Alternative sensors to aid intrusion detection

Lenny Zeltser wrote a few days ago, on the ISC handlers diary, about alternative sensors to aid intrusion detection on mobile devices, based on research by Grant Jacoby. Without wanting to ruin the content of the article (and it is worth at least a quick read over), it certainly made me think about just what could also be used in small-medium scale deployments and infrastructures; the number of physical entry attempts to a shared remote site/rack, for instance.

Group policy "Restricted Groups"

Restricted Groups is a part of the GPO Computer configuration tree that I've not ever used until today, primarily because I'd never looked into what it does exactly, and partially because it has a misleading name (in my mind) and I assumed that it did something else.

What this feature allows you to do is configure member ship of groups within Active Directory or in the local groups of domain computers. It's also available in the local security policy (naturally), so you can also use it on a standalone machine (although I'd imagine that in this situation it would be rather less useful).

Why do I now consider this setting important? Because it allows you to setup a GPO for an OU to allow users to be a member of a given local group, such as the Remote Desktop Users, for instance. This first example is useful to me as I didn't want users to be a member of the AD Remote Desktop Users group and have RDP access all over the network by default. This allows me to add a group of users to the local RDU group, and now setup a Terminal Server entirely automatically once it's been added to the correct OU.

The second example is forcing membership to the local administrators group. This is useful in stopping fiddlers (who "require" local administrator rights on laptops) from removing Domain Admins, or other groups and users, from the local admin group. Whilst I've only ever been locked out of a user's laptop once because of this, I'd rather not go through that again.

Another benefit of using the setting is that it will automatically remove any local user accounts that should not be a member of the local admins group. I'm sure you can imagine why this is useful!

Revisiting virtual worlds

It's no secret that I enjoy PC gaming, and several MMOs are part of this. However, keeping more than one on the go is pretty difficult as anyone will tell you, which is why I tend to only play one at once. This week I decided to go back to 2 worlds that I've barely stepped foot in for over a year; Second Life and EVE: Online.

I'll start with Second Life, for the good of my health. I never "got" it to start off with, so I was a little apprehensive of going back. Sadly it seems that things have not changed. It's still laggy, filled with people buying cocks, nipples and sexual movements. I was unable to find anywhere of reasonable non-mature locations, except for the zones owned by Sun, IBM, Microsoft, etc. which were in-fact pretty much abandoned.

I like the idea behind Second Life; the idea that you can do whatever you want and build whatever you want is something I thought would be awesome in the early 2000's, yet it just doesn't seem to have really carried off well. Perhaps the total lack of an end goal has caused this.

EVE: Online, on the other hand, was my first proper MMO; which is almost always the one you fall in love with. I love the fact that it's in space, I love that it's huge, I love that it's unsharded and I love that you almost always come across other people in both popular and "unpopular" areas. There's also the part of me that wishes I were in the future and that I could be that hard captain just trying to get by without submitting to a Corporation. I also believe that humanity should be exploring the stars more than we are now. There was an article a few weeks ago about a one way, solo trip to Mars - I'd seriously do that in a heart beat provided I had some sort of network connection back to home, which was stable. However, that's another discussion, so lets get back on topic.

There's no denying that EVE is bite-the-back-of-your-hand gorgeous. It was gorgeous in 2002-2003 when I was playing the final set of betas on a crappy Radeon 7200 or Geforce 4200Ti, it was improved up on by 2005. It's even more so now, with the improved hardware and time that they've clearly put into the game from GUI to environment to ships, as well as getting it to run on the major 3 platforms (Windows, Linux and Mac OSX) in some way, shape or form.

Yet despite this I just don't seem to be getting the same satisfaction. Maybe it's purely because it's now nearly been 2 whole years since I last played and that it's going to simply take more time to get back into it, because, lets face facts, it's a little more complex than WoW or TF2. But, some how I'm left wondering. I've got a month of game time, which I'm going to use to try and get back into stuff, so I'll soon see.

Sadly there are a few things about EVE that have not changed. Perhaps it was simply my timing (I rejoined as a new patch was deployed), but the lag in certain systems still exists, along with chat lag and a proliferation of gankers in certain systems. You can see that CCP have really tried to improve things, but it just looks like they've succeeded in moving the issue from one location to other; in the time I've been away you can see that old choke points are now simply a few jumps out.

As part of my reorientation I jumped in a shuttle (the smallest, fastest ship (by default)) to do some sightseeing. I hit the usual points including EVE Gate, City of God, several of the ruins, and so on. In doing so I was surprised to see that certain marks I've left on the universe are still there, including an anchored Sec-Can at EVE gate, which is still pretty far out.

This really made me appreciate what a battle CCP really have, and just how difficult maintaining their infrastructure must be. I really do have a renewed, great respect for this company.

MS Windows Server 2008 & multiple RDP connections per user

At work it's sometimes useful to allow multiple connections to a server, from the same user account, so that we can get more done at once, or to help out each other.

By default on Windows 2008 server you can't do this. Simple fix: Start up gpedit.msc, go to Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections\, find "Restrict each user to a single session" and disable. If you're on a domain and want to apply it to multiple machines, you obviously need to make it a domain policy.

Bullshit back story applied, just for Chris!
P.S. I win.