S.M.A.R.T SharePoint

Purpose

Provide a Graphical User Interface to query into S.M.A.R.T data and varying other pieces of data relating to the hard drive of a SharePoint server in order to heighten disaster recovery and mitigate risks of data loss.

Audience

  • SharePoint Server Administrators
  • Systems Administrators
  • Server Custodians
  • Developers (maintaining test / development / staging environments)
  • Usage Analysts

Available Downloads

 Download S.M.A.R.T SharePoint – Normal Installation

 Download S.M.A.R.T SharePoint – Silent Installation

Application Overview

S.M.A.R.T (Self-Monitoring Analysis and Reporting Technology) was the result of the collaboration of several hard drive manufactures in order to increase the reliability of hard drives and increase the range of predictability that there would be for hard drive failures. The primary purpose of S.M.A.R.T technology is to allow advanced diagnostics into hard drives at such a level that data loss and other information disasters can be prevented.

Most modern hard drives are equipped with S..M.A.R.T technology which allows to query the status of a hard drives at a very granular level. Using these methods, an organization can avoid hard drive loss for up to 70% (according to current S.M.A.R.T) statistics.

S.M.A.R.T SharePoint is a program to provide insight to SharePoint servers hard drive status. S.M.A.R.T SharePoint leverages available S.M.A.R.T methods so that you can monitor your SharePoint hard drives so that data disasters can be prevented, mitigating risk for your SharePoint environment. Before any of your critical SharePoint data gets lost, S.M.A.R.T SharePoint will alert you to any problems.
The primary interface of S.M.A.R.T SharePoint will bring you to a general management and information scene. The first group will display the

  • ID
  • Model
  • Temperature
  • Status

The secondary tabulated form will show a variety of information about the current state of the SharePoint server disk hard drives. The first tab is SharePoint Server Disk Info which will show all of the relevant information regarding the architecture of the queried hard drives.

On the second screen, you will drill into the actual queried S.M.A.R.T information from your SharePoint server harddrives. The information you can get it here is

  • Raw Read Error Rate
  • Throughput Performance
  • Spin Up Time
  • Start / Stop Count
  • Reallocated Sector
  • Seek Error Rate
  • Seek Time Performace
  • Power On Hours
  • Spin Retry Count
  • Power Cycle Count
  • Power-Off Retract Cycle
  • Load/Unload Cycle Count
  • Temperature
  • ECC
  • Reallocated Events Count
  • Current Pending Sector Count
  • Offline Stats
  • UDMA
  • Write Error Count

The last screen will allow you to set a few preferences for the application to ease its use. The first option will allow you to boot the application when the machine starts, as opposed to manually starting it. The second option will allow you to enable hibernation if your hard drive trips a threshold that might indicate future data failure. You can set the temperature warning level on the third option, and the pop up notifications are related to this as well as other hard rives events.

Share

SharePoint Server Anti-Keylogger

Purpose

The SPS AKL (SharePoint Portal Server Anti-Key Logger) is an application meant to facilitate key logger detection routines by leveraging windows services, along with removal, and recommended preventions options through multiple modules. There are three main modules that complete the system.

  1. Check Process Service Module – Runs against the current services located on the machine to detect whether a key logger is present on the target machine
  2. Detected Keylog Attempt Module and Actions Management – A management interface for if and when a key logger is detected on one of your SharePoint machines. It will provide you insight into the key logger, and options available to work with the malware.

Audience

  • SharePoint Server Administrators
  • SharePoint Server Custodians
  • Systems Administrators
  • Security Officers

Available Downloads


Download SharePoint Anti-Keylogger – Normal Installation


Download SharePoint Anti-Keylogger – Silent Installation

Application Overview

Key loggers are becoming commonplace methods for intruders to gain access to unauthorized systems by recording user keystrokes as they occur on the arbitrary machine, or in our case, our SharePoint Portal or Windows SharePoint Services server. Protecting your server from key loggers is a fairly crucial measure in any security structure, ensuring your full control of your machines without worrying about compromising it to hackers.

Key loggers can exist on two different levels, both on a hardware and software level. There are a range of available hardware key loggers, ranging from those which are fairly easily to detect such as those that attach inline between the keyboard cable and those which bind to a port where the keyboard is installed, or those which are placed directly into the keyboard or laptop machine. Retrieving the data from the target machine can vary heavily depending on the application used, which has its own implications. The most common way is to slip a Trojan or other remote access application that allows the user direct access to the machine to query the log generated by the key logger. Because SharePoint machines are often hooked into MS exchange servers, typically the information can automatically be sent via using email, which is slightly more elegant than the former technique because it lessens the trail detection and gives less evidence to forensic computer analysts.

Key loggers at first glance appear to be for malicious purposes, but this is not entirely the case. Against the authors ethics and beliefs, as well as several others, various corporations have been installing hard key loggers into their machines to capture exact employee activity and report on arbitrary data. The laws regarding this are fairly blatant, as it is typically the companies property any and all information that is created, stored, or possibly sent from the host machine remains the property of company (this is a fairly grey issue) and therefore there are no legal ramifications that prevent organizations from doing so. The FBI has even been known to leverage key logging technology to break down encrypted communications by those participating in illegal activity (the most famous of which, is Magic Latern).

Securing your SharePoint environment for key logger is as important as web and network layer security. The SPS AKL is composed of two main modules that help you harden your SharePoint environment, one for detection and another for management. The central processing portions are kept as a windows service that will need to be installed.

In order to install the Anti-Keylogger service:

  1. Select Start
  2. Choose Run
  3. Enter the following command: C:\Program Files\ARB Security Solutions\SPS AKL\SharePoint AKL Service.exe /INSTALL

This will allow you to manage the services from the services.msc Snap-In, where you should be able to control it at a more granular level in regards to starting options.
Once you have the service installed, the other tools are easy to use. Select the SPS AKL from the programs fly out, and you will notice a new item is appended to your task bar. From here you can either check the current processes for key loggers, or you can bring up the main interface which will allow you to resolve key logging issues.

From the icon, you can bring up the selection interface by right clicking on it

It is suggested to just leave the interface in the task bar state in so that you can receive notifications regarding key loggers as they arise.

Share

AspnetWebeventEventsCommands Partial Class

This command factory creates static partial classes that generate parameterized database commands to the ASP.NET database, in this case the “WebeventEvents” table. This partial class could be extended to include your own queries if you desired.

[csharp]

 
//*****************************************************************************
// This file is part of the data access layer example to the ASP.NET 2.0 provider database
// This file was written by Adam Buenz [WSS MVP] of ARB Security Solutions, LLC
// http://www.sharepointsecurity.com
//
// This file and its parts is free for re-distribution, for use in both free
// and commercial applications, however this header must remain intact for legal
// use. The data access layer example is distributed in the hope that it will
// be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
//*****************************************************************************
using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
using System.Data.SqlClient;

namespace Aspnet.Provider.Datalayer.Commands
{
///
/// A command factory class for AspnetWebeventEvents objects.
///
internal static partial class AspnetWebeventEventsCommands
{
///
/// Finds all AspnetWebeventEvents objects with a certain Eventtimeutc value.
///
///
The Eventtimeutc value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventtimeutc value.
public static IDbCommand FindByEventtimeutc(DateTime eventtimeutc)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventTimeUtc] = @eventtimeutc”);
cmd.Parameters.AddWithValue(“@eventtimeutc”, eventtimeutc);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventtime value.
///
///
The Eventtime value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventtime value.
public static IDbCommand FindByEventtime(DateTime eventtime)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventTime] = @eventtime”);
cmd.Parameters.AddWithValue(“@eventtime”, eventtime);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventtype value.
///
///
The Eventtype value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventtype value.
public static IDbCommand FindByEventtype(string eventtype)
{
SqlCommand cmd;
if (eventtype == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventType] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventType] like @eventtype”);
cmd.Parameters.AddWithValue(“@eventtype”, eventtype.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventsequence value.
///
///
The Eventsequence value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventsequence value.
public static IDbCommand FindByEventsequence(decimal eventsequence)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventSequence] = @eventsequence”);
cmd.Parameters.AddWithValue(“@eventsequence”, eventsequence);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventoccurrence value.
///
///
The Eventoccurrence value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventoccurrence value.
public static IDbCommand FindByEventoccurrence(decimal eventoccurrence)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventOccurrence] = @eventoccurrence”);
cmd.Parameters.AddWithValue(“@eventoccurrence”, eventoccurrence);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventcode value.
///
///
The Eventcode value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventcode value.
public static IDbCommand FindByEventcode(int eventcode)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventCode] = @eventcode”);
cmd.Parameters.AddWithValue(“@eventcode”, eventcode);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Eventdetailcode value.
///
///
The Eventdetailcode value. /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Eventdetailcode value.
public static IDbCommand FindByEventdetailcode(int eventdetailcode)
{
SqlCommand cmd;
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [EventDetailCode] = @eventdetailcode”);
cmd.Parameters.AddWithValue(“@eventdetailcode”, eventdetailcode);
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Message value.
///
///
The Message value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Message value.
public static IDbCommand FindByMessage(string message)
{
SqlCommand cmd;
if (message == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [Message] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [Message] like @message”);
cmd.Parameters.AddWithValue(“@message”, message.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Applicationpath value.
///
///
The Applicationpath value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Applicationpath value.
public static IDbCommand FindByApplicationpath(string applicationpath)
{
SqlCommand cmd;
if (applicationpath == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ApplicationPath] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ApplicationPath] like @applicationpath”);
cmd.Parameters.AddWithValue(“@applicationpath”, applicationpath.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Applicationvirtualpath value.
///
///
The Applicationvirtualpath value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Applicationvirtualpath value.
public static IDbCommand FindByApplicationvirtualpath(string applicationvirtualpath)
{
SqlCommand cmd;
if (applicationvirtualpath == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ApplicationVirtualPath] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ApplicationVirtualPath] like @applicationvirtualpath”);
cmd.Parameters.AddWithValue(“@applicationvirtualpath”, applicationvirtualpath.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Machinename value.
///
///
The Machinename value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Machinename value.
public static IDbCommand FindByMachinename(string machinename)
{
SqlCommand cmd;
if (machinename == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [MachineName] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [MachineName] like @machinename”);
cmd.Parameters.AddWithValue(“@machinename”, machinename.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Requesturl value.
///
///
The Requesturl value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Requesturl value.
public static IDbCommand FindByRequesturl(string requesturl)
{
SqlCommand cmd;
if (requesturl == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [RequestUrl] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [RequestUrl] like @requesturl”);
cmd.Parameters.AddWithValue(“@requesturl”, requesturl.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Exceptiontype value.
///
///
The Exceptiontype value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Exceptiontype value.
public static IDbCommand FindByExceptiontype(string exceptiontype)
{
SqlCommand cmd;
if (exceptiontype == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ExceptionType] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [ExceptionType] like @exceptiontype”);
cmd.Parameters.AddWithValue(“@exceptiontype”, exceptiontype.Replace(“*”, “%”));
}
return cmd;
}

///
/// Finds all AspnetWebeventEvents objects with a certain Details value.
///
///
The Details value (‘*’ can be used as a wildcard). /// An IDbCommand that finds all AspnetWebeventEvents objects with a certain Details value.
public static IDbCommand FindByDetails(string details)
{
SqlCommand cmd;
if (details == null)
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [Details] is null”);
else
{
cmd = new SqlCommand(“select * from [dbo].[aspnet_WebEvent_Events] where [Details] like @details”);
cmd.Parameters.AddWithValue(“@details”, details.Replace(“*”, “%”));
}
return cmd;
}

}
}

 

[/csharp]

Share