Category Archives: Reviews

A No-Nonsense Guide to the OpenBSD Firewall

Though this is the 3rd edition, this is the first time I have picked up this book. As a proponent of the *BSDs, I appreciate have good quality material like this book available to overview and then get down into the mechanics of key subsystems, like PF.

I appreciated the clear, concise writing, as well as the multitude of real world examples.

One of the key chapters for me was Chapter 6: Turning the Tables for Proactive Defense. Peter goes in-depth into how PF elegantly handles issues like SSH bruteforcing, as well as how PF handles spam with stuttering, blacklisting and greylisting.

Highly recommended for someone that is interested in working with PF, or is already administrating PF, but looking for some extra help in certain areas.

-Josh

Tagged ,

Book Review: Practical Packet Analysis

My 4-star review of Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems was just published on Amazon.  I will repost it here.

I was hoping for something a bit more in-depth, but I would have to say that this book is directed to audiences that do not know much of the fundamentals of networking, much less Wireshark. With that in mind, I did breeze through the book: 
The first couple chapters are a primer on networking, and then installing Wireshark. The rest of the book goes through common protocols that you will find when sniffing, and then troubleshooting some real-world problems using Wireshark. (“Slow” network, security issues, etc) 

I found the book to be well-written and it seems much better in accuracy than the previous edition, which had some pretty embarrassing errors. 

I think it could be a very useful book for the person who wants a leg up on using Wireshark in a practical scenario–just be aware that most of the content is geared for beginners. 

(Disclaimer: The publisher sent me a free copy of this book to review.)

-Josh

Ironkey vs. Knox-IT/LOK-IT – A Subjective Comparison

I have been using an Ironkey for a little over a year now.  I have been very happy with it so far.

I was recently given a Knox-IT to try out.  After using both of them for a while now, I wanted to write down some thoughts I have on both of them.

Ironkey

When you think of secure encrypted flash drives, you think of Ironkey.  Ironkey is the current industry leader.  They are FIPS 140-2 Level 3 compliant, and are well known for pioneering the whole “after X failed password attempts the device will self-destruct.”

When I first received my Ironkey, the first thing I noticed about it was it’s overall design–The packaging (no photos sorry!) made it seem like I was unwrapping prized jewelry.  The smooth, finished feel to the flash drive itself, and the (surprisely) heavy weight gave me the impression that this was a quality product.

When you plug the Ironkey in the first time, a proprietary autorun application launches and runs you through a wizard that sets up the Ironkey.  Easy to use, no qualms here.  A nice touch is that I can specify contact information that will display on every autorun, in case the Ironkey is lost.

Normal use is pretty straightforward–Plug in the flash drive, type in your password in the autorun app, and you get access to your sensitive data.

I have kept it in my pocket for the last year, and the only wear and tear that I see is some nicks here and there.

Knox-IT / Lok-IT

(Knox-IT is the name of the previous version of the Lok-IT)

My first impression with the Knox-IT was quite the opposite of Ironkey.  The packaging was the cheap plastic that is really hard to open.  The grey lightweight (plastic) material that makes up the Knox-IT screams Chinese knockoff all over it.  Fortunately, it gets better from here.

The key differential between the Ironkey & Knox-IT is that Knox-IT uses 5 hardware buttons for your passcode, instead of a autorun app (software solution) from Ironkey. So you put in your passcode, the green light illuminates, and you plugin the flash drive and you use it like any other flash drive.  It will automatically lock/encrypt the flash drive when you disconnect it.

Using the included docs, it was a very simple process to setup the passcode.  Testing it out, I didn’t run into any issues unlocking and locking it back again.

According to their website, a FIPS 140-2 Level 3 compliant Lock-IT is slated to be released Q2 2011.

Conclusions

I really like the build quality of Ironkey better than Knox-IT, but I really like the concept of KnoxIT–Using hardware buttons to unlock the flash drive means that the Knox-IT is completely invulnerable to one of Ironkey’s primary weaknesses: Keystroke Logging.  Yes, Ironkey does have an on-screen keyboard that can be used to mitigate this threat, but it is clumsy to use, and do you really know anybody that is actually using the on-screen keyboard? I don’t.

The only other issue that I would point out about Knox-IT is that with only 5 hardware buttons, the attack space for guessing the passcode is quite small, but the mitigating control for that is that you only have 10 tries to unlock it before it self-destructs.  As a side note, the new version of Knox-IT (Lok-IT) now has a full complement of 10 hardware buttons–This fact plus the 10 tries & self destruct mechanism effectively disables a passcode guessing attack.

One final note that I have to mention.  As I was researching for this post, when I went to Knox-IT’s website, I got soft-blocked by my organization’s content filter, because the site was categorize as “Malicious.”  I thought that the content filter must have miscategorized the website, and so I continued anyway.

Here is the result.

LOK-IT.net Serving Up Malware

Pretty ironic, huh?

-Josh

Tagged , , ,

Book Review Posted: “Network Flow Analysis”

Amazon as just posted my 5 star review of Network Flow Analysis

This is the second book of Lucas’s that I have read.  I read Absolute FreeBSD, and thoroughly enjoyed it–So I went into this book with high expectations.  Overall, I feel like this is a solid read for those network administrators that want to go deeper, and have the time to go deeper into network flow analyses.

NFA is a very technical book, which can make for a very boring read, but like Absolute FreeBSD, Lucas is able to maintain a light, interesting tone, even while discussing the configuration of gnuplot. (!)

From a technical perspective, NFA is very useful for getting your (open source) network flow analysis system up and going–But be aware that it will take time, especially if you want the flexibility of what FlowTracker/FlowGrapher can offer, versus the less flexible, but easier to use/learn CUFlow.

Lucas gives great practical examples of using flows to monitor & troubleshoot issues on your network.  The examples are sprinkled through the book, and then a few case studies take up the last 7 pages of the book.

I found it interesting that the back cover claimed that you will learn how to:

-Identify network, server, router, and firewall problems before they become critical

-Find defective and mis-configured software

-Quickly find virus-spewing machines, even if they are on a different continent

These scenarios were covered, but in appallingly anemic sections–For instance, the “Quickly find virus-spewing machines, even if they are on a different continent” scenario was covered on 1 page. (186-187)

I guess I was thinking that since the above scenarios was a fairly large point in the description of the book, that they would be covered in a bit more detail.

One more nitpick:  Lucas describes Conficker as both a Virus and a Worm–It is most definitely a worm, not a virus–There is a difference…

The above nitpicks are not enough to diminish the 5 star rating I am giving NFA: I found it to be a great addition to my reference bookshelf, and I’m sure it will be creased and dogeared as I attempt to implement my own NetFlow analysis system this next year.

-Josh Brower

Review of “Time Management for System Administrators” Posted

Amazon just posted by 4 star review of Time Management for System Administrators by Thomas A. Limoncelli–I have reproduced it below, for those who don’t want to click the link here.

Beneficial for ALL SysAdmins

So why read a book on Time Management?  I feel like I already do a decent job of time management, but I had seen really good reviews of this book, and so I thought I would give it a try.

I knew this book was going to be good when I read the following in the Preface:

My home life looks alot like my work life–You should see the killer server I’ve setup at home.  Once I’ve finished tweaking it, I’m going to set up the same thing at work.  Very few occupations are like that.

He is describing me exactly!

This is the biggest reason why I enjoyed the book as well as I did–Because it wasn’t a generic time management book (a dime a dozen these days), but it was a time management book written specifically for system administrators.  So the situations and scenarios used in the book were very practical and applicable to me.

Limoncelli starts out with some basic time management principles (Focus vs. Interruptions, Routines, etc),  which I found helpful, but the main focus of the book is the Cycle System.

The Cycle System is made up of  three parts: a combined to do list and today’s schedule, a calendar, and a list of long-term life goals. It seems this system is a combined/modified system from other time management systems.

Overall, I found alot of the principles and tools of the Cycle System to be beneficial, and I have implemented about 70% of it into my workflow.  (The other 30% just did not fit my workplace environment.)

The last 6 chapters he deals with Prioritization, Stress Management, Email Management, Time Wasters, Documentation, and Automation.  Again, beneficial, except for the Documentation and Automation chapters, which I felt overlapped with the same sections of Limoncelli’s other book he has authored (The Practice of System & Network Administration), so I skipped them.

The writing style was enjoyable to read, and the scattered User Friendly comic strips helped break up the text.

Overall, I would give it a 4 out of 5 stars, as I would highly recommend it to all system/network administrators (even if you think you have great time management principles), bu I do feel that there was overlap in some of the chapters.

-Josh Brower

Tagged