I-BLOG

Productivity increase by blocking non-project related sites is one of the myth that I’ve seen a lot on various online forums and as well there are always counter research data as to this has nothing to do with ‘increase in productivity’. I guess, I kinda agree too (Well, I know one of the leading IT companies who doesn’t give computers with internet access to any employee and only the lead/manager has it, that too restricted).

So putting aside the arguments, one of the issues with blocking outgoing connections based on IP has always failed (imagine the cloud of servers, if you were to block say yahoo mail). Now the Modular Policy Framework does support regex checking in the URL header to see which site it is going and block it, if you’d like to.

Here is the Cisco article describing the MPF in details {Here}

Now how do you block say access to facebook or myspace, from being utilized by your employees?? Pete has a good write-up on it and hence I’m not going to write it again here.

In short the configuration you need is; Thanks to Pete for providing such a detailed write-up.

On the Global Policy
————————————————-

regex domainlist1 "facebook.com"
class-map type regex match-any DomainBlockList 
  match regex domainlist1 
class-map type inspect http match-all BlockDomainsClass
  match request header host regex class DomainBlockList
policy-map type inspect http http_inspection_policy 
class BlockDomainsClass
  reset log
policy-map global_policy
  class inspection_default
  inspect http http_inspection_policy
service-policy global_policy global
———————————————-

With its own policy

———————————————–
regex BLOCKED_DOMAIN_1 "www.facebook.com"
access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http
class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
  match regex BLOCKED_DOMAIN_1
class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
  match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST
class-map CLASS_MAP_HTTP_TRAFFIC
  match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS
policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
  parameters
  class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
  drop-connection log
policy-map POLICY_MAP_OUTSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
  inspect http POLICY_MAP_HTTP_INSPECTION
service-policy POLICY_MAP_OUTSIDE_INTERFACE interface outside

I often wondered about typical networking interview questions, there is a section of questions which is repeated no matter which company you prepare for and still found a lot of guys not sure about it. It does not mean you do not know networking, but then often an interview is conducted in a short interval and by no means someone is going to assess how good you’re in networking.

Still, the interview is used to measure how good/quick you think in a particular direction, there are other woes obviously like;

1. What is IPSEC?

I have seen questions like this, as I see it – this is just as absurd as it can get. The whole of interview is probably what ‘an hour thingy’?, I can go on answering for the above question for full one hour. That is to mean the question is not in quantifiable terms. I mean, do you think all the times, you’d be able to explain what exactly the interviewer has in his minds? that is a big Bull! If the question is posed at like “Explain the phases of an IPSEC VPN” – this is much easier to quantify answer-wise.

Coming back, couple of questions I have seen others keep asking and I myself have asked and haven’t gotten a satisfied answer many more times are like these;

1. Explain and differentiate Routed and Routing protocols?

2. Private IP addresses can’t be routed through internet, why?

3. What is ARP and how does it work?

4. Classful & Classless concepts?

5. TCP 4 way handshake – (this is best, as everyone seems to know the 3 way) ?

6. What is NAT-T ?

7. Different types of firewalls? (everyone knows ‘Stateful’ and ‘Stateless’, but nothing more – reason? they’ve studied it only once, not up to speed on the technology advances).

8. How does a device know that the destination is *not on the local network* ?

9. Can 2 VLAN’s have the same IP Subnet? – Most of them answer ‘NO, a BIG NO’ ?

10. Why/When a network loop happens in an L2 network?

These are pretty basic questions for Network/Security Engineer with 3 to 5 years experience as I see fit. So it kinda got into habit of me to shoot off from these and if majority is ‘no’ then the candidate is a big ‘no no’ for me!

Actually it even gets funny some times. I had a friend (who’ll read this as well ), he actually asked a guy to give some basic test cases for a cell phone/Mobile phone. So he gave some ‘not-so-satisfying’ test scenarios. So my friend asked him to write down a stress test case for this phone and the candidate mentioned that he will “Make a long distance call” and that was a stress test case for him. See the thinking has to be aligned if not exactly correct. Once a CCIE guy was just goofing around, since he only had teaching experience and never touched a live network in his life, so I was frustrated with this answers (C’mon if a router doesn’t respond, he’d just reboot it seems!) and so was my other fellows listening to it. So I asked him to subnet a network and asked him to use the white-board since he’d be more comfortable that way since he was a network teacher/instructor. He did something and came down on something silly as 90/2 is approximately 40. I was literally “DONE” with the candidate, went to my manager and asked him to just get this guy off the premises.

This post is not to insult anyone, see they all are equally working in this industry but then for everything there is a bench-mark. Hiring a candidate doesn’t stop there, the responsibilities to shoulder only starts from there –> To make him to full-fledged and productive on the project.

Yesterday, IETips.net folks have released IE Tweaker version 1.0 of the software. A lot of changes/fixes can be performed by the tool as advertised at their site; Over 90+ fixes are available for the software. I haven’t tested it and am downloading as I write this

Menu options:

Browsing Options - This menu option helps you to quickly turn off/on the following:

Smooth Scrolling, Clear type font, Animation, Sounds, Picture Display, Automatic Image resizing

Clear Junk Files – This option will help you to quickly remove all the temporary IE files, cookies, history, passwords, and AutoComplete data.

Tweak IE – Tweak IE menu has the following tabs:

Basic Tweaks - Offers you the basic tweaks such as Turn off/on Menu bar, Favorite bar, Tabbed browsing, Full screen mode, Caret Browsing support etc.,

Browser Menus - Helps you to disable/enable the Browser Menus

Toolbars – Helps you to hide/unhide the various options on the bars and also the bars itself such as Status bar, command bar etc

Control Panel - Helps you to hide/unhide the various tabs in Tools -> Internet Options.

Advanced – Helps you to Turn off/on various options such as Compatibity view etc., and also allows you to change the IE Title, and Default download directory options.

Restrictions - This menu option has the following tabs:

- Restrictions – Provides you various restriction optionss such as Changing default search provider, Add-ons management, Autocomplete features etc.,

- Settings - Restricts the users to change various settings.

- Security - Allows you to enable/disable options such as InPrivate Browsing, Filtering etc.,

Repair - Repair menu option provides you various options to repair/fix various issues that you have with Internet Explorer.

In addition to it we have also provided desktop Shortcuts for various modes of Internet Explorer in Shortcuts Folder.

To download visit {Here}

  Based off the Glassdoor.com surveys from the employee’s themselves of each company, Juniper Networks’ ranks the first!

Got this snippet from { Here }

  One difference about glassdoor compared to all other predictions is that these are derived by anonymous input’s from the respective organizations itself.

The other day I was configuring Outlook 2007 for Gmail POP3 access and voila, the field where I can input the password and save it is grayed out. Typical annoyance, I know what I’m doing but there isn’t a way where I can enable it without the additional trouble;

I started with our expert for everything, Mr. Google. Then I came across a lot of pages describing a lot of solutions and finally worked out with something where one can enable the password to be saved if you want, of course in the registry. So here it is;

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security]
"EnableRememberPwd"=dword:00000001

You set this key to 1 and then the password box was up and usable. Thought it’d help others. Now remember that this is one of the case where it is done like this and if you’re trying to do this on a AD managed network, then your Network Admin might have tweaked some settings for the Org. sake. Well, I did this on an AD managed laptop, and it worked for me. So there is no harm in giving it a try!

Oh well, if you’re more used to IPTables than any normal firewall software, then of course you’re gonna need that for your Windows machine as well. Nothing wrong about that, the interesting stuff here is about the technology, really and not who made it – if it works well.

Windows IP Firewall (WIPFW) is an open source project that gives you exactly that;

Checkout their page here

WHAT IS WIPFW?

WIPFW is a MS Windows operable version of IPFW for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW.

IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions.

There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.

As a result of the way that ipfw is designed, you can use ipfw on non-router machines to perform packet filtering on incoming and outgoing connections. This is a special case of the more general use of ipfw, and the same commands and techniques should be used in this situation.

And one more important piece of info would be;

Q: Whats the difference between WIPFW and IPFW?

A: Now WIPFW is unable to change packets content, so it is impossible to redirect packets. Also WIPFW has no traffic shaper. In the future WIPFW will be using ndis driver which will allow all abilities.

Quite often when you’re infected with a Virus, the virus does diligently disable a lot of functions in Windows (Like disable the task manager, Disable registry editor etc).

So either you’re stuck at different Google searches in search for fixes to these individual problems or you really start thinking of re-loading the OS itself. Situations like that can be pretty annoying. This is one nice tool with about 25 quick fixes put together in an UI.

Some of fixes that can be done using this little tool are;

• Enable Command Prompt
• Enable Task Manager
• Enable Folder Options
• Enable Registry Editor
• Restore missing Run dialog box
• Stop My Documents open at startup
• Fix right-click error
• Fix slow network file/shared/remote
• Restore Network icon to system tray
• Fix slow hotkeys
• Fix CD/DVD drive is missing or not recognized
• Fix CD auto play
• Restore My Computer (Computer) properties
• Restore Device Manager
• Fix delay in opening Explorer
• Restore grayed Explorer and Taskbar toolbars
• Restore My Documents properties
• Remove OEM splash and wallpaper
• Restore My Network Places to Desktop
• Enable Recovery Console
• Restore grayed file associations
• Restore “Send To” context menu item
• Restore the native ZIP file integration
• Error when trying to access Add or Remove/ Program and Features program

You can read about & download this awesome little portable lifesaver from HERE

I had moved to Foxit reader from Adobe Reader for the sole reason that I can have a cup of coffee by the time adobe loads the document, not to mention when we’re browsing a PDF document through Internet.

Then I came upon this little tool while I was searching for ‘how to speed up adobe reader’, this utility is Adobe Reader Speedup

It does disabling of some plugin’s and voila PDF’s with adobe loads almost instantaneously now!

You may wanna try it. Download it by clicking the above link.

One of the things every network admin would like to do is to monitor his key application servers/machines’ up status. If it is down, the last thing he wants is to have the users come to him and complain!

Say I own a web server and I want to see if the web server is alive and I’d like to know when the server goes down, one option is to keep an infinite ping loop and keep it outputting to a text file or so, then do a daily look through of the text file to see if it went down or not. Not an efficient way to handle things, as well this doesn’t ensure that you get notified the moment it goes down.

I did spend some time in Google. Well, there are thousands of networking monitoring applications that can do this, but they all come with $$$. I was searching for a rather freeware solution or write a script in Perl or something. Then I stumbled upon this one;

CheckHost by ab-tools.com just developed August 2009.

The tool has amazing capabilities. It does exactly what I wanted and even more. It can check to see if a HOST is alive by ping and when down, give a desktop alert or even send an email to you. Further more to the functionality, it can work on TCP and UDP as well.

So if you have a web server, it can check by actual TCP/80 connections, if you have a public facing RDP server – then check actual TCP/3389 and let you know immediately when it goes down. Check out the configuration options tab below;

This is technology at its best. Simple/low on resources yet still get things done. Wouldn’t people like an admin like this who is always get first to the issue.

Great going guys! Check out their website they have some more cool stuff under development as well.

      2009 Information Security/SearchSecurity.com Readers’ Choice awards are announced and guess what; Juniper Won the best security solution awards in the following categories;

• Intrusion Prevention:   Gold Award   : Juniper IDP Series
• NAC                            :   Gold Award   : Juniper Networks Unified Access Control
• Remote Access       :    Silver Award : Juniper Networks SA Series SSL VPN Appliances

Last year Juniper was named a finalist in five categories and won an award in each category, including Authentication, NAC, Network Firewalls, Remote Access and UTM. Juniper SSG, ISG and SA SSL VPN won Gold awards.  UAC won a Silver award. Juniper Steel-Belted Radius, NetScreen and SSG won Bronze awards.

Way to go Juniper! If you look at Juniper’s Security Market/Products, the solutions have been there in the market only for a few years now, but still they made through and take on the long-timers now!