Ok. I know it's been a while since I've updated. Lots of little projects going on and such. It's sometimes hard for me to get out here and update, when there's so many other things going on. I'll attempt to rectify that by doing some journaling, as I remember to do that. Shooting for daily, we'll see what happens.
Today, further issues with Veritas, admin passwords, and being Unix in a Windows world.
Veritas BackupExec: Damn good backup software, but not without it's issues, as with all programs. The current issue? Intelligent Disaster Recovery created one ISO boot CD image for me, to recover the main database server, but it refuses to create another one, for any other servers. I've tried several different variations on the process to see if I could isolate any part of the creation that would be causing this, to no avail. I then tried making boot floppies instead of doing an ISO image, but that didn't change the problem. It just made it happen. Really. Slowly. The Veritas tech asked me if I could recreate the problem on another server, as they can't seem to recreate it in their lab. I can, but it's going to be a while before I'll have a server free to do that. This is probably going to get put into limbo for a while, since it's a pretty low priority issue.
I'm going through a yearly security remediation project, and part of it is changing all the admin usernames and passwords on the servers. For this, I use the one and only (ok, maybe not) SecurityStorm's Secure|Password 2002. I didn't link them, since it appears they've now turned into a search engine/marketing machine. Pity. The password generator is a nice little program. It can generate a string of just about any length, using any mix or all of uppercase, lowercase, numeric, special, and extended characters. It also has a check function that can tell you how secure your passwords are, and how long it would take to crack them by brute force. The way I use it, I generate random 8 character strings of upper and lower case for the admin usernames, and then 14 character strings of upper, lower, numeric and special characters for the passwords. The combo usually comes out to something like 'quFNWgyT' for a username and 'H6aq#Sloo$xNQ?' for a password. If someone can get that, then fine. The server's yours. All the local machine passwords and domain-level admin accounts are set this way. One year later, we change them again. Fun.
Those who know me, know that I'm into the command line. The GUI interface is OK, and all that. I prefer the speed and utility of the command line any day of the week. SO it was with great pleasure a couple years back that I installed SSH on all the servers and handed out clients to the admins. I'm using them now to install security updates on the servers one by one. It's the open SSH client that runs over Cygwin. I've tried installing the entire cygwin package on the old NT servers before, but not in any configuration that ever worked right. There are times I wish I still had it on there, but the overhead and associated annoyance costs keep it out of there. Every once in a while I'll type a unix command at the windows command prompt, and remind myself I'd rather be using another OS. Still, with SSH and a couple other utilities, not to mention a healthy knowledge of the windows command line, I do OK.
That's it for now. More later.
-D.
No comments:
Post a Comment