Sunday, July 31, 2005

Linux Computing: Thin Clients

Thin clients may be the way of the future for computing in large corporations and governments. I do hope that thing clients never take over my PC computing at home though, I always want to be able to control my computing experience. This thin client is the best one that I have seen recently. I have done some work with the Linux Terminal Server Project which provides an excellent solution for using one server to host many thin clients that eases the burden of system administration. I really like the idea from a systems administrator perspective.

Friday, July 29, 2005

Black Hat USA 2005

I just got back from Las Vegas, NV where I attended Black Hat USA 2005. This IT security conference is incredible! All of the briefings are new material only, which give you a fresh perspective on security issues in the IT field. The presenters were people from The Schmoo Group, Dan Kaminsky, the Choicepoint CISO, and many others! I saw some excellent briefings and learned quite a bit. This conference is a "must attend" for any serious security professional.

Saturday, July 16, 2005

Network Monitoring: Storage of capture data

I recently played around with trying to store some pcap capture data in a MySQL database so that I could analyze it and look for trends. I had the capture set to create 20MB full content files so that I could manipulate them easily:

tcpdump -s 1515 -C 20 -w content.lpc

I next created a Ruby script that would open the pcap file and write the data that I wanted to store to a CSV file that I would then bulk load into the MySQL database. This part worked very well and very quickly. I found that when I inserted the data into an InnoDB table, while only storing the source IP, destination IP and port, and the time of the packet, that 20 capture files would take up 1GB of space. Not only that, but it turned out to be over 1.3 million packets. This amount of data is really testing my SQL skills, as I try to create intelligent queries that will allow me to aggregate the data on specific parameters.

Anyone have any better solutions?

Securing the mother-in-law's computer.

This week I had the opportunity to take a look at my mother-in-law's computer, after having gone over it pretty thoroughly 6 months ago to make sure some basic security measures were in place, to make sure she was safe on-line. I was talking to her about how she accessed the internet and browsed web pages, as well as using her digital camera to create photo pages. She told me that when she accessed the Internet, she has to disable 'that ZoneAlarm' program so that it wouldn't take as long...and sometimes it stopped web pages from loading altogether! This really suprised me, as I thought that I had explained the situation better than that. Her firewall was being disabled at the time she needed it most.

My mother-in-law is running Microsoft Windows 98 and has been using it for nearly 7 years. She knows how to get around and sees no reason to upgrade to Windows XP or Linux. As security people, I believe that we need to advise people to use systems that are as secure as possible...especially since Microsoft does not, and cannot, maintain the security of it's Operating Systems. The real answer here is to use an Operating System that is more secure so that the users do not have to understand so much about how the technology works to be secure on-line.