Security & Risk Management: Preparing for Mobile, Cloud & Persistent Threats Seminar 2-16 at 1:00 PM CT Chicago Union League Club
Come join us to learn more about persistent threats in a global world. Advanced Persistent Threats are escalating. Are you ready?
Mobile & Cloud computing are exciting trends that are driving business growth but also bring with them increased risk. In many cases, these varied platforms being brought into the company by the business and then dropped into your lap to figure out the security impact on the company.
And the security risk is real. Here’s a few highlighted by CSO Magazine, online:
- Smart Phone (and tablet) Data breaches
- Need for better access control and identity management
- The Risk of multiple cloud tenants
- Ongoing compliance concerns
- Need and emergence for cloud standards and certifications.
And these issues are the tip of the iceberg.
100% software Linux Router, firewall and VPN and more
Our Calcutta Netgear gateway/firewall/vpn router recently went up in fumes, literally. We couldn’t source any effective hardware replacement at a decent cost. So I started at looking at alternatives.
We had used Linux based gateways and firewalls for years, I had toyed with Linux IPsec about three years ago when we setup our initial VPN. Then it seemed too cumbersome and I couldn’t find a tool to create the VPN easily and quickly. So we bought new hardware from the US and deployed it in India and US. The FSV318 is a good router was easy to setup and hardly ever gave us any trouble till one of them passed on. We used it for everything from SNMP to VoIP. However there was no monitoring reporting or any fancy stuff.
This time around I decided to bite the bullet and decided to go pure Linux. The ipsec was built in kernel, and better supported. I referred to the instructions here.
http://www.ipsec-howto.org/x304.html
http://ipsec-tools.sourceforge.net/checklist.html
Highlevel VPN Diagram
On a high level here is what I did
- Turned off the firewall on both gateways. and enabled ip forwarding
sysctl -w net.ipv4.ip_forward=1 - Updated the kernels and using yast.
- Updated the IPsec tools using yast.
- Configured the Security Association Database and Security Policy DB using setkey.conf
- Turned on the tunnel using setkey -f
- Tested the ssh ping http between red and blue zones. Note: routers are not able to access the opposite network directly.
- Modified /etc/sysconfig/SuSEfirewall2 and added following
* FW_NOMASQ_NETS=”0/0,10.50.0.0/21″ on chigateway and similarly on the kolgateway.
*FW_FORWARD=”10.50.0.0/21,10.60.8.0/21 10.60.8.0/21,10.50.0.0/24″ on both gatweays
That’s it it worked like charm.
Appreciate all the math in the world – Happy Pi Day
Celebrate Pi Day!
Pi, Greek letter (
), is the symbol for the ratio of the circumference of a circle to its diameter. Pi Day is celebrated by math enthusiasts around the world on March 14th. Pi = 3.1415926535…
With the use of computers, Pi has been calculated to over 1 trillion digits past the decimal. Pi is an irrational and transcendental number meaning it will continue infinitely without repeating. The symbol for pi was first used in 1706 by William Jones, but was popular after it was adopted by the Swiss mathematician Leonhard Euler in 1737. Learn more about Pi.
From www.piday.com
Hello world!
This is the start of the official blog of Sath Technologies. This will be our channel of communication for things that we want to share but do not belong on our web site and are of more ad hock nature. Be on lookout of interesting technical and non technical posts.
We will strive to bring meaningful and useful content to the readers. Your comments are welcome @ webmaster at sathtech com
