Wednesday, December 31, 2003
Put me on the not list as I receive 20-30 legitimate messages per day which makes up less than 10% of the total volume. Thanks to various people for writing Procmail, SpamAssassin, SpamBayes, and various virus scanners.
Scraped from Slashdot.
Tuesday, December 30, 2003
Thanks to SilverStr for the pointer!
Monday, December 29, 2003
Oh, and BTW, I have a copy of the book on my shelf.
Sunday, December 28, 2003
Saturday, December 27, 2003
Friday, December 26, 2003
Anyways, I've backfilled the last few days and will settle down to work on a serious back-log of posts.
Merry Christmas, y'all!
Thursday, December 25, 2003
I agree with Bowulf, at least in part. You also have to have logging enabled. If you're working in a NOC, that also means router logs (that's syslog servers, not the dinky space for logging in router memory!). For those networks which aren't allowed to enforce a decent firewall policy, you also need to log high-port to high-port traffic which is where most of your shady-stuff (unauthorized/covert channels, P2P, backdoors, etc.) happens.
I disagree with Bowulf in that logging isn't the sole action you need to take. Closely related to logging is taking and maintaining metrics. A good metrics supports the cliche "a picture is worth a thousand words". If you're watching your network metrics, you learn to recognize "normal" network activity and "abnormal" network activity.
One example of this is e-mail metrics. You cannot read every message that passes through your mail servers. However, if you graph your metrics properly, you should be able to recognize the spread of a new virus within 5-15 minutes of the initial spread (depending how often your graphs are update). While it won't block the new infection (usually nothing will), it does allow you to react quickly enough to minimize the damage and protect the rest of your network.
Maybe a good rule-of-thumb is to maintain metrics on your normal traffic (web, email, etc.) and regularly filter your logs for the abnormal traffic?
Wednesday, December 24, 2003
Tuesday, December 23, 2003
Jabber's XML-based communications have been around for quite awhile. The protocol is open source and there are quite a few tools to work with it. At one point, I'd even adapted it to send Instant Messages to all NOC personnel if a router interface or a service went down.
Monday, December 22, 2003
Got any favorites you want to suggest for a *nix-based server?
Sunday, December 21, 2003
Saturday, December 20, 2003
Friday, December 19, 2003
Thursday, December 18, 2003
Wednesday, December 17, 2003
Tuesday, December 16, 2003
Monday, December 15, 2003
Sunday, December 14, 2003
RFC's are the agreed upon standards by which the "community" is defined. Think of it as the charter for your local government. Protocols (languages) are agreed upon. Responsibilities are defined.
One shortcomiing is that there is no requirement to comply. This allows organizations and individuals to do horrible, aggressive and/or stupid things via the Internet without reprisal. Examples: long distance Outlook-Exchange connections, MS's perversion of the Kerberos protocol, long distance NetBIOS, long distance Telnet/FTP/POP3/IMAP, just about any proprietary encryption scheme, and 90% of the e-mail domains.
For the Internet-based violations, here's a site called "RFC Ignorant", which tracks the stubbornly ignorant.
Saturday, December 13, 2003
Thursday, December 11, 2003
Wednesday, December 10, 2003
Tuesday, December 9, 2003
For those new to the game, FWTK is the Firewall Toolkit, one of the first application proxies written 20 years ago. Amazingly, it's still usable. Combining it with other technologies (SOCKS, ipfw, iptables, Squid, other proxies/packet filters) allows you to build a workable firewall for just about any *nix flavor, including a Mac version.
If you care to read it, click on the Wiki link above and scroll down to the Security section. Let me know what you think?
Monday, December 8, 2003
Early Warning!!: If you manage a corporate network, you may want to consider blocking this, both for sending (if it's possible) and for reading. There's some pretty unsavory blogs over there (people abusing the service mostly). The hosts state in their FAQ that if they receive a court order, they will turn you in if you're doing something illegal.
Sunday, December 7, 2003
Saturday, December 6, 2003
It seems that beaumonday thinks I pick on Microsoft too much. Acutally, if you read REAL close, I pick on everyone who thinks that any one operating system is the way to go. (Do I need to repost my point-and-click administrator rant again?) I'm a firm believer in the-best-tool-for-the-job and know-the-technology-behind-the-gui.
I provide a lengthy response.
Just so I can alienate everyone and level the playing field, out of the box:
- Microsoft Windows is insecure
- Linux is insecure
- Unix (SunOS, BSD, Irix, AIX, Xenix, etc) is insecure
- Cisco/Foundry/Bay/etc. is insecure
- Novell has problems (actually, they had the highest rating by the gov't prior to adding in IP capabilities)
- and the OS that you may be writing has *SERIOUS* problems.
However, when used in conjunction, they can provide a very secure network for your users.
Friday, December 5, 2003
Thursday, December 4, 2003
Wednesday, December 3, 2003
How about semi-conductor physics? (Yet another attempt by those-with-too-much-time-on-their-hands to use sex to teach the less-willing-to-learn.)
But it's funny anyways. The "Booble" search engine is interesting also. (Hint: click on the "Search Britney Space" radio button)