I-BLOG

Do you know,

               Letters ‘a’, ‘b’, ‘c’ &’d’ do not appear anywhere in the spellings of 1 to 99

               (Letter?d? comes for the first time in Hundred )

               Letters ‘a’, ‘b’ & ‘c’ do not appear anywhere in the spellings of 1 to 999

               ( Letter ‘a’ comes for the first time in Thousand )

               Letters ‘b’ & ‘c’ do not appear anywhere in the spellings of 1 to 999,999,999

               ( Letter ‘b’ comes for the first time in Billion )

               And

               Letter ‘c’ does not appear anywhere in the spellings of entire English counting

Got this from one of the internal mail aliases, nice to know — Good find

One of the amazing functionality of Juniper firewalls are the CLI easiness of creating and maintaining configurations, one such impressive example is VPN Configuration;

Say, we have 2 working Juniper firewalls and if we want to configure site to site vpn tunnels, then it would be as simple as 3 commands. Lets see how difficult it is;

First create a tunnel Interface :

set interface tunnel.1 zone <Zone>

set interface tunnel.1 ip unnumbered interface <Interface>

Create VPN parameters:

set ike <Gateway-Name> address <Remote Peer IP> <Mode> outgoing-interface <Interface-Name> preshare “Key” proposal <Propasal>

set vpn <VPN-Name> gateway <IKE-Gateway> sec-level compatible

set vpn <VPN-Name> bind interface <Tunnel-Interface>

Create a route to send the traffic over VPN:

set route <Remote-Network>/<Mask> interface tunnel.1

Example:

SiteA-Network———-Firewall-1————————-Firewall-2————SiteB-Network

Firewall-1  [ethernet0/1 - outside interface in zone 'untrust' , 1.1.1.1/30]

Firewall-2 [ethernet0/1 - outside interface in zone 'untrust', 2.2.2.2/30]

Firewall-1 [Internal Network is 20.20.20.0/24]

Firewall-2 [ Internal Network is 10.10.10.0/24]

So the configuration would look like this;

###################################################################

set interface tunnel.1 zone untrust

set interface tunnel.1 ip unnumbered interface ethernet0/1

set ike “ToSiteB” address 2.2.2.2 main outgoing-interface ethernet0/1 preshare PASSWORD proposal pre-g2-3des-sha

set vpn “TOSITEB-VPN” gateway “ToSiteB” sec-level compatible

set vpn “TOSITEB-VPN” bind interface tunnel.1

set route 10.10.10.0/24 interface tunnel.1

###################################################################

Picked off the CISSP book; I like this one

Information Security is a Management Problem which often demands a Technical Solution

In the VPN configuration this seems to be a host discussion; so here we go

There are 2 options of internet traffic for the VPN users;

1. Split-Tunneling enabled :: This means all the corporate traffic goes through the vpn tunnel and all the internet (local browsing etc) goes through the user’s local internet connection which improves the browsing speed/experience for the end user.
2. Split-Tunneling disabled :: This means all the corporate traffic and local user traffic to internet traverse over the vpn tunnel and the internet traffic first goes to the vpn end-point and then exits to internet

Now, point 1 seems to be interesting to some security professionals for the reason that, while connected through VPN there is no local interaction and thus no ” security risk “. The argument being while connected to the corporate through VPN, the public internet is secluded and thus there is more security in terms of somebody/something from internet gets to the corporate!

Well, let me see; the way I see it – First of all it makes the internet browsing poor for the end user who is probably browsing more but still is *ON* VPN just for mail checking in the late evening (If that is happening ). Now security-wise, does it mean by just disabling the split-tunneling, an administrator can be assured that the user won’t harm the corporate ? I don’t think so;

How About users’ machine infected with a Virus/Trojan/Some Crap, whether you have enabled split-tunneling or not, this is going to enter corporate ???? YES.

So what security are we talking about ?

The best approach would be to have Network Access/Admission Control which is integrated with an AntiVirus/AntiSpyware/IPS and Firewall module.

Now is there something obvious I’m not seeing here? May be somebody can shed some light and I would really appreciate that!

Well, I got robbed on my birthday which was a couple of months back, I had lost 2 cell phones and 4000 INR in cash as well.

Then comes the surprise, the police calls me to whom I had lodged a complaint about the same. The deal is they caught the guy who stole and this f**ked up country’s police needs 3000 in cash for them to return my belongings to me, basically 2 cell phones.

Dealt it with 2000 and at least the phones are back with me. It is quite easy to read these kind of news which is no news to anybody who lives here but when it happens to you then you know!

God save this country…

Rather interesting topic compared to the normal attacks and vulnerabilities I think! Got this piece of information from slashdot and seems that there is at least one person daring to question the very existence of ‘Mathematical thinking’ behind computer science.

In particular, he says the notion of the algorithm, “has been largely ineffective as a paradigm for computer science.” Fant argues that, because mathematicians, notably John Von Neumann and Alan Turing, were intimately involved with the early development of digital electronic computers in the 1940s they transplanted a mathematical model of computation, including the algorithm – commonly understood to be an exact prescription, defining a computational process, leading from various initial data to the desired result – into the fledgling science of computers.

Source { Here }

It would be interesting to wait for comments from Math-Computing Experts on this one!

Remotely monitor your employees during office hours. Control and monitor PCs on LAN, know every detail of when, what employees did, view their desktop LIVE. Runs in background, takes snapshots of the desktop, logs everything. Shutdown or Log-off PCs remotely when you suspect anything wrong is being done. Send message to the errant employee directly on his remote computer without letting know others. Keep track of what is happening on employees computers. Keep an eye on their systems. Have complete control over employee computer usage. Monitor employees