam punk jewelry, unique USB drives with massive capacities will make any admin smile. Just make sure you scan them when you switch between computers.

11. A Wi-Fi NAS
Combining a Wi-Fi access point, wired switch, router, and up to 2 TB of storage, the LaCie Wireless Space has something to offer for everyone. There are various offerings in this space, but the LaCie seems to be the one to beat.

12. Ergonomic keyboards
Most people hate these split keyboards until they use them for three days; then they never want to go back. Ergonomic keyboards are much better for long term computer use and should be the default.

13. Better chairs
Odds are while you are reading this, your posture is terrible, and you’re doing your back no favors. Ergonomic chairs are frightfully expensive, but vital for people who sit at a PC all day.

14. Standing desk
Of course the best way to avoid bad sitting postures is to stand up. I once worked at an office that had desks with pneumatic adjustments, and chairs to match; you could sit normally at your workstation, elevate everything like you were at a bar, or stand up and work. Adjustments were as easy as pressing a lever, which meant you could adjust throughout the day. I never went home sore and have looked for an affordable desk like that ever since.

15. Touchscreen monitor(s)
A mouse or a trackball may seem like the way to interact with images on a screen, but nothing quite beats touch. If you have an iPad or other tablet, you know exactly what I am talking about.

16. HD webcams that pivot or have both front and rear
One decent thing no laptop, smartphone, or tablet should be made without, is a good camera. Whether it pivots so it can face fore and aft, or comes with both a front and a rear facing camera, the growing prominence for video conferencing, picture taking, and video making means that you never want to be without a camera, or have to choose between being on screen and seeing the screen.

17. Bluetooth
Not so much an issue for smartphones as it is for laptops, this is the other thing none of those devices should be made without. I don’t know what shocks me more, that a manufacturer offers it as a $20 option, or that someone thinks that is $20 worth saving and opts not to include it. No mobile device should be without Bluetooth, and I’d just as soon see it included in desktops too.

Software

18. Diablo III
Though not as delayed as Duke Nukem Forever, development on Diablo III started in 2001, and I cannot wait for the latest addition to the series.

19. Patch management software
This one should be easy to justify and get on this quarter’s budget. I want a package that can deploy operating system and third party application patches, deploy new software, run audits and reports, and do as much of that automatically as I can possibly desire. Patching should be routine, not a monthly disruption of “real work”.

20. Simple federation between IM platforms
Sure, federation is supposed to be easy, and XMPP might make it so, but have you ever tried to federate your Lync system with someone else’s Jabber system? IM either needs to move to a single unified standard that supports text, voice, and video, or gateways need to make it easier to hook tab A into slot B.

21. 2FA
I want two factor authentication for everything; my personal email, my bank account online, my credit cards, my VPN, my webmail, and anything else that might require authentication. SMS messages to cell phones seem to be the most universal way to go, and I want vendors to start embracing that. Sure, phones are hardware, but a 2FA solution using them is software only.

22. Voice controlled smart home software
Combine the voice recognition capabilities of Siri with the total home automation of SARAH from the television series Eureka, and you have the perfect home companion. Imagine being able to simply talk to your house to turn on or off lights, create shopping lists, or to take out the recycling. Nirvana!

23. Cloud synced profiles
Early reports on Windows 8 indicate that your personal settings will be stored with your Live ID in the cloud, so that if you log onto a friend’s Windows 8 PC, all of your personal preferences will be brought down, making the experience as seamless as possible. If they include file access (like an automatically present Skydrive mapping), the only thing we’ll have to adapt to is our friend’s different chair height. Until then, synced settings across web browsers are a nice feature.

24. Windows 8
Speaking of Windows 8, 2012 will bring us the latest version of Microsoft’s desktop operating system. While Windows 7 is still new to many XP holdouts, Windows 8 promises to be as radical a change to the desktop paradigm as 95 was to 3.1. I’ve played with the CTP and an early beta, and one thing I want to make sure of is that my next laptop has a touchscreen.

Other

25. IPv6
The IPv4 address space is essentially exhausted. The industry has been clamoring for IPv6 for years; it’s time ISPs and hosting providers make IPv6 available as part of the standard offering.

26. FiOS
I have the highest speed connection available within 100 miles, and I am in a metropolitan area of over two million people, and yet, there is never enough bandwidth. There’s a 144 strand fiber running through my front yard, but no ISP is willing to light it up. It’s time to get high-speed out to everyone.

27. No more batteries that cannot be changed by the user
I’m looking at you Apple. You’re not the only one, but you made it acceptable and even expected. Sealed units with integrated batteries are planned obsolescence and that’s just not right.

28. Geek Wisdom by Stephen Segal
A collection of geek quotes from film, television, and literature, this book needs to be on the reading list of every person who has ever quoted a sci-fi movie during a meeting.

29. Community Wi-Fi
The nearest Starbucks or Panera isn’t always near enough, and not everyone has a Mi-Fi device or 4G built into their laptop. Having Wi-Fi everywhere would be awesome.

Toys and tools

30. A new laptop
Admit it, unless you got a new laptop in the past two months, you are drooling over the current crop of ultra thin, ultra light, ultra large, or ultra fast laptops on the market today. Road warrior or desktop replacement, some of the newest machines are awesome, and we all like them shiny.

31. A new bag
You have to have a good home for your new laptop, charger, tablet, smartphone, assorted nick-necks and cables, and new bag is like a new car to geeks. I want one that can go from backpack to messenger bag, has a retro look, and is TSA friendly.

32. Bluetooth headphones
Whether you are a road warrior or a desk jockey, a set of headphones is essential, and being tethered by a cord is no fun. Bluetooth headphones that can handle music, VoIP, and my smartphone, with good battery life and the ability to shut out noises around me, are just the ticket.

33. Anything Doctor Who
Here’s a tip, any admin worth his or her salt is a fan of the Doctor, and whether it’s a sonic screwdriver, a Tardis USB hub, the complete collection on DVD, or a Dalek plush, you can’t go wrong with Doctor themed swag.

34. A Paladin PowerPlay PT-525
The ultimate geek multi-tool; it’s like a Leatherman but with tools specifically for the network admin on your shopping list, including a 66/110 punch down and UTP stripper. Just don’t try to take it through airport security because it does have a nice blade too.

35. Waterproof dock for your MP3 player
It sounds silly at first, but having a waterproof dock and amplifier for the tunes on your iPod, smartphone, or any MP3 player, would be awesome whether you’re in the shower, at the pool, or on the beach. Better make is sand-proof too, and solar powered!

New tech

36. Universal cordless recharging
I love the cordless charging mats, but the special cases you have to use are thick, ugly, and proprietary. Develop a standard and get manufacturers to adopt it so we can just buy the mat and throw anything we own on top of it.

37. HTML5
I know it’s out there, you know it too, but it seems like a lot of other folks don’t. Let’s get all the browser vendors to jump on board the bandwagon, and start getting sites updated now.

38. Tablets
The iPad has been around for a couple of years, and tablets aren’t exactly new, but 2012 should be the year of the tablet. iOS, Android or Windows 8, a tablet is one of those pieces of tech every admin longs for.

39. TV media players
Here’s a relatively new device that is starting to crop up from vendors like WD and Roku; a small box that connects to a normal television and a Wi-Fi network, and can stream media from a local server, from attached USB drives, internal storage, or popular services like Netflix and Hulu. These inconspicuous devices have all the features of a media PC and are no larger than a paperback book.

40. Toshiba’s no-glasses 3D
Toshiba recently debuted a 3D TV technology that promises the 3D experience without the need for those silly glasses. Three of the four people in my family wear eyeglasses, and the need for additional eyewear to view 3D movies has made that a non-option for a home purchase, but this tech may just be what it takes to bring 3D home for millions.

41. Dual monitor setups
If a computer makes you more productive, a computer with dual monitors makes you more so. Embracing this concept, there are laptop prototypes with dual monitors coming out, and a growing selection of dual monitor stands

Pipe dreams

This last group should strike a chord with many of the admins out there. They are some of my most personal wants, but that doesn’t mean they won’t appeal to you too.

42. Standards
Nothing bothers me more than when a vendor talks about how standards compliant they are; yet when I test something it works a little differently on that version from another. Standards either are, or they are not. There is no middle ground.

43. Stop redefining the word “unlimited”
If you have to put an asterisk next to the word unlimited when describing your service, you’re doing it wrong.

44. Biometrics on smartphones
Put a simple fingerprint reader on every smart phone, so you can swipe to unlock it. It’s only then that I will trust things like paycard functionality.

45. Press zero to reach a human
ICR and auto attendants are the bane of my existence. I will go out of my way to avoid calling a vendor or store because I hate trying to maneuver the 86 levels of hell that make up their phone menu. If I press zero, put me in the queue to speak to a human. Don’t ask me for more information; don’t tell me that many questions can be answered on your website. Just let me speak to a person. While I am waiting, give me some decent music on hold, and do NOT interrupt the song every ten seconds with the same insincere “your call is very important to us” drivel.

46. A decent cellular phone
Smartphones, camera phones, phones that play media and can download at the speed of light – that’s all well and good, but let’s face it, cellphones as telephones suck. I would like a phone that offers voice quality approaching the $10 landline phone I bought at Radio Shack ten years ago, and that I still use today. Is that too much to ask?

47. A decent smartphone keyboard
The best phone I ever had was one with a flip design and a real physical keyboard. Smartphones with touch style keyboards still have a long way to go, hiding the punctuation you need behind three or four transitions, making them very hard to use with stronger passwords, or as viable replacements for laptops when you have to remote into a server while out of the office and away from the house.

48. A digital pocket watch
Here’s a wish – I want a pocket watch form factor device that tells time and temperature digitally. Purely geek, and not terribly practical, but that’s what I want.

49. Using a cellphone while driving made impossible
If I had a dollar for every time someone with a phone held to their ear nearly ran me off the road, or failed to pull out when offered the chance, or did some other fool thing they wouldn’t have done if they hadn’t been holding a phone while trying to drive, I could afford my own driver. Phones shouldn’t be able to make or take calls unless they are on speaker mode or paired to a Bluetooth device when they are moving faster than a person can walk.

50. Smudgeless screens
You can always tell a developer; they are the ones with fingerprints all over their screens. You can also always spot the borderline OCD geek; he’s the one that constantly wipes the screen of his phone off with his sleeve or shirttail trying to get the screen smudge-free. I want glare-free, diamond-tough, and smudgeless screens that repel fingerprints effortlessly, and I want them on smartphones, laptops, monitors, and flatscreen TVs.

51. Computer setups like you see on just about any TV show on the air today.
NCIS, CSI, Hawaii 5-0… the list goes on and on, and if you have seen more than a single episode of any one of those shows you know exactly what I’m talking about. I want a Microsoft Surface desk that ties into big screen monitors on the wall so I can set a phone down on the desk, automatically transfer images from the phone, play with them on the desk and then “throw” them up to the wall. I also want those holographic monitors that you can walk through, see through, and yet still let you manipulate data in thin air. That would be awesome!

What about you? What new tech didn’t make it on this list, but has place of pride on your own personal wish list? Let us know what you are looking forward to in 2012.

One of the most annoying things that can happen to an administrator is when at random intervals a PC crashes and generates a so-called blue screen of death. A blue screen can be caused by a number of faults and it is sometimes very hard to pinpoint the cause simply by looking at the blue screen information itself. There are other ways to diagnose a blue screen and, if you have a Memory Dump, you can debug the crash and find out exactly what caused it.

 Generating a Memory Dump:

In the event that your system is not configured to generate a Memory Dump file when a blue screen occurs, you need to enable the functionality before we can proceed with debugging the root cause of the issue. In order to do this you need to do the following:

• Open the Control Panel
• Open the System settings
• Switch to the Advanced Tab
• Click on the Settings button under the Start-up and Recovery section

A dialog will open with various settings; towards the end there is a section called “write debugging information”.

The first combo box contains the kind of memory you want to dump when Windows experiences a crash. For our purposes kernel memory dump will suffice.  The next edit box contains the location where the memory dump will be stored.

Getting the Necessary Tool:

In order to debug a memory dump we will need a free tool supplied by Microsoft called WinDbg. This is actually a debugger and it can be downloaded for free from the Microsoft website.

Make sure you download the correct debugging tools for your architecture, run the file, install it and you’re ready to debug the blue screen.

Debugging the Issue:

A lot of people are not comfortable debugging a memory dump but the process is simpler than most people think.

The first step we need to do when WinDbg loads is to configure symbols path for the debugger. Symbols comprise information that for efficiency’s sake a compiler strips out of executables. Things like variable and function names are very important to a programmer but not to Windows. For this reason when your compiler compiles your source code this information is kept out of the executable to make it smaller and more efficient. To debug a problem however, symbols are very useful. Luckily for us, Microsoft provides a symbols server which WinDbg can make use of to get symbols as required.

 To configure symbols click on:

•  The File Menu
•  Select Symbol Search Path

Now we need to enter the following line:

SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

This will instruct WinDbg to fetch any needed symbols from the Microsoft symbol server and store them locally in the provided folder which in this case is c:\symbols. You can choose another folder if you want.

Click on the OK button and we can start to debug our dump file.

Note: WinDbg will need access to the Internet in order to fetch the symbol files it needs.

We now need to open the dump file itself and we do this by:

• Clicking on the File Menu
• Select Open Crash Dump
• Select the Crash Dump you want to debug and click OK

It will take a short while for WinDbg to open your dump file and load up the symbols required.

In order to do a detailed analysis after the dump file finishes loading, type in the prompt: !analyze –v and press enter.

After some time we’ll get all the information we need to determine what is causing the blue screen.

Information of Interest:

Right below Bugcheck Analysis we’ll get a small report by WinDbg on what error occurred and what information is relevant to that error, such as what parameters where used when the crash occurred.

Process_Name contains the name of the processes where the crash occurred.

BUGCHECK_STR displays the exception code. A list of codes can be found on the msdn site.

DEFAULT_BUCKET_ID displays the category of the error

STACT_TEXT displays the stack trace.

This should give you the information you need to determine the cause of the blue screen and provides you with a starting point you need to solve the problem.

Below are six main features good Internet traffic monitoring software should have:

1.     Monitoring and controlling what websites users visit

Among the many benefits of monitoring and controlling what websites users visit, one finds:

• Protection against cyber-slacking
• Protection against legal liability
• Protection against malware infection

Simply put, monitoring and controlling what websites users visit is essential to a business’s well-being.

2.     Ensuring users don’t download malware

Users can come across malware in various ways. They might accidentally click on innocuous-looking websites that are infected with malware, for example. Sometimes even high-profile websites get hacked and distribute malware. There are other cases, however, where employees infect the system with malware intentionally. This could be because they would want to hack some resource they do not have access to, to play a joke on some workmate, or even out of spite – especially if they are leaving the organization on bad terms. These events can avoided when internet control software is used.

3.     Protecting users against phishing attacks

It is in an organization’s best interest to protect its employees against phishing attacks. Falling victim to a phishing attack can be devastating and troublesome. Fixing the damage caused by the attack can take a lot of time – affecting productivity. As the saying goes, prevention is better than cure. Beyond this, a phishing attack might trick an employee into disclosing confidential business information which is obviously undesirable.

4.     Controlling instant messaging

Unrestricted instant messaging (IM) can be a risk to the organization resulting in cyber-slacking, and impacting security. Files transferred through IM can be infected with malware and an employee could also leverage an IM solution to leak confidential information, such as customer lists or source codes.

5.     Controlling streaming media

Streaming media can be a source of excessive bandwidth consumption and legal liability. Controlling streaming media can cut down company costs, as well as increase performance of internet-based services such as email and legitimate web browsing. An employee streaming offensive material, such as pornographic or offensive videos, might also put your company at legal risk.

6.     Monitoring Bandwidth usage

Although monitoring bandwidth usage might seem unnecessary, especially when the above controls are taken into consideration, it does bring some advantages to the table that the other controls do not. Bandwidth usage monitoring can allow an organization to detect intrusions, malware operating on the network, and identify troublesome websites that slow down the internet operations.

Monitoring internet traffic can help an organization in several ways. It provides the organization with web security, can be used to cut down unnecessary costs, and helps detect malicious activity on the network.

Malware

1. Viruses
Most infected files these days are downloaded from the Internet. Whether the user is trying to get an application for their job or a new screensaver, downloads which have not been scanned become bad news.
2. Trojans
Many Internet downloads contain remote access Trojans or spam mailers, designed to give bad guys access to your data and resources.
3. Cross-site scripting
Even with up-to-date antivirus software, visits to infected websites can steal information by tricking users into filling out forms they think are safe, or presenting them with malicious content.
4. Tracking
Complete privacy on the Internet is not practical, but providing your complete web history to advertisers is not a good idea either.
5. Botnets
Infected computers often become zombies, reaching out to contact the command and control servers for orders.
6. Spyware and adware
Keyloggers, browsing history, and pop-up ads, are all part of the fun of surfing to the wrong places on the web today.

Phishing sites

7. Identity Theft
Many phishing sites ask for personal information in order to assume the identity of the victim.
8. Financial loss
Other phishing sites may be after credit card or bank account details for immediate financial gain.
9. Social engineering
There are sites out there trying to gain usernames and passwords to webmail, online banking, and remote access systems, with which they can access for further nefarious deeds.

Inappropriate content

10. Pornography
What users do at home is their own business; what they do at work could get the company sued.
11. Racial hatred
It’s a shame that in 2011 racism is still rife and this can lead to a hostile work environment suit.
12. Religious intolerance
Much like racial hatred, religious intolerance of any faith has no place at work, and could also lead to a hostile work environment.
13. Alcohol, tobacco and drug related sites
Unless you work in the industry, there is little chance these topics are work related, but if the arise within the workplace, they could cause tension among employees.

Data loss prevention

14. WikiLeaks type sites
The company’s confidential information won’t stay confidential for long if it is posted to a public site and makes the evening news.
15. Forums
Disgruntled employees may think they are harmlessly venting when the rant on a forum, but the company’s reputation may suffer as a result.
16. Blogs
Company approved blogs are good; technical blogs are too. But a user blogging at work (unless that’s their job) is wasting time, and might be posting confidential information not yet ready for public release.
17. Instant messaging
An approved corporate IM solution is a valuable communications tool; unrestricted access to public services can present many risks, including IM spam, malicious links and data leakage.
18. P2P
Peer to peer software can be useful, but too often a user shares their entire hard drive, making all the company documents on it available to others.
19. Online storage
If a user needs to store data with an online storage company, that data is now outside the company’s control. You’re not backing it up, searching and indexing it, and you cannot retrieve it if the employee leaves. Unless approved by the company, users should never be allowed to use cloud storage services.
20. Webmail
Companies that use DLP solutions on their email system do so to make sure nothing is being emailed that presents a risk, like IP, NPI, or other sensitive data. Letting users access webmail provides them a way around this, and also risks them using personal email for corporate business.

Lost productivity

21. Social Networking
Checking their Facebook wall post may sound like a one-minute thing, but this might turn into hours per week as users tend to do other things once there such as commenting on/following their friend’s status updates, images, videos, andso on.
22. Auctions
Submitting a bid might take only seconds at the start of an auction, but users can burn hours checking on a long term auction, or staying onto the close to make sure they aren’t outbid.
23. Gaming
No need for explanations here, an innocent five minute break to play an online game, might turn into long wasted hours.
24. Gambling
Just as in online gaming, but with the added concerns that this could lead to legal issues.
25. Dating
Dating sites can become attention traps, leading a user to spend the entire day checking out their possibilities rather than focusing on their job.
26. Software downloads
Any software a user needs should come from IT, to ensure it is licensed, appropriate for the task, supportable, and doesn’t crash their PC or LOB application.
27. Daytrading and investment sites
Another site that seems harmless at first, until the user spends all morning waiting for the exact moment to buy or sell.
28. Employment sites
If they want to hunt for another job, they really need to do that on their own time.
29. Online shopping
Here’s one you may want to allow a limited amount of access to, especially during the holidays, but you don’t want users to spend all day shopping when they should be working.

Copyright violations

30. Torrent sites
Bittorrent is a very useful protocol for distributing ISOs of open source operating systems, but too often it is used to distribute movies and music. This could go under bandwidth crushers, but the bigger risk is that your company gets sued by the MPAA or RIAA.
31. Warez
Unlicensed software can cost a company millions of dollars in fines. If a user needs an application to do their job, make sure that IT is buying it legitimately and licensing it appropriately. The BSA does take legal action.

Bandwidth crushers

32. Internet radio
A single user streaming music may not use much bandwidth, but when the entire office is doing it, the total can quickly saturate a pipe.
33. Sporting events
I once worked for a company that only blocked one thing – the NCAA Final Four Basketball Tournament. Every year we had to scramble to block every possible way it could be viewed online because it not only killed productivity, it took out the campus DS3.
34. TV and movie sites
Some folks might be able to work with the TV on in the background; most can’t really work well though, and the amount of aggregate bandwidth several simultaneous streaming movies can consume can quickly use up the entire circuit.

Policy violations

35. Anonymizers
You can argue that anonymizers are only there to protect users’ privacy, but you cannot argue that there is a real reason why they need that while surfing at work. Whatever they are doing online, if they need to use an anonymizer service, it probably isn’t work related.
36. Open proxies
Here’s another case where the likelihood that whatever they are doing is work-related approaches zero. Open proxies really just help you hide your actions or access content that is not licensed for your actual country of origin. In either case, it’s not work related activity.
37. IM portals
If you are blocking instant messaging, the easiest way to get around that is for a user to hit the service’s web portal or one of the many IM aggregation portals that exist. Blocking these helps ensure you are restricting IM access.

You don’t need to block 100% of all sites within all of these categories. A certain amount of recreational Internet access can go a long way towards improving employee morale, and if it doesn’t cause a productivity issue, and all users obey the rules, there’s no harm for most organizations. Look for web filtering software that can permit a certain amount of recreational use, either by total time or bandwidth used. “Nothing in excess” is a good rule of thumb for those categories that don’t present a risk of data loss or malware infection. While uncontrolled Internet access presents many risks, a good web filtering solution and appropriate policies can mitigate those while still letting users surf the web.

Employees use the Internet for several reasons and each of the services that they use (and they are numerous) poses a level of risk to the security of the network and its users.

Take Instant Messaging (IM) as a perfect example. IM can be a very useful tool for a business; when used at a corporate level it can substantially cut communication costs when teams are spread out across geographical locations. Using IM, employees can quickly and efficiently share data.

However, as with everything else, great tools can be abused or used improperly. Unrestricted IM access could result in cyberslacking and employees spending more time chatting with friends than focusing on their work (this can happen with colleagues – discussing the latest sports results). Users can use it to transfer files which could be potentially malicious or a legal liability for the company . Employees could also abuse the service to leak confidential information outside the company.

It is also important to have a network Internet control policy – and a solution to go with it – that clearly states how IM should be used in the organization. If IM is not a required tool, the networking Internet control system should block it. If the organization needs IM to conduct business, then the Internet control solution should allow the use of a particular IM service while blocking access to all the others. The solution deployed should also be able to intelligently detect protocols and not simply block the relative ports because these can be changed.

This is not the end of the story. There are other factors, such as bandwidth consumption, that drive the need for a network Internet control solution. Streaming media, for example; this can impact negatively on bandwidth availability and quality of service. Often, unrestricted access to streaming media can result in hefty bandwidth costs. Also, steaming media can cause considerable delays for more mission critical Internet services that require the bandwidth which is being consumed by employees streaming videos.

A good network Internet control solution should detect and block streaming media – allowing the organization to enforce its Internet policies as required. This will, in addition to saving the organization bandwidth costs, also potentially protect the company from legal liabilities that usually arise from the streaming of copyrighted content and/or offensive material. Streaming media, when left unchecked, can be a major source of cyberslacking.

Every organization stands to benefit when it has, and implements good network Internet control policies and solutions. The direct and indirect cost savings will often be enough to show that the solution deployed is a strong investment and not an expense with little ROI. Factor in the security side of network Internet control into the equation and you can see why these systems are essential for an organization.

Networking

1. Leave the trailing dot off a zone file in DNS
The first and most significant mistake a new BIND administrator can do is forget to end each zone with the trailing dot, leaving their zone dangling in the breeze as clients try to append their own domain name, and fail.

2. Implement HOSTS files instead of fixing DNS
HOSTS files may be necessary for troubleshooting, but should never be used in production to get around a DNS issue. Six months from now, no one will remember that server with the HOSTS file, until they spend a few hours troubleshooting why it keeps trying to connect to an old ip.addr.

3. Implement recursive forwarding in DNS
Forwarding is for when a DNS server doesn’t have the answer to a client query, so it can ask another server who might. Set two servers to forward to one another, and you will quickly take down your network with the resulting UDP traffic that the looping queries generate.

4. Allow unrestricted zone transfers
No sense making a potential attacker’s job any easier. Only permit zone transfers to your DNS servers.

5. Leave out WINS
Eleven years after Windows 2000 came out, Microsoft networks still rely on NetBIOS for several functions. A well designed WINS solution will greatly improve performance, while the lack of one can cause all kinds of client issues.

6. Implement LMHOSTS files instead of fixing WINS
Much like using HOSTS files for DNS, a LMHOSTS file should be used for troubleshooting a specific client, not because your WINS infrastructure doesn’t work.

7. Implement a disjoint namespace
There are many things you can do, but should not. This is one of them. The inconsistencies that can occur when you use a disjoint namespace outweigh any political or legacy reason to do so.

8. Bypass the firewall
Firewalls are there for a reason – to prevent bad things from happening and to separate security zones. Bypassing a firewall makes a bad guy’s job that much easier, and can provide them an express lane straight into your network.

9. Bridge networks
Whether it bypasses the firewall like in point eight, or just starts spewing internal wire traffic over your wireless network, bridging is a good idea that always turns bad.

10. NAT internal traffic
If you think NATing internal traffic to an external address is easier than using a split DNS, you need to reconsider. Between the protocols that can break when NATed and the user issues that can arise when trying to troubleshoot, it is far better in the long run to implement a split DNS. It also makes your firewall configure that much easier to manage.

Configuration

11. Apply a patch without testing
No vendor can fully test a patch in your environment. That’s your job. Applying an untested patch is marginally safer than not patching, but eventually it will break a critical application. Bite the bullet and build a test environment.

12. Make a change without testing and having a backout plan
Here’s a similar concept. Untested changes will eventually break something, and not having a backout plan in place means downtime.

13. Make several changes concurrently
The first thing you ask when troubleshooting is “what changed?”, because often the easiest fix is to change it back. When the answer is ten items long, it’s much harder to do this.

14. Bounce a box figuring no one will notice
Trust me, they will, and they will scream to high heaven that they were right in the middle of something when you rebooted the server. If you cannot wait for a maintenance window, you need to at least send out an email giving them a couple of minutes notice.

15. Use unsupported characters in any name
Here’s another case of “just because you can do something, doesn’t mean you want to”. Whether it is “$”, underscores, “\”, or spaces, including anything other than letters and numbers, it will eventually break something – be it a script, or a new application.

16. Run services using their own user account
I once saw a case where an administrator installed a cluster service to run using his own account because it was the easiest way to get a new service running. 45 days later, when he went to change his password, the service died. He set his account to never expire, and six months later when he quit and his account was disabled, and the service died again. Give each service its own service account, and never use your own account for anything but your own login.

17. Enable anonymous FTP uploads
Unless you really do want to host illegal warez that will burn your bandwidth and use up all your disk space, never allow anonymous uploads on FTP servers.

18. Configure an open relay
Configuring an open relay is the easiest way to stop your users from sending email to anyone; which is also the fast path to having your mail servers put on every block list on the planet.

Security

19. Leave default credentials intact
Default credentials are published, well known, and scanned for by free tools. One of the fastest ways to get hacked is to leave default credentials alone.

20. Use dictionary passwords
Here’s the second fastest way to get hacked; using dictionary words for passwords. It only takes the simplest of tools a few minutes to run through every word in the dictionary, making password cracking a trivial exercise.

21. Use non-expiring passwords
The main reason we expire passwords is so that, if they have been compromised, eventually that door is closed. Trust me, no matter how good you think your password is, it’s not that good. Change your password regularly the same way as you make your users do it.

22. Use shared/common credentials
Check the log to see who made that change. Who did? The administrator? Great, who knows the administrator password? Every administrative user should have their own set of credentials, and the administrator/root/supervisor account passwords should be locked up and only pulled out in case of emergency. Anything less breaks accountability and any hope for auditing who did what.

23. Run unverified downloads
Checksums are there so you can be sure what you think you downloaded is what you have. Always verify things you downloaded from the Internet before running them, especially when you are going to be running them using privileged accounts.

24. Use outbound permit ACLs instead of a proxy
Do you like herding cats? Me neither, and I also don’t like trying to tighten a screw with a hammer, or driving a nail with a wrench. Outbound ACLs should block things you don’t want all systems to do, like send SMTP or NetBIOS traffic to the Internet. If you want to control web access, use a proxy, which is purpose built for the task and can deal with FQDNs and URLs instead of ip.addrs.

25. Block PINGs
The PING of Death is over a decade old. Blocking ICMP echo and response does almost nothing for security, but breaks a tried and true method for testing connectivity and troubleshooting network issues. It also violates an RFC.

26. Deploy open Wi-Fi networks
Hiding your SSID does nothing to secure your network. Deploying an open Wi-Fi network is as dangerous as running an Ethernet drop into the alley out back of your shop, and is an open invitation for attackers to run amok on your network. At a minimum, implement WPA, and segment your wireless network from your wired.

Best practices

27. Surf the Internet while logged on as an administrator
When you are logged on as an administrator, every program you run is a risk. Unless you have a sandboxed browser, a compromised website could lead to a compromised client, or worse, network. Surf the web using your regular account to reduce your risk from zero-day attacks.

28. Read email while logged on as an administrator
Much like surfing the web, running your mail client with your privileged account runs the risk of compromise from malware attachments, embedded scripts in email, etc. The best antivirus and antispam products in the world still rely on signatures, which can only be developed after a zero-day attack becomes a known attack.

29. Skip documentation
Show me an administrator who likes to document, and I will… well, I won’t have to do anything because no administrator on the planet likes to document, but it is a necessary part of the job. Even you won’t remember everything you did six months later, having documentation to refer to can make the difference between a simple task, and weeks of reverse engineering or reinventing the wheel.

30. Skip change logs
Much like documentation, change logs make it easy to answer that troubleshooting question “what changed?”. This is especially beneficial when that question is being asked by your assistant while you are on vacation. Unless you want to answer the phone while you’re on the beach, document changes.

31. Implement a new system without a scheduled maintenance window
Any new system you deploy, whether a simple file server or a complex application farm, needs to have a maintenance window established so you can do upgrades, patching, etc. Unless you like staying up until 02:00 on a Sunday morning, try to get that window approved for daylight hours.

32. Implement a new system without including redundancy
Having redundancy means never having to get that 02:00 call because a service went down. You may not be able to add redundancy to legacy systems, but anything new you deploy should include redundancy.

33. Run backups without verifying restores
“I don’t care what the backup logs say…” – until you take that tape, restore the data from it, and verify you can access the restored data, you don’t have a backup you can count on. Do you want to tell the CEO that you cannot restore his mailbox because of a bad tape?

34. Skip a patch
I have worked over one hundred security incidents; more than 90 of those have been hacks against known vulnerabilities for which a patch existed, but wasn’t applied. Patch regularly, patch often, and never skip a security patch.

35. Monitor too little
If you rely on users complaining about outages to let you know when a system has failed, you won’t last for long in this career field. Monitoring your critical systems is a vital part of administering a network.

36. Monitor too much
But monitoring too much leads to information overload, and pretty soon you are ignoring all the monitoring emails, which means you miss the important ones that warned you of an imminent failure. It’s going to take a lot of effort to get the right balance, and no two companies will be quite the same, but a good starting point is to get an email alert immediately only for those things that show an actual failure, or a condition that indicates an imminent failure. Anything else should be a daily summary.

37. Email when angry
Whether you are sending out an email bcc all, or replying to an upset user or clueless PM who has riled your feathers, emailing angry does no one any good and can damage your reputation. Take a deep breath, go grab a cup of coffee, or even put it off until the next day, but if you find yourself pounding on the keyboard while you are composing an email, don’t dare hit send.

38. Keep information a secret
If you are the only one who knows how something works, you are not creating your own job security; you are guaranteeing you will get called on your day off, while you are on vacation, and that you will never be able to pass it on to someone else. The best administrators are the ones who share information with others, and cross train them to reduce any human as a single point of failure.

39. Update information inconsistently
Any update is better than no update, but inconsistent information can be confusing, lead to mistakes, and generate even more questions that you will have to answer. Establish a format or template for any information, whether it is for your change log or for user accounts in Active Directory, and make sure all administrators follow it consistently.

40. Violate licensing agreements
Some risks are just too great to take, and knowingly violating licensing agreements not only exposes the company to legal action and financial penalties, it can quickly end your career.

41. Practice other than they preach
Users, junior administrators, and bosses alike, are not nearly as stupid as you may think. Telling them to do one thing, while you do something else, is a very easy way to lose their respect, as well as their trust. Follow the rules and lead by example.

42. Abuse their privileges
It doesn’t matter that you can access that file folder, should you? Administrators are in a position of very high trust, and violating that trust can quickly end your career.

43. Test in production
Even if the only testing you can do is in a VM running on your workstation, you need to test any changes before deploying them to production. Failing to do so is just asking for trouble, will kill your SLAs, and tarnish your reputation – it’s not worth it.

If you can avoid doing the 43 things in this list, you will save yourself, and others, time and money, avoid headaches, and minimize downtime. In other words, you will be doing a great job and taking your game to the next level. Almost anyone can be an administrator; but very few can be great administrators.

Learned any lessons the hard way yourself? Share them with us!

There is no method of detection for zero-day exploits that is 100% reliable however there are two things that could greatly help an administrator, if the standard precautionary measures designed to prevent infection were to fail.

The first is patch management. The effect of this method will be somewhat limited since the attack would still be unknown and no patch would be available to address the exploit. However, if all systems are up-to-date, the scope of attack might be limited and the attacker can only cause minimal damage while further threats are contained.

Furthermore, with a robust patch management and vulnerability scanning system in place the administrator will receive notification as soon as the attack is made public and security companies implement vulnerability checks for it. These two important software solutions allow the administrator to take proactive action until a patch for that exploit is released. The administrator will also be notified when the patch for the zero-day attack is made public thus minimizing the window of opportunity for an attack to take place.

The second option is to use a good antivirus solution. A zero-day attack does not become public knowledge for a period of time and during that period the antivirus program will not detect any file containing this specific vulnerability by using standard pattern analysis techniques.

However, effective antivirus solutions do not rely solely on antivirus definitions to detect threats. A good antivirus also uses a technique called heuristics analysis. This technique does not only look for certain patterns in a file, but it will also analyse what the file actually does during its normal execution. Depending on the file’s behaviour, the AV product may then classify the file as a virus if suspicious behaviour is detected. This technique can help to detect a zero-day threat even though no one knows of the vulnerability’s existence.

While antivirus solutions that use heuristic analyses can be a great weapon against Zero-day malware there is no guarantee that the malware behaviour will always be classified as malicious. However when AV is coupled with a strong patch management strategy, the administrator has a much stronger defense against infection by zero-day threats.

Active Directory

1. To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

4. To refresh group policy settings, run this command:

gpupdate

5. To check Active Directory replication on a domain controller, run this command:

repadmin /replsummary

6. To force replication from a domain controller without having to go through to Active

Directory Sites and Services, run this command:

repadmin /syncall

7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:

set l

echo %logonserver%

8. To see what account you are logged on as, run this command:

whoami

9. To see what security groups you belong to, run this command:

whoami /groups

10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:

net accounts

Windows Networking

11. To quickly reset your NIC back to DHCP with no manual settings, run this command:

netsh int ip reset all

12. To quickly generate a text summary of your system, run this command:

systeminfo | more

13. To see all network connections your client has open, run this command:

net use

14. To see your routing table, run either of these commands:

route print

netstat -r

15. Need to run a trace, but don’t have Netmon or Wireshark, and aren’t allowed to install either one? Run this command:

netsh trace start capture=yes tracefile=c:\capture.etl

netsh trace stop

16. To quickly open a port on the firewall, run this command, changing the name, protocol, and port to suit. This example opens syslog:

netsh firewall set portopening udp 161 syslog enable all

17. To add an entry to your routing table that will be permanent, run the route add command with the –p option. Omitting that, the entry will be lost at next reboot:

route add 0.0.0.0 mask 0.0.0.0 172.16.250.5 –p

18. Here’s a simple way to see all open network connections, refreshing every second:

netstat –ano 1

19. You can add a | findstr value to watch for only a specific connection, like a client ip.addr or port:

netstat –ano | findstr 216.134.217.20

20. You can use the shutdown to shutdown or reboot a machine, including your own, in a simple scheduled task like this:

shutdown –r –t 0 –m \\localhost

21. To make planned DNS changes go faster, reduce the TTL on the DNS records you plan on changing to 30 seconds the day before changes are to be made. You can set the TTL back to normal after you confirm the changes have been successful.

22. Set a short lease on DHCP scopes that service laptops, and set Microsoft Option 002 to release a DHCP leas on shutdown. This helps to ensure your scope is not exhausted and that machines can easily get on another network when the move to a new site.

Windows 7

23. Want to enable the local administrator account on Windows 7? Run this command from an administrative command prompt. It will prompt you to set a password:

net user administrator * /active:yes

24. You can do the same thing during install by pressing SHIFT-F10 at the screen where you set your initial user password.

Windows 7 supports several useful new keyboard shortcuts:

25. Windows Key+G

Display gadgets in front of other windows.

26. Windows Key++ (plus key)

Zoom in, where appropriate.

27. Windows Key+- (minus key)

Zoom out, where appropriate.

28. Windows Key+Up Arrow

Maximize the current window.

29. Windows Key+Down Arrow

Minimize the current window.

30. Windows Key+Left Arrow

Snap to the left hand side of the screen

31. Windows Key+Right Arrow

Snap to the right hand side of the screen.

32. To quickly launch an application as an administrator (without the right-click, run as administrator), type the name in the Search programs and files field, and then press Ctrl-Shift-Enter.

Here are some tips that can save you from buying commercial software:

33. Need to make a quick screencast to show someone how to do something? The Problem Steps Recorder can create an MHTML file that shows what you have done by creating a screen capture each time you take an action. Click the Start button and type ‘psr’ to open the Problem Steps Recorder.

34. Need to burn a disc? The isoburn.exe can burn ISO and IMG files. You can right click a file and select burn, or launch it from the command line.

35. Windows 7 includes a screen scraping tool called the Snipping Tool. I have tons of users request a license for SnagIt, only to find this free tool (it’s under Accessories) does what they need.

36. You can download this bootable security scanner from Microsoft that will run off a USB key, which is very useful if you suspect a machine has a virus.

37. A great way to save all your command line tools and make them available across all your computers is to install Dropbox, create a folder to save all your scripts and tools, and add that folder to your path. That way, they can be called from the command line or any other scripts, and if you update a script, it will carry across to any other machine you have.

Windows 2008

38. You can free up disk space on your servers by disabling hibernate. Windows 2008 will create a hiberfil.sys equal to the amount of RAM. This is very useful with VMs that have lots of RAM but smaller C: drives. To disable hibernation, and reclaim that space, run this command:

powercfg -h off

39. You can get to the complete collection of Sysinternals tools online. You can even invoke them from the run command. Use the url: http://live.sysinternals.com or the UNC path: \\live.sysinternals.com\tools.

40. Speaking of the Sysinternals tools, almost any command line in this article can be run remotely on another machine (as long as you have administrative rights) using the psexec command included in the Sysinternals tools.

41. You can kill RDP sessions at the command line when you find that all the RDP sessions to a server are tied up.

regsvr32 query.dll [enter] You only have to do this the first time.

query session /server:servername [enter]

reset session # /server:servername [enter]

42. You can create a list of files and display the last time they were accessed, which is very useful when a network drive is low on space and users swear they have to have that copy of Office 2003 on the network. My advice? If they haven’t touched it in two years, burn it to DVD or write it to tape and then delete it from disk:

dir /t:a /s /od >> list.txt [enter]

43. The Microsoft Exchange Err command is one of the best all around troubleshooting tools you will find, as it can decode any hex error code you find as long as the products are installed on the machine. Download it from here.

44. You can see all the open files on a system by running this command:

openfiles /query

45. You can pull all the readable data out of a corrupt file using this command:

recover filename.ext

46. Need to pause a batch file for a period of time but don’t have the sleep command from the old resource kit handy? Here’s how to build a ten second delay into a script:

ping -n 10 127.0.0.1 > NUL 2>&1

47. If your Windows website has stopped responding, or is throwing a 500 error, and you are not sure what to do, you can reset IIS without having to reboot the whole server. Run this command:

iisreset

48. You can use && to string multiple commands together; they will run sequentially.

49. If you find yourself restarting services frequently, you can use that && trick to create a batch file called restart.cmd and use it to restart services:

net stop %1 && net start %1

50. You can download a Windows port of the wget tool from here, and use it to mirror websites using this command:

wget -mk http://www.example.com/

Linux

51. You can list files sorted by size using this command:

ls –lSr

52. You can view the amount of free disk space in usable format using this command:

df –h

53. To see how much space /some/dir is consuming:

du -sh /some/dir

54. List all running processes containing the string stuff:

ps aux | grep stuff

55. If you have ever run a command but forgot to sudo, you can use this to rerun the command:

sudo !!

56. If you put a space before a command or response, it will be omitted from the shell history.

57. If you really liked a long command that you just ran, and want to save it as a script, use this trick:

echo “!!” > script.sh

With 57 tips in this bag of tricks, you’re bound to find something useful. Have your own tips to share? Leave us a comment!

It is important to note that Hacktivism is not something new. In 1989, a group of Australian hackers allegedly created the worm WANK (Worms Against Nuclear Killers). This was one of the earliest recorded hacking events used for activism, although the term itself was reportedly coined by author Jason Sack in 1995.

A number of recent cases have led to a revival of the term Hacktivism. Groups like Anonymous and LulzSec  launched a number of attacks on high profile targets this year with a high rate of success.

What is the incentive for these attackers?

Anonymous is a group allegedly made up of numerous individuals that are not bound by any hierarchy.  They simply work together to achieve a common goal.  Anonymous has a large number of hacktivism instances attributed to them this year, most in protest against the actions of some high profile organizations that went against Anonymous’s philosophy. These include:

• Sony suing GeoHot for the PlayStation 3 compromise
• The alleged Iranian election vote rigging
• Various companies’ hostile action against WikiLeaks
• HB Gray Federal actions against the group

LulzSec, which stands for Lulz Security – ‘laughs’ Security – is a group of hackers which for 50 days launched a number of hacking campaigns. The group’s motivations were a bit of a mystery. The members of LulzSec are allegedly reported as saying that their motive was the reveal lax security and they were only doing it for a laugh.

While most of their attacks do not appear to be politically motivated, some are – such as the defacement of PBS’s Frontline report with a message to free Bradley Manning. The group also attacked a large number of online games releasing countless user accounts and passwords.

The high rate of success is quite worrying. It is hard to say if this was due to their skills or lapses in security. Either way, it makes you wonder how many successful hacks go unnoticed simply because the perpetrator has no interest in the attack being made public.

Hacktivism is another wakeup call to reminds us that not maintaining a good balance between security and freedom for your employees can in itself be a security risk. In the last days of their hacking rampage, LulzSec started accepting requests for potential targets to hack next. Disgruntled employees might be inclined to offer their own workplace as a target in retribution for what they might perceive as oppression. If there was one lesson the HB Gray story taught us, it was that if a hacker group targets your organization and goes all out, they can seriously harm your company’s reputation and possibly put you out of business.

One of LulzSec’s goals has been to stress upon the importance of security and, although they went about doing this the wrong way, the message itself is very valid. Taking security seriously is very important for the long term survival of any organization.