Monday, April 27, 2009

Open-source server distro builds on Ubuntu

Zaragoza, Spain-based eBox Technologies announced the availability of version 1.0 of its Ubuntu Linux-based eBox server distribution.The open source eBox 1.0 features LDAP, DHCP, NTP, DNS, and email servers, among other features, and provides a new development framework for building add-on modules, says the company.

Aimed primarily at small- and medium-sized business, but also supporting home and enterprise users, eBox combines numerous open source packages under an umbrella framework that is said to ease network management. Most of eBox's code works to manage the internal communication among otherwise-independent network services, says eBox Technologies. As a result, administrators can more easily manage IT infrastructure as a single unit, claims the company. For example, the object-based network management system is said to enable high-level management of IP addresses, easing the administration of the firewalls and other tools.

Major features listed for eBox 1.0 include:

* User management center -- The eBox OpenLDAP-based LDAP server stores sharable user and group accounts, and its primary domain controller enables Windows machines to authenticate against it, and provides roaming profiles.

* Shared resource manager -- Based on Samba and CUPS, the file and print servers support Windows networks with features including data backup, as well as assignment of user and group permissions levels.

* Communication center -- Features include email serving, storing mailboxes, filtering mail and viruses, relaying mail with selected filters, and instant messaging using the Jabber IM network. Other communications components are based on Postfix, Spamassassin, and ClamAV.

* Network gateway -- Network management features are said to include creating virtual interfaces and 802.1q-enabled trunk interfaces, as well as setting up a default gateway, static routes, and DNS server. eBox offers load balancing and traffic shaping features, as well as the ability to filter packets, perform NAT, and manage the access to all eBox services, says the company. Its caching HTTP proxy is said to accelerate web browsing and enable filtering pages based on content and black lists. Gateway components include Squid, DansGuardian, Netfilter/Iptables, and Iproute2.

* Infrastructure manager -- Compatible with the 802.1q switching protocol, eBox enables administrators to deploy network interfaces on several VLANs through one physical network interface, says the company. Its DHCP server enables the management and assignment of IP addresses, while the NTP server can sync its time and date with external NTP servers. eBox's DNS server provides for customizable name resolution, and the Apache web server shares public information by users using HTTP and Samba. A certificate authority enables the configuration of VPNs. The various servers and components are based on ISC DHCP, NTP, Bind, Apache, OpenSSL, and OpenVPN.

Source: desktoplinux.com/news/NS3601094260.html

Tuesday, April 21, 2009

Ways To Protect Your Network

Here are three free tricks to increase your network's security:-

1. Use OpenDNS

Use OpenDNS Internet traffic gets routed through IP addresses; the text you type as a URL only sits on top of those numbers. Normally, when you type pcworld.com, it gets referenced in a domain name server directory, which then routes you to the actual IP address. But what happens if that structure is compromised and an attacker can send your request to a different IP address?

Domain name servers and operating systems were eventually patched to protect against this attack. But the OpenDNS server already anticipated the problem and is quick to react to threats. Use it instead of relying on your ISP's DNS servers.

On the client side, you can open the Network Connections Control Panel. Right-click the active connection, and pick Properties. Select Internet Protocol (TCP/IP), and click Properties. Click the radio button to Use the following DNS server addresses and enter 208.67.222.222 and 208.67.220.220.

Or you can enable it on your router, sending DHCP clients these details without additional intervention. The specific process varies, but you'll essentially log in and enter those IP addresses in the NAT area.

2. Update Your Router Firmware

Psyb0t is a worm that was written to attack router hardware directly, embedding itself inside. It simply guesses the login and password for a range of routers, starting with the defaults. At the very least, you should be using a strong password, especially since many low-end routers don't let you change the login ID.

Just like your operating system, hardware companies typically patch routers over time, especially when security flaws are discovered. Look up your specific model and see if there's a firmware update. If so, download, and apply the revision; it'll likely protect you from many attacks.

3. Disable Remote Administration

In addition to updating your router firmware and giving it a strong password, you can close another door by disabling remote administration. This option is often off by default, but check your router's settings to tell for sure.

With remote administration on, someone can log in from offsite. They'll typically need a valid password, although this access presents another weak point in your defenses.

If you need to administrate the network remotely, set up a secure connection to a VPN gateway at your network, instead of connecting in that open method.

Source: .pcworld.com

Tuesday, April 14, 2009

DNS Physical Structure in Support of Active Directory

Active Directory Server, Active Directory Support, DNS physical

Source: http://technet.microsoft.com/

Wednesday, April 8, 2009

How to use DNS with Active Directory?

Active Directory relies heavily on DNS to function, but not just any DNS. Active Directory requires the DNS service found on Windows 2000 Server or Windows Server 2003 systems or equivalents.

If your network will be connected to the Internet in some way, you need to design and prepare your internal DNS structure to support Internet access (inbound, outbound or both). You have several options, including:
  • Deploy a new fully qualified domain name hierarchy (i.e., namespace) on your internal network that is registered with the InterNIC. This means your internal LAN and the Internet have no logical distinction.
  • Expand an existing InterNIC registered namespace, such as one for a Web or e-mail server, and expand it to support your private network. This is basically a variation of the first option.
  • Use a sub-domain of an existing InterNIC registered namespace that is not currently being used on the Internet.
  • Use a local namespace that exists only within your private network and that is not connected to a namespace on the Internet.
Using a namespace that exists both on your private network and on the Internet is not the most secure configuration. This configuration allows malicious users to easily obtain the names of your network servers and direct attacks against them. A simple NSLOOKUP command can provide anyone with a list of your registered systems. One method to help reduce this threat is to deploy dual DNS servers. Both DNS servers should be configured with primary zone authority over your namespace. Place one of the DNS servers inside your network (i.e., inside the firewall) and include all of your domain controllers and Internet servers in that zone. Place the other DNS server outside of your network and exclude all domain controllers from its zone.

Source: http://searchwinit.techtarget.com/tip/0,289483,sid1_gci891162,00.html

Friday, April 3, 2009

How to Use Dynamic DNS in Windows 2000 Professional

Windows 2000 Professional has a feature called Dynamic DNS (DDNS) that enables host records to be updated automatically in a Windows 2000 DNS server when the client address changes. This enables host records to remain accurate even when clients receive their address assignments through DHCP, for example.

A Windows 2000 Professional client can request an update to its host (A) record in the DNS server when its IP address or host name changes. A Windows 2000 DHCP server can also request an update to the associated pointer (PTR) record on behalf of its DHCP clients.

To configure a client for DDNS, follow these steps:

  1. Open the Properties sheet for the network connection through the Network And Dial-Up Connections folder.
  2. Double-click TCP/IP.
  3. Go to Advanced | DNS.
  4. Select the Register This Connection’s Addresses In DNS option to enable DDNS for the client.
  5. Note: The Use This Connection’s DNS Suffix In DNS Registration option, if selected, registers the client using the first part of the computer name specified in the System properties along with the DNS suffix specified by the DNS Suffix For This Connection option.
Source: blogs.techrepublic.com.com