[ILUG-Cochin.org] Word of Thanks

[Siju George]

On Mon, Aug 10, 2009 at 11:11 AM, anand haridas<anhari at gmail.com> wrote:
> great show siju. I am anand haridas, senior reporter with the hindu.
>Due to some personal issues, i could not make it to the event.
>Can i have a copy of the transcript, please?
> I am planning to do articles on cyber safety and this might be of much use to me.
>

Hi Anand, the transcript mainly has Free Software that can be used to
increase personal and Corporate Security. I will Post it here so all
can view it. The title was suggested by Sameer. I have added links to
the transcript so you can easily trace these software. Perhaps you can
Start a Weekly column in Hindu to introduce these Software to the
common man. Hope this helps :-)

==========================================================

 The need for Secure Software Solutions using FOSS.
 ================================

The Internet has become a common place these days. The no. of people
using it is on the increase. The range of people using it is also
wide starting from a house wife in a middle class family to a computer
geek working in a software company. Along with the increase in the
usage of Internet has come up issues of privacy, security and
effectiveness while being online. Much of the world is yet stuck largely
on proprietary software to tackle these challenges while there exists
free Open Source alternatives to tackle all these issues well and much
more effectively.

Before I talk on these Free and Open Source Technologies and Software
let me point out why proprietary solutions  are
inadequate to meet these challenges especially in a country like ours.

1) Security - The proprietary software  has a terrible track record
 of Security holes and susceptibility to virus attacks..There
has been a series of zero-day vulnerabilities ( Vulnerabilities which
were out in the open with no patch yet available ) associated with
 many of the proprietary products One of the recent ones was a really
scary one affecting Internet Explorer users which covers a large no. of the
users using proprietary OSes. The vulnerability allowed attackers to execute
arbitarary code on an infected system.

What can happen in this
case is while you are innocently browsing the internet you could
stumble on an infected website which will inject malicious code ) or
software ) into your computer and it will in turn give the control of
your computer to some one whom you do not know. From then on it is no
more your computer it is His. He can steal your usernames and
passwords to different websites or software, he can see your mail and
other secret stuff and even steal your Credit Card info if you are
used to making online purchases and before you know it your account
will be empty.

Much more terrible than that is that the attacker can use your
computer to launch attacks against other computers and the Law and
Order agencies will book you because the attacks would seem to Originate
from your computer. Just think about it one fine morning the police comes
to your door and arrests you for sending anonymous mail to the cheif
minister or the Prime Minister!

2) Privacy or Confidentiality.- If your computer is infected with a
malicious software it will be sending all information on your computer
and all information you type in to it to other hands. You will not
only lose your personal privacy but will also lose confidential data
of the firm/firms you work for.

3) Effective Utilization of resources - Proprietary products are well
known for its resource hungriness the latest OSes from their side  will not run
properly on the average computer a user has unless its RAM is
increased. The time to boot up/Shutdown/and running differrent
programs are being considerably increased as the OSes changes from one
version to another.

4) Pricing and Licencing. - As of now the Price for Proprietary products
are very high and cannot be afforded by an average user. Proprietry
software  can only be used either by paying a large
price or by cracking it illegally. The cracks used to crack these
software often has trojans ( programs that infect your computer and
send data across to other people )

The alterantive?

Use Free and open Source Software!

Here I want to introduce a few OpenSource Software that you can use.
We have been using them at 1) HIFX IT and MEDIA Services PVT.LTD (
http://www.hifx.net ) ,
2) Virtual Training Company ( http://www.vtc.com ) and 3) Quantlogic (
http://www.quantlogic.com ) for the last 9 years to receive a secure
reliable
 and cost saving network and systems Infrastructure and I will give details
of our Implementations too.

I) Operating Systems.

1) OpenBSD ( http://www.openbsd.org ) - If you are looking for very
tight security then OpenBSD is the right choice. The Pentagon, US Govt
and NASA make use of it extensively to
secure their network.During the Gulf war the US Army's WiFi access points
 and routers were running on OpenBSD. OpenBSD also gives options for
redundant firewalling. i.e if one of your firewall is down for maintenance the
other firewall can pick up from where the first one left and provide
access without
interruption. It can be installed on 28 differrent hardware architectures.

We have two firewalls running in our company using OpenBSD with Squid Cahce
Proxy on them. OpenBSD's Packet Filter allows us to control traffic on the
IP Address, port no.s and protocol level and Squid helps us control traffic
on the URL and content level. And I use OpenBSD as my Desktop.

2) FreeBSD ( http://www.freebsd.org ) - FreeBSD is known for its
stability and speed of networking.
Yahoo web servers all run on FreeBSD and Hotmail servers ran initially
on FreeBSD.

We have a FreeBSD server running Samba Suite as a Domain controller. Thus we
save the huge cost of a Windows Domain Controller Server and the cost of all
client access licences ( CAL ) which is 5,000 Rs for each Wndows
client participating in the domain.
The Same FreeBSD Server hosts Apache,php, mantis, perl, bugzilla, MySQL and
Subversion Version Control System. All of them Free Software

3) DragonFlyBSD ( http://www.dragonflybsd.org ) - It is known for its
perfomance and the self healing HammerFS filesystem which does not
need a fsck after unclean shutdown. The hammer utility also allows you
to take snapshots of the file system at desired intervals which can
act as backup. The vkernel implementation allows you to run things
similar to User Mode Linux ( http://user-mode-linux.sourceforge.net )

We have a DragonFlyBSD Server running backuppc for taking backup of data
on other servers. It runs with 2x500 GB hard drives and Instead of RAID it uses
the hammer mirroring technology to mirror data from one disk to another.
Thus it boots up in less that 1 1/2 minutes after an unclean shutdown compared
to the hours other Operating systems will take for fsck and raid parity checks
after an unclean shutdown.

4) NetBSD ( http://www.netbsd.org ) - It can be installed on over 50
different hardware architectures. The NASA make extensive use of it.

5) OpenSolaris ( http://opensolaris.org/os/ ) - Is a free alternative
to the Solaris Operating system from Sun.
It also has a self healiing filesystem called ZFS. Another advantage
of using it is
having Logical domains which inherently support virtualization.

6) GNU/Hurd ( http://www.gnu.org/software/hurd/hurd.html ) - The GNU
Operating System which is still in the development stage.

7)GNU/Linux. ( http://www.debian.org )

I started my Linux usage by using Redhat, Mandrake PCQ LInux etc.. I
have tried other Linux Distributions also but for all real usages I
have chosen Debian and sticked to it. Debian is secure, really robust
and most importantly easy to install maintain. No wonder the Google
Servers run on modified Debian Linux. You can avoid surprises if you
keep the system updated regularly. A new user to Linux will find
Debian quite user friendly. Many of Our web servers, Database Servers,
Flash Streaming Servers run on Debian and in my 7-8 years of administering
 debian thanks be to God and the Debian developers I haven't had a single
successful hacker attack on my servers. Debian Community is quick in
responding to new threats and the patches can be applied to your
computer with just two simple commands "aptitude update" and "aptitude
dist-upgrade". Debian has a rich repository of software that can be
installed very easily on your computer. I will start with free
Software that a common user can use with debian and all the other
Operating Systems I mentioned above later I will mention
software that are useful for Companies.

1) Web Browser - Browsing HTTP/HTTPS/FTP Sites.
http://www.mozilla.com/en-US/firefox/upgrade.html

Instead of Internet explorer one can use Firefox/Opera. Firefox
supports everything that Inter Explorer supports except activex
controls. And if you want to use ActiveX Controls remember the
vulnerability I mentioned beofre.

2) Text Chat/ Instant Messengers.
http://www.pidgin.im/

Pidgin can be used to log in to msn chat, yahoo chat, aol chat and any
other Jabber chat servers at the same time. You don't need to install
separate software like msn messenger, yahoo messenger, Aol instant
messenger etc.

3) Voice Chat
http://www.skype.com/intl/en/

The common Windows program Skype is also available for Linux and You
can use it with Debian with the same ease.

4) Office Suite
http://www.openoffice.org/

Instead of the Microsoft office Suite Word/Excell/Powerpoint etc You
can use Openoffice.

5) Accounts
http://www.gnucash.org/

You can use GNUCash

6) Image Editing.
http://www.gimp.org/

Instead of Photoshop you can use GIMP

7) Anti-Virus
http://www.clamav.net/

ClamAV

8) CAD
http://www.ribbonsoft.com/qcad.html
http://brlcad.org/

You can use qcad or BRLCAD. BRL-CAD is used by the US Army to design
their Tanks and other vessels. Last time I Visited their mailing list
I found out Bell Helicopters also make use of them.

9) Digital Privacy
http://www.gnupg.org/gpgme.html

GNU Privacy Guard - For Public Private Key encryption

Tor and Privoxy - For anonymous internet access

http://www.torproject.org/
http://www.privoxy.org/

10) Partition Editor
http://gparted.sourceforge.net/

Gparted



11) Remote access
http://www.openssh.com/
http://www.rdesktop.org/

ssh - for all unixes
rdesktop - to access Windows Systems

Software For Companies.

1) Domain Controllers & File Sharing
http://us6.samba.org/samba/


The Samba Suite can replace Windows Domain Controllers. You Save the
money required to Purchase a Windows Server and also the money you
need to purchase CAL Licences for your Windows Systems. Also windows
viruses infecting your system and making it unstable.

2) Web Servers
http://www.apache.org/

The apache Webserver which dominates the webserver space.

3) Database Servers
http://www.postgresql.org/
http://www.mysql.com/

PostgresSQL Server or MySQL Server.

4) VPN Servers
http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
( easiest configurable implementation )
http://www.openvpn.net/

Isakmpd or OpenVPN

5) Version Control
http://www.nongnu.org/cvs/
http://www.opencvs.org/
http://subversion.tigris.org/
http://git-scm.com/
http://mercurial.selenic.com/wiki/

CVS, Subversion, Git, Mercurial

6) IDE
http://www.eclipse.org/
http://www.netbeans.org/

Eclipse, Netbeans

7) Bug Reporting
http://www.bugzilla.org/
http://www.mantisbt.org/

Bugzilla, Mantis

8) Computer Forensics
http://www.sleuthkit.org/
http://www.sleuthkit.org/autopsy/

Sleuthkit & Autopsy - can analyze partitions of a wide vareity of FileSystems
 and can undelete deleted data. It can also analyse encase images.

9) Security Audit
http://nmap.org/
http://www.nessus.org/nessus/
http://www.metasploit.com/

Nmap - can scan for open ports, find out the Operating System and
versions of services
running on a computer.
Nessus - Detailed Vulnerability Scanner
Metasploit - Can run exploits on a remote computer and give you controls.

10) Content Filter
http://www.squid-cache.org/
http://dansguardian.org/

Squid and DansGuardian

11) Computer emulation
http://www.xen.org/
http://www.qemu.org/
http://pearpc.sourceforge.net/

Xen, Qemu and  can emulate real Computer Hardware.

==========================================================