August 02, 2015

Win 10 Install

This is not a "how to" on the install. Seriously, if you need that either let your kids do it for you or shut your eyes, cross your fingers and click. It's a really easy install from the user perspective. Microsoft has this set up as a "Windows Update" in just about every way (looks like the way I upgraded my mac....) [Note: the entire upgrade process took over an hour - but less than 90 min. Your upgrade time may vary.]

So what I did for my install was that I turned off all the networking components on the laptop except for Microsoft Client and IPv4. I disabled my wireless card. Then I plugged my ISP provider's router into a switch - which then connected to the laptop being upgraded. I spanned the port to a connection on another laptop where I was running Wireshark to capture the packets being sent and received by the upgraded device. For the most part, this should capture traffic to and from the device as it is installing and upgrading. Note that the actual download of the software occurred "in the background" when I "reserved" my copy of free Windows 10.

Now look at what we think is going on... You think that you've already downloaded the operating system and all it has to do is install it. So why would it need an internet connection to complete? There were quite a few packets in the capture and it's going to take a while to go through them. But this will tell me what servers it connected to during the update. There were multiple public IPs in the capture. It will be interesting to find out if they all lead back to Microsoft or not.

One of the things I did not do during the upgrade was check the wireless traffic. I do have an AirPcap adapter so I could do that at a later date. I would like to see if the upgrade turns on your wireless card to see what other devices are on your network or in your vicinity. And I should probably check for any attempts to reach out to my Bluetooth devices. But that will be at a later date. And...regardless of install - I would think that if it wants to know about all your devices, it would poll at regular intervals after the install.

So if you read my previous post about the Agreement you signed for this... you will know that Microsoft wants you to agree to send them certain information. So Microsoft wants to know -where- you are using this software. What device in what location? Realize that you are sending that information and that is what you agreed to get this software for free. Oh - and that's just the start. If you think that the agreement will be different when you pay for it...no, it won't. Same agreement - more money out of your pocket.

Now, I'm not saying don't upgrade. And I'm not saying that Microsoft is doing anything malicious. What I'm saying is that you should be aware that you are giving out this information - and giving Microsoft more control over your computer than you may realize.

Let's say you're an upstanding citizen of the US. And you only use your desktop/laptop to surf the web at home. You watch movies, you send email to your friends and you sometimes use the computer for games when you're bored. Hell, yeah - save yourself some money and get your free upgrade. Let them look, you're doing nothing wrong and you put most of everything you do on Facebook anyway...

1) Know that if Microsoft (assuming well-intentioned) can see this data - so can a malicious person.

2) What if you're an upstanding citizen with a sensitive job?

More to follow once the trace file is analyzed.

Posted by BlueWolf on August 02, 2015

July 31, 2015

Free Windows 10

Long time no blog... but this new Windows 10 deserves a post.

Like many people, I got the notification that I could upgrade to Windows 10 FREE (for a limited time). Well, even though I signed up for it - I'm not going to just plop it on my main laptop. So I'm going to put it on one of my little mini laptops and see what it's like first.

Is anyone else surprised that Microsoft is giving away W10 for free? So I did a little search on it. Seems that the story is that Microsoft is doing this so that it can boost sales in other areas. Great. Let's all run out and buy a Hololens so we can live in a virtual world. I'm not believing it. Perhaps they need a large install base to keep their footing in the corporate space. Who knows? But for one year we all have the opportunity to upgrade our most current systems to W10 for free.

At this time (at the start of the rollout) expect it to take a while to kick in. My Windows7 mini took hours from the time I clicked to reserve and the time it was confirmed. In order to do this, I had to give Microsoft my email address. Then it took a few more hours for the upgrade installer to download. To be fair, this is new (released on 29 July), so I'm sure the servers are swamped. Depending on when you upgrade, it may take much less time.

So now I'm looking at the End User License Agreement... Who reads those? I do. Here are the pertinent items that I found while reading it:

1) You agree and consent "to the transmission of certain information during activation and during your use of the software as per the privacy statement described in Section 3."
Okay, so I can understand them wanting to verify that you are upgrading a valid copy of Windows... but during the entire use of the software? I guess it depends on what certain information that they are gathering. But it does give me pause. I will dive into this more fully before putting it on my main system.

2) If you don't like the software and you want to "return" it... "might require you to return the software with the entire device on which the software is installed for a refund or credit, if any." What? If I don't want Win 10 anymore, I might have to send them my laptop to "return" it? Are you kidding me?

3) The agreement "also applies to Windows apps developed by Microsoft that provide functionality such as contacts, music, photos and news that are included with and area part of Windows." (See #2 above...)

4) There are some strange remote access restrictions. "No more than once every 90 days, you may designate a single user who physically uses the licensed device as the licensed user. The licensed user may access the licensed device from another device using remote access technologies." Okay...so this sounds strange. I'm not sure what they're getting at here, but it looks like it relates to remote access - which most home users are not going to use. However, it can look like it is talking about user accounts - which wouldn't make sense. But then again, with the home user in mind - most just boot up under one account and everyone uses it.

5) "During activation (or reactivation that may be triggered by changes to your device's components), the software may determine that the installed instance of the software is counterfeit, improperly licensed or includes unauthorized changes. If activation fails the software will attempt to repair itself by replacing any tampered Microsoft software with genuine Microsoft software." Isn't this what malware does?

6) Updates - the EULA makes you agree to update your... no you agree to let Microsoft update your system when they want. "By accepting this agreement, you agree to receive these types of automatic updates without any additional notice."

7) And if you want to downgrade (go back to what you had before the W10 upgrade), it's basically on you to obtain that earlier version of software to use. "Neither the manufacturer or installer, nor Microsoft, is obligated to supply earlier versions to you. You must obtain the earlier version separately, for which you may be charged a fee."

8) Long section about disputes and legal proceedings. Note that you agree that you can't be a part of a class action lawsuit against Microsoft...

9) "The software will turn on malware protection if other protection is not installed or has expired. To do so, other antimalware software will be disabled or may have to be removed." Really? Again, doesn't malware itself do this?

10) "You may not use such versions of the software for commercial, non-profit, or revenue-generating activities." Do people know this? How does this impact BYOD? What if you're writing a book? Or using your laptop to create a report for a customer? Do non-profits know they need to buy the business version of the software rather than use their home desktops/laptops?


Granted - this is a licensing agreement (and is legal-ese by its very nature). But it looks more and more like you don't own the device you buy. Well, you own the hardware that you bought, but you're "licensing" the software.

From my experience with Microsoft, they have been reasonably fair. I've been able to get activation keys fixed - granted, they were replacing valid copies of Windows that needed to be reinstalled (which is the whole point). And I think that perhaps the auto-updates and malware removal stuff may be a reaction to consumer demand. Users are notorious for not installing updates and then wondering why their computer is so slow. Or go to "popular" or "free whatever" sites and getting malware (without buying or maintaining any kind of antivirus). So that may be reactionary on Microsoft's part.

Once I set up so that I can capture packets, I'm going to click the agreement and upgrade. Then I'm going to compare the "before upgrade" packet capture to the "during upgrade" and "after upgrade" captures. This might get interesting...

Posted by BlueWolf on July 31, 2015

April 04, 2014

The Accidental Certification

I really never meant to get the C|EH. It was somewhat interesting, but not compelling. But I do realize that many employers and managers respect the certification. And...I could always use the CPEs. So I signed up for the WSC's 14 week C|EH class/workshop.

The classes and workshops were very interesting - they are a great bunch of women. And each class had a hands-on component. For the most part, I knew the material inside and out, so for me it was more of a review. This series of classes focused on the v7 version of the exam and used the Official Study Guide endorsed by the EC Council. I happened to actually have that book and the Sybex Study Guide (Graves). Any time I look at something I always use _at least_ two books on the subject. I've never found a book yet that completely covers any topic. The Graves book had some things that the Official guide left out. And the Official guide had some things that the Graves book didn't cover. I read both.

Once you take a class or self-study, you have to apply to take the test. Expect that this application is going to take some time. From what I understand - if you take the official course through EC Council, you can directly take the test. But if you don't take their course - you have to fill out a form, pay $100 (non-refundable) and submit your request for approval. They will write to your references/verifiers who need to write back verifying that you have the required experience. I suggest you use people as verifiers that are willing to do that work. Many people will give you a good reference, but how many of them will fill out a form on your behalf? Pick them. And if you don't hear back after a few weeks, write to the EC Council. They will check for you and see what status your application has - and if you need to prod your verifiers or not. Sometimes that email might prod them...

Once all that is done, you will get an email with your approval. Then you buy the test on their site and have them match that up with your approval. You will get a voucher number and an authorization code. You use the voucher number provided to schedule your test and you take the authorization code with you to the exam. There are two different exams - one from Vue and the other from Prometric. They are supposed to be the same exact test, but you have to pick one and that voucher only works with that testing facility. The facility I test at locally works with both Vue and Prometric (and a few others). Some other facilities work with one or the other. You can go to the Vue and Prometric sites to find out in advance where the closest testing center is for your area. Do this before you buy the test on the EC Council site.

As you can see, this is a process and it takes time. Do not schedule the exam until you are completely ready. I have found that my testing center can accommodate a Monday morning test that was scheduled on Sunday night. Your testing center may not be able to do that - or all the available seats may be full. But don't schedule it a few weeks in advance in anticipation that you will be ready by then. Things sometimes happen and you can end up with unnecessary pressure on you as the date draws near. That's not the way to do it and it will make it harder to learn with test pressure on your mind. Remember - you want to actually learn the material and know it (that's the goal) not just memorize enough to pass a test.

The other thing that helped me (again) was having a Safari Online account. Once I was ready and got my approval, the version 7 exam was no longer available. I had no choice but to take the version 8 exam. The material was not that drastically different from what I studied. However, just to be sure - I was able to pull up the version 8 book in Safari and "flip" through it to be sure that I had covered every topic. From what I saw, the v7 to v8 update was more of an update of their course rather than a drastic change in the exam. [It was not the same as the NT4.0 to Windows 2000 changes by any means. Now that was a drastic change.]

I found the test itself to be rather straight-forward. If you know the material and understand the topics completely, you should be able to pass the exam. Note that the exam I took had the questions chopped up in little sections - each with their own time limit. So you don't get all the questions and all the time all at once... That may become important if you have a small number of questions in the section and a short amount of time and you need to go to the bathroom. Just sayin' - go to the bathroom before you start. There was no indication if you needed to pass each section independently in order to pass the exam. And the sections weren't labeled - so the grouping confused me a bit. But if you look in the corner of the screen, you'll see which question you're on, how many are left in that section, and how much time is left for that section. At the end, you will get your results on the screen and a printout of your results from the proctor. And now that you've read this you know exactly what to do and you will pass!

There is supposed to be a "welcome" kit mailed to you (certificate, etc) in a few weeks. It has only been 2 weeks since I passed, so I'm still waiting on the kit. [The Wireshark kit was really nice and came with stickers.]

Good luck on your journey!

Posted by BlueWolf on April 04, 2014

February 12, 2014

Wireshark!

Baaad blogger. No...wait, not bad blogger, but now infrequent blogger here. I can't have that long of a break and just let it go without mentioning something about the large time gaps. So here's the update:

I've decided to no longer update the "Reading Stats" part of this blog. I think by now you get the idea - and now that I'm reading more security books... well, it's not as useful to put my cards on the table. In addition, my studies have morphed into more videos, web seminars and in-person classes - along with a lot of online reading. The reading stats are not really covering all that I'm doing.

After my first attempt at the CCIE R/S Lab - I had started working towards a second attempt. Then I took some time to study for and attain the CISSP certification. It's something that I've wanted for a very long time. And then I started practicing for the Lab again. Meanwhile, the clock was ticking. I had to make a decision - especially when I received emails reminding me that 9 Cisco certifications were about to expire. So I studied for the CCIE R/S Written Exam - and passed it (again). This nicely reset the clock for the Lab and renewed all 9 certifications. Whew.

Of course, I took advantage of this breathing space by... taking an online workshop series for the C|EH! And now that I've completed that and while I was waiting for the EC Council to approve my application for the exam... I decided to study for the Wireshark certification. Yeah. I have wanted that certification ever since they created it. And today I took that test and PASSED! So now I am a Wireshark Certified Network Analyst.

Naturally, I'm simplifying the process. The actual process started years ago (2007) when I convinced my supervisor to get the 4 Wireshark Training CDs. I went through them from start to finish. And they helped me to go from muddling my way through a trace file to actually knowing what I was doing. And then I kept going. Every time the opportunity arose to perform and analyze a trace, I was front and center, waving my hands and shouting "pick meeeeeeee" like Donkey from the movie Shrek. For me, surfing the web is not shoe shopping; it's finding training videos - and there are plenty on Wireshark, Pilot, ACE Analyst, Observer, and other bit spitting. During this time, the certification was created. Then it disappeared. Then it reappeared and was turned into a certification program (now with continuing education requirements and study guides). I bought the Study Guide ... and then I bought the Exam Prep Guide. So when I saw the opportunity to study up and test - it was only a few weeks of prep, but it was also a few years of creating the foundation for that prep. And now I have another cert that I have wanted for a long time.

That leaves the C|EH and then back to the rack to finish the Lab. Yes, I know - if I don't retake the 4.0 Lab before the beginning of June, I will have to take the new 5.0 version of the lab. Oh...yeah... in the new 5.0 version they now have a new Diagnostic module (which is the meat and potatoes of the Operations crew) and Interpret Packet Captures! So am I studying for the Lab or am I taking detours?

On the one hand, it would be better to take the 4.0 Lab. I have already attempted it once and I pretty much know what's expected of me for that version. Although, the new 5.0 Lab seems to dovetail nicely with my strengths and may be somewhat more fun. Perhaps the answer will be in the next update.



Posted by BlueWolf on February 12, 2014

February 28, 2013

Happy Not So New Year

Wow. Has it been that long? I was very surprised to see that this is my first post of the year. I guess it is both good and not so good. Good - because I'm studying instead of blogging about studying. Not so good - because I had hoped to be further along and talking about it more.

The thing that prompted me to post is that I completed another book and had to add it to the list. I came home from work today and I read this book in one evening. The book is: "Your CCIE Lab Success Strategy - The Non-Technical Guide Book" by Dean Bahizad and Vivek Tiwari. Both are double CCIEs.

I had mixed feelings about the book. I expected a larger book. Perhaps something like the size of an O'Reilly topic was what I had envisioned. But it's more the size of a small guide book - or a Kindle. I opened it up and saw that the entire book was double spaced. Gasp! But as I read through the book, I found it to be a really good read.

There really isn't anything "new" in the book. Just about all the information or hints are things that are covered in the INE videos. There are no shortcuts. You have to be dedicated and persevere. Yadda yadda...yeah, I know. And that's okay. It's always good to hear it - and to hear it again.

The good part of the book is that it is ENCOURAGING. Even though it's stuff you've heard before, read it. As I was reading, I considered passing it on when I finished. At the end of the book, I decided to keep it - until I get my second CCIE. And that's what the real value of the book turned out to be (for me). I am going to read the book again whenever I get discouraged. I'm going to read it when I start getting sluggish. It's a really good pep talk when you need it.

The biggest recommendation in the book is the hardest to implement. It recommends a study partner. Finding the right study partner is really difficult in some locations. And finding a bad study partner is worse. So I'm going to take that recommendation with a grain of salt. I wish I didn't have to skip that part - a study partner would be helpful.

The part that I found encouraging is the undertone that it is -normal- to want, work toward, and attain TWO CCIE certifications. And it was uplifting to hear that the second one is easier than the first. You already have a strong foundation (your first CCIE), you already have a study method, and you have already proven to yourself and others that you have the drive and persistence needed to complete such a daunting task. All that's left is the doing.

I also got another book this week that I'm poking my way through -> Guide to TCP/IP Fourth Edition by Jefferey Carrell, Laura Chappell, Ed Tittel with James Pyles. OMG I am so excited about this one! Jefferey Carrell was the instructor at a Riverbed workshop I recently attended. It was a great workshop on Pilot and Wireshark. This is the TCP/IP book that I have always wanted. It doesn't just go through some dry rehash of protocols. This one is more of a hands-on guidebook - complete with trace files. Yes. This is the book I have always wanted. It goes through the protocol and tells you how it works. Then you download and explore the trace files to SEE how it works (or doesn't). I'm rationalizing my reading of the book in two ways: first, a good book on TCP/IP is recommended reading for the CCIE R/S path; second, it is oh-so-very directly job-related.

However, I do realize after reading the first book, I can't allow myself to be distracted from my CCIE lab studies. So I'm using this book as my "carrot" to encourage me to study. But this is definitely the book (read: reward) that I get to read after I watch my scheduled videos or finish a scheduled lab. Awesome stuff.

Posted by BlueWolf on February 28, 2013