ITIL certification

Took the three (3) day crash course ITIL training. Then took the test, I barely passed. Another trainee also passed, I put our two scores here, to show how difficult the test is.   I had to do significant studying on top of the three day class.  . . I am not a great test taker, so that is me.

itil_pass

microsoft windows powershell

Automating changes with powershell is your goal.   You should be able to do this on local and cloud datacenters, like azure.  Azure is something you are studying right?  Taking the azure test 70-533?  Read here for azure test guide:

https://docs.google.com/document/d/1kt7drQtvMHk8nmgHj94lZLPWglT78hKrwvpFcqMTmEU/edit?usp=sharing

You should be able to run powershell commands locally and remotely.  You will need to master access control to do this well.  Administrator rights and UAC will put hurdles in your plan (or is that painful pitfalls?).  Using batch files to launch PS files will help.

Use “Invoke-Command” powershell cmd to run powershell commands on remote computers (like ones in azure).

Need to change network settings?   There are commands to change ip address in powershell, often interface index is needed.  The interface index is often difficult to validate.  For example, msinfo32.exe will show different network interface indexes than other windows commands!   I find this frustrating.  Netshell (netsh.exe) maybe more reliable way to change ip address settings on NICs. Interfacealias is availabe via get-netipinterface command.  Example:

PS C:\Windows\system32> Get-NetIPInterface
ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
——- ————–                  ————- ———— ————— —-     ————— ———–
21      Local Area Connection* 12       IPv6                  1500               5 Disabled Disconnected    ActiveStore
19      Ethernet 2                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
14      isatap.home                     IPv6                  1280              50 Disabled Disconnected    ActiveStore
20      Wi-Fi 2                         IPv6                  1500              25 Enabled  Connected       ActiveStore
1       Loopback Pseudo-Interface 1     IPv6            4294967295              50 Disabled Connected       ActiveStore
21      Local Area Connection* 12       IPv4                  1500               5 Enabled  Disconnected    ActiveStore
19      Ethernet 2                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
20      Wi-Fi 2                         IPv4                  1500              25 Enabled  Connected       ActiveStore
1       Loopback Pseudo-Interface 1     IPv4            4294967295              50 Disabled Connected       ActiveStore

With this, we see ifIndex 20 = our wireless.  To change dns settings only for wireless,  at powershell prompt type:

Set-DnsClientServerAddress -InterfaceIndex 20 -ServerAddresses “8.8.8.8”

How do you set back to normal DHCP provided dns?  Use reset command:

Set-DnsClientServerAddress -InterfaceIndex 20 -ResetServerAddresses

How do you set the IP address with powershell, once you have the interface index?

Use this command:

New-NetIPAddress -InterfaceIndex 2 -IPAddress 200.100.10.1 -PrefixLength 24 -DefaultGateway 200.100.10.10

Interface indexes are not all the same. For example, msinfo32.exe will give a different interface index than “Get-NetIPInterface”

Copyright 2016 Rod Deluhery

azure and windows on-site

Need azure?  Need identity for your apps?  Microsoft is working on getting apps to work with your users identities.  And connection, latency?  They have that covered, with ExpressRoute.  A point – point layer 3 connection from your servers to Azure.

https://azure.microsoft.com/en-us/documentation/articles/expressroute-howto-circuit-classic/

Get a list of providers:

PS C:\Users\elr2> Get-AzureDedicatedCircuitServiceProvider

Name                 DedicatedCircuitLocations      DedicatedCircuitBandwidths
—-                 ————————-      ————————–
AARNet               Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Airtel               Mumbai,Chennai                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Aryaka Networks      Amsterdam,Dallas,Silicon Valle 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
y,Singapore,Tokyo,Washington   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
DC
AT&T                 Silicon Valley,Washington DC   50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
AT&T Netbond         Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
n,Silicon Valley,Singapore,Syd 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
ney,Toronto,Washington DC
British Telecom      Amsterdam,London,Hong          50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,Silicon Valley,Singapore, 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Sydney,Tokyo,Washington DC
CenturyLink          Silicon Valley                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
China Telecom Global Hong Kong                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Cologix              Dallas,Toronto                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Colt Ethernet        Amsterdam,Dublin,London,Tokyo  50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Colt IPVPN           Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Comcast              Chicago,Silicon                50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Valley,Washington DC           2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Console              Los Angeles                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Coresite             Los Angeles                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Equinix              Amsterdam,Atlanta,Chicago,Dall 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
as,Hong Kong,London,Los        2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Angeles,Melbourne,New
York,Osaka,Sao
Paulo,Seattle,Silicon Valley,S
ingapore,Sydney,Tokyo,Toronto,
Washington DC
euNetworks           Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
GEANT                Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
IIJ                  Osaka,Tokyo                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
InterCloud           London,Singapore,Washington    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
DC,Amsterdam                   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Internet Solutions   Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
– Cloud Connect                                     2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Interxion            Amsterdam,London,Paris         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Jisc                 London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
KPN                  Amsterdam                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Level 3              Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Communications –     n,Seattle,Silicon              2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Exchange             Valley,Washington DC
Level 3              Amsterdam,Chicago,Dallas,Londo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Communications –     n,Seattle,Silicon              2Gbps:2000, 5Gbps:5000, 10Gbps:10000
IPVPN                Valley,Washington DC
Megaport             Dallas,Hong Kong,Las           50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Vegas,London,Los               2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Angeles,Melbourne,New York,Sea
ttle,Singapore,Sydney,Washingt
on DC
MTN                  London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Next Generation Data Newport                        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
NEXTDC               Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
NTT Communications   London,Los Angeles,Osaka,Tokyo 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
,Washington DC                 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Orange               Amsterdam,Hong                 50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Silicon Valley,Sin 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
gapore,Sydney,Washington DC
PCCW Global Limited  Hong Kong                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SIFY                 Chennai                        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SingTel Domestic     Singapore                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SingTel              Singapore                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
International                                       2Gbps:2000, 5Gbps:5000, 10Gbps:10000
SoftBank             Osaka,Tokyo                    50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Tata Communications  Amsterdam,Chennai,Hong         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Mumbai,Silicon     2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Valley,Singapore,Washington DC
TeleCity Group       Amsterdam,Dublin,London        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telefonica           Sao Paulo                      50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telenor              Amsterdam,London               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Telstra Corporation  Melbourne,Sydney               50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Verizon              Amsterdam,Chicago,Dallas,Hong  50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
Kong,London,Silicon Valley,Sin 2Gbps:2000, 5Gbps:5000, 10Gbps:10000
gapore,Sydney,Tokyo,Washington
DC
Vodafone             London                         50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Zayo Group           Chicago,Los Angeles,New        50Mbps:50, 100Mbps:100, 200Mbps:200, 500Mbps:500, 1Gbps:1000,
York,Silicon                   2Gbps:2000, 5Gbps:5000, 10Gbps:10000
Valley,Toronto,Washington DC
PS C:\Users\>

tcp window size – wireshark and windows

Below

 This could be clients, or servers, or netscalers, any of one them, are breaking tcp windowing and causing TCP to think the receive window/buffers are low.   But for this one, its not good!   That means you need to check client settings, netscaler settings, and server settings.  All three are important.

Server/ Client settings here:

https://support.microsoft.com/en-us/kb/934430

 Make sure you understand “bandwidth delay product”.    You may notice a small 10 millisecond RTT can cause serious slowness.  Using calculations of bandwidth delay product, you can find out how slow an app will be (true bandwidth).

Sometime this results in a really SLOW data transfer, even on high speed links.   Read about it here and do some sample calculations.   Receive buffer size on both ends must be set high and our network has to allow selective acks.  

 

It’s crazy important to get this right, or it causes our networks to function very slow.

https://en.wikipedia.org/wiki/Bandwidth-delay_product

 

 

As part of the three way handshake, both sides agree on a window scale factor.  We might be able to tell by checking the SYN packets from both sides, and figure out,  who is telling who not to use TCP scaling. 

Here is some explanation

https://www.wireshark.org/lists/wireshark-users/200903/msg00217.html

  

Netscaler TCP window scaling:

http://support.citrix.com/article/CTX113656#Configuring the TCP Window Scaling on a NetScaler Appliance. 

Below is some screenshots of wireshark captures.  Notice the red color bitmap shows NO window scaling used.

 

clicked – hijacked

You have a nice windows 2012 server, running all your IIS pages.  You think you are secure.  Well have you had a security audit?  You might see this in a good website audit.  It’s not a common attack, but it is easy enough to do for average hacker/phisher.  Here a attacker takes parts of your website, and puts them in a ‘web frame’ so that malicious parts of the site are delivered from a DIFFERENT website,  sometimes impossible to tell the good from the bad.  By not having certain HTTP options, your content is easier to hijack.  Read Acunetix write up here:

https://www.acunetix.com/vulnerabilities/web/clickjacking–x-frame-options-header-missing

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn’t return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.