Welcome back to IT Pro Tuesday!
To start off this week, we’re looking into how companies running Microsoft 365 are dealing with email security. We’re hoping to shed some light on how people are protecting their organizations from the daily threats we’re all subjected to. If you'd like to help us understand it better, why not take part in our survey for MSPs and IT admins? It will only take 5 minutes, and we will share the survey results with you when it's completed. Plus, everyone who participates will be entered for a chance to win a DJI Mini 2 drone! Take Survey
We're also asking for your favorite tips and tools we can share with the community... those that help you do your job better and more easily. Please reply or leave a comment with your suggestions, and we'll be featuring them in the coming weeks.
As always, we’re updating the full, searchable list on our website here. Enjoy.
But on with this week's tools...! Here are the most-interesting items that have come across our desks, laptops and phones this week. Hornetsecurity has no known affiliation with any of these unless we explicitly state otherwise.
A Free Tool
pmacct includes network monitoring tools that account, classify, aggregate, replicate and export IPv4 and IPv6 traffic; collect and correlate control-plane data via BGP and BMP; collect and correlate RPKI data; and collect infrastructure data via streaming telemetry. Each component works both as a standalone daemon and as a thread of execution for correlation purposes (to enhance NetFlow with BGP data). lormayna recommends it as "a very powerful tool."
To find out the minute anyone starts impersonating your organization on the web, flyguydip suggests you "create a canary token and hide it on your web page so you get a notification any time someone clones your site." This early warning enables you to file a complaint with the registrar and get the takedown process started as soon as the site goes live.
Another Free Tool
NK2Edit is a simple tool that allows you to selectively edit .NK2 files to either delete or modify the email addresses and contact details that are automatically saved by MS Outlook when you compose a message. Our appreciation for the suggestion goes to MattF.
To make it easier to clean up your AD account list, malikto44 suggests, "for users which are contractors or test accounts, I assign an expiration date. You can't do this (yet) with AAD—but with AD, it is useful. When it comes time to check contractors, I update their expiration dates, usually once a quarter. This gives a definite backstop to catch those accounts which normally would fall between the cracks."
ptrap is a script that can help in situations when you need to look at packets your network sends out too fast to catch as an open session. Enables you to see which process on your system is sending packets to a single <ip>:<port>. Supports TCP and UDP packet monitoring and the execution of a custom program in response. youngeng finds it to be "a pretty clever idea. Basically it uses tc to delay outgoing packets enough that it can then run netstat or lsof to catch the process ID."
P.S. Bonus Free Tools
Munki is a set of tools that work with a webserver-based repository of packages and package metadata to help manage software installs (and often, removals) on OS X client machines. It can install software in the Apple package format and supports Adobe CS3/CS4/CS5/CS6 Enterprise Deployment packages as well as drag-and-drop disk images as installer sources. Can also install Apple Software Updates, either from Apple's server or yours. Kindly suggested by phileat, who strongly recommends this vs. Homebrew.
Meinberg NTP for Windows provides a Windows option for the NTP protocol—which supports an accuracy of time down to nanoseconds—to synchronize the clock of various devices to a common reference. Each NTP daemon can be configured to use several independent reference time sources, which are queried at certain intervals and classified into groups that agree on the time so the system peer can be selected from the largest group. If that system peer becomes unavailable, the process repeats. Suggested by kcornet, who reports, "We've been running Meinberg NTP as our time source for years."
Have a fantastic week and as usual, let us know any comments.