FreeBSD hands down. I've got detailed documentation that's rather outdated but still applicable. The configuration is straight forward and the main packages are IPF, IPNAT, squid, snort, bind, sendmail and sshguard I've used the documentation for as long as I've been on/.
The outfit I currently work for disposes of an unbelievable amount of hardware, including hard drives. Due to *government* requirements, every drive gets disposed of via a company that comes to the site with a portable shredder. Every drive is inventoried prior to removal, secured in a lock box, inventoried prior to disposal, and then shredded. The outfit I work for destroys so much shit it makes me ill. It's so wasteful it boggles the mind. I guess when you're in the business of making money from money, you can afford it. Too bad none of the bean counters have a clue as to how much they'd recoup if they sold the stuff they threw away instead of paying a disposal outfit to take it.
I would find it not only ironic but infuriating if my daughter's college would ban laptop use, since the purchase of a Mac was mandatory given her chosen major. The real question here is when is laptop use appropriate? Certain classes dictate the use of a laptop. If it's internet use that's detracting from the classroom experience, then as some folks mentioned, simply turn off the wireless for that area.
...takes second chair to liability. We award people that lack common sense with finanacial gain.
Put a hot cup of coffee between your legs and get burned? Cash! Pump a tankful of gas and light a cigarette while wearing the gloves you spilled some gas on? Voila! CASH! Cut your thumb off because you weren't paying attention to the rapidly spinning blade on the table? MORE CASH!
No one take responsibility for their stupidity or recklessness anymore. So next time I'm swinging a hammer and I bust my thumb open, I guess I'll have to find me a lawyer that can get me a few bucks for my pain and suffering.
SUCK IT UP LOSERS. Take some responsibility for your own stupidity!!!
...back when I was in college. Part of my CS studies included classes that involved coding for the AS/400, the VAX/VMS and COBOL. I had the good misfortune of being at a school that was rather relaxed in terms of security and almost everyone left their "password" the same as their user ID, which just happened to be the same name used for their personal directories. It didn't take much time to sort thru every possible directory and copy every possible file you could to "learn from example". During the next semester, I managed to finish all the labs for my first course of C programming in 3 weeks, and I got a "B" on the final. Did I cheat? Yeah, I guess you could call it that. Did I learn anything? Sure did. Take security seriously.
Regardless, anyone that deals with spam on any level knows that targeted attacks (spear phishing...who the hell coined that?) are *not* the primary focus of appliances like the Ironport. Being an Ironport admin I know from experience with both Ironport and Puremessage (PerlMX) that the priority of these devices is to focus on QUANTITY. The volume of messages coming into a firm or company is more important than the targeted individual, not to mention that the target should exercise a little discretion and common sense when opening an email message coming from *anyone*, especially someone (in)famous like Bill Gates.
Local mail reader programs (and spam admins with time on their hands) are the front lines for targeted email attacks. Just like a good suit of armor, any good firewall design uses multiple devices to prevent penetration. The same thing holds true with email, and the targeted attack that gets past the first layer of security (routing MTA or spam appliance) should be handled by the second layer (the Mail Server) or the third layer (the desktop client).
From my own personal experience, custom rulesets are created on the Ironport or the Outlook/Lotus Notes client and the targeted attack is usually dealt with "after the fact". Its unfortunate that it gets done that way, but coming from a firm that used to handle millions of messages a day, the frequency of targeted attacks based on volume were insignificant. Either way, this is nothing new. It's like discovering the moon.
Give educational institutions the right to record any DVD with the provision that the DVD burner places a watermark in the lower right hand corner that states the institution name (Like IU or PennState, etc) and "For Educational Use ONLY".
There's a lot more rational way of making things happen. It's just that the MPAA and RIAA are more worried about the profits than they are about the "copyrights". Any MPAA or RIAA lawyer that tells you otherwise is full of crap.
I experienced the content problem first hand about a year ago. I have a FreeBSD server running NAT and using squid for proxying traffic to the internet. Since I routinely update my server at home to be a close copy of the servers I configure for the offices where I used to work, I was cruising thru the logs one day and noted several hours worth of internet porn URLs in the squid logs.
So I went into/usr/local/etc/squid/errors/English and edited ERR_ACCESS_DENIED with a nice custom message, then modified/usr/local/etc/squid/squid.conf by adding something similar to the following lines, putting partial domain names where "nameX" is:
For me this was beneficial in three ways. One, it gave me a little practice on filtering content via squid using ACLs. Two, it let my son know that no matter what he's doing, I have a pretty good idea what it is, and finally the entertainment benefit I received thanks to the modified ERR_ACCESS_DENIED which essentially ripped on him than told him to call my cell phone when he got done reading the page. It was about 4:30pm the next morning when I got a phone call from him that was all of two words: "I'm Sorry".
Not everyone has the time or patience or desire to create ACLs, keep them updated, setup and maintain your own proxy server, but there's really nothing to it and the benefit is in the knowledge that you can keep random tabs on everything without the kids feeling like you're intruding.
I'm not going to sit here and lie to you. Not everyone can just visit a friend for lunch and walk away with an IT job for dessert, but that's exactly what happened to me. I was an AutoCAD draftsman that happened to get into gaming, then deeper into computer modding, and eventually networking and ultimately started teaching myself UNIX. I was working at a local independent telco when a friend invited me to Chicago for lunch one day. I saw the server room, found my self in awe of it's row upon row of servers, and in an odd twist of fate my friend's boss (and my future boss) got to chatting with me, discovered I was ex-Military and offered me a job on the spot.
I've got a few classes @ Purdue, (actually 3 left to get my associates degree) but no degree. I may not make what other UNIX admins in Chicago make, but I'm comfortable at my job, relatively secure in my position (only UNIX admin, 50+ servers, flying solo) and I get training "on the house" every year.
So yes, you can get a good paying IT job without a degree. I may be one of the few, but it can be done.
Forgive me if someone's already posted this, but in testing MidpSSH I attempted to connect to my server at home and being the security conscious person I am, immediately noted the IP address that I was connecting from was not from the Blackberry itself, but from one of the many FreeBSD proxy servers I maintain at work. It then dawned on me that since we operate our own BES servers, I attempted to login to the FreeBSD server via it's LAN address and lo and behold, I was actually logging into the FreeBSD server from the BES server's IP.
Regardless of all our security, RSA tokens, VPN access, secure gateways, etc, my Blackberry is now a backdoor into Pandora's Box. When I showed the LAN architect, he immediately freaked out. Since our BES servers aren't in the DMZ and actually goto the internet using NAT via a FreeBSD server (behind a netscreen and a router), the "flaw" is actually inherent to the design.
On a good note, I made $20 bucks on the bet that I could prove I could own the network via my Blackberry.:)
The US Senate Committee on Commerce, Science, and Transportation passed S. 704, a bill that would make it a crime to spoof caller ID.
Dubbed the "Truth in Caller ID Act of 2007," the bill would outlaw causing "any caller identification service to transmit misleading or inaccurate caller identification information" via "any telecommunications service or IP-enabled voice service." Law enforcement is exempted from the rule.
Specifically these sections:
SEC. 2. PROHIBITION REGARDING MANIPULATION OF CALLER IDENTIFICATION INFORMATION.
Section 227 of the Communications Act of 1934 (47 U.S.C. 227) is amended -
(1) by redesignating subsections (e), (f), and (g) as subsections (f), (g), and (h), respectively; and
(2) by inserting after subsection (d) the following new subsection:
`(e) Prohibition on Provision of Inaccurate Caller Identification Information. -
`(1) IN GENERAL - It shall be unlawful for any person within the United States, in connection with any telecommunications service or IP-enabled voice service, to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value, unless such transmission is exempted pursuant to paragraph (3)(B).
`(3) REGULATIONS -
`(A) IN GENERAL - Not later than 6 months after the enactment of this subsection, the Commission shall prescribe regulations to implement this subsection.
`(B) CONTENT OF REGULATIONS -
`(i) IN GENERAL - The regulations required under subparagraph (A) shall include such exemptions from the prohibition under paragraph (1) as the Commission determines is appropriate.
`(ii) SPECIFIC EXEMPTION FOR LAW ENFORCEMENT AGENCIES OR COURT ORDERS - The regulations required under subparagraph (A) shall exempt from the prohibition under paragraph (1) transmissions in connection with -
`(I) any authorized activity of a law enforcement agency; or
`(II) a court order that specifically authorizes the use of caller identification manipulation.
Law enforcement is negligent if they fail to take action. IMO - If the Law doesn't work, the local newspaper and/or television station might get the ball rolling.
I'm actually waiting for this to happen to me. When it does, I plan on opening the laptop, turning it on, and letting it tumble from my hands to the floor.
God bless the Dell gold full replacement warranty.
In a 24 hour period we've gone from a peak of about 75,000 messages at 9pm CST last night to a low of 40,000 messages incoming today, 97.3% of which are spam. Total for the last 24 hours on that single Ironport (we have 4 in production and one in the lab) is 1.4 Million attempted messages, of which 36.1 thousand were clean.
So all things taken into consideration, consider yourself fortunate. We're still seeing a trend that indicates that over 97% of all incoming mail is garbage.
I'm glad you said it.
I've been both a mechanical draftsman and an architectural draftsman and if anyone thinks for a minute that a carpenter wants to see some fancy, candy ass 3D drawing of a house on paper then you've never been a laborer or a framer, and I've been both.
In my experience, tradesman, especially carpenters, want accurate, easy to read blueprints that don't have a bunch of eye candy. In the same respect, the guy setting up a steel coil slitting line doesn't give a damn that someone drew the slitter rolls in 3D. He's concerned that the slitter, flattenter, stacker, shear, etc. are all lined up properly. They want flat plans for this. 2D plans.
3D, IMO is great for modeling, great for design theory, and great for places that use CNC machining and like all things there's a PLACE for 3D, and there's a place for 2D. Anyone that thinks 2D drafting is obsolete or outdated has probably never gotten their hands dirty either.
Personally, I'd sit back in my little space and grind toward level 70. You figure 8hrs a day, for the next 20 days you should get pretty far. I mean, you get to play WoW or any other game and you'll paid to do it. No point in worrying about your responsibilities in light of the fact that they stripped your access.
The site is up - Looks like they were actually redesigning the website while it was off line. Here's the URL: http://www.psystar.com/openmac_the_apple_alternative.html
If I had some cash to blow, I'd buy one now. Hopefully the site will last long enough for me to get that vaporware government check we've all been hearing about.
First of all, anyone that's been in the military was probably at one time or another issued a "used" NBC suit for training purposes. It's nothing more than an overgarment with a layer of activated charcoal in it. The canister is basically the same. In the 80's when I was in the Army you could come across these things a dime a dozen in any supply room and most of us had two of everything: One for the field and one for inspections. Field gear we kept tucked away either in a spare duffle or on our tank (I was an M1 driver in Germany back then). We had spare flack jackets, spare boots, spare lanterns, cases of MREs (I hear they're better now.) and if we could get spare tools we'd have them too. Since none of the "spare" stuff was ever on the books (it wasn't like our BII was issued with 2 of everything) whatever we had when we'd PCS would follow us to our next duty station, and eventually home.
As for F14 parts, that's a bit scary, but if anyone's ever taken a look at Grassroots Motorsports, there's a corvette in there that actually uses an M1 engine cooling fan for a suction device to make the car stick to the track. I guess if you can buy surplus M1 parts you can get F14 parts somewhere too.
Send it to me. I think it's a pointless venture giving an embarassment like SCO 100 million to pursue litigation for a lost cause. On the other hand, if they gave me the 100 million I'd be happy to create a business dedicated to designing corporate networks using UNIX and even give some of the SCO engineers a chance at a career.
Slashdot Mirror
FreeBSD hands down. /.
I've got detailed documentation that's rather outdated but still applicable.
The configuration is straight forward and the main packages are IPF, IPNAT, squid, snort, bind, sendmail and sshguard
I've used the documentation for as long as I've been on
http://www.faqs.org/espionage/Lo-Mo/Microwave-Weaponry-High-Power-HPM.html
...what's the point?
'nuff said.
The outfit I currently work for disposes of an unbelievable amount of hardware, including hard drives. Due to *government* requirements, every drive gets disposed of via a company that comes to the site with a portable shredder. Every drive is inventoried prior to removal, secured in a lock box, inventoried prior to disposal, and then shredded. The outfit I work for destroys so much shit it makes me ill. It's so wasteful it boggles the mind. I guess when you're in the business of making money from money, you can afford it. Too bad none of the bean counters have a clue as to how much they'd recoup if they sold the stuff they threw away instead of paying a disposal outfit to take it.
Then enforce it. Make some examples. I know it sucks but lay down the law once or twice and it'll make a difference.
I would find it not only ironic but infuriating if my daughter's college would ban laptop use, since the purchase of a Mac was mandatory given her chosen major. The real question here is when is laptop use appropriate? Certain classes dictate the use of a laptop. If it's internet use that's detracting from the classroom experience, then as some folks mentioned, simply turn off the wireless for that area.
...takes second chair to liability. We award people that lack common sense with finanacial gain.
Put a hot cup of coffee between your legs and get burned? Cash!
Pump a tankful of gas and light a cigarette while wearing the gloves you spilled some gas on? Voila! CASH!
Cut your thumb off because you weren't paying attention to the rapidly spinning blade on the table? MORE CASH!
No one take responsibility for their stupidity or recklessness anymore. So next time I'm swinging a hammer and I bust my thumb open, I guess I'll have to find me a lawyer that can get me a few bucks for my pain and suffering.
SUCK IT UP LOSERS. Take some responsibility for your own stupidity!!!
...back when I was in college. Part of my CS studies included classes that involved coding for the AS/400, the VAX/VMS and COBOL. I had the good misfortune of being at a school that was rather relaxed in terms of security and almost everyone left their "password" the same as their user ID, which just happened to be the same name used for their personal directories. It didn't take much time to sort thru every possible directory and copy every possible file you could to "learn from example". During the next semester, I managed to finish all the labs for my first course of C programming in 3 weeks, and I got a "B" on the final. Did I cheat? Yeah, I guess you could call it that. Did I learn anything? Sure did. Take security seriously.
Not to mention, it was written back in October.
Regardless, anyone that deals with spam on any level knows that targeted attacks (spear phishing...who the hell coined that?) are *not* the primary focus of appliances like the Ironport. Being an Ironport admin I know from experience with both Ironport and Puremessage (PerlMX) that the priority of these devices is to focus on QUANTITY. The volume of messages coming into a firm or company is more important than the targeted individual, not to mention that the target should exercise a little discretion and common sense when opening an email message coming from *anyone*, especially someone (in)famous like Bill Gates.
Local mail reader programs (and spam admins with time on their hands) are the front lines for targeted email attacks. Just like a good suit of armor, any good firewall design uses multiple devices to prevent penetration. The same thing holds true with email, and the targeted attack that gets past the first layer of security (routing MTA or spam appliance) should be handled by the second layer (the Mail Server) or the third layer (the desktop client).
From my own personal experience, custom rulesets are created on the Ironport or the Outlook/Lotus Notes client and the targeted attack is usually dealt with "after the fact". Its unfortunate that it gets done that way, but coming from a firm that used to handle millions of messages a day, the frequency of targeted attacks based on volume were insignificant. Either way, this is nothing new. It's like discovering the moon.
-Phil
After this, the next time someone tells you that you've been "REPORTED!!!" maybe you'll take it seriously. LOL!!
Give educational institutions the right to record any DVD with the provision that the DVD burner places a watermark in the lower right hand corner that states the institution name (Like IU or PennState, etc) and "For Educational Use ONLY".
There's a lot more rational way of making things happen. It's just that the MPAA and RIAA are more worried about the profits than they are about the "copyrights". Any MPAA or RIAA lawyer that tells you otherwise is full of crap.
I experienced the content problem first hand about a year ago. I have a FreeBSD server running NAT and using squid for proxying traffic to the internet. Since I routinely update my server at home to be a close copy of the servers I configure for the offices where I used to work, I was cruising thru the logs one day and noted several hours worth of internet porn URLs in the squid logs.
So I went into /usr/local/etc/squid/errors/English and edited ERR_ACCESS_DENIED with a nice custom message, then modified /usr/local/etc/squid/squid.conf by adding something similar to the following lines, putting partial domain names where "nameX" is:
#ACL List to block porn sites
acl blockregurl url_regex -i name1
acl blockregurl url_regex -i name2
acl blockregurl url_regex -i name3
http_access deny blockregurl
For me this was beneficial in three ways. One, it gave me a little practice on filtering content via squid using ACLs. Two, it let my son know that no matter what he's doing, I have a pretty good idea what it is, and finally the entertainment benefit I received thanks to the modified ERR_ACCESS_DENIED which essentially ripped on him than told him to call my cell phone when he got done reading the page. It was about 4:30pm the next morning when I got a phone call from him that was all of two words: "I'm Sorry".
Not everyone has the time or patience or desire to create ACLs, keep them updated, setup and maintain your own proxy server, but there's really nothing to it and the benefit is in the knowledge that you can keep random tabs on everything without the kids feeling like you're intruding.
(until you do, that is)
I'm not going to sit here and lie to you. Not everyone can just visit a friend for lunch and walk away with an IT job for dessert, but that's exactly what happened to me. I was an AutoCAD draftsman that happened to get into gaming, then deeper into computer modding, and eventually networking and ultimately started teaching myself UNIX. I was working at a local independent telco when a friend invited me to Chicago for lunch one day. I saw the server room, found my self in awe of it's row upon row of servers, and in an odd twist of fate my friend's boss (and my future boss) got to chatting with me, discovered I was ex-Military and offered me a job on the spot.
I've got a few classes @ Purdue, (actually 3 left to get my associates degree) but no degree. I may not make what other UNIX admins in Chicago make, but I'm comfortable at my job, relatively secure in my position (only UNIX admin, 50+ servers, flying solo) and I get training "on the house" every year.
So yes, you can get a good paying IT job without a degree. I may be one of the few, but it can be done.
-Phil
Forgive me if someone's already posted this, but in testing MidpSSH I attempted to connect to my server at home and being the security conscious person I am, immediately noted the IP address that I was connecting from was not from the Blackberry itself, but from one of the many FreeBSD proxy servers I maintain at work. It then dawned on me that since we operate our own BES servers, I attempted to login to the FreeBSD server via it's LAN address and lo and behold, I was actually logging into the FreeBSD server from the BES server's IP.
Regardless of all our security, RSA tokens, VPN access, secure gateways, etc, my Blackberry is now a backdoor into Pandora's Box. When I showed the LAN architect, he immediately freaked out. Since our BES servers aren't in the DMZ and actually goto the internet using NAT via a FreeBSD server (behind a netscreen and a router), the "flaw" is actually inherent to the design.
On a good note, I made $20 bucks on the bet that I could prove I could own the network via my Blackberry. :)
The US Senate Committee on Commerce, Science, and Transportation passed S. 704, a bill that would make it a crime to spoof caller ID.
Dubbed the "Truth in Caller ID Act of 2007," the bill would outlaw causing "any caller identification service to transmit misleading or inaccurate caller identification information" via "any telecommunications service or IP-enabled voice service." Law enforcement is exempted from the rule.
Specifically these sections:
SEC. 2. PROHIBITION REGARDING MANIPULATION OF CALLER IDENTIFICATION INFORMATION.
Section 227 of the Communications Act of 1934 (47 U.S.C. 227) is amended -
(1) by redesignating subsections (e), (f), and (g) as subsections (f), (g), and (h), respectively; and
(2) by inserting after subsection (d) the following new subsection:
`(e) Prohibition on Provision of Inaccurate Caller Identification Information. -
`(1) IN GENERAL - It shall be unlawful for any person within the United States, in connection with any telecommunications service or IP-enabled voice service, to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value, unless such transmission is exempted pursuant to paragraph (3)(B).
`(3) REGULATIONS -
`(A) IN GENERAL - Not later than 6 months after the enactment of this subsection, the Commission shall prescribe regulations to implement this subsection.
`(B) CONTENT OF REGULATIONS -
`(i) IN GENERAL - The regulations required under subparagraph (A) shall include such exemptions from the prohibition under paragraph (1) as the Commission determines is appropriate.
`(ii) SPECIFIC EXEMPTION FOR LAW ENFORCEMENT AGENCIES OR COURT ORDERS - The regulations required under subparagraph (A) shall exempt from the prohibition under paragraph (1) transmissions in connection with -
`(I) any authorized activity of a law enforcement agency; or
`(II) a court order that specifically authorizes the use of caller identification manipulation.
Law enforcement is negligent if they fail to take action. IMO - If the Law doesn't work, the local newspaper and/or television station might get the ball rolling.
I'm actually waiting for this to happen to me. When it does, I plan on opening the laptop, turning it on, and letting it tumble from my hands to the floor. God bless the Dell gold full replacement warranty.
mayor@ci.sheboygan.wi.us Man.. could you imagine being slashdotted in SHEBOYGAN. Someone please email Johnny B at the Loop (WLUP) and let him know!!!
In a 24 hour period we've gone from a peak of about 75,000 messages at 9pm CST last night to a low of 40,000 messages incoming today, 97.3% of which are spam. Total for the last 24 hours on that single Ironport (we have 4 in production and one in the lab) is 1.4 Million attempted messages, of which 36.1 thousand were clean.
So all things taken into consideration, consider yourself fortunate. We're still seeing a trend that indicates that over 97% of all incoming mail is garbage.
-Phil
This is awesome - time to dig out the old Lynx browser and start crafting websites in vi again!!
I'm glad you said it. I've been both a mechanical draftsman and an architectural draftsman and if anyone thinks for a minute that a carpenter wants to see some fancy, candy ass 3D drawing of a house on paper then you've never been a laborer or a framer, and I've been both. In my experience, tradesman, especially carpenters, want accurate, easy to read blueprints that don't have a bunch of eye candy. In the same respect, the guy setting up a steel coil slitting line doesn't give a damn that someone drew the slitter rolls in 3D. He's concerned that the slitter, flattenter, stacker, shear, etc. are all lined up properly. They want flat plans for this. 2D plans. 3D, IMO is great for modeling, great for design theory, and great for places that use CNC machining and like all things there's a PLACE for 3D, and there's a place for 2D. Anyone that thinks 2D drafting is obsolete or outdated has probably never gotten their hands dirty either.
Personally, I'd sit back in my little space and grind toward level 70. You figure 8hrs a day, for the next 20 days you should get pretty far. I mean, you get to play WoW or any other game and you'll paid to do it. No point in worrying about your responsibilities in light of the fact that they stripped your access.
The site is up - Looks like they were actually redesigning the website while it was off line. Here's the URL: http://www.psystar.com/openmac_the_apple_alternative.html If I had some cash to blow, I'd buy one now. Hopefully the site will last long enough for me to get that vaporware government check we've all been hearing about.
First of all, anyone that's been in the military was probably at one time or another issued a "used" NBC suit for training purposes. It's nothing more than an overgarment with a layer of activated charcoal in it. The canister is basically the same. In the 80's when I was in the Army you could come across these things a dime a dozen in any supply room and most of us had two of everything: One for the field and one for inspections. Field gear we kept tucked away either in a spare duffle or on our tank (I was an M1 driver in Germany back then). We had spare flack jackets, spare boots, spare lanterns, cases of MREs (I hear they're better now.) and if we could get spare tools we'd have them too. Since none of the "spare" stuff was ever on the books (it wasn't like our BII was issued with 2 of everything) whatever we had when we'd PCS would follow us to our next duty station, and eventually home. As for F14 parts, that's a bit scary, but if anyone's ever taken a look at Grassroots Motorsports, there's a corvette in there that actually uses an M1 engine cooling fan for a suction device to make the car stick to the track. I guess if you can buy surplus M1 parts you can get F14 parts somewhere too.
Send it to me. I think it's a pointless venture giving an embarassment like SCO 100 million to pursue litigation for a lost cause. On the other hand, if they gave me the 100 million I'd be happy to create a business dedicated to designing corporate networks using UNIX and even give some of the SCO engineers a chance at a career.