Tuesday, September 29, 2009

Downloads with delta RPMs in Fedora-11

Yesterday while doing some goggling I come across through “Delta RPM Packages” in Fedora 11, which is a great new feature: delta RPM updates. This feature creates delta RPM packages (.drpm) that are binary “patches” to the existing RPM packages. What this package does is that it downloads only the changes of the RPM as compare to the existing RPM instead of downloading the full RPM package.

Once the delta RPM is downloaded by the Presto plugin for yum, it will try to reconstruct a full RPM based on the contents of the previous RPM, plus the newly changed files from the delta RPM. Yum will then install the newly-created RPM.
Using Presto has its benefits and drawbacks. If we have a fast Internet connection or are using a local mirror, using Presto doesn’t make sense. It would be faster to download the full RPM package instead of downloading the changed parts and consuming CPU time to reconstruct the RPM to install. You can get detail information about Presto from Fedora Project, Click Here

If, however, we have a slow Internet connection using Presto makes sense: it will download smaller files which will save time, money and resources.
Presto will depends mostly on the update. If it is an update that introduce a single patch that affects only one or two files among multi-megabyte package then using Presto will make the download really fast, if it’s an upgraded version being provided and most files would likely change meaning that many files have changed and been downloaded.

To use Presto, All we need to do is install the yum-presto package, which contains the plugin for Presto:

# yum install yum-presto

Once this is done, we can call to yum using Presto with no further configuration on our part. If you don’t want to use it any more just we have to simply remove the yum-presto-package.

# rpm -e yum-presto

After this in next using yum will act as normal, NOTE: Presto is not the default in Fedora-11 but what look from the application is that it will be the default in Fedora-12.

I Hope this will be informative for you :)

Sunday, September 27, 2009

How to Configure Linux as a Router

It is not possible to purchase Network Router (like Cisco or Juniper) for communication between two different networks on a LAN, although we need router for that in any case, as Router is the device which is used for communication between two different networks. So we should go for economic solution so that it charge us less and also results in proper output.

This can be done by using Linux Machine as a Router, we have some simple steps to do it, using Network Address Translation (NAT).

1. Enable packet forwarding . Make it permanent by adding "net.ipv4.ip_forward = 1" to /etc/sysctl.conf

echo "1" > /proc/sys/net/ipv4/ip_forward

2. Enable iptables to handle NAT. ( eth0 is the public Interface )

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

3. Save iptables settings

# service iptables save

4. Done. Check by routing table by verifying "netstat -nr" and iptables rules by "iptables -L"


This is the simplest method and for iptables consult the one and only "GOOGLE".

I hope it will be informative for you :)

Friday, September 11, 2009

IP HourGlass Model

"The Hourglass model is essentially the idea of funnelling all communications through some common, ubiquitous communications protocol. Prominent examples of this common protocol are Internet Protocol (IP) and Asynchronous Transfer Model (ATM) [1]"



The data that is created by an application needs to pass through the layer of the TCP/IP reference model to reach the destination. For Example, The application layer protocol used might be HTTP, FTP or TFTP. Every Application layer protocol is associated with a transport layer protocol depending on wheather it is connection-oriented or connection-less. The transport layer protocol in turn interacts with IP for routing the data packets. It is very important to understand that irrespective of the application layer protocol and the transport layer protocol the only protocol that is used for routing the data packets is IP. When the data transmission through the four layers is visualized it takes the shape of an hourglass and thus the model is called the IP Hourglass Model.

See Figure, When Source-A and Source-B interacts with HTTP so the request is forward to IP and Source-C interacts with IP using UDP and then IP forward or send the data to Network Interfaces say Ethernet or X.25 (creates on the basis of technology used) and then request is recieved by Destination-A, Destination-B and so on.

[1]: www.google.com

I hope this will be informative for You!

Wednesday, September 9, 2009

Some more Beginner Tips - CISCO

When you work on the Cisco Router or Catalyst Switch console, it would be annoying to have the console or terminal (telnet/ssh) logs to pop in between your commands. This can be even more irritating when it is busy switch or a router spitting messages continuously.

We can log the messages to the console without interferring with your work in the console in Cisco IOS by logging synchronous.In Cisco IOS, logging synchronous can allow you to work along with the logs still logging to the console but without disturbing your work.
To do this

Consol:
Router(config)# line con 0
Router(config-line)# logging synchronous

AUX:
Router(config)# line aux 0
Router(config-line)# logging synchronous

Telnet/SSH:
Router(config)# line vty 0 4
Router(config-line)# logging synchronous

If your Router/Switch has more vty
Router(config)# line vty 5 15
Router(config-line)# logging synchronous


Description:

To add a description to an interface configuration, use the description interface configuration command. Use the no form of this command to remove the description.
The description command is meant solely as a comment to be put in the configuration to help you remember what certain interfaces are used for.
The following example shows how to add a description for a T1 interface:
Router(config)# interface serial 0
Router(config-if)# description T1 line to How2Pass - 128 Kb/s

The description "T1 line to How2Pass - 128 Kb/s" appears in the output of the following EXEC commands: show startup-config, show interfaces, and show running-config

I hope it will be informative for You :)

Description / Line Console 0 / Logging Synchronous

I got an email today from one of my friend from india (we came to know about each other on cisco community on orkut :)

Mr. XYZ

"hi sohail,
how are u ?. I am fine and hope same for u. I have some problem in CCNA. so i am writing this mail..
what is the use of command
line console 0 and why we always should use 0 with this . if u will use this command in a router with a question mark
such as
Router(config) # line console ?
<0-4> first line number
Now this time it has five choices,we can use any number but the output is not coming as we want, I referred CCNA books but i could not get the answer. if it is necessary to use always 0 then why it gives five choices. I am not able to understand.

my second problem is
when i am typing some commands in router configuration mode I am getting some unwanted messages. how to remove these messages . mainly it is coming when we are typing in some commands. I got a answer that was use logging synchronous command, but i don't know how to use this command. and what will be the effect of that command we will get.

my third problem is
how to use description command and why ? "


Reply:

Ans # 1:
Man u r getting it wrong, in router the console command is always <0-0>, this is just usaed to enable the console password and 0 menas the zero level and it is always 0 see attachement with mail, i have attached the router snap short for u, while configuring the passowrd so when u enter there an option is wheather to ask for it r not i mean
no logging OR logging

Ans # 2: We can log the messages to the console without interferring with your work in the console in Cisco IOS by logging synchronous.In Cisco IOS, logging synchronous can allow you to work along with the logs still logging to the console but without disturbing your work.
To do this
Consoole Port:
Router(config)# line con 0
Router(config-line)# logging synchronous
AUX port:
Router(config)# line aux 0
Router(config-line)# logging synchronous
for telent/ssh:
Router(config)# line vty 0 4
Router(config-line)# logging synchronous
If ur switch or router has many vty session
Router(config)# line vty 5 15
Router(config-line)# logging synchronous
or if you want to off then use NO with the commands.

Ans # 3:First why we use description, so description is used to remember the things in the future suppose in very large networks it is not possible all the interface and stuff that belong to whom, so better is to give some description to the interface etc to remember that.

How to use:

# interface serial 0
# description T1 Line to Head Office - 256 Kb/s

Monday, September 7, 2009

IPS Device Manager (IDM) with HTTPS / SSL / TLS

Intrusion Prevention System (IPS), The device having the ability to detect and stop intruders in the network. IPS can be access through command Line (CLI) and also through web (GUI). The GUI used to access IPS is IDM.

IDM:

A GUI used to manage the IPS allowing a point-N' click way to manage the system. It can be access through web-browser. Different protcol can be used with IDM:

1. TLS / SSL / HTTPS
2. Remote Data Exchnage Protocol (RDEP)
3. Security Device Event Exchange (SDEE)
4. Extended Markup Language (XML)
5. Intrusion Detection Configuration (IDConf)

HTTPS is a secure version of HTTP, its a HTTP over SSL or TLS. TLS or SSL make sure that data send over HTTP is secure and is encrypted. SSL comes out first for secure transaction like banking operations and transactions so we have to use some secure protcol and that was SSL but it was used only for HTTP (web) while we need an alternate also for other than web traffice so TLS was in. TLS can be used for any traffic or any communication type.

When we communicate with IPS, we can use any one of the protocol (TLS, SSL, HTTPS). Once encrypted session is established we can use than any one of the two protocol (RDEP or SDEE) to send configuration using a secure method. Like RDEP is used to configure and then SDEE is used to report event or notify the target.

NOTE: XML created and allow that it can store data, a universal way to store data and information with text, like back in 2000's Microsoft declare that we will now use XML to store data, just like we have our Microsoft office with .x extension (.docx) so All information to sensor will send using XML.

System Requirements:
--> Windows 2000 or XP
--> Sun Sparc Solaris 2.8 or 2.9 or later
--> Red Hat Linux 9.0 w/Gnome or KDE


Browser:
--> Internet Explorer 6.0 or later
--> Netscape 7.1 or later
--> Mozilla 1.7 or later


Java Plug-in 1.5 or later

Login in to IPS using web browser like
https://10.1.1.10

Further detail of IPS configurations, Problmes solution will be discussed soon here.

I hope this wille informativ for You :)

Thursday, September 3, 2009

Domain Policy Updation

I was asked by an Network Manager in XYZ-Medical University in Peshawar about a problme in Domain controller that he was facing, he told me:

Network Manager Said:

I am trying to change the password options for my Domain Controller (on Windows Server-2003), like i want to make my password length say 5 character and second i want to remove the passowrd complexity like in windows server 2003 by default you have to give password a combination of character, numbers and special characters (@,# et) now i have done the necessary steps but still its not working, like still for new user, the system is asking for complex password.
So he request me to help me out in this :(


Solution:

After looking for some solution i got the answer and it was so simple, "Actually this is the problme in Windows Server-2003 whenever you make changes in "DOMAIN SECURIT POLICY" & "DOMAIN CONTROOLER SECURITY POLICY" so the changes will not effect until you update the group policy. The detail steps to do this is as under:

Start --> Administrative Tools --> Domain Security policy --> Account Policy --> Password Policy

Then here DISABLE the option "Password must meet the complexity requirement" and define size for "Password minimum Length". Here we have done with the definition now to make the chaages effect, lets look it:

Steps:

1. Go to command prompt
2. Run
3. cmd
4. c:\> gpupdate
or
c:\> gpupdate/force

and it will now work and the MIS Manager also done with the problem.

I hope it will be informative for you :)