The Internet as we know it is undergoing a significant change. With the last IPv4 addresses being allocated out, the Internet has officially run out of address space. IPv6 is the next-generation IP addressing system that aims to resolve this issue however the changes proposed are drastically different than the current IP schema currently in place and for most is quite a daunting task to switch. In this post, we will cover some basic IPv6 information and some fundamental differences between v4 and v6 (aside from tons of IPs), and finally we will build out a pfSense firewall with IPv6 using pfSense and a free IPv6 tunnel provided by Hurricane Electric. Read more to get started on the cutting-edge of Internet infrastructure. (continue reading…)
After publishing the last post on networking and the security series, I felt it was necessary to go ahead and publish a piece on building a custom router. I have been a fan of pfSense for the past four years and swear by it. It has the ease of use of a commercial GUI-driven router and unrivaled flexibility limited only by the hardware it is installed on. In this howto article, we will cover installing pfSense on an embedded platform and initial configuration for getting your router up and running.
In this post, I will review a recently acquired WD TV Live Plus purchased from Microcenter for around $100. The quest was to find a media player solution that could read media from network shares and play them with minimal fuss. Since this is going to be attached to the primary TV, it has to be “Girlfriend Approved” and easy to use. I believe that the WD TV Live Plus fits this requirement adequately however the installation of the device could be easier. Once done, the device is wonderful. Read the full review after the break.
Structured wiring in businesses and the enterprise are as expected as the sun shining and a regular paycheck, however in the home a structured wiring solution can be an unexpected gift from the Gods of Ethernet. While structured wiring in an apartment complex is usually done central to a utility closet or shelf, sometimes the central point isn’t always convenient for your router or you find yourself needing to run multiple networks. In this tutorial, I will show you how to turn one structured wiring drop into two drops for carrying two different network segments, something that can be of benefit should you ever need it. (continue reading…)
In this final article in the three part Ubuntu IDS series, we will go over installing, compiling and configuring Snort and Nessus on our new IDS device. We will use Snort to analyze traffic as seen by the IDS and we will use Nessus to perform vulnerability testing on the network. The process for installing Snort will also cover installing SnortReport provided by Symmetrix Technologies so we can translate Snort’s cryptic messages into a more readable format that we can take action on. Read on as we wrap up the installation and finish our IDS device.
In an earlier article, I demonstrated how you can build a passive monitoring device for an Ethernet network as the first part to a three part project to build a home IDS device. In this article, the second in the series, I will describe how to set up the networking for an IDS using the passive tap that I built earlier.This setup will involve using a technique called bonding to take two physical interfaces and bond them together, creating a logical interface that we can use for Snort. This article will also explain where is the best location to place the tap and what you can expect to see once the networking is set up using common Linux utilities like tcpdump.
One of the things that the GCIA study has taught me is that being able to monitor the network your computer is on is a critical necessity to maintaining a secure network. Corporate environments can set up IDS devices to monitor traffic however monitoring doesn’t work unless you have proper connectivity to what you want to monitor. Unfortunately, most of us don’t have central wiring in our house and expensive managed switches that can set up span sessions with which to monitor traffic in transit. In this HOWTO, I will cover how to build your own monitoring connection that you can use on your own network to monitor traffic without breaking the bank. This article is first in a three part series on how to build your own home IDS for monitoring your network traffic. Look for the other two sections soon!