Thursday, April 7, 2011

W3Perl

W3Perl is a free logfile analyzer for Web / FTP / Squid / CUPS and Mail servers.  The perl scripts can analyze logfiles and can produce HTML/PDF reports.

http://www.w3perl.com/

Monday, April 4, 2011

Smooth-Sec

Smooth-Sec is a ready to-go IDS/IPS Linux distribution based on Suricata and Snorby. It's possible to deploy a complete IDS/IPS System up and running out of the box within a few minutes, even for security beginners with minimal Linux experience.

http://sourceforge.net/projects/smoothsec/

http://bailey.st/blog/smooth-sec/

Saturday, April 2, 2011

Click to Play feature within Google Chrome

Google Chrome has a “Click to Play” feature to allow selective usage of plug-ins.  The screen captures below were taken with Chrome version 10.

Launch Chrome and enter the URL about:flags.  This should display a list of experimental features.  Click on the Enable link under the Click to Play section.

chrome_clicktoplay_1 

Restart the browser.  Click on Options, Under the Hood, and then the Content Settings button.  Under the Plug-ins section, a third option should be present for Click to Play.

chrome_clicktoplay_2

Plug-ins such as Flash should now require a click before loading.

chrome_clicktoplay_3

ActiveX Filtering with Internet Explorer 9

Internet Explorer 9 includes a new security feature named ActiveX Filtering.  This component allows global or selective blocking of ActiveX controls.

This option is off by default.  To enable it, click on the Tools icon, Safety, and then ActiveX Filtering.  No configuration text or dialog box will be displayed.  Access the same path and verify that a check mark is present to the left of the menu option.

ie9_activex_1

If a site is accessed that has an ActiveX control that was blocked, the icon that resembles a blue circle with a line through it within the address bar will display the the text of “Some content is filtered on this site” when the cursor is placed on it.

ie9_activex_2

Some web sites will display warnings that the control is question is not available for use.

ie9_activex_7

If you click on the icon that resembles a blue circle with a line through it, a small dialog box will appear which will allow access on the site in question.

ie9_activex_3

The text within the dialog box can be misleading in clicking the button does not turn off ActiveX Filtering globally, but only for the current web site.  If the site is added, the normal notification at the bottom of the screen should appear.

ie9_activex_5

To view the list of sites that have been allowed, click on the Tools icon and then Manage Add-ons.  Right-click on the entry under the Toolbars and Extensions area and click on the More Information option.

ie9_activex_4

The dialog box should display a list of sites that have been added as an exception.  A button is also available to enable the control in question across all sites.  For example, ActiveX Filtering could be enabled but Flash could be allowed for all sites.

ie9_activex_6

Introduction to VMware Resource Allocation

Below is some basic information concerning resource allocation for virtual machines within a VMware environment. 

The memory reservation amount specified on the Resources tab of the virtual machine settings is the amount of actual physical memory that the ESX/ESXi host must provide.  The default is 0MB, or no reservation.

vmware_resources_1

For example, 512 MB of memory is set as the reservation value.  This means that the VM is guaranteed 512 MB of “real” memory.  If the VM is configured for 1 GB, the other 512 MB can be provided by “real” memory or the VMkernal swap file.

The Limit parameter sets the actual limit on how much physical memory may be utilized by the virtual machine.  An example would be:

1.  A virtual machine is configured with 1 GB of memory.  So the guest OS within the VM believes it has 1 GB of memory available to use.

2.  A reservation is set to 512 MB.  The ESX/EXSi host must allocate 512 MB of physical memory to this VM.

3.  A limit is set at 768 MB.  If enough physical memory is installed and available, the hypervisor will allocate memory to the VM as needed up to 768 MB.

4.  The 256 MB “gap” between the reservation and the limit may be supplied by either VMKernel swap space or physical memory.

The Shares parameter provides a means of assigning resource priority to virtual machines.  If two virtual machines want more memory than their reservation limit and the ESX/ESXi host can not satisfy both of them using RAM, the share values can be used so that one gets higher-priority access to the RAM in the host.

CPU allocation is similar to memory concerning reservations and limits.

vmware_resources_2

The default CPU reservation is 0MHz.  By default, a virtual machine is not guaranteed any CPU activity by the VMkernel.  The Limits and Shares parameters are similar to the memory options discussed above. 

The general rule is every VM should be created with only a single virtual CPU.  Only when a VM’s performance level dictates the need should an additional CPU be allocated.  The number of cores available should also be considered.  For example, an eight vCPU VM should be created only on a host with eight cores or more.

Introduction to Resxtop

Resxtop is an utility found within the vSphere CLI package.  This application can be currently used with a Linux client but not with a Windows client.

Once the vSphere CLI package has been downloaded and installed within a Linux client, the utility can be started in interactive mode by entering:

resxtop –server IP address

resxtop_1

The user name and password for the ESXi host will need to be entered.  The initial interactive mode screen should then appear.

resxtop_2

Hitting the “f” key will define the fields displayed:

resxtop_3

When in interactive mode, the following single-key shortcuts are available:

f –> Displays a panel for adding or removing statistics columns

o –> Displays a panel for changing the order of statistics columns

q –> Quit interactive mode

c –> Switch to the CPU resource utilization panel

p –> Switch to the CPU Power utilization panel

m –> Switch to the memory resource utilization panel

n –> Switch to the network resource utilization panel

d –> Switch to the storage (disk) adapter resource utilization panel

u –> Switch to the storage (disk) device resource utilization panel

v –> Switch to the storage (disk) virtual machine resource utilization panel

i –> Switch to the interrupt panel

W –> Write the current setup to the configuration file

The utility can also be used in batch mode.  To use the batch mode, run resxtop in interface mode.  In each panels, select the columns you want.  Save the configuration to a file by using the “W” key.  Run a command such as

resxtop –server IP address –b > file.csv –n 10

resxtop_4

Some of the flags in batch mode are:

a –> Show all statistics; this by-passes the configuration file

b –> Runs resxtop in batch mode

n –> Number of interactions

d –> Specifies the delay between statistics snapshots.  The default is five seconds.  The minimum is two seconds.

The batch mode can be used without the –n parameter.  The utility will run until the key combination of Control + C is used.  Additional information concerning this utility can be found within the VMware Resource Management Guide.  The current version for ESXi version 4.1 can be found at http://www.vmware.com/pdf/vsphere4/r41/vsp_41_resource_mgmt.pdf.  An appendix chapter is present concerning esxtop and resxtop.

Friday, April 1, 2011

DHCP Server address conflict parameter with Windows Server

Using the DHCP Server component within Windows Server, an option is present to attempt to detect IP address conflicts.  To access this option, right-click the IPv4 node in the DHCP management console and click on the Properties selection.

dhcp_conflict_1

Access the Advanced tab.  The default value is 0; enter 1 to have the service attempt to verify the address value it is about to assign is not currently in use.

dhcp_conflict_2

Dig for Windows

Dig is a DNS utility normally found on a Unix/Linux platform.  Windows has the nslookup command, but a version of Dig is available for Windows.

To obtain a copy of Dig for the Windows platform, access http://www.isc.org/downloads and download the latest copy of BIND.  Once the .ZIP file is downloaded, extract the contents to a folder.  An executable should be present for Dig:

dig1

The other files besides dig.exe, dig.html, and the .DLL files can be deleted.  The basic syntax of dig.exe is:

@server name type

The server is the DNS server to query, the name is the domain, and the type is the DNS record to query.  For example, the command below would query the DNS server at 129.71.254.5 for the MX record for the domain wvnet.edu.

dig @129.71.254.5 wvnet.edu MX

dig2

Another example of a command would be:

dig www.yahoo.com ns @129.71.254.5

The command above would query the DNS server at the IP address of 129.71.254.5 and return all name server records for the domain name of www.yahoo.com.

dig3

The option +trace returns exactly what the DNS server is going as it performs the query in question.

dig4

More options can be viewed within the dig.html help file.