Beruflich Dokumente
Kultur Dokumente
Magazine
Contents SysAdmin Magazine December 2019
SysAdmin Contents
Magazine
№ 54 December ‘19
2
Contents SysAdmin Magazine December 2019
Explained
▪ Router nection (OSI) model. There are two types of hubs: simple and
▪ Bridge multiple port.
▪ Gateway
▪ Modem
▪ Repeater
Jeff Melnick
IT Security Expert, Blogger
▪ Access Point Switch
Switches generally have a more intelligent role than hubs. A
switch is a multiport device that improves network efficien-
What are network devices? necting devices because it connects LAN components with
identical protocols. Using switches improves network efficiency over hubs or
Network devices, or networking hardware, are physical de- routers because of the virtual circuit capability. Switches also
vices that are required for communication and interaction A hub can be used with both digital and analog data, provid- improve network security because the virtual circuits are
between hardware on a computer network. ed its settings have been configured to prepare for the for- more difficult to examine with network monitors. You can
matting of the incoming data. For example, if the incoming think of a switch as a device that has some of the best ca-
data is in digital format, the hub must pass it on as packets; pabilities of routers and hubs combined. A switch can work
Types of network devices however, if the incoming data is analog, then the hub passes at either the Data Link layer or the Network layer of the OSI
it on in signal form. model. A multilayer switch is one that can operate at both
Here is the common network device list:
layers, which means that it can operate as both a switch and
Hubs do not perform packet filtering or addressing functions; a router. A multilayer switch is a high-performance device
3
Contents SysAdmin Magazine December 2019
that supports the same routing protocols as routers. or more subnetworks. Routers can also be connected in- es that fit the new network components. Each router inter-
ternally to other routers, creating zones that operate in- face has its own Address Resolution Protocol (ARP) module,
Switches can be subject to distributed denial of service dependently. Routers establish communication by main- its own LAN address (network card address) and its own In-
(DDoS) attacks; flood guards are used to prevent malicious taining tables about destinations and local connections. A ternet Protocol (IP) address. The router, with the help of a
traffic from bringing the switch to a halt. Switch port secu- router contains information about the systems connected routing table, has knowledge of routes a packet could take
rity is important so be sure to secure switches: Disable all to it and where to send requests if the destination isn’t from its source to its destination. The routing table, like in
unused ports and use DHCP snooping, ARP inspection and known. Routers usually communicate routing and other the bridge and switch, grows dynamically. Upon receipt of
MAC address filtering. information using one of three standard protocols: Rout- a packet, the router removes the packet headers and trail-
ing Information Protocol (RIP), Border Gateway Protocol ers and analyzes the IP header by determining the source
(BGP) or Open Shortest Path First (OSPF). and destination addresses and data type, and noting the
arrival time. It also updates the router table with new ad-
Router Routers are your first line of defense, and they must be con- dresses not already in the table. The IP header and arrival
figured to pass only traffic that is authorized by network ad- time information is entered in the routing table. Routers
Routers help transmit packets to their destinations by
ministrators. The routes themselves can be configured as normally work at the Network layer of the OSI model.
charting a path through the sea of interconnected network-
static or dynamic. If they are static, they can only be config-
ing devices using different network topologies. Routers
ured manually and stay that way until changed. If they are
are intelligent devices, and they store information about
dynamic, they learn of other routers around them and use
the networks they’re connected to. Most routers can be
information about those routers to build their routing tables.
configured to operate as packet-filtering firewalls and use Bridge
access control lists (ACLs). Routers, in conjunction with a
Routers are general-purpose devices that interconnect Bridges are used to connect two or more hosts or network
channel service unit/data service unit (CSU/DSU), are also
two or more heterogeneous networks. They are usually segments together. The basic role of bridges in network
used to translate from LAN framing to WAN framing. This
dedicated to special-purpose computers, with separate in- architecture is storing and forwarding frames between
is needed because LANs and WANs use different network
put and output network interfaces for each connected net- the different segments that the bridge connects. They
protocols. Such routers are known as border routers. They
work. Because routers and gateways are the backbone of use hardware Media Access Control (MAC) addresses for
serve as the outside connection of a LAN to a WAN, and
large computer networks like the internet, they have spe- transferring frames. By looking at the MAC address of the
they operate at the border of your network.
cial features that give them the flexibility and the ability to devices connected to each segment, bridges can forward
cope with varying network addressing schemes and frame the data or block it from crossing. Bridges can also be used
Router are also used to divide internal networks into two
sizes through segmentation of big packets into smaller siz- to connect two physical LANs into a larger logical LAN.
4
Contents SysAdmin Magazine December 2019
Bridges work only at the Physical and Data Link layers of Gateway reverse transformation and provides a digital output to a
the OSI model. Bridges are used to divide larger networks device connected to a modem, usually a computer. The dig-
Gateways normally work at the Transport and Session lay-
into smaller sections by sitting between two physical net- ital data is usually transferred to or from the modem over
ers of the OSI model. At the Transport layer and above,
work segments and managing the flow of data between a serial line through an industry standard interface, RS-232.
there are numerous protocols and standards from differ-
the two. Many telephone companies offer DSL services, and many
ent vendors; gateways are used to deal with them. Gate-
cable operators use modems as end terminals for identi-
ways provide translation between networking technologies
Bridges are like hubs in many respects, including the fact fication and recognition of home and personal users. Mo-
such as Open System Interconnection (OSI) and Transmis-
that they connect LAN components with identical proto- dems work on both the Physical and Data Link layers.
sion Control Protocol/Internet Protocol (TCP/IP). Because
cols. However, bridges filter incoming data packets, known
of this, gateways connect two or more autonomous net-
as frames, for addresses before they are forwarded. As it
works, each with its own routing algorithms, protocols, to-
filters the data packets, the bridge makes no modifications
to the format or content of the incoming data. The bridge
pology, domain name service, and network administration
procedures and policies.
Repeater
filters and forwards frames on the network with the help
A repeater is an electronic device that amplifies the signal
of a dynamic bridge table. The bridge table, which is initial-
Gateways perform all of the functions of routers and more. it receives. You can think of repeater as a device which re-
ly empty, maintains the LAN addresses for each computer
In fact, a router with added translation functionality is a gate- ceives a signal and retransmits it at a higher level or higher
in the LAN and the addresses of each bridge interface that
way. The function that does the translation between differ- power so that the signal can cover longer distances, more
connects the LAN to other LANs. Bridges, like hubs, can be
ent network technologies is called a protocol converter. than 100 meters for standard LAN cables. Repeaters work
either simple or multiple port.
on the Physical layer.
5
Contents SysAdmin Magazine December 2019
Stay on top of
figuration issues and attacks.
a connection point between WLANs and a wired Ethernet
LAN. They also have several ports, giving you a way to ex-
what’s happening
pand the network to support additional clients. Depend-
ing on the size of the network, one or more APs might be
required to provide full coverage. Additional APs are used
to allow access to more wireless clients and to expand the
range of the wireless network. Each AP is limited by its on your network
devices
transmission range — the distance a client can be from an
AP and still obtain a usable signal and data process speed.
The actual distance depends on the wireless standard, the
obstructions and environmental conditions between the
client and the AP. Higher end APs have high-powered an- Free Download
tennas, enabling them to extend how far the wireless sig-
nal can travel.
6
Contents SysAdmin Magazine December 2019
New Quiz!
If you’re a sysadmin, you know how to make magic. But as Christmas
approaches, maybe it’s time to learn more about your magical skills:
Exactly which iconic Christmas character are you?
Let’s start
7
Contents SysAdmin Magazine December 2019
Set Up a Hybrid
Keep in mind that when you create a hybrid Exchange en- 4. When the wizard has finished installing, it will open.
vironment, you have to leave a single premises Exchange Click Next to begin.
Server machine on your local network for the forseeable
Office 365 and future. This is because of the way the Office 365 system
defers some things to on-premises Exchange Server ma-
Migrate to
chines; some roles that the on-prem machine holds cannot
be moved up to Office 365 in a supported way. Microsoft is
working on changing this so that when all of your mailbox-
Exchange Online es are migrated to Office 365, you can decommission that
last Exchange Server on your network, but for the time be-
ing, it remains a requirement.
Jonathan Hassell
Exchange Expert, IT Consultant
8
Contents SysAdmin Magazine December 2019
3. The wizard will check the credentials. Once they’ve been cially useful if there is a lot of data to migrate and the process is bound to take a lot of time.
verified, click Next to continue.
To migrate your mailboxes, take the following steps:
4. For our purposes, choose the Configure my Client Ac-
cess and Mailbox servers for secure mail transport 1. Open the Exchange Admin Center at https://outlook.office365.com/ecp and choose Migration in the Recipients settings.
(typical) option and click Next.
2. Click the + icon, and then click Migrate to Exchange Online from the pop-up menu.
5. Choose the right SSL certificates and click Next.
9
Contents SysAdmin Magazine December 2019
Policy PowerShell
command below creates a new GPO and links it to the Cli-
command below creates a new GPO called ‘Netwrix PCs’
ents OU in the ad.contoso.com domain:
and adds a comment to describe the its purpose:
Russell Smith
IT Consultant, PowerShell Expert The command creates an empty GPO with no settings. If
To unlink a GPO, use the Remove-GPLink cmdlet:
you have starter GPOs configured in your Active Directory
domain, you can create a new GPO based on their settings.
The following command creates a new GPO called ‘Netwrix Remove-GPLink -Name "Netwrix PCs" -Target
In addition to the Group Policy Management Console PCs’ based on the ‘Windows 10 MS Security Settings’ GPO: "ou=clients,dc=ad,dc=contoso,dc=com"
10
Contents SysAdmin Magazine December 2019
11
Contents SysAdmin Magazine December 2019
Configuring Group Policy settings To get detailed information about a registry key configured in a GPO, use Get-GPRegistryValue:
12
Contents SysAdmin Magazine December 2019
Applying Group Policy settings Get-GPResultantSetOfPolicy -Computer dc1 -ReportType HTML -Path c:\temp\dc1rsop.html
Provided that your GPO is linked to a domain, OU or site, it
will apply to user and computer objects below where it is
linked. But if you want to force a Group Policy update on a
remote server or other device, you can use Invoke-GPUp-
date. Running Invoke-GPUpdate without any parameters
will force an update of user and computer configuration
settings on the local computer. The command below forc-
es a Group Policy update on server1 for user configuration
settings only:
Figure 4. How to get information about which GPOs are applied to a user or computer
13
Contents SysAdmin Magazine December 2019
Log This article is for database administrators (DBAs) who are look-
ing at using C2 auditing, Common Compliance Criteria and
SQL Server Auditing. We will not be looking at any third-party
1. Open the SQL Server Management Studio.
auditing tools, though they can be of great help, especially for 2. Connect to the database engine for which you want to
larger environments and in regulated industries. enable C2 auditing. In the Connect to Server dialog, make
Russell Smith
sure that Server type is set to Database Engine and then
IT Consultant, PowerShell Expert
click Connect.
Enabling C2 Auditing and Common 3. In the Object Explorer panel on the left, right-click your
14
Contents SysAdmin Magazine December 2019
Common Criteria compliance in SQL Server, you are en- Enabling SQL Server Audit
abling CC Compliance EAL1. It is possible to configure SQL
SQL Server auditing can be enabled instead of C2 auditing;
Server manually for EAL4+.
you can also choose to enable both. SQL Server Audit ob-
jects can be configured to collect events at the server level
Enabling CC Compliance changes SQL Server behavior.
or the SQL Server database level.
For example, table-level DENY permissions will take prece-
dence over column-level GRANTs, and both successful and
failed logins will be audited. In addition, Residual Informa-
Create Server Audit Object
tion Protection (RIP) is enabled, which over-writes memory
allocations with a pattern of bits before they are used by a Let’s create a server-level SQL Server audit object:
new resource.
1. In the Object Explorer panel on the left, expand Security.
8. Click OK.
2. Right-click Audits and select New Audit… from the menu.
9. Based on the selected options, you might be prompt- This will create a new SQL Server Audit object for serv-
ed to restart SQL Server. If you get this message, click OK er-level auditing.
Figure 1. Configuring access auditing
in the warning dialog. If you enabled C2 Common Criteria
Compliance, reboot the server. Otherwise, right-click your 3. In the Create Audit window, give the audit settings a
6. Check Enable C2 audit tracing under Options. SQL Server instance in Object Explorer again and select name in the Audit name field.
Restart from the menu. In the warning dialog, click Yes to
7. If you want to enable C2 Common Criteria Compliance confirm that you want to restart SQL Server. 4. Specify what should happen if SQL Server auditing fails us-
auditing, check Enable Common Criteria compliance. ing the On Audit Log Failure option. You can choose Continue
or choose to shut down the server or stop database opera-
Common Criteria (CC) Compliance is a flexible standard tions that are audited. If you select Fail operation, database
that can be implemented with different Evaluation Assur- operations that are not audited will continue to work.
ance Levels (EALs), from 1 to 7. Higher EALs have a more
demanding verification process. When you check Enable
15
Contents SysAdmin Magazine December 2019
6. Click OK.
Create Database Audit Object 3. In the Properties window under Actions, use the dropdown
menus to configure one or more audit action types, selecting
To create a SQL Server audit object for database-level audit-
the statements you want to audit (such as DELETE or INSERT),
ing, the process is a little different and you need to create at
the object class on which the action is performed, and so on.
least one server-level audit object first.
Figure 2. Creating a server-level SQL Server audit object
4. When you’re done, click OK and then enable the audit ob-
1. Expand Databases in Object Explorer and expand the da-
ject by right-clicking it and selecting Enable Database Audit
5. In the Audit destination dropdown menu, you can choose tabase on which you want to configure auditing.
Specification.
to write the SQL audit trail to a file or to audit events in
the Windows Security log or Application event log. If you 2. Expand the Security folder, right click Database Audit
choose a file, you must specify a path for the file. Specifications and select New Database Audit Specifica-
tion… from the menu.
Note that if you want to write to the Windows Security
event log, SQL Server will need to be given permission. For
16
Contents SysAdmin Magazine December 2019
SQL Server
1. In SQL Server Management Studio, in the Object Explor-
er panel, expand Security and Audit.
4. At the top of Log File Viewer, you can click Filter to cus-
tomize which log entries are displayed. SQL Server file logs
are saved in .sqlaudit format and are not readable, so Log
File Explorer allows you to click Export to save logs to a
comma-delimited .log file format.
17
Contents SysAdmin Magazine December 2019
SharePoint Item-
To manage the permission levels for a site, navigate to “Site
Permissions” in the site settings and click the “Permission
You can define which item permissions are available for
Levels” button. Here are the default permission levels:
Level Permissions
a site by using the “User Permissions” menu in the Web
Application settings. Don’t be confused because the name ▪ Full Control — Full control on the site
of the menu is similar to “User Policy; it is a different thing.
▪ Design — View, add, update, delete, approve and cus-
tomize
Removing Permissions
Jeff Melnick To remove item-level permissions from a site, click on the ▪ Edit — Add, edit and delete lists; view, add, update and
IT Security Expert, Blogger “User Permissions” menu and uncheck the permissions delete list items and documents
you don’t want to be available on the site. Then click the
▪ Contribute — View, add, update, and delete list items
“Save” button to apply your changes.
and documents
18
Contents SysAdmin Magazine December 2019
1. Click on the item and then click the “Shared With” button
on the “Files” tab. Click “Advanced” to see what permis-
sions these users or groups have to the item.
You will see the list of users who have access to the item:
This is a To delete a permission level, simply select it and click the “Delete Selected Permission Levels” button. You can delete any custom
permission level and any default permission level except Full Control and Limited Access.
In addition to using Permission Levels, you can also define Site Collection Administrators, who have full control permissions on the site
by default. To do this, simply click the “Site Collection Administrators” button on the “Site Permissions” menu, choose the accounts that
should be able to manage the site, and click “OK”.
19
Contents SysAdmin Magazine December 2019
4. Click “Share” and the group or user will be added to the list
and your document will have the specified unique Securing Your
To remove permissions from a user or a group, select the Network Devices
in the Era of Cyber
user or group and click the “Remove User Permissions” but-
ton. To edit the permissions of a user or a group, simply
Threats
select the user or group, click the “Edit User Permissions”
button, select the new permissions, and click “OK”.
Note that assigning unique permission to SharePoint items is not recommended by best practices because it breaks permission inheri-
tance. If you want to remove all unique permissions from a document, click the “Delete Unique Permissions” button.
These are all the ways you can manage SharePoint item-level permissions via the SharePoint Central Administration console. You
can also manage these permissions using Microsoft PowerShell; that’s a topic for another article, but here is a list of the most useful
PowerShell commands for SharePoint. Don’t forget to track and document every change made to permissions in SharePoint to help
keep it secure and compliant.
20
Contents SysAdmin Magazine December 2019
Challenges and
are with a C-level business executive, but the bulk of
the actual assessment is done with a member of the IT
If the organization you are auditing doesn’t understand the
or security staff. Understandably, these folks can feel
How to Overcome
scope and purpose of your audit program, you risk creating
threatened and get a little defensive when they have to
an environment in which the people you’re interviewing be-
explain to a stranger how the network is architected and
come less helpful and more tight-lipped with their answers
Them
secured. The two best ways I’ve found to ease the ten-
— even to the point of being hostile. Here are some ways
sion are kindness and food. Bring donuts to your first
to avoid this trap and develop a healthy, trusting work rela-
meeting with the client’s IT/security department. As con-
tionship instead:
versations get rolling, provide some assurances like, “Just
to be clear, my job here isn’t to criticize the work you’re
Brian Johnson • Avoid techno-babble; it just leads to confusion and
doing. I want to work together with you to identify risks
IT Security & Risk Consultant, Entrepreneur lost opportunities. As an auditor, you’re probably su-
and then help you make a remediation plan. And I want
per comfortable with all the acronyms and jargon that go
to hear your insights about what this company needs to
along with your line of work, but don’t assume that your
better protect its people and data. Maybe you’ve want-
No matter what role you play in the audit process, the expe- clients are. As you ask your audit questions, remember to
ed a SIEM and the security automation capabilities that
rience can be painful. If you’re an external consultant, you keep them in simple terms whenever possible. You could
come with it for years but nobody will listen. Part of my
have to work with clients who have limited budgets and high be asking extremely technical things from staff members
job is to support you and echo these types of requests to
expectations. And if you’re an internal IT/security auditor, who aren’t extremely technical. If you ask something and
management. Ultimately, I want to try to get you some
you might have to wade through a sea of internal politics to get a room full of blank stares, try explaining it a different
of the things you want.” Once the team sees you are on
get your work completed and pass internal audits. way or using an example. For instance, when I ask about
their side, your questions will be answered with more
a firm’s network perimeter protections, I don’t mention
honesty, the audit evidence will be more accurate, the
In this blog post, I describe the 3 most common audit issues things like “IDS/IPS” and “next-gen AV.” Instead, I start with
audit quality will be higher, and everyone will get more
I’ve faced over the past 15 years and share some tips that something like, “Tell me a little about your firewall — is it
value out of the assessment.
have helped me be more successful in conducting external just doing traditional blocking or does it include more ad-
audits. I hope they will help you overcome similar challeng- vanced technology that does extra things like scanning for
es you are facing in your work. viruses or blocking people from viewing certain websites?”
21
Contents SysAdmin Magazine December 2019
Scope creep costs everyone time and Audits that are full of shame
money and blame are demeaning and Unemployment in the audit industry remains extreme low,
and the pool of IT and security auditors is only growing larg-
Once an audit starts, it’s easy for discussions to get off topic unproductive er. If you’re an auditor, that means you will have to work even
and before you know it, you’re spending time talking about harder to differentiate yourself in the market. I hope this in-
I think it’s easy — and tempting — to write your audit as-
and working on things that are out of scope. It’s natural to formation helps you increase your effectiveness and ensure
sessment with a scathing or accusatory tone, thinking that
want to help, but after a while, you will likely find that all your future audits have a positive impact while staying within
if you fill the report with enough high severity findings you
these extra little pockets of time can cost you and the orga- scope and budget. Most of all, I hope it provides a great deal
will get management motivated to start remediating things.
nization you’re auditing a lot of time and money. of value and makes your organization more secure.
Instead, what often happens is the IT/security staff (the re-
sponsible ones who are actually trying to make things bet-
Know that there’s nothing wrong with defining your scope
ter) get reprimanded for your findings, their team morale
— and sticking to it — during an engagement. Since most
takes a hit, and everybody suffers audit fatigue from your ON-DEMAND WEBINAR
organizations have to comply with one or more regulatory
thousand-page report.
standards (the Sarbanes-Oxley Act, PCI, HIPAA, GDPR, etc.),
use that to set the internal controls of the organization as
your compass. It will help guide your work and keep every-
Instead of focusing on reprimands, focus on remediation. At 5 Expert Tips
to Overcome
the end of the day, most companies know they have issues,
body on task and on track.
and they’re looking to you for help and guidance. One item
Compliance
I include with my deliverables as a result of the audit is a se-
If the client insists on asking for your opinion and time on
curity action plan that offers remediation guidance for each
out-of-scope items, clearly they value your expertise. Explain
Challenges
identified risk, along with the expected time and costs. That
that any questions out of the initial scope qualify for a new
way, clients can couple the detailed audit report with the se-
project, which will cost additional time and money, especial-
curity action plan, and essentially have a playbook they can
ly if your audit fees are billed by project. Make these kinds of
follow to actually make the organization better! That’s what
requests easy on clients by having a change order form on
we as consultants and auditors want for our clients and or-
hand so they can approve the additional hours quickly. That Watch Online
ganizations, and that’s why we got into the audit profession
way, it’s a win for everybody.
in the first place, right?
22
Contents SysAdmin Magazine December 2019
Want to spend less time handling account lockout issues in AD? Try this freeware account lockout tool that alerts
you to account lockouts in real time and helps you quickly troubleshoot and resolve them.
Netwrix
Account Lockout
Examiner
Download Free Tool
23
Contents SysAdmin Magazine December 2019
24
[On-Demand Webinar]
Active Directory 101 Whether you are an Active Directory novice or an experienced IT professional, enroll in
our free online course prepared by Sander Berkouwer, an Enterprise Mobility MVP, for
step-by-step instructions and industry best practices for AD management. These sessions
are also a great way to get ready for Exam 70-742.
Watch Now
New Sysadmin Magazine Page
on Facebook
Now on
Facebook
SysAdmin Magazine
Get the best articles from the magazine, along with the freshest
IT news and top tips from the IT community.
Learn More
Netwrix Auditor 9.9 is here
INTRODUCING
Learn More
Corporate Headquarters: Phone: 1-949-407-5125 Copyright © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or
300 Spectrum Center Drive, Toll-free: 888-638-9749 one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other
Suite 200 Irvine, CA 92618 EMEA: +44 (0) 203-318-02 countries. All other trademarks and registered trademarks are the property of their respective owners.