Delivering daily security tips to users

Your users are much more likely to remember your advice if you dole it out a little bit every day, as opposed to making them read a gigantic security document full of rules. Delivering daily tips to the users can be a little tricky, but there are tons of strategies to accomplish it.

One way is to use the Quote of the Day, which is a trouble-shooting protocol, more or less, specified back in the day in RFC 865. It's supposed to do nothing more than respond to a connection by returning a string of text (usually a famous quote, but in your case, a valuable piece of advice) and then closing the connection. This protocol was assigned TCP/UDP port 17, but it is rarely implemented.

To implement on a Microsoft Windows Server, edit the text file %systemroot%/system32/drivers/etc/quotes with Notepad, and save, making sure you do not add an extension like .txt to the file. Next, open the Services dialog from the Administrative Tools menu or the Control Panel, and start the "Simple TCP/IP Services" service. It will most likely be disabled. And actually, for security reasons, the "Simple TCP/IP Services" service has probably not even been installed on the server, so you might need to go to Add/Remove Programs in the Control Panel and Windows Components, and then select the Network Services check box and install the service. Be advised that this also enables the Chargen, Echo and Daytime services, which are notorious security problems. However, with the recent firewall additions to Windows products, it should be easy to block all the ports except the Quote of the Day. If you are not using ports, they should be blocked. In this case, simply unblock port 17.

Another way to enable it is via the Registry, where you can set the following keys to 1:

For more information: Use these one-line user tips

HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableTcpQotd
HKLM\System\CurrentControlSet\Services\SimpTCP\Parameters\EnableUdpQotd

Then launch cmd.exe and type:

net stop simptcp
net start simptcp

Now, from another computer, open a command prompt window and telnet to the server on port 17. If your server's IP address is 192.168.1.10, this command would be:

c:\>telnet 192.168.1.10 17

Repeat this several times. It should respond each time with a different quote from your file and close the connection each time, leaving you back at your command prompt.

Now, just add the telnet command to your users' login scripts so it runs every time they log in. And don't forget to add new tips to the text file frequently so they don't get too stale.

About the author: Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry. He is co-author of several books on networking, most recently, CCSP^TM: Secure PIX and Secure VPN Study Guide, published by Sybex.