Thursday, November 13, 2008

Verifying hashes

This is another one of the things that falls under the category of "What took me so long?". When you download files from the Internet, most sites will provide a hash of some sort, often MD5, which you can use to check the validity of the file you downloaded. You probably know it's a way of ensuring the bad guys didn't mess with the file in some way. I've always wanted a simple way of verifying the files without having to go to the command line and, thanks to www.joomla.org, I've found it. It's a Windows Explorer extension that adds a tab to file properties windows. The tab displays the hashes associated with a file. There's a field where you can paste in the hash from the website where you downloaded the file and the extension compares the two. Very quick and extremely easy. It's called HashTab Shell extension and you can download it for free at http://beeblebrox.org/hashtab/. Be sure to pay VERY close attention to the license agreement. :)

Posted by Don R. Crawley at 9:51 AM 0 comments Links to this post
Labels: , ,

Saturday, September 6, 2008

Understanding the Basics of Ethernet

Ethernet was developed at Xerox's Palo Alto Research Center (PARC) by Robert Metcalfe and David Boggs with Chuck Thacker and Butler Lampson in the early 1970s. Xerox filed a patent application for Ethernet in 1975. Today, Ethernet is based on IEEE standard 802.3 (Institute of Electrical and Electronic Engineers). Metcalfe left Xerox in 1979 and founded 3Com to promote local area networks and personal computers. He persuaded Digital Equipment Corporation (DEC) and Intel to work together with Xerox to promote the DIX (Digital/Intel/Xerox) Ethernet standard. Ethernet is named for the invisible, massless substance that 19th century scientists believed filled the universe. Ethernet was originally based on the same rules as those for polite conversation. Each computer wanting to transmit data waits until there's a lull in network traffic before attempting to transmit its data. That technology was called CSMA/CD for Carrier Sense Multiple Access Collision Detection and used coaxial cables as a transmission medium. Today, Ethernet uses full duplex transmission over unshielded twisted pair copper cables or fiber optic cables with a system of hubs and/or switches.

Ethernet operates at layer two of the OSI reference model. Layer two, also known as the Data Link Layer, is subdivided into the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. Ethernet nodes use a globally-unique 48-bit address called the MAC address to communicate within a network. Datagrams at layer two are called frames. The frame structure used by modern Ethernet is the same as that used by earlier coaxial-cabled Ethernet networks, thus providing a level of backwards compatibility.The original Ethernet operated at a speed of three megabits per second. Today, typical transmission rates for Ethernet are 10 Mbps, 100 Mbps, and 1000 Mbps (Gigabit Ethernet). 10,000 Mbps (10 Gigabit Ethernet) is now starting to emerge. Faster data rates are always under development.


Ethernet Cable Standards

  • 10-Base-2, also known as thinnet, uses coaxial cable, is limited to 10 Mbps, and a maximum segment length of 185 meters. 10-Base 2 is falling into disuse due to the lower cost and greater simplicity associated with UTP (unshielded twisted pair) cabling.
  • 10-Base-5, also known as thicknet, uses coaxial cable, is limited to 10 Mbps, and a maximum segment length of 500 meters. 10-Base-5 is rarely seen anymore.
  • 10-Base-T uses unshielded twisted pair (UTP) cable over a maximum of 100 meters (328 feet) at a data rate of 10 Mbps. 10-Base-T uses only two of the four wire pairs in the cable.
  • 10-Base-FL uses fiber optic lines up to 2000 meters with a maximum data rate of 10 Mbps.
  • 100-Base-TX uses UTP cable over a maximum segment length of 100 meters with a maximum data rate of 100 Mbps. 100-Base-TX also uses only two of the four wire pairs in the cable.
  • 100-Base-FX uses fiber optic cable over a maximum segment length of 2000 meters with a maximum data rate of 100 Mbps.
  • 1000-Base-FX uses fiber optic cable over a maximum segment length of 2000 meters with a maximum data rate of 1000 Mbps (one gigabit per second).
  • 1000-Base-TX uses UTP cable cable over a maximum segment length of 100 meters with a maximum data rate of 1000 Mbps (one gigabit per second). Unlike 100-Base-TX, 1000-Base-TX uses all four wire pairs in the cable.

Copper Cable Categories

Although there are a total of nine categories of unshielded twisted pair (UTP) copper cable, there are really only three that you're likely to encounter in your local area network. The others are either obsolete or designed for use in backbone networks. The three categories are:

  • Category 5e: Provides performance of up to 100 MHz, and is frequently used for both 100 Mbit/s and Gigabit Ethernet networks.
  • Category 6: Provides performance of up to 250 MHz, more than double category 5 and 5e.
  • Category 6a: Provides performance of up to 500 MHz, double that of category 6 and is even suitable for 10 Gigabit Ethernet networks.

What should you use in your network?

Build your networks with the fastest cable you can afford. Your bandwidth demands will increase over time and retro-fitting your cable plant is disruptive, time-consuming, and expensive.

Posted by Don R. Crawley at 8:07 AM 0 comments Links to this post

Wednesday, July 9, 2008

Email, RFCs, and the Growth of Knowledge

When I first started technical training, I was intimidated by the sheer volume of knowledge in the field of Information Technology. I remember thinking, "How can I possibly stay ahead of the students in my seminars?". I began to realize that it's not a matter of staying ahead of the students, but instead an issue of providing information in a particular area or areas that the student didn't already have. That said, I'm still amazed when I run across a new bit of information that I think I should have already known about. That just happened with RFC 2142: Mailbox Names for Common Services, Roles, and Functions. An email I sent was rejected by rfc-ignorant.org, an organization that was new to me. They provide a blacklist of domains that are non-RFC compliant. It appears that they're mainly concerned with RFC 2142 compliance. RFC 2142, as its name implies, specifies standard email names for common services, roles, and functions within an organization. Specifically, it wants you to have a postmaster@(your domain name) and an abuse@(your domain name) mailbox. (It recommends other names as well, but those two appear to be the ones that rfc-ignorant.org wants to see in your domain.) We actually do have those names now, but when our system was originally set up, the mail administrator (no longer with us) didn't include those names. We'd been blacklisted for some time. It's a simple process to get removed. Just send an email to the admin and rfc-ignorant.org indicating that you've created the appropriate mailboxes, they'll send emails to the addresses in question, you click in a link in the emails and you're done. As a network administrator and an I.T. trainer, I'm always a little concerned about what else there is that I don't know.

Posted by Don R. Crawley at 6:22 AM 0 comments Links to this post
Labels: , , ,

Saturday, June 28, 2008

TinyMCE Editor Width in Joomla

Wow, I can't believe it's been so long since I wrote anything here. I've been incredibly busy with some really interesting stuff. One of the things I'm working on is a redesign of the soundtraining.net website. It's going to be based on Joomla 1.5. If you have anything to do with website design and you're not familiar with Joomla, you need to get to know it. The website is www.joomla.org. It's an incredibly powerful content management system and it's going to allow us to offer you some really cool stuff on our website. But that's not what I wanted to write about. One of the challenges I've been dealing with is the width of the TinyMCE text editor. Problem is that it has been intruding into the right column and I couldn't figure out how to change it. Turns out the issue was with the toolbar not wrapping. I found this hack which seems to be working. In template.css, I added the following code at the end of the file:

.mceToolbarTop * {
float:left;
}

.mceToolbarTop select {
width:auto!important;
}

.mceToolbarTop option {
float:none;
}

Like I said, so far it seems to be working and I thought maybe some other people could use that info. I found the hack on a Drupal site, but it looks like it works just fine in Joomla. Check back in a few weeks and see if I'm still enthusiastic about it!

Posted by Don R. Crawley at 9:55 AM 3 comments Links to this post
Labels: , ,

Wednesday, April 30, 2008

How to Create and Manage Cisco ASA and PIX Access-Control Lists

Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface. ACLs are based on various criteria including protocol type source IP address, destination IP address, source port number, and/or destination port number. ACLs can be used to filter traffic for various purposes including security, monitoring, route selection, and network address translation.

ACLs are comprised of one or more Access Control Entries (ACEs). Each ACE is an individual line within an ACL. ACLs on a Cisco ASA Security Appliance (or a PIX firewall running software version 7.x or later) are similar to those on a Cisco router, but not identical. Firewalls use real subnet masks instead of the inverted mask used on a router. ACLs on a firewall are always named instead of numbered and are assumed to be an extended list.

The syntax of an ACE is relatively straight-forward:

asa(config)#access-list name [line number] [extended] {permit deny} protocol source_IP_address source_netmask [operator source_port] destination_IP_address destination_netmask [operator destination_port] [log [[disable default] [level]] [interval seconds]] [time-range name] [inactive]

Here's an example:

asa(config)# access-list demo1 permit tcp 10.1.0.0 255.255.255.0 any eq www
asa(config)# access-list demo1 permit tcp 10.1.0.0 255.255.255.0 any eq 443
asa(config)# show access-list demo1
access-list demo1; 2 elements
access-list demo1 line 1 extended permit tcp 10.1.0.0 255.255.255.0 any eq www
access-list demo1 line 2 extended permit tcp 10.1.0.0 255.255.255.0 any eq https

In the above example, an ACL called "demo1" is created in which the first ACE permits TCP traffic originating on the 10.1.0.0 subnet to go to any destination IP address with the destination port of 80 (www). In the second ACE, the same traffic flow is permitted for destination port 443. Notice in the output of the show access-list that line numbers are displayed and the extended parameter is also included, even though neither was included in the configuration statements.

You can deactivate an ACE without deleting it by appending the inactive option to the end of the line.

As with Cisco routers, there is an implicit "deny any" at the end of every ACL. Any traffic that is not explicitly permitted is implicitly denied.

Editing ACLs and ACEs

New ACEs are appended to the end of the ACL. If you want, however, to insert the new ACE at a particular location within the ACL, you can add the line number parameter to the ACE:

asa(config)# access-list demo1 line 1 deny tcp host 10.1.0.2 any eq www
asa(config)# show access-list demo1
access-list demo1; 3 elements
access-list demo1 line 1 extended deny tcp host 10.1.0.2 any eq www
access-list demo1 line 2 extended permit tcp 10.1.0.0 255.255.255.0 any eq www
access-list demo1 line 3 extended permit tcp 10.1.0.0 255.255.255.0 any eq https

Notice in the first line of the example above that an ACE is added at line one in the ACL. Notice in the output from the show access-list demo1 command that the new entry is added in the first position in the ACL and the former first entry becomes line number two.

You can remove an ACE from an ACL by preceding the ACE configuration statement with the modifier no, as in the following example:

asa04(config)#no access-list demo1 deny tcp host 10.10.2 any eq www

In my next post, I'll show you how to use time-ranges to apply access-control lists only at certain times and/or on certain days. I'll also show you how to use object-groups with access-control lists to simplify ACL management by grouping similar components such as IP addresses or protocols together.

Posted by Don R. Crawley at 9:16 PM 0 comments Links to this post
Labels: , , , ,

Wednesday, April 23, 2008

We're heading to California with Cisco training

We've just added California dates for our Cisco Router Training and Cisco ASA Training seminars.

Here are the Cisco router training dates for California:

  • Sacramento: July 22/23
  • San Francisco: July 24/25
  • Los Angeles (Buena Park/Anaheim area): September 15/16
  • Los Angeles (LAX area): September 17/18

Here are the Cisco ASA training dates for California:

  • Sacramento: August 25/26
  • San Francisco: August 27/28
  • Los Angeles (Buena Park/Anaheim area): October 14/15
  • Los Angeles (LAX area): October 16/17

Registration is now open at www.soundtraining.net.

See you in class in California!

Posted by Don R. Crawley at 12:26 PM 0 comments Links to this post
Labels: , ,

Friday, April 18, 2008

A Free SCP Utility

I just ran across a very cool, open-source SCP/SFTP utility called WinSCP. I have a business hosting account with 1and1 which includes SSH access. This utility allows me to configure my SSH credentials and then use a Windows Explorer or Norton Commander style of interface to move files back and forth. Very cool. Had to share it with you. Download it here. Let me know what you think.

Posted by Don R. Crawley at 9:49 PM 0 comments Links to this post
Labels: , , ,
Subscribe to: Posts (Atom)