I-BLOG

Quite often when you’re infected with a Virus, the virus does diligently disable a lot of functions in Windows (Like disable the task manager, Disable registry editor etc).

So either you’re stuck at different Google searches in search for fixes to these individual problems or you really start thinking of re-loading the OS itself. Situations like that can be pretty annoying. This is one nice tool with about 25 quick fixes put together in an UI.

Some of fixes that can be done using this little tool are;

• Enable Command Prompt
• Enable Task Manager
• Enable Folder Options
• Enable Registry Editor
• Restore missing Run dialog box
• Stop My Documents open at startup
• Fix right-click error
• Fix slow network file/shared/remote
• Restore Network icon to system tray
• Fix slow hotkeys
• Fix CD/DVD drive is missing or not recognized
• Fix CD auto play
• Restore My Computer (Computer) properties
• Restore Device Manager
• Fix delay in opening Explorer
• Restore grayed Explorer and Taskbar toolbars
• Restore My Documents properties
• Remove OEM splash and wallpaper
• Restore My Network Places to Desktop
• Enable Recovery Console
• Restore grayed file associations
• Restore “Send To” context menu item
• Restore the native ZIP file integration
• Error when trying to access Add or Remove/ Program and Features program

You can read about & download this awesome little portable lifesaver from HERE

There is a good comparison chart available between these 2 firewalls

{ Click Here to get it }

Though it is a comparison with FG – 224B, you can pretty much see the plus points that comes with Juniper SSG series of Firewalls.

One of the most common things in every ASA/PIX firewalls is the nat configuration for outgoing connections; something like this;

hostname(config)# nat(inside) 1 0.0.0.0 0.0.0.0
hostname(config)# global (outside) 1 interface

This tells the firewall that all traffic coming from inside (local lan) interface should be PAT’ed and route before it goes out through the outside (like internet). Now you can also define this with an access-list for much filtered Natting. Say; you have 2 networks in your local lan and want only one of them to be Pat’ed like above;

We call it, 10.0.0.0/8 and 192.168.1.0/24 and only the second one should be natted; This is achieved through the following statements;

hostname(config)# nat (inside) 1 192.168.1.0 255.255.255.0
hostname(config)# global (outside) 1 interface

Similarly, you can use an access-list for much controlled Natting like below;

hostname(config)# nat (inside) 1 access-list 10
hostname(config)# global (outside) 1 interface
access-list 10 permit ip 192.168.1.0 255.255.255.0

The beauty is, you can even control this Natting using specific protocols/ports combination. Say, if you want to allow only internet browsing (http & https) to be allowed, then;

hostname(config)# nat (inside) 1 access-list 100
hostname(config)# global (outside) 1 interface
access-list 100 permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list 100 permit tcp 192.168.1.0 255.255.255.0 any eq 443

See an advantage here? You can avoid having a separate access-list to be inserted for this purpose on the outside interface. Now, there is another way where you don’t want to nat, achieved through nat(inside)0. Typically this is used for VPN connections. When you have VPN terminated onto ASA/PIX, You won’t be Natting the traffic going through that and you achieve it by adding;

nat(inside)0 access-list 10
access-list 10 permit 10.0.0.0 255.0.0.0

OR

nat(inside)0 10.0.0.0 255.0.0.0

However there is a difference with nat (inside) 0 statements, you cannot control the NAT functionality based on protocols/ports, it is only IP. For example;

nat (inside) 0 access-list 100
access-list 100 permit tcp 192.168.1.0 255.255.255.0 any eq 80

The above will not work. This is the limitation and you’d have to go for regular access-lists on your interfaces if you want to stop these traffic.

In Cisco’s own words;

On ASA, the policy nat cannot be applied on nat(0) statements and is not supported;

Identifies the local addresses and destination addresses using an extended access list, also known as policy NAT. Create the access list using the access-list command. You can optionally specify the local and destination ports in the access list using the eq operator. If the NAT ID is 0, then the access list specifies addresses that are exempt from NAT. NAT exemption is not the same as policy NAT; you cannot specify the port addresses, for example.
Note      Access list hit counts, as shown by the show access-list command, do not increment for NAT exemption access lists.

Source : { Here }

I had moved to Foxit reader from Adobe Reader for the sole reason that I can have a cup of coffee by the time adobe loads the document, not to mention when we’re browsing a PDF document through Internet.

Then I came upon this little tool while I was searching for ‘how to speed up adobe reader’, this utility is Adobe Reader Speedup

It does disabling of some plugin’s and voila PDF’s with adobe loads almost instantaneously now!

You may wanna try it. Download it by clicking the above link.

If you don’t know especially if you’re a newbie with Cisco Routers, one of the annoying thing is the message;

Translating….. domain server (255.255.255.255)

Well, it is there for a reason and is doing something that may not be obvious. So here is the deal in Cisco’s own words;

By default, when a command in user or enable mode is entered into a router and this command is not recognized, the router believes that this is the host name of a device that the user is attempting to reach using telnet. Therefore, the router tries to resolve the unrecognized command into an IP address by doing an IP domain lookup. If no specific domain server has been configured on the router, the router will issue a broadcast for the command to be translated into an IP address. It can take several seconds for the router prompt to return while the router waits for a response to its Domain Name System (DNS) broadcast.

Simple fix?

Just add ‘no ip domain-lookup’ and save it. It should be gone!

Source : [ Cisco Online Doc ]

One of the things in TCP/IP communications is inefficient communication/problems caused by packet fragmentation due to MTU settings along with the PATH. There is one known problem which almost everyone hits especially over IPSEC (Outlook & Exchange) on which I had blogged previously on how to find the optimal MTU value for traffic so that the packet doesn’t get fragmented => [ HERE ]

Finding the optimal MTU is relatively easy procedure along the WAN path, however it has to deal with multiple ping requests with different sized packets manually. Now I stumbled across a utility that’ll do it much efficient MTURoute

It is a free tool and does it nicely and also does have multiple options.

Use it with caution though since it produces a lot of ICMP traffic and your ISP or Network may not like it (more details on the authors page, follow the link, here

One of the things every network admin would like to do is to monitor his key application servers/machines’ up status. If it is down, the last thing he wants is to have the users come to him and complain!

Say I own a web server and I want to see if the web server is alive and I’d like to know when the server goes down, one option is to keep an infinite ping loop and keep it outputting to a text file or so, then do a daily look through of the text file to see if it went down or not. Not an efficient way to handle things, as well this doesn’t ensure that you get notified the moment it goes down.

I did spend some time in Google. Well, there are thousands of networking monitoring applications that can do this, but they all come with $$$. I was searching for a rather freeware solution or write a script in Perl or something. Then I stumbled upon this one;

CheckHost by ab-tools.com just developed August 2009.

The tool has amazing capabilities. It does exactly what I wanted and even more. It can check to see if a HOST is alive by ping and when down, give a desktop alert or even send an email to you. Further more to the functionality, it can work on TCP and UDP as well.

So if you have a web server, it can check by actual TCP/80 connections, if you have a public facing RDP server – then check actual TCP/3389 and let you know immediately when it goes down. Check out the configuration options tab below;

This is technology at its best. Simple/low on resources yet still get things done. Wouldn’t people like an admin like this who is always get first to the issue.

Great going guys! Check out their website they have some more cool stuff under development as well.

      2009 Information Security/SearchSecurity.com Readers’ Choice awards are announced and guess what; Juniper Won the best security solution awards in the following categories;

• Intrusion Prevention:   Gold Award   : Juniper IDP Series
• NAC                            :   Gold Award   : Juniper Networks Unified Access Control
• Remote Access       :    Silver Award : Juniper Networks SA Series SSL VPN Appliances

Last year Juniper was named a finalist in five categories and won an award in each category, including Authentication, NAC, Network Firewalls, Remote Access and UTM. Juniper SSG, ISG and SA SSL VPN won Gold awards.  UAC won a Silver award. Juniper Steel-Belted Radius, NetScreen and SSG won Bronze awards.

Way to go Juniper! If you look at Juniper’s Security Market/Products, the solutions have been there in the market only for a few years now, but still they made through and take on the long-timers now!

After quite some time, I’ve been active @ Experts-Exchange and one of the questions that popped up was this;

have some concerns regarding network congestion.  Is there a formula out there for determining the necessary network capacity for X number of clients?

A very legitimate request if you ask me. When we have chips doing things for us, why should we tell the chips, how to efficiently do it? However, the nature of distributed solution is such that there is no central mechanism to govern it. Reminds me of British Colonies around the world – it just went out of their hands for the very reason

As far as I know, there isn’t a formula which you can apply and resolves all these issues.

Basically, it is about good design till now, and as a matter of fact there are more and more research going on in this area;

http://www.freepatentsonline.com/5491801.html

The above is one patent on this idea.

Distributing the load, watching your network trend is the only way to say what mechanism is needed for your network to avoid network congestion. What I’m trying to say is, say you have a 500 node organization and I have a 500 node organization. There isn’t a single way where we can incorporate QoS or anything just like that -> It very much depends and only depends on your network traffic trend.

So different data points have to be taken. What is the average load of switches/routers/internet links and what kind of traffic is it? etc matters. Again there are different types of policies, we can have a fair share policies where each device gets a fair share, but in modern networks, we want a desktop browsing facebook to suck when it is in competition with a VoIP phone, isn’t it?

So start with your internet link utilization reports. Get MRTG (Or even better PRTG, 5 device license is free) to do an analysis to see how much you’re paying for your uplink and what your actual utilization is. Some times, the results can be shocking. Back in 2003, while I was doing contract job for a hospital, they had a twin T1 connection providing an effective bandwidth of 3 Mbps and their utilization for just about 20%. Still there were talks going on to get additional internet links for the reason that people complained about the browsing speed being slow!

When I entered the scene, I got caught in the momentum and was thinking of how to get better link. Then for another project, I was digging on the data set which revealed the utilization. Had to literally show to my VP on what is going on and that the internal network is the one which needs an operation (if not surgical ).

Lifehacker.com reports that a good 57% of netizens browse while the TV is on. This news caught me the moment I read it, nothing to guess here. One of the complaints I daily hear is that I’m browsing/working on my laptop and the TV is running. Do I know what I’m doing, of course I do and I explain the scenes going on the TV as well

Lifehacker also hosted a poll related to this and 73% (4301 votes) go for this! Thanks to the wireless technology. As a matter of fact, I’m right now looking for a wireless printer as well, it is that addictive!