Engadget has a very helpful video – How-to: run Chrome OS as a virtual machine. The image they’ve used is from gdgt.

Another useful how to is at TechCrunch – Want To Try Out Google Chrome OS For Yourself? Here’s How. They’re running this Chrome image (downloaded from torrent) on Sun VirtualBox.

First I tried the image from gdgt on my Vmware Fusion, it booted ok but couldn’t detect the network and was impossible to login.

I then downloaded the image from torrent (used by TechCrunch), which detected the network but strangely didn’t let me login with my google account. I did create a new google account just to try this and to be on a safer side. After reading the comments on torrent site, I figured that you can login with user “mark” and password “chromeos”. Boom… that let me in!

The first impression after few minutes of mocking around was that this wasn’t anywhere like the one demoed by Google guys. No app menu and panels. It was just like a chrome browser in virtual machine. But after playing for a while and googling around. I figured that “Ctrl Alt t” takes you to the terminal – you can sudo with the same password “chromeos”.

After rebooting the Chrome OS from command line and re-logging in, the App Menu became available.

I could start the sshd

And remote login from my Mac

Personally, I think Chrome is trying to bring thin clients back in from of netbooks. Thin clients failed earlier because the networks were slow and “cloud” wasn’t there. But Chrome stands a chance as cloud is the future and it’s built with three very important goals in mind – Security, Speed and Reliability. Having said that, native softwares are absolutely must for it to succeed. Even iPhones need native apps!

As far as user experience is concerned, at the moment Chrome OS is nothing but a browser. If you want to experience the early Chrome OS – just install Chrome browser and browse your favorite sites . I’m sure this is going to change when Chrome OS is finally released for public next year.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Installation

pound can be installed from the source or the binary depending on your os distribution.

Configuration

Here’s an example of simple configuration to share the loading between two web servers behind the Pound load balancer

ListenHTTP
Address <real ip address>
Port 80
End
ListenHTTPS
Address <real ip address>
Port 443
Cert “/etc/pound/ssl-cert.pem”
End

Service
BackEnd
Address 192.168.1.2
Port 80
End
BackEnd
Address 192.168.1.3
Port 80
End
End

Pound can keep track of sessions between a client and a back-end server by client address, Basic authentication, URL parameter, cookie or header value. Here’s how we keep the session by cookies

Session
Type Cookie
ID “sess”
TTL 300
End

Pound is straight forward to configure and understand. It’s a perfect choice for free and open source load balancer.

ntop is a tool that shows network traffic usage. It is based on libpcap and when installed in a place where it can capture network traffic (hub or a mirrored port of a switch), it logs and reports information concerning IP and Fibre Channel traffic generated by each host in the network. ntop has a very rich and user-friendly web interface for reporting.

This is what ntop can do for you:

* Sort network traffic according to many protocols
* Show network traffic sorted according to various criteria
* Display traffic statistics
* Store on disk persistent traffic statistics in RRD format
* Identify the indentity (e.g. email address) of computer users
* Passively (i.e. withou sending probe packets) identify the host OS
* Show IP traffic distribution among the various protocols
* Analyse IP traffic and sort it according to the source/destination
* Display IP Traffic Subnet matrix (who’s talking to who?)
* Report IP protocol usage sorted by protocol type
* Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
* Produce RMON-like network traffic statistics

Installation
ntop is available for Linux/Unix, Windows and Mac OSX. Windows demo version with limited packet capability is freely available for download. If you want to use the Windows version on production environment, you either need to compile it by yourself or buy a binary version with updates and support. But Linux/Unix and Mac versions are freely available, both source and binary.

Installation of ntop is pretty straight forward, here I’m going to demonstrate a binary rpm installation in CentOS 5.x. We’ll use RPMForge repository for ntop installation, so first we need to upgrade our rpm to rpmforge.

Download the rpm and upgrade it.

# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Install the dependencies

#yum install glib libpcap

Install ntop

# yum install ntop

Edit the config file /etc/ntop.conf, and comment out the setting to run in daemon mode

Change –daemon to # –daemon

Set to the network interface that you use for sniffing data

–interface eth1

Comment out the option for port 3001 for SSL

Change #–https-server 3001 to –https-server 3001

Run the ntop to set your password

# /usr/bin/ntop @/etc/ntop.conf -A

Edit the config file /etc/ntop.conf and set back to daemon mode

Change #–daemon to –daemon

Use chkconfig to make the service start on every reboot

# chkconfig ntop on

Start the service.

# service ntop start

That’s it, now you can use your web browser to access the ntop web interface. It has a lot of user-friendly reporting and admin options. Here’re few screenshots from the web interface of ntop.

Browse https://ip_address:3001 and you’ll see the Global Traffic Statics

Network Load Statics displays the network traffic history: last 10 minutes, last hour, current day and last month.

Active TCP/UDP session shows which client in the network is connected to which server, the information includes source/destination ip address/port numbers and duration of the connection.

Local Matrix, shows the amount of data exchanged between hosts in the local subnet.

Network Traffic All Protocols/All Hosts displays the amount of data sent/received by each local and remote hosts. After reviewing the data usage we can zoom in to the individual hosts for more detail.

The details of a single host, includes almost every detail you would like to know about this host.

Currently Cisco is the leader in Networking market, and Linux, the leader in Server market. So, if you want to test your complex (or not so complex) network configurations before buying any actual linux servers or the very expensive cisco routers, then you can use Dynamips to simulate Cisco Router/Switch and VNUML (Virtual Network User Mode Linux) to simulate your linux servers/routers. Both Dynamips and VNUML are open source and free.

Dynamips

Dynamips is a Cisco router emulator. It’s different from other router simulators in a sense that it doesn’t try to simulate the cisco IOS but loads and runs the real Cisco IOS. The software simulates the cisco router’s hardware, which then becomes capable of booting real cisco IOS. The goals of Dynamips are:

*To be used as a training platform, with software used in real world. It would allow people to become more familiar with Cisco devices, Cisco being the world leader in networking technologies ;
*Test and experiment the numerous and powerful features of Cisco IOS ;
* Check quickly configurations to be deployed later on real routers.

If you want to use Dynamips, then it’s recommended to be used together with Dynagen, which is an user-friendly front-end for the Dynamips cisco router emulator. It uses a simple INI like configuration file to define the routers, switches and networks. You can download Dynagen for Linux, Windows or OS X (the package already includes Dynamips). The Dynagen installation includes very useful Tutorial and sample labs.

Dynamips loading Cisco IOS

VNUML

VNUML is a virtualization tool based on User Mode Linux virtualization software, initially developed to simulate IPv6 scenarios based on Linux and zebra routing daemon. It’s also a very useful tool in simulating general Linux based network scenarios.

VNUML is aimed to help in testing network applications and services over complex testbeds made of several nodes (even tens) and networks inside one Linux machine, without involving the investment and management complexity needed to create it using real equipment.

To use VNUML tool you need VNUML language for describing simulations in XML, and an interpreter of the language (vnumlparser.pl), that builds and manages the simulation, hiding all UML complex details to the user. It is available in package format for .deb based Linux distributions like Debian, Ubuntu, and in source format for other distributions. VNUML Live DVD makes it possible to try VNUML without installing anything into your computer. Here are some useful documentaions: Installation guide, Tutorial and Example Scenarios. This VNUML and Dynamips/Dynagen mixed scenario is quite interesting because it simulates cisco router using Dynamips/Dynagen and Linux Servers using VNUML.

Simple VNUML Description

Snort captures enormous amount of data from the network and generates alert based on the rules and signatures. There’re currently 3 excellent and relatively user friendly ways to manage and analyze the snort data:

1. ACID (Analysis Console for Intrusion Databases)

The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools.

ACID: Installation and Configuration

2. BASE (Basic Analysis and Security Engine).

It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.

Snort, Apache, SSL, PHP, MySQL, and BASE Install on CentOS 4, RHEL 4 or Fedora Core (pdf)

3. Sguil (Snort GUI for LamerZ)

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.

Sguil on RedHat HOWTO

If you’re asking what’s the difference between them, then here’s five reasons why Sguil is different from ACID, BASE, and similar products.

Currently I’m trying Sguil to see how good it is. I’ve installed Sguil Server and Sensor in CentOS 4.x and Sguil-Client in my Mac OS X. The server installation was not that easy but once installed, it runs smoothly. I must say that there are many good features in Sguil, among them I like: alerts in near real-time, escalation and accountability features, collection of session data using SANCP and summaries of conversations.

What is Virtualmin

Virtualmin is a free and open-source virtual hosting management system designed to make virtual hosting quick, reliable, and secure. It’s a Webmin module, which supports the creation and management of Apache virtual hosts, BIND DNS domains, MySQL/PostgresSQL databases, and mailboxes and aliases with Sendmail, Postfix or Qmail. It utilizes existing Webmin modules for these servers, and works with any existing system configuration, rather than needing it’s own mail server, web server and so on. There’s also a commercial version of Virtualmin that you’ve to pay for, called Virtualmin Pro, which includes some extra features and support.

Virtualmin Installation

To install the Virtualmin module, first you need a working Webmin, after you’ve webmin installed it’s pretty straight forward. Download the latest version of Virtualmin from Virtualmin’s site and install it from the webmin’s Modules installation interface.

Login to Webmin as root –> Webmin Configuration –> Webmin Modules

Choose the Webmin installation file and click Install Module

After you complete the installation, click on Virtualmin Virtual Servers (GPL) which will lead you to the next interface, where you’ll need to re-check and refresh configuration. Click on Re-check and refresh configuration button. This is to make sure that all the required softwares are installed and configured properly. This step will check for Apache, Webalizer, MySQL, Sendmail and other softwares installation and configuration. If it finds any problem it’ll report and give you an option to correct it. If everything is ok, you’ll see a message saying …your system is ready for use by Virtualmin.

That’s it, you’ve successfully installed Virtualmin. Now adding a new virtual host is very easy. During the addition of a new virtual host you can choose the features that you want to have for this virtual domain, e.g. if you’ll use this new virtual host for your Wordpress blog then you need a MySQL database too, for that you’ll need to choose Create MySQL database from the Enabled Features list.

Virtualmin Features

Virtualmin is a feature rich hosting management system. Here’s a feature-to-feature comparition of Virtualmin and cPanel (cPanel is compared with Virtualmin Pro, but most of the features are present in free version too). Here’re some features that I find useful:

Single Management Interface

All Virtual hosts can be managed from a single interface. You can see the all the existing virtual hosts and their total allocated quota and usage.

Backup Restore

It’s very easy to perform an instant backup of selected or all domains with a single click.

You can choose a simple scheduled backup. E.g. backup daily at midnight and send you the success or failure report to your email address.

The restore is as painless as backup, all you need to do is choose the backup file and click restore.

Bandwidth Monitoring

Bandwidth is money. You can conserve it by activating the Bandwidth Monitoring, there’s an option to limit bandwidth usage for each virtual host and you can choose to send an alert to the owner if he’s nearing the capacity. You can also generate a bandwidth usage graph of all virtual hosts.

Configuration

You can fine-tune the Virtualmin for your environment by using the Module Config menu. This is the place to setup default parameters for all the virtual hosts. E.g. you can choose to enable MySQL, but not for all virtual hosts by default, this means when you create a new virtual host you’ll be given a choice to enable or disable MySQL for this particular virtual host. There’re plenty of other configuration options you can do here.

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

OpenVPN Server Installation
Download the OpenVPN and LZO packages, these are packaged RPMs for Fedora/Redhat, which also works for CentOS and Whiteboxlinux.

Install the packages:

Enable packet forwarding between 2 interfaces in OpenVPN Server:

#echo 1 > /proc/sys/net/ipv4/ip_forward

Master Certificate Authority (CA) Certificate and Key:
A set of scripts bundled with OpenVPN make the PKI management easier. We’ll use these scripts to generate a master CA certificate/key, a server certificate/key and 2 keys/certificates for separate clients.

Change your directory to easy-rsa subdirectory in your OpenVPN installation:

# cd /usr/share/doc/openvpn-2.0.7/easy-rsa

Edit the vars file and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. My vars parameters are as following, you need to setup your own:

export KEY_COUNTRY=HK
export KEY_PROVINCE=KLN
export KEY_CITY=Hong Kong
export KEY_ORG=”OpenVPN-TEST”
export KEY_EMAIL=”niranjan.kunwar@gmail.com”

Initialize the PKI:

Generate Certificate and Key for the Server:

Generate Certificates and Keys for 2 clients:

#sh build-key client-win
#sh build-key client-osx

Generate Diffie Hellman parameters

Copy the keys and certificate to /etc/openvpn

#cp dh1024.pem server.crt server.key ca.crt /etc/openvpn/

Server Configuration file
A sample configuration file server.conf can be found in /usr/share/doc/openvpn-2.0.7/sample-config-files, copy it to /etc/openvpn and customize it according to your needs. There are many possible customizations that you can do to the configuration file. In our case the VPN Server will be listening to UDP port 1194, which is the official OpenVPN port number. We’ll offer the virtual address 192.168.0.0/24 to the vpn clients and push the route 192.168.1.0, which is our Office LAN subnet. Following is the contents of our configuration file server.conf:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “route 192.168.1.0 255.255.255.0″
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

Start the OpenVpn Server:

# service openvpn start

Windows Client Installation and Configuration
Download the OpenVPN GUI for Windows and install it.

Copy the ca.crt, client-win.crt and client-win.key files from OpenVPN Server to the windows pc at C:\Program Files\OpenVPN\config. A Sample client configuration file client.ovpn can be found in C:\Program Files\OpenVPN\sample-config directory, also copy it to C:\Program Files\OpenVPN\config and customize it according to your needs. Following is the contents of our client configuration file client.ovpn:

client
dev tun
proto udp
remote vpn.nirlog.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client-win.crt
key client-win.key
ns-cert-type server
comp-lzo
verb 3

Connect:

Ping test:

Successful ping to 192.168.0.1 shows that you can reach the server via vpn tunnel. You should be able to ping the Desktops and Servers (192.168.1.x) in the office network too.

OS X Client Installation and Configuration:
Download Tunnelblick and install it by unzipping and dragging the Tunnelblick.app to Applications folder.

Copy the ca.crt, client-osx.crt and client-osx.key files from OpenVPN Server to the Mac at /Users/<yourname>/Library/openvpn. The client configuration file openvpn.conf can be found in /Users/<yourname>/Library/openvpn directory, customize it according to your needs. Following is the contents of our client configuration file openvpn.conf:

client
dev tun
proto udp
remote vpn.nirlog.com 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert client-osx.crt
key client-osx.key
ns-cert-type server
comp-lzo
verb 3

Connect:

Ping test:

Successful ping to 192.168.0.1 shows that you can reach the server via vpn tunnel. You should be able to ping the Desktops and Servers (192.168.1.xxx) in the office network too.

While there’s overwhelming similarity between the operating systems in most cases, there are also a lot of differences. As you probe more into the differences, you find that they emerge from deep-seated disagreements. Some are disagreements over development methodology, some over deployment and usage, some about what’s important, some about who’s important, and some about which flavor of ice cream is superior. Just comparing the surface differences doesn’t tell you anything; it’s the deeper differences that both explain and justify why each group does things the way they do.

Architecture
Firewall Analyzer is a web based firewall log analysis tool. It has a built-in syslog server to store the logs and comes with an integrated and pre configured MySQL database.

Firewall Compatibility
Firewall Analyzer is compatible with most of the popular firewalls like Cisco PIX, Netscreen, Watchguard, Sonicwall, Check Point and many more… , some of them have configuration instruction as well. I’ve configured mine with the Netscreen firewall.

System Requirements
Minimum hardware requirements for installing Firewall Analyzer is:

1GHz Pentium 4 processor or equivalent
512 MB of RAM
1 GB of disk space
Monitor that supports 1024×768 resolution

RAM and disk space requirement depends upon the number of devices you’re logging. They’ve more information on MySql performance improvements and suggestion for RAM and Hard Disk size for different number of devices.

Installation
I’ve installed it in a Linux Server (CentOS 4.x). All you need to do is execute ./ManageEngine_FirewallAnalyzer.bin. I think it should be fairly easy to install in the Windows too. But why would anyone buy an extra windows license, if it can be done in Linux, which is much secure and stable than Windows

Configuration
The configuration is pretty straight forward. After the installation, you should start the service by executing run.sh. By default the run script is installed here:

/root/AdventNet/ME/Firewall/bin/run.sh

The firewall analyzer can now be accessed from a browser by typing:

http://<hostname>:8500

The default username/password are admin/admin, which can be changed after logging in.

You need to configure your firewall and point the logging to this server’s ip with the port number it’s listening to. It uses udp port 514 and 1514 by default. In Netscreen firewall, it can be done by going to: Configuration > Report Settings > Syslog

Features

• Enterprise-wide View of Network Activity
• On-Demand and Real-time Reports
• Scheduled Log Archiving
• Advanced Data Analysis and Reporting
• Support for most Leading Firewalls
• Historical trending
• Real-time, Threshold-based Alerting
• Virus, Attack and Security Analysis

Firewall Analyzer helps to analyze the traffic/bandwidth patterns, identify top users, determine bandwidth usage by hosts, protocols and destinations, generate alerts on specific events, identify potential virus or hack attacks and many more…

You can visit the live demo site to see Firewall Analyzer in action and if you want to try it for yourself, then fully functional 30 day trial software is available for download. The pricing scheme is based on annual subscription, starting at USD 295/year for 1 device pack.

Firewall Analyzer gives you a bird’s-eye view of your network traffic and is a very useful productivity tool to help identify and troubleshoot network problems. I think it’s fully worth it’s price.

This is my desk — powered by Synergy