Must check this also: a nice detailed comparison of Google and Microsoft’s offerings

When you’ve got a campus with 70,000 students and staff on it, all requiring some form of integrated cloud service, be it for email, scheduling, documents, or what have you, the decision-making process over which service to . . . → Read More: UC Berkeley Picks Google Over Microsoft In Battle Over Campus Cloud Services]]> Originally posted on TechCrunch, here.

Must check this also: a nice detailed comparison of Google and Microsoft’s offerings

When you’ve got a campus with 70,000 students and staff on it, all requiring some form of integrated cloud service, be it for email, scheduling, documents, or what have you, the decision-making process over which service to use is not a trivial one.

Fortunately, UC Berkeley considered it not only necessary, but a duty to the public to not just consider the options carefully but to explain those considerations. They’ve put up a nice detailed comparison of Google and Microsoft’s offerings (Apps and Office 365) as they relate to University business. Anyone or any institution thinking of doing a similar deployment may find it interesting reading.

For the rest of us, perhaps an executive summary will do:

Google essentially won out on flexibility and ease of use for both those implementing the system and their users. Migration from Cal’s local services to Google’s would take far less time, cost less money, and be far less complicated than if they had gone with Microsoft, whose installation process involves putting in local servers and replacing key services.

But it was far from a knockout; in fact, Google receives a drubbing in calendar features and integration, and in the specifics of the contracts. Microsoft’s robust calendar, built on years and years of enterprise work, is far superior to Google Calendar, which is made to be a simple, accessible, social tool. And Microsoft appears to have a contract that is more sensitive to, say, HIPAA requirements and other things important to a research university. Microsoft also ekes ahead on security, which isn’t surprising.

It seems that Berkeley felt that the most important thing was to have a good-enough system (with room for improvement) that’s familiar to its users. A quarter of Berkeley students are already on Gmail, which indicates the ubiquity of the service, and Microsoft was less yielding on a few features that would have to be migrated to their own solutions. Universities are patchworks of overlapping semi-compatible systems, but Cal appears to feel that Google’s system integrates and improves more than it fails (or necessitates changes in).

University digital infrastructure is a strange beast, and judging by the fact that both of these high-profile services have serious shortcomings, it may be that there’s room for someone to step in with a better solution. Students often have their own emails that they’d like to keep for as long as possible, and an @berkeley.edu one just isn’t important to them. They also are extremely likely to have smartphones, and those ownership numbers are only growing. We’ve seen some work on digitizing the content in our universities, but we’re still waiting on the breakthrough that definitively brings the university experience into the 21st century.

Berkeley’s existing agreements with Microsoft are unaffected (bulk software licenses and lots of specialty software). The announcement sent to students can be found here.

A year (or so) ago, we decided to put up a site for questions and answers. I thought that this will be a self sustained website, where users (with expertise of various levels) will help each other in solving problems. However, over the past year what I have noticed is that less . . . → Read More: Techsnail / WBITT forums are being shutdown permanently]]> Salam to all,

A year (or so) ago, we decided to put up a site for questions and answers. I thought that this will be a self sustained website, where users (with expertise of various levels) will help each other in solving problems. However, over the past year what I have noticed is that less and less people are posting their questions on these forums. That is primarily because of the reason that less and less questions are being answered. It is evident from the fact, that the last post was made in Oct 2011, which makes it almost 3 months old at this time of writing. My team members and I tried our best to answer as many questions as we could “in our spare time”, but we just could not keep up.

I have therefore decided to shut down the forums permanently. The (shut down) process will be completed by the end of 2011. If you have questions, and you want answers, you are advised to join http://linuxpakistan.net or htt://linuxquestions.org, or any other forum of your choice.

My sincere apologies to anyone who will be affected by this step. Sorry, this idea did not work out for us.

http://en-maktoob.news.yahoo.com/your-facebook-profile-could-get-you-the-sack-20111219.html

The advent of Wireless devices has caused a huge increase of the size of any given network. The ease of use, and less dependence on wire are few of the many advantages, that the Wireless technology bring in. However, this technology must be used carefully.

Many organizations are using Wireless . . . → Read More: Protecting your IT infrastructure from your own Wireless Access Point]]> (Originally published on http://wbitt.com, here.)

The advent of Wireless devices has caused a huge increase of the size of any given network. The ease of use, and less dependence on wire are few of the many advantages, that the Wireless technology bring in. However, this technology must be used carefully.

Many organizations are using Wireless Access Points to provide more flexibility, and so to speak “roaming” facility, to the users within the organization. The users, which may be an ordinary programmer, or the CEO, are enjoying the flexibility of sitting anywhere within the building, and yet remain connected to the network. The same is more useful, when there is a meeting or a training session, and all of a sudden there is a need of 20+ network connections. When wireless is being used, you don’t worry about 2 or 20 or 200, as there is no wired connection needed. (The only worry is availability of enough bandwidth, of-course).

This flexibility and availability can easily become a security hazard when not used correctly. In a wired network, you normally have only enough connections available to satisfy the needs of the total number of PCs in your network. In case some cracker wants to connect to your network and want to sniff, or steal your data, then he has to be physically connected to the network. Physical connection has it’s dangers, as the cracker has to be very close, normally inside the building, and may need to unplug the network cable from a PC to connect his laptop, etc. Crackers normally refrain from attempting any crimes in such networks. Or, the type and approach of attacks on these networks are different.

In case a wireless access point (WAP) exists in the network, then the attacker does not have to be anywhere close to building. He can perform his attacks from anywhere close enough to the building, where he can get good signal strength to launch his attack. This place can be the office of some other company on the other side of the hardboard wall, separating your office and the other office. (Common scenario in rented office areas, such as technology parks). It can be the waiting area for the visitors and guests coming into your physical premises during the working hours. Or, it can be a home, or cafeteria, or an office building on the other side of the road. And, with the help of wireless signal boosters and home made “cantennas”, you can expect your attacker to be anywhere, even a mile away!

Here is the point I am trying to highlight. When a Wireless Access Point is connected “directly” to your wired network segment, then it is as bad as sitting in an open field, with no protection at all. Even if you have a firewall device placed between your internet connection(s) and your LAN, that firewall is not protecting you from the crackers trying to break into your network, and steal your data coming in from the unprotected wireless access point. When you connect your wireless access point directly into your LAN switch, then the cracker sitting a mile away does not have to go through a firewall to get to what he needs. He simply connects to your wireless access point, and lands straight into your LAN. In this case, there is no internet involved, and no records are maintained at any ISP or router along the way. The cracker successfully avoided all that, thanking your system administrator (or you, if you are the system admin of this network). Don’t be surprised if he even leaves you a thank you note for the same!

If you are just a plastic trash-bin manufacturing company, then may be your data is not much value to you, or a cracker. But when you are a company with does research, or service integration, or deal with government departments and military organizations, then your data “is” important for you. And it is important to ensure it’s Confidentiality, Integrity and Availability.

As explained above, your data may nor be of any value to you or a cracker. However, that should not let you be easy on your network security. There may be no data, “but”, your network (and it’s resources, such as PCs, IPs, etc), can be used as a launch pad, to launch attacks on other “more juicy” targets, normally located outside of your network. This means, you still need to make sure that your IT infrastructure is secure, even if there is no valuable data.

Some system admins make a list of MAC addresses of the wireless network cards of all the wireless clients in an organization and add that to the wireless device, restricting allowed traffic only to/fro these MAC addresses. This is not a good solution for reasons:

1. It is not practical to keep track of all the MAC addresses of everyone in the organization. Especially, if the count of wireless devices is more than five.
2. Some cheap/in-expensive wireless access points have a restriction, that only allows a MAC list of about 20 addresses. In case you have more devices then it is again a problem.
3. Wireless devices (clients) come and go, all the time. It is not possible (not practical) to edit the MAC list every time some new device joins in, or leaves.
4. It is not difficult to spoof a MAC address. And if in case the cracker sees that a MAC address is in use during some time of the day, he will wait for the time when the device stops communicating with the wireless access point. Normally this happens at the day end, when the workers/employees go home. The employees of-course go home, and their laptops, etc, are turned off, or are disconnected; the MAC list still allows traffic from those MAC addresses. When a cracker sees this (who has been sniffing the network traffic, all day long, and noting MAC addresses), simply assigns (spoofs) one of the many “allowed” MAC addresses to the his laptop, and starts using your network.

To avoid all the problems described above, the best practice is to connect your wireless access point directly to a firewall, which in-turn should be connected to your wired LAN. This way, you can allow required (but limited) traffic flow between wired and wireless clients within the organization. Also, your wireless devices can be provided with (limited / controlled) internet access, through this firewall. One example can be, that you only allow/open windows files sharing ports on the firewall, between the wireless clients and the wired clients. You can, for example, allow only web and FTP traffic from your wireless clients towards the internet, and block the rest of traffic. In addition, you can restrict outgoing SSH traffic only from the wired network. Or, whatever suits you. This way, it would be difficult for a wireless client connected to your network, to launch an attack against your own LAN resources, or against some other network somewhere else in the world.

Be warned though, that connecting your wireless access point to a firewall, instead of plugging it in directly to your network switch, is not the only protection you should consider for your network. It should be your first logical step towards securing your network. In addition to this, you should beef-up your security profile by:

1. Connecting your wireless access point to a firewall, instead of plugging it in your LAN switch. (as mentioned above). You need to have an additional physical interface on the firewall for this to work.
2. Using WPA2 security mechanism in your wireless access point.
3. Encrypting the traffic flowing through your wireless access point using strong encryption, such as AES.
4. Restricting the type of traffic flowing between your wireless devices, your LAN devices and the internet, using the firewall.
5. Educate your users on how to use the system, and how to prevent security incidents from happening.

On the closing note, I would like to remind you, that data security is a responsibility of everyone in the organization, ranging from a normal user to the CEO. Be diligent.

What is Mikroik

Ans: MikroTik RouterOS™ is a router operating system and software which turns a regular Intel PC or MikroTik RouterBOARD™ hardware into a dedicated router.

About Comapny

MikroTik is a Latvian company which was founded in 1995 to develop . . . → Read More: Introduction to Mikrotik]]> Welcome to Mikrotik World

Before, dive into Mikrotik world,  I want to introduce Mikrotik

What is Mikroik

Ans: MikroTik RouterOS™ is a router operating system and software which turns a regular Intel PC or MikroTik RouterBOARD™ hardware into a dedicated router.

About Comapny

MikroTik is a Latvian company which was founded in 1995 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world.

Our experience in using industry standard PC hardware and complete routing systems allowed us in 1997 to create the RouterOS software system that provides extensive stability, controls, and flexibility for all kinds of data interfaces and routing.

In 2002 we decided to make our own hardware, and the RouterBOARD brand was born. We have resellers in most parts of the world, and customers in probably every country on the planet.

Features of Mikrotik

RouterOS is MikroTik’s stand-alone operating system based on linux v2.6 kernel. The following list shows features found in the latest RouterOS release:

Hardware Support

• i386 compatible architecture
• SMP – multi-core and multi-CPU compatible
• Minimum 32MB of RAM (maximum supported 2GB)
• IDE, SATA, USB and flash storage medium with minimum of 64MB space
• Network cards supported by linux v2.6 kernel (PCI, PCI-X)
• Partial hardware compatibility list (user maintained)
• Switch chip configuration support

Installation

• M:Netinstall: Full network based installation from PXE or EtherBoot enabled network card
• Netinstall: Installation to a secondary drive mounted in Windows
• CD based installation

Configuration

• MAC based access for initial configuration
• WinBox – standalone Windows GUI configuration tool
• Webfig – advanced web based configuration interface
• Basic web interface configuration tool
• Powerful command-line configuration interface with integrated scripting capabilities, accessible via local terminal, serial console, telnet and ssh
• API – the way to create your own configuration and monitoring applications.

Backup/Restore

• Binary configuration backup saving and loading
• Configuration export and import in human readable text format

Firewall

• Statefull filtering
• Source and destination NAT
• NAT helpers (h323, pptp, quake3, sip, ftp, irc, tftp)
• Internal connection, routing and packet marks
• Filtering by IP address and address range, port and port range, IP protocol, DSCP and many more
• Address lists
• Custom Layer7 matcher
• IPv6 support
• PCC – per connection classifier, used in load balancing configurations

Routing

• Static routing
• Virtual Routing and Forwarding (VRF)
• Policy based routing
• Interface routing
• ECMP routing
• IPv4 dynamic routing protocols: RIP v1/v2, OSPFv2, BGP v4
• IPv6 dynamic routing protocols: RIPng, OSPFv3, BGP
• Bidirectional Forwarding Detection ( BFD)

MPLS

• Static Label bindings for IPv4
• Label Distribution protocol for IPv4
• RSVP Traffic Engineering tunnels
• VPLS MP-BGP based autodiscovery and signaling
• MP-BGP based MPLS IP VPN
• complete list of MPLS features

VPN

• Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols. Hardware encryption support on RouterBOARD 1000.
• Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP, SSTP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels ( IPIP, EoIP) IPv4 andIPv6 support
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support
• MPLS based VPNs

Wireless

• IEEE802.11a/b/g wireless client and access point
• Full IEEE802.11n support
• Nstreme and Nstreme2 proprietary protocols
• NV2 protocol
• Wireless Distribution System (WDS)
• Virtual AP
• WEP, WPA, WPA2
• Access control list
• Wireless client roaming
• WMM
• HWMP+ Wireless MESH protocol
• MME wireless routing protocol

DHCP

• Per interface DHCP server
• DHCP client and relay
• Static and dynamic DHCP leases
• RADIUS support
• Custom DHCP options
• DHCPv6 Prefix Delegation (DHCPv6-PD)
• DHCPv6 Client

Hotspot

• Plug-n-Play access to the Network
• Authentication of local Network Clients
• Users Accounting
• RADIUS support for Authentication and Accounting

QoS

• Hierarchical Token Bucket ( HTB) QoS system with CIR, MIR, burst and priority support
• Simple and fast solution for basic QoS implementation – Simple queues
• Dynamic client rate equalization ( PCQ)

Proxy

• HTTP caching proxy server
• Transparent HTTP proxy
• SOCKS protocol support
• DNS static entries
• Support for caching on a separate drive
• Parent proxy support
• Access control list
• Caching list

Tools

• Ping, traceroute
• Bandwidth test, ping flood
• Packet sniffer, torch
• Telnet, ssh
• E-mail and SMS send tools
• Automated script execution tools
• CALEA
• File Fetch tool
• Advanced traffic generator

Other features

• Bridging – spanning tree protocol (STP, RSTP), bridge firewall and MAC natting.
• Dynamic DNS update tool
• NTP client/server and synchronization with GPS system
• VRRP v2 and v3 support
• SNMP
• M3P – MikroTik Packet packer protocol for wireless links and ethernet
• MNDP – MikroTik neighbor discovery protocol, supports CDP (Cisco discovery protocol)
• RADIUS authentication and accounting
• TFTP server
• Synchronous interface support (Farsync cards only) (Removed in v5.x)
• Asynchronous – serial PPP dial-in/dial-out, dial on demand
• ISDN – dial-in/dial-out, 128K bundle support, Cisco HDLC, x75i, x75ui, x75bui line protocols, dial on demand

You can install Mikrotik on regular PC but a dedicated Mikrotik RouterBoards are available to install

You can get verious RouterBoards on the official website

http://www.routerboard.com/

So, before install Mikrotik on Real hardware, I want to explore on Virtual environment. I will use VirtualBox but . . . → Read More: How to install Mikrotik in Virtual Environment]]> In this post, I will discuss how to install Mikrotik

You can install Mikrotik on regular PC but a dedicated Mikrotik RouterBoards are available to install

You can get verious RouterBoards on the official website

http://www.routerboard.com/

So, before install Mikrotik on Real hardware, I want to explore on Virtual environment. I will use VirtualBox but you can use Vmware Workstation on Windows or linux Systems.

According to the Mikrotik, basic requirments are

IA32 Hardware requirements

• Click on Next
• Enter name of Virtual OS (as you wish) & select operating system type ( choose Linux – Other linux)
• Enter amount of RAM (64 MB is sufficient for Demo, you can increase it to 2GB)
• Click on Next( No need to change the values)
• Finally click on create

Finally We have created  a Virtual Machine of Mikrotik

Now

step 2: Install Mikrotik

Note: Before start Machine go to Settings-> Network -> Select Network Adapter (If you have working interface LAN / WLAN then you can choose Bridge if you don’t have then Select host only)

• Start the Virtual Machine in VirtualBox Home.
• Follow the Wizard & click on next
• Select installation media (Physical Disk / ISO file) You can download ISO image from Mikrotik official website
• Finally click on start

• Select packages & press i to install & follow instructions
• It will format theHDD & automatically install the Mikrotik.

Congratulations you have installed Mikrotik but before enter to reboot remove the Media or ISO image.

Now you can access OS by the console, but if you are not famalier with  CLI then you can use Mikrotik Graphical tool named Winbox.

You can Download it from official Mikrotik Site (Download Section)

but there is problem, OS doesn’t have any ip so you can accessby the MAC.

• Run the Winbox & click on marked button

• It is prompting you to 2 connection, just click on MAC Address
• Enter user name : admin & Password : Block
• Connect

If you getting any problem then you can assign IP Address to the OS or want to connect Winbox by the IP

• Go to Virtual Machine Cosole
• Enter User name : admin & Password is blank so enter
• First of all check the interfaces

[admin@Mikrotik]>interface print

It will show ether1 as interface, now assign IP Address to interface

[admin@Mikrotik]>ip address add address=192.168.1.50/24 interface=ether1

(* If you are using bridge interface and you physical interface in the 192.168.1.0/24 network then you can assign this ip. If you selected Host-only Interface then assign 192.168.56.101/24 as IP because in the Virtaulbox host-Only adapters works in this network.)

Now again as well as last connect the Winbox by the IP address

This is Winbox GUI Interface.

Congratulations you have installed & access the Fresh Mikrotik OS.

In next Section / post I will configure the Mikrotuk OS.

Regards

Amit Kumar Sinsinwar

amit@hindicbts.com

My tribute to a great legend, . . . → Read More: Dennis Ritchie, co-creator of Unix and designer of the C programming language, has died …]]> Dennis Ritchie, co-creator of Unix and designer of the C programming language, has died, on October 12, 2011, at the age of 70. The cause and exact time of death have not been disclosed. He had been in frail health for several years following treatment for prostate cancer and heart disease.

My tribute to a great legend, who I admired, and respected a lot. Though, I never met him in person; I wish I could.

• http://en.wikipedia.org/wiki/Dennis_Ritchie
• http://www.informit.com/articles/article.aspx?p=1761787
• http://cm.bell-labs.com/who/dmr/
• http://www.nytimes.com/2011/10/14/technology/dennis-ritchie-programming-trailblazer-dies-at-70.html

Few of Ritchies quotes:

• “UNIX is very simple, it just needs a genius to understand its simplicity.”
• C has “the power of assembly language and the convenience of… assembly language.”