NetAdmin Newsletter
CPTTM Network Admin newsletter issue #23, Alan Au, Editor in Chief
Supervised by Kent Tong

Dear Network Administrators,

This CPTTM NetAdmin newsletter is to bring useful news to you, Network Administrators in Macau, for references without obligations, so that you can do your jobs easier and better! Hope you like it. if you'd like to unsubscribe or recommend your friends to subscribe, just email me at alan@cpttm.org.mo. Old issues are available here. Also printable version for this newsletter.

Topics in this issue:

Controlling P2P traffic like : BT, Kazza etc

l7-filterTraditional packet filtering is easy to bypass by using port-hopping, IP address spoofing. Further, some protocols dnamically negotiate ports to transferring data. Then, packet filtering becomes not enough. Here comes a great tool in Linux to overcome these limitations : "L7-filter".

It works in conjuction with iptables and inspects traffic on application layer to identify them, so it is more effective. We can use L7-filter to identify the wanted traffic, then take 3 kinds of actions : Blocking, Restricting bandwidth and Accounting. If the Internet link of your company is being used up by P2P traffic, "L7-filter" can help you to control them.

L7-filter can identify a large variety of applicaiton layer protocols. See here for a list. See this How-to to learn how to use it. Remind that L7-filter is CPU and RAM intensive and is not perfectly precise. It might wrongly classify normal traffic as unwanted or the reverse..

-- by Alan Au

Simpfiy Wireless LAN deployment while keeping enough secuirty

Recently, a new wirless LAN security technology is emerging : "Dynamic Pre-Shared Key". It is easy to deploy while keeping moderate level of security.Comparing to current Wireless LAN security technologies , "Enterprise grade WPA" provides the most secure way of access for both authenticaiton and encryption. But, it requires RADIUS server and PKI, which makes it hard to deploy. While, WPA-PSK uses a static encryption key and is rather weak since all of the users are sharing the same Pre-shared secret for authentication and encryption. Once this shared secret is leaked, the whole WLAN is in danger.

DPSK is based on WPA-PSK (WiFi Protected Access Pre-shared Key). But, for each client, a unique key will be generated for it. The SSID and the unique key can be pushed to the client from the LAN and then the client can enjoy secure wireless access. Certainly, hardware support to this new technology is needed and Ruckus is the company that develops Dynamic PSK.

For details about DPSK, please see : http://blogs.zdnet.com/security/?p=785&tag=nl.e539 and http://www.ruckuswireless.com/pdf/fs-dynamic-psk.pdf.

--by Alan Au

Dell sells Open Soucre VoIP system

AsteriskMany IT managers hesitate to deploy open-source or software-based VoIP system due to realiability and support issues. Recently, Dell plans to partner with Fonality to sell its VoIP products, which are based on Asterisk - the leading open-source software-based VoIP system. This shows that Dell is confident with Asterisk and should relief most of the IT managers' concern.

Although hardwar-based brand-named VoIP system may be more powerful and trustworthy, they are expensive. While Asterisk is free and suitable for organisation with hundered something users, self-installable and easy to administer. For SME, Asterisk would be a good choice to start with.

To learn more about this news, see the VAR guy article and Dell website.

--by Alan Au

New External Storage Interface - eSATAeSATA

For example, you need to backup / restore high volumes data but it will take a lot of time to do through USB interface. eSATA is a good solution for companies that need to backup a lot of data but need devices that are fast yet reasonably priced. It can also be used in home networks, as an external storage for laptops as well as data backup. The eSATA option offers significantly faster data transfer speeds over USB 2.0 and FireWire.

Initially SATA was designed as an internal or inside-the-box interface technology, bringing improved performance and new features to internal PC or consumer storage. Creative designers quickly realized the innovative interface could reliably be expanded outside the PC, bringing the same performance and features to external storage needs instead of relying on USB or 1394 interfaces. It was called external SATA or eSATA.

It provides more performance than existing solutions and is hot pluggable. And other key benefits:

  • Up to 6 times faster than existing external storage solutions: USB 2.0, & 1394
  • Robust and user friendly external connection
  • High performance, cost effective expansion storage
  • Up to 2 meter shielded cables and connectors

For more informaiton, please see: http://www.sata-io.org/esata.asp

--by Eric Chan 

Create PDF files quickly and easily by printing

PDF Creator is a cost effective solution over the leading PDF product, Adobe Acrobat. Once installed, it allows the user to select PDF Creator as printer, allowing almost any application to print to PDF.

As a real case study, our manager has utilized this application as the network printer, with shared access for everyone at Cyber Lab. What our colleagues have to do is to print through the network printer for the PDF file to appear in a particular folder. This is obviously a convenient w尸ay to create PDF files for storage.

Key Features:PDFCreator

  • Create PDFs from any program that is able to print
  • Security: Encrypt PDFs and protect them from being opened, printed etc.
  • Send generated files via eMail
  • Create more than just PDFs: PNG, JPG, TIFF, BMP, PCX, PS, EPS
  • AutoSave files to folders and filenames based on Tags like Username, Computername, Date, Time etc.
  • Merge multiple files into one PDF
  • Easy Install: Just say what you want and everything is installed
  • Terminal Server: PDFCreator also runs on Terminal Servers without problems
  • And the best: PDFCreator is free, even for commercial use! It is Open Source and released under the Terms of the GNU General Public License.
If you want to download, please visit: http://www.pdfforge.org/products/pdfcreator
--by Eric Chan

Recuritment Ad

Below is a recruitment ad. For any issues with it, please contact the originator who takes all the responsibility with the content. If you'd like to place a recruitment ad, please click here.

Network/Server Engineers Wanted

Cultural affairs bureau of the Macao S.A.R. Government is inviting a job application of two Network/Server Engineers, offering salary is index 430 or above (base on the applicant’s experience), if anyone is interested in this position, please go to the recruitment website (http://www.icm.gov.mo/recruit) to get the detail information and download the application form.

Upcoming courses for network administrators

Course code Title Start date Duration (hours) Fee (MOP) Remarks
CM261-02-2008-C LPI-Linux Administrator Diploma Program 2008/02/25 171 485 Enjoy up to 50% course fee reimbursement. This course consists of 3 modules. Please refer to the web page of this course.
CM232.3-03-2008-C CCNP 3 - Building Scalable Cisco Internetworks (BSCI) 2008/03/08 69 5900 Taught by HK instructor.
CM240-03-2008-C Implementing a Microsoft SQL Server 2005 Database (2779) 2008/03/01 12 1880 Taught by HK instructor.
CM241-03-2008-C Maintaining a Microsoft SQL Server 2005 Database (2780) 2008/03/15 12 1880 Taught by HK instructor.
CM243-03-2008-C CISA & CISSP 2008/03/01 54 2500
CM262.4-03-2008-C Planning & Maintaining a MS Windows Server 2003 Network Infrastructure (2278) 2008/03/04 30 1480
CM264-02-2008-C Instructor Incubation Scheme 2008/02/28 24 1500 Teaching you instructional skills and you would have chance to teach in CPTTM. Enjoy up to 100% reimbursement.
CM280.6-02-2008-C MCSE 2003 Certificate Program (Part 6-Design W2K3 AD and NW Infra.) 2008/02/13 30 700 Enjoy up to 75% course fee reimbursement and MOP300 exam subsidy for in-school students.
CM280.7-03-2008-C MCSE 2003 Cert Program (Part 7-SQL Server 2005 Administration & Maintenance) 2008/03/26 42 1000 Enjoy up to 75% course fee reimbursement and MOP300 exam subsidy for in-school students.

Feedbacks

Any questions, ideas or experiences to share? Contact me at 28781313 or alan@cpttm.org.moWe also have 3 more newsletters: CIO newsletter, Software developer newsletter and E-flow newsletter. If you are interested, you can read them at the following links: CIO newsletterSoftware developer newsletter and E-flow newsletter.

Until next time, 

Alan Au

footer