Well...working office hours feels good. But i kind of miss the off days i use to have. I was at home most of the time; sleeping, playing with my son, paying bills etc. Now, those off days has been stripped off. Have to work five days, office hours. Yet, it feels good. Body feels refreshed and energized. There's a gym in my office, equipped with the state of the art equipments. Will be paying a visit soon...after buying a pair of shoes...hehehe
Now, my off days that i use to have in abundance has been replaced with working days...with a reward...a better bank balance at the end of the month. I feel appreciated. When i work on shift, the different hours often causes in frequent change of sleeping pattern. This usually resulted in me falling sick, headache, fever and all types of illness. The body actually fails to adapt to different sleeping hours as age passes by. 10 years ago, i could stay up all night working /studying but now its a little different. As advised by my doctor, the younger generation is more suitable for working shift. Not that i'm old. I consider myself very young. But taking into consideration my family, its time to leave the shift hours which has been my friend for the past 5 years. But the results are good.
I definitely prefer the current working hours. More time to spend with my wife, son and nephews and adorable niece.
Our son's 2nd BIrTHdAY
Saturday, February 16, 2008
Tuesday, February 12, 2008
Security Analyst vs Security Consultant
A topic that caught my attenion some time ago. What is a jobscope of these two people? Well, since i was/am still in the industry, i can shed some light on the jobscope of both the positions. A security analyst is someone who has knowledge on a number of areas; OSes, programming langauge, tcp/ip etc. He/she must be able to use the many different tools to perform analysis task i.e. tcpdump, wireshark, squil, mrtg, ntop, acid, ossec etc. These some of the many essential tools that a security analyst must be familiar with. Besides that, he/she must also be able to detect accurately and response promptly to any incident issues. Most importantly, he/she must be able to do root cause analysis to determine the authenticity of a suspected event.
How about a security consultant? A Security Consultant is a person who has advanced skill in the world of security. NSM is at his/her fingetips. He/she is someone who could differentiate the output given by tcpdump and output from wireshark. The name itself carries a significant weight that a consultant can be proud of; the word consultant. Anyone could just walk to a Security consultant and ask advise on how to secure a network. That is the meaning of consultant=consultation. The network topology can vary from bus to mesh yet the Security Consultant could provide you with in depth recommendation on how to secure the network. He/she not only has the fundementals, but are experts in breeding a Security Analyst.
IMHO, this guy, this guy and my good friend Mr. Gigco are worthy Security Consultants. I've seen what these people can do. I strongly believe they can be approached by anyone regarding building a secured network and trust me they will live up to the task.
p.s - a person taking down minutes of a meeting, generating automatic report, ordering food and typing letters is known as a clerk. You don't need to be a rocket scientist to know that.
How about a security consultant? A Security Consultant is a person who has advanced skill in the world of security. NSM is at his/her fingetips. He/she is someone who could differentiate the output given by tcpdump and output from wireshark. The name itself carries a significant weight that a consultant can be proud of; the word consultant. Anyone could just walk to a Security consultant and ask advise on how to secure a network. That is the meaning of consultant=consultation. The network topology can vary from bus to mesh yet the Security Consultant could provide you with in depth recommendation on how to secure the network. He/she not only has the fundementals, but are experts in breeding a Security Analyst.
IMHO, this guy, this guy and my good friend Mr. Gigco are worthy Security Consultants. I've seen what these people can do. I strongly believe they can be approached by anyone regarding building a secured network and trust me they will live up to the task.
p.s - a person taking down minutes of a meeting, generating automatic report, ordering food and typing letters is known as a clerk. You don't need to be a rocket scientist to know that.
Friday, February 1, 2008
Back to business
Hehehe...i can come back to blogging now. Wanted to become an active blogger but certain restrictions had prevented me from doing so. However, i'm now free of those constraints and have now purchased the freedom of speech....muahahahaha.
For a starter, let me tell you about a friend of mine who recently quit his job with his company. I meet him for tea this evening and we had a rather long chat till late evening. Among the discussed topics was the resignation rate in his company. It seems that many of the employees started to resign recently; to be more precise since middle of last year. The latest lost was my friend. I've known this friend for a very long time and he is well known for his dedication towards the tasks given to him. He is hardworking and always eager to learn. Yet why did he resign? So i asked him why was the resignation rate in his company at such an alarming rate. He answered, "When the company gives you shit, shit is what the company will get back". Whoa! Why such an answer? He must be really disappointed. Well....i don't know.
For a starter, let me tell you about a friend of mine who recently quit his job with his company. I meet him for tea this evening and we had a rather long chat till late evening. Among the discussed topics was the resignation rate in his company. It seems that many of the employees started to resign recently; to be more precise since middle of last year. The latest lost was my friend. I've known this friend for a very long time and he is well known for his dedication towards the tasks given to him. He is hardworking and always eager to learn. Yet why did he resign? So i asked him why was the resignation rate in his company at such an alarming rate. He answered, "When the company gives you shit, shit is what the company will get back". Whoa! Why such an answer? He must be really disappointed. Well....i don't know.
Wednesday, December 12, 2007
Good News
Well...Just received a good news. The news is not final pending several process that needs my urgent attention. However it was a news i was waiting for a very long time. I'm the happiest person in the whole wide world at the moment and i thank dear God for this wonderful gift and blessing. If everything goes well, i'll be able to provide a comfortable life for my beloved. I wish that everyone else shares the same happiness as me at this moment. Thank you Jesus for the wonderful Christmas gift.
Tuesday, November 27, 2007
Lesson on Linux
To become a successful security personnel one needs to have a couple of very important skills. One of it is to have excellent command on several operating systems. Among them has to be from Windows and *nix. There are many variants of Unix and among the famous is Red Hat Linux. I've figured out away to learn Linux. Every time i learn a new command, i'll post it in this section of my blog. Here goes:
1. tar -zxvf file_tar.gz - for folder with .tar.gz
2. tar -xvf file_tar.gz - for folder with .tar only (remove the z option)
3. rpm -ivh file-1.0-2.i386.rpm - install a RPM package
4. rpm -e file - uninstall RPM package (use the package name only...without -1.0-2.i386.rpm)
5. rpm -Uvh file-1.0-2.i386.rpm - upgrade a rpm package (usually use this one for normal install as it replaces any previously installed package)
1. tar -zxvf file_tar.gz - for folder with .tar.gz
2. tar -xvf file_tar.gz - for folder with .tar only (remove the z option)
3. rpm -ivh file-1.0-2.i386.rpm - install a RPM package
4. rpm -e file - uninstall RPM package (use the package name only...without -1.0-2.i386.rpm)
5. rpm -Uvh file-1.0-2.i386.rpm - upgrade a rpm package (usually use this one for normal install as it replaces any previously installed package)
Monday, November 26, 2007
Offline NT Password & Registry Editor
Forgot your computer's admin password?
Disclaimer - Accessing/reseting a computers password without the owner's permission is completely wrong/illegal. Use this software at your own risk and for educational purpose only!! I can't be held responsible for any damage caused!
My sister recently (last week) forgot her computer's password! OH NO! There was only 2 users in the machine both with admin capabilities. She can't remember the username and password for the machine. This is due to the fact that she has not used the computer for some time. She didn't know what to do and as usual turned to me for help. I told her:
Not to worry...computerman is here!
Haha. Just kidding. I actually came across this tool; Offline NT Password & Registry Editor and wanted to put it to test. This tool comes handy in a situation like the one my sister is in. This tool does not reveal existing password but allow among other to clear the login password that is stored in the registry of the computer. The tool uses Linux bootsystem as the basis. The concept is a computer with windows stores it's login password inside NT/System32/sam. 'Sam' is the file that contains the password info.
All you need to do is burn the iso image (floopy boot disk is available but advisable to use cd), set your computer to boot from cd, and just press enter most of the time. I was able to clear the password within 10 minutes in my sister's pc (win2k). This software works with win NT, 2k, XP and even Vista. wowvy! Towards the end of the boot process, the tool reveals the username/s in the computer and gives you option to either clear, change or promote a user from regular group to admin group. Ain't that great. I eventually cleared the password for one of the user and when i reboot the system (normal boot), i entered the username and abracadabra....the os requested the password to be changed due to expiry. I entered a new password and was able to login as usual. Basicly, this is what you need to do:
Thank you to Mr Petter Nordahl-Hagen for this wonderful tool. I will be testing it on win xp soon. For those interested, click here
All you need to do is burn the iso image (floopy boot disk is available but advisable to use cd), set your computer to boot from cd, and just press enter most of the time. I was able to clear the password within 10 minutes in my sister's pc (win2k). This software works with win NT, 2k, XP and even Vista. wowvy! Towards the end of the boot process, the tool reveals the username/s in the computer and gives you option to either clear, change or promote a user from regular group to admin group. Ain't that great. I eventually cleared the password for one of the user and when i reboot the system (normal boot), i entered the username and abracadabra....the os requested the password to be changed due to expiry. I entered a new password and was able to login as usual. Basicly, this is what you need to do:
- Get the machine to boot from CD (or floppy)
- Floppy version need to swap floppy to load drivers.
- Load drivers (usually automatic, but possible to run manual select)
- Disk select, tell which disk contains the Windows system. Optionally you will have to load drivers.
- PATH select, where on the disk is the system?
- File select, which parts of registry to load, based on what you want to do.
- Password reset or other registry edit.
- Write back to disk (you will be asked)
Thank you to Mr Petter Nordahl-Hagen for this wonderful tool. I will be testing it on win xp soon. For those interested, click here
Thursday, October 25, 2007
Tcpdump/Windump
Tcpdump is a very useful tool for those who are in the network security. tcpdump or its windows version 'windump' basicly puts the network card in promiscuous mode (all traffic are directed to cpu) and captures all traffic. There are many things that can be obtained from a tcpdump output which is exactly what i'm trying to learn at the moment. There are some basic options that need to be studied in order to get a better understanding of the output. The below explains:
- The first of these is -n, which requests that names are not resolved--resulting in the IPs themselves always being displayed.
- The second is -X, which displays both hex and ascii content within the packet.
- The final one is -S, which changes the display of sequence numbers to absolute rather than relative.
Subscribe to:
Posts (Atom)
