Category Archives: iPhone

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Come One, Come All: To The JAMF Nation User Conference

If you do deployments of Apple products, there are a few conferences to look at. Based on where you are and what industry you are in, some of these are better than others. But if you use the Casper Suite or are considering doing so, it would be really hard to beat JNUC, the JAMF Nation User Conference.

jamf-nation-user-conference-2014_1140_464_84_1399405603

And yes, I’d of said all this and posted this even if I hadn’t of come to work here a week and a half ago! So come one, come all to Minneapolis. And if you’re really nice, we’ll hook you up with some good old fashioned Minnesota lutefisk!

Home Automation iPhone Mac OS X

Which Apple TV Works With My TV?

I recently purchased a new TV (actually won, but that’s aside from the point). I put the DirecTV receiver on there and it worked like a charm. Then I put the Apple TV on and it appeared to work like a charm. But when the screensaver kicked in, the colors inverted. Sometimes I’d see lines across the screen and other times the Apple TV would get weird and just be blurry. I knew immediately that I was sending it too much. Turns out the new TV couldn’t do less than 1080p and the old Apple TV couldn’t do anything higher than 720p. To confirm, I looked up the serial number. All Apple TVs have Wi-Fi (up to 802.11n), 10/100 Ethernet, optical audio and an Infrared receiver for the remote control. So, here’s some information on model-specific connectivity to your other equipment:

Apple_TV_2nd_Generation_back

  • Early 2012 Model: Model A1427 or A1469, with HDMI that supports 720p or 1080p
  • Late 2010 Model: Model A1378, with HDMI supporting 720P
  • Early 2007 Mode (Silver): Model A1218, with HDMI supporting 480p and 720p as well as RCA and a built-in 40 or 160GB hard drive

apple-appletv12-channels-lg

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

DeviceScout

DeviceScout is a tool that leverages JAMF’s Casper Suite to show administrators vital statistics and show alerts on client systems. These alerts display some of the critical aspects of systems, from encryption to disk capacity to backups, there are a number of pretty cool aspects of DeviceScout.

Screen Shot 2014-04-18 at 2.55.47 PM

Using the device view, you can view serial numbers, device types, check-in status, boot volumes, memory, etc. It’s a lot of insight into what you have on your systems. I’m a huge fan of such visibility. You will need to be running Casper to leverage DeviceScout, but it provides a very simple interface for management and even techs to see what’s going on in your enterprise in as quick a manner as possible. Inventory, security status, backup status and a support menu at your fingertips.

With very simple pricing, check out what they have to offer at http://www.devicescout.com.

iPhone Mac OS X Mac OS X Server

MacIT Presentation

I enjoy going to MacIT so much. Paul Kent ran a great little conference in Monterrey one year and I am so glad that I started going to Macworld around that time. I missed it last year while trying to trim back on the travel and am pretty stoked I got to get there again this year. Special thanks to everyone I saw and was able to hang out with. Considering there isn’t a single person I didn’t want to hang out with, sorry if I didn’t see you or get to spend any time. Thanks to Duncan and Kevin White for making time to do the podcasts (hopefully the background noise is low enough so we can get them posted!).

Also, this is a top-notch production. Kathy, Paul, the board (Arek, Dan, John, Kevin, Duncan, etc) and everyone else I’ve ever interacted with there are absolutely amazing. I would love nothing more than to not get a chance to speak next year because a flood of amazing talks burst on the scene. Start thinking about what you could talk about now so I can show up and sit in the back and watch you do your thing! :)

And if you were in my session and asked about the presentation when the conference site was on the fritz (which could have also been my fault BTW), the presentation is here: MacIT 2014

Screen Shot 2014-03-29 at 11.09.44 PM

iPhone Mac OS X Mac OS X Server Mass Deployment

Install Fonts Using Apple Configurator

I guess someone asked for it, although it wasn’t me… But you can install fonts on Apple devices, using Apple Configurator. To do so, first open Apple Configurator and click on an existing profile or create a new profile for the font installation.

Screen Shot 2013-12-18 at 3.02.29 PMScroll down in the list along the left sidebar until you see Font. Click on Font and then click on Configure.

Screen Shot 2013-12-18 at 3.02.37 PMYou are then presented with a dialog box to select a font file. Browse to the font you’d like to deploy and then click on Select.

Screen Shot 2013-12-18 at 3.03.46 PM

Click on the plus sign (+) in the upper right corner of the screen if you’d like to deploy more fonts with this profile, or click Save to save the changes.

Screen Shot 2013-12-18 at 3.03.59 PM

Now deploy the profile and the device will get the desired font(s)!

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Microsoft Exchange Server Network Infrastructure Ubuntu Unix VMware

Quick nmap Hacks

The nmap application is a pretty easy-to-use tool that can be used to port scan objects in a network environment. To obtain mmap in an easy-to-use package installer, for OS X check out the download page at http://nmap.org/download.html#macosx (use the same page to grab it for Windows or *nix as well). Once downloaded run the package/rpm/whatever.

Before I scan a system, I like to pull the routing table and eth info to determine how scans are being run, which can be run by using the mmap command anong with the —iflist option:

nmap —iflist

Basic Scanning
To then scan a computer, just use the mmap command followed by the host name or even throw a -v option in there to see more information (you can use a hostname or an IP):

nmap -v www.apple.com

Use the -6 option if scanning via IPv6:

nmap -v -6 8a33:1a2c::83::1a

Can drop the -v for less info on these, but I usually like more than less. Shows ports, states, services (for the ports) and a MAC address for each IP being scanned.

You can also scan a range of IPs. I usually take the lazy way for this, by using a wildcard. I can replace an octet to scan all objects in that octet. For example, to scan all systems running on the 192.168.210 class B:

nmap 192.168.210.*

You can scan a subnet, which can cover more or less than one octet worth of IPs, by including the net mask:

nmap 192.168.210.0/24

You can also just list a range, which is much easier in some cases, using the —exclude option to remove an address that will be angry if port scanned:

nmap 192.168.210.1-100 —exclude 192.168.210.25

Or to do a few hosts within that range:

nmap 192.168.210.1,10,254

Of you can even use the following to read in a list of addresses and subnets where each is on its own line:

nmap -iL ~/nmaplist.txt

By default, mmap is scanning all ports. However, if you know what you’re looking for, scans can be processed much faster if you constrain it to a port or range of ports. Use the -p option to identify a port and then T: for only TCP or U: for only UDP, or neither to do both. Additionally, you can scan a range of ports or separate ports using the same syntax used for identifying multiple hosts. For example, here we’ll scan 53, 80, 110, 443 and 143:

nmap -p 53,80,110,143,443

DO OS detection using the -A option:

nmap -A www.apple.com

For true remote OS detection, use -O with —osscan-guess:

mmap -v -O —osscan-guess mail.krypted.com

We can also output to a text file, using the -o option (or of course > filename but -o is more elegant here unless you’re parsing elsewhere in the line):

mmap -v -o ~/Desktop/nmapresults.txt -O —osscan-guess mail.krypted.com

Firewalls
Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on firewalls. First, check whether there is actually a firewall using -s:

nmap -sA www.apple.com

Scan even if the host is protected by a firewall:

nmap -PN www.apple.com

Just check to see if some devices are up even if behind a firewall:

nmap -sP 192.168.210.10-20

Run a scan using Syn and ACK scans, run mmap along with the either -PS or -PA options (shown respectively):

nmap -PS 443 www.apple.com
nmap -PA 443 www.apple.com

Try to determine why ports are in a specific state:

nmap —reason www.apple.com

Show all sent/recvd packets:

nmap —packet-trace www.apple.com

Try to read the header of remote ports to determine a version number of the software:

nmap -sV www.apple.com

Security Scanning
Next, we can look at actually using nmap to test the attacking waters a little bit. First, we’ll try and spoof another MAC address, using the —spoof-mac options. We’ll use the 0 position after that option to indicate that we’re randomly generating a Mac, although we could use a real MAC in place of the 0:

nmap -v -sT —spoof-mac 0 www.apple.com

Next, let’s try to add a decoy, which allows us to spoof some IPs and use that as decoys so our target doesn’t suspect our IP as one that’s actually scanning them (note that our IP we’re testing from is 192.168.210.210):

nmap -n -192.168.210.1,192.168.210.10,192.168.210.210,192.168.210.254

Then, send some crazy packets (not an official term like magic packets, just my own term for throwing a curve ball at things and testing for the viability of syn-flood or Xmas packet attacking):

nmap -sX www.apple.com

Configure a custom mtu:

nmap —mtu 64 www.apple.com

Fragment your packets:

nmap -f www.apple.com

Note: None of Apple’s servers were damaged in the writing of this article. I did a find/replace at the end, when I realized I didn’t want all of you hitting www.krypted.com.

Active Directory cloud Consulting iPhone Kerio Mac OS X Mac OS X Server Mac Security Mass Deployment Microsoft Exchange Server Network Infrastructure Windows Server

Dig TTL While Preparing For A Migration

Any time doing a migration of data from one IP to another where that data has a DNS record that points users towards the data, we need to keep the amount of time it takes to repoint the record to a minimum. To see the TTL of a given record, let’s run dig using +trace, +nocmd to turn off showing the version and query options, +noall to turn off display flags, +answer to still show the answer section of my reponse and most importantly for these purposes +ttlid to toggle showing the TTL on. Here, we’ll use these to lookup the TTL for the www.krypted.com A record:

dig +trace +nocmd +noall +answer +ttlid a www.krypted.com

The output follows the CNAME (as many a www record happen to be) to the A record and shows the TTL value (3600) for each:

www.krypted.com. 3600 IN CNAME krypted.com.
krypted.com. 3600 IN A 199.19.85.14

We can also lookup the MX using the same structure, just swapping out the a for an MX and the FQDN with just the domain name itself:

dig +trace +nocmd +noall +answer +ttlid mx krypted.com

The response is a similar output where

krypted.com. 3600 IN MX 0 smtp.secureserver.net.
krypted.com. 3600 IN MX 10 mailstore1.secureserver.net.

iPhone

Testing iOS Services Using Services Test

The good folks at Amsys have built a nice little app called Services Test for verifying outbound connectivity to critical services to make iOS devices work.  If you are having problems connecting to these services or activating devices, simply open the App and tap on the play button in the upper right hand corner of the screen.

photo 1

Click on the Info button to see what each of these servers do during the activation and management process.

photo 3

The app can also test a few common server services, including connecting to an OS X Server, Casper and AirWatch. These are typical services used in an iOS and Mac environment.

photo 2

Overall, this is a really nice little app for testing connectivity to typical iOS services and a very nice tool Amsys is providing to the community!

 

iPhone Mac OS X Server Mass Deployment

Disable Options At Initial Config Time Using Apple Configurator

In Apple Configurator 1.4.3, which just dropped, you can reduce the setup time for iOS devices. This is pretty helpful in Configuration Centers and when warehousing/performing thin setups of devices. To access this new feature, open Configurator and go to the Prepare screen. From there, you will have the Setup tab. Click on Setup and then in the resultant screen, you will see each of the initial screens in iOS that you can now skip.

Screen Shot 2013-12-18 at 2.46.56 PMSo put this in perspective, if you check the Location Services box and then prepare a device, even if not restoring a backup, you then won’t be prompted for whether or not you want to enable Location Services. Instead, the device will accept the default option. Nice, small new feature, that will save a lot of people a lot of time, even if not using Apple Configurator to Supervise devices.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

Mac IT Conferences Board on Pinterest