Friday, December 18, 2009

Cables, cables and more cables... And IPCop

So the last chapter I read was all about cables. I actually knew a bit about each cable but there is still so much. So some interesting things I learned. I learned what 100BaseTX means. I never knew what that means so here it is. The first number the speed in this case 100 megabits per second, next is Baseband or Broadband(multiple meanings) and if the last part has a T it means twisted-pair and the X is a type of cabling scheme. Another interesting thing is Cat cables. It's very easy to understand the naming scheme, Cat 1, Cat 2, Cat 3 etc. Basically each number up the cable is faster. It doesn't go up by 10s or something but basically the higher the number the better although today only two are sold Cat 5e and Cat 6. Cat 6 is the fastest but bigger so it's generally used in wiring buildings and Cat 5e is what most use for computers and such. ANOTHER interesting thing fiber optic cables are basically cables made with plastic and glass and the great thing about them is unlike Coax, data came move along fiber for 25 miles without having to be boosted through hardware. Also it's pretty hard for someone to tap into a fiber cable and look at all the naughty stuff you're doing. Anyways.

So Mr. Elkner has been telling me he wanted the DHCP server to hand out I.P.s based on MAC addresses. The other day he said he wanted me to do it. IPCop makes it very easy. Under DHCP server it had a list of I.P.s, hostnames and MAC addresses. All you have to do is mark a check next to one of the connected computers and make it a fixed-lease or you can manually do it. Maybe I'll learn how to manually (terminal) but that's for another day.

Also I stopped by room 217 to check out the Dr. Suess OSI Model thing. I think I need someone to actually tell/sing/ it to me. I sat there looking at it, it made sense but my inner "song" was pretty monotone. Sounded like this guy.

I'm gonna go back again and write it down.

Also I'm going to look into LDAP since Mr. Elkner has bestowed the honor of being the-guy-in-charge-of-something-that-everyone-will-depend-on-and-will-try-to-hurt-you-when-it-stops-working. Good thing I have the 2 week break ahead of me to prepare!
...

Friday, December 11, 2009

OSI Model

So I put off the OSI model for a bit since I didn't understand. The book teaches you about it in the second chapter. Maybe they want to teach it early so you have a basis for everything else but I found it complicated. After reading a few chapters I've gone back to it and things seem clearer. I understand the function of each layer, what I need to do is memorize it. Here's my summary of all seven layers.

The Application layer is where a user interacts with the computer like viewing a webpage.

The Presentation layer translates data into a standard format which allows different programs in the Application layer to understand it.

The Session layer organizes communications so different application's data doesn't interfere with one another.

The Transport layer segments and reasembles data into a data stream. That one is from the book since I can't think of anything else.

The Network layer manages addressing of the network, like a post office, and chooses the best route to send the data.

The Data Link layer ensures data reaches the proper destination on a LAN through hardware addressing and also translates data into bits for the physical layer.

The Physical layer is what the name implies. It transmits data using bits, 1's and 0's, and does it through multiple means like audio tones or electricity.

The chapter also touches on encapsulation a bit. Basically every layer data is encapsulated or wrapped in protocol information for that layer.

So that's it. Yep... Mmmm. Quite the use of the word the... You know I also solved a little wireless problem earlier in the week too! That alone should be worth 4 points. Even then you wouldn't grade anyone lower than a four when you've just seen that cute face :3

cute cat eyes Pictures, Images and Photos
It actually looks a bit creepy if you look at it too long.

Friday, December 4, 2009

Application Protocools

The chapter I'm currently reading discusses common *clears throat Application Protocols! I could list all of the ones I learned but that would be a very long post as the last one and it wouldn't benefit anyone. So here's the ones that I didn't know about before. So TCP and UDP both carry data around. I never understood the difference until now. So when you send data across a network using TCP the data is broken into segments and numbered so when the other application recieves the data it can piece it back together. The nice thing is TCP is reliable since it waits for confirmation from the recieving application on the arrival on a packet and retransimits if there isn't a confirmation. The problem with TCP is since it is complicated with all of it's checks it requires more resources than UDP.

UDP also is used for data transmission but unlike TCP it is basically a bare bones version of it. UDP doesn't segment data or follow through to see if the data arrived. This of course makes UDP less reliable but it uses less resources than TCP. One reason you would want to use UDP vs TCP is in multiplayer video games. A lot of games use UDP for their games and this is probably why. In video games data is constantly being updated. Everything is done in real time. There isn't any time to check if my bullet blew that guys head off. The instant I press that button that guy has to be dead. Another reason is the server handling the game would have to work more handling TCP connections from multiple players all sending information that would be irrelevant in less than a second.

That's it for now.

Tune in next week for the amazingly long and boring blog posts by Steve! the Network Admin (in learning).

Wednesday, December 2, 2009

Bah

Yesterday Mr. Elkner found out that when the block was up borders were missing from the google sites. I added gstatic.com which handles the borders. Today on the iGoogle homepage Mr. Elkner found out more media was being blocked. I added those to the whitelist and now everything is fine until we find more sites that don't work.

Anyways onto my Net+ "progress". Yesterday I discovered that the CD that comes with my book has tests for each chapter and a final big test. This is really awesome. Although I've been reading the chapters I've had troube with some things sticking. Being able to assess my progress will help me see if I need to go back into a chapter. It's just hard to focus reading sometimes. Here at school I read it on an e-book since I don't want to lug a 900 page book around with me. The problem is my mouse will slowly drift towards that orange little button up there known as firefox and before I know it I'll be surfing the interwebs. This isn't something chronic but some parts of the book just require me to go online and read more because it's either too obscure or oversimplified. I see I went off on my little rant. Let's get back to my progress.

I was reading a chapter on different types on hardware. Stuff like routers, hubs, etc. I'm going to have to go back and read it though. I actually plan on going back and reading all the chapters. Anyways I took the exam on the CD and an online one from a community site. I scored 50% on both. I think that's good and consistent which means my knowledge is sticking with me somewhat. I noticed a lot of the test is vocabulary and abbreviations. Like the question it will pose it "What type of blah would you use for this blah?" and it would be

A. IC-55555
B. IC-1010101210101
C. More numbers and letters
D. lol

Also during the test one of the questions asked me which of these are DDoS methods. Choose three. I got it right since I knew two of them and one was a virus but the other was Stacheldraht. I looked it up since I didn't know what it is and it sounds German and you if it sounds German it has to be cool. The name means barbed wire in German (see cool?) and it is a program written for solaris and linux :O Also the person who wrote the program goes by Random so you know he means serious business. So there you go, your random somewhat fun fact for the whenever.

Long post is long.

Friday, November 20, 2009

Working from the book

Right now I'm reading an e-book version of the book I bought. It came with the book. It's not that fun. To put it into perspective it's like a car mechanic reading a book on how to put together and fix cars. It's all theoretical. Reading isn't bad but a mechanic can't completely learn how to work with a car without a little hands on experience or he'll (me) will gouge his eyes out. I'll have to learn a lot of networking through reading anyways since there isn't really a way to do networking until problems arise or we're implementing new things. Can't wait until I can wake up, plug my head into a computer, download the day's teaching and then go back to sleep.

Wednesday, November 18, 2009

It works

So I finally got to try it out yesterday and the whitelist feature works. Here is a guide on how to use it. I will to most of the images since the image will be shrunken or cut off on my blog.

First go to https://192.168.208.1:445
You must enter this exactly and FYI for anyone who might stumble upon this and use it you must use YOUR machines I.P. so the format would be https://xxx.xxx.xxx.xxx:445

You should be at the homepage of the machine. Press connect and you will be prompted to enter your user name and password.
Username: admin
Password: youshouldrememberitelkner

When you press connect it will look exactly the same except now you're logged in.

Now mouse over services and click on URL Filter


Now you will have a large webpage with a lot of options. I myself don't know what all of them do but for now we just want to restrict peoples access to the web. Anyways...

You should immediately be able to see 4 large boxes. The second row of boxes is for your whitelist. In the first box enter the websites you want to ALLOW your clients to be able to access.


Make sure the "Enable custom whitelist" option is enabled.

Scrolling down you will come upon two more boxes. In the first you are able to give certain machines unrestricted access to the interwebs. Here is an example.



You might have noticed next you can change what appears on the block page like message, image or a redirect. Change them as you please.

Lastly remember, REMEMBER under advanced settings

Make sure that "Block all URLs not explicity allowed" is checked. Caused me quite a bit of grief. Once you're done with that press Save and Restart and you are done.


Now if you want to make this easier on yourself at the very bottom of the page you can create a backup of all your URL filter settings which get saved to your computer. This makes keeping multiple settings easy when you have a complicated setup like certain unfitlered IPs, scheduling, whitelist, etc.

All you have to do to restore your settings is under "Restore URL filter settings" press browse, find the backup and press "Import Backup File"

If necessary I can learn how to use the scheduling feature and make a guide on it.

Thursday, November 12, 2009

Haven't been busy...

This week hasn't been a very productive one. Monday I moved the second IPCop machine (I will now dub IPCop2) under our current IPCop since Henry is now using the second drop in the room for some other project. It didn't work. I set the machine to DHCP, I made sure the RED NIC was plugged into the other IPCop machine and I also disabled every NIC except two to make sure I wasn't confusing the NICs and it still doesn't work. I couldn't stay after school unfortunately or I would have been able to easily test out whitelisting on the working IPCop machine. Tuesday I wasn't at school since I had a massive headache and stomach problems but that passed. Wednesday was Veterans day so there was no school and today we'll see what I do.

Wednesday, November 4, 2009

NOVA Exam

So I've been doing the NOVA exam which I don't know really why I'm taking but it can't hurt and Mr. Elkner told me to anyways... I know it's not AT related but since that's what I've been doing here's what has happened. I took the reading part on Monday which I thought was ok. Not difficult but not easy either. I just took the essay part of the exam where you have to grammar (spell check caught my grammer) check three essays. It's very boring and harder but nothing I couldn't handle :) I passed both and apparently some lady is going to come to class tomorrow to discuss something with me. She wasn't here today. So that's it.

I think it's safe to post this. I mean it's not like I'm giving away answers or how to take the test but if for some reason I can't have this here I'll remove it.

Friday, October 30, 2009

Week/Quarter Summary

Monday/Tuesday I plugged in the second machine into the second drop in the room yesterday and I couldn't access the internet. Matt had a look at it and said everything was correct. He tried pinging the machine and wouldn't get a response. Thursday I plugged a laptop into the drop we were using for the IPCop machine and pinged our network and got a response. I will look into what's going on with the server after I'm done with this quarter summary.

OK, so my original goal for the quarter... I didn't really start with one originally but I guess my goal became making an IPCop machine and setting up whitelisting. I did manage to get the IPCop server running but whitelisting hasn't been confirmed YET. And my overall goal for the year is to take the Network+ exam and pass. That's still way ahead of me.

The IPCop project worked out in the end (Still got to test whitelisting). There were quite a few unexpected things. I had to actually learn a few things before I could start the project, making each machine took a while and I did some stupid things in general.

So this quarter I learned some things about networking and linux. I learned what DHCP does and what DNS is for. I've learned a few linux commands like ping, host, ssh, scp, shutdown (you would think it would be just shutdown) and how to navigate through terminal. I also learned how to create and run a router machine, IPCop specifically.

Things I couldn't do before that I can now... Well first I could use terminal to save my life and now I have a better understanding of it and I learn new commands as I move along. I now can set up a static IP.

I still haven't properly set up a whitelist yet. I believe I can but I haven't been able to test it yet. That's pretty much what I wanted to do and can't do yet. Also I can't pass the Net+ exam right now if I tried. :/

I'm still going to continue with the IPCop project. I'll keep making changes and necessary and I will be fixing problems with it which there hopefully won't be any. After I get the whitelist done though I will have to find something else to do like studying for the Net+ exam and taking it although I don't see that happening anytime soon.

Friday, October 23, 2009

Keeping track of passwords

I just had a little idea to keep track of passwords. Right now both IPCop machines have the same passwords with the root and admin also sharing the same passwords. Assuming somehow the password got leaked. (Only 3 people know it). Then they would have complete access to both machines. I was thinking of making a google doc to keep track of the passwords and sharing it with Michael, Henry, myself and maybe Mr. Elkner. (You don't give out the passwords to the customer). I doubt anybody would want to do anything with the two machines but it can't hurt. If you have a better idea Mr. Elkner please leave it in the comments since I won't be at the CC today.

Thursday, October 22, 2009

Second machine is ready

I finished up the second IPCop machine today. It is now running the same version of IPCop and the same addons as the one in use. I had to use SCP which is still kinda new to me. It didn't work so I asked Henry for help. I had the port placed incorrectly in the command so it wouldn't work. If I remember correctly this is how it should look like.

scp filename.file -P ### username@I.P. Address:/random/folder

I then unpacked and installed everything.

That's pretty much it for what happened today. Here's a random picture to fill the rest in. Make what you will of it.






BY THE WAY IT'S INTERNATIONAL CAPS LOCK DAY.
CAPS LOCK IS CRUISE CONTROL FOR COOL.
Actually it isn't.

Wednesday, October 21, 2009

Advproxy

While I wait for that I.P. address I've been looking up on how to block all websites through the IPCop GUI easily since Mr. Elkner wants to be able to block and unblock websites on the fly. I stumbled upon Advproxy which is another addon for IPCop made by the same people who created Urlfiler so they work together hand in hand. I haven't been able to use it since the test machine isn't ready yet but I've been reading the docs. Apparently it has some Classroom addon so you can group computers together. It can be the whole lab or a few computers and you can choose them based on MAC or IP. Once you've put them in a group and created a password to control that group. You can allow or deny web access with one click. The other cool thing is you don't have to give out the admin password to access IPCop web interface. Instead the teacher would use a different link that takes them to a login page. They enter their password and their groups show up and then they can allow or deny web access.

I believe this should work with the whitelist feature of IPCop but I'm not sure until I can actually work with it.

Tuesday, October 20, 2009

WPA2

Yesterday when we me and Mr. Elkner set up the AP after school in the web interface there were multiple WPA2 encryption types. We tried mixed but it didn't work so I just set it to personal. I looked them up and there are 2 big differences between all three. WPA2 mixed uses AES and TKIP authentication. TKIP is very old and can be cracked using the same methods against WEP. WPA2 (personal) uses only AES authentication which is secure for now and WPA2 enterprise uses a RADIUS server for authentication which isn't necessary for us. I'll leave router to use WPA2 personal for now.

Sunday, October 18, 2009

Week 3 of October

I know I won't get any points for this but anyways this is to cover last week.

Tuesday I stayed after school and updated IPCop and installed Urlfilter. Henry showed me how to SSH into the machine on Friday and on Tuesday he used SCP to transfer the Urlfilter files to IPCop machine. I installed everything after school. Blacklisting works, I need to try whitelisting out. I can do it after school on Monday. On Wednesday I believe Michael began working on a second IPCop machine. We're working on that. Friday we got the AP but I couldn't figure it out during the period. I've read up on it and I should be able to set it up Monday.

I'll remember to blog this week.

Friday, October 9, 2009

Network Topologies

Right now I'm reading through the whole Network+ book. I know some things but I'm just gonna go through it all to make sure I have it down.

I learned a bit about network topologies in middle school. I remember the Star network is where all the computers in the network connect to one hub. It's nice because if one computer goes down it doesn't screw over the whole network like a Bus or Ring network but if the hub fails then everybody is screwed. The Ring and Bus also have another disadvantage which is when you want to make a change to the network like adding another machine it takes down the whole network which is really bad if you need to run 24/7. Mesh is very nice since every computer runs to each other creating redundancy but all that cabling would be expensive and confusing. There are some topologies I didn't know about until now like point-to-point and point-to-multipoint but I'm still reading up on them so I don't have anything to offer on them.

Three day weekend ahead which means I can play video games read up on Network+ and do some other projects.

Wednesday, October 7, 2009

IPCop has been deployed

IPCop is now setup and running.

Yesterday we stayed after school and installed the IPCop server. If it wasn't for the quad NIC we probably wouldn't have been able to deploy it yesterday. The installation went without a hitch. At first I thought something was wrong because some computers were attempting to connect using the wrong IP address. Mr. Elkner (the only person who reads this blog) explained to me that when the computer tried to reconnect it tried using it's old assigned IP address which wasn't in the range we were using. A simple reboot fixed that.

I still have to update IPCop to the latest version and I need to install an addon called UrlFilter so we can easilly add and remove websites from the whilelist/blacklist otherwise you would have to edit the hosts.txt and that would be a pain in the arse. Also when Mr. Elkner gets an AP so we have wifi I can install Copspot which is the captive portal I wrote a about a little while back.

I guess I'll start reading up Network+ since I won't be able to work on IPCop during class.

Monday, October 5, 2009

We're ready to deploy Captain!

The server is all set and ready to go.

Today we put the last two NICs into the computer. It actually took the whole period. The problem was that each NIC had to be a different one because IPCop had trouble with duplicates. The problem was I would assign a network to one of the duplicate NICs. Then I would assign another network to the other duplicate NIC. When this happened the first network would lose its assignment to it's NIC. What we had to do was find two more NICs that weren't the same. It surprisingly took the whole period. We went through about 10 NICs before we found two that weren't the same. For some reason most of the NICs that we tried were Intel. Two of them weren't even detected by IPCop. We found a Realtek card and some other mammoth of a card before class ended. Tomorrow me and Michael will be staying after school and should get everything up and running.

Friday, October 2, 2009

Almost Ready

So yesterday we did an installation of IPCop with just two NICs. That worked perfectly although we couldn't figure out how to get into the web interface. Today I figured that out and we were set. Since we want 3 networks we need 4 NICs. One for the outer network, one for the local, another for wireless and another for experiments. Two of the NICs we had the same chipsets so I started by placing one in the machine to figure out which was the dupe. For some reason the computer would boot up but I couldn't type. Oh my god. I take out the NIC and put in the other. Same thing. I take that one out and try booting. It's the same thing. What the hell did I change? So I get Henry to take a look and lo and behold the keyboard wasn't plugged in... After that embarrising episode I access the web interface. I wanted to see if I could check out the 3rd NIC I had in the computer. This being the first time using IPCop I had no idea how to navigate the interface so class finished without much being done.

This weekend I plan on figuring out how add another network and do that on Monday and then we hopefully deploy Tuesday. Woo.

Wednesday, September 30, 2009

IPCop Server

So today I went in with a better idea of how to get IPCop running than yesterday. I assigned an IP address to each NIC, Green being 192.168.208.1 and then going up from there for the other 2 NIC's. One thing I didn't fully understand was DHCP yesterday. I knew that it assigns an IP address to the network but I didn't know it was as simple as plugging it and obtaining the IP. Anyways tomorrow when we plug the server into the drop in the front of the room it should work.

Also right at the end of the installation I accidentally cancelled it and had to start over.

Monday, September 28, 2009

Borked Computer

So today pretty much nothing got done except getting a machine ready for IPCop. Again. Apparently the computer we set up on Friday would not boot. Henry and some other person I don't know diagnosed the problem and it had something to do with the motherboard and CPU. We took the NICs out of the broken machine and placed them in another machine. We finished in just enough time to be able to do nothing. Well I did get to start the installation but stopped since there was only five minutes left.

My lesson learned is to see if the computer works before messing with it.

Sunday, September 27, 2009

Pfsense Copspot

Friday (or whenever) we all decided to use IPCop for our firewall. I did a bit of researching on the captive portal and IPCop again to see if it is possible to run a captive portal in IPCop. I found a plugin for IPCop called Copspot. It allows you to run a captive portal in IPCop but allows access only on port 80. I guess for surfing the net this is ok.

While I was looking for an addon for IPCop I came across Pfsense. It based off m0n0wall and is almost like IPCop. You can have multiple networks using those NICs (I believe) and it has a captive portal built in. The only caveat is that for whitelisting and blacklisting you have to download SquidGaurd. It's not built in, although one cool thing is you can specify dates and times to have the blacklist/whitelist up. I don't know if IPCop does this.

Basically instead of running a firewall and a captive portal we could have one server running just IPCop or Pfsense. I will bring in a copy of Pfsense so we may have a look at it. This may require a better CPU if we run the captive portal on one server.

Written on my overheating laptop.

Tuesday, September 22, 2009

Walled Garden

So I have been scouring the interwebs and I have come across a few programs that would allow us to run a walled garden I believe wifidog is the best choice so far. I've come up with one other program which I'm still reading into. By the way this is Wikipedia's definition of a walled garden. And this is more specific definition of what I plan on doing.

So the way it would work is you would place a machine running Ubuntu with wifidog between the wireless AP and the rest of the network. When a user first opens there web browser and attempts to access a website they will be sent to a splash page that, for our purposes, would ask for a username and password. One more thing, you can use that Linksys router and flash it with wifidog so you don't need to set up a machine but you still need a separate server for authentication.

That's all for now.

Monday, September 21, 2009

First Post

Today I looked into IPv6 and what it is. Apparently IPv6 is the new Internet Protocol version which will replace IPv4. Don't ask me where IPv5 went. It never entered the public realm. The reason IPv6 was created is to solve the IP address shortage. IPv6 has a 128 bit address space unlike IPv4 which uses 32 bit. This means that there are 4 times more IP addresses available. IPv4 has 4,294,967,296 addresses available so multiply that by 2 for or do 2 to the 128 power and you get a big number. I can't offer much more right now since I'm still reading into the technical stuff about IPv6 but apparently it is more efficient than IPv4.

Also I looked a bit into creating a walled garden which is where you are redirected to a login page when accessing a wireless internet connection. It looks simple enough, but only if you have the right tools and right now I'm still looking into that.