Contest Submission

Life's been pretty busy lately with interviews, homework, still trying to pass 70-291 plus learn 70-350. There's also a special lady in my life now, but i'm sure she'll make it into future blogs.

So I was watching this weeks episode of Hak5 and I had almost forgotten that there was a contest on mapping your home LAN, so I hurried to my visio console and threw together the computer doctors home map and submitted it. It would be cool to win, but even if I don't, it was fun to make. To see my submission and all the others, check out the user submission page.

Taking Time Out

So as most of you know I've been studying for my 70-291 like crazy lately. So to blow off some steam, I took a day off just to play with the boys. I also gave Drake his first big boy haircut. Hope you enjoy a few moments of fun with my boys and remember to take time off to enjoy your summer as well.

IPSEC Request, Reply or Require

In this video I explore the different policies in IPSEC; Request, Reply or Require. The video shows some common servers and clients with these policies (or lack thereof) in effect and how they relate to eachother.



While this isn't the first instructional video I've produced, it is the very first video I've ever put into a blog, so please forgive the few mishaps towards the end of the video, and as always I hope you enjoy.

How VPN Access Works

Maybe you're a telecommuter or an offsite salesperson or a manager that was roped into taking your work home with you and your company set you up with VPN access. All you know is that you log in with an icon and punch in your key number, swipe your card or verify a certificate... but what happens behind the scene to make this work???

VPN or Virtual Private Network isn't much of a mystery at all. It is a series of hoops to jump through to let the companies network know that you are supposed to be there and it's ok to let you in.

For this example (refer to picture at the bottom) I have set a RAP rule (remote access policy) illustrated by security guards, in honor of my youngest brother, with 4 questions... lets go through this step by step.

1. User "dials in"
2. Rule number 1 asks "is it between 6am and 6pm?" lets assume it's is... go to the next rule
3. Rule number 2 asks "are you a member of our ADUC (active directory)?" lets again assume yes... go to the next rule
4. Rule number 3 asks "are you authorized for dial-in / vpn access?" lets again assume yes... go to the next rule (NOTE: many times this question becomes a stumbling block because the system admin or other IT personnel forgot to check the dial-in access in the users active directory profile)
5. Rule number 4 asks "are you using the right security protocol?" (ie. MS-ChapV1 or EAP ect.) lets assume yes again... access is granted!!!

If at any time one or more of those questions are answered with a no, the user is denied access and should call their local helpdesk for help troubleshooting their access denial.

Hopefully this article was an interesting primer on VPN Access. RAP rules are as various as Group Policies in Active Directory but also just as easy to implement.

If you are interested in different security protocols or any other item touched in this article please let me know in the comments and I may write a follow up article.

How we resolve websites through the use of DNS

Ever wonder how when you type in http://www.google.com/ you end up going to a site with an IP address of 209.85.171.100 (or something similar) ? I never type in an IP address to get to a website, do you? So how does information flow through the system of tubes to get to you? (the internet was never a system of tubes of course http://en.wikipedia.org/wiki/Series_of_tubes) The answer lies in an ingenious system of lookups in the DNS process or Domain Name Service. I'll go through the steps for you so you can get a better grasp of what is going on durring the few seconds from when we press enter and your desired webpage pops up.



For this example we are useing http://www.google.com/ which is broken up as www(web server).google(secondary level domain).com(top level domain).(root level domain)

1. The user types http://www.google.com/ into their favorite browser and presses enter


2. The PC initiates a recursive query to their corprate, home, or ISP DNS server.


3. The DNS server looks at their root hints to find the root zone server and does the first interitive query to it


4. The root zone server sends the information about which top level domain server should be contacted next


5. The DNS server does it's next interitive query to the top level domain server


6. The top level domain server sends information about which second level domain server should be contacted next


7. The DNS sever does it's next interitive query to the second level domain server


8. The second level domain server sends informaiton about where it's web server is located


9. The DNS does it's last interitive query to the web server


10. The web server sends it's IP address to the DNS server


11. The DNS server closes the recursive query after giving the web server IP to the PC


12. The PC goes directly to the web server in question using the direct IP address

Hopefully this article was interesting, but to find out more about DNS servers, zones and lookups feel free to google or if you have a specific question or scenario feel free to leave a comment and I will try to answer you as soon as possible.

Pulling Rabbits Out Of Hats

It's getting to the point in class where most of us are in multiple interviews each week now and we're getting job offers and in some cases counter offers and soon most of us will be employed in our first IT jobs. I would like to feature stories about troubleshooting victories or as I like to call it, pulling the rabbit out of the hat (please refrain from any stories involving pulling hats out of rabbits) where you can send in your story about a difficult problem, what you did to troubleshoot, what failed, what was successful, how did you come up with your final solution, ect.

I'll start with a semi-common desktop problem that is mal-ware related. I had a customer who could no longer see her desktop icons, start button, taskbar, or anything other than her wallpaper picture. I immediately assumed it to be a virus problem even though she said that she had anti-virus and it was up to date. (remember assume makes and ass out of u and me)

• So the first thing I did was CTRL+ALT+DEL to bring up the task manager and run a new program. From the run line I entered the http for the avast antivirus program and downloaded it and had it do a full computer scan which took about 45 minutes and I came up with nothing noteworthy ruling out a virus.


• The second thing I did was CTRL+ALT+DEL to run the http for the SuperAntispyware download to look for other malware, rootkit, ect. and after it did it's full system scan that took about 1 hour I came up with a handful of cookies, but nothing noteworthy again. Now I'm frustrated because I have 1:45 invested with no results.


• So I do what every good IT professional should do. www.google.com thats right, you heard it here, google it. Somewhere out there, there is someone smarter than you, thats had the same problem as you, and wants the world to know how smart they really are. I found someone who said that if you run explorer.exe in this situation that it will re-fire explorer and everything will be back to normal, so I tried it and got the error that windows could not find explorer.exe.


• I went to the command line (cmd) and clearly saw that explorer.exe was right where it was supposed to be so I took an educated guess, went to regedit, found the key for explorer and changed the name to explorer.bak, re-ran explorer.exe and presto-chango-rearrango, windows did it's thing when there is no registry for explorer and it made a new one and everything came back.


• I learned that the customer already had AVG which found the virus and removed it, but not before the damage was done to the registry.

So to summerize boys and girls

1. never assume


2. have your tools ready


3. bring your laptop to do research


4. learn how to effectively use google including boolean string searches


5. never let them see you sweat


6. don't forget to pat yourself on the back when you finally have that rabbit out of the hat

Feel free to send you stories in on the comment line (use more than one comment if you need and I'll string them together in upcoming articles)