Nirlog.com

Email has just turned 35 and it’s very difficult to imagine working without the emails today. Here are few interesting links to Email and it’s history.

IT programmer Ray Tomlinson sent the first message in late 1971.

The test messages were entirely forgettable and I have, therefore, forgotten them. Most likely the first message was QUERTYIOP or something similar.

Josh Burt of The Sun is reminding us of the top 5 embarrassing emails of last 35 years.

And a list of very useful tips from IT Security; Hacking Email: 99 tips to make you more secure and productive. The article include Etiquette, Communicating & Effectiveness, Mobile Email, Productivity, Folders, Filtering, Email Attachments, Tricks, Hacks, Backup, Software specific tips, Privacy and Security.

This guide describes how to install and configure the OpenVPN Server in Linux and clients in Windows XP and Mac OSX. There are many advanced features in OpenVPN and if you’re interested in those advanced stuff, there’s a more detailed HowTo for you. This guide was created from my successful installation, so it works for me. If you find any problems or have suggestions please leave a comment. I’ll try my best to help. I’m sure, you know that you’re using this at your own risk

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

Read the rest of this entry »

I’ve used IPSec, PPTP and SSL VPNs for quite some time and found them to have their own strengths and weaknesses. IPSec is secure but too complicated, with too many options for implementation and configuration. PPTP is easy to use and configure but it had some security issues in the past, which deters serious security minded organizations to implement it. Commercial SSL VPNs are easy to use but they’re very expensive and still haven’t solved all the remote connection problems.

I was introduced to SoftEther (popular Japanese personal VPN) by one of my boss few years ago, it’s secure and free but the documents are available only in Japanese. While I was searching for english documents of SoftEther, I came across an Wikipedia entry, which said “It is similar to OpenVPN, though it is closed source software”. I’d heard about OpenVPN but had never given it a serious look. This time I decided to look at it. I was pleasantly surprised by it’s ease of installation, use and robust security. Here are few points to note about OpenVPN:

• It’s a free and opensource.
• It’s secure; uses the SSL/TSL protocol.
• It’s easy to install and use. Graphical User Interfaces are available for those who fear the command lines.
• Has flexible authentication scheme based on certificates, smart cards, or traditional username/password credentials.
• Can be implemented as a bridge or a router (OSI layer 2 or layer 3).
• Excellent cross-platform support, it can be installed in Linux, Unix, Windows and Mac OS X.
• Good documentation, FAQs, HowTos and articles.

If you’re looking for a secure, cheap, flexible and easy to use vpn solution, then you should give OpenVPN a try.

Most of the modern Ethernet networks use LAN switches and for the Network Admins it’s very essential to understand how this basic, yet very important component of the network operates. I came across an excellent document in cisco site about How LAN Switches Work. The document explains what a LAN switch is, how transparent bridging works, what are VLANs, trunking, and spanning trees.

Switching allows a network to maintain full-duplex Ethernet. Before switching existed, Ethernet was half duplex. Half duplex means that only one device on the network can transmit at any given time. In a fully switched network, nodes only communicate with the switch and never directly with each other. In the road analogy, half duplex is similar to the problem of a single lane, when road construction closes one lane of a two-lane road. Traffic attempts to use the same lane in both directions. Traffic that comes one way must wait until traffic from the other direction stops in order to avoid collision.

The TCP/IP Guide is the most comprehensive and easy to understand TCP/IP reference material available online. The 1600+ pages long guide is also available as a print book at amazon. This is absolutely one of the most useful resources for Network Admins. It is a perfect reference guide for experts, as well as an excellent learning aid for beginners. It includes full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more

I always recommend to run Linux on Servers in our office and also for our customers. When asked why, among other things I say Linux is stable, popular, have more community support, and I’m familiar and comfortable with it. But when asked why not BSD, I say it’s similar to Linux because both are Unix-style OSes but also there’re many differences… and one of them is that I’m not so familiar with the BSD . A BSD user has put together everything you need to know about BSD vs Linux. Recently I’ve installed a FreeBSD server for an e-commerce system and agree with the author that "The differences between BSD and Linux all derive from basic philosophical differences. Once you understand those, everything else falls into place pretty neatly."

While there’s overwhelming similarity between the operating systems in most cases, there are also a lot of differences. As you probe more into the differences, you find that they emerge from deep-seated disagreements. Some are disagreements over development methodology, some over deployment and usage, some about what’s important, some about who’s important, and some about which flavor of ice cream is superior. Just comparing the surface differences doesn’t tell you anything; it’s the deeper differences that both explain and justify why each group does things the way they do.

I’m very happy with my Mac and I think there’s no turning back now. The elegance, simplicity, stability and security of OS X can never be compared with Windows. I still have a Windows pc and a notebook with some windows only applications installed. Also one thing to note is that the corporate world is full of windows, so I think a system and network admin cannot completely ignore windows. Anyway, if you’re planning to switch to a Mac, the good news is that there’re enough Mac application for productive system and network administration. Here are the applications I find useful for my daily system and network administration.
Read the rest of this entry »

Google Apps for Your Domain is a new free service from Google that includes Gmail (with your own domain name) with 2 gigabytes of storage, Google Calendar, Google Talk and Page Creator. I’ve just signed up for this service to test internally within our office. It’s very easy to setup (just need to change the MX record for the domain) and found it very useful. I think it can be a great package for small to medium sized companies and startups. The privacy issues might hold some organizations from embracing the service. But no hardware, no software and free of charge for excellent email system, IM, Calendar and web for your organization, with Google’s backing is hard to resist. I think they’ll be adding Writely and Google Spreadsheets soon to make it something like Google Office, that everyone is talking about.

Firewalls have become an integral part of all corporate networks. They’re the first line of defense against attacks from outside network (Internet) and also the point of control to make sure internal users (employees) are using the Internet as they’re supposed to. Recently the UTM (United Threat Management) Firewalls have become very popular. They’ve built in gateway anti-virus, anti-spam, web content filtering and IPS (Intrusion Prevention System) on top of traditional firewall functions. These firewalls generate loads and loads of log data and it’s very difficult to analyze the traffic and security event levels by just looking at the log files. So, a firewall logging and analyzing tool becomes necessary to generate easy to understand reports. After trying few softwares, I came across Firewall Analyzer, which was the exact tool I was looking for.
Read the rest of this entry »

Marius Ducea has a great article on How to restore a hacked Linux Server. He provides a very practical baseline on how you should develop your own plan of action to restore a hacked Linux Server. These are the steps he recommends:

- Don’t panic. Keep your calm and develop a plan of actions
- Disconnect the system from the network
- Discover the method used to compromise the system
- Stop all the attacker scripts and remove his files
- Restore not affected services
- Fix the problem that caused the compromise
- Restore the affected services
- Monitor the system

I’ve a personal experience of restoring a hacked Linux Server. I agree with all of his recommended steps. Out of them, I think finding the method (security hole) used to compromise the system is most important, because if you don’t know this then the attacker can immediately use the same security hole to attack and compromise the system after you restore.