Software Defined Network

Software Defined Network (SDN)

A Software defined network or SDN is a technology for virtualizing the network layer and network management systems. Basically, it is a centralized architecture and useful at Data Centre devices, wide area network devices and large campus networks. 

We can virtualize a network so that can break the direct connection between our applications and virtual servers as well as our physical network. It is possible to manage a virtualized network infrastructure by providing the tools to configure virtual network objects and policies. We have the network controller which provides centralized management, configuration, monitoring, and troubleshooting of both our virtual and physical network infrastructure. The SDN Applications or programs explicitly, directly, and programmatically communicate their network requirements and desired network behaviour to the SDN Controller via a northbound interface (NBI). The SDN Controller is nothing but one software or application to manage the SDN.

The Hyper-V Network Virtualization which helps to extract applications and capacities from the underlying physical network by using virtual networks. Hyper-V Virtual Switch which offers the ability to connect virtual machines to both the virtual networks and the physical networks as well as security, isolation and service level policy enforcement. 

It is an advanced architecture and is manageable, cost-effective, and dynamic. It is ideal for today’s applications due to its high bandwidth.

If we discuss about CISCO, it comes with Cisco ACI and industry leading SDN solution for Data Centres. It provides automation, consistency, multi cloud acceleration, container integration and zero trust network protect. In addition to those it also provides Data Centre Network assurance and Insights. 

In SDN technology, open flow protocol is used for communication that gives access to the forwarding plane of a network switch or router over the network. 

The SDN architecture can be;

• Directly programmable
• Centrally managed
• Open standard

Some of the SDN Controller features:

SDN controller have many important features which needs to be considered while deployed. Here are some of the features mentioned below;

• The SDN solution shall support centralized management through Declarative Policy Engine or SDN Controller and it shall program all the networking policies consistently across any workload in physical and virtual environments.
• The SDN Solution shall automate networking policies and service overlay provisioning for the Bare metals, Virtual Machines.
• The SDN Solution shall support Overlay VXLAN, Geneve or equivalent tunnel.
• The solution shall provide integration with cloud management systems using open interfaces like RESTAPI or equivalent.
• Centralized management appliance or SDN Controller must support multi tenancy from management perspective and provide Role Based Access Control per tenant for the tenant management.
• SDN Controller shall provide dynamic device inventory of the Fabric as well as current network topology of the fabric. It must also validate the cabling connectivity and generate alarms in case of wrong or faulty connectivity.
• The SDN solution shall support granular role-based access control policies and support AAA using Local User authentication/ External RADIUS/External TACACS+ protocols.

-DR

 

Cyber Security | 20 ways to harden your server

20 ways to harden your server

Server hardening

Server hardening a technique to making it harder to break into the servers or systems. This is very important aspects to keep your critical data and device secure. Below are the 20 points a server or system administrator should take care of it.

1. Uninstall any unneeded or unused services from your system. Because every extra service becomes your extra vulnerability.
2. Disable unwanted communication ports.
3. Similarly, do not install unnecessary software and applications in your server or system. Because the extra applications depend upon on additional services and additional ports and that’s means presence of some additional vulnerabilities.
4. Keep your device security patches up to date. This is very crucial one. Whenever one OEM or vendor announces their security patch released information, the hackers behind the screen notices it as that announcement was gone on public domain. So immediately the hacker checks who have not patched till and penetrates those systems. 
5. The organization should disable any unneeded hardware and physical ports or devices.
6. Implement BIOS password, so when someone gains access to your server and attempt to reboot the server, then no changes will be there.
7. The wake on feature should be disabled in the server. So that no one can wake on server from network or outside of network.
8. Avoid using insecure protocols that send your information or passwords in plain text and use data encryption for all your communication to and from server.
9. When using Linux, SELinux should be considered. Linux server hardening is a primary focus for the web hosting industry, however in web hosting SELinux is probably not a good option as it often causes issues when the server is used for web hosting purposes.
10. User Accounts should have very strong passwords and user should change the password on a regular basis and same passwords should not be reused. Implement strong password policy. Lock accounts after too many login failures. Often these login failures are illegitimate attempts to gain access to your system. Do not permit empty passwords.
11. Implement SSH Hardening such as: set idle time out interval, limit the maximum authentication attempts, Disable X11 forwarding, disable empty passwords, etc.
12. Disable direct root logins and switch to root from a lower level account only when necessary. Can Install Root Kit Hunter an unix-based tool that scans for rootkits, backdoors and possible local exploits.
13. Configure the system firewall (Iptables) or get a software installed like CSF or APF. Proper setup of a firewall itself can prevent many attacks.
14. Disable unwanted binaries and hide BIND DNS Sever Version and Apache version.
15. Maintain server logs; mirror logs to a separate log server.
16. You can Install Logwatch and review logwatch emails daily. Investigate any suspicious activity on your server.
17. Use brute force and intrusion detection systems.
18. Install Mod security as Webserver Hardening as well harden the php installation. Refer to (https://www.hardened-php.net/)
19. Install Linux Socket Monitor to Detects/alerts when new sockets are created on your system, often revealing hacker activity in the network.
20. Maintain regular back up of your server and system.

-DR

NAS Protocols | SMB and CIFS

NAS Protocols

There are many NAS protocols such as SMB, FTP, NFS, SFTP, CIFS, HTTP. Lets overview the important one's below;

Server Message Block (SMB)

SMB is a network file sharing protocol and is used at windows machine, known as Server Message Block. SMB was originally designed by Barry Feigenbaum at IBM in 1983 and later it was modified by Microsoft. SMB works in a client server architecture, where a client sends specific requests and the server responds consequently. One unit of the SMB protocol precisely deals with access to filesystems, such that clients may make requests to a file server. The SMB protocol sometimes called as a response request protocol, that means it communicates several messages between the client and server to establish a link. It operates in Layer 7 and over TCP/IP protocol. 

The latest SMB 3.1.1 released in 2015 with windows 10 and windows server 2016 with enhancement in adding advanced encryption and preauthorization integrity.

Securing the SMB protocol

It is known that the SMB shares typical file in some Windows Sever are not encrypted and can be viewed by Microsoft Message Analyzer. However later the end to end encryption option was introduced in windows 8 and windows server 2012. 

As we heard the popular and most critical ransomware attack was happened link to early versions of the SMB protocol that were exploited during the WannaCry ransomware attack through a zero-day exploit called EternalBlue with CVE code CVE-2020-0796 and was a critical severity level.

There is a flaw in the new SMBv3 compression mechanism potentially allows an attacker to take down or take over a Windows system. Example of some operating system which were vulnerable to SMB based attack were, 

• Windows 10 Version 1903 for 32-bit Systems
• Windows 10 Version 1903 for 64-bit Systems
• Windows 10 Version 1909 for 32-bit Systems
• Windows 10 Version 1909 for 64-bit Systems

To address the above vulnerability, one need to patch the operating system, or someone can disable the SMB with following PowerShell command;

Set-ItemProperty-Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

SMB uses either port no 139 or 445. So, to protect the SMB ports we can use firewalls and strong policies. We need to keep enabled of the firewall or endpoint protection. VPN can also be good option to encrypt and protect the network traffic. If you want to isolate the network traffic, then a VLAN configuration is also advisable.

If any windows system does not play as server and client role, then some steps can be taken to secure the SMB port such as;

• Block all the inbound TCP traffic at SMB port no 445
• Disable the inbound connections: File and Printer sharing (SMB-In), Netlogon Service (NP-in), Remote event log management and remote service management.
• Can restrict access from trusted IP ranges and devices.
• Need to configure a security rule for the outbound firewall rule with exceptions for the "Allow the connection if it is secure" and "Allow the connection to use null encapsulation" settings.
• Configure windows defender firewall.
• Configure servers for isolation from network such as; Security group filters, WMI filters, configure IPsec, configure key exchange, configure data protection and authentication etc. 

CIFS

There is another protocol called CIFS stands for Common Internet File System was an earlier version of SMB.  It is a network file system protocol used for providing shared access between printers and system. It also works as client server model. This protocol is a low scalable but reliable protocol. It uses TCP port number 139 and 445 and UDP port number 137 and 138.

• A client sends a request to a server.
• The server acknowledges and fulfils the request.
• Then the server sends a response back to the client.

Presently most Operating system use SMB instead of CIFS whereas, CIFS is used at NAS (Network Attached Storage) and SAN (Storage Area Network). There are some other Features of CIFS includes not limited to easy file access, resource access, flexible connectivity, safe caching, proper notification etc. 

We will discuss SAN protocols later in another post. 

-DR

Computer Servers | Part-2

Computer Servers 

Part-2

Architecture of servers

While we have seen just a overview of some basic understanding of Servers and their use, lets know some next steps. 

A Form Factor

The term form factor in computers refers to the size, shape, and the overall packaging of the computer device or servers itself. Servers typically come in one of three different form factors such as;

• Tower Server
• Rack Mount Server
• Blade servers

Well the blade server has advantage over other tower server and rack mount server is that are very thin and less space consumption as the entire server is contained or embedded on a single card. That card is mounted alongside with other blade servers and that whole cluster of these blade servers altogether were fitted in a single blade chassis. 

In case of this blade server technology a single power supply is being used and a built in KVM (Keyboard video mouse) a single console to control all the blade cards. So the server becomes more managed with use of minimum cables.

Server Management and Performance Management

While managing the server each operating system vendor has their own in-built tools to help in managing that particular operating system. Also, there are some third-party tools used for this. The same tool is also being used for configuring the server. Most commonly tools are used as Task Manager, where all the tasks and processes were listed. Whether the processes are running or stopped can be identified. There are different aspects of performance in case of servers. Some performance monitoring tools come in-built and some comes with third-party. The performance monitoring tools used for servers, have the parameters to monitor are such as CPU utilization, memory utilization, bandwidth utilization, Physical memory utilization, network utilization, latency monitoring and physical disk space utilization etc.

Let in example of one windows server, we can able to analyse what is using the processor, the % of interrupt time, the % of processor time on a real time basis. The performance data can be seen in real time or from a log file.  Similarly what is using the disk and how many disk space is free and % of the disk space is used, etc. Performance management very key things to keep track for a server. 

Server Event Logs

Collecting event logs is one of the most important job for a server administrator, by using any form of event logging tool. The tool says what is and has been going on with your server. 

Let take example of Microsoft, Windows server 2019. The tool that available with this server OS is called Event Viewer. You can type “event viewer” at search box or go to server manager tools, there are options such as custom views, windows views, application and services log etc. When we click on the windows logs there are several options show below as Application log, security log, set up log, system log and forwarded event. Going in system log and scrolling down we can see different coloured things (Red, yellow) coming through as far as errors and warnings. On right clicking you can ger the event properties. Additionally, you can get help regarding the event online from internet through the properties field. 

-DR

Telecom | FTTH, PON, GPON

FTTH, PON, GPON

FTTH

Fibre communication for providing broadband services were being populated now a days. The optical fibre cable are being used for the last mile communication in telecommunication. 

Earlier the fibre optics were connected to BTS level (The Base Transceiver Station) or cluster towers and then through RADIO the signal is being transmitted. But presently technology gave the connectivity up to individual residential/ home level. So that a public individual can avail high speed data or voice service at home with affordable cost. FTTH (Fibre to the Home) is the technology for connecting the high speed fibre optic cables to the home/ building/ business points. The prime benefit of using fibre is achieving higher speeds over longer distances which in turn is very useful in streaming videos. 

Multiple methods of fibre connectivity is called FTTX. Several other terms used such as;

• FTTP: Fibre to the premises
• FTTH: Fibre to the Home
• FTTO: Fibre to the office
• FTTB: Fibre to the Building
• FTTT: Fibre to the terminal
• FTTA: Fibre to the amplifier
• FTTR: Fibre to the radio

Within FTTH architecture two types of technology used known as Active optical network (AON) and Passive optical network (PON).

AON

Active Optical Networks can be referred to as point-to-point network. In AON switching equipment like routers, switches and other devices which are electrically powered for managing signal distribution and transmitting direct signals to the receivers or subscribers. For AON a dedicated fibre connection may be used and as the active equipment’s were used the electricity cost may rise. Active optical devices include light sources (lasers), optical receivers, optical transceiver modules, optical amplifiers (fiber amplifiers and semiconductor optical amplifiers), etc.

PON

Passive Optical Network can be referred to as point-to-multipoint network and it does not have any electrically powered switching equipment. PON makes use of fiber optic splitters for directing traffic signals of different wavelengths. The optical splitters used in PON can separate and collect optical signals as they are transmitted through the network. PON networks can direct signals to 16, 32 and 64 customers at a time. A passive optical network includes an optical line terminal (OLT) and a set of supporting optical network units (ONUs) installed at the user end. The optical distribution network (ODN) between the OLT and the ONU contains optical fibers and passive splitters or couplers. 

Again PON is technically classified into three standards: APON (ATM PON) based on ATM, EPON (Ethernet PON) based on Ethernet, and GPON (Gigabit PON) based on General Frame Protocol.

Here lets know something about the advanced standard GPON or Gigabit PON. 

GPON

GPON is a point-to-multi point access technology and supports all types of ethernet protocols. The prime feature of GPON is the use of passive splitters in the fibre distribution network, enabling one single feeding fibre from the provider’s central office to serve multiple homes and small businesses. For security reason, GPON uses AES (Advanced Encryption Standard).

GPON network consists of mostly two active transmission equipment such as Optical Line Termination (OLT) and Optical Network Unit (ONU) or Optical Network Termination (ONT).

Due to the maximum use of internet and broadband services, GPON supports in following functions

• Longer Transmission distance
• Higher Bandwidth
• Better user experience
• Low cost with higher resource use

How it works

The primary optical transmitter, called as OLT (Optical Line Terminal) is located within the telecommunications operator building, the central office. A laser in the OLT injects the photons from the central office to a fibre-optic cable that ends at a passive optical splitter. The splitter breaks the single signal from the central office into several signals that may ultimately be distributed up to 64 customers. The OLT is connected to the optical splitter through a single optical fiber, and the optical splitter is then connected to ONU Different wavelengths are adopted in the upstream and downstream directions for transmitting data. 

During downstream transmission all data is broadcast to all ONUs from the OLT and during the upstream direction, each ONU can send data to the OLT only in the timeslot permitted and allocated by the OLT.

-DR

Telecom | WDM and DWDM

WDM and DWDM

Wavelength Division Multiplexing

WDM is a technique used in telecommunication technology.  It multiplexes multiple optical carrier signals onto a single optical signal by using different wavelengths or different colours of laser light. It basically used at optical systems.

There are systems such as optical transport, multiplexer and transmitter used with WDM to join and multiply different signals. Most DWM systems use single mode fibre optical cables.

Similarly, the WDM can be further divided in to three different forms such as normal or DWM, dense or DWDM and coarse or CWDM. Between the two key technologies, the implementation depends on requirement of users and networks. Both the solution were available as active and passive systems of a network. CWDM supports up to 18 wavelength channels that to be transmitted in the fibre in a same time frame whereas, DWDM supports up to 80 wavelengths. Between CWDM and DWDM, DWDM connection can be used for longer distance transmission. Presently at the time of writing this blog, DWDM even supports up to 96 wavelength over one pair of fibre with channel spacing 0.8 nm or 0.4 nm. By using optical amplifier, it can be used up to 1000 KM of distance. Its mostly used for back bone networks for long transmission. To minimize the network risks and address to the network monitoring, here five DWDM solutions, such as OLP, OPD, OPM, ring network protection and complete protection are used.

How a DWDM system works? 

• The transponder accepts input as single-mode or multimode laser pulse signal. The input can come from multiple physical media and multiple protocols and traffic types.
• The wavelength of the transponder input signal is mapped in to a DWDM wavelength.
• DWDM wavelengths from the transponder are multiplexed with signals from the direct interface to form a composite optical signal which is launched into the fiber.
• A post-amplifier or booster amplifier, boosts the strength of the optical signal as it leaves the multiplexer.
• A pre-amplifier increases the signal strength before it enters the demultiplexer.
• The incoming signal is demultiplexed into separate DWDM wavelengths.
• The individual DWDM signals are either designed to the required output type through the transponder or they are passed directly to the site equipment.

OTN

Optical Transport Network (OTN) is an industry standard protocol and is bundle of Optical Network Elements connected by optical fiber links and provides services such as transmission, multiplexing, switching of optical channels carrying signals. OTN works with synchronous optical networking (SONET) and synchronous digital hierarchy (SDH), which uses a system of laser pulses or light emitting diodes for transmission.

OTN uses Wavelength Division Multiplexing (WDM). As per ITU-T recommendations the interfaces used by OTN is G.709. The OTN system in telecommunication system is a unique system that can integrate virtually with many applications such as voice, data, LAN, video, SCADA, etc. into one high speed network, using a fibre optic backbone.

ROADM 

A ROADM (reconfigurable optical add drop multiplexer) is a multiplexing device which can be used to work (add, drop or block) on multiple wavelengths at any node makes it simple for the SONET or SDH network. As we know, Bandwidth and wavelengths must be pre-allocated. There are two major ROADM technologies used such as wavelength blocking (WB) and planar light-wave circuit (PLC). It allows remote configuration and reconfiguration. ROADM networks allow adding new services without redesign or change to network.

It helps in improving network utilization, power balancing, end to end wavelength provisioning and flexibility.

-DR