Timeline of my tweets for #share4biz Share 2014 conference (updated with images)

Posted on June 21, 2014

During this last week (Wednesday and Thursday) I had the pleasure of attending my first Share conference covering Microsoft’s Sharepoint platform (#share4biz). As always I like to cover the events I attend on Twitter – it helps me focus on the presentations and overcome those ADHD tendencies.

As with the #ITWebSec Security Summit I tried to capture my timeline of tweets from the event to package, archive and share what happened at the event. After that event I tried to journalise my tweets and explored a number of options. Twournal looked the most promising but never produced a valid PDF that could be opened. Tweetbook.in produced a plain PDF of the text of the tweets but with no images which is unfortunate as the content of a large number of the presentation slides was captured in the images.

For now, here is my #share4biz conference timeline courtesy of Tweetbook. If I can find a better way I will add that in. Suggestions welcomed if you know of one.

Download it here : @jjza #share4biz

Update : 

I am delighted to say that Twournal sent through a notification to say the e-book is ready and this time it produce a valid PDF file which is available below, with all of the pictures embedded. 110 pages of full colour tweets with supporting graphics, bringing to life the coverage of the event. Wonderful.

Download it here : @jjza coverage of Share4Biz with images (Twournal)

 

Some photos from the event (all embedded in the PDF twournal above)

citizens expect outcomes all tied up keep it simple future of collab where business be in 2015

 

Analysing SCCM Logs with Log Parser Studio

Posted on June 21, 2014

Microsoft System Centre Configuration Manager (SCCM) is used in an Active Directory environment to amongst other things deliver patches and antivirus to the servers and workstations.

In a large environment you can have quite a number of SCCM servers operating in tandem to deliver the data to the client devices. Obtaining details in an SCCM environment of exactly which endpoints are being served by which servers (or how busy each server is) isn’t quite as straightforward as one might imagine.  The client devices all connect to the servers through HTTP calls to collect the packages they require. The IIS logs from the SCCM servers can be downloaded and analysed to try to figure out what is happening in the environment.

The IIS logs contain a number of useful fields (a sample included below) :

LogFilename : E:\logs\SCCMP101\SCCMP101\W3SVC1\u_ex140410.log
LogRow : 5
date : 41739
time : 36526.7730902778
c-ip : 10.75.xx.xx
cs-username :
s-sitename :
s-computername :
s-ip : 10.98.xx.xx
s-port : 80
cs-method : GET
cs-uri-stem : /SMS_MP/.sms_aut
cs-uri-query : MPLIST
sc-status : 200
sc-substatus : 0
sc-win32-status : 0
sc-bytes : 608
cs-bytes : 124
time-taken : 15
cs-version :
cs-host : sccmp101.xx.net
cs(User-Agent) : SMS+CCM

Further fields such as Cookie, Referer events and process types are present but I found these to be generally blank.  The above example includes the data transferred (sc-bytes and cs-bytes) which were not turned on by default and which I found quite useful. These can be activated in IIS easily enough.

In my use case I obtained the logs from 83 servers which amounted to 2859 files over 254 folders coming to 122GB (uncompressed). The proves to be a little bit of a challenge when I don’t have SQL server installed on my PC or Laptop, MS Access is limited to 2GB database and even SQL Express 2014 is limited to 10GB.

I had previously heard of (but not used) Microsoft Log Parser. A quick search revealed version 2.2 (released some 9 years ago in 2005 – but don’t let that put you off) available for download. Now this is a pretty nifty tool as it understands log files in many different formats (and even plain text files). This saves you from having to clean up the log files to strip out headers (which are written to the logs every time the web server starts / restarts) and from having to combine many different files. A real time-saver.

You can then write SQL-like queries and have them executed against your log files to get your results. Now with data of the size above on my 8 Gig i7 870 @ 2.93GHZ running off a Seagate 2TB 7200rpm SATA drive it takes around 3.5 hours to run a query (know how to speed this up fundamentally do share).  Using Task Manager to monitor the execution of the query shows CPU utilisation of only around 8% (one thread sits at about a 50% utilisation) memory utilisation of between 50MB upwards (as the result set grows) and disk speed varying from about 8MB/s to 30MB/s. So not quite sure where the bottleneck lies.

Writing the queries at the command line is a little bit of a pain so the next bit of genius is the Log Parser Studio.  Unlike Log Parser, the studio is kept up to date, with the latest build being 2.0.0.100 from 23 May 2014. The studio provides a library of queries (over 170)  covering logs from ActiveSync, IIS, Windows event logs, Exchange, Outlook Web access amongst others. Covers a huge number of ideas for useful analysis and provides the queries to do it for you.  What is great is that you can use these, modify them for your own purposes or create your own from scratch, and add them all to your own personal library.

For example, to understand what the patterns of access look like over a month a query such as this can be pretty useful.

/* Server total time and data transferred by date */
SELECT s-ip,date,count (s-ip),sum(time-taken),sum(sc-bytes),sum(cs-bytes)
FROM '[LOGFILEPATH]'
GROUP BY s-ip,date

A challenge that you quickly come across is that both the Log Parser and the Studio (which is dependent on the Parser) are 32 bit applications so you need to be careful as to which fields and how much summarisation is included in the result set. If the results grow to quickly then the query will crash as it runs out of memory. The trick is to find a balance between too much information (it crashes) and too little information (need to run many queries). Finding the right balance means further analysis can be done in Excel or Access. I have found that 30 000+ rows still works if few enough fields are chosen and some smart queries are used.

When executing the above query a problem is that the bytes transferred exceeds the value that can be stored in the data type, so you end up with negative numbers for some of the lines returned. Rewriting the query as follows assists in resolving this problem :

/* Server total time and data transferred by date */
SELECT s-ip,date,count (s-ip),sum(div(time-taken,60)),sum(div(sc-bytes,1024)),sum(div(cs-bytes,1024))
FROM '[LOGFILEPATH]'
GROUP BY s-ip,date

Log parser supports a huge number of different functions but you need to know the format to use them. Take a look here for a listing and examples : http://logparserplus.com/Functions

So whereas I would have expected sum(time-taken/60) to give me a result in minutes it fails with an unknown field. Even (sum((time-taken)/60) fails. Check the function reference shows that log parser wants it as sum(div(time-taken,60)) and then life is happy again. Running your query again having just spent 3 hours waiting for the last one to complete – a little less so.

Using these tools and queries I was then able to summarise down the 160 gig of source data into a few thousand rows that could be imported into Access and joined to CMDB data to produce really useful intelligence that can be analysed directly in Access, Excel or Gephi. Thanks Microsoft for these great free products.

I was also looking for further pre-built queries for Log Parser Studio but was unable to find any. If you know where such may be found, please do share. If there is interest and as I use the tool more I will be happy to share anything I have created.

 

 

 

 

 

 

 

 

Timeline of my tweets for #itwebsec IT Web Security Summit 2014

Posted on June 03, 2014

I once again had the privilege of attending the IT Web Security Summit in May 2014.  As always when attending these large events I try and cover the presentations I attend through tweets. This creates quite comprehensive coverage as I also monitor the hashtag for the event (#itwebsec in this case) and then re-tweet other bloggers, journalists and active people’s tweets. In the end I believe my timeline is quite a useful archive of the social media (Twitter) coverage of the event.

Now trying to archive this for particular event is somewhat problematic. The web interface for Twitter provides a nice view with the tweeters profile pics, stats (retweets etc) of each tweet and the like. It is however a real pain to put this into a format which I can post onto my blog. I tried editing the HTML of a saved page but without decent tools that HTML code is just unmanageable.

I came across tweetbook.in which provides a sort of journal creation facility and allows you to give a start and end date, then spews out a PDF. Sadly the formatting is quite poor and no pictures are included. It does however give the basic timeline and the tweets are provided timestamped in chronological order so it is much better than nothing.

Below is the tweetbook

JJZA Tweetbook

And the PDF’d twitter page, scroll down until you find the relevant tweets, sorry no selection options – and it is in reverse chronological order.

(oops – the file was 72 meg so exceeds the filesize limit for inserting. Pity indeed).

I found another option (twournal.com) which lets you create (and even sell if you like) books from your tweets. I generated a book from the period but it will mail the book to me in 24 hours. Depending on the size and outcome I will link that here too.

(twournal to come here)

If anybody knows of a better way of doing this then please do share. Sad to see may various events covered go to waste and be lost in the depths of cyberspace.

 

 

 

ISACA SA Annual Conference 2014 : 25/26 August 2014

Posted on June 03, 2014

Just some advanced notice that the ISACA South African Chapter Annual conference for 2014 has been announced.

The conference is taking place from 25 August 2014 To 26 August 2014 at Emperors Palace. Visit the conference page for details and online bookings or contact: Nadine Schreiber – admin@isaca.org.za

ISACA is also still looking for speakers so if you have something interesting to share please contact Nadine.

Conference web page

 

The Heartbleed bug : a short presentation given at the Kzn ISACA Chapter Meeting

Posted on June 03, 2014

I was honoured to be asked to make a (short) presentation at the May 2014 KZN ISACA Chapter meeting. The meeting went down well with probably around 25 people attending.

Attached is the PDF of the presentation.

I hope that some of the members present found it useful and that you, my readers, do too.

Feedback as always most welcome.

The Heartbleed Bug ISACA presentation v3

 

Visualising Security Data : SCCM patching traffic flows

Posted on March 03, 2014

I have been experimenting a little recently with visualisation of security data.

We have had some challenges with SCCM and needing to understand which clients were connecting to which servers, where and why. This data seemed very hard to come by and after some discussions with some helpful Microsoft South Africa folk the service provider pulled the IIS logs from most of our SCCM Primary Servers and the Distribution Points.

I then added in a Destination column (being the server from which the log was pulled) and combined the logs from all of the servers (6 Primary and 6 Distribution). In MS Access I then summarised the data by source and destination pairs, providing 13952 connections. This was exported as a CSV and headings added in using Notepad (Gephi wouldn’t read the data file without headings named to its liking).

The data was then loaded into Gephi as edge data. I then searched for each of the 12 servers in the node table, added in a Label, changed the colour and size (Red 30 for Primary Blue 20 for secondary), selected the Force Atlas option and let it plot my data. The 13 546 nodes and 113952 were then plotted providing the graph below (when exported as PDF).

The graph was somewhat unexpected in that I did not foresee so many of the workstations being served from Primary servers nor so many devices receiving data from multiple servers. A few of the DP’s (top and bottom of screen) clearly are not serving the numbers of workstations we would expect and need deeper investigation.

While Excel cross tabs and more detailed access queries provide more detailed insight into what is going on this visualisation very quickly demonstrates a very different picture to which the service provider running the SCCM infrastructure had been describing.

Have you done anything similar? Please do share.

 

Map of SCCM links using Gephi

Map of SCCM links using Gephi

 

Download the PDF version here :  map of sccm v2

 

UKZN MBA presentation 8th August 2013 : Information Security & Ethics

Posted on August 11, 2013

On Thursday the 8th August 2013 I was once again privileged to be the guest lecturer for the UKZN MBA programme. Despite Friday being a holiday and the start of the long weekend there was a great turnout. Thanks to all the students for all your questions and contributing to making it an entertaining session.

Below is the link to the slides. Please feel free to contact me if you have an questions or would like to discuss the subject further.

security and ethics UKZN MBA August 2013

Award winning presentation on director interlocks on the JSE (SAAA conference June 2013)

Posted on July 14, 2013

 

SAAA biennial conference logo

My MBA dissertation was entitled “An analysis of director interlocks on the JSE -with reference to the top 40 listed companies” and took me quite some years to complete. There were complexities of having to collect all my own data due to inaccuracies in the CIPC database, having to relearn that matrix mathematics that I thought I would never use again after first year university 20 years ago, then figure out how all these analytical tools work.

During the completion process a few people commented that the only people who would ever read the document would be my supervisor and the two examiners (and even then I would be operating on faith). After all the work I had put in this was quite disheartening. When Leo Deodutt (my supervisor) suggested that we create a paper from the dissertation and submit it for the Southern African Accounting Association Biennial Conference to be held in Cape Town in June I jumped at the chance. What an opportunity to get the message out. Leo did a lot of hard work to cut down the dissertation to a 20 page paper, and in the process we had to restrict the paper to just one of the research questions covered in the dissertation. When the comments came back from the blind peer reviewer there was a nomination for best paper award, which was most gratifying. What an honour just to be nominated.

The presentation itself was again a challenge: to try to fit into 20m what took years to research, and to try to simplify the complexities and distil the message to one that can easily be conveyed to a broad audience. In the end this was achieved and the final presentation is attached. Leo is looking for opportunities to further present the work, and it is likely that we will present again at UKZN in the coming months. Mail me if you have ideas of appropriate forums who may be interested.

The day after the presentation I was absolutely thrilled to discover that we did indeed win the best paper award. I am pretty sure I didn’t stop smiling for a week. Thanks to Leo for all his hard work in making this happen.

Enjoy the presentation and leave any questions in the comments or drop me a mail.

Justin

Download a copy of the presentation :  SAAA conference June 2013 – director interlocks on the JSE final

 

Thought for the day : What makes you good at what you do ?

Posted on May 18, 2013

This morning I received a message from one of our Graduates In Training (GIT’s) : “Hi Justin, quick question. What would you say is the one thing that makes you good at what you do. The key ingredient?”

Now that isn’t quite as easy to answer as it first seems. The challenge is keeping it down to one, when there are a number of things that one is or one does that makes you who you are, but which of those makes you GOOD at what you do.

My first answer was “Willingness to learn” sent fairly quickly. To me we have to be learning things all the time, formal learning, reading, on the job, always sucking up new knowledge and building on the skill set we have. But that still doesn’t really quite get to the heart of it.

So I sent a second message “That + questioning all the time, if you don’t understand something ask, don’t just accept what people say, make them explain why, that way you learn or find out they are not right”.

That was much closer to the heart of it. Have that questioning, enquiring mind. Want to know why things are the way they are and don’t just accept them for the way they are.
The other extension to that is creating a learning culture and environment wherever you are. Not accepting things have to be the way they are and encouraging people around you to learn and to share. Knowledge is power, if shared and if used to support one another. Standing on the shoulders of giants comes to mind**. Some people sadly still see knowledge as power for themselves, so hold onto knowledge and don’t want to share. Those aren’t my kind of people and I certainly don’t want to work with them or surround myself with them.

There are many other things that make one good at what we do :

  • Quality
  • Persistence
  • Perseverance
  • Technical competence
  • Hard Work
  • Lead from the front
  • Surround yourself with good people, with diverse skills
  • Recognise the contribution of others and publicly & privately acknowledge it (the latter half of that I’m not particularly good at – don’t do it often enough).

Perhaps each of us is different enough that we will all have a different “one thing” that makes us good at what we do, and the challenge for each of us is to find that one thing for us that allows us to be the best we can be. If we can see someone similar to ourselves who resonates with us and we can learn from them, great.

Be delighted for you to share your thoughts on the matter.

Simphiwe, thanks for asking the question, and for your enthusiasm and infectious laughter every day, brings sunshine to our lives.

Other Comments from respected IT personalities : 

Great blog post, for me it’s passion, heart, attitude. All synonymous for how one feels towards something, one can be the best in one’s field or subject matter, but without these qualities you just not going to get people to rally behind you.  Yusuf Loonat (Head : Service Delivery : Enterprise Information Management Services : Transnet)

The key ingredients for me  is pride, passionate, commitment and ethics. All the others are important but these are the threads that hold it together and provide meaning and relevance. Kevin Govender (Head : Strategy and Architecture : Enterprise Information Management Services : Transnet)

to @jjza well written. A passion to make a difference would be my answer. One will find all the ingredients required to satisfy the passion.. Raghuvansh Swami (Partner : Ernst & Young)  (@swamira)

 

From twitter conversation with Darren Smith (@DazMSmith) :

to @DazMSmith Would appreciate your thoughts on this - Question raised by a graduate intern of mine

to @jjza A fascinating question. With no easy answer. But “attitude” separates the mediocre from the exceptional. They envisage 1st, then do.

to @DazMSmith True. I’m intrigued to see most of the answers relate to personal traits rather than knowledge, skill or experience.

to @jjza Absolutely agree! All the skill in the world will get you nowhere if you do nothing with your potential. Or knowledge. Or opportunity.

 

**  Wikipedia tells me to thank Bernard of Chartres not Sir Isaac Newton – interesting

 

Southern African Accounting Association : INTERNATIONAL BIENNIAL CONFERENCE

Posted on May 18, 2013

The SOUTHERN AFRICAN ACCOUNTING ASSOCIATION (SAAA) in collaboration with the INTERNATIONAL ASSOCIATION OF ACCOUNTING EDUCATION AND RESEARCH are presenting an INTERNATIONAL BIENNIAL CONFERENCE THEMED: The challenge of responsible Accountancy Academic Citizenship: The quest to balance teaching, research and academic leadership from 26-28th June 2013 at the LORD CHARLES HOTEL, SOMERSET WEST, CAPE TOWN, SOUTH AFRICA. Website here

I am delighted that a paper prepared from my Masters thesis by my supervisors, Leo Deodutt and myself has been accepted for presentation at the above conference.

During the finalisation of my dissertation there were a number of people who were gleefully reminding me that the examiners and I would probably be the only people who ever read or cared about my research. This didn’t fill me with any joy, so I am truly delighted to have the opportunity to share some of my research. It provides further impetus to the original thinking of publishing the material is a book of some format.

Watch this space :)

New location for Nespresso in Durban (updated with pics)

Posted on March 28, 2013

I received an SMS from Nespresso the other day to say they are currently located at 254 Lilian Ngoyi Road (formerly Windermere road). Their new phone number is 031-303 3374.

Having struggled in the past to find them, and the fact the address and number is not listed on www.nespresso.co.za nor does it come up on a Google search, this may be useful to some of you looking for them.

Update : So as you drive up Windermere road, their shop is a converted house on the right hand side, you can see the palms outside. As you get closer you can see the sign on the road facing part of the building to the left of the palms. At this point you want to be slowing down already as they have off-street parking. and it is easy to miss. The parking is right up against the building, and the solid island does stop so you can turn right into the parking. The security guard will have to open the boom for you.

 

 

Nespresso Shop nes2 nes3

 

 

UKZN MBA 2013 Presentation : Security & Ethics

Posted on March 02, 2013

On Thursday afternoon I was privileged to speak to the UKZN 2013 MBA class on information security and ethics. Below is a copy of the presentation. Lots of detail in here which we didn’t get to cover in the two hours together, and lots to remind you of the things we shared. I hope you all enjoyed the time as much as I did.

Feel free to mail me or post any questions here.

Justin

Download PDF presentation : security and ethics 2013 UKZN MBA Feb 2013

 

LinkedIn reaches 200 million and I’m in the Top 5% most viewed profiles (along with 10 million others!)

Posted on February 17, 2013

I received a mail the other day to say that LinkedIn had reached 200 million members, and that my profile was one of the Top 5% of most viewed profiles. Sounds impressive doesn’t it? Perhaps a little less so when you consider 10 million other members must have received the same mail. Ah well, below is a snapshot of that mail and the accompanying info-graphic just for interest sake. Sadly this doesn’t show South Africa to be a top user of Linked In. In fact Africa doesn’t even warrant a dot, I guess that means we have fewer members than even the 3 million of Australia. Ah well.

 

Top5

Read the rest of this entry »

Caffe Luxe’s new and improved Nespresso Compatible coffee pods (mostly just pics)

Posted on February 16, 2013

After one of our readers complained about the Caffelux capsules, the good folk over at luxurycoffee.co.za stepped in and offered to send her some capsules. At the same time they noticed my previous blog post on their coffee still showed the old branding and product. Since the product had been updated with new branding, capsules design improvements and coffee they very kindly offered to send me some of the new coffee to try, which I gladly accepted.

Below you can see the new whiter, lighter branded boxes of the five flavours.

The 5 flavours

The 5 flavours

Read the rest of this entry »

%d bloggers like this: