Nirlog.com

If you’re running a web site and have come to a point where a single web server cannot handle the traffic, then it’s time to get multiple web servers and share the loading. To do that you’ll need a load balancer which distributes the web traffic among multiple web servers.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Read the rest of this entry »

How do you monitor your network traffic? Of course using MRTG, you might say. Yes, that’s true, MRTG does an excellent job of monitoring traffic across networks and devices (router/switches). But when you see an abnormal traffic in MRTG, how do you find out what is generating that extra abnormal traffic? This is where ntop comes into play. Basically, MRTG shows you a bigger picture, whereas ntop lets you zoom into individual networks and hosts, and gives you enough information to pinpoint the hosts or devices generating extra/abnormal traffic.

ntop is a tool that shows network traffic usage. It is based on libpcap and when installed in a place where it can capture network traffic (hub or a mirrored port of a switch), it logs and reports information concerning IP and Fibre Channel traffic generated by each host in the network. ntop has a very rich and user-friendly web interface for reporting.

This is what ntop can do for you:

* Sort network traffic according to many protocols
* Show network traffic sorted according to various criteria
* Display traffic statistics
* Store on disk persistent traffic statistics in RRD format
* Identify the indentity (e.g. email address) of computer users
* Passively (i.e. withou sending probe packets) identify the host OS
* Show IP traffic distribution among the various protocols
* Analyse IP traffic and sort it according to the source/destination
* Display IP Traffic Subnet matrix (who’s talking to who?)
* Report IP protocol usage sorted by protocol type
* Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
* Produce RMON-like network traffic statistics

Read the rest of this entry »

After switching to a mac, I tried many desktop password managers, and had written about Password Managers for OS X, which got a lot of attention. It’s needless to mention the importance of using a password manager since we use passwords to protect almost everything digital, and we’ve so many of them today. Currently we trust most of our private data like, emails, bookmarks, documents, spreadsheets and calendar events to some online providers like Google, Yahoo or Microsoft. So, how about your secrets and passwords stored online, somewhere in the cloud? I know what your immediate response is, passwords? No way I’m going to store my passwords online! But you might want to give a second thought because now the technology is secure enough. Thanks to Host-Proof Hosting. If the owners of the servers wanted to mess around with your information, or even if the server gets hacked, they won’t be able to recover your data. In Host-Proof Hosting the sensitive data is always transmitted to the server in encrypted from using a pass-phrase. The good thing is that, this pass-phrase is never transmitted to or stored in the server. The server can never access the stored data in it’s plain form. All the encryption and decryption takes place in the client side, inside the browser. This is basically a “Zero-Knowledge” web application, where the provider knows nothing about your actual data.

* User enters pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable.
* User requests a list of all data belonging to him.
* For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. (The message content is one or more database columns, each encrypted.) Thus, system is able to return a list of record IDs for this user.
* User selects one of the record IDs.
* System checks that this user ID is associated with the record ID, and returns the corresponding message content.
* Browser uses stored pass-phrase to decrypt the contents.

Ok, with that background if you’re ready to store your sensitive information online, here are few choices for you.

Read the rest of this entry »

The benefits of designing and testing complex networks in simulated environments are obvious to network professionals and companies. It lets them test the network configurations before implementing it in the real world, and the good thing is that, they can do this without investing any money in expensive hardwares. Virtual networks are also excellent tools for academic and certification purposes like CCNA, CCNP or CCIE, where students can get hands-on experience configuring cisco routers.

Currently Cisco is the leader in Networking market, and Linux, the leader in Server market. So, if you want to test your complex (or not so complex) network configurations before buying any actual linux servers or the very expensive cisco routers, then you can use Dynamips to simulate Cisco Router/Switch and VNUML (Virtual Network User Mode Linux) to simulate your linux servers/routers. Both Dynamips and VNUML are open source and free.

Read the rest of this entry »

There are many things you can and should do to keep your system and network secure. As the saying goes — “Security is not a single event or a product, it’s a process”. So, you’ve to keep up with all the changes, installing firewalls, IDS/IPS, network security monitoring, auditing, making security policies, password policies, email policies and so on… Yes, all of them are very important and you’ll be dealing with most them depending on your security requirements. But there’re some basic things every network and system admin should follow. Personally, I’ve found 4 things that are very simple yet effective in securing your systems.

Read the rest of this entry »

Snort has always been, and still is my favorite IDS (Intrusion Detection System) although I manage many UTM (Unified Threat Management) Firewalls with built in IPS/IDS (Intrusion Detection/Prevention) now. The commercial UTM Firewalls with IPS/IDS are easy to use and configure but they come with a high price tag and aren’t easy to customize. Even though snort is not that easy to install, configure and manage it still is the most popular IDS/IPS today because of the fact that it is open source, free, easily customizable, easy to create rules, signatures are always kept up-to-date by its community and plenty of excellent documentation, guides and books.

Snort captures enormous amount of data from the network and generates alert based on the rules and signatures. There’re currently 3 excellent and relatively user friendly ways to manage and analyze the snort data:
Read the rest of this entry »

Macrumors noted, Sun’s CEO Jonathan Schwartz announcing that Apple would be making ZFS the default filesystem in Mac OS 10.5 Leopard. That’s a great news. So, welcome pooled storage and bye-bye volumes!

ZFS stands for Zettabyte File System and was developed by Sun, it offers many advanced features and can handle much more space than the current filesystems used by Windows, OS X or Linux.

ZFS presents a pooled storage model that completely eliminates the concept of volumes and the associated problems of partitions, provisioning, wasted bandwidth and stranded storage. Thousands of filesystems can draw from a common storage pool, each one consuming only as much space as it actually needs. The combined I/O bandwidth of all devices in the pool is available to all filesystems at all times.

All operations are copy-on-write transactions, so the on-disk state is always valid. There is no need to fsck(1M) a ZFS filesystem, ever. Every block is checksummed to prevent silent data corruption, and the data is self-healing in replicated (mirrored or RAID) configurations. If one copy is damaged, ZFS will detect it and use another copy to repair it.

ZFS introduces a new data replication model called RAID-Z. It is similar to RAID-5 but uses variable stripe width to eliminate the RAID-5 write hole (stripe corruption due to loss of power between data and parity updates). All RAID-Z writes are full-stripe writes. There’s no read-modify-write tax, no write hole, and — the best part — no need for NVRAM in hardware. ZFS loves cheap disks.

I love Firefox for the huge amount of extensions it offers. Lifehack has suggestion for bloggers — 17 Firefox Extensions That Make Blogging Easy.

Do you want to protect your pictures online? The short answer is: you cannot do it, but you can create technical roadblocks and aesthetic roadblocks. Of Zen and Computing has a nice article on How to Protect Your Pictures and Photos on the Internet.

I have tried most of the RSS Readers available including Google Reader but I’ve come back NetNewsWire for the features and ease of use. After seeing the ProBlogger’s poll result on Which Feed Reader is Best? I’m going to seriously give Google Reader another try. Actually, I’m already using it with Google Gears. Check How Google Gears Will Change Your Life.

Every blogger wants the new visitor to come back to their blog again. Wordpress offers many plugins to help you make your blog sticky, and Aaron Brazell at Technosailor suggests some excellent plugins for Intelligent Design and Stickiness

WordPress 2.2 is available for download and as always Technosailor has an article on 10 Things You Should Know About WordPress 2.2 . I’m not going to upgrade my blog to 2.2 mainly because my web server is still using MySQL 3.x, but I’ve seen several users downgrading after hasty upgrade due to the widget problem (apparently affecting only IE users). So, if you’re using the widgets and planning to upgrade your blog to Wordpress 2.2, you might consider waiting until the bug is fixed.

I locked myself in for 2 months to prepare for the CISSP (Certified Information System Security Professional) exam, and now I’m back triumphant to tell the story. Yes, I just received the Congratulations email from ISC2. I’m sharing my experience here with a hope that it might be helpful to anyone who’s preparing to take the exam. There’s no doubt that it was THE MOST difficult exam I’ve ever taken.

Let me give you a general idea about this certification. CISSP is a security certification carried out by (ISC)², which is a globally recognized, vendor neutral organization for certifying information security professionals. To pass the CISSP exam you’ll have to be competent in 10 Domains of the Common Body of Knowledge (CBK):

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

To qualify to sit for the exams you need to:

Subscribe to the (ISC)² Code of Ethics.
Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master’s Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.

Update: Effective 1 October 2007, professional work experience requirements for the CISSP will increase from four to five years, and direct full-time security professional work experience will be required in two or more of the ten CISSP CBK domains. A new endorsement policy will also be in effect, requiring anyone who passes a CISSP, CAP, or SSCP exam to have their qualifications endorsed by another (ISC)² credential holder. These changes will not affect those who sit for an examination on or before 30 September 2007. For more information, please refer to the Experience Requirement Change FAQs.

The exam itself is 6 hours long, with 250 questions based on the 10 domains. 25 out of 250 questions are for research, but you’ll have to answer all of them, and there’s no way of knowing which one is which. So, 225 questions will be scored, and you’ll have to get 700 out of a possible 1000 points on the grading scale to pass. Different questions carry different weight (marks) and there’s no way to know which question carries how much marks. As of writing this, the exam costs US$ 499 if you register 16 days ahead of exam date or US$ 599 if you register later.

Read the rest of this entry »