Blog Host: Chris Partsenidis - Founder and Senior Editor, Firewall.cx READ ENTIRE BIO

Anyway, we are in the process of planning a new network deployment for a customer and there have been many discussions about the operating system that will be installed on the multiple servers to be purchased. Naturally, Windows was chosen, but there were big debates as to if Windows 2000 or 2003 should be installed. I love trying out new technologies, and you must always be ahead of the rest in order to survive this race, but this isn't the case when you are called to design something a company will depend on.

In such cases, I prefer the "a bit older" (proven) solution that I know I can rely on, because of many reasons -- stability, robustness and experience with the product. After agreement with the managers, Windows 2000 was selected as the platform, with the option of migration to Windows 2003 later on down the track.

I remember back when Windows 2000's first service pack took care of more than 60,000 bugs found in the the-new operating system. I would hate to see such a figure of bug fixes in my customer's real working environment -- I think it's just too much of a risk. Another truth about these silly bugs is that when they are discovered on new operating systems, they usually exist in most previous versions, but is not enough to convince me to use the newer operating systems in a critical environment.

My opinion is that Microsoft's new operating systems are usually ready around about the second year of their release, since by then most major flaws are discovered and patched. Even though we are just about now at that point with Windows 2003, I'll give it a bit longer, just to be safe.

So what about existing installations and upgrades? What do you choose there? Ever heard the saying "If it works, don't fix it"? There have been countless times where I would remember this saying after getting stuck in messy situations because I wanted to get things working better in a different way, and the problems that surfaced made me think twice about what I started, but by then it was too late!

If you have no reason to upgrade it, leave it alone. The moment you start playing with it and making modifications, then it becomes your problem! Of course, if you can't avoid an upgrade or modification and are forced to proceed, just ensure you have taken all the necessary precautions such as backing up your system.

In closing, let me wish you all a great weekend, and I hope to see you all soon!
Posted by Chris Partsenidis Back it up -- or lose it
07 APR 2005 18:01 EDT (22:01, GMT)
Yesterday was a bit of a nightmare. I almost lost all my personal data, including e-mails sent and received since 1999 (yes, I'm one of them people who keep all their e-mails!), hundreds of documents containing personal details I can't afford to lose, all my Web site files (over 7000!), gigs of programs and music, and much more I really don't want to think about!

My home file server is a Red Hat v9 system, which I've been meaning to upgrade to Fedora Core 3, but never got the time to because my crazy schedule wouldn't permit me. Anyway, I returned from the office, plugged my laptop into my trustworthy Netgear DS-108 dual speed hub -- yes, I still work with hubs, even though I have a nice Cisco 3524XL sitting right next to it that's destined for the site's Cisco lab -- and this is because I do all sorts of weird stuff on the network and need to be able to sniff it any time without much trouble. After the hub's link light went on, I switched my laptop on and waited for it to boot. Logged into my Administrator account and connected to my home network.

To my surprise, a routine check (it had been a while since I last checked it) of my system's even log showed bad blocks on my hard drive, which explained why a few files couldn't be backed up a few days ago from my backup server. A further examination revealed that the damage was greater than I thought. A whole directory containing the biggest portion of the critical files I mentioned were damaged.

Things got worse when I traced the log all the way back to the beginning of the year and discovered that the system had reported bad blocks in the system's log files two months ago, which around the time I last checked it! You could imagine how I felt that very moment, as I saw years of work and confidential data being lost!!

My last hope was my tape backup machine, which had a few glitches in its history. I quickly ran through my tapes and started loading them to see how old the information was. After almost five hours, I managed to combine the data from my laptop, file server and old tape backups and recover my lost files from the server.

The ironic part is that I always ensure a correct backup is taken at the office by trying to recover random backups; until now, I never did this at home. :)

The moral of the story is: Never, ever forget to back up your data, and test that the actual backup works! Also, if you can invest a few dollars into some sort of redundancy, do it. I've now added a mirror hard disk to my file server, and I can sleep a lot easier at nights. You never do understand how important it is to back up your data until you lose it.

I hope you never need to understand that!
Posted by Chris Partsenidis Voice over the world!
06 APR 2005 21:35 EDT (01:35, GMT)
If today's blog topic caught your attention, then I'm happy -- it was meant to :) If not, then I guess I'll just have to try harder next time!

Voice over IP...another buzzword in today's IT industry. And by the looks of things, it will be a buzzword for quite a while. I admit, I'm new to VoIP and I regret it. A "few" years back when the first applications and products hit the market, I totally ignored its existence and refused to become familiar with the technology.

Today, I'm paying for that mistake by trying to catch up, but it's already got a good head start! In all seriousness, VoIP is great. I've been working with it now for a bit over two years and as with most things in life, the more you work and discover, the more you come to love it.

A few weeks ago I got to use a great program for the first time and was surprised with the results. VoIP through the Internet -- does it ring a bell or two?

Skype is one of the many programs available that will allow you to perform free Internet calls between computers, but at the same time call any land phone in the world -- at a very competitive rate. While the overall quality between calls made to other computers were average, calls to land phones was exceptional. This is logical, since the second service is one you pay for, while the first one is free!

I made around 10 phone calls from Greece to Australia, and I was stunned because I was not able to detect any lag, jittering or other problems VoIP usually suffers from when there's a high latency (something I expect for packets travelling long distances).

I couldn't help but start sniffing some packets during my conversation to see how the software is able to send voice packets without letting them suffer from the known problems VoIP has. As expected, I saw hundreds of packets being sent from the side that was talking at the moment and they all were 79 bytes in size, using the UDP protocol as a transport protocol. A packet of that size would surely minimize any delays and make it easier to reach its destination, than a 1500-byte equivalent! The UDP transport is always used for such applications because it is a connectionless-oriented protocol and does not require any acknowledgements of received packets.

So there you have it, free Internet calls and cheap overseas calls for everyone! By the way -- I forgot to mention that the rate I was charged was approximately 1 Euro per hour for calling a land phone in Australia!
Posted by Chris Partsenidis When it's hard to get hands-on experience
05 APR 2005 14:25 EDT (18:25, GMT)
One of the biggest problems in our industry apart from obtaining those hard-earned certifications is to also get some hands-on experience in the field you wish to gain experience in. Some believe it can never be so because of their current position or company for which they work.

My opinion is that this is incorrect, and I'll justify myself right away!

While your company might not be able to provide you with the hands-on experience you want, there are plenty of ways you can obtain it. Here are a few ideas.

If you only have one PC and would like to try out Windows 2000 Server, for example, you do not need to necessarily format your existing OS to install it, but instead use a great tool named "VMWare," which gives you the ability to create virtual machines on your existing workstation and install whatever operating system you wish. The only requirement is that you have adequate memory and space for each virtual machine created.

You can create a Windows 2000 Server, or even 2003, which should run without any problems and have your own dedicated server to work with or learn on. Great operating systems such as Linux are also supported amongst the long list of VMWare-compatible products.

Assuming that you have plenty of CPU power and memory, you can run three or four virtual machines at the same time, so you can have a multi-workstation environment to play with!

In the case your needs are a bit more complex and you would like to work with other types of equipment such as Cisco routers or switches, things get slightly more difficult. There are rental labs that will allow you access to a plethora of Cisco equipment for a reasonable price or, even better, free labs that don't require any money (like the one my Web site will offer). There is also the option of purchasing a second-hand router or switch to do your job.

If you believe that a second-hand router, or even an older model, won't be adequate, you'll be happy to know that most commands used for setting up common parts of these equipment are still pretty much the same. For example, whether you configure an Ethernet or serial port on an old Cisco 1600 or new 3825, the commands are the same. Standard features such as routing protocols (RIP, IGRP and so on) are also the same! To discover the differences, you must dive much deeper into the router's configuration, something most people who are looking for a simple level of experience won't really need.

As far as the switches are concerned, the same rule applies to most 2900, 3500, 3550 series. Up to a certain level of configuration, things are almost the same, so you can get away with a cheap 2912-XL!

There are also a lot of vendors offering cool Cisco lab simulations, where you're able to build your own network using a list of equipment available. Drag and drop them into your work area and click to configure them. Obviously, these simulations are limited to the command lines they have been programmed with, but they'll cover you almost 100%.

As you can see, there are quite a few alternatives if you really want to get that hands-on experience, so start looking at your options and take some action!
Posted by Chris Partsenidis Useful stuff
04 APR 2005 21:08 EDT (01:08, GMT)
The weekend is once again over, and here starts another crazy week, running from one problem to another trying to give solutions so you can keep everyone happy and also feel good at the end of the day.

Well I'm not going to give you any direct solutions today, but I'd like to speak to you about a few nice tools, books and other network-related stuff. You might be looking for something similar to what I'm going to talk about and this list may save you hours of searching or it might even be an eye opener for you, so at the end of the day, you'll still feel good about learning something new or finding that solution you never thought existed. :)

Scheduling systems
Don't tell me you've never needed such a service. In every large organization, there are always resources waiting to be used when they become available, whether this is a tool, piece of equipment, a room, car or anything else.

I've been on the search for a good scheduling product a few months now, for my site's upcoming Cisco lab, and my discovery just shows that for every type of commercial software, you'll find an equivalent free open source product that will cover you 100%.

This scheduling system had to provide some basic features I needed, such as user login, e-mail confirmation when a lab is booked, Web configurable announcements, day/week/month calendar views and a few other features. I'm overwhelmed that PhpScheduleIt has all these features for free! If you're on the search or think you can use such a product, give it a go.

Books
There are two books that I've come these past weeks. Both of them are fantastic and cover the Linux firewalls. I must admit at this point that I am a fanatic supporter of the Linux firewall service, also known as IPtables, and have been using it for over four years now. Because I'm sure a lot of you have heard of it or even used it, I'm sure you'll find these books most useful.

I should also note that while there are a lot of Web sites that offer support and tutorials for the Linux IPtable firewall, very few really explain the whole theory in depth; I've never seen any site cover all the material these books do.

1. Network Security Using Linux by Michael Sweeney. (ISBN 1-4116-2177-8). This is one of those books that confirm the saying "Don't judge a book by its cover." Simple and neat from the outside, a true gold mine on the inside.

   Michael Sweeney has combined an excellent guide to securing your network and basic TCP/IP tutorial to ensure that the reader understands the rest of the book. With eight chapters covering simple to complex firewall setups, encryption methods, understanding how these methods work, great open source tools to help you guard and troubleshoot your network, intrusion detection systems, VPN servers and various network monitoring tools, you'll quickly come to love this book. A total of 200 pages and well worth the money -- you won't be disappointed.

2. Troubleshooting Linux Firewalls by Michael & Scott Shinn.(ISBN 0-321-22723-9). Very well presented, with rich content, Troubleshooting Linux Firewalls is a great resource that will provide you with all the help and analysis you need for your Linux firewall. As with the previous book, this one has everything covered and presented in a really nice layout -- easy to understand and remember. A whopping 19 chapters and around 350 pages in total.

See you all tomorrow!
Posted by Chris Partsenidis Network monitoring...my eyes and ears
01 APR 2005 15:22 EST (20:22, GMT)
Network monitoring is a big and quite popular topic, but it also happens to be one of my favorite! If you work in a large network, you understand what I mean when I say that my network monitoring programs are my "eyes and ears" in the network, telling me exactly what's happening in every link on my network, whether it's 2 meters or 1000 kms away from my office.

So you can find millions of tools and programs that will provide you with statistics, uptime, downtime, network load and much more information, but the question is: How useful are they really? I mean, you spend an hour or so downloading a "complete network management/monitoring" package that contains 30 to 40 tools and costs a few hundred dollars (even thousands in some cases) and the real question is: Do you really need them all?

If you answered positively to the above questions, then think again -- and I'll explain why. Typical set of tools would include a telnet client, DNS resolver, simple ping tool, enhanced ping with graphical charts, Cisco router CPU usage, Cisco IP-to-MAC mapping, Cisco router config editor, an MIB browser, SNMP grapher, TFTP server and a whole bunch of other goodies.

While a lot of the tools would be very useful, there are only a handful I would really make use of in my everyday routine. A tool that included an IP network browser, MIB browser, ping scanner with graphical charts to show me various response times and a good telnet/SSH client would be enough to allow me to troubleshoot almost 95% of the problems I encounter.

You might already be well aware that you are able to do any type of DNS check you like using the good-old "nslookup" Microsoft provides with their OSes, or the equivalent in most Unix environments named "Dig" -- which by the way is very powerful. If I want to troubleshoot my Cisco router or switch, I don't need four or five different tools running on my trustworthy laptop, but rather a simple telnet client and some good knowledge on how to properly troubleshoot/debug my Cisco device.

Running a CPU gauge on the desktop, along with all the rest, is simply too much information, not to mention that after a while you'll either need to close or minimize it because you don't have enough resources or space on your desktop! These kind of tools I leave for the "Fancy Administrators" who think that their cool tools make them "Cool Administrators."

So you see, being able to monitor, troubleshoot and know what's happening in your network isn't only about using nice fancy programs as most might think. It's about knowing your stuff and developing those skills to make you become better and faster at your job.

This, of course, doesn't mean that I don't use any other tool. There are plenty of great open source or free programs out there that will cover your needs almost 100%, you just need to spend some time to find and evaluate them.

Here's a great example. You could take a very popular and expensive network monitoring package and replace it with a free (open source) Web-based package called Nagios, which is the ultimate network management program. It is able to keep track of thousands network services and resources and it doesn't cost you a cent! It will happily notify you via e-mail, SMS and so on when things get critical (e.g., a router has been down for more than five minutes).

You can also create groups where you place services, servers, nodes or whatever else you're monitoring together to help get a cleaner view of your network status.

Reporting , event logs and a few other functions it has are smartly built and will surely help you save a lot of money as opposed to similar products that don't usually have all the above in one package. A quick visit to the site will surely convince you.

Combine Nagios with MRTG, and you're able to also monitor your bandwidth utilization between your network(s) and switch(es).

Network monitoring must be taken seriously by network engineers and administrators. I believe it's essential to know what your network is doing at all times. So if you haven't already done so, check you've got all your necessary tools and play ball!

You'll be amazed the impression you will make when someone from higher management calls you to report they are unable to access a remote office and you tell them, "I'm aware of the problem and already looking at it."
Posted by Chris Partsenidis Control your network
31 MAR 2005 22:09 EST (03:09, GMT)
One of the most difficult jobs any administrator has is to ensure he is in constant control of the network(s) he is responsible for. So it might be easy to claim you're in control of everything, but are you really? And what does "I'm in control" mean? Are you secure?

Installing a network server and a few workstations doesn't really mean you've done much about tightening your network's security. I'm sure you've come across hundreds -- if not thousand -- of Windows installations that have had only their standard Service Pack installed and then been left to the user's (and possibly hacker's) mercy. Have you ever found yourself thinking, "Well, the latest service pack should be all it needs"?

Not to mention that you might still be working in a workgroup environment. That certainly has no control whatsoever and shouldn't be used if you've got more than 15-20 users. Active Directory (in Microsoft environments) is not new to those who have worked with Novell in the past. Back in 1993 Novell released its NDS for Netware 4.0 and did magic with it ever since in terms of management and security. It only took Microsoft 12 years to develop their version of it, and here we are in 2005 with Active Directory (AD)!

AD might not be a new technology, but it will certainly help you manage and secure your network. Integrating user authentication, access policies, group policies and much more -- it can help you do wonders.

In the real world, AD is not the beginning or the end of a secure network. It's just a small piece. The combination of this type of small piece will help you meet your objective.

Network segmentation is another important technique that certainly helps. By segmenting your network, you effectively break down the traffic on each logical network, but also provide some level of security. In many cases a virus breakout can be contained within a logical network. The new smarter viruses have started scanning for other networks as well, so you'll have a problem there, but there are ways to battle this, too!

Smart network devices, usually placed in the network perimeter scan for suspicious network traffic, will alert you so you can then take the necessary actions. Honeypots are also very popular lately. They are insecure boxes designed to attract intruder's interest. Naturally, when an intruder is looking for a victim (insecure host) they will perform various types of scanning, looking for open ports or weak security measures that can be easily compromised. So with a honeypot you can save yourself from a possible attack by redirecting a hacker to it. Reviews of the honeypot's logs will tell you if there are such people or hackers in your network.

Access lists on routers and firewalls are very important as well. Here you can block initial attacks to your network and create some very nice complex policies on what goes in and out of your network.

Bandwidth management. You might have a 1 Mb connection to the Internet, but don't want to dedicate it to HTTP traffic when you've got other critical services depending on it (e.g., e-mail). By managing your bandwidth, you are trying to use your resources as efficiently you can.

Syslog servers are also considered be quite important because they will gather all your network logs into one place where you can review them. I'm sure plenty of you will have found yourselves in an unpleasant position of visiting each server or network device to inspect its log files -- a very time consuming process indeed!

These are a few points you can use to help guide you through your steps of making your network a safer place to live in. There are plenty of great resources on the Internet, so if you're serious about security, devote some time to locate them.
Posted by Chris Partsenidis Discover your world
30 MAR 2005 11:02 EST (16:02, GMT)
After been a computer user for over 15 years and online at least 11, I've noticed that I'm less amazed by new programs that you can download and use for free -- not because I am a boring person, but mainly because I take them for granted.

Fortunately, every now and then comes a program (or game :> ) that will remind me of my first experiences on the Internet, when I would say to myself "Wow!! Check out what I found on the Internet!" I have one today for you all that I'm certain will amaze and glue you to your PC for a few days or even longer depending on the impact. :>

NASA has come out with this wonderful educational package -- free of charge -- that will allow you to travel around the globe as if you are in a satellite orbiting the world. It's called World Wind.

World Wind is a nearly 200 Mb download, but well worth it if you're into space or like to explore things you wouldn't normally be able to. World Wind requires Direct-X 9c to run, because it uses some advanced features that are not present in earlier versions of Direct-X.

So what can you do with World Wind? You are able to zoom into any country you like and discover all the cities, suburbs or even villages it has. View the border lines for every country in the world or search for a specific city around the globe.

There is one neat function called "Rapid Fire Modis," which connects to the Internet and downloads the available image lists around the world which include fires, floods, dust and smoke, storms, volcanos or other disasters that have taken place in the past or are taking place as I write this blog!

You select the group of disasters you wish to view and date range (e.g., between the Jan. 1, 2005 and March 20, 2005), and they will be instantly displayed like small circles. Once you double click on them, the program will download the latest satellite image and project it on top of your map. I spent two hours last week checking out the fires in Africa over the past 12 months!

Other features include the Scientific Visualization Studio, where you can view how Earth has changed in the last years or decade. See what the ozone layer looked like four years ago, the global sea surface temperature from June 2002 until September 2003 or perhaps the Aurora over the North Pole on April 17, 1999.

Still not impressed ? Okay, get this: You can view New York City from a distance of 1 km and above, and at that height, you can clearly see cars, buildings, roads and much more. There's even a function that will display a road map, in case you're lost amongst the buildings!

If you're the type that likes to explore, you're going to love this one! Enjoy!
Posted by Chris Partsenidis Know your stuff
29 MAR 2005 12:12 EST (17:12, GMT)
There have been countless times where I've met people with certifications and degrees who were not able to find solutions to complex network problems, mainly due to their lack of understanding as to how some things really work.

Obtaining your Cisco, Microsoft or any other title is really not the most important thing for your career, but truly understanding the material they cover is. From that point, the certification should really be seen as a guarantee that this person knows what they're talking about. A lot of you may not agree with me here, but my eight years of experience has helped me reach this conclusion.

This also might be another reason that when you decide to apply for a job, you'll be possibly interviewed by an HR manager and an IT manager and maybe evens one of the company's top engineers, who will be able to identify the real level of your knowledge!

For those who see the certification titles as a quick way around the bush -- beware! It only takes a few smart questions to uncover how well you've prepared and studied for those hard-earned titles!

Have you ever wondered why exam tests have become much harder? Why are full lab simulations now involved in the exam process, rather than having 80 or so questions thrown at you and then telling you if you've passed or not? Vendors know very well what's happening in the market and are constantly changing to adapt and cover these loopholes to protect their investment and certification titles,s and I personally applause this.

A recent discussion with someone who had a CCNP and CCDA title failed to explain the whole process of a simple ping. Of course, when someone shows their inability to explain simple network fundamentals and they hold such titles, I instantly lose respect for them. This isn't because I'm a mean person, but because I've met people who haven't got any certifications, but are able to overtake a lot of high-level certified professionals without a problem.

These uncertified people are sometimes not given the chance they deserve in the work force, and this really upsets me. I guess the same goes for most professions, but I can only speak about the profession I really know and live everyday.

There's a proverb that states: "Where one door closes, a window opens." Putting this saying into a practical example, there are some great Web sites where people who are given a chance to show how well they really know their stuff participate and share their knowledge in forums and other sectors. These Web sites provide opportunities for every type of person, regardless of their educational background or certifications they might have.

I'm glad that the Internet has opened new opportunities for people all around the globe, regardless of color, race or religion. We all have our equal share of these opportunities, and it's really up to us to make the most out of them!
Posted by Chris Partsenidis Red alert in firewall log files
28 MAR 2005 22:09 EST (03:09, GMT)
After providing help to our readers from SearchNetworking.com for almost two years, here I am now writing my first ever blog!

Dana's request was that I write about anything I like and having my profession as a network engineer as my job and hobby, what else could I possibly write about? :)

Last week was a bit of a wake-up call for me, and I'll tell you why. I had installed a Linux-based firewall system for one of our subsidiaries, and it's been running fine for a long time, without any hiccups -- which was just great.

Every week, I'd log into the box and just make sure everything was working fine by performing a routine check on the services (DNS/BIND, Squid proxy, Netfilter firewall, crontab and many more) and their associated logs. Everything seemed fine until I finally went through the system logs located in /var/log/messages. While I was scrolling through the normal messages that I expected to see, I suddenly hit a lot of incorrect login attempts via the SSH protocol.

For those who are unaware, SSH stands for Secure SHell -- it's pretty much an encrypted telnet session that allows you to safely manage your Linux box from distance.

So, coming back to last week, as soon as I saw the unexpected log files, Captain Pickard's "Red Alert" came to mind! At that moment, all bright lights in the ship's bridge would dim and a nice stripe of red lights would surround the bridge, making it obvious that things became serious!

Being a Star Trek fan myself, I went into "Red Alert" mode automatically and began to further analyze the log files to see who on Earth was trying to get into my box!

Further analysis showed that we weren't talking about one person, but quite a few. There were at least 230 login attempts to accounts such as "root," "guest," "apache" and many more that any Linux person would be aware of. These accounts (except the "root") are created during the installation of various services. For example, the "apache" user is created when you install the Apache Web server. Thankfully these accounts are "restricted," meaning that they are unable to log into the system via SSH or telnet.

As an Administrator of the box, I had to know where these break-in attempts were coming from, so I started tracing them back to their origin. Japan, China and the U.K. were where almost 90% of the login attempts came from!

After contacting the ISPs to which I had traced the attacks and to provide them with the appropriate logs, I then focused on hardening the box using various intrusion detection tools such as Snort and more complex firewall filtering scripts.

Thankfully, when I had initially installed the Linux firewall, I had disabled "root" login via SSH, so there was no problem with the intruders trying to access the root account directly.

Today, I ensure I log in at least once a day to check the status of the firewall and see if any new break-in attempts have been made. The good news is that they've either given up or the ISPs have managed to track them down -- in which case, bad luck for them!

This incident reminded me of how important it is to consider the possibility of an unwanted visitor knocking on your firewall's door and that we must be responsible and proactively check our log files frequently.
Posted by Chris Partsenidis