URL block List for a China Company

1.  Introduction

To protect company network from malware, worm, virus, spam, etc in suspected malicious web sites, we need to define an URL block list (in next section), and setup to restrict those URLs in our network Firewall. This post will list out those suspected URLs, and we will submit this document to management review and approve.

2. URL Block List

2.1 Sports

2.1.1      General Suspected URL:

 

2.1.2 China Suspected URL:

http://sports.sina.com.cn/

http://sports.sohu.com/

http://sports.ifeng.com/

http://sports.163.com/

http://sports.qq.com/

http://sports.cntv.cn/

http://sports.pptv.com/

http://sports.youku.com/

http://sports.letv.com/

http://china.nba.com/

http://www.xinhuanet.com/sports/

 

  • Streaming Video:
    • General Suspected URL:

 

  • China Suspected URL:

http://player.baidu.com/yingyin.html

http://www.iqiyi.com/

http://tv.sohu.com/

http://www.tv189.com/

http://www.baofeng.com/

http://www.youku.com/

http://cbox.cntv.cn/

http://www.ku6.com/client_ku6speed/

http://tudouva.softonic.cn/

http://y.qq.com/player/

http://www.fun.tv/

http://www.kugou.com/

http://www.ppxyy.com/

http://www.kankan.com/

http://v.baidu.com/

http://www.uusee.com/

http://www.56.com/

http://www.pptv.com/

http://dl.xunlei.com/

http://v.qq.com/download.html

http://www.p2psearchers.com/

http://www.lmtw.com/

 

  • Social Media
    • General Suspected URL:

 

  • China Suspected URL:

http://wangwang.1688.com/

http://skype.gmw.cn/

http://popo.163.com/

https://messenger.yahoo.com/web/

http://cn.msn.com/

http://www.qq.com/

http://uc.sina.com.cn/

http://feixin.10086.cn/

http://webim.feixin.10086.cn/

http://im.baidu.com/

http://cc.163.com/

http://www.alicall.com/

http://www.gtalk.com.cn/

 

  • Software downloads
    • General Suspected URL:

 

 

  • China Suspected URL:

http://raysource.softonic.cn/

http://www.115.com/

http://xf.qq.com/

http://www.flashget.com/cn/

http://dl.xunlei.com/

 

  • P2P sharing
    • General Suspected URL:

 

  • China Suspected URL:

http://www.emule.org.cn/

http://soft.p2psearcher.org/

http://dl.xunlei.com/

http://www.bttiantang.com/

http://www.poco.cn/

http://www.btchina.net/
http://www.verycd.com/
http://www.btpig.com/
http://www.3e-online.com/
http://www.bbsmovie.com/
http://www.21ou.com/

http://www.jlpzj.com/
http://www.dream2008.cn/
http://www.cnxp.com/
http://www.btbbt.com/

 

 

  • Torrents
    • General Suspected URL:

 

  • China Suspected URL:

http://www.mininova.org/

http://thepiratebay.org/
http://isohunt.com/
http://torrentz.com/
http://btjunkie.org/
http://torrentportal.com/
http://www.gamestorrents.com/
http://www.torrentreactor.net/
http://www.sumotorrent.com/
http://www.seedpeer.com/

 

Reference Sites:

http://urlblacklist.com/?sec=download

http://www.squidguard.org/blacklists.html

http://www.business-in-site.com/webmaster-articles/huge-list-of-156-video-streaming-sites/

http://www.blogsdna.com/923/top-20-best-peer-2-peer-p2p-file-sharing-programs-applications-software.htm

https://torrentfreak.com/top-10-largest-file-sharing-sites-110828/

Open Source IT Configuration Management Tools

Open source configuration management tools make managing servers at scale easier, less time-consuming and more repeatable.

Configuration management tools provide automation, cloud orchestration, and remote management and execution that give IT greater control over its entire infrastructure. Beyond standardizing configuration on servers, the tools can install and maintain packages, upgrade or deploy new servers and manage a cloud infrastructure.

Without configuration management tools, IT administrators would manually deploy each VM needed in an OpenStack, Amazon Web Services, VMware ESXi or other environment. Instead of logging into each server to manually patch it, a systems administrator can remotely patch thousands of servers at the same time. The same goes for removing a user from servers.

“All of your server configuration is going to stay the same and consistent across your environment,” said Nitin Madhok, a systems developer and programmer on the infrastructure code team at Clemson University. “So, if you installed an application on one server, you could install that application on a dev, production, test or whatever environment it is in the same way, following the same steps.”

Companies can immediately fix security vulnerabilities such as Heartbleed on thousands of user-facing servers in under five minutes. LinkedIn manages more than 70,000 servers and can make a change on all of them in under a minute.

Chef, Puppet, Ansible and Salt are four major open source configuration management tools – each with distinct differences. Puppet and Chef are coded in Ruby, a less commonly known programming language among IT professionals. Salt and Ansible use the more common language, Python, and users only have to be familiar with YAML (yet another markup language) to operate them. Salt and Chef also use ZeroMQ protocol, which allows users to create complex communication systems with little effort.

Salt and Puppet use a daemon approach and must be installed on every server. This allows for a master-slave control architecture. Chef and Ansible are daemonless, so no software takes up resources on the VM to manage it. The open source tools do require open Port 22 on each VM, which could leave servers vulnerable to attack. Salt also has a Secure Socket Shell tool, called Salt SSH, which allows the user to configure it similarly to Ansible. Each of these open source configuration management tools also come in supported, purchased enterprise versions that offer additional modules or features.

 

Information Source: http://searchitoperations.techtarget.com/photostory/450299435/Modern-open-source-systems-management/4/Open-source-configuration-management-tools-offer-ease-at-scale

Open Source IT Asset Management Software

Recently, I browsed a useful web blog about IT management, called “Capterra IT Management Blog” from link –> http://blog.capterra.com/the-top-3-free-and-open-source-itam-software-solutions/ . It listed out three open source IT asset management software. They are useful, so I copy and share in it for your reference.

SysAid IT Asset Management

it1

This free IT asset management solution has been around since 2002 and is available for both cloud and on-premise (Windows and Linux)

Pros

With SysAid’s asset management solution, users have access to all the standard features of licensed ITAM software, including the ability to view all software and hardware, as well as the manufacturer details of computers, printers, and other networked devices. Other benefits include automatic notifications of asset changes and the ability to create management reports.

SysAid’s IT Asset Management edition also offers a free, fully functioning IT Service Desk with ITSM capabilities for those interested.

This solution supports up to two administrators, 100 assets, and 100 end users, with an international online community for support.

Cons

Some reviews noted a lacking user-interface that may run too slow for some.

Asset Management System

it2

This ITAM free and open source option is written in PHP and has been downloaded 77 times since its creation in early 2013.

Pros

This ITAM software solution offers a streamlined user experience with a dynamic dashboard for users to search through, add, update, and delete vendor details or categories. Users occupy two roles (lab operator and administrator), where they can add, update, delete stocks and assign any hardware or software to labs. Assets can also be assigned to others users for delegation.

This option is available for both Windows and Linux.

Cons

The last time Asset Management Software was updated was back in 2013 and there isn’t an active support community posting tickets or patches to improve potential flaws.

GLPI

it3

This free IT and asset management software uses a variety of languages, developed using PHP, and uses MySQL/MariaDB for the database, HTML for the Web pages, CSS for style sheets, and XML for report generation. In 2011, 1.2 million computers reported using this solution.

Pros

GLPI includes more than just a management system, also offering a service desk ITIL, license tracking, and software auditing. Through its asset management feature, users can collect an inventory of computers, printers, and other networked devices, as well as track equipment bookings, check equipment status, and manage contracts and documents related to inventory. GLPI can also generate reports for hardware, software, and networked items.

GLPI is also a multilingual solution, with more than 45 operating languages available.

Cons

Some reviews have noted installation difficulties, though users can also find support through the software’s forum.

网络安全稽核工作(Network Security Auditing Work)

安全稽核工作

1.定期对公司系统软件进行渗透测试模拟攻击,及时发现系统安全漏洞,反馈给相关部门
2.利用自主开发的epa软件时行网络监控,对网络违规行为及时制止(如:私自安装与工作无关聊天软件等)
3.对外发邮件进行稽核,特别是外发apk是否含有公司机密文件
4.物理环境稽核,如:私自搭建wifi,各种网络设备规范连接等
5.权限与安全意识稽核,如:账号权限与使用,违规操作等
6.撰写公司各种安全条例规范及安全策略

网络维护,日常管理,调查安全事件,支持及参与公司系统开发,维护及应用;对系统/程序进行测试,以确保整体系统的高品质运作;支持系统的实施及支援;统整有关系统文档

Conduct a Range of ip Network Address Ping using Python

Intoduction

I would like to conduct a range of ip network address ping using python 3.5 script. It is easy. I will show you the python script and its screen dump result as below.

Python program script

# network ping program run for python3
# Import modules
import subprocess
import ipaddress

# Prompt the user to input a network address
net_addr = input(“Enter a network address in CIDR format(ex.192.168.1.0/24): “)

# Create the network
ip_net = ipaddress.ip_network(net_addr)

# Get all hosts on that network
all_hosts = list(ip_net.hosts())

# Configure subprocess to hide the console window
info = subprocess.STARTUPINFO()
info.dwFlags |= subprocess.STARTF_USESHOWWINDOW
info.wShowWindow = subprocess.SW_HIDE

# For each IP address in the subnet,
# run the ping command with subprocess.popen interface
for i in range(len(all_hosts)):
    output = subprocess.Popen([‘ping’, ‘-n’, ‘1’, ‘-w’, ‘500’, str(all_hosts[i])], stdout=subprocess.PIPE, startupinfo=info).communicate()[0]
    
    if “Destination host unreachable” in output.decode(‘utf-8′):
        print(str(all_hosts[i]), “is Offline”)
    elif “Request timed out” in output.decode(‘utf-8′):
        print(str(all_hosts[i]), “is Offline”)
    else:
        print(str(all_hosts[i]), “is Online”)

Screen dump result as below:

network-ping

"OWASP" 是什么?

OWASP is a (开放Web 应用安全项目组-OpenWebApplicationSecurityProject) 每隔数年会更新10个最关键的Web应用安全问题清单,即OWASPTOP10。

2013年OWASP TOP 10版本在2010年版本中新添加了一类风险,以涵盖更普遍、更重要的安全漏洞;并基于最新的流行程度数据,对一些风险重新排序。另外,该版本通过一类特定风险而引入了“组件安全”风险,并移除了2010年版中的A6“安全配置错误”风险。

OWASP

Title 21 CFR Part 11 Requirement

Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration(FDA) regulations on electronic records and electronic signatures (ERES). Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).

Practically speaking, Part 11 applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions. It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. [1]

The rule also applies to submissions made to the FDA in electronic format (e.g., a New Drug Application) but not to paper submissions by electronic methods (i.e., faxes). It specifically does not require the 21CFR11 requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP and similar requirements must meet these requirements.

As of 2007, broad sections of the regulation have been challenged as excessive[who?], and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced.[citation needed] The “predicate rules” that required organizations to keep records the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.

If a regulated firm keeps “hard copies” of all required records, those paper documents can be considered the authoritative document for regulatory purposes, and the computer system is not in scope for electronic records requirements—though systems that control processes subject to predicate rules still require validation.[citation needed] Firms should be careful to make a claim that “hard copies” of required records are authoritative document. For the “hard copy” produced from electronic source to be the authoritative document, the “hard copy” must be a complete and accurate copy of the electronic source. The manufacturer must use the hard copy (rather than electronic versions stored in the system) of the records for regulated activities. The current technical architecture of computer systems increasingly makes the burden of proof for the complete and accurate copy requirement extremely high.[2]

Information Source: https://en.wikipedia.org/wiki/Title_21_CFR_Part_11

Video Conference Device Comparsion between Polycom Vs Tandberg

Bandwidth Optimization – Polycom can send 720HD at lower speeds but Tandberg can send more than CIF\4CIF\720\1080, which I’ll take that over the lower HD speeds any day.
Central Admin – Tandbery is great for admin (if you have several hundred end-point, you definitely choose Tandbery. Polycom was beta and their provisioning wasn’t ready yet.
End User Usability – This is real close and I give favor to Polycom.
Reliability/Maintenance – I once had some one tell me Polycom is like Mircosoft and Tandberg is like Cisco. Polycom looks good but has bugs while Tandberg might not be as flashy but is rock solid. I’d pick Tandberg.
Cost – if you could compare apples to apples they’d be close but looking at just the bottom line Polycom is the winner.

Conclusion: If you have only a few connection VC points and have a loose network control (e.g. not using Cisco device), I suggest to use Polycom because it is easy to setup. For company with many VC end-points (say > 50), I will prefer to choose Tandberg which is more security and easy to manage.

Network Monitoring Software Review

Networks are becoming critical components of business success – irrespective of
whether you are small or BIG. When network fails, customers and employees cannot
communicate, employees cannot access critical information or use basic print or email
services, resulting in productivity loss and revenue loss. Network monitoring software
tools reduce network outages and allow businesses to operate more fluently, cut costs,
and prevent revenue loss. And for those who are small and are not allowed to think of a
budget for network monitoring software, a better alternative is to start with open source
and freeware network monitoring software that reduce the time and money spent on
network administration and management. This paper talks about the top freeware and
open source network monitoring software available today.

Network-Monitoring-Software