The lengths I will go to for my job and my hobby.

I forget who is attributed with the original phrase... something along the lines of "those who can combine their vocation with their avocation are truly blessed". I think "blessed" was a typo, they probably meant "cursed".

Here's my story...

Last night, Tod and I went to a small LAN party. For those who are interested, Serious Sam 2 is just aweshum for deathmatch. The level with the santa claus dropping presents around the little alpine town was just insanely fun for the four of us. The gathering wrapped up at about 3am as usual. We packed up and headed out, I dropped Tod off at his house and was on my way home at about 4am.

I just happened to have the radio on and was listening to a news/talk station. The ABC news report was on, and they reported a security hole in some server product. "Big deal," I thought, "that stuff happens all the time," but then they said the name of the product: Black Ice Defender. Uh-oh, Black Ice is the only thing currently protecting one of my company's critical web servers.

I scramble into the house (suddenly a lot more awake for some reason) and inform my wife that I won't be climbing into bed just yet. She recommends that I use her laptop to check the bulletin rather than trying to hook my computer back up, bless her heart. Sure enough, this report describes a buffer overrun bug which contains the four most fearsome words in a network administrator's vocabulary: "execution of arbitrary code".

Of course the day of/after a security bulletin is usually when the script kiddies do most of their hack attempts on new exploits, so there was no time to lose. Instead of climbing into a warm bed after an all-night LAN party, I had to drive 20 minutes in to my office to go patch our web server.

I fully expected to arrive to discover a hacked web server, but it seemed all was well. I patched the server and was back in bed by 6am. Even managed to sleep until noon or so, despite being awakened intermittently by my neighbor's chainsaw.

Jeez Tony! Close call. I hope your boss recognises this extra effort. I suppose he/she might say "it's your job" but do they drive in to work when they suddenly remember a point to put in the annual report?
At least you have a very understanding wife.

maybe you were 'meant' to hear that news item at that time?

My only question is this:

Why were you listening to the radio? You've got an empeg!

just as well he was!

Chuckle... We usually have our LAN parties AT work. And play a LOT of Starcraft, Total Annihilation, and that ilk. The only first-person shooter we play now is return to Castle Wolfenstein. (Kicks ASS btw)

What is a LAN party?

Hehe... Basically a sausage party where everyone brings their computer and plays network games for like 16 hours straight... Or were you kidding..... ;8^)

Networked empeg's with everybody hijacking....

Nah, not our Tony.

For those who are interested, Serious Sam 2 is just aweshum for deathmatch.

Grr, it's not in stores here yet, so our LAN party today ended up consisting of Counter Strike, Medal of Honor, and a bit of DAoC.

I had to drive 20 minutes in to my office to go patch our web server.

Remote managment solutions are your friend...

Networked empeg's with everybody hijacking....

No, not necessary. Of the people we usually play LAN deathmatch with, only Tod and I have empegs. And we both keep our MP3s on our PC's hard disks, so if we want to share music, we can do it without involving the empegs (and at 100 megabit, too).

The empeg does happen to be great for providing background music for LAN parties, though.

Remote managment solutions are your friend...

I knew someone would say that.

I do use remote management software on all of my other servers. However, I am painfully aware of the fact that most remote-management packages have security holes of their own, sometimes the holes are big enough to drive a truck through.

One of my basic tenets of security protection is to deliberately reduce the number of services on a given box to the bare minimum. Disable everything that isn't explicitly needed. You should see the bootup event log on this server, there's a bunch of internal Windows services that refuse to run because of some of the Windows 2000 bloat that I've deactivated.

This particular server is the only publicly-exposed web server on our premises, and as such, gets extra-special treatment with regard to security. So, no remote management packages.

One of my basic tenets of security protection is to deliberately reduce the number of services on a given box to the bare minimum. Disable everything that isn't explicitly needed

I'd argue that remote management is an explicit basic minimum requirement to keep a server secure.

I wouldn't trust windows type products like PC Anywhere, given past security holes. But any SSH v2 based product is a pretty safe bet.

But any SSH v2 based product is a pretty safe bet.

Or (and especially *and*) physical security like access via modem with hardcoded single call-back number.

Yep, for security reasons, hardware is definitly the way to go. The "Remote" link in my last post points to a hardware based bord that has a graphical remote control java applet built into it, and it has had no security holes that I am aware of. Dell also offers a similar hardware based card, though I have never worked with them. From a quick glance, it looks like they require extra software to be ran somewhere to access them, and no PDA access exists for them.

If that much remote control is not needed, the BIOS on most of the servers I work with supports a modem or serial link, and the callback feature bonzi talks about. Though it's text mode only, so most would be out of luck for routine maintaince under GUI based OS's. (It's also the reason newer servers in the pipeline have an integrated version of the above discussed card.)

I love the fact that you can't make Windows boot up cleanly without enabling almost every single one of its features. [evil grin] How do you know when something actually goes wrong on boot? Do you have some sort of utility that strips out all of the ``standard'' errors?

I just know which ones to ignore when I look at the event log.

For the record, the Windows event log is (in general) a mess. I would be happy if I could configure windows to simply never record certain events, but I can't.

This article explains every service in WinXP and what can be disabled or set to manual. After following this it significantly reduced my boot time and got rid of all of those annoying background processes like indexing.

Tom

Thanks. Someday, when I'm dragged kicking and screaming to XP, I'll need that link.