Category Archives: Networking
Content control software/ Web Content filtering using SquidGuard for enterprise network
Content filtering for enterprise network or educational institution can be a mandatory requirement in many institutions/organizations. Besides filtering web content by category, content control/filtering software can also helps us to filter out malware and virus sites, unwanted advertisements etc. Finding the right product and making it work for your organization can be a challenge. Click to find a list of content control software. When I first tried to implement content filtering system in my organization, the biggest challenge was to find the right product and get a demo running to check the integration aspects. After spending significant amount of time to identify a content filtering system that best fits my organization I did not get enough support from the local vendors. So later one decided to go with Squid Proxy with SquidGuard (some thing I used before). This works out very well for me. Besides being a little heavy on administration side, I have not much to complain about. This content filter can sit on the network as a proxy server and filter all web traffic as per the organization policy.
Educational institutors in many part of the world are bound by the law to protect children from inappropriate Internet contents. In business organizations or organizations of any type, Internet resources can be filtered for unwanted advertisements, malware, virus, pornography sites etc. Web content filtering or content control software is a smart way to address these issues and help enforce organizations policy and protect the network and its users.
Some of the categories that can be used to guide browsing behaviors are following
Advertisements, automobile, dating, education, gamble, hobby, isp, models, podcasts, recreation, ringtones, shopping, updatesites, weapons, webtv, aggressive, chat, downloads, finance, homestyle, jobsearch, movies, politics, redirector, science, socialnetwork, urlshortener, webmail, alcohol, drugs, fortunetelling, government, hospitals, library, music, pornography, religion, searchengines, spyware, violence, webphone, anonymous vpn, hacking, imagehosting, military, news, radio, tv, remotecontrol, sex, tracker, warez, webradio and more. These lists can be used to allow or disallow certain category of sites
Setting up Web Proxy Autodiscovery Protocol (WPAD) using DNS
In order to use the DNS only method to setup Web Proxy Autodiscovery Protocol (WPAD) you need to check on the following
- To use WPAD using DNS method a DNS entry is needed for a host named WPAD. This name should be resolvable from the clients machine
- Web server must be configured to serve the WPAD file with a MIME type of “application/x-ns-proxy-autoconfig”
- A file named wpad.dat must be located in the WPAD Web server’s root directory.
- The host at the WPAD address must be able to serve a Web page.
- So if you are a member of example.com domain the browser is looking for this url for the PAC file http://wpad.example.com/wpad.dat
Setting up Automatic Proxy Configuration (PAC) file
I tried to make this tutorial for users with medium to advance linux administrative skills. Even if you are not one of those one of them feel free to leave a comment and I shall try to help you out.
To make your Proxy Auto Configuration APC work you need a PAC file and a server to host it.
We shall do it in the following steps
- Write a PAC file with appropriate proxy configuration
- Hosting the file: Put it on a web server where the client browser can access it
- Setting up client browser for suing the PAC file to get and use proxy configuration
- Check if the traffic is going through the proxy server
Proxy auto configuration for an enterprise network
Proxy servers are commonly used in corporate network. I prefer using squid proxy, probably one of the most robust, feature rich proxy servers out there.
I usually use web proxy servers (squid) for end users are used for the following reason
- Cashing of the web contents and DNS, which helps with Internet bandwidth optimization and Faster website load time
- Access control to internet resources, client bandwidth control
- Assist with content filtering (like SquidGuard)
- Maintaining client access log for security compliance
- Protecting client machines from direct exposure to Internet
Setting up proxy server setting in all client machine can be a time consuming business, if we have to manually configure and maintain each and every browser running on the network. However running a transparent proxy on the gateway is a quick and easy to way ensure all traffic goes through proxy server.
Essential tcp ip network tools, network Swiss army knife
Being a Network administrators, systems administrators we always like to have some tools handy to look into, troubleshoot or just to figure things out. There are many open source, free tools available specialized for different purposes
In this blog I shall attempt to list some of them, give a brief description and list the available platform. I prefer to run these tools from a laptop on both windows and linux platform. I also prefer to have the ability to carry them around in a pen drive in a portable format. Linux boot disks are also useful in these cases
The basic tools to check tcp/ip
Ping is the most basic tool we use to check connectivity. We also use arp to check the local broadcast domain and the arp resolution table. traceroute(linux)/tracert(windows) is used to check the path to the destination host. “mtr” is a powerful tool to view the network part for a longer period of time, usually installed as an additional package. Windows version of mtr is also available, even a portable version. One more useful tool comes mostly of out the box is nslookup (windows and linux) and dig for linux; they are very useful troubleshooting identifying dns related investigation. “whois” is one more tool useful to find out more in some ip or domain name, owner, contact authority, as number etc. Last but not the least netstat available both in windows and linux is a useful tool to find out the local network status easily. A follow the link for a detail tutorial on how to use these basic tools.
OpenVAS Screen shot
Read the rest of this entry
The future of computer human interface, BrainGate
Computer and human interface will probably be one of the most important areas of development in next few decades. While we work to master our technology to make computers work for us more efficiently, and double processing power every 18month, little we have seen to improve our direct interaction with computers.
What we seen is form factor changes (tablet/smart phone), introduction to motion sensing input (Kinect), use of GPS, accelerometer, google goggle, google glass, etc. In my opinion, we probably took a step back by heavily depending upon touch keyboards moving away from using 10 fingers (QWERTY keyboard) to 2 fingers. Fashion statements have become one of the key driving factors in the market. Most of our attempts to make handwriting recognition popular were never successful.
Our ability to instruct computers directly from our brain will probably be one of the great leap forward. We have the technology in hand. Project BrainGate is one of them.
BrainGate is a brain implant system, currently under development and in clinical trials, designed to help those who have lost control of their limbs, or other bodily functions, such as patients with amyotrophic lateral sclerosis (ALS) or spinal cord injury. The sensor, which is implanted into the brain, monitors brain activity in the patient and converts the intention of the user into computer commands.
Read the rest of this entry
Wifi blocking wallpapers from a different point of view, for enterprise users
Today I got real excited seeing this WiFi blocking wall paper block in Gizmodo. I see these wall papers giving us capability of having scalable network in an enterprise environment.
Most of the blogs I have come across is mainly about keeping home WiFi network single out of neighbor reach (security). This is a good thing, as it would allow end users to have more control over where his/her data travels, and stay out of the noise created by neighbor’s wireless network, better throughput and freedom of using all available channels.
To deploy a 802.11 b/g wireless network in a home or office can be troublesome for various reasons. In an apartment like environment, you always have neighbors using up the all available channels (ironically you only have 3 non overlapping channels for 802.11b/g). When you finally manage to find a free channel someone will come and start using it and give you hard time with your performance. The demand for wireless network is growing; starting from your laptops, cell phones demands wireless channels extends to blue tooth, iPod, home theater, even up to your Xbox/ps3.
At business environment especially in school/university we have this proximity of classroom/office space which heavily requires quality WiFi signal for everything working in those rooms. Having so many wireless access points and wireless clients in such proximity making them work in perfection could be difficult. The challenge is to make all these devices talk in appropriate non overlapping channel without interference. I see these WiFi Blocking wallpaper as a gift from above in such scenario
This solution shall surely allow you to have more access point installation in a smaller area without having too much to worry about power and channel.
Diagram bellow explains how this can be archived
Wifi wall paper in enterprise Enviromnet
Please feel free to make comments on the proposed solution, as I plan to try it out not in a very distant future.
Srouce:
http://dvice.com/archives/2012/05/anti-wi-fi-wall.php
http://www.linformaticien.com/actualites/id/24723/un-papier-peint-pour-proteger-son-wi-fi.aspx
Setting up backup mail exchange server with sendmail
Setting up backup mail exchange server with sendmail
Most systems admin is used to setting up the primary mail server, but many of them (like me) are not used to setup a backup mail server in a regular basis. This is my attempt to create a complete document on setting up a backup mail server and testing it for the dooms day. (Actually it in used more often than you can think of)
Lets say we have mail server for @example.com
Therefore there is a mail server called mail.example.com.
Mail and dns works hand in hand. DNS server tells where to deliver the email. MTA always looks for DNS entry to find the primary and secondary mail server incase the primary is not reachable. So the first thing we need to do it setup a DNS entry for the backup mail server
What is a SAN?
What is a SAN?
A storage area network (SAN) is a dedicated high performance network provides access block level to Data. The in modern day data is stored in an array of hard disk drives or solid-state drive or a combination of both.
This Storage area network is usually separated from the local area network for performance and security reasons.
Over a SAN there is no access to the file systems directly; rather they are access able in a block level. The operating system will think as if the disk is attached to it directly and the access is going to be block level. A SAN can be shared across many servers.
