Best IT Blog

Imperva – Port Usage

Posted in O S (375) by Guest on the October 23rd, 2010


Imperva – Port Usage






HTTPS – Web console



HTTPS – Imperva Update Server



SSH – Remote Management



Proxy – Appliance Agent communications



DNS Server



NTP Server



Syslog Server



SNMP Trap Server



SMTP Server


Comments Off on Imperva – Port Usage

IBM Guardium Appliance Port Usage

Posted in O S (375) by Guest on the October 17th, 2010
IBM Guardium Appliance port usage
Database Server to Collector Appliance:






Linux/UNIX only, both directions, STAP (the probe installed on the database servers) registration, heartbeat, & data



Encrypted:Linux/UNIX only, both directions, STAP registration, heartbeat, & data



Windows only, both directions, STAP heartbeat



Windows only, DB Server to Collector, STAP registration & data



Encrypted: windows only, DB Server to Collector, STAP registration & data
User to Guardium Appliance (Collector):






User to appliance, cli connectivity



User to appliance, gui connectivity
Guardium Appliance to SMTP server:






Appliance to smtp server, email alerts
Guardium Appliance to SNMP server:






Appliance to snmp server, snmp alerts



Both directions, snmp traps
Guardium Appliance to SYSLOG server:






Appliance to syslog server, syslog alerts
22 – SSH – this is used for the cli interface & for copying files to/from the Guardium Appliance using SCP (e.g. when archiving data)
199 – SNMP queries -Allowing a Netcool/OpenView type system to knowthe Guardium Appliance is up & its status
8443 – HTTPS/SSL – used for the Web interface (always on SSL). The Web interface is used by the Guardium administrator and access to Guardium reports.
9500 (Windows) and 16016 (UNIX/Linux) – S-TAP – these are the ports on which the S-TAP (The probe installed on the database servers) sends the captured data to the Guardium Appliance(s).


Comments Off on IBM Guardium Appliance Port Usage

Suggested Security Architecture Overview

Posted in Security (1500) by Guest on the October 8th, 2010

The security architecture is the layout and design of hardware employed to protect private networks. Best practices dictate that the architecture of a private network linked to the internet be divided by four distinct barriers: front – end firewall, proxy server, web server and back-end-firewall. These barriers are ordered from outside internet access through each barrier to the internal application enterprise. Best practices also require the use of intrusion detection and application monitoring to enhance the security of the four barriers. The implementation of these security features will ensure that the web server will be protected from attacks.

External threats:

 Screening router

 Auditing of DMZ assets: mail, web, ftp

 Firewall & IDS

 Authenticated remote users- VPN, defense against cryptographic attacks and traffic analysis

 Firewall and VPN leak detection, audit and user profiling

 Back door detection

Internal threats:

 Internal ids

 Protection against clever VPN attacks, spoof, twin, theft, bandwidth, replay, cryptographic, traffic analysis

 Network conversion analysis

 Host conversion analysis

 Internal authentication, compartmentalization

 Using existing, rich data source: logs from routers, switches, hosts, workstations

 Security policy audit and enforcement

 Statistical behavior analysis for habit changes from norm

 Internal Users 

Intrusion Detection:

The enhance the security infrastructure, intrusion detection is an important piece to implementing best practices. An intrusion detection system consists of both network and host-based monitoring systems. Intrusion detection systems monitor the areas between security barriers to ensure intruders that breach a barrier are detected. If the system detects an intruder it sends out an alert to the web gateway administrators who will then be able to handle the intruder manually. It is critical to gather diagnostic data to identify on how the intrusion occurred to close the vulnerability. It is also important to gather data on the source of the intrusion for possible legal action. Network and host-based intrusion detection systems re defined.

As companies become more dependent upon communication across the Internet, Security features will be vital to their success as they have higher exposure to techno-theives. 

Listed below are three considerations in the Internet security practices:

 Look at security for electronic transactions as being part of a continuum of security concerns for the entire enterprise. An enterprise-wide security policy ensures that minimum standards are set at all pertinent levels: Network application and data. Individual commercial departments can then develop more detailed security policies for their unique applications based on the enterprise-wide standards.

 Consider network infrastructure approaches that provide central, secure services for public access through the internet. Enterprise Network architectures that utilize internal and external firewalls to protect internal systems from un-authorized access from the external world is one example. This type of central service eliminates the duplication of effort and risks associated with individual commercial firewall management in the absence of uniform standards. Likewise, all types of remote access to commercial systems should be subject to uniform standards.

 The level and type of security required for individual applications needs to be determined through an individual risk and cost/benefit analysis. Some applications, which are low-sensitivity and low-risk, may require only PIN-based authentication.

 When determining the level of risk associated with particular transactions, it is helpful to consider questions such as the following.

 How is the transaction processed now?

 Does it require a signature? If so, is that signature currently authenticated in any way?

 Is there a statue or regulation that requires privacy, confidentially or individual identification?

 It is an area where easier access could have privacy ramifications?

 Is this an area where there has been litigation or disputes in the past?

 How much financial, legal or public relations / confidence exposures there for the agency, if there is a problem with this transaction?


Comments Off on Suggested Security Architecture Overview

Impact of the Internet

Posted in Business (600) by Guest on the October 7th, 2010

Impact on Business 

When the Internet first came to the workplace it was looked upon as though it was almost a toy.  People would talk about how fun it was and all the cool things they could find on the web.  It wasn’t long before browsing became far more than mere entertainment.  The expansion of the net’s capabilities exploded and has forever changed how we do business. 

Exploring the Internet has become fast, easy and relatively inexpensive.  At most every company, employee’s that have a pc; have Internet and Intranet capabilities.  Past the firewall is nearly everything we need to do research on vendors, conferences, and the latest technologies.  Vendors have learned that making information easily accessible generated more interest in their products and services and can open doors to potential sales.  Many co-workers have commented on their preference to doing initial inquiries via the web because it offers privacy.  Contact with a salesperson is no longer required to learn about a company’s product line, unless you wish it. 

Within the firewall at most companies there are extensive Intranet’s that house many different types of web sites such as: 

  • Benefits sites in which employees can monitor and maintain their own personal profiles 
  • Points of information sites where organizations within companies can promote themselves and their initiatives 
  • Distributions sites for products and services such as enterprise software etc… 

The Internet has created a new generation of wealth. Ordering over the Web has become easy, quick and recently safer for credit card use.  Amazon Books is an excellent example of how the Internet can maximize sales.  They not only provide a service, they have added many customer service touches such as keeping tract of prior purchases, offering suggestions for new books based on prior purchases and speedy delivery.  The advertisers have recognized the power of web pages. What were once clean logon pages are now cluttered with advertisements for all kinds of products. 

The web is open 24 hours a day 3 day’s a week, it is generally not effected by such things as storms, natural disasters etc…. The web promotes telecommuting and even productive day’s off. 

It is also fascinating to see how quickly the web technology has advanced.  What were once basic flat screens are now three-dimensional videos.  On the other hand, I tend to miss the personal interaction – the human contact. Some sites are unforgiving if errors are made.  Beyond the firewall there is not much accountability for the content or accuracy of the sites.  For many people it has become a way of life to sell and to buy.


Comments Off on Impact of the Internet

Business Requirements for Network Performance

Posted in Business (600) by Guest on the October 4th, 2010

Look for a complete picture of the network performance across both the WAN and the LAN regardless of network technology

• Measure and verify key service level parameters including latency, availability, packet loss and jitter from an independent, third party point of view.

• Monitor key performance indicators including physical and logical access in addition to end-to-end connections across every location in the enterprise.

• Reduce the number of trouble tickets opened to the service provider by quickly isolating the cause of network issues between the provider and the enterprise.

• Enable successful deployments of layer 3-based MPLS networks by monitoring any-to-any IP-based connections.

• Leverage the key features of class of service prioritization by ensuring applications are tagged correctly and not exceeding carrier thresholds which can negatively impact network and application performance.

• Correlate all of the network and application performance to understand the impact of the network on the applications and application’s impact on the network with a single system.

• Determine VoIP readiness by generating actual VoIP calls to test network readiness and baseline quality – both before and after deployment.

• Understand how a VoIP deployment will impact your existing data network.

• Draw on combined network, application, and VoIP-specific analytics to see how data traffic is affecting call quality, and how VoIP traffic is affecting data quality.

• Anticipate and measure the impact of VoIP deployment on call quality by using synthetic calls during pre-deployment and assessment to establish the Mean Option Score (MOS) and R-factor post-deployment. Use real calls post-deployment and service turn-up – then compare MOS and R-factor scores to establish the impact of deployment.

• Measure service level parameters across a distributed network by analyzing the performance of both simulated and actual calls at each site – with detailed measurement such as jitter, dropped packets and latency.

• Quickly pinpoint VoIP call quality impairments with a clear picture of what is causing any degradation – with detailed views that show how jitter, codec loss, packet loss and delay are impacting performance on a per-site basis.

• Detailed reports on current VoIP trends on every circuit on your network – including MOS distribution by hour per site, sites with the most or worst VoIP calls, and overall VoIP performance.

Comments Off on Business Requirements for Network Performance

Windows 2008 Security Guide

Posted in O S (375) by Guest on the October 3rd, 2010
Comments Off on Windows 2008 Security Guide

Linux System Administration Commands

Posted in O S (375) by Guest on the October 1st, 2010

Compression/decompression utilities (software installation):

compress <file>                   ó       compress -d <file>.Z (or uncompress <file>.Z)

gzip <file>                              ó       gzip -d <file>.gz (or gunzip <file>.gz)

tar cvf <device> <files>      ó       tar xvf <device>.tar

System Shutdown:

shutdown [-h now] [-r now]

User Management:

1.  To add a user

(1) adduser: add a new user account

     (useradd, chfn, passwd)

  (2) /etc/passwd

2.  To delete a user:

(1)   userdel [-r]: delete his home directory and passwd entry

·         delete that user’s home directory: rm -rf /home/<user directory>

·         delete his /etc/passwd entry

·         delete his mail spool file: rm -f /var/spool/mail/<user file>

3.  To modify a user:

(1)   Usermod <name>

(2)   /et/c/passwd (& /etc/group)

Group Management:

1.  To add a group:

(1)  Groupadd <group>

(2)  /etc/group

2.  To delete a group

(1) groupdel <group>

3.  To modify a group

(1)  Groupmod [-n <group_name>] <group>

User Disk Spack Management:

quota [-v]

Mounting and Unmounting file systems:

mount [-t <fstype>] <device> <mount point>
umount <mount point or device>

<fstype>: minix, ext, ext2, umsdos, msdos, iso9660, nfs, proc, swap



/dev/hda1, /dev/hda2, …

/dev/hdb1, /dev/hdb2, …


/dev/sda1, /dev/sda2, …

/dev/sdb1, /dev/sdb2, …


/dev/fd0, /dev/fd1, …

Disk-related commands:

fdisk <device>
mkfs [-t <fstype>] <device>

File system recovery:

fsck <device>

Disk space:

du <directory>   : disk space usage

df                         : disk free space

Monitoring system efficiency:

top     : show current process information

free    : show current memory information

Program development (or software maintenance):

GNU C/C++ compiler (gcc), GNU make, …




Rebuilding & Upgrading the kernel:

1.  Get the latest Linux kernel (2.2.x)

2.  Uncompress kernel source: tar zxvf

3.  Building the kernel:

cd /usr/src/linux

make config

make dep; make clean

make zImage (or make zlilo)

mv /vmlinuz /vmlinuz.old (if necessary)

cp /usr/src/linux/arch/i386/boot/zImage /vmlinuz (or any other file as specified in /etc/lilo.conf)

joe /etc/lilo.conf (if necessary)


sync; sync; reboot

Linux installation:

(1)    get Linux package (Slackware)

· or

·         CD-ROM

(2)    Creating boot & root disks: (May be skipped if CD-ROM is bootable)

·         In DOS:

o  rawrite <disk image> <floppy disk>

·         In UNIX or Linux:

o  cat <disk image> > <device>

o  dd if=<disk image> of=<device>

(3)    boot from floppy disks (or CD-ROM)

(4)    fdisk <device> (if needed)

(5)    reboot

(6)    setup: start installing Linux…

(7)    X Window configuration: SuperProbe & xf86config à the most difficult!




LILO (Linux Loader) – a Boot Manager

·         Installing LILO:

/sbin/liloconfig    &nb

sp;   : set
up /etc/lilo.conf

/sbin/lilo                  : update boot sector, and create /boot/map

à see LILO mini-HOWTO for more details

System configuration files:

/etc/inittab        : specify the programs to execute at each run level

/etc/fstab          : file system to mount

/etc/mtab          : last mounted file system

/etc/passwd      : user/password

/etc/motd          : displayed after logging in

/etc/issue           : displayed before logging in

/etc/rc.d/rc.*     : rc scripts executed at booting time


Man pages


(/usr/doc/faq/*: for FAQ’s and HOWTO’s if they are installed)



Comments Off on Linux System Administration Commands