June, 2008

Our network is almost done

In my previous posts I’ve covered several aspects that an IT Administrator should cover while designing and implementing network services; I’ve described how to save lots of money with very little sacrifice and have the most common features with open source or freeware software.

In the next month I will focus more on how to face your daily activities and have a professional approach also medium-little networks.

Keep on reading and please leave some comments so I can tweak this blog to your needs.

[TLBAT] Control and see your band….width!

You just subscribed a new contract with your ISP and they promised a given download/upload rate but you don’t know how to monitor this.

What would you do? Buy famous branded software and reduce your low budget or save bucks and use a free one (so you have more money left that you can send to me?? )…I’d say that you’ll go for the second choice…obviously.

The tool I talk about is the great Paessler’s Router Grapher that can provide you nice graphs that show how your bandwidth is used.

Graph example

[TLBAT] SysLog for Windows

The more you see, the more you know, this is never as right as it is in IT world.

Every device in your network or Linux machine or whatever else writes information on logs and, depending on the log level you defined for these “devices”, the information can be really helpful for re-acting/pro-acting to problems, finding issues or simply historyzing your events.

This post is about a free, windows based and human readable syslog daemon that you can install somewhere in your network and that can provide you a centralized point for logging.

The tool is called Kiwi SysLog Daemon and is downloadable here.

[TLBAT] Keep patches and updates under control with WSUS

In my previous articles I’ve described the process to allow several services and servers to be installed for free or at low cost in your network; this post continues with “I want it but I have no budget” philosophy and enables you to have an update and patching system for your network where you can control who, what, when is updated/upgraded.

In order to have a server/infrastructure of servers for the updates in your network, you will need to install the Microsoft Windows Update Services Server 3.0 (a.k.a. WSUS).

Basically with WSUS you can create a local update server where you can control all the updating process for your client’s network. You may choose to download the updates and patches from the Microsoft Update site and store a copy of the files locally in order to save bandwidth; you may only choose to control the approval/denial of the updates and have the clients connect to Microsoft to download the files; you may also create a tier based WSUS structure where a child server receives updates and approvals from the above server and so on.

Once you have designed, planned and installed your WSUS structure you can then use Group Policies, or any other method (e.g. VBScript) to have your clients connect to the WSUS servers in your structure.

First start by downloading this document that describes the process for deploying the WSUS; then you may consider having a look at this site that explains how to implement GPO for the use of WSUS or consider using either VBScript or this Visual Basic 6.0 tool I released some years ago.

This time we have to thank Microsoft for providing another money-saver tool that won’t impact your low budget!!!

Keep on reading my blog and in the end you will have saved lots of buck$ that you may consider to send me via PayPal!!

[TLBAT] Messaging, collaboration, IM …. an opensource alternative to Microsoft Exchange

Another post to present a free tool, another post to save your low budget!

When building an IT infrastructure, one of the features you HAVE to consider is to provide messaging and collaboration tools to your customers (normally your employer…alsways remeber: the users are your customers!); considering to buy Microsoft Exchange is always the first choice but as you know this will cost you money that, with some little sacrifices, can be saved.

Once again I’ll focus on a VMWare appliance (ok, it’s clear that I do love VMWare appliances!) that you can download, burn or mount as an ISO image and then start the VMWare machine and have an almost ready tool for the production evironment.

This time the VMWare appliance consists of a Linux based machine (rPath linux) and the preinstalled Zimbra Collaboration Suite 4.5. On this link you can download the ISO image that you can mount on your VMWare Server/Player (more instruction in this previous post) and once you have powered on your VMachine you can have a free, opensource, reliable messaging and collaboration server.

Hereafter some screenshots:

[TLBAT] Honey, honey…HoneyPot!

In a previous post I suggested you to build a proxy and content filtering solution based on a VMWare virtual machine, in this post I’ll redo the same thing: propose another VMWare appliance that you can mount on your VMWare server, configure and have a ready-to-go tool for your IT environment.

The tool we are going to describe today is a low interaction HoneyPot that will be a central point for your network and avoid spreading of malware and provide you useful information about attacks. This virtual machine, once configured, will act as a computer without patches, antivirus software and that holds sensitive information; this way of acting will attract attackers and malware, it will download a the binary files and study their behavior and provide useful information about the type of the attack, the entry point and so on.

First start downloading the appliance from this site and then read some interesting documentation on the Security Focus website; in this post I won’t provide all needed information about how to configure the virtual machine because this depends on how you want to configure the HoneyPot, in this blog post you can read how to mount the appliance you just downloaded and have it running in minutes.

Whe you have finished the mount of the virtual machine you can access it by using the following credentials:

Username = root Password = pass2cng

[LINKS]

Nepenthes homepage

HoneyBow sensor

ROBOCOPY \\127.0.0.1 \\NEW_LOCATION /E /S *.*

Hi folks I’m in a busy period because I’m performing a big change in my life…I’m moving back to north Italy for job purposes and this time I’m bringing my family with me (my wife and our15 month old daughter)!!

Starting next week I’ll be in the Varese’s province (north Italy) for a new job as EMEA Level2 Technical Support Engineer and I’m actually busy with packing, moving the boxes to my parent’s house for later housegoods transportation and so on so I’m not sure when the new posts will be published but I’ll do all my best to accomplish to this.

The new job will be more focused as the previous ones but this won’t change the spirit of this blog that will still aim at providing solutions, possibly for free or at the lowest cost possible, and tips for getting your IT environment the most stable, clean and professional you can.

Up to today I wrote about SQLExpress backup automation, Network Inventory and HelpDesk frontline, a USB swiss-knife, a proxy plus content filtering and a computer imaging solution. The next blog entries will aim at security, CRM and groupware so keep on visiting my blog if you are interested in this matters.

If you are interested in this kind of posts, want to comment or post questions feel free to contact me and I’ll be glad to answer to your questions.

Have fun and wish me all the best for this big change!!

[TLBAT] Proxy server and content filtering

In this article I’ll explain how you can have your proxy server and content filtering for your network absolutelly for free allowing you to save at least 1600 USD (Microsoft ISA 2006 Standard Edition)!!

We will use the free VMWare Server and the Squid Proxy + DANS Guardian appliance. The appliances are precompiled and configured virtual machines for the VMWare Server/player that you can download from the VMWare site and that you can “mount” and, with little effort, use in your environment. In addition to the proxy/content filtering machine you may like to add a report generator so you can always have nice reports showing blocked sites/users/ip addresses and more, this good tool is called SARG
The scope of this article is to have a solid proxy server and a content filtering for internet browsing so you can both masquerade your network clients and provide a caching solution that can ease the clients’ surfing experience. In addition you can have a content filtering where you can block/allow access to sites and contents soyou can have a complete control on where/when/what your client computers can do on the Internet.

First download the VMWare Server (about 146Mb) and apply for a free product key; meanwhile I suggest you downloading the VMWare appliance because this will take longer (about 712Mb).

Install the VMWare Server and place the file of the appliance that you just downloaded in a directory that you prefer (normally it is C:\Virtual Machines) . Open the VMWare Server Console and choose File/Open, browse your computer where you saved your file before; this will add the virtual machine to the inventory.

Start the machine and follow all the steps requested during the startup process.

Once that the vm has started login with user=root and password=proxy2006 then change password by issuing the passwd command:

At this point you can configure your IP address (first you have to configure the VMWare Virtual Networks). To do so you have to:

1. Login to the VMachine
2. Issue the ifconfig eth0 command
3. Read the inet addr value and use it in your internet broswer (Example https://192.168.0.100:10000)

At this point in your internet browser you will have the web interface (Webmin) to the system where you can manage every single setting, from the network configuration, to the startup levels and so on.

I suggest you using the Webmin interface if you are not really familiar with Linux commands or Putty if you want to access the system via SSH console.

At the beginning the content filtering could be really restrictive, I suggest you testing the sites you want to be listed/banned and check/configure the groups (Ex. /etc/dansguardian/bannedsitelist).

After you have configured all the VM settings, the DANS Guardian and so on you are ready to test and implement your solution…we spent about 1/2 hours but saved lots of bucks!!