|
Dear
Network Administrators,
This
CPTTM NetAdmin newsletter is to bring useful
news to
you, network administrators in
Macau, for references without obligations, so that you can do your jobs
easier and better! Hope you like it. if you'd like to unsubscribe or
recommend your friends to subscribe, just email me at kent@cpttm.org.mo. Old issues are available here.
Topics
in this issue:
Top
5 high paying IT certifications
According to a survey,
they are CISSP, CCDA, VMWare Certified Professional, CCNP, MCSE. Of
course, there is no guarantee that you will get a higher paying
job right after getting one of those certifications, but this
will
definitely increase the likelihood. We've been running CISSP,
CCNP
and MCITP courses for year. Now, you can even study for the VMWare
Certified Professional.
As
this course needs access to very expensive hardware and software, the
course fee is quite expensive, but it is still much cheaper than those
in Hong Kong. You can also promise your company that you'll
teach
what you learn to your colleagues in order to persuade your company to
sponsor the course fee.
Due to the high cost of this course,
we will not organize it very often. So, this may be your best chance to
get trained and certified on VMWare.
Remember, luck favors the prepared.
Do
NOT put your web servers into the DMZ
Recently when thinking about how CPTTM provides
services over the
Internet, I realized that it is a poor practice to put a web server
into the DMZ, if it needs access to your internal database, AD or LDAP,
because then you will have to open such ports in the firewall to those
valuable resources. If that
web server is hacked, a hacker can easily obtain all the information in
your internal database.
A much better way is to put a
reverse proxy in place of the web server, then move that web server
into your internal network. Why?
- Hacking a reverse
proxy is much harder than hacking a web server hosting web
applications,
 because the reverse proxy is doing a
much simpler job
(obtaining and forwarding HTML code) than a web server plus web
applications (dealing with everything from database access, business
logic, transactions, in addition HTML).
- A
reverse proxy has a much lower value than a web server with web
applications. For example, the web applications probably contain
passwords for accessing the database, while the reverse proxy doesn't.
To generalize this idea, we should put the right
servers into the right securtiy zones:
- DMZ is a high risk zone. So, only put low
value, difficult to hack (simpler) servers there.
- For high value, complex servers, put them into
a low risk zone such as the internal server network.
There are many reverse proxy software packages including the open
source Squid.
Of course, for availability, you'll probably use a cluster of
reverse proxies instead of just one.
Patching
the OS without rebooting
A major problem with patching the OS is the need
to reboot it, which
will cause down time. Therefore it is usually done only in a
maintenance window. Now, there is a better way: using Ksplice,
you can patch the a standard Linux kernel that is running. You don't
need to reboot it for the patch to take effect. It supports RedHat,
CentOS, Debian and Ubuntu. It is free for the recent non-LTS releases
of Ubuntu. For LTS releases, you need to pay a fee. Free IT coursesThe Macau e-gov has appointed CPTTM Cyberlab to conduct a series of E-Gov IT Training Platform
courses
for civil servants and secondary school teachers in Macau free of
charge. The public can also join if there are seats available two
weeks between the start date. For more information, please see here.
Correction:
Be
careful with RAID5 and SATA disks
In the previous issue there was an error in the
calculation, so here I calculate it again. As the bit error rate is 1014,
it means there is a chance of 10-14 that an
error will occur when reading a bit. So, the probability for a success
reading of a bit is (1-10-14). If for
a 1TB disk, the probability for a success reading for every
bit is: (1-10-14) raised to the power
of the number of bits (8*1012), which is 92%, so
there is a chance of 8% of encountering an error. If the disk is 2TB,
then it is (1-10-14) raised to the
power of 2*8*1012, which is 82%, so there is a
chance of 18% of encountering an error. In the previous issue
I said it was 16% which is incorrect.
So, for a RAID5 array of six 2TB disks, the
probability for a success full scan for reconstruction is (82%)5,
which is 37%.
Thanks to a reader Julien Hoi for pointing out the
error!
Upcoming
courses for network administrators
| Course code |
Title |
Start date |
Duration
(hours) |
Fee (MOP) |
Remarks |
| CM360-04-2010-C |
Microsoft
official course: MCITP Enterprise Administrator Program |
4/6/10 |
174 hours |
MOP9,800 |
Official
Microsoft course |
| CM232.4-04-2010-C |
CCNP
4 - Optimizing Converged Cisco Networks (ONT) |
4/10/10 |
36 hours |
MOP4,000 |
|
| CM240-04-2010-C |
Implementing
a Microsoft SQL Server 2008 Database (6232) |
4/17/10 |
24 hours |
MOP3,800 |
Official
Microsoft course |
| CM332-04-2010-C |
Essential
Wireless Networking |
4/8/10 |
9 hours |
MOP500 |
|
| CM371-04-2010-C |
ITIL
v3 Operational Support and Analysis Capability Course |
4/21/10 |
30 hours |
From MOP7,800 |
|
| CM374-04-2010-C |
CCNA
Voice |
4/25/10 |
39 hours |
MOP5,800 |
|
| CM400-05-2010-C |
VMWare
vSphere Install, Configure, Manage |
5/22/10 |
24 hours |
From MOP12,800 |
First VMWare course at CPTTM. Get certified on vSphere!
|
| CM83-05-2010-C |
Cisco
Networking Academy Program (CCNA) |
5/10/10 |
157.5 hours |
MOP6,280 |
|
| CM241-05-2010-C |
Maintaining
a Microsoft SQL Server 2008 Database (6231) |
5/8/10 |
24 hours |
MOP3,800 |
Official
Microsoft course |
| CM317-06-2010-C |
Ethical
Hacking & Incident Handling |
6/12/10 |
24 hours |
MOP5,600 |
|
| CM319-06-2010-C |
ITIL
v3 Foundation Certification Workshop |
6/4/10 |
18 hours |
From MOP5,800 |
|
| CM362-06-2010-C |
Cisco
Networking Academy Program (CCNA Security) |
6/28/10 |
60 hours |
MOP5,500 |
|
| CM380-06-2010-C |
Configuring
Juniper Networks Firewall/IPSec VPN Products |
6/30/10 |
24 hours |
MOP1,800 |
|
Feedbacks
Any
questions, ideas
or experiences to share? Contact me at 88980601 or kent@cpttm.org.mo. We
also
have 3 more
newsletters: CIO
newsletter, Software developer newsletter and E-flow newsletter.
Until
next time,
Kent Tong
|
