POINT PROFILES.com
Development
Listed are various types of development projects I have done over the years containing both professional and personal projects which illustrates my diverse coding abilities, in-depth knowledge of the target solution, and understanding of general to specific concepts & details applied to solutions requiring the development.

Technology has come along way in the last five years now offering many quality choices both in the private proprietary sector and open source communities as illustrated by the popular WordPress blogging software. My development the last five years has been targeted to leverage all these quality mainstream software offerings for the goals of enhancement, extensibility, and connectivity with minimum invasiveness ensuring stability & longevity of the end solution.

I believe using standards as much as possible is important and a modular architecture design will allow for smaller incremental upgrades and/or improvements, increasing the return on investment (ROI) for the solution. To accomplish non-invasive integration & modular designs, understanding both the technical and conceptual aspects of the technology is key to a successful development project.

Finally it should be stated that for development projects that require a complete customized design, it is very important for the developer to address all security aspects as they will be the only one either aware of them or responsible for safe design/coding.
Active Directory Query & Export Application/Service
  • Type: Windows Application/Service
  • Use: Administration & Security Support
  • Purpose: Windows application/service to perform queries in AD for target information such as user accounts & computers to be exported to various sources such as SQL Databases, XML, and flat file formats. Information exported was used to monitor AD objects for Security and Administration purposes providing information such as expired/expiring accounts, user accounts SID history, domain computers list, lookup lists for other applications, group membership, and object change monitoring notification.
  • Description: Uses ADO with LDAP Queries for returning data from AD and further processing to convert AD format data types to standard human readable formats (ex. account password expiration date is stored as a timestamp requiring calculation and conversion to a date format).
  • Knowledge/Concepts: AD Schema Structure & Data Types, ADO, LDAP Queries, SQL, XML, Security
High Encryption Client/Server Application Using Custom Protocol
  • Type: Windows Application/Service
  • Use: Customer Solution
  • Purpose: Secure encrypted file transfer solution designed for customer to be a one click easy to use system by non-technical clients.
  • Description: TCP/IP multi-threaded Windows server service providing encrypted file transfers to a Windows based client application. Service designed for maximum protection against socket communication attacks by detecting invalid packets and specifically preventing buffer overflow situations. Passive server to client communication sequence design added protection against information leakage attempts and forced server action attempts... essentially creating a set communication pattern entirely controlled by the service with the client side limited to acknowledging each action without any direct control.
  • Knowledge/Concepts: Multi-threaded Application Architecture, TCP/IP, Protocol Communications Design, Encryption Algorithms, Security
High Performance Syslog Communications Service to SQL Database
  • Type: Windows Application/Service
  • Use: Security Logging
  • Purpose: Listen for Syslog UDP communications from network and import data into SQL Database for further processing. This service is a part of a total solution for monitoring the network infrastructure.
  • Description: Service specifically designed to do one thing, accept authorized Syslog UDP communications and import this raw data real-time to a SQL database. The service was protected by ignoring all communications except from authorized IP addresses that were configured to be allowed. A balance of protection and performance design was used so authorized IP's inbound communication had minimal acceptable data packet checking to ensure maximum load performance. To address situations where the SQL server was unavailable or could not handle data insert rate, overflow data was logged to local cache and inserted when the rate would allow it. The service in production properly handled over 20 inbound sending devices with 3 firewalls configured for debug level Syslog communication.
  • Knowledge/Concepts: UDP Communications, Syslog Packet Structures, SQL, Stored Procedures, ADO
Application/Service for Processing Windows DHCP & WINS Data to SQL Database
  • Type: Windows Application/Service
  • Use: Security Logging
  • Purpose: Data pump, processing Windows 2000-2003 R2 DHCP & WINS services log files to a SQL database with data grooming before import. This service is a part of a total solution for monitoring the network infrastructure.
  • Description: Service application that would process Windows 2000-2003 R2 DHCP & WINS services log files and after grooming the data would insert into SQL database. Valuable network activity information exists in these logs which were needed to track computers, MAC addresses, transiting computers, unauthorized computers, and more. Local service application designed to parse data into their appropriate fields for database import. This application was specifically designed to be simple for various reasons such as: zero integration with core services ensuring stability and completely standalone for simple deployment.
  • Knowledge/Concepts: DHCP, WINS, DHCP/WINS Logging Format, SQL, Stored Procedures, ADO
DNS Proxy Service & Client Interface Application
  • Type: Windows Application/Service
  • Use: Security Monitoring & Control
  • Purpose: DNS Proxy service used to process network client computers DNS query requests applying configured filtering logic before proxying DNS request to external DNS server for normal processing. Client application created for communication with service providing configuration, control, and user activity notifications. The system was designed for monitoring and controlling DNS queries by client systems for security purposes such as blocking rules configured malicious FQDN & host names, and preventing information leakage when outside company networks by stopping internal FQDN's/hosts queries from going to 3rd party DNS servers.
  • Description: The DNS proxy service listens on standard DNS UDP port 53 for inbound client computers DNS requests, which when received processes only configured authorized clients requests. Further processing applies various configurable rules to the DNS request data such as whitelists, blacklists, redirect to specific IP, dropping request, and forwarding DNS request (i.e. query) as normal to be resolved by an external DNS server while acting as the proxy for responses (i.e. answers). Configurable options include file and/or database storage of rules/logs depending on use either standalone host or network service for multiple hosts, open DNS proxy or authorized mode only, and other global service settings. Since the DNS protocol was not designed with any authentication, the service was extended to include dynamic encrypted clients authentication and registration design that requires a client agent application for operation. The Client Interface application provides network communications to the DNS proxy service for configuration, monitoring, and alerting... much like a typical host firewall.
  • Knowledge/Concepts: UDP, DNS protocol specification, Raw Network Packet Formatting, ADO, SQL, Encryption, Security
Network TCP/IP Communications Sniffer Using WinPcap
  • Type: Windows Application/Service
  • Use: Security Monitoring
  • Purpose: TCP/IP communications packet sniffer for monitoring network hosts persistent conversations logged to a SQL database. The design goal was not to replace other network sniffers such as Snort & WireShark, but to provide a very level overview of the connections between hosts disregarding actual packet data and only monitoring IP's, ports, packet counts during conversation, and duration of conversation. This is used for simple monitoring of peer-to-peer connections, client-to-server connections, and server-to-Internet connections.
  • Description: WinPcap integrated raw packet sniffing application designed for maximum performance for logging to a SQL database. Multiple instances of the service can be launched allowing for multiple NIC monitoring system to sniff (or monitor) multiple networks all logging to the database. The design was to monitor the packet headers instead of the individual packet data, and in doing so higher sniffing performance is attained with a benefit for network communications saturation not affecting the intended functionality of the application because random packet loss does not affect the persistent connection monitoring. Deployed on Windows system running SQL Server with 1 management NIC and 4 Gigabit NIC's used for network segment monitoring (i.e. sniffing), resulting in 40% processor utilization under stress. Monitoring logic was applied primarily within the SQL database using stored procedures, triggers, and scheduled jobs for automated maintenance of data. Additionally the application does have UDP monitoring capability but was not the goal of the project. This was used both as a standalone security monitoring solution but also linked to a larger infrastructure monitoring solution.
  • Knowledge/Concepts: WinPcap, Network Raw Packets, TCP/IP, SQL, Triggers, Stored Procedures, ADO, Security
Microsoft ISA 2006 Control Service/Application
  • Type: Windows Application/Service
  • Use: Security Control
  • Purpose: A client/server solution used to control Microsoft ISA 2006 firewall rules for easy host rule status queries and enable/disable control within ISA. ISA configured for maximum security with rules blocking all communications from internal servers (or other systems/devices) to the Internet until needed by the Administrator required going to the ISA management console and enabling/disabling the blocking rule depending on desire. As the number of rules expanded with more hosts having blocking rules, it became time consuming to update rules... so this solution was developed for the purpose of making the process fast and easy additionally addressing common problems such as forgetting to enable block rules when done.
  • Description: The server service application uses a COM+ instance of the ISA management DLL using a late binding method. The late binding has a disadvantage of performance and try/fail method calls when DLL implementations change, but these are not issues as performance in this case is not a factor and by doing late binding, we prevent hard-coding specific DLL implementations requiring a COM wrapper... making future code changes easier for updated ISA DLL versions. Full control over the ISA firewall is capable using the ISA DLL, but only methods used to query specific rules enabling/disabling are used as the goal was not to replace the normal ISA management console. The client Windows application running on the host system (i.e. server) is a task tray simplified design that allows for rule status checks pertaining to the system as well as the ability to enable/disable the blocking rule effectively allowing Internet communication. Logic was added to ensure protection by having options to enable Internet access with options: 1. Manual Change Only, 2. Enable until next reboot, 3. Enable until idle communications is detected, 4. Enable for n minutes (i.e. 10 minutes, 20 minutes, etc...). This important logic maintained target firewall protection rules state while allowing flexible control over rules. Future plans to extend the client application to high encryption with Internet side control will allow the opposite effect as to the current logic... dynamically enabling remote access to services within the infrastructure for specific client IP's. This will dramatically reduce infrastructure security risks as publically (i.e. Internet) accessible services would be stealthed by ISA firewall blocking rules and allowed IP's would be the only ones able to use the services ports. This of VPN servers, web, OWA, ftp, and other internal servers that are typically visible all the time on the Internet by all IP's... with the ISA extended using the service/client application, all or some of these services would now be completely stealthed and unreachable to all except authorized systems running the client application/agent.
  • Knowledge/Concepts: COM+ Servers, ISA 2006 Firewall, UDP, Security
Email System(s) Mailflow Test & Monitoring Service
  • Type: Windows Application/Service
  • Use: Administration Support
  • Purpose: Simple yet effective Windows service application that is configured to send sequential test emails to SMTP servers and confirm delivery of test email using POP3 to a mailbox within the messaging system. If the email is received, thus was properly processed by the email servers, stats are logged. If not received or delayed, Administrator is notified of test results indicating probable messaging system problems.
  • Description: Simple service application specifically designed to test email system infrastructure messaging flow by sending sequenced tagged emails to SMTP servers and verify message was received on a POP3 mailbox. Additional logic and support for verifying target SMTP servers are reachable using ICMP to determine if server is the failure point or loss of connectivity. Even in cases of single server messaging environments, this test functionality is useful as queues can be backed up, Exchange services stopped, and other situations where having a notification to situations can be performed independently of the email system being monitored. A common failure is Internet connectivity loss and the email server (or infrastructure) is properly working... when deployed using a different Internet connection for testing the SMTP, this situation would be detected and Administrator notified.
  • Knowledge/Concepts: SMTP, POP3, ICMP, Administration, Monitoring Critical Infrastructure
Windows File/Folder ACL Bulk Modification Application
  • Type: Windows Application
  • Use: Administration Support
  • Purpose: Simple Windows application designed to modify file/folders Access Control Lists (ACLs), also known as permissions, enumerating complex multi-folder structures.
  • Description: This application is nothing new and this capability exists in several command-line utilities, but I created this specifically to be used by less technical IT staff such as helpdesk & Jr. Administrators to make bulk multi-folder ACL changes easily with safe-guards preventing ACL modification mistakes which are not in the other similar utilities. The application was created for a large project including multiple file servers and domain migration where we had to effectively replace old domain user account permissions to their new domain accounts. Manually doing so would have resulted in weeks of dedicated work and would have contained human errors (i.e. incorrect replacements, missed replacements, etc...). Launching the application and pointing it to the root folder where ACL's will be modified, the application lists all target domain accounts which you select the current account and replace with account. With minimum options needed, it will either process one target folder or an entire structure with optional verbose logging in case a mistake was made and required the logs to reverse.
  • Knowledge/Concepts: File/Folder ACLs, Domains, Account SIDs, Permissions
Windows TCP & UDP Stealth/Hidden Ports Security Discovery Application
  • Type: Windows Application
  • Use: Security Checking
  • Purpose: Detect local TCP & UDP listening ports either not reported or being stealthed. Can detect malicious software especially rootkits effectively but has no ability of classifying or identifying directly. Complex malware using advanced techniques as port sharing would not be detected.
  • Description: This application is not and never was intended on being a ports scanner as the method between the two are completely different, yielding similar but different results. Port scanners attempt to connect to listening ports whereas this application attempts to establish (or bind) a listening port. Sockets can only be binding by one application (note: typically... but new techniques are changing this)... so the application will go through the valid TCP & UDP port ranges attempting to bind to the socket and report back the results. If successful, the protocol/port was not being used, if an error, depending on the error code the port was in use and logged. The method is very slow but extremely accurate listing all protocols and ports in use. If a rootkit was active on the system and hiding the listening protocol/port from Windows, you would never be able to detect this from within the OS using utilities that enumerate listening ports such as "netstat". By attempting to bind actively to ports, the rootkit would have to have to be coded to further stealth the results by spoofing a non-error result code if possible... but further application coding code test to see if the listening port was operational defeating the rootkit spoofed result. The application has even uncovered hidden ports used by Microsoft in the past on Windows 2000/XP that could not be seen in "netstat".
  • Knowledge/Concepts: TCP, UDP, Sockets, Security
Domain Account Authentication & Password Change MTS Package Application
  • Type: Windows MTS Application
  • Use: Security Component for Solution
  • Purpose: MTS Package application providing secured controlled transactional functionality for authenticating domain user accounts and additionally allowing for password resets.
  • Description: This MTS COM+ application was part of a larger project involving a secure Web-based ASP coded employee portal Extranet, providing the account login and password reset functionality. Design of this was dictated by the target deployment environment consisting of the Microsoft IIS web server located in a DMZ, member server to a security domain independent to the user's login domains. The MTS package was configured on the security domain PDC and exported to the web server. The Extranet ASP login page created the MTS application object instance and used the published properties & methods of the application which created a transactional call to the PDC relaying the operation request to the internal users domain. MTS was used to ensure transactional requests ensuring no collisions/issues would occur with multiple processed requests. The application incorporated strict security logic as to prevent account discovery, controlled domain authentication, and username/password filtering. To ensure flexibility for longevity, the component was designed with AD group membership logic allowing "AND"/"OR" additional logic applied to requests (i.e. login and/or password changes) outside hard-coding configured within AD. Most importantly was the compatibility of the MTS component with normal Windows domain security features such as account lockout, password complexity requirements, and login account restrictions. To ensure future protection of possible process exploits, all calls made from the MTS component were done so in the context of the account being validated as to prevent excessive privilege exploits which are common security design flaws/oversights.
  • Knowledge/Concepts: DCOM, COM+, MTS, ASP, Security
WMI Query & Monitoring Application/Service
  • Type: Windows Application/Service
  • Use: Administration Support
  • Purpose: Monitor Windows NT-2003 R2 Servers local storage logging detailed volume information to a SQL Database. Uses Windows Management Interface (WMI) to perform queries which is built-in to all Windows platforms eliminating the need for any client side agent applications. This service is a part of a total solution for monitoring the network infrastructure.
  • Description: This application was primarily designed to monitor the Windows servers local storage gathering detailed information on volumes such as types, serial numbers, volume size, free space, disk errors, file system, state (i.e. Dirty), and many other attributes/properties. The information was imported into a SQL database designed to track current stats as well as over time for storage trends reporting effectively used to forecast changing disk utilization. WMI allows for a huge amount of details to be obtained from host systems ranging from operating system specific information to detailed hardware characteristics. Secondary use of the application was to gather other non-disk host related information such as installed applications list, startup program enumeration, services & current state, BIOS information, and other information details for administrative use. WMI is natively supported by Windows platforms and only requires a modification to the Windows host Firewall (if enabled) to allow access to information. Another important aspect of WMI is that explicit credentials can be used to connect to host allowing simple WMI information access to hosts that are not part of a domain or in "untrusted" domains without security compromise.
  • Knowledge/Concepts: WMI, Windows Host Firewall, RPC
Infrastructure Network Operations Center (NOC) Monitoring System
  • Type: Web-based Application
  • Use: Administration Security & Support
  • Purpose: Infrastructure monitoring web interface used for administering company wide IT systems providing real-time information about host systems, networks, users, and various other important information.
  • Description: This custom NOC system web-based Ajax interface was designed to leverage all the SQL database data gathered by many other service applications listed in part on this development page. The interface was designed to be very secure due to the information available in the NOC. Reporting of real-time and historical data presented in various formats such as raw data, tabular, charts and graphs making information as easy to understand as possible. Additionally the interface was designed to transparently integrate into 3rd party web-based applications such as NTOP & MRTG to name a few for centralized information access. Although the system was not designed to directly control the network infrastructure (i.e. servers, routers, applications)... the design was to provide extremely detailed real-time data across the entire infrastructure to allow complete visibility of complex environments. Some examples of the information are: real-time VPN user connections, per-server and/or infrastructure wide storage data (i.e. total space, free space, and change trends), network bandwidth usage, active DHCP server's leases, server & device online status, and many others. Integrated notifications/alerts to events via email and web-based interface ensured situations were handled efficiently and proactively in many cases. Custom server side ActiveX controls created to allow web-based interface to interact with service applications primarily to trigger actions for refreshing database data where needed. Active Directory information was available using LDAP queries providing information on accounts and computers, specifically useful for tracking account passwords expiration and login failure counts.
  • Knowledge/Concepts: ASP, ActiveX Controls, ADO, SQL, Triggers, Stored Procedures, SMTP, LDAP, AD, AJAX, DHTML
Access Database to XML Transformation Utility
  • Type: Windows Application
  • Use: Customer Solution & General Utility
  • Purpose: Transform database queried record sets to XML data.
  • Description: Custom had legacy Microsoft Access database files and needed data continuously converted to XML for a new web-based Ajax application. The application was designed for longevity as no hard-coding was done with all settings, SQL query, and record set to XML transformation being external text files easily edited. A simple data pump transforming record set to XML to the specification of the project.
  • Knowledge/Concepts: MS Access, ADO, TSQL, XML, XSLT
Outlook 2000-2002 Custom Anti-Spam Add-on
  • Type: Windows Application
  • Use: Application Add-on
  • Purpose: Extend Outlook with anti-spam protection
  • Description: An Outlook Add-on integrated to apply preconfigured logic to new inbox emails automatically as well as manual against other mail folders. Rules logic applied to the email headers and content to determine if emails were considered a threat and/or spam. Some examples of the logic designed are: (1) senders email address validation - looking for bogus formatted addresses and what I called "chaos" addresses which were common with completely random mixture of numbers and letters. Early on in Internet spam was this extremely effective and is still somewhat today. (2) Sending email server reverse DNS resolution & host name - Determines if the sending email server is known or just an unregistered IP address sending. Many cases spam can be determined very accurately by evaluating this information. (3) Whitelist & Blacklists - Almost all rules logic applications use these to prevent false positives. (4) Content Filtering - Dictionary matching of words which determined overall score dictating either possible spam or confirmed spam. Additional very effective filtering was done on URL's and URL formatting to positively detect spam emails. Further logic to detect spam was used not listed but each filter applied a total score with an end determination of if the email was spam or not. Since Outlook 2003 service pack 1, Microsoft changed the Add-on's model primarily for security reasons requiring this application to be digitally signed to prevent alerts/prompts. I stopped using it at that time but continued to use the filtering logic in other email anti-spam solutions primarily applied at SMTP gateways.
  • Knowledge/Concepts: Outlook, COM+, Email Data Structures, MIME, Spammer Techniques
Windows Account Password Synchronization Application/Service
  • Type: Administrative Support
  • Use: Administration Security & Support
  • Purpose: Maintain account password synchronization between primary accounts domain and standalone servers SAM databases with account mapping logic.
  • Description: The application was developed to solve the problem of standalone servers containing accounts by users being out of sync with their primary domain passwords as well as making it easier for the user to maintain one password when using different accounts. A 3rd party open source solution was used to hook into the domains password change/notification API which passed the account and new password to this application. The application would then determine if password propagation was to be done looking up the accounts mapping and performing password resets on individual standalone servers as configured. This effectively synchronized the passwords for users making it easier for them, but more importantly enabled setting of domain password policies and ensuring standalone servers passwords were also changed regularly.
  • Knowledge/Concepts: Domain Password Policies, SAM, RPC, LanMan, Windows Security APIs
Various Server Side ActiveX Controls
  • Type: Windows ActiveX Server COM+ Components
  • Use: Various IIS Web-based Solutions
  • Purpose: Extend Microsoft IIS web hosting functionality using ASP and custom ActiveX Server Controls.
  • Description: ActiveX controls are specially designed Windows COM+ compatible applications that can be used on Windows or within services such as IIS. In this case, the various controls were created specifically for IIS use and ASP leveraging their extended functionality. Some examples of the ActiveX controls developed for use in various web-based projects are: (1) Encryption - passing a string to the control and having it return an encrypted version, (2) CRC32 - String checksums, (3) MD5 - String MD5 hashes, (4) Graphs/Charts - Excel based generated graphs & charts based on either component passed or database data, (5) MTS account password verification/change - described in detail in another development write-up, (6) External UDP Communications - components used to communicate with other custom UDP services mostly with encryption. Whenever a web-based project required extended functionality, an ActiveX control was created when no other viable option was available or the custom ActiveX could be done easily with stability assurance.
  • Knowledge/Concepts: IIS, ASP, COM+
DHCP/BootP Network Monitor Application/Service
  • Type: Windows Application/Service
  • Use: Security Monitoring
  • Purpose: Real-time network monitoring of DHCP/BootP communications and logging to SQL Database. Secondary purpose of this application is to monitor and detect rouge DHCP servers/communications with additional DHCP parameter validations. This service is a part of a total solution for monitoring the network infrastructure.
  • Description: This application monitors real-time network communications for DHCP & BootP conversations between client systems and DHCP servers logging both raw packet data and parsed formatted data to a SQL Database. Secondary purposes for detecting rouge DHCP servers/communications as well as validating authorized DHCP server parameters add both security protection and administrative DHCP setup/maintenance checking. The application compliments another service that processes DHCP server logs to an SQL Database, but this application provides real-time monitoring and rouge DHCP detection. The DHCP parameters checking was designed to assist the network administrator in detecting incorrect and/or outdated DHCP parameter configurations on the server when network infrastructure changes occur. The application provides important data such as lease event times, lease attempts, host computer names, MAC addresses, previous IP history (good for detecting transiting systems), and DHCP server IPs with dynamic IP address lease pools. Information is used to track authorized and unauthorized client systems additionally providing the ability to identify known renamed computers linked to MAC address history. Can be used as a standalone application but was designed to work with a total network monitoring & alerting system.
  • Knowledge/Concepts: DHCP & BootP Specification, UDP, Broadcasts, Raw Socket Communications, MAC Addresses, ADO, SQL, Triggers, Stored Procedures, Security