Ten hut, Network Admin!

The Pledge of the Network Admin

This is my network.

It is mine
or technically my employer's,
it is my responsibility
and I care for it with all my heart

there are many other networks a lot like mine,
but none are just like it.

I solemnly swear
that I will not mindlessly paste from HOWTOs.*


*URL
http://www.bgnett.no/~peter/pf/en/preface.html

Peter N. M. Hansteen have good documentation on BSD and PF besides humor :-)

FreeBSD harddisk encryption

I attended 22C3 last year.
One of the lectures covered FreeBSD encryption.

Author (Marc Schiesser) explains in the paper,

* Background & motivation: explains the need for in-storage data encryption and discusses partial disk encryption and the motivation behind complete disk encryption.
* Implementation: details of how to implement complete disk encryption on a FreeBSD system. The solution relies on standard FreeBSD tools and does not involve programming.
* Implications: explains what is and is not protected by complete disk encryption. New risks, dangers as well as trade-offs will also be discussed.


While encryption is great, I fully agree with the statement I read somewhere not long ago on encryption beeing the last resort. Sensitive data should NOT reside on/in places where theft/espionage etc happens. Use Remote terminal (Not just only Microsoft have one. Cendio and FreeNX exists as alternatives) over encrypted and authenticated links.

Why not rip out the harddrive of the laptop, give the user a prebuilt firewalled custom live-cd. Then use OTP for authentication.
No silverbullet exist, but to store data in datacenter is alot better then on some unencrypted laptop in my opinion.

URL
http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf

Wireless Network Calculator

While setting up a OLSR mesh network with 3 Linksys WRT54GL (custom firmware) and 2 big antennas

I found this site's "wireless" calculator.

URL
http://my.athenet.net/~multiplx/cgi-bin/wireless.main.cgi

Buy Soekris in Europe

A year ago I found a site offering Soekris hardware in Europe.
Put that order to Wim!

And you, don't run anything else than OpenBSD on it!

URL
https://kd85.com/soekris.html

Hping2 Basics

"Hping2 is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired by the ping(8) Unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covert channel, and many other features. "*


The Hping site have some good links to external tutorials,
URL
http://wiki.hping.org/33


*URL
http://www.ethicalhacker.net/content/view/72/24/

CTF vmware images

Found this site a while ago, were they archive Capture The Flag (CTF) VMware images.
Some may be encrypted, check corresponding site for key.

URL
http://ctf.chaos-darmstadt.de/ctf-images/

AfterGlow, visualize more

From the site,

"One type of graphs which is very powerful to visualize relationships among entities, are so-called linked graphs or network graphs. Another type of visualization can be achieved with Treemaps. Different open source libraries can draw these types of graphs, but all of them require input in a very specific format - generally a graph description language. AfterGlow facilitates the generation of these inputs for graphing libraries."

I will try it out later on some packet dumps and..

URL
http://afterglow.sourceforge.net/

Setting up a network bridge in OpenBSD

Network bridge.
When I started reading about computers and networks, the bridge were something I could not see any good use of. Besides extend a cat 5 cable over 100meters or connect different media.

Nowadays I really know some more benefits by using a (filtering) bridge.

OpenBSD- secure and occupy!
URL
http://www.openbsd.org/faq/faq6.html#Bridge

Setting up a FreeBSD Jail

The Jail in FreeBSD offer a bit higher security then chroot found on other BSD's and GNU/Linux. Jails are good when one want to isolate deamons or even running complete(stripped) systems inside Jail.

FreeBSD have good documentation covering creation of a jail.
URL
http://www.freebsd.org/cgi/man.cgi?query=jail&apropos=0&sektion=0&manpath=FreeBSD+4.8-stable&format=html

Running Vservers on Debian

Found this posting on section 6 about vservers on Debian.
URL http://www.section6.net/wiki/index.php/Running_Vservers_on_Debian