Nirlog.com

Allan Leinwand at GigaOM has an interesting post about Web 2.0 & Death of the Network Engineer.

I was recently meeting with a Web 2.0 company discussing their network infrastructure plans. As I started asking questions about their racks of servers, their storage area network (SAN), their plans for routing, load-balancing and network security, the CTO of the company stopped me and made a bold statement.

He said, “The Internet is like electricity. We plug into it and all of the things that you mention are already there for us. We don’t spend any time at all on network or server infrastructure plans.”

To this CTO, knowing the details of his network and server infrastructure was like knowing the details of the local utility electricity grid – not required. Is this a bad thing, or proof that networking technologies have succeeded?

I think for Web 2.0 startups the network infrastructure and the internet is really like electricity in the beginning, but once you start to grow and need to scale, you can’t afford the black box approach. Then you’ll need to have a very detailed understanding of everything.

Today it’s impossible to think business and personal communications without email. Sending and receiving emails costs you and me nothing. It’s free! The zero cost (for users), the efficiency of delivery, and ease of use has made it so popular. But now email has become a victim of it’s own success. Just my quick test with one email server for 4 days showed that 96% of the emails received were abusive.

The email protocol (SMTP) was designed at a time when very few people were using emails and everyone basically knew each other. So, security was not a concern, but today the world has changed and that trust isn’t there anymore, but the SMTP protocol we’re using remains the same.

So, how is today’s technology dealing with this problem?

Read the rest of this entry »

Few years ago I was looking for a virtual host management system, that’s when I came across Virtualmin. The features satisfied my requirements and of course you can’t beat the free, price wise . I’ve been using it in an environment with 100+ virtual hosts since then, and don’t have any regret on my choice. It’s running all these years without any problem.

What is Virtualmin

Virtualmin is a free and open-source virtual hosting management system designed to make virtual hosting quick, reliable, and secure. It’s a Webmin module, which supports the creation and management of Apache virtual hosts, BIND DNS domains, MySQL/PostgresSQL databases, and mailboxes and aliases with Sendmail, Postfix or Qmail. It utilizes existing Webmin modules for these servers, and works with any existing system configuration, rather than needing it’s own mail server, web server and so on. There’s also a commercial version of Virtualmin that you’ve to pay for, called Virtualmin Pro, which includes some extra features and support.

Read the rest of this entry »

The earthquakes that shook Taiwan yesterday, killed 2 when a building collapsed, and injured at least 40. The quake also damaged undersea cables that disrupted Telecommunications and Internet connections around Asia.

When I went to office this morning, after 3 days Christmas holiday, the phone was constantly ringing, with customers query about Internet and Email service. Our servers were inaccessible from Overseas and we couldn’t reach sites outside of Hong Kong.

Yesterday, I’d noticed an upsurge in traffic to my blog after the news of Buddha Boy’s reappearance, but unfortunately today most of the visitors from US cannot access my site. Hopefully the the damaged cables will be repaired soon and we’ll have an access to the wider world.

This is the notice from my ISP (looks like it’ll take several days to fix):

News: Quake disrupt Asia communication

Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security. Noam Eppel writes how the Internet security is failing and what can be done about it. He compares the current state of security industry with a boiling frog:

They say if you drop a frog in a pot of boiling water, it will, of course, frantically try to scramble out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite complacently. As you turn up the heat, the frog will sink into a tranquil stupor and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death. The security industry is much like that frog; completely and uncontrollably in disarray - yet we tolerate it since we are used to it.

The article lists out attacks that made the headlines recently and points out that failure can be seen everywhere — spyware, phishing, trojans, viruses, worms, spam, botnets, web application vulnerabilities, DoS attacks, Active-X, passwords, patch management, zero-days, wireless access points, internal attacks, vulnerabilities in security software, mobile viruses and encryption.

Recently Noam Eppel has published an update to the failure article with Community Comments & Feedback, where he highlights the Good, the Bad and the Ugly comments generated by his article.

I think both articles are very useful, with loads of data and insights, specially for Information Security Professionals.

Email has just turned 35 and it’s very difficult to imagine working without the emails today. Here are few interesting links to Email and it’s history.

IT programmer Ray Tomlinson sent the first message in late 1971.

The test messages were entirely forgettable and I have, therefore, forgotten them. Most likely the first message was QUERTYIOP or something similar.

Josh Burt of The Sun is reminding us of the top 5 embarrassing emails of last 35 years.

And a list of very useful tips from IT Security; Hacking Email: 99 tips to make you more secure and productive. The article include Etiquette, Communicating & Effectiveness, Mobile Email, Productivity, Folders, Filtering, Email Attachments, Tricks, Hacks, Backup, Software specific tips, Privacy and Security.

This guide describes how to install and configure the OpenVPN Server in Linux and clients in Windows XP and Mac OSX. There are many advanced features in OpenVPN and if you’re interested in those advanced stuff, there’s a more detailed HowTo for you. This guide was created from my successful installation, so it works for me. If you find any problems or have suggestions please leave a comment. I’ll try my best to help. I’m sure, you know that you’re using this at your own risk

In our scenario, a small office network is protected by Linux firewall and we’ll implement the secure OpenVPN to access the internal office network (File Server, Database Server and Desktop PCs) securely from anywhere in the Internet.

Read the rest of this entry »

I’ve used IPSec, PPTP and SSL VPNs for quite some time and found them to have their own strengths and weaknesses. IPSec is secure but too complicated, with too many options for implementation and configuration. PPTP is easy to use and configure but it had some security issues in the past, which deters serious security minded organizations to implement it. Commercial SSL VPNs are easy to use but they’re very expensive and still haven’t solved all the remote connection problems.

I was introduced to SoftEther (popular Japanese personal VPN) by one of my boss few years ago, it’s secure and free but the documents are available only in Japanese. While I was searching for english documents of SoftEther, I came across an Wikipedia entry, which said “It is similar to OpenVPN, though it is closed source software”. I’d heard about OpenVPN but had never given it a serious look. This time I decided to look at it. I was pleasantly surprised by it’s ease of installation, use and robust security. Here are few points to note about OpenVPN:

• It’s a free and opensource.
• It’s secure; uses the SSL/TSL protocol.
• It’s easy to install and use. Graphical User Interfaces are available for those who fear the command lines.
• Has flexible authentication scheme based on certificates, smart cards, or traditional username/password credentials.
• Can be implemented as a bridge or a router (OSI layer 2 or layer 3).
• Excellent cross-platform support, it can be installed in Linux, Unix, Windows and Mac OS X.
• Good documentation, FAQs, HowTos and articles.

If you’re looking for a secure, cheap, flexible and easy to use vpn solution, then you should give OpenVPN a try.

The Great Firewall of China monitors, filters and blocks all the websites and email contents. If you’re in China you won’t be able to browse CNN, BBC and other international news smoothly, and you’ll have a terrible experience of sending and receiving emails. There will be a lot of unexplained bounce back emails and sometime emails lost in black holes. To further extend their control over the net, now China is moving towards ‘real name’ system for blogs.

The Internet Society of China has recommended to the government that bloggers be required to use their real names when they register blogs, state media said on Monday, in the latest attempt to regulate free-wheeling Web content.
The society, which is affiliated with the Ministry of Information Industry, said no decision had been made but that a ‘real name system’ was inevitable.

Implementation of this will mean an end to anonymity, threat to privacy and a further curb on free speech. I quite doubt how effective they’ll be in implementing this system, looking at the number of blogs and bloggers in China.

China now boasts over 17.5 million bloggers, producing nearly 34 million blogs. An estimated 75 million Chinese netizens—more than half the country’s estimated 130 million Internet users—are blog readers.

But China has a reputation for being ruthless in implementing their policies and they do have technical, human and financial resources at their disposal. I think they’ll try very hard and ultimately fail. What do you think?

Most of the modern Ethernet networks use LAN switches and for the Network Admins it’s very essential to understand how this basic, yet very important component of the network operates. I came across an excellent document in cisco site about How LAN Switches Work. The document explains what a LAN switch is, how transparent bridging works, what are VLANs, trunking, and spanning trees.

Switching allows a network to maintain full-duplex Ethernet. Before switching existed, Ethernet was half duplex. Half duplex means that only one device on the network can transmit at any given time. In a fully switched network, nodes only communicate with the switch and never directly with each other. In the road analogy, half duplex is similar to the problem of a single lane, when road construction closes one lane of a two-lane road. Traffic attempts to use the same lane in both directions. Traffic that comes one way must wait until traffic from the other direction stops in order to avoid collision.