October 6th, 2014
With tools making it easier for people to hack/crack passwords, it is becoming more important to use strong passwords. You will also want to get into a good habit of changing them every 60 to 90 days. Once you have a good methodology of doing it the remembering of the new passwords will be easy. There are a couple of easy ways to keep your password simple to you, yet make it more complex. Like if you have to change your password every 90 days add month and year at the end of your password. Also, enclose your password in Special characters. So say I have my cats name patches for my password. To make it better I go (Patches914) this way it is alpha-numeric using upper and lower case and special characters. Then in December I will change it to (Patchers1214) of for January (Patches115). Some make you change it up so much from your previous password, so I may go (Patches!!5) substituting ! for 1’s and / or *Patches!!5*. See how simple it is to still use a simple and easy to remember password that when you change down the road will still be easy to remember? And According to the site (Patches!!5) — It would take a desktop PC about 344 thousand years to crack my password!
I like to use this site to check:
October 15th, 2013
Wow, 2013 has come and literally rushed past us quicker than I can express proper, as normal times allows. With time running away as it has been, I can only hope that a few of these last few moments linger for quality enjoyment.
I was able to learn several aspects of customer service and add them to the arsenal that I can now claim on my belt loop . . . if I may ever do so with out the extreme wrath of my previous employer. I plan on going into my life skills, progress and learning in the very near future, along with my complaints!!!!! I am eager to use radical and immediate goals to get my arsenal progressing in a manner that I would like.
Training and certification for 2014:
- CompTIA Security + CERTIFIED as of April 2014
- CompTIA ITIL v 3
- MCSA: SQL Server 2012 Solutions Associate
- Cisco: CCENT ~ Cisco Certified Entry Networking Technician
- (ISC)2: CISSP ~ Certified Information Systems Security Professional pushed to 2015
- PMP for PMI ~ Project Management Professional through Project Management Institute pushed to 2015
As with these and all other forms of certification I also look at taking on tasks that deal with SQL 2012, a private intranet style wiki-style-database that will eventually/drastically provide a consistent avenue of information and platform that I look forward daily to.
Here is my resting place for the near future and beyond . . . MORE TO COME SOON!!!! GETTING LATE AND I’M TIRED!!!
May 31st, 2013
Purchased domains and placed a skeleton page up for my new domains. They are: http://sectech.biz and http://sectech.us I have decided to pursue a path towards Secure Technologies and Project Management. With the extremely alarming amount of individuals needing a better understanding of cyber attacks, social engineering and why certain social media sites really are not a good blend with work ethics, let alone all the other negative effects it may have, I hope to educate and assist those with a better understanding.
February 8th, 2013
Sine the late 1990’s I have occasionally visited this site, emailed its author, enjoyed his replies and have desired to learn so much more about how to learn about the intricacies of how things work, operate and function. It was a very sad day when I learned of his passing. I have tired to learn from this site and put it to good use. There are so many aspects of the IT world that I desire to learn and only so little time. I would encourage only those that have a deep understanding and a further burning desire to fully understand search-lore and Reverse Engineering to visit Fravia’s Teachings
December 15th, 2012
With the numerous aspects of hard/soft-ware compliance and protecting all aspects of personal information, I have decided to take my 25+ years of networking/server/ security understanding and place them into a field that desperately understands and realizes their need for the ability to sleep at night feeling safe and that their data and personal customer information is safe and secure.
I have had been given extensive, distinguished security and access in the Nevada Prison System to setup, secure and promote their prisoner-side computer and server access. In the past 15 years, my training, ability and qualification has included the privilege to train alongside exclusive members of NSA (National Security Agency), FBI (Federal Bureau of Investigation), IRS (Internal Revenue Service) and numerous other elite governmental agencies and their upper echelon agents. Along with training and sitting in on lectures I am currently seeking membership with www.infragard.net ………………………………………………………………………………………………………………………………………………………………………………..
I have attended in 2008 an InfraGard discussion at Nevada Energy that included several FBI personnel from the Las Vegas office.
My main focus in life and career-wise has been in the Security (HIPAA, SAS 70, SOX, Anti-Social Engineering) and other aspects to provide safe and secure access to personal and other aspects of privileged information!!!
I fully believe and up hold in all aspects: Federal Agencies Will Exercise Care to Protect Information. To the extent allowed by law, information received from InfraGard members that is marked “InfraGard Protected Information” shall be protected from agency disclosure under 5 USC 552 (commonly referred to as the Freedom of Information Act (“FOIA”)), and from publication, divulgence, or release in any other manner pursuant to the prohibitions of the Trade Secrets Act, 18 USC 1905.
This article is currently being written to satisfy various cravings while expanding my skills . . .
September 19th, 2012
I have over 20 years working on computers and networks, starting all the way back with Novell 3.1x. Many of the systems I have used a heuristic approach when dealing with various platforms within the same network. In just the past three years I have worked on over 4,000 systems alone. My projects have ranged from simplistic to numerous 6-figure, multiple location and multiple discipline aspects.
Currently I am enrolled in the Project Management Certificate program at the University of Nevada, Reno. At the same time I am also studying advanced networking and security. I am looking for a position in the IT field as a Project Manager, preferably in either healthcare, security or education. http://www.linkedin.com/in/cliffordjenkins
. . . more information to follow
Since I’ve updated my LinkedIn Profile, I’ve been receiving about six or seven job offers or interviews weekly. Just last week I took two of AT&T’s skills based tests and manager level interviews, that were all very promising. With my skill set and experience the position is definitely “entry-level” for me, however I am looking more at the “foot-in-the-door” aspect with this economy.
At the same time, I had an interview with another IT based company that I think I’m more interested in their niche in the whole IT managed help situation. On Monday I had my first interview with a very nice gentleman from their company. He expressed the need and desire to hire a Technical Support Analyst – Tier I in my time zone to telecommute. During the interview it was expressed that the normal process was approximately two months from initial contact until date of hire. Two days later, I had my second interview with two of their senior employees in both Tier III and Support Supervisor. Again, I was pleasantly surprised during the interview process of how likable these gentleman were. Within less than 60 minutes after that interview concluded, Ben, the manager from the first interview was calling me back with a HR on the phone, asking if I could fly back, 2,500 miles to meet with them in person. Needless to say, I’ve become very impressed.
In less than 36 hours, I flew from the west coast to Washington D.C., had a four hour interview with a couple of members of their staff, flew back to the west coast; only to have a voice mail waiting for me, requesting references so that I may move on to the next step of the hiring process.
After speaking to some of my references, things are looking good and all that is left is a sign off by the CEO and founder of the company. The next 36 hours I will hope that things go well.
Meanwhile, I have other larger companies awaiting for my response for positions such as “Project Management for Network Vulnerability Assessment” and other engineer and job skill specific tasks that I have trained for and have learned during the last 22 plus years of working with computer networks alone.
November 27th, 2011
32-bit and 64-bit explained
Will this 32-bit software run on my 64-bit operating system? or
Will this 64-bit software run on my computer?
If you've asked these questions then this tutorial should help you to understand the concepts of 32-bit and 64-bit computing. We'll look at your computer system as three parts: the hardware, the operating system and the application programs. At the end we'll look at some of the common questions people have.
32-bit versus 64-bit
As the number of bits increases there are two important benefits.
- More bits means that data can be processed in larger chunks which also means more accurately.
- More bits means our system can point to or address a larger number of locations in physical memory.
32-bit systems were once desired because they could address (point to) 4 Gigabytes (GB) of memory in one go. Some modern applications require more than 4 GB of memory to complete their tasks so 64-bit systems are now becoming more attractive because they can potentially address up to 4 billion times that many locations.
Since 1995, when Windows 95 was introduced with support for 32-bit applications, most of the software and operating system code has been 32-bit compatible.
Here is the problem, while most of the software available today is 32-bit, the processors we buy are almost all 64-bit.
So how long will the transition from 32-bit to 64-bit systems take?
The main issue is that your computer works from the hardware such as the processor (or CPU, as it is called), through the operating system (OS), to the highest level which is your applications. So the computer hardware is designed first, the matching operating systems are developed, and finally the applications appear.
We can look back at the transition from 16-bit to 32-bit Windows on 32-bit processors. It took 10 years (from 1985 to 1995) to get a 32-bit operating system and even now, more than 15 years later, there are many people still using 16-bit Windows applications on older versions of Windows.
The hardware and software vendors learnt from the previous transition, so the new operating systems have been released at the same time as the new processors. The problem this time is that there haven't been enough 64-bit applications. Ten years after the PC's first 64-bit processors, installs of 64-bit Windows are only now exceeding those of 32-bit Windows. Further evidence of this inertia is that you are probably reading this tutorial because you are looking to install your first 64-bit software.
Your computer system in three parts
Now we'll look at those three components of your system. In simple terms they are three layers with the processor or CPU as the central or lowest layer and the application as the outermost or highest layer as shown below:
To run a 64-bit application you need support from all lower levels: the 64-bit OS and the 64-bit CPU.
To run a 64-bit operating system you need support from the lower level: the 64-bit CPU.
This simplification will be enough for us to look what happens when we mix the 32-bit and 64-bit parts. But if you want to understand the issue more deeply then you will also need to consider the hardware that supports the CPU and the device drivers that allow the OS and the applications to interface with the system hardware.
What 32-bit and 64-bit combinations are compatible and will work together?
This is where we get to the practicalities and can start answering common questions.
The general rule is that 32-bit will run on a lower level 64-bit component but 64-bit does not run on a lower level 32-bit component:
- A 32-bit OS will run on a 32-bit or 64-bit processor without any problem.
- A 32-bit application will run on any combination of OS and processor
- But 64-bit application will only run on a 64-bit OS and a 64-bit OS will only run on a 64-bit processor.
This table illustrates the same rule:
Table 1: What is compatible between 32-bit and 64-bit parts of the system
|Operating System (OS)||32-bit||32-bit||64-bit||32-bit||64-bit||64-bit|
The main reason that 32-bit will always run on 64-bit is that the 64-bit components have been designed to work that way. So the newer 64-bit systems are backward-compatible with the 32-bit systems (which is the main reason most of us haven't moved to 64-bit software).
An example of backward compatibility is Windows 64-bit. It has software called WOW64 that provides compatibility by emulating a 32-bit system. See the article How Windows 7 / Vista 64 Support 32-bit Applications if you want to know more. One important point that is made in that article is that it is not possible to install a 32-bit device driver on a 64-bit operating system. This is because device drivers run in parallel to the operating system. The emulation is done at the operating system level so it is available to the higher layer, the application, but it is not available to the device driver which runs on the same level.
Hardware virtualization is the exception to the rule
Another question many people have is whether a 32-bit system can run 64-bit software. As more people are looking to use 64-bit Windows they are wanting to try it out on their existing systems. So we are getting more questions about whether they can run it on their 32-bit processor or under their 32-bit OS.
Following the general rule, we would expect that you cannot run 64-bit software on a 32-bit system. Except that there is one exception called virtualization.
Virtualization creates a virtual system within the actual system. Virtualization can be achieved in hardware or software but it works best if the virtual machine is created in the system hardware. The guest operating system is not aware that there is a host operating system already running. This is the way that a 64-bit operating system can think that it is running on 64-bit hardware without being aware that there is a 32-bit operating system in the mix.
The table below illustrates the result. Provided that the virtual machine can actually be created and isolated by the host operating system then the host OS is effectively removed from the equation, so I've grayed it out. We can now apply the general rules for a non-virtualized system to the three remaining layers.
Table 2: What is compatible between different parts of a virtualized system
|Guest Operating System||32-bit||32-bit||64-bit||32-bit||64-bit||64-bit|
|Host Operating System||32-bit||32-bit||32-bit||32/64-bit||32/64-bit||32/64-bit|
Before you hurry away to try running 64-bit in a virtual machine, you must check that your computer BIOS supports hardware virtualization. If it does not then hardware virtualization will not work even if the CPU does support it.
Will a 64-bit CPU run a 32-bit program on a 64-bit version of an OS?
Yes it will. 64-bit systems are backward-compatible with their 32-bit counterparts.
Will a 64-bit OS run a 32-bit application on a 64-bit processor?
Yes it will. Again, this is because of backward compatibility.
Can 64-bit applications contain 32-bit code?
Yes, many times 64-bit software will contain portions of 32-bit code.
Similarly 32-bit software (usually very old programs) can have some code in 16-bit which is why those 32-bit applications will usually fail to run properly on a 64-bit OS.
Can 16-bit applications or code run on 64-bit systems?
No, as we said previously. 16-bit code will NOT run on 64-bit OS because the designers did not provide backward-compatibility. This is one reason why some 32-bit programs will not work on 64-bit operating systems.
Can a 64-bit CPU with a 32-bit host OS run a virtual machine (VM) for a 64-bit guest OS?
Yes. It all depends upon the level of virtualization.
With software virtualization it is hardly likely to work, or if it does work it may be very slow.
Hardware virtualization will need to be supported by the CPU (e.g. with Intel-VT or AMD-V) and the BIOS.
Can I run Windows 2000 and Windows XP on a 64-bit CPU, and use old software?
Yes, a 32-bit OS (Windows 2000 or XP) will run on a 64-bit processor.You should also be able to run older 32-bit software on a 64-bit OS.
How do find out if my system is 64-bit?
I recommend that you look at downloading Securable from Gibson Research Corporation (GRC) which will tell you if you have a 64-bit processor with the useful features of hardware DEP and hardware virtualization.
How do I migrate my 32-bit system to 64-bit Windows?
There is no upgrade path from 32-bit to 64-bit Windows only from 64-bit Windows. You will almost certainly have to do a clean install of your 64-bit operating system, copy back your data files, and reinstall your 32-bit applications.
If you want to keep your old install then you can try dual booting or virtualization.
How do I run 32-bit software once I have installed 64-bit Windows?
Windows 7 64-bit provides a 32-bit compatibility mode called WOW32 (Windows 32-bit on Windows 64-bit) that should run most if not all your applications. See How Windows 64-bit supports 32-bit Applications.
If your application won't run under Windows 64-bit then try XP Mode, Windows Virtual PC, or other virtualization solution. Be aware that XP Mode reduces your system security and so it should be used as a last resort.
How can I tell if my application is 32-bit or 64-bit?
There are a number of indicators of the bit type for your program but they are not definitive as you will see if you use guidelines like the following.
- 64-bit programs usually install to your system drive in the folder '\Program Files' and 32-bit to '\Program Files (x86)'
- In Task Manager, 32-bit processes will usually have a suffix of '*32' and 64-bit processes will not.
The reason that these indicators cannot be relied upon relates to the way 64-bit Windows installs software. 64-bit install packages usually install 64-bit applications or a mixture of 32- and 64-bit components but can even install only 32-bit components.
What determines where a component is installed is the registry setting for that component rather than the setting for the install package. Windows also assumes that all components are 32-bit unless told otherwise. This means that a 64-bit component not flagged as 64-bit will install to 32-bit folders and 32-bit registry keys but will execute as 64-bit.
You can, with the necessary knowledge, find the information yourself but there are better solutions:
- Run a system information or audit tool such as Belarc Adviser. Just be aware that most of these types of applications are helpful but not definitive e.g. SIW, MSINFO.
- I recommend running the PowerShell script from Auditing 32-Bit and 64-Bit Applications with PowerShell which will list all installed applications and their bitness. Just remember to run the 64-bit script to get all versions as the 32-bit script will not have access to the 64-bit portions of the registry.
If you want more detail about the modules used by a program then try Dependency Walker, which is also part of Microsoft development tools such as Visual Studio and Visual C++.
As with other software running under 64-bit Windows you will get the best results if you run the 32- or 64-bit version of Dependency Walker that matches the application you want to check. Remember that Windows 64-bit restricts access to the relevant 32-bit or 64-bit portions of the registry.
March 28th, 2011
The battle against malware is a 24 x 7 endeavor. Marketing employs action hero actors depicting various scare tactics to protect you from the evils lurking. Sales people are quick to sell you each and every form of the “New and Improved” virus fighter while they leave out the crucial small print. In the conclusion a myriad of gaseous cloud loopholes are left with confusion and an angry mob that only start’s with finger pointing and pass-the-responsibility accusations.
With just a little bit of up front education things can be better understood by the end-users. Malware is a generalized tem for a variety of malicious software which includes viruses, rootkits, Trojans, worms, bots, adware and other forms of software that are more or less undesirable applications that rarely are beneficial on a users computer. In the last four to five years the designers of malware have become a lot more malicious and devious as to how they can deceive and trick you into accepting or placing malware on your system. From there it becomes like a magnet for more malware.
Most users are under the impression that all they need to do is install an antivirus program and they are safe for the life of the computer. To start off with most antivirus programs are only 90 to 98 percent effective. On top of this some companies come out with several new virus definitions daily. What that means is that several times a day they come out with new code to detect various strains, changes or variations of malware. I’ve seen on systems where just updating the month old definitions, find and quarantine over 28 new infections. So that antivirus you bought 4 years ago and keeps giving you an error and you just click it to have it get out of your way because you’re in a hurry to get to a website of your favorite social site. That should be your first clue that it’s already too late.
A user does NOT need to go to a porn site these days to become infected with over 4,000 forms of malware. One way to hypothetically post a billboard and an invitation to malware is the improper use of BitTorrent and Peer-to-Peer Software (P2P). Please note that the use of peer-to-peer file sharing programs will inevitably result in infection. The security system cannot protect the computer from malicious files that the user voluntarily downloads from unknown sources. The security system requires the cooperation of the computer user to function effectively.
To guard against malware and maintain a healthy machine involves a proactive and participating part in the user and this starts with downloading and verifying the latest definitions at least weekly and running a full or comprehensive system scan weekly.
I will continue to add more to this column, ways to improve and educate on the ways of preventing malware.
February 24th, 2011
Today I began what I hope will be the beginning of a very successful IT certification discussion group with where I am employed, expressing this.
This is a discussion group for anyone who has/is/or will be achieving a professional technical certification. Topics as to which certifications are viewed as popular, beneficial, good to learn, and which ones really matter. Maybe even, with permission, an area to pass along old books to new students. In an always evolving arena of new products and changes, having a good arsenal of skills is rarely a negative thing.
February 19th, 2011
Definitions of commonly used Malware terms (adapted from Wikipedia articles):
Adware: software with advertising functions integrated into or bundled with a program.
Antivirus: software that attempts to identify, neutralize or eliminate malicious software.
Backdoor: a hidden method for bypassing normal computer authentication systems.
Downloader: software that downloads and runs another software, usually a Malware.
Dropper: software that installs a Malware without being infectious itself.
Malware: any malicious software, eg: viruses, trojan horses, worms, etc.
Rootkit: a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows terms “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers.
SPAM: unsolicited junk e-mail.
Spamtrap: an e-mail address that is created not for communication, but rather to lure spam. In order to prevent legitimate email from being invited, the e-mail address will typically only be published in a location hidden from view such that an automated e-mail address harvester (used by spammers) can find the email address, but no sender would be encouraged to send messages to the email address for any legitimate purpose.
Spyware: software that is installed surreptitiously on a computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent.
Trojan: software which appears to perform a certain action but in fact performs another. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be acutely malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs.
Virus: computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term “virus” is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.
Worm: malicious programs that copy themselves from system to system, rather than infiltrating legitimate files.
Update 4-28-11: I plan to include a list of familiar names to go with the definition type in the near future as some malware names are not easily distinguishable