FrameFlow Company Blog

17 07, 2015

FrameFlow Version 2015.2: Behind the Scenes

Jul 17, 2015|Server Monitoring, Updates and New Releases|

CC Image courtesy of Wishbook (Flickr) [CC-BY-2.0 via Wikimedia Commons]

Building FrameFlow Server Monitor: A Day in the Life

We do our best to keep our software lean and mean. Our business is 100% based on a try-before-you-buy model, so it’s important that we make a great first impression and part of that has to do with the ease of deployment and perception of quality. There are few things we hate more than when we go to download a simple utility to get a job done and it weighs over 500 megs in size.

Keeping our software fast, efficient and small isn’t always an easy thing. We’re sometimes at the mercy of third-party components that we integrate with and sometimes we have to deal with problems thrown our way by the development tools that we use.

Recently we faced a challenge along these lines and here is how it played out…

[Read More…]

14 07, 2015

Patch Tuesday for July 2015

Jul 14, 2015|Patch Tuesday, Server Security and Patching|

patch-tuesday
It’s Patch Tuesday again and time for all Windows sysadmins to apply the latest set of fixes from Microsoft.

This month’s delivery includes a total of 14 patches with 4 of them listed as critical.

One of the fixed flaws is flaws is a perfect example of why all system administrators need security on multiple levels.

[Read More…]

9 06, 2015

FrameFlow v2015.2 Released

Jun 9, 2015|Announcements, Updates and New Releases|

FrameFlow v2015.2

FrameFlow v2015.2 Released

We are very happy to announce that FrameFlow v2015.2 is now available for download. Licensed users can log into their account on our site to find the download links. Those of you who are in the evaluation phase can re-download the eval version. Either way, run the setup and it will upgrade your existing installation while preserving all of your settings and configuration.

This release is a major update bringing lots of new functionality. The major highlight is support for multiple alert levels including success, warning, error and critical.

To implement this we updated every single event monitor to allow you to specify multiple thresholds and control how you are alerted. We also updated all dashboard elements, network diagram displays and the structure of the interface itself to give you a clear view of multi-level status.

The end result gives you beautiful color-coded displays and an at-a-glance ability to identify and prioritize issues.

[Read More…]

15 05, 2015

Patch Tuesday for May 2015

May 15, 2015|Patch Tuesday, Server Security and Patching|

patch-tuesday
This month’s Patch Tuesday fell on the 14th this month and Microsoft delivered 11 patches with four of them rated critical. The first critical fix addresses multiple issues in Internet Explorer.

[Read More…]

7 05, 2015

Timing Flaw Discovered in Windows Ping Utility

May 7, 2015|Server Monitoring, Server Security and Patching|

pulse

Timing Flaw Discovered in Windows Ping Utility

It’s not everyday that you discover a flaw in a core networking component of a major operating system, but that’s just what happened here at FrameFlow last week. The command line “ping” is the workhorse of network and server monitoring. It’s the basic test that any sysadmin will use to determine if a remote system is alive and responding to network requests. As we investigated in more detail we were even more surprised to discover that this bug is deep in the Windows API and affects pretty much any program that needs to run ping tests.

[Read More…]

13 04, 2015

Patch Tuesday for April 2015

Apr 13, 2015|Patch Tuesday, Server Security and Patching|

patch-tuesday
This month’s Patch Tuesday fell on the 12th of April and Microsoft delivered 13 patches with three of them rated critical. As usual there was a Cumulative Security Update for Internet Explorer which fixed multiple Critical issues. These days it takes less and less time for exploits to appear in the wild so if your organization still supports IE as a browser you’ll want to patch your servers and workstations as soon as possible.

[Read More…]

10 03, 2015

Patch Tuesday for March 2015

Mar 10, 2015|Patch Tuesday, Server Security and Patching|

patch-tuesday
It’s Patch Tuesday again for all Windows sysadmins and this month’s delivery includes more fixes than usual.

Microsoft’s security bulletin lists 14 individual fixes including a fix for the recently discovered “FREAK” vulnerability. Of the fourteen fixes, 5 of them are rated Critical and the […]

6 03, 2015

“FREAK” Vulnerability (CVE20150204): Pretty Much All Systems are Exposed

Mar 6, 2015|Server Monitoring, Server Security and Patching|

data
CC Image courtesy of Joseph Novak (Flickr: Keys, USS Bowfin) [CC-BY-2.0 via Wikimedia Commons]

“FREAK” Vulnerability (CVE2015-0204): Pretty Much All Systems are Exposed

The list of flaws in trusted security algorithms has grown again with the recent announcement of the “FREAK” (Factoring Attack on RSA-EXPORT Keys) vulnerability also known as CVE-2015-0204.

First reports confirmed that many OpenSSL implementations contained the flaw and today Microsoft issued Security Advisory 3046015 confirming that all versions of Windows are vulnerable.

Where Did The Freak Vulnerability (CVE2015-0204) Come From?

The details of the vulnerability are alarming and largely due to flawed federal policies on encryption dating back to the 1990s. Around that time products like PGP (Pretty Good Privacy) were starting to see wider distribution and the U.S. officials responded by passing laws to control the export of any product that included high grade encryption. It was a futile effort and the battle was eventually won by crusaders such as Phil Zimmerman.

Some would even say there is a darker side to government efforts on the control and distribution of encryption technology:

[Read More…]

12 02, 2015

Techniques for Fast and Efficient Server Monitoring

Feb 12, 2015|Server Monitoring, Tips and Techniques|

data
CC Image courtesy of jakeliefer (Flickr: Old Keys) [CC-BY-2.0 via Wikimedia Commons]

Techniques for Fast and Efficient Server Monitoring

FrameFlow is highly customizable and offers a wide variety of monitoring options. We’ve designed it that way on purpose to give you the flexibility to build out your monitoring configuration in a way that best suits your work environment, practices and policies.

Authentication Methods

There’s one area where first time users often have questions and that’s when it comes to authentication. FrameFlow is an agentless monitoring system, which means we don’t install anything on the systems being monitored. Instead we use standard protocols to reach out to the monitored machines and collect the data we need. To do that we need to authenticate to the machines being monitored. This is a good thing because it means that FrameFlow plays by the rules when it comes to your network security polices rather than wildly opening ports to reveal monitoring data like some agent-based systems do.

[Read More…]

13 01, 2015

First Patch Tuesday for January 2015

Jan 13, 2015|Patch Tuesday, Server Monitoring, Server Security and Patching, Uncategorized|

    DEC_VT100_terminal
    Photo By Jason Scott - Flickr: IMG_9976 - CC-BY-2.0 via Wikimedia Commons

    January 2015 – 1 Critical and 7 Important Fixes

    The first Patch Tuesday for 2015 has been released and Windows sysadmins will be busy updating as usual.

    This release includes 8 fixes with 1 listed as Critical and 7 more listed as Important. It’s always vital to make sure your systems are fully patched but Windows admins may feel some comfort knowing that the only critical issue is one that affects the Windows Telnet Service.

    [Read More…]

7 01, 2015

Are You Monitoring Your Servers for Bugs Like Heartbleed, Shell Shock & Poodle?

Jan 7, 2015|Server Monitoring, Server Security and Patching|

Server Monitoring For Computer & Internet Bugs
Photo By wongo888 (Flickr: Brown Computer Bug) - CC-BY-2.0 via Wikimedia Commons

The internet has been around for more than half a century, going back to the 1960s when the US Department of Defense first awarded contracts for packet network systems. With each passing decade, we saw a greater proliferation of the net into more areas of our lives, transforming our world into a global, knowledge-based civilization; however, one of the big problems with today’s internet technology is the abundance of security bugs, lingering from out-of-date nodes in the net.

[Read More…]

9 12, 2014

POODLE 2.0: Here We Go Again (CVE-2014-8730)

Dec 9, 2014|Server Monitoring|

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons]

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons

POODLE 2.0: Here We Go Again

It was just a bit more than an month ago when the POODLE vulnerability in SSLv3 was discovered and sent sysadmins around the world scrambling.

You might remember that the original POODLE vulernability affected SSLv3, an older protocol that has been largely replaced by the TLS protocol. Since SSLv3 was only available on many systems as a measure to support very old web browsers, it was no big deal to disable it and thereby remove the vulnerabilty.

But today news is spreading that some TLS implementations can be vulnerable too and that as many as 10% of all web sites maybe affected. This new vulnerability has been labeled CVE-2014-8730 and it’s much more serious that the original POODLE.

It’s time to scramble again.

[Read More…]

19 11, 2014

Server Monitoring for KB3011780 (MS14-068) Patch – 5 Easy Steps

Nov 19, 2014|Server Monitoring, Tips and Techniques|

Microsoft has issued a patch for a serious vulnerability that hits domain controllers the hardest. KB3011780 describes the issue while the security bulletin MS14-068 provides more technical details.

The vulnerability allows a user with restricted permissions to escalate to domain administrator privileges and Microsoft reports that attacks have been seen in the wild. Microsoft has officially stated that "the only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain," so it's critical that all Windows admins apply this patch immediately.

Microsoft recommends first patching domain controllers running Windows Server 2008 R2 or earlier. Next, patch your Windows Server 2012 and later domain controllers. Finally, patch all of your regular systems to ensure complete safety.

Use the following step-by-step instructions showing how to configure FrameFlow Server Monitor to make sure your systems have been patched:

[Read More...]

17 11, 2014

Windows 10 Server Edition Technical Preview Pros & Cons

Nov 17, 2014|Server Monitoring|

Windows 10 Server

Windows Server Technical Preview

With each new Windows release the desktop edition gets a lot of press coverage but what about the server editions? Let’s take a look at the server edition that was released along with the Windows 10 Technical Preview.

What Will the New Windows Server Edition be Called?

First, let’s talk about the name. At this time it’s not clear whether the new version will be called “Windows 10 Server,” or “Windows Server 2015,” or possibly something else. Microsoft currently uses the generic “Windows Server Technical Preview” which doesn’t give anything away. While we now have a confirmed name for the desktop edition, those of us on the server side of things will have to wait a bit longer.

[Read More…]

29 10, 2014

POODLE Patch Post: Monitoring IIS Patches for CVE­-2014­-3566

Oct 29, 2014|Server Monitoring, Tips and Techniques|

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons]

Photo By Karin Jonsson (Flickr: Poodle) [CC-BY-2.0 via Wikimedia Commons

Anyone running web sites on IIS with SSL support should have already rolled out patches for CVE­-2014­-3566, the vulnerability in SSL v3 which has been labeled POODLE.

What is the POODLE Bug?

Google researchers have found a severe flaw in an obsolete but still used encryption software, which could be exploited to steal sensitive data… The POODLE attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies. Computerworld

FrameFlow Server Monitor Can Verify POODLE Patch Installation

Did you know that you can use FrameFlow Server Monitor to verify that the patch has been installed on all your systems?
[Read More…]

29 09, 2014

Windows 9? No, 10! What To Expect Tomorrow

Sep 29, 2014|Announcements, Server Monitoring|

Update: Windows 9 is dead. Long live Windows 10! Microsoft fooled everyone by skipping to Windows 10. There’s a preview build available already and stay tuned for our initial observations. So far all we can say is that we’re happy to have the Start Menu back.


[…]

14 08, 2014

FrameFlow v7.0.5 Released – Code Name “Lighthouse”

Aug 14, 2014|Announcements, Updates and New Releases|

Lighthouse

Photo By Kate Wellington (Flickr: Swallowtail and Ferry) [CC-BY-2.0 via Wikimedia Commons

We are very happy to announce that FrameFlow v7.0.5 is now available for download!

This release includes a number […]

17 07, 2014

FrameFlow v7.0.4 Released – Code Name “Pool”

Jul 17, 2014|Uncategorized|

We are very happy to announce that FrameFlow v7.0.4 has been released. This release extends our IIS Event Monitor, adding options to monitor application pools and sites. Now you can get alerts when sites or pools are down so that you can take quick corrective action to get your sites going again. Also new [...]
27 06, 2014

Effective Database Server Performance Monitoring Tips

Jun 27, 2014|Server Monitoring, Tips and Techniques|

data
CC Image courtesy of Buster Benson on Flickr

Overview

Databases like SQL Server, MySQL and Oracle are the workhorses of IT operations. They are the reliable back-end for applications, services, web sites and many other kinds of systems so […]

6 06, 2014

FrameFlow v7.0.3 Released – Code Name “Wrench”

Jun 6, 2014|Announcements, Updates and New Releases|

Photo By Kyle May (Flickr: Wrench Red) [CC-BY-2.0 via Wikimedia Commons

Photo By Kyle May (Flickr: Wrench Red) [CC-BY-2.0 via Wikimedia Commons]

We’re very happy to announce that FrameFlow v7.0.3 has been released. Since this update is almost purely a maintenance update […]

!RAWBLOCK0!