Nirlog.com

If you’re running a web site and have come to a point where a single web server cannot handle the traffic, then it’s time to get multiple web servers and share the loading. To do that you’ll need a load balancer which distributes the web traffic among multiple web servers.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Read the rest of this entry »

How do you monitor your network traffic? Of course using MRTG, you might say. Yes, that’s true, MRTG does an excellent job of monitoring traffic across networks and devices (router/switches). But when you see an abnormal traffic in MRTG, how do you find out what is generating that extra abnormal traffic? This is where ntop comes into play. Basically, MRTG shows you a bigger picture, whereas ntop lets you zoom into individual networks and hosts, and gives you enough information to pinpoint the hosts or devices generating extra/abnormal traffic.

ntop is a tool that shows network traffic usage. It is based on libpcap and when installed in a place where it can capture network traffic (hub or a mirrored port of a switch), it logs and reports information concerning IP and Fibre Channel traffic generated by each host in the network. ntop has a very rich and user-friendly web interface for reporting.

This is what ntop can do for you:

* Sort network traffic according to many protocols
* Show network traffic sorted according to various criteria
* Display traffic statistics
* Store on disk persistent traffic statistics in RRD format
* Identify the indentity (e.g. email address) of computer users
* Passively (i.e. withou sending probe packets) identify the host OS
* Show IP traffic distribution among the various protocols
* Analyse IP traffic and sort it according to the source/destination
* Display IP Traffic Subnet matrix (who’s talking to who?)
* Report IP protocol usage sorted by protocol type
* Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
* Produce RMON-like network traffic statistics

Read the rest of this entry »

The benefits of designing and testing complex networks in simulated environments are obvious to network professionals and companies. It lets them test the network configurations before implementing it in the real world, and the good thing is that, they can do this without investing any money in expensive hardwares. Virtual networks are also excellent tools for academic and certification purposes like CCNA, CCNP or CCIE, where students can get hands-on experience configuring cisco routers.

Currently Cisco is the leader in Networking market, and Linux, the leader in Server market. So, if you want to test your complex (or not so complex) network configurations before buying any actual linux servers or the very expensive cisco routers, then you can use Dynamips to simulate Cisco Router/Switch and VNUML (Virtual Network User Mode Linux) to simulate your linux servers/routers. Both Dynamips and VNUML are open source and free.

Read the rest of this entry »

Snort has always been, and still is my favorite IDS (Intrusion Detection System) although I manage many UTM (Unified Threat Management) Firewalls with built in IPS/IDS (Intrusion Detection/Prevention) now. The commercial UTM Firewalls with IPS/IDS are easy to use and configure but they come with a high price tag and aren’t easy to customize. Even though snort is not that easy to install, configure and manage it still is the most popular IDS/IPS today because of the fact that it is open source, free, easily customizable, easy to create rules, signatures are always kept up-to-date by its community and plenty of excellent documentation, guides and books.

Snort captures enormous amount of data from the network and generates alert based on the rules and signatures. There’re currently 3 excellent and relatively user friendly ways to manage and analyze the snort data:
Read the rest of this entry »

Few years ago I was looking for a virtual host management system, that’s when I came across Virtualmin. The features satisfied my requirements and of course you can’t beat the free, price wise . I’ve been using it in an environment with 100+ virtual hosts since then, and don’t have any regret on my choice. It’s running all these years without any problem.

What is Virtualmin

Virtualmin is a free and open-source virtual hosting management system designed to make virtual hosting quick, reliable, and secure. It’s a Webmin module, which supports the creation and management of Apache virtual hosts, BIND DNS domains, MySQL/PostgresSQL databases, and mailboxes and aliases with Sendmail, Postfix or Qmail. It utilizes existing Webmin modules for these servers, and works with any existing system configuration, rather than needing it’s own mail server, web server and so on. There’s also a commercial version of Virtualmin that you’ve to pay for, called Virtualmin Pro, which includes some extra features and support.

Read the rest of this entry »

This guide describes how to install and configure the OpenVPN Server in Linux and clients in Windows XP and Mac OSX. There are many advanced features in OpenVPN and if you’re interested in those advanced stuff, there’s a more detailed HowTo for you. This guide was created from my successful installation, so it works for me. If you find any problems or have suggestions please leave a comment. I’ll try my best to help. I’m sure, you know that you’re using this at your own risk

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

Read the rest of this entry »

I always recommend to run Linux on Servers in our office and also for our customers. When asked why, among other things I say Linux is stable, popular, have more community support, and I’m familiar and comfortable with it. But when asked why not BSD, I say it’s similar to Linux because both are Unix-style OSes but also there’re many differences… and one of them is that I’m not so familiar with the BSD . A BSD user has put together everything you need to know about BSD vs Linux. Recently I’ve installed a FreeBSD server for an e-commerce system and agree with the author that "The differences between BSD and Linux all derive from basic philosophical differences. Once you understand those, everything else falls into place pretty neatly."

While there’s overwhelming similarity between the operating systems in most cases, there are also a lot of differences. As you probe more into the differences, you find that they emerge from deep-seated disagreements. Some are disagreements over development methodology, some over deployment and usage, some about what’s important, some about who’s important, and some about which flavor of ice cream is superior. Just comparing the surface differences doesn’t tell you anything; it’s the deeper differences that both explain and justify why each group does things the way they do.

Firewalls have become an integral part of all corporate networks. They’re the first line of defense against attacks from outside network (Internet) and also the point of control to make sure internal users (employees) are using the Internet as they’re supposed to. Recently the UTM (United Threat Management) Firewalls have become very popular. They’ve built in gateway anti-virus, anti-spam, web content filtering and IPS (Intrusion Prevention System) on top of traditional firewall functions. These firewalls generate loads and loads of log data and it’s very difficult to analyze the traffic and security event levels by just looking at the log files. So, a firewall logging and analyzing tool becomes necessary to generate easy to understand reports. After trying few softwares, I came across Firewall Analyzer, which was the exact tool I was looking for.
Read the rest of this entry »

I’m using Synergy to share a single keyboard and mouse between my Mac, Windows and Linux machines. It’s a very useful software I’ve been using for quite some time. There’s a very detailed HOWTO at Engadget, if you want to set it up for yourself.

This is my desk — powered by Synergy

Marius Ducea has a great article on How to restore a hacked Linux Server. He provides a very practical baseline on how you should develop your own plan of action to restore a hacked Linux Server. These are the steps he recommends:

- Don’t panic. Keep your calm and develop a plan of actions
- Disconnect the system from the network
- Discover the method used to compromise the system
- Stop all the attacker scripts and remove his files
- Restore not affected services
- Fix the problem that caused the compromise
- Restore the affected services
- Monitor the system

I’ve a personal experience of restoring a hacked Linux Server. I agree with all of his recommended steps. Out of them, I think finding the method (security hole) used to compromise the system is most important, because if you don’t know this then the attacker can immediately use the same security hole to attack and compromise the system after you restore.