Never go to bed mad. Stay up and fight!
Tech in general
IPTables for Windows
Oct 5th
Oh well, if you’re more used to IPTables than any normal firewall software, then of course you’re gonna need that for your Windows machine as well. Nothing wrong about that, the interesting stuff here is about the technology, really and not who made it – if it works well.
Windows IP Firewall (WIPFW) is an open source project that gives you exactly that;
Checkout their page here
WHAT IS WIPFW?
WIPFW is a MS Windows operable version of IPFW for FreeBSD OS. You can use the same functionality and configure it as only you work with IPFW.
IPFW is a packet filtering and accounting system which resides in the kernelmode, and has a user-land control utility, ipfw. Together, they allow you to define and query the rules used by the kernel in its routing decisions.
There are two related parts to ipfw. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the router, based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the router is getting from a certain machine, or how much WWW traffic it is forwarding, for example.
As a result of the way that ipfw is designed, you can use ipfw on non-router machines to perform packet filtering on incoming and outgoing connections. This is a special case of the more general use of ipfw, and the same commands and techniques should be used in this situation.
And one more important piece of info would be;
Q: Whats the difference between WIPFW and IPFW?
A: Now WIPFW is unable to change packets content, so it is impossible to redirect packets. Also WIPFW has no traffic shaper. In the future WIPFW will be using ndis driver which will allow all abilities.
XPQuickFix – Swiss Army Knife for Windows
Sep 30th
Quite often when you’re infected with a Virus, the virus does diligently 
disable a lot of functions in Windows (Like disable the task manager, Disable registry editor etc).
So either you’re stuck at different Google searches in search for fixes to these individual problems or you really start thinking of re-loading the OS itself. Situations like that can be pretty annoying. This is one nice tool with about 25 quick fixes put together in an UI.
Some of fixes that can be done using this little tool are;
- Enable Command Prompt
- Enable Task Manager
- Enable Folder Options
- Enable Registry Editor
- Restore missing Run dialog box
- Stop My Documents open at startup
- Fix right-click error
- Fix slow network file/shared/remote
- Restore Network icon to system tray
- Fix slow hotkeys
- Fix CD/DVD drive is missing or not recognized
- Fix CD auto play
- Restore My Computer (Computer) properties
- Restore Device Manager
- Fix delay in opening Explorer
- Restore grayed Explorer and Taskbar toolbars
- Restore My Documents properties
- Remove OEM splash and wallpaper
- Restore My Network Places to Desktop
- Enable Recovery Console
- Restore grayed file associations
- Restore “Send To” context menu item
- Restore the native ZIP file integration
- Error when trying to access Add or Remove/ Program and Features program
You can read about & download this awesome little portable lifesaver from HERE
Speed Up Adobe Acrobat Reader
Sep 22nd
I had moved to Foxit reader from Adobe Reader for the sole reason that I can have a cup of coffee by the time adobe loads the document, not to mention when we’re browsing a PDF document through Internet.
Then I came upon this little tool while I was searching for ‘how to speed up adobe reader’, this utility is Adobe Reader Speedup
It does disabling of some plugin’s and voila PDF’s with adobe loads almost instantaneously now!
You may wanna try it. Download it by clicking the above link.
Monitor Server or Service (Check Host Alive)
Sep 17th
One of the things every network admin would like to do is to monitor his key application servers/machines’ up status. If it is down, the last thing he wants is to have the users come to him and complain!
Say I own a web server and I want to see if the web server is alive and I’d like to know when the server goes down, one option is to keep an infinite ping loop and keep it outputting to a text file or so, then do a daily look through of the text file to see if it went down or not. Not an efficient way to handle things, as well this doesn’t ensure that you get notified the moment it goes down.
I did spend some time in Google. Well, there are thousands of networking monitoring applications that can do this, but they all come with $$$. I was searching for a rather freeware solution or write a script in Perl or something. Then I stumbled upon this one;
CheckHost by ab-tools.com just developed August 2009.
The tool has amazing capabilities. It does exactly what I wanted and even more. It can check to see if a HOST is alive by ping and when down, give a desktop alert or even send an email to you. Further more to the functionality, it can work on TCP and UDP as well.
So if you have a web server, it can check by actual TCP/80 connections, if you have a public facing RDP server – then check actual TCP/3389 and let you know immediately when it goes down. Check out the configuration options tab below;
This is technology at its best. Simple/low on resources yet still get things done. Wouldn’t people like an admin like this who is always get first to the issue.
Great going guys! Check out their website they have some more cool stuff under development as well.
Juniper Security Rocks!
Sep 17th
2009 Information Security/SearchSecurity.com Readers’ Choice awards are announced and guess what; Juniper Won the best security solution awards in the following categories;
- Intrusion Prevention: Gold Award : Juniper IDP Series
- NAC : Gold Award : Juniper Networks Unified Access Control
- Remote Access : Silver Award : Juniper Networks SA Series SSL VPN Appliances
Last year Juniper was named a finalist in five categories and won an award in each category, including Authentication, NAC, Network Firewalls, Remote Access and UTM. Juniper SSG, ISG and SA SSL VPN won Gold awards. UAC won a Silver award. Juniper Steel-Belted Radius, NetScreen and SSG won Bronze awards.
Way to go Juniper! If you look at Juniper’s Security Market/Products, the solutions have been there in the market only for a few years now, but still they made through and take on the long-timers now!
Network Congestion
Sep 16th
After quite some time, I’ve been active @ Experts-Exchange and one of the questions that popped up was this;
have some concerns regarding network congestion. Is there a formula out there for determining the necessary network capacity for X number of clients?
A very legitimate request if you ask me. When we have chips doing things for us, why should we tell the chips, how to efficiently do it? However, the nature of distributed solution is such that there is no central mechanism to govern it. Reminds me of British Colonies around the world – it just went out of their hands for the very reason 
As far as I know, there isn’t a formula which you can apply and resolves all these issues.
Basically, it is about good design till now, and as a matter of fact there are more and more research going on in this area;
http://www.freepatentsonline.com/5491801.html
The above is one patent on this idea.
Distributing the load, watching your network trend is the only way to say what mechanism is needed for your network to avoid network congestion. What I’m trying to say is, say you have a 500 node organization and I have a 500 node organization. There isn’t a single way where we can incorporate QoS or anything just like that -> It very much depends and only depends on your network traffic trend.
So different data points have to be taken. What is the average load of switches/routers/internet links and what kind of traffic is it? etc matters. Again there are different types of policies, we can have a fair share policies where each device gets a fair share, but in modern networks, we want a desktop browsing facebook to suck when it is in competition with a VoIP phone, isn’t it?
So start with your internet link utilization reports. Get MRTG (Or even better PRTG, 5 device license is free) to do an analysis to see how much you’re paying for your uplink and what your actual utilization is. Some times, the results can be shocking. Back in 2003, while I was doing contract job for a hospital, they had a twin T1 connection providing an effective bandwidth of 3 Mbps and their utilization for just about 20%. Still there were talks going on to get additional internet links for the reason that people complained about the browsing speed being slow!
When I entered the scene, I got caught in the momentum and was thinking of how to get better link. Then for another project, I was digging on the data set which revealed the utilization. Had to literally show to my VP on what is going on and that the internal network is the one which needs an operation (if not surgical ).
Browsing & Television
Sep 7th
Lifehacker.com reports that a good 57% of netizens browse while the TV is on. This news caught me the moment I read it, nothing to guess here. One of the complaints I daily hear is that I’m browsing/working on my laptop and the TV is running. Do I know what I’m doing, of course I do and I explain the scenes going on the TV as well
Lifehacker also hosted a poll related to this and 73% (4301 votes) go for this! Thanks to the wireless technology. As a matter of fact, I’m right now looking for a wireless printer as well, it is that addictive!
Opera 10 ready to use
Sep 1st
I’ve been addicted to this browser for a couple of years now. I really like the sleek, nice and most importantly faster browsing experience which is something I’m sure every netizen would appreciate.
Opera 10 features another cool feature – Opera Turbo, which can load web sites faster, read more at opera.com
Official announcements hasn’t come yet but you can grab it from the ftp server at opera.
ftp.opera.com –> browse down for your flavor.
Thanks to ghacks.net for this news.
NAT provides Security?
May 4th
One of the statements I stumbled upon for more than 5 years now is that NAT provides Security and I do not understand or concur how!
First, NAT was never considered for security in concept, actually there were even holes in NAT if we look at earlier stages of NAT. I found another question in Experts-Exchange today [After a long time I’m dedicating some more time on EE, since I’m more or less becoming a moron doing people management]. So the question was ‘Should I configure nat in my firewall for additional security’. Surprisingly there were more than 5 answers stating different ways it provides security. Guys, I don’t understand and if it is because I don’t know, you’re more than welcome to provide some insight and I’ll be glad you did and learn this.
Say 10.1.1.1 gets natted to 100.1.1.1 onto internet, how does it provide security?
Any attacks targetted to 100.1.1.1 will directly affect 10.1.1.1, unless there is some ‘firewalling’ mechanism involved to stop it.
Or if 10.1.1.1 goes out to internet using 100.1.1.1 and deliberately/unknowingly decides to download a worm, it still gets the machine infected, unless there is some ‘firewalling’ mechanism involved to stop it.
Moreover there are different types of scripts that can locally check what is your local ip configured on your machine (even though it doesn’t provide anything extra that the global/natted ip won’t provide).
So tell me how does NAT provide security. Now identity wise if you look at it, still it is not a great deal! I’m out of other ideas.
MPLS and Loopback Address
Feb 21st
Our team just started working on technology involving MPLS and stuff, so we were talking about MPLS networks, then came a question as to why do we always see loopback addresses in examples and is it like a strict requirement? We couldn’t find a solid answer or answers, owing to the fact that we are a bunch of security experts just landed into this MPLS
So the question is, Is it a must to have Loopback addresses for MPLS to work? Well, I got the following from [Here]
"Loopback" IP addressAlthough not a strict requirement, it is advisable to configure routers participating in MPLS network with "loopback" IP addresses (not attached to any real network interface) to be used by LDP to establish sessions. This serves 2 purposes:
|
Is there any other reason that you think should be there? Would appreciate if you could comment.