INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing - - PowerPoint PPT Presentation

information technology
SMART_READER_LITE
LIVE PREVIEW

INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing - - PowerPoint PPT Presentation

Feb 16, 2024 390 likes •591 views

NACTT STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK Russell Brown Chapter 13 Standing Trustee - Phoenix, AZ Allan Reininger System Manager - San Antonio, TX Chapter 13 Standing Trustee - Mary Viegelahn Carl Brooks System Manager -

slide-1
SLIDE 1

STAFF SYMPOSIUM - IT TRACK

NACTT STAFF SYMPOSIUM SERIES INFORMATION TECHNOLOGY TRACK

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 1

Russell Brown Chapter 13 Standing Trustee - Phoenix, AZ Allan Reininger System Manager - San Antonio, TX Chapter 13 Standing Trustee - Mary Viegelahn Carl Brooks System Manager - Detroit, MI Chapter 13 Standing Trustee - Tammy Terry Tom O’Hern Program Manager, ICF International, Baltimore, MD STACS - Standing Trustee Alliance for Computer Security

4/15/2015

slide-2
SLIDE 2

STAFF SYMPOSIUM IT TRACK

IT Track Outline

Day 1

Session 1 (9:00 - 10:30) - HOW TO KEEP YOUR TRUSTEE HAPPY FROM AN IT PERSPECTIVE

Session 2 (10:45 - 12:15) - A RIVERWALK THROUGH YOUR NETWORK Lunch (12:15-1:30)

Session 3 (1:30 – 3:00) - DESKTOP & SERVER MANAGEMENT

Session 4 (3:15 – 4:45) - THE CLOUD – WHO REALLY UNDERSTANDS IT? DAY 2

Session 5 (8:30 - 10:00) - DISASTER RECOVERY – YOUR WORST FEAR COMES TRUE

Session 6 (10:15 - 11:45) - BUERRITO BOWL - MIXED HOT TOPICS List of Reference Material

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 2

4/15/2015

slide-3
SLIDE 3

STAFF SYMPOSIUM - IT TRACK

 STACS Service and Features  Tools Demo  Virtual Desktop Solutions

Sess ssion Focal Po Points ts

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 3

4/15/2015

slide-4
SLIDE 4

STAFF SYMPOSIUM IT TRACK

STACS Features

 Internet Vulnerability Scanning (biweekly)  Quarterly War-dialing  Onsite Assessment (within 3 years or as needed)  Emergency Onsite (within 24 hours if needed)  Security Support Center

  • 866-STACS.NET or support@stacs.net
  • Incident Response and Recovery Assistance (onsite/offsite)
  • Vulnerability remediation
  • Technical Consultation and guidance
  • Security Impact of Physical, Technical, Operational changes to IT / data

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 4

slide-5
SLIDE 5

STAFF SYMPOSIUM IT TRACK

STACS Features

 Training

  • Technical library
  • Onsite and online webinar
  • New Training Portal (1 user license included)

 Optional Services (Contact STACS for Pricing)  Onsite scanning appliance ($/YR)

  • Additional Training Portal licenses

 Video Library Only (~$/yr)  MS & Net+ Classware (~$/yr)  MS & Net+ Classware and library (~$/yr)

  • Onsite/remote technical support***

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 6

slide-6
SLIDE 6

STAFF SYMPOSIUM IT TRACK

Network Discovery Local Discovery

 What network am I on?

  • www.whatsmyip.org

 Public addresses, domain?

  • whoisbyip, whoisbydomain

 DNS/ISP

  • nslookup SOA, MX

 Network systems & services?

  • Nmap, ping

 How do I get there?

  • tracert (traceroute)
  • ping and arp

 What’s my IP, name, domain…?

  • hostname -a
  • ipconfig –a

 What networks?

  • route
  • netstat –rn

 What services?

  • netstat –rn, -ban

Tools in Action (Session 6 Demo)

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 6

slide-7
SLIDE 7

STAFF SYMPOSIUM IT TRACK

Analysis Network Troubleshooting

 Testing Service Ports

  • telnet ip_address portnumber
  • http://ip_address:portnumber/
  • https://ip_address:portnumber/
  • Use application, ex: remote desktop

 Practical Use Case

  • Test: see if you filter VPN access to the LAN
  • Remote infected computer attached to a

VPN can access all system and service on the LAN unless the firewall limits the access to specific systems and services.

  • Example: Only allow RDP (3389/tcp) to the

terminal server.

 When Ping doesn’t help  Use Wireshark & Telnet

  • Run wireshark on client & server
  • Telnet to IP and service port
  • Analyze 3-way handshake for

 Delivery of SYN  Receipt of SYN-ACK  PUSH of data  RST – forced reset  FIN – normal finish

  • Analyze the data transfered

Tools in Action (Session 6 Demo)

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 7

slide-8
SLIDE 8

STAFF SYMPOSIUM IT TRACK

Windows Tools Application Troubleshooting

 Process Explorer (Procexpl.exe)

  • Sysinternals tools from Microsoft
  • A task manager on steroids.
  • Find running processes, see what

files, registry keys and service ports a process uses. See which services each srvhost.exe process uses.

  • Add columns to graph I/O, CPU,

Netowork usage over time

 API Monitor

  • www.rohitab.com
  • May need to install symbol library

from Microsoft.

  • Monitor execution of processes.
  • Application Programming Interfaces

(API) are the function librarys a program uses to perform tasks like talking to hardware, network, display to the screen, etc.

  • Useful for finding for finding process

errors that prevent a process from starting or continuing to run.

Tools in Action (Session 6 Demo)

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 8

slide-9
SLIDE 9

STAFF SYMPOSIUM - IT TRACK

Virtual Desktops

Presentation by Allen Reininger

4/15/2015

SESSION 6 - BUERRITO BOWL - MIXED HOT TOPICS 9

slide-10
SLIDE 10
slide-11
SLIDE 11
  • !"

" #$ % " $ $% & "

slide-12
SLIDE 12
  • "

' $ " $ $ ' "

slide-13
SLIDE 13
  • (
  • !"

# $"% $ % $ %

slide-14
SLIDE 14
  • (

$$ )*"+$ )"

slide-15
SLIDE 15

,

( !" " %$" "!%

slide-16
SLIDE 16
  • (

$ $!". / % "$ * *"

slide-17
SLIDE 17

( &$

( 0$ # "* ! "1 "

slide-18
SLIDE 18

/

( '

( ()*

( +,-./0&(12/-3/4 100&3 * 56000'/ ( 780/0! 5.00' ( /9:( * 5900 ( ;20<<.+$ 5=00 ( ;20<<.+$ 5=00 ( ) 519000 ( >& 51.00 ( ?!,@ 5162(A)%58=* ( B !59=!10%(C %% D %*

slide-19
SLIDE 19
  • (

/' $ 0

  • "

" "

2*%2