Nirlog.com

GFI LANguard Network Security Scanner is a very easy to use yet powerful commercial Network vulnerability scanning, patch management and auditing tool. If you have a small network with few computers then it’s easy to keep track of the softwares installed and do the patching manually, but for larger networks it would be a nightmare to do everything manually. This is where tools like GFI LANguard NSS come in to help network/system admins. GFI LANguard NSS makes use of the vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network is scanned. It is one of the best commercial network security scanner and patch management tool available.

I’ve installed and tested it in my WinXP SP2 running on my MacBook Pro Vmware Fusion, and this is what I found.

Read the rest of this entry »

Finally got my hands on the iPhone today!

We’ve all watched/read so much about the iphone and it’s coolness that expectations were quite high. And I’ve to say that I was not disappointed. It’s really cool, slim and gorgeous. Most of the things work perfect. I think the keyboard is not an issue.

iPhone was launched today at 6:02pm in UK and could be bought in Apple Stores, O2 stores or Carphone Warehouse stores. You’ll have to sign 18 months contract with O2, which is the exclusive carrier in UK.

There’s one Carphone Warehouse store few blocks away from my house, so I went to check out at 6pm. Surprisingly there were just around 20 people queuing up. The store opened at 6:02 and everybody was let in. But there was a problem with carphone warehouse’s payment system. I’m not sure if the system was flooded by iPhone transaction or other technical issues. Anyway, it took more than half an hour just for the payment authorization. I was the first one to walk out of that store with the iPhone. They authorized the payment manually, bypassing the chip and pin (security system in UK’s bank cards).

Activating iPhone with iTunes was a smooth and painless process. I am currently using Vodafone, and got the PAC code from them few days ago. PAC code is a special code to transfer your mobile number from one provider to another. My existing mobile number will be automatically transferred to my iPhone after 7 days, until then O2 has assigned me a temporary number. That was clever.

Played with most of its features, made several calls (quality is quite good) and tested the visual voice mail (which should be very useful). Synced my address book, music, podcasts, some photos and videos. iPod is excellent. Gmail and IMAP mails are easy to configure and work without any problem. Photos are very cool, flipping them, zooming in/out, resizing was fun. Google Maps will be very useful for me finding places in London, it loads pretty fast even on EDGE Network.

Only problems are the Wi-Fi connection and YouTube. I use a 128bit WEP HEX Key at home and couldn’t establish connection with my Access Point. Quick Google gave me this (seems to be a known issue) but using $ in front doesn’t solve the problem for me. For the YouTube Videos It says that it requires an EDGE or Wi-Fi connection.

I think these two problems can be fixed easily.

I’m just having a good time playing with it. You’ve to hold it and use it to really appreciate it. It was a nice Deepawali gift for myself!

How do you monitor your network traffic? Of course using MRTG, you might say. Yes, that’s true, MRTG does an excellent job of monitoring traffic across networks and devices (router/switches). But when you see an abnormal traffic in MRTG, how do you find out what is generating that extra abnormal traffic? This is where ntop comes into play. Basically, MRTG shows you a bigger picture, whereas ntop lets you zoom into individual networks and hosts, and gives you enough information to pinpoint the hosts or devices generating extra/abnormal traffic.

ntop is a tool that shows network traffic usage. It is based on libpcap and when installed in a place where it can capture network traffic (hub or a mirrored port of a switch), it logs and reports information concerning IP and Fibre Channel traffic generated by each host in the network. ntop has a very rich and user-friendly web interface for reporting.

This is what ntop can do for you:

* Sort network traffic according to many protocols
* Show network traffic sorted according to various criteria
* Display traffic statistics
* Store on disk persistent traffic statistics in RRD format
* Identify the indentity (e.g. email address) of computer users
* Passively (i.e. withou sending probe packets) identify the host OS
* Show IP traffic distribution among the various protocols
* Analyse IP traffic and sort it according to the source/destination
* Display IP Traffic Subnet matrix (who’s talking to who?)
* Report IP protocol usage sorted by protocol type
* Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)
* Produce RMON-like network traffic statistics

Read the rest of this entry »

After switching to a mac, I tried many desktop password managers, and had written about Password Managers for OS X, which got a lot of attention. It’s needless to mention the importance of using a password manager since we use passwords to protect almost everything digital, and we’ve so many of them today. Currently we trust most of our private data like, emails, bookmarks, documents, spreadsheets and calendar events to some online providers like Google, Yahoo or Microsoft. So, how about your secrets and passwords stored online, somewhere in the cloud? I know what your immediate response is, passwords? No way I’m going to store my passwords online! But you might want to give a second thought because now the technology is secure enough. Thanks to Host-Proof Hosting. If the owners of the servers wanted to mess around with your information, or even if the server gets hacked, they won’t be able to recover your data. In Host-Proof Hosting the sensitive data is always transmitted to the server in encrypted from using a pass-phrase. The good thing is that, this pass-phrase is never transmitted to or stored in the server. The server can never access the stored data in it’s plain form. All the encryption and decryption takes place in the client side, inside the browser. This is basically a “Zero-Knowledge” web application, where the provider knows nothing about your actual data.

* User enters pass-phrase to begin using the system. Browser retains the pass-phrase as a global variable.
* User requests a list of all data belonging to him.
* For each record, the system stores the associated user ID in plain-text, the record ID in plain form, and the record content only in encrypted form. (The message content is one or more database columns, each encrypted.) Thus, system is able to return a list of record IDs for this user.
* User selects one of the record IDs.
* System checks that this user ID is associated with the record ID, and returns the corresponding message content.
* Browser uses stored pass-phrase to decrypt the contents.

Ok, with that background if you’re ready to store your sensitive information online, here are few choices for you.

Read the rest of this entry »

The benefits of designing and testing complex networks in simulated environments are obvious to network professionals and companies. It lets them test the network configurations before implementing it in the real world, and the good thing is that, they can do this without investing any money in expensive hardwares. Virtual networks are also excellent tools for academic and certification purposes like CCNA, CCNP or CCIE, where students can get hands-on experience configuring cisco routers.

Currently Cisco is the leader in Networking market, and Linux, the leader in Server market. So, if you want to test your complex (or not so complex) network configurations before buying any actual linux servers or the very expensive cisco routers, then you can use Dynamips to simulate Cisco Router/Switch and VNUML (Virtual Network User Mode Linux) to simulate your linux servers/routers. Both Dynamips and VNUML are open source and free.

Read the rest of this entry »

I locked myself in for 2 months to prepare for the CISSP (Certified Information System Security Professional) exam, and now I’m back triumphant to tell the story. Yes, I just received the Congratulations email from ISC2. I’m sharing my experience here with a hope that it might be helpful to anyone who’s preparing to take the exam. There’s no doubt that it was THE MOST difficult exam I’ve ever taken.

Let me give you a general idea about this certification. CISSP is a security certification carried out by (ISC)², which is a globally recognized, vendor neutral organization for certifying information security professionals. To pass the CISSP exam you’ll have to be competent in 10 Domains of the Common Body of Knowledge (CBK):

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

To qualify to sit for the exams you need to:

Subscribe to the (ISC)² Code of Ethics.
Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree. Additionally, a Master’s Degree in Information Security from a National Center of Excellence can substitute for one year toward the four-year requirement.

Update: Effective 1 October 2007, professional work experience requirements for the CISSP will increase from four to five years, and direct full-time security professional work experience will be required in two or more of the ten CISSP CBK domains. A new endorsement policy will also be in effect, requiring anyone who passes a CISSP, CAP, or SSCP exam to have their qualifications endorsed by another (ISC)² credential holder. These changes will not affect those who sit for an examination on or before 30 September 2007. For more information, please refer to the Experience Requirement Change FAQs.

The exam itself is 6 hours long, with 250 questions based on the 10 domains. 25 out of 250 questions are for research, but you’ll have to answer all of them, and there’s no way of knowing which one is which. So, 225 questions will be scored, and you’ll have to get 700 out of a possible 1000 points on the grading scale to pass. Different questions carry different weight (marks) and there’s no way to know which question carries how much marks. As of writing this, the exam costs US$ 499 if you register 16 days ahead of exam date or US$ 599 if you register later.

Read the rest of this entry »

There’s been a lot of buzz around the OpenDNS lately. OpenDNS is a DNS provider that offers free service, with safer and faster browsing experience. This is how it works.

1. You register an account in OpenDNS site.
2. Login to your account.
3. Change your DNS Setting pointing to OpenDNS Servers.

That’s it, you’re good to go. The only difference from your normal environment is that now you’re using the OpenDNS DNS Servers.

The Advantages of using OpenDNS Server

You’ll be protected from Phishing attacks because OpenDNS keeps the database of phishing sites, so it can identify and stop sites trying to phish (cheat or trick) you. It claims to be faster than your ISPs DNS with large cache but I didn’t notice any change in my browsing speed after the change, but this could definitely be an advantage if your ISPs DNS is slow. It can correct the typos for you. For example, if you type nirlog.cmo instead of nirlog.com, it’ll correct your mistake and point you to the right site. The latest feature called Shortcuts allows you to type something easy-to-remember into your address bar for those web sites you visit often. For example, I can just type short “gmail” to visit Gmail, instead of typing the full url “http://www.gmail.com/“. This, I think is a very handy feature. Network admins can configure the full office networks too.

You can map short names for your favorite web sites

The Down side of using OpenDNS Server

You need to be always logged in to the Open DNS web site to use the service. They make money from the advertisement. It works like this, when there’s a typo OpenDNS cannot fix, it’ll redirect you to a yahoo search result with advertisement. I think that’s ok, but in some cases they’ll redirect you to a site that’s nothing to do with the web site you intended to visit. For example if you type http://nirlog.cm then it’ll redirect you to http://agoga.com/. It’s clearly not the site I intended to visit, the best thing OpenDNS could have done is to redirect to nirlog.com since there’s no nirlog.cm or at least it could have redirected to an organic search in Yahoo, the search engine they’re using. So, I think OpenDNS’s decision on what’s a typo, what’s wrong and right could be questionable. Actually the redirection has nothing to do with OpenDNS, it’s due to registrar for Cameroon, who has created parked pages with Agoga for every unregistered .cm domain.

When I typed http://nirlog.cm it redirected me to http://agoga.com

I think OpenDNS has a clear advantage over your ISPs DNS, with it’s phishing protection and speed in some cases. The shortcut is a very handy feature too. So for my personal machine I’ll keep the OpenDNS setting.

Update: John Roberts from OpenDNS has cleared the point about .cm domain in his comment, apparently registrar for Cameroon has created parked pages with Agoga for every unregistered .cm domain. So, it has nothing to do with OpenDNS. And also if you’ve setup OpenDNS on your networks, then you don’t need to login to the web site.

Today it’s impossible to think business and personal communications without email. Sending and receiving emails costs you and me nothing. It’s free! The zero cost (for users), the efficiency of delivery, and ease of use has made it so popular. But now email has become a victim of it’s own success. Just my quick test with one email server for 4 days showed that 96% of the emails received were abusive.

The email protocol (SMTP) was designed at a time when very few people were using emails and everyone basically knew each other. So, security was not a concern, but today the world has changed and that trust isn’t there anymore, but the SMTP protocol we’re using remains the same.

So, how is today’s technology dealing with this problem?

Read the rest of this entry »

I switched from Microsoft to Apple on desktop, but on mobile I’m jumping (trying) from Palm to Microsoft. I’ve bought a Dopod 720w, which runs windows mobile 5 smartphone edition. It’s gorgeous and slim, with bright screen, Wi-Fi, Edge, Gprs, push e-mail, excellent call quality and long talk time battery life. You can listen to the music or watch videos with it’s windows media player 10 mobile (supports AAC, MP3, WAV, WMA, MPEG-4 , and WMV files). I’ve been mobile surfing web for a while and discovered that my blog is not so mobile friendly. I found a neat script, with step-by-step instruction that converts your blog or web site mobile friendly in just 2 minutes.

So, here is my mobile friendly blog — http://mobile.nirlog.com, created in 2 minutes.

Browsing with my dopod

Read the rest of this entry »

I’ve used IPSec, PPTP and SSL VPNs for quite some time and found them to have their own strengths and weaknesses. IPSec is secure but too complicated, with too many options for implementation and configuration. PPTP is easy to use and configure but it had some security issues in the past, which deters serious security minded organizations to implement it. Commercial SSL VPNs are easy to use but they’re very expensive and still haven’t solved all the remote connection problems.

I was introduced to SoftEther (popular Japanese personal VPN) by one of my boss few years ago, it’s secure and free but the documents are available only in Japanese. While I was searching for english documents of SoftEther, I came across an Wikipedia entry, which said “It is similar to OpenVPN, though it is closed source software”. I’d heard about OpenVPN but had never given it a serious look. This time I decided to look at it. I was pleasantly surprised by it’s ease of installation, use and robust security. Here are few points to note about OpenVPN:

• It’s a free and opensource.
• It’s secure; uses the SSL/TSL protocol.
• It’s easy to install and use. Graphical User Interfaces are available for those who fear the command lines.
• Has flexible authentication scheme based on certificates, smart cards, or traditional username/password credentials.
• Can be implemented as a bridge or a router (OSI layer 2 or layer 3).
• Excellent cross-platform support, it can be installed in Linux, Unix, Windows and Mac OS X.
• Good documentation, FAQs, HowTos and articles.

If you’re looking for a secure, cheap, flexible and easy to use vpn solution, then you should give OpenVPN a try.