Engadget has a very helpful video – How-to: run Chrome OS as a virtual machine. The image they’ve used is from gdgt.

Another useful how to is at TechCrunch – Want To Try Out Google Chrome OS For Yourself? Here’s How. They’re running this Chrome image (downloaded from torrent) on Sun VirtualBox.

First I tried the image from gdgt on my Vmware Fusion, it booted ok but couldn’t detect the network and was impossible to login.

I then downloaded the image from torrent (used by TechCrunch), which detected the network but strangely didn’t let me login with my google account. I did create a new google account just to try this and to be on a safer side. After reading the comments on torrent site, I figured that you can login with user “mark” and password “chromeos”. Boom… that let me in!

The first impression after few minutes of mocking around was that this wasn’t anywhere like the one demoed by Google guys. No app menu and panels. It was just like a chrome browser in virtual machine. But after playing for a while and googling around. I figured that “Ctrl Alt t” takes you to the terminal – you can sudo with the same password “chromeos”.

After rebooting the Chrome OS from command line and re-logging in, the App Menu became available.

I could start the sshd

And remote login from my Mac

Personally, I think Chrome is trying to bring thin clients back in from of netbooks. Thin clients failed earlier because the networks were slow and “cloud” wasn’t there. But Chrome stands a chance as cloud is the future and it’s built with three very important goals in mind – Security, Speed and Reliability. Having said that, native softwares are absolutely must for it to succeed. Even iPhones need native apps!

As far as user experience is concerned, at the moment Chrome OS is nothing but a browser. If you want to experience the early Chrome OS – just install Chrome browser and browse your favorite sites . I’m sure this is going to change when Chrome OS is finally released for public next year.

This is how I installed Windows 7 beta on my Mac with Vmware Fusion.

Download

The 2.44 GB ISO file can be downloaded from Windows7 beta download page. It took me around 2 hours to download it using my 8MB home broadband. You’ll also be given a Windows 7 Beta Product Key together with the download to activate windows 7.

Create New Virtual Machine

Create a new virtual machine by launching the Vmware Fusion and going to FIle–>New

Click on Continue without disk, because we’ll be using the ISO image to install Windows 7.

Then, click on Use operating system installation disk image file and select the Windows 7 ISO file downloaded earlier.

Choose the Operating System. I had downloaded the 64 bit version so, I chose Windows Vista x64 Edition.

Enter the Account Name, Password and the Windows Product Key

I don’t need file sharing at the moment so, I disabled the windows sharing by choosing None.

Default config of the new virtual machine. I wanted to give more RAM to the new vm so, clicked on Customize Settings

This is where you can customize the hardware settings for your virtual machine. Click on Processors & RAM to increase the RAM size.

Increase the RAM to 2048MB (2GB)

Click on the play button to begin installation

The installation starts…

After couple of reboots and an approximately half an hour later it’s done.

The installation was seamless and I’m planning to use Window 7 for some time next week to see how good it is. The immediate next thing is an anti-virus. Complimentary McAfee anti-virus provided by vmware fusion is not compatible with Windows 7 yet, and a quick google showed Kaspersky, so I might install that.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Installation

pound can be installed from the source or the binary depending on your os distribution.

Configuration

Here’s an example of simple configuration to share the loading between two web servers behind the Pound load balancer

ListenHTTP
Address <real ip address>
Port 80
End
ListenHTTPS
Address <real ip address>
Port 443
Cert “/etc/pound/ssl-cert.pem”
End

Service
BackEnd
Address 192.168.1.2
Port 80
End
BackEnd
Address 192.168.1.3
Port 80
End
End

Pound can keep track of sessions between a client and a back-end server by client address, Basic authentication, URL parameter, cookie or header value. Here’s how we keep the session by cookies

Session
Type Cookie
ID “sess”
TTL 300
End

Pound is straight forward to configure and understand. It’s a perfect choice for free and open source load balancer.

So, this is what happened. I inserted my Leopard DVD and clicked on Install Mac OS X, then my MBP restarted. I chose the option to Upgrade (it actually detected and told me that I wanted to upgrade). It took around 2 hours to complete and asked for a final restart. That was supposed to be the end of upgrade, but after the final restart my MBP was stuck on white screen with apple logo. I waited for half an hour, then it became obvious that nothing was happening, so I pushed the power button and re-started again, which led to the same white screen. At this point I was quite worried about my data. I had done my last backup 2 months ago. Actually I should have backed up before starting the upgrade, but I thought since everyone is doing it smoothly why would I have a problem? Also I was too excited to experience the Leopard that I didn’t want to spend time backing up, and neglected the risk of losing 2 months data.

Stuck in the white screen forever

After getting stuck in the white screen twice, I restarted the MBP holding the C key, which took me to the Leopard Installation Screen. Then I clicked on Disk Utility and chose to Repair Disk. The Repair Disk Utility found 2 problems in the Volume and reported that it successfully fixed them.

Invalid Volume file count
Invalid directory count

I thought that’s a good news and hoped it would fix the problem. I restarted the MBP, but again got stuck in the same white screen with apple logo. At this point I decided to make a backup of my 2 months data (which I should have done before the upgrade). So, I restarted again holding C and connected my external USB hard disk (fortunately it detects the external hard disk and the installation screen has disk utility and terminal shell). I copied my data using command line from my MBP’s internal hard disk to my external usb hard disk. Now it felt better being sure that my data was in external hard disk.

Then I chose the option to Archive and Install, with Preserve Users and Network Settings checked. The installation took around 2 hours and finally booted successfully to Leopard. Yes…! I shouted with delight, the first thing I noticed was the Leopards eye-candy desktop background and the dock. It had preserved all my settings from Tiger. All the applications seem to work perfectly. I haven’t noticed any difference in performance, it’s as fast as Tiger. I’ve already played with some features like Cover Flow, Stacks, Spaces and Mail with todo and note. The Time Machine is very cool and easy to use, I think it is the most painless backup system I’ve ever seen. The installation has created a folder called Previous Systems where the Tiger (failed Leopard upgrade) is archived.

Time Machine – visual backup and recovery

I’m happy that I’ve got the latest and greatest OS in my machine but will never attempt another upgrade without fully backing-up the data first

What is Virtualmin

Virtualmin is a free and open-source virtual hosting management system designed to make virtual hosting quick, reliable, and secure. It’s a Webmin module, which supports the creation and management of Apache virtual hosts, BIND DNS domains, MySQL/PostgresSQL databases, and mailboxes and aliases with Sendmail, Postfix or Qmail. It utilizes existing Webmin modules for these servers, and works with any existing system configuration, rather than needing it’s own mail server, web server and so on. There’s also a commercial version of Virtualmin that you’ve to pay for, called Virtualmin Pro, which includes some extra features and support.

Virtualmin Installation

To install the Virtualmin module, first you need a working Webmin, after you’ve webmin installed it’s pretty straight forward. Download the latest version of Virtualmin from Virtualmin’s site and install it from the webmin’s Modules installation interface.

Login to Webmin as root –> Webmin Configuration –> Webmin Modules

Choose the Webmin installation file and click Install Module

After you complete the installation, click on Virtualmin Virtual Servers (GPL) which will lead you to the next interface, where you’ll need to re-check and refresh configuration. Click on Re-check and refresh configuration button. This is to make sure that all the required softwares are installed and configured properly. This step will check for Apache, Webalizer, MySQL, Sendmail and other softwares installation and configuration. If it finds any problem it’ll report and give you an option to correct it. If everything is ok, you’ll see a message saying …your system is ready for use by Virtualmin.

That’s it, you’ve successfully installed Virtualmin. Now adding a new virtual host is very easy. During the addition of a new virtual host you can choose the features that you want to have for this virtual domain, e.g. if you’ll use this new virtual host for your WordPress blog then you need a MySQL database too, for that you’ll need to choose Create MySQL database from the Enabled Features list.

Virtualmin Features

Virtualmin is a feature rich hosting management system. Here’s a feature-to-feature comparition of Virtualmin and cPanel (cPanel is compared with Virtualmin Pro, but most of the features are present in free version too). Here’re some features that I find useful:

Single Management Interface

All Virtual hosts can be managed from a single interface. You can see the all the existing virtual hosts and their total allocated quota and usage.

Backup Restore

It’s very easy to perform an instant backup of selected or all domains with a single click.

You can choose a simple scheduled backup. E.g. backup daily at midnight and send you the success or failure report to your email address.

The restore is as painless as backup, all you need to do is choose the backup file and click restore.

Bandwidth Monitoring

Bandwidth is money. You can conserve it by activating the Bandwidth Monitoring, there’s an option to limit bandwidth usage for each virtual host and you can choose to send an alert to the owner if he’s nearing the capacity. You can also generate a bandwidth usage graph of all virtual hosts.

Configuration

You can fine-tune the Virtualmin for your environment by using the Module Config menu. This is the place to setup default parameters for all the virtual hosts. E.g. you can choose to enable MySQL, but not for all virtual hosts by default, this means when you create a new virtual host you’ll be given a choice to enable or disable MySQL for this particular virtual host. There’re plenty of other configuration options you can do here.

1. Admit that e-mail is managing you. Let go of your need to check e-mail every ten minutes.
2. Commit to keeping your inbox empty.
3. Create files where you can put inbox material that needs to be acted on.
4. Make broad headings for your filing system so that you have to spend less time looking for filed material.
5. Deal immediately with any e-mail that can be handled in two minutes or less but create a file for mails that will take longer.
6. Set a target date to empty your in box. Don’t spend more than an hour at a time doing it.
7. Turn off automatic send/receive.
8. Establish regular times to review your e-mail.
9. Involve others in conquering your addiction.
10. Reduce the amount of e-mail you receive.
11. Save time by using only one subject per e-mail; delete extra comments from forwarded e-mail, and make the subject line detailed.
12. Celebrate taking a new approach to e-mail.

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

OpenVPN Server Installation
Download the OpenVPN and LZO packages, these are packaged RPMs for Fedora/Redhat, which also works for CentOS and Whiteboxlinux.

Install the packages:

Enable packet forwarding between 2 interfaces in OpenVPN Server:

#echo 1 > /proc/sys/net/ipv4/ip_forward

Master Certificate Authority (CA) Certificate and Key:
A set of scripts bundled with OpenVPN make the PKI management easier. We’ll use these scripts to generate a master CA certificate/key, a server certificate/key and 2 keys/certificates for separate clients.

Change your directory to easy-rsa subdirectory in your OpenVPN installation:

# cd /usr/share/doc/openvpn-2.0.7/easy-rsa

Edit the vars file and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. My vars parameters are as following, you need to setup your own:

export KEY_COUNTRY=HK
export KEY_PROVINCE=KLN
export KEY_CITY=Hong Kong
export KEY_ORG=”OpenVPN-TEST”
export KEY_EMAIL=”niranjan.kunwar@gmail.com”

Initialize the PKI:

Generate Certificate and Key for the Server:

Generate Certificates and Keys for 2 clients:

#sh build-key client-win
#sh build-key client-osx

Generate Diffie Hellman parameters

Copy the keys and certificate to /etc/openvpn

#cp dh1024.pem server.crt server.key ca.crt /etc/openvpn/

Server Configuration file
A sample configuration file server.conf can be found in /usr/share/doc/openvpn-2.0.7/sample-config-files, copy it to /etc/openvpn and customize it according to your needs. There are many possible customizations that you can do to the configuration file. In our case the VPN Server will be listening to UDP port 1194, which is the official OpenVPN port number. We’ll offer the virtual address 192.168.0.0/24 to the vpn clients and push the route 192.168.1.0, which is our Office LAN subnet. Following is the contents of our configuration file server.conf:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “route 192.168.1.0 255.255.255.0″
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Start the OpenVpn Server:

# service openvpn start

Windows Client Installation and Configuration
Download the OpenVPN GUI for Windows and install it.

Copy the ca.crt, client-win.crt and client-win.key files from OpenVPN Server to the windows pc at C:\Program Files\OpenVPN\config. A Sample client configuration file client.ovpn can be found in C:\Program Files\OpenVPN\sample-config directory, also copy it to C:\Program Files\OpenVPN\config and customize it according to your needs. Following is the contents of our client configuration file client.ovpn:

client
dev tun
proto udp
remote vpn.nirlog.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client-win.crt
key client-win.key
ns-cert-type server
comp-lzo
verb 3

Connect:

Ping test:

Successful ping to 192.168.0.1 shows that you can reach the server via vpn tunnel. You should be able to ping the Desktops and Servers (192.168.1.x) in the office network too.

OS X Client Installation and Configuration:
Download Tunnelblick and install it by unzipping and dragging the Tunnelblick.app to Applications folder.

Copy the ca.crt, client-osx.crt and client-osx.key files from OpenVPN Server to the Mac at /Users/<yourname>/Library/openvpn. The client configuration file openvpn.conf can be found in /Users/<yourname>/Library/openvpn directory, customize it according to your needs. Following is the contents of our client configuration file openvpn.conf:

client
dev tun
proto udp
remote vpn.nirlog.com 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client-osx.crt
key client-osx.key
ns-cert-type server
comp-lzo
verb 3

Connect:

Ping test:

Successful ping to 192.168.0.1 shows that you can reach the server via vpn tunnel. You should be able to ping the Desktops and Servers (192.168.1.xxx) in the office network too.

1. Regularly solve puzzles
2. Play a musical instrument
3. Paint, sketch or draw.
4. Learn a new language.
5. Learn how to juggle.
6. Play Chess, Backgammon, Checkers or even Go!
7. Play computer games.
8. Write!
9. Try amateur dramatics.
10. Travel.

Architecture
Firewall Analyzer is a web based firewall log analysis tool. It has a built-in syslog server to store the logs and comes with an integrated and pre configured MySQL database.

Firewall Compatibility
Firewall Analyzer is compatible with most of the popular firewalls like Cisco PIX, Netscreen, Watchguard, Sonicwall, Check Point and many more… , some of them have configuration instruction as well. I’ve configured mine with the Netscreen firewall.

System Requirements
Minimum hardware requirements for installing Firewall Analyzer is:

1GHz Pentium 4 processor or equivalent
512 MB of RAM
1 GB of disk space
Monitor that supports 1024×768 resolution

RAM and disk space requirement depends upon the number of devices you’re logging. They’ve more information on MySql performance improvements and suggestion for RAM and Hard Disk size for different number of devices.

Installation
I’ve installed it in a Linux Server (CentOS 4.x). All you need to do is execute ./ManageEngine_FirewallAnalyzer.bin. I think it should be fairly easy to install in the Windows too. But why would anyone buy an extra windows license, if it can be done in Linux, which is much secure and stable than Windows

Configuration
The configuration is pretty straight forward. After the installation, you should start the service by executing run.sh. By default the run script is installed here:

/root/AdventNet/ME/Firewall/bin/run.sh

The firewall analyzer can now be accessed from a browser by typing:

http://<hostname>:8500

The default username/password are admin/admin, which can be changed after logging in.

You need to configure your firewall and point the logging to this server’s ip with the port number it’s listening to. It uses udp port 514 and 1514 by default. In Netscreen firewall, it can be done by going to: Configuration > Report Settings > Syslog

Features

• Enterprise-wide View of Network Activity
• On-Demand and Real-time Reports
• Scheduled Log Archiving
• Advanced Data Analysis and Reporting
• Support for most Leading Firewalls
• Historical trending
• Real-time, Threshold-based Alerting
• Virus, Attack and Security Analysis

Firewall Analyzer helps to analyze the traffic/bandwidth patterns, identify top users, determine bandwidth usage by hosts, protocols and destinations, generate alerts on specific events, identify potential virus or hack attacks and many more…

You can visit the live demo site to see Firewall Analyzer in action and if you want to try it for yourself, then fully functional 30 day trial software is available for download. The pricing scheme is based on annual subscription, starting at USD 295/year for 1 device pack.

Firewall Analyzer gives you a bird’s-eye view of your network traffic and is a very useful productivity tool to help identify and troubleshoot network problems. I think it’s fully worth it’s price.

- Don’t panic. Keep your calm and develop a plan of actions
- Disconnect the system from the network
- Discover the method used to compromise the system
- Stop all the attacker scripts and remove his files
- Restore not affected services
- Fix the problem that caused the compromise
- Restore the affected services
- Monitor the system

I’ve a personal experience of restoring a hacked Linux Server. I agree with all of his recommended steps. Out of them, I think finding the method (security hole) used to compromise the system is most important, because if you don’t know this then the attacker can immediately use the same security hole to attack and compromise the system after you restore.