The Cisco IOS has many powerful security features that enable network engineers to protect their internal network. The Cisco IOS is capable of intrusion detection, deep packet inspection, and stateful firewall features. Setting up IPS allows the admin to push intrusion detection to the network edge. The Cisco IPS feature set can scan for spyware, viruses, worms, Trojans, and network intrusions by receiving updated signature files from Cisco. If a packet or series of packets matches a particular signature the router can, send an alert, drop the packet, or reset the connection of the offending user. In this way the network engineer can better protect the network by acting on suspicious packets before they can pose a risk to the network infrastructure, another advantage of pushing IPS duties to the network edge is it allows offending packets to be dropped before they take up finite network resources.  In large networks as much as 10 percent of network resources could be consumed by packets that ultimately will be dropped for security reasons deeper in the network. (more…)

The real magic of the new Vista backup tool is the second option Complete-PC backup. This feature takes advantage of the HAL independence of Vista and allows you to backup your entire system at one time using the magic of volume shadow copies to backup open files. The backup is also stored in a virtual machine file which means that you can boot, run, and extract files from your backup using Microsoft Virtual PC. This is a really neat feature! If the previous feature isn’t enough for you Microsoft will let you restore your pc by bootin (more…)

As promised here is some iPhone screenshots!!!. (more…)

I have spent the last couple weeks breaking the Iphone in every way possible. I Now have it running as a mail server. One of the great things about the iphone is that it is running mac os x leopard, which is just version 9 of the darwin kernel. That means that once you get out of the ch-rooted environment on the phone, you can install the BSD subsystem. The BSD subsystem basically just adds back all the unix tools we have come to know and love. After that it is just a matter of compiling an embedded version of apache or your web server of choice. Next you can use NFS shares to mount more available storage. I will post some pictures here of some interesting screen shots. The arm cpu in the phone is actually quite fast. This of course is all just for iphun ( pun intended) however it is nice to have shell access on the phone. I do a lot of networking for a living and it is nice to have ssh and telnet on my phone. This makes it much easier to program routers and do many other things

(more…)

An MIT student was arrested in Logan intl Airport for wearing a sweatshirt with a prototyping board on it and a 9 volt battery which lit up some led’s that said MIT course VI which is the numerical designation for computer and electrical engineering majors. The shirt which she has and has been wearing for a long time, was something that a class of students made as a project. The police surrounded her in the airport with automatic weapons and arrested her, then commented that she was lucky to be alive. As you can see from the link to the article below anyone who has half a brain can see that it is a piece of techno art. However I just wanted to post this to solicit your opinions about the fear of electronics in this country and the sad state of affairs. This is even worse considering that MIT is known for its research in embedded computers in clothing and the airport is right around the corner from MIT! Also she walked up to the airline desk and asked when a flight was coming in because she was picking up a friend. She did not even try to get through the security checkpoint.

http://www.boingboing.net/2007/09/21/mit-student-arrested.html

Thanks to those friendly people from Digg.com who decided it would be fun to bring my Solaris box to its knees by forking and other things to DDOS my Solaris zone. I have learned many ways of enhancing the security of Solaris zones. I have limited the Sandbox zone to 1% of total CPU usage. I have limited the total number of processes to 1000 and I have installed the Solaris Jass security hardening script. I plan to post many of my discoveries in the future. Work has been busy lately and it is on the burner of things to be done along with part 2 of solaris zones.

IPF is a very robust firewall included in FreeBSD by default. This is a statefull firewall with logging capabilities that can also be used to NAT a local network in situations where the FreeBSD box is the router. The best way to get IPF working is to compile the kernel with support built in. Although the default kernel has support through the use of loadable modules, compiling the options into the kernel provide a more flexible and robust system.

(more…)

So what is a zone?

A zone is analogous to a VMware machine but with some distinct advantages as well as some disadvantages. To start explaining zones let’s start by comparing it to VMware since most people are familiar with VMware. VMware is a software program that runs on a host operating system,. This could be Windows, Linux, or a custom kernel in the VMware ESX series. VMware provides a hardware abstraction layer which it uses to create mini virtual computers. The advantages of this setup are as follows: You can create a custom virtual computer designed for the operating system and application you want to run. This means that you have a very high level of customizability which allows you to tailor the virtual machine to provide the best performance for the program you want to run. VMware also supports ? many different operating systems. You could run VMware on a Linux box and then run Windows 2003 in one virtual machine, and a FreeBSD NFS server in another. From the point of view of the guest operating systems, they believe they are on standalone hardware and are unaware of the host OS and other guest OS’s which may be running.

(more…)