Archive for November, 2008

VPN connection problem finally solved

Tuesday, November 18th, 2008

We use Symantec Gateway Security 360R firewall appliances to protect the servers from malicious attacks, virus intrusions and to provide a way of establishing a secure connection for updates and investigating problems on the remote sites. Although the SGS 360R appliances are no longer sold by Symantec, they do have a limited amount of support.

For some reason, the Symantec Client VPN software stopped working on my main computer. I would attempt to launch the Client VPN and almost immediately would get an error.

“Error connecting tunnel . The server rejected the ISAKMP security association. Make sure that the Phase1 ID, shared key and IKE policy are correct. Terminating connect operation.”

ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for establishing Security Associations (SA) and cryptographic keys in an Internet environment. Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic keys are derived. Public key techniques or, alternatively, a pre-shared key, are used to mutually authenticate the communicating parties.

I tried reentering the Phase1 ID and the shared key and checked to ensure the IKE policy was correct. I checked the Symantec site for the error at Error: “Error connecting tunnel [appliance IP address]. The server rejected the ISAKMP security association . . .”. I uninstalled any software that was potentially blocking port 500. Port 500 is used by the Client VPN to make a connection. Nothing seemed to work.

I uninstalled the Client VPN software. I deleted any entries in the registry that Symantec may have left behind. I reinstalled the Client VPN software. Still it didn’t work. I deleted all of the IP connection addresses. I added them back in. Still it didn’t work. The same error kept popping up.

Finally in desperation, I asked Saint Anthony if he could help. Saint Anthony is the saint who helps to find things we’ve lost and, in this case, finds a solution to the problem. So before you knew it, the thought of deleting the user and password for the Client VPN came to me. This deleted not only the user, but all of the connections. I recreated the user and one by one added the IP connections. Sure enough, one by one they connected as they should. Problem solved after hours of frustration. Thanks Saint Anthony!!

Posted in Computer Integration, Network Security, Spam | No Comments »

WinAudit – a utility to audit your PC’s hardware and software

Tuesday, November 18th, 2008

I came across a useful tool to help diagnose problems with Windows PCs. It’s a self contained, under 1MB, utility that shows all hardware and software details in a given computer. And it’s very fast in getting this detail. You can also run it from USB flash drive. When you’re in a client’s office and there is a problem with a computer, run this utility from your flash drive and you can get a quick picture of the status of the machine. It runs on all versions of Windows from 3.1 to Vista and everything in between.

You can pick from over 25 categories to audit. You can print the results or save it to a variety of formats such as PDF, comma delimited, html, XML, etc. There is also built-in help. This is software that is built the way all software should be built – compact and fast with a lot of features. In the past, I used SIW to help diagnose computer problems, but this program is SIW on steroids.

It’s available at Create a Report of Installed Hardware and Software with WinAudit

Posted in Implementation, Network Security, Tools & Utilities | No Comments »

Keep Your USB Drive Close with a Clothes Pin

Saturday, November 8th, 2008

I saw this article on gizmodo.com. It’s at Keep Your USB Drive Close with a Clothes Pin

While this may be a novel way of keeping track of where your USB drive is, there are other alternatives. One of my USB drives is attached to my key chain. Another I got from a Microsoft event that contained highlights of the talks given that day. This was in lieu of a CD/DVD. It has a ribbon that is attached to the drive and  can be worn around your neck.

Interesting and fun ways to keep your USB drive safe.

Posted in Computer Integration, Fun stuff, Network Security | No Comments »

How to Secure Laptops from U.S. Government’s Prying Eyes

Saturday, November 8th, 2008

In a recent article, eweek.com reports that the U.S. government has recently been given full permission to check the contents of laptops and mobile devices belonging to travelers passing into the United States at border control checkpoints. According to my brother, John, they can do the same with your MP3 player if they suspect the music has been obtained illegally. This permission covers not only non-Americans but extends to American residents returning home from abroad.

The article states … On April 21, 2008, the 9th U.S. Circuit Court of Appeals essentially gave the U.S. Government carte blanche permission to check any and every piece of data on laptops belonging to travelers passing into the United States at border control checkpoints.

There are three simple steps to take before crossing U.S. border points.

1. Make a full backup of the contents of your laptop. It’s also good practice to do regular backups of laptops just in case it’s stolen. Backup to a server or a portable hard drive that’s not taken on the trip.

2. Encrypt all sensitive and confidential data on the laptop. There are suites available such as Sybase Afaria, Credant, Trust Digital, PGP, RSA and Utimaco. It they are being used currently, now is the time to implement them.

3. Finally, inform every business traveler of the new rules, and make sure they understand that the new security regimen is not optional.

Full article is at How to Secure Laptops from U.S. Government’s Prying Eyes

Posted in Computer Integration, Network Security | No Comments »

Upgrading to WordPress 2.6.3

Saturday, November 8th, 2008

WordPress periodically wants you to upgrade to the latest version. There is a message on the admin dashboard suggesting you upgrade. The blog was at version 2.6.2. In the case of version 2.6.3, rather than overwrite all files in the wordpress directory, only 4 files need to be upgraded. They are:

wp-admin/includes/media.php
wp-content/plugins/akismet/akismet.php
wp-includes/class-snoopy.php
wp-includes/version.php

Make a backup copy of these files or rename the current files (media.php > media-old.php). Then copy the new files to the appropriate directories.

Posted in Blogging, Website | No Comments »