≡ Menu

Elastic{ON} 2nd annual Elasticsearch User Conference

by on November 30, 2015

Elastic has announced the agenda for the 2nd annual Elasticsearch User Conference. It is a 3 day conference packed with tons of useful information. If you are a serious user of Elasticsearch, or even thinking about deploying Elasticsearch in the future, this conference has lot to offer.

The conference is going to be held at San Francisco for 3 days from Feb 17 through Feb 19 of 2016. It is expected to receive at least two thousand attendees. So, it is going to be BIG.

While there will be lots of information shared about future roadmap of Elastic Search, the real exciting part, and the biggest bang for the buck, in my opinion, will be the presentations from current Elasticsearch users. It will be eye-opening to see how companies use Elasticsearch to manage their log ecosystem. You will get to meet real world users of Elasticsearch and it opens doors for creating a superb Network or expanding your current one.

Featured speakers include Shay Banon, Founder and CTO of ElasticSearch, Rashid Khan, Kibana Creator, Jordan Sissel, Logstash Creator, Simon Willnauer, Founder and Tech Lead and Elasticsearch.

There will be live demos and you can get your hands dirty too, if you want. There are 40+ sessions of lecture. There will also be couple of ‘Ask me anything’ sessions that are wide open for wild questions.

Overall, I believe it will be worth the time and money to attend the conference if you are serious about deploying and using Elasticsearch.

Unfortunately, I won’t be able to attend this year (hopefully, next year J)

Please let me know if you guys attend and drop a couple of lines on your experience.

Here is the complete agenda of the conference:

https://www.elastic.co/elasticon/conf/2016/sf/agenda

Happy Monitoring

Top 10 most popular programming languages

by on October 15, 2015

 

No surprise with number 1. Number 9 may be a surprise to many.

TIOBE tracks the popularity of programming languages. Note that the rating is not about unveiling the ‘most superior’ programming language.

The rating is based on number of skilled engineers and search engine stats.

Number 1 is no surprise. It is Java. Note that Android’s success has got lot to with Java’s re-emergence (Java is the official language for Android development). So, I’m guessing it is tough for C to catch up to Java from now on.

Number 9 is Perl. Coming from Unix Administrator background, I see why this is the case. Countless tools and ad-hoc scripts are written in PERL in the Unix world. While it not the prettiest out there, PERL is not going away any time soon.

And by the way, if you have any doubts whether or not to learn python, you can stop doubting and start learning.

Here is the complete list:

Language

Oct-15

Oct-14

Ratings

Java

1

2

19.54%

C

2

1

16.19%

C++

3

4

5.75%

C#

4

5

4.83%

Python

5

8

4.51%

PHP

6

7

2.56%

Visual Basic .NET

7

13

2.46%

JavaScript

8

12

2.29%

Perl

9

9

2.25%

Ruby

10

16

1.83%

 

Source: http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html

Using TransactSQL ‘Datepart’ to return single part of date/time

by on October 7, 2015

A very useful function in SQL is ‘datepart’ which can be used to retrieve a particular part (such as day, month etc) from a date/time field.

For example, let us say you need to retrieve the count of all records from a table by date.

Select datepart(day,timestamp),count(*) from my_Log with (nolock)

Where status = ‘ERROR’

Group by datepart(day,log_date)

In the above query:

My_log: Table name

Log_date: column that is of date/time type

Here is all the ‘datepart’ you can use:

year

quarter

month

dayofyear

day

week

weekday

hour

minute

second

millisecond

microsecond

nanosecond

TZoffset

ISO_WEEK

Network Security Attacks

by on September 11, 2015

There are several types of Network Security Attacks as described below:

  1. SYN Flood

    Here the attacker sends a SYN request from a spoofed source address. When the server responds with SYN-ACK, the source never replies back leaving the server handing with a half-open connection (Typically the client sends a SYN-ACK-ACK to complete the three way handshake). Half open connections consume resources eventually degrading the performance of the server.

    CISCO routers employ ‘TCP Intercept’ and ‘CAR – Committed Access Rate’ features to combat SYN-FLOOD. You can also change the default setting for the ‘maximum number of half-open TCP connections’

  2. UDP Flood

    Here the server is flooded with UDP requests, degrading the performance of the Server

  3. ICMP Flood

    Here the Server is flooded with ‘echo’ requests (which is an ICMP request), degrading the performance of the Server.

    It is best to drop ICMP packets at the router or Firewall.

  4. Smurf

    Here the attacker sends ICMP request packets to the broadcast address of the target network using a spoofed source address. The target responds with a echo request to all the hosts in the network, eventually overwhelming the network.

  5. Fraggle

    A flavor of Smurf attack which uses UDP Echo packets (UDP Port 7) instead of ICMP packets. Cisco routers can be configured to disable the TCP and UDP services (TCP and UDP small servers) to defend against Fraggle

  6. Bluejacking and bluesnarfing

    Here the Bluetooth enabled devices are attached. In Bluejacking, unsolicited messages are sent. In Bluesnarfing, personal information such as pictures and contacts, and cell phone information such as serial numbers are stolen.

Read More

Protecting Wireless Networks using WEP,WPA and WPA2

by on August 30, 2015

Wired Equivalent Privacy:

The intention of WEP (Wired Equivalent Privacy) was to provide the same level of security as in Wired Networks. But it fell short greatly.

WEP uses 128bit key (with 24 bit initialization vector) which is very easy to crack. It uses RC4 (Rivest Cipher 4) stream cipher.

Two modes:

Open Systems Authentication:

No need of credentials from the client. After the initial association with AP (Access Point), WEP encrypts the whole conversation.

Shared Key Authentication:

Requires Client to present credentials to connect to AP before the encryption beings.

WEP can be enhanced by using ssh or tunneling.

WiFi Protected Access (WPA and WPA2):

WPA uses TKIP(Temporal Key Integrity Protocol), a sequence counter to prevent replay attacks and a 64 bit message integrity check. It combines a secret root key with initialization vector.

WPA2 uses AES with Cipher Block chaining message Authentication code Protocol (CCMP).

Both WPA and WPA supports several EAP extensions such as EAP-TLS, EAP-TTLS (Tunneled Transport Layer Security) and Protected EPA (PEAPv0,v1)

VPN (Virtual Private Network) Security Protocols

by on August 30, 2015

Commonly used VPN security technologies are:

  1. Point to Point Tunneling Protocol (PPTP)
  2. Layer2 Forwarding Protocol (L2F)
  3. Layer2 Tunneling Protocol (L2TP)
  4. IPSec
  5. SSL

Point to Point Tunneling Protocol (PPTP):

  1. Uses PAP, CHAP, EAP
  2. Typically used in dial-up connections in Windows platform
  3. Operates at Data Link Layer

Layer 2 forwarding Protocol (L2F):

  1. Developed by CISCO
  2. Similar to PPTP
  3. Operates at Data Link Layer

Layer 2 tunneling Protocol (L2TP)

Read More

Remote access security technologies

by on August 30, 2015

There are 5 major remote access security technologies

  1. RAS (Remote Access Service)
  2. Radius
  3. Diameter
  4. TACACS

RAS (Remote Access Service):
Uses PPP (Point to Point Protocol) to secure dial-in, ISDN and serial links. Uses the following authentication mechanisms.

PAP (Password Authentication Protocol):

  1. Two way hand shake
  2. Sends passwords in clear text
  3. No protection against replay or brute force attacks

CHAP (Challenge Handshake Protocol):

  1. Uses three way hand shake
  2. Both server and client need to have a shared secret preconfigured
  3. Shared secret is stored in clear text. MS-CHAP allows the shared secret to be stored in encrypted form

EAP (Extensible Authentication Protocol):

  1. Used primarily in Wireless networks
  2. Supports various authentication mechanisms like MD5-Challenge, S/Key, generic token card and digital Certificates

 

RADIUS (Remote Authentication Dial-In Service)
  1. Open-Source UDP based.
  2. Provides authentication and accountability
  3. Use provides username/password to a RADIUS client using PAP or CHAP. Radius client encrypts password and sends to RADIUS Server for authentication

 

DIAMETER
  1. Improved version of RADIUS
  2. Uses TCP. Supports IPSsec, TLS

 

TACACS (Terminal Access Controller Access Control System):
  1. Uses UDP. Provides Authentication, Authorization and Accountability
  2. XTACACS is an improved version but no longer used
  3. TACACS+ is the current version. Supports several authentication mechanisms – PAP,CHAP,MS-CHAP,EAP,KERBEROS,Token Cards

Firewall Classifications and Architectures

by on August 29, 2015

Classifications of Firewalls:

  1. Packet Filtering
  2. Circuit Level Gateway
  3. Application Level Gateway

Architectures of Firewall:

  1. Screening Router
  2. Dual Homed Gateway
  3. Screened-Host Gateway
  4. Screened Subnet

 

Classification

Description

Advantages

Disadvantages

Packet Filtering

Basic. Operates at Network or Transport Layers. Examines TCP,IP,ICMP,UDP headers from the packet and routes based on a firewall ACL
  1. In expensive and Fast
  2. Easy to setup
  3. Transparent to users
  1. No Context level routing
  2. Can be hit by Spoofing
  3. Limited Logging
  4. No strong user authentication

Circuit Level Gateway

Operates at Session Layer. Uses state information about the established connections. Once the virtual circuit is formed, no packet analysis is done.
  1. Fast
  2. Low maintenance
  1. Limited Logging.
  2. Once connection is established, no further analysis is done

Application Level Gateway

Operates at Application Layer. Implemented as a Proxy Server.
  1. Supports Strong user authentication
  2. Data is not directly sent to the destination.
  1. Low performance because packet needs to be brought all the way up to Application layer for analysis
  2. High maintenance.

 

Architecture

Description

Advantages

Disadvantages

Screening Router

Basic Packet Filtering Firewall
  1. Cheap
  2. Transparent to users
  1. Makes internal Network structure complex
  2. No user authentication
  3. Single point of failure

Dual homed Gateway

It is bastion host with two network interface cards. It may be connected to an external screening router
  1. Fail safe mode. If it fails, nothing is allowed access
  2. Internal network structure is masked
  1. Additional auth required for users
  2. May slow down performance
  3. May not be available for all services.

Screened Host Gateway

External Screening router and internal Bastion Host.

  1. Transparent outbound access and restricted inbound access
  1. Screening router can by-pass the Bastion host
  2. Masking internal network is difficult

Screened subnet

Most secure. Forms a DMZ network between external and internal firewall
  1. Transparent, flexible
  2. Internal Network is masked
  1. Difficult to maintain
  2. Expensive

 

Layer 5,6,7 protocols (higher level protocols)

by on August 29, 2015

Here are the protocols commonly used in higher levels (5,6,7 of the OSI model)

Layer 5 (Session):

  1. NetBIOS
  2. NFS
  3. RPC
  4. SSH
  5. SIP

Layer 6: (Presentation):

  1. ASCII
  2. ENCDIC
  3. MPEG
  4. JPG
  5. GIF

Layer 7 (Application):

  1. FTP,TFTP
  2. SNMP
  3. SMTP
  4. MIME, S/MIME
  5. HTTP,HTTPS,S-HTTP
  6. POP3,IMAP
  7. PEM
  8. TELNET
  9. S-RPC

IP address classes

by on August 29, 2015

IP (Internet protocol) is a Network Layer protocol (Layer 3) that considered ‘routed’ protocol. It addresses the Network Packets so that routing protocols like OSPF,BGP and RIP can correctly route the packet.

IP defines the IP addresses. IP address is a 32 bit number (4 octets). It comprises of Network and Host numbers. The higher order bits define the Network number as shown below.

There are 5 classes of IP addresses:

 

 

Class

Leading bits

Size of network
Number bit field

Size of rest bit field

Number of Networks

Addresses Per Network

Start address

End address

A

0

8

24

128 (27)

16,777,216 (224)

0.0.0.0

127.255.255.255

B

10

16

16

16,384 (214)

65,536 (216)

128.0.0.0

191.255.255.255

C

110

24

8

2,097,152 (221)

256 (28)

192.0.0.0

223.255.255.255


 

              

Class D is defined as Multicast. Address Range: 224 – 239

Class E is experimental. Address Range: 240 – 254

 

127.0.0.1 to 127.255.255.255 is defined as loop back address range.

 

Also, a range of IP addresses are reserved for Private use (i.e not routable in internet). They are

 

Class A

10.0.0.0 – 10.255.255.255

Class B

172.16.0.0 – 172.31.0.0

Class C

192.168.0.0 – 192.168.255.255

 

IPV6 uses 128 bit addresses and primarily introduced to address the depleting IPV4 addresses.

              
               
               
Next Posts Previous Posts

Get useful articles delivered to your email

Yop Polls

What is your most pressing Monitoring concern?
vote

Categories