Engadget has a very helpful video – How-to: run Chrome OS as a virtual machine. The image they’ve used is from gdgt.

Another useful how to is at TechCrunch – Want To Try Out Google Chrome OS For Yourself? Here’s How. They’re running this Chrome image (downloaded from torrent) on Sun VirtualBox.

First I tried the image from gdgt on my Vmware Fusion, it booted ok but couldn’t detect the network and was impossible to login.

I then downloaded the image from torrent (used by TechCrunch), which detected the network but strangely didn’t let me login with my google account. I did create a new google account just to try this and to be on a safer side. After reading the comments on torrent site, I figured that you can login with user “mark” and password “chromeos”. Boom… that let me in!

The first impression after few minutes of mocking around was that this wasn’t anywhere like the one demoed by Google guys. No app menu and panels. It was just like a chrome browser in virtual machine. But after playing for a while and googling around. I figured that “Ctrl Alt t” takes you to the terminal – you can sudo with the same password “chromeos”.

After rebooting the Chrome OS from command line and re-logging in, the App Menu became available.

I could start the sshd

And remote login from my Mac

Personally, I think Chrome is trying to bring thin clients back in from of netbooks. Thin clients failed earlier because the networks were slow and “cloud” wasn’t there. But Chrome stands a chance as cloud is the future and it’s built with three very important goals in mind – Security, Speed and Reliability. Having said that, native softwares are absolutely must for it to succeed. Even iPhones need native apps!

As far as user experience is concerned, at the moment Chrome OS is nothing but a browser. If you want to experience the early Chrome OS – just install Chrome browser and browse your favorite sites . I’m sure this is going to change when Chrome OS is finally released for public next year.

First briefly about the company – Sourcerfire was founded by the author of Snort (an open source network intrusion prevention and detection system). Snort is the most popular and widely deployed IDS/IPS and has become the de facto standard for the industry.

So, why do we need Sourcefire (very expensive) if Snort is the best and free?

Right, Snort is the best and free out there but it’s implementation, management and maintenance is not a piece of cake for everyone; that’s where sourcefire comes into play. Sourcefire uses snort at it’s heart to utilize it’s powerful IDS/IPS techonology, with added benefit of plug-n-protect simplicity (the purpose-built appliance is easy to install, maintain and manage), and it comes with tons of extra features that make it very powerful. Sourcefire adds an Adaptive IPS and Enterprise Threat Management (ETM) on top of the Snort IPS. It is managed via user-friendly and intuitive web interface, of course you can always do your advanced config from the shell because it’s a snort installed in a linux box anyway.

Components of Sourcefire 3D System

Sourcefire 3D System is comprised of two appliances (Sourcefire Defense Center and Sourcefire 3D Sensor).

Sourcefire Defense Center (DC) is a centralized management console to manage the sensors, centralized event aggregation and sensor policy administration.

Sourcefire 3D Sensors are purpose-built network security appliances that passively aggregate network and user intelligence while defending the network against internal and external threats.

3D Sensor Modules

Each Sourcefire 3D Sensor is capable of running any combination of the following four software components (you need to buy them separately):

Sourcefire IPS (Intrusion Prevention System) it’s the mighty snort running in background, where you can use rules-based detection engine and utilize the acclaimed Vulnerability Research Team (VRT) to protect your network. The IPS component is included in the base system.

Sourcefire RNA (Real-time Network Awareness) passively monitors real-time network traffic and gathers network intelligence, it can detect operating systems, services, applications, protocols, and potential vulnerabilities that exist on your network. This is a very useful component of Sourcefire but you’ll need to buy the RNA license separately.

Sourcefire RUA (Real-time User Awareness) helps to identify the user identity and contact information, it pairs Active Directory and LDAP usernames with host IP addresses involved in security and compliance events. You’ll need to buy the RUA license separately.

Sourcefire NetFlow Analysis is an optional component of Sourcefire’s Network Behavior Analysis (NBA) solution. It gives additional insight to network threats by aggregating and analyzing NetFlow from routers and switches.

Sourcefire 3D System deployment with Master Defense Center

OK that was about sourcefire. Here’s how you go about getting certified.

Training Course

Sourcefire offers several instructor-led classroom training for Sourcfire 3D systems, out of which SF3D 360 Bundle is the one I took.

Sourcefire 3D™ 360 Bundle Includes:

• Instructor-led Training Sourcefire 3D™ (4 days)
• Sourcefire Certified Professional (SFCP) Certification Exam
• Sourcefire Guarantees
• CPE Credits 32 (for CISSPs)

Course Outline

• Sourcefire 3D System Sensor Deployment and Communications Architecture
• Sourcefire 3D System Overview & Product Installation
• Interface Navigation and Dashboard views
• Sensor Configuration and Management with the Defense Center
• Configuring Interface Sets and Detection Engines
• Administration, Maintenance and System Policy
• System Health Monitoring and Alerting
• Real-time User Awareness
• Adaptive Profiles
• User Account Management
• IPS & RNA Detection Policy Configuration
• Compliance Policy, White Lists and Host Attributes
• Event Analysis and Reporting
• End-Point Intelligence
• Flow Data Analysis and Network Profiling
• Nmap and Nessus Scanning
• Basic Rule Structure and Syntax
• IPS Features and Configuration
• Trouble Shooting and Behind-The-GUI Navigation and Architecture

Certification Exam

The following products and skill areas are assessed through this process:

• Intrusion Management System
• Intrusion Sensors
• Defense Center
• RNA Sensor
• Installation and Deployment
• Administration and Management
• Policy Configuration and Management
• Policy Non-compliance and Remediation
• User Administration and Management
• Reporting Creation and Management
• Effective and Performance Oriented Rule Writing

The certification exam itself consists of 200 multiple choice questions, which you’ll have to complete within 4 hours. Passing score is 75%, you’ll immediately know whether you pass or fail and if you pass the exam certificates are available online for you to print.

I found the instructor-led course very helpful. I have worked with snort before but this was my first introduction to Sourcerfire. After the 4 day course, you’ll have 60 days to prepare and take the exam. Every student is given a second attempt if a passing grade of 75% or better is not achieved on the first attempt.

To prepare for the exam, I went through the training material (page by page) one more time. I also had an access to sourcefire boxes installed in our office lab so, it was very useful. It’s an open book exam, you’ll have slightly more than a minute to answer each question, so you won’t have enough time to go through your materials during the exams. You’ll need to know your stuff to pass it, but having an access to sourcefire box at the time of exam will be very handy (for the user interface questions).

Delivering customer-focused managed network and application delivery solutions that leverage a global network with unrivalled reach, depth and breadth to multinational, service provider and global carrier clients. Over 1400 enterprise customers and 200 carriers depend upon Reliance Globalcom to manage business-critical network solutions and address complex requirements for their businesses and partners throughout the world

Vanco is now Reliance Globalcom, Anil Dihrubhai Ambani group, which is also well known because of it’s chairman Anil Ambani, currently 6th on The World’s Billionaires List.

I feel myself privileged and honored to have this opportunity. At Vanco my role will be exclusively focusing on security, I’m really excited about it. This is a perfect opportunity for me to bring forward my previous network/security expertise as well as learn and grow at this truly global organization.

I’ve installed and tested it in my WinXP SP2 running on my MacBook Pro Vmware Fusion, and this is what I found.

Installation and usage
The installation is easy and straightforward. You just need to follow the on screen instruction. You’ll require: a domain administrator account, a smtp server address to send alerts via email and have to choose either Microsoft Access or MS SQL Server for the back-end database.

Scanning, Reporting and Patching
The user interface is intuitive and easy to use. After the scanning is completed, it gives a nice report of the scan (you can choose to scan a single computer, group or the whole network). In the first scan it let me know that my Office and Windows need some critical patches. If you expand each vulnerabilities then it’ll give the Microsoft ID, download link and the patch release date. You can apply the patch or choose to ignore it by right clicking on it. There’s a handy feature to mass deploy the Microsoft updates on selected computers or all computers in the network. Other notable features in patch deployment are:

- Custom Software deployment
- Uninstallation of Microsoft updates
- Detailed Patch Deployment log

Besides the vulnerabilities the scan reports on open tcp/udp ports, open shares, installed applications, password policies, groups and users (with their privilege, last logon and password age).

You can buy an extra ReportPack to create vulnerabilities scanning reports and system information reports for your managers and bosses. I think it would have been great to have this reporting built in to NSS.

Useful Tools
GFI LANguard NSS comes with very handy tools that a network/security admin uses every day

Conclusion
I’ve tried the GFI LANguard N.S.S 8 for few days and think that it is a very useful tool for network and security administrators. I liked the fact that it has all three useful tools i.e. network vulnerability scanning, patch management and auditing integrated into one. It’s also easy to use and manage. The lack of built-in ReportPack is the only down side of it. Here, I’ve just scratched few features of the product, if you’re interested you can try it for free with 30 days evaluation version before buying it.

Update: GFI have now included the ReportPack for free with GFI LANguard N.S.S. and all other ReportPack-powered software titles on top of the 45% price cut.

Basically you’ve two choice — go for the hardware solutions (expensive with many nice features) or software solutions (possibly free but with limited features). If you want a free and open source solution then Pound is the choice.

Pound is a Free Open Source reverse-proxy, load balancer, SSL wrapper, http/https sanitizer, fail over server and a request redirector:

1. a reverse-proxy: it passes requests from client browsers to one or more back-end servers.
2. a load balancer: it will distribute the requests from the client browsers among several back-end servers, while keeping session information.
3. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
4. an HTTP/HTTPS sanitizer: Pound will verify requests for correctness and accept only well-formed ones.
5. a fail over-server: should a back-end server fail, Pound will take note of the fact and stop passing requests to it until it recovers.
6. a request redirector: requests may be distributed among servers according to the requested URL.

Pound is built with security in mind, it can run as setuid/setgid and/or in a chroot jail. It’s a very small, robust and efficient program.

It’s very easy to install and configure.

Installation

pound can be installed from the source or the binary depending on your os distribution.

Configuration

Here’s an example of simple configuration to share the loading between two web servers behind the Pound load balancer

ListenHTTP
Address <real ip address>
Port 80
End
ListenHTTPS
Address <real ip address>
Port 443
Cert “/etc/pound/ssl-cert.pem”
End

Service
BackEnd
Address 192.168.1.2
Port 80
End
BackEnd
Address 192.168.1.3
Port 80
End
End

Pound can keep track of sessions between a client and a back-end server by client address, Basic authentication, URL parameter, cookie or header value. Here’s how we keep the session by cookies

Session
Type Cookie
ID “sess”
TTL 300
End

Pound is straight forward to configure and understand. It’s a perfect choice for free and open source load balancer.

Relay Station 2, Khopra with Antennas Pointing to Different Villages Elevation 3,600m (~12,000 ft)
More Photos

Here’s Mr Pun’s story in his own words.

He grew up grazing cattle in the mountains and had no idea about high schools. But he had a visionary father who migrated to a town called Chitwan to make sure Mahabir went to school. This is what Mr. Pun has to say about his father: “He suffered himself and made the family suffer so much for sending me to school in the years that followed.”

After completing his high school Mr. Pun became a teacher, and taught for 12 years. He then got a chance to study at University of Nebraska at Kearney, U.S.A, where he completed his Master’s Degree in education and came back to his ancestral village to fulfill his dream to provide educational opportunities for the rural children so that they should not have to go through all the pain and struggle he went through. He says, “I have a first hand experience of how much it hurts to go through that kind of pain.”

Mr. Pun returned to his village after 24 years and joined the Nangi’s leaders who were establishing a village high school. He started teaching computer classes at the school when four used computers were donated from Australia. Standalone computers were ok, but connecting to the internet seemed impossible without a telephone line. After trying many options, Mr. Pun sent an email to BBC in 2001, asking for ideas. BBC then interviewed him and published the story Village in the clouds embraces computers and Praise for Inspirational Web Pioneer. That was the turning point. Shortly, volunteers from US and Europe helped him with the wireless connection. They used TV dish antennas mounted in trees to establish wifi connection with neighboring villages. In 2003 the village of Nangi went online.

Here’re some news articles about the Nepal Wireless project.

The Satellite photo of the networked villages and stations

The board of trustee of Ramon Magsaysay Award Foundation has elected Mahabir Pun for the 2007 Ramon Magsaysay Award for Community Leadership for his innovative application of wireless computer technology in Nepal, connecting remote villages. I would like to congratulate Mr. Pun for his well deserved award and recognition. Hats off to Mr. Pun!

His mission is ongoing and you too can contribute to his Himanchal Education Foundation in many ways. Your small donation can make a big difference. You can also contribute to his Nepal Wireless project and help the himalayan village connect to the global village.

ntop is a tool that shows network traffic usage. It is based on libpcap and when installed in a place where it can capture network traffic (hub or a mirrored port of a switch), it logs and reports information concerning IP and Fibre Channel traffic generated by each host in the network. ntop has a very rich and user-friendly web interface for reporting.

This is what ntop can do for you:

* Sort network traffic according to many protocols
* Show network traffic sorted according to various criteria
* Display traffic statistics
* Store on disk persistent traffic statistics in RRD format
* Identify the indentity (e.g. email address) of computer users
* Passively (i.e. withou sending probe packets) identify the host OS
* Show IP traffic distribution among the various protocols
* Analyse IP traffic and sort it according to the source/destination
* Display IP Traffic Subnet matrix (who’s talking to who?)
* Report IP protocol usage sorted by protocol type
* Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
* Produce RMON-like network traffic statistics

Installation
ntop is available for Linux/Unix, Windows and Mac OSX. Windows demo version with limited packet capability is freely available for download. If you want to use the Windows version on production environment, you either need to compile it by yourself or buy a binary version with updates and support. But Linux/Unix and Mac versions are freely available, both source and binary.

Installation of ntop is pretty straight forward, here I’m going to demonstrate a binary rpm installation in CentOS 5.x. We’ll use RPMForge repository for ntop installation, so first we need to upgrade our rpm to rpmforge.

Download the rpm and upgrade it.

# rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Install the dependencies

#yum install glib libpcap

Install ntop

# yum install ntop

Edit the config file /etc/ntop.conf, and comment out the setting to run in daemon mode

Change –daemon to # –daemon

Set to the network interface that you use for sniffing data

–interface eth1

Comment out the option for port 3001 for SSL

Change #–https-server 3001 to –https-server 3001

Run the ntop to set your password

# /usr/bin/ntop @/etc/ntop.conf -A

Edit the config file /etc/ntop.conf and set back to daemon mode

Change #–daemon to –daemon

Use chkconfig to make the service start on every reboot

# chkconfig ntop on

Start the service.

# service ntop start

That’s it, now you can use your web browser to access the ntop web interface. It has a lot of user-friendly reporting and admin options. Here’re few screenshots from the web interface of ntop.

Browse https://ip_address:3001 and you’ll see the Global Traffic Statics

Network Load Statics displays the network traffic history: last 10 minutes, last hour, current day and last month.

Active TCP/UDP session shows which client in the network is connected to which server, the information includes source/destination ip address/port numbers and duration of the connection.

Local Matrix, shows the amount of data exchanged between hosts in the local subnet.

Network Traffic All Protocols/All Hosts displays the amount of data sent/received by each local and remote hosts. After reviewing the data usage we can zoom in to the individual hosts for more detail.

The details of a single host, includes almost every detail you would like to know about this host.

* User enters pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable.
* User requests a list of all data belonging to him.
* For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. (The message content is one or more database columns, each encrypted.) Thus, system is able to return a list of record IDs for this user.
* User selects one of the record IDs.
* System checks that this user ID is associated with the record ID, and returns the corresponding message content.
* Browser uses stored pass-phrase to decrypt the contents.

Ok, with that background if you’re ready to store your sensitive information online, here are few choices for you.

Halfnote
Halfnote is a very simple and secure notepad. Easy to register — provide your email address, choose a password, and you’re done. A simple blank notepad is presented, where you can write your secret passwords or documents. It’s very fast and the information is auto-saved as you type. The information you send is encrypted with your pass-phrase but it lacks SSL protection, which could have provided extra security by encrypting the session information.

Passlet
Passlet is a typical online password manager, currently in beta. It has an easy to input entry from where you can input: Title, Username, Password, and Notes. It encrypts the data by deriving 128-bit AES key from your master password. The key derivation is completely performed within the browser. In addition to secure data, Passlet uses SSL for session encryption, we can be sure of connecting to Passlet server by viewing the SSL Certificate.

eSecureKey
eSecureKey is another online password manager, currently in beta. It has a Portlet, which can be accessed with a Secure Key. This Secure Key is different from your login password, and is never transmitted to the server. This is the key used to encode and decode data. The portlet lists the existing entries and allows to add new information with tags for easy listing and searching. eSecureKey sends encrypted data to the server but lacks SSL for the session encryption.

PassPack
PassPack is currently in beta. It uses Packing Key to pack/unpack (encrypt/decrypt) data, which is all done in client side, inside the browser, no keys are sent to the server. It uses AES encryption and special security techniques, like disposable logins, which can be created in advance. Disposable logins are good for one time login only. This is useful when you access your data using a public computer. PassPack has taken the fight against phishing to a new level by allowing users to setup their custom Greeting Message after login, and ip address restriction, where users can choose to allow only certain ip address to have login access. PassPack uses SSL to encrypt session data as well. Other useful features in PassPack are import/export from/to a csv file. You can make an encrypted backup of your secret data using the packing key, and the restoration from the backup file is very easy too.

Clipperz
Clipperz uses local encryption within the browser so, your data is safe like all other online password managers. But Clipperz has some useful features that other online password managers lack. For example, it has a cool feature called direct login, which allows to quickly create a “direct login” link: just one click to authenticate and access the online service without typing any username and password. Another good feature is offline copy, which allows users to dump their encrypted data from Clipperz servers to a local hard disk or USB drive and create a read-only version of Clipperz to be used when there’s no internet connection available. Clipperz is currently available in English, Japanese and Chinese. It stores the passwords and other confidential data in predefined templates called cards. Clipperz has several predefined templates for storing websites, banking, credit card, address book and custom card. There’re some new features coming soon, among them Import and Sharing should be very useful.

Conclusion
I think online password managers are handy and secure enough to store the username/passwords of many websites that we visit on daily basis like, digg, delicious, flicker, etc …. but for myself, I wouldn’t store critical secrets and financial data online yet! If you’re a system admin you might want to check KeePass that works across all platforms. Having said that, if you’re ready to take a plunge into online password managers then technology is ready and there’re excellent choices available. So, if you love simplicity, Halfnote is for you, if you want cool features like direct login or multiple language support, then go for Clipprez, if you want extra security like disposable logins and phishing protection go for PassPack.

Currently Cisco is the leader in Networking market, and Linux, the leader in Server market. So, if you want to test your complex (or not so complex) network configurations before buying any actual linux servers or the very expensive cisco routers, then you can use Dynamips to simulate Cisco Router/Switch and VNUML (Virtual Network User Mode Linux) to simulate your linux servers/routers. Both Dynamips and VNUML are open source and free.

Dynamips

Dynamips is a Cisco router emulator. It’s different from other router simulators in a sense that it doesn’t try to simulate the cisco IOS but loads and runs the real Cisco IOS. The software simulates the cisco router’s hardware, which then becomes capable of booting real cisco IOS. The goals of Dynamips are:

*To be used as a training platform, with software used in real world. It would allow people to become more familiar with Cisco devices, Cisco being the world leader in networking technologies ;
*Test and experiment the numerous and powerful features of Cisco IOS ;
* Check quickly configurations to be deployed later on real routers.

If you want to use Dynamips, then it’s recommended to be used together with Dynagen, which is an user-friendly front-end for the Dynamips cisco router emulator. It uses a simple INI like configuration file to define the routers, switches and networks. You can download Dynagen for Linux, Windows or OS X (the package already includes Dynamips). The Dynagen installation includes very useful Tutorial and sample labs.

Dynamips loading Cisco IOS

VNUML

VNUML is a virtualization tool based on User Mode Linux virtualization software, initially developed to simulate IPv6 scenarios based on Linux and zebra routing daemon. It’s also a very useful tool in simulating general Linux based network scenarios.

VNUML is aimed to help in testing network applications and services over complex testbeds made of several nodes (even tens) and networks inside one Linux machine, without involving the investment and management complexity needed to create it using real equipment.

To use VNUML tool you need VNUML language for describing simulations in XML, and an interpreter of the language (vnumlparser.pl), that builds and manages the simulation, hiding all UML complex details to the user. It is available in package format for .deb based Linux distributions like Debian, Ubuntu, and in source format for other distributions. VNUML Live DVD makes it possible to try VNUML without installing anything into your computer. Here are some useful documentaions: Installation guide, Tutorial and Example Scenarios. This VNUML and Dynamips/Dynagen mixed scenario is quite interesting because it simulates cisco router using Dynamips/Dynagen and Linux Servers using VNUML.

Simple VNUML Description

1. Passwords

Cryptographic methods, biometrics, and two-factor authentication are becoming popular these days, but in reality we still have to deal with passwords most of the time. So, proper management of password is absolutely critical to the security. It doesn’t have to be complicated. Here are few simple things I recommend to do with the passwords:

Use password manager
Manually keeping up with 100s of login ids and passwords is very difficult, impractical and sometimes impossible. So, use some kind of password management tool. With a proper password manager you don’t have to worry about generating secure passwords, you’ll stop writing passwords in paper, and you don’t have to remember any of them. The password manager will help you with all of these tasks. I use KeePass to manage the passwords. It’s an excellent multi-platform password manager available for Windows, Linux, Mac OS X and Windows Mobile.

Change passwords regularly
Never use same password for two servers or devices, and change them regularly, at least once every 3 months. By using an unique passwords per system you’ll reduce the damage in case a single password is compromised, and by changing the passwords regularly you’ll make the guessing and attacking for the bad guys much harder.

Never send naked passwords
What I mean is, never send a clear-text password over the network. The packets can be easily captured with many freely available tools and packet sniffers. Always use some form of protection when you need to transmit the passwords, e.g. SSL, SSH or VPN connection. You should never use HTTP or Telnet to manage anything over the network. Replace them with HTTPS (SSL) and SSH.

2. Security Updates

Keeping your systems up-to-date is very important, there’re new security patches released by most of the vendors all the time. Sometimes the security updates negatively affect production environment, so it’s recommended to first test the fixes and then only apply to production environment. Anyway, patching the known security holes is critical to stay secure. The longer you take to patch a known security hole the more you’re exposed to attacks.

3. Changes

There’s a nice saying about the change — “Change is the only constant”. I think that’s true for life, and for systems, and networks. We make changes all the time, change firewall rules, add users, delete users, install security patches and so on. The system and network environment keeps changing. It is very important to keep a backup of the last known working configuration of everything, and maintain a change document. So, if suddenly after changing a firewall rule everyone in the network complains about not being able to access a server in DMZ, we should be able to fall back to the previous rule-set easily. If you’ve made some manual changes to a config file to improve the performance of a linux server, you should note it down because after few months you won’t remember the exact changes you’ve made. Knowing what changes you’ve made and being able to fall back keeps you and your environment productive and secure.

4. Stop unnecessary services
Most of the Operating Systems and security devices come with a lot of services installed and running by default. The more services that are running, the more your system is exposed to attack. So, you need to identify all the services running in the system and stop the unnecessary ones. If it’s a firewall, explicitly deny everything first, and start allowing the necessary connection and services. If it’s an operating system, find and stop all the unnecessary services.

By following these 4 simple measures you’ll be able to keep your system and network secure and stable. I’m not saying that just these measures would be enough in all environments, but they’re the basic foundation. I think not only admins but normal users should be following these 4 measures to keep themselves secure in todays wild internet.

Any other simple measures that you take to keep your system and network secure? Comments and emails are welcome.