Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s web-cast was directed at providing a mechanism to measure the cost of IT, or simply put, the cost per employee (CPE).  As IT complexity rises in organizations so does cost.  The model of providing ‘IT as a Service’ is geared to reduce cost without compromising the quality of service.  This also allows IT to focus on solving more complex problems with customized applications instead of provisioning a desktop. And thus drives the value of IT to a greater alignment to the business objectives and outcomes. 

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s web-cast was directed at providing a mechanism to measure the cost of IT, or simply put, the cost per employee (CPE).  As IT complexity rises in organizations so does cost.  The model of providing IT as a Service is geared to reduce cost without compromising the quality of service.  This also allows IT to focus on solving more complex problems with customized applications instead of provisioning a desktop. And thus drives the value of IT to a greater alignment to the business objectives and outcomes. 

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s webcast was directed at providing a mechanism to measure the cost of IT, or simply put, the cost per employee (CPE).  As IT complexity rises in organizations so does cost.  The model of providing IT as a Service is geared to reduce cost without compromising the quality of service.  This also allows IT to focus on solving more complex problems with customized

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s webcast was directed at providing a mechanism to measure the cost of IT, or simply put the cost per employee (CPE).  As IT complexity rises in organizations so does cost.  The model of providing IT as a Service is geared to reduce cost without comprom 

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s webcast was directed at providing a mechanism to measure the cost of IT, or simply put the cost per employee . 

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s webcast was directed at providing a mechanism to measure the cost of IT, or simply pu. 

Yesterday we covered how IT is evolving to become a utility.  The focus of the second part of simplyfi IT’s webcast

Yesterday we covered how IT is evolving to become a utility.  T

Come join us to learn more about persistent threats in a global world. Advanced Persistent Threats are escalating. Are you ready?

Mobile & Cloud computing are exciting trends that are driving business growth but also bring with them increased risk. In many cases, these varied platforms being brought into the company by the business and then dropped into your lap to figure out the security impact on the company.

And the security risk is real. Here’s a few highlighted by CSO Magazine, online:

• Smart Phone (and tablet) Data breaches
• Need for better access control and identity management
• The Risk of multiple cloud tenants
• Ongoing compliance concerns
• Need and emergence for cloud standards and certifications.

And these issues are the tip of the iceberg.

Our Calcutta Netgear gateway/firewall/vpn router recently went up in fumes, literally. We couldn’t source any effective hardware replacement at a decent cost. So I started at looking at alternatives.

We had used Linux based gateways and firewalls for years, I had toyed with Linux IPsec about three years ago when we setup our initial VPN. Then it seemed too cumbersome and I couldn’t find a tool to create the VPN easily and quickly. So we bought new hardware from the US and deployed it in India and US. The FSV318 is a good router was easy to setup and hardly ever gave us any trouble till one of them passed on. We used it for everything from SNMP to VoIP. However there was no monitoring reporting or any fancy stuff.

This time around I decided to bite the bullet and decided to go pure Linux. The ipsec was built in kernel, and better supported. I referred to the instructions here.

http://www.ipsec-howto.org/x304.html

http://ipsec-tools.sourceforge.net/checklist.html

Highlevel VPN Diagram

On a high level here is what I did

• Turned off the firewall on both gateways. and enabled ip forwarding
  sysctl -w net.ipv4.ip_forward=1
• Updated the kernels and using yast.
• Updated the IPsec tools using yast.
• Configured the Security Association Database and Security Policy DB using setkey.conf
• Turned on the tunnel using setkey -f
• Tested the ssh ping http between red and blue zones. Note: routers are not able to access the opposite network directly.
• Modified /etc/sysconfig/SuSEfirewall2 and added following
  * FW_NOMASQ_NETS=”0/0,10.50.0.0/21″ on chigateway and similarly on the kolgateway.
  *FW_FORWARD=”10.50.0.0/21,10.60.8.0/21 10.60.8.0/21,10.50.0.0/24″ on both gatweays

That’s it it worked like charm.