League of Professional System Administrators - Network

Towards a resilient NTP configuration in NTP4

doug — Thu, 12 Jul 2007 06:15:51 -0700

NTP 4 introduces some interesting new things that few people seem to know about, are sparsely documented, and are difficult to setup correctly, however they can help with synchronization in the event of total external network failure (even if you don't have a reference time source).

Now, some reference time sources aren't expensive (others are), but sometimes you care more about node-to-node synchronization than you do about absolute time accuracy. One example might be a large computational cluster where, if the network is disconnected from the Internet for a while, or if the primary time source is down, you don't want the individual nodes to drift apart.

OpenVPN

doug — Mon, 12 Feb 2007 19:21:30 -0800

Short Description:
OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations

Home Page:
openvpn.net

Release Date:
Sun, 2002-04-14 20:00

Status:
Mature

Long Description:

OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

NMAP

dklein — Sun, 14 Jan 2007 09:50:04 -0800

Short Description:
Fast enumeration of network services

Home Page:
insecure.org/nmap

Release Date:
Sun, 2007-01-14 10:00

Status:
Active

Long Description:

Nmap is a powerful tool for discovering hosts on a network and enumerating what service they are offering. This can be used to find vulnerable systems, to locate rogue services on your network or simply for a first step in troubleshooting.

SSL Intro for techs; mini OpenSSL CA

syscomet — Sat, 28 Oct 2006 17:44:06 -0700

Sysadmin's Basic Guide to SSL Certificates and Authorities

Intended audience: system administrators who know roughly what SSL/TLS is and can use SSH and OpenPGP products (such as GnuPG) and who now want to know more and perhaps issue local certificates. You should know what public-key cryptography is, but are not expected to be able to follow any math (no equations herein) -- this is about using the stuff, not understanding the underlaying principles. You understand that "encrypt" is scrambling and "decrypt" is descrambling.

rsyslog

doug — Sun, 27 Aug 2006 20:47:42 -0700

Short Description:
Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, fil

Home Page:
www.rsyslog.com

Release Date:
Fri, 2005-09-23 20:00

Status:
Active

Long Description:

Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the novice user. An optional web interface - phpLogCon - can be used to visualize all data online.

Log Analysis

doug — Tue, 25 Jul 2006 09:29:44 -0700

Short Description:
Web page referencing log analysis tools

Home Page:
loganalysis.org

Release Date:
Fri, 2003-07-25 21:00

Long Description:

"Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments - but still ignore their firewall logs. Why? Because the tools and knowledge to make use of that data are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs."