LinuxPlanet Casts

Media from the Linux Moguls

Archive for the ‘FreeNAS’ Category

The Techie Geek – Episode 101 – Show Notes

without comments

mp3

ogg

facebookidenticatwitter

Email Russ at russ AT thetechiegeek DOT com
Email Tracy at tracy AT thetechiegeek DOT com
Leave us a voice mail at 1-206-339-1575

FreeLinuxBox.org helps your un-needed Linux box find a needy home

amazon.thetechiegeek.com
hostgator.thetechiegeek.com

Working Point
PC Repair Tracker
Puppy Linux
Knoppix
Linux Mint
FreeNAS
Google Apps
SimpleSysInfo

Check out these great podcast sites: Techpodcasts.com and BluBrry.com

Written by Russ Wenner

April 30th, 2012 at 5:32 am

Ultimate ZFS Overview | TechSNAP 28

without comments

post thumbnail

Coming up on this week’s TechSNAP…

Buckle up and prepare for our Ultimate ZFS overview!

Plus, the next generation of Stuxnet is in the wild, but this time is laying low, collecting data.

All that and more, on this week’s TechSNAP!


Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

Jupiter Broadcasting Gear

http://www.printfection.com/jbgear

  • Coupon Code: SuperDuperShip – Free Shipping on Super Saver, International, and Canadian Airmail orders. No minimums
  • Coupon Code: SuperSave$10 – $10 off orders with a subtotal of $50+
  • Coupon Code: Scary35% – 35% off orders with a subtotal of $100+

Next generation of Stuxnet seen in the wild?

  • Called Duqu, the malware appears to be based on the same concepts as Stuxnet, and likely was written by some of the same people, or someone with access to the Stuxnet source code.
  • The malware is designed to be stealthy and silent, rather than exploiting the system to some gain, like most malware
  • The rootkit loads it self as a validly signed driver. It appears to have been signed by the certificate of a company in Taiwan identified as C-Media Electronics Incorporation. It is possible that their systems were compromised and their private key is being used without their knowledge. The certificate was set to expire on August 2, 2012, but authorities revoked it on Oct. 14
  • The malware is not a worm, as it does it spread, and has no destructive payload
  • It appears to only gather intelligence and act as a espionage agent, collecting data to be used a future attack.
  • Analysts claim it appears to be seeking information on an unidentified industrial control system
  • Duqu appears to have been in operation, undetected for more than a year
  • Symantec has declined to name the countries where the malware was found, or to identify the specific industries infected, other than to say they are in the manufacturing and critical infrastructure sectors
  • Duqu analysis paper

Google switching to SSL for logged in users’ searches

  • Users who do a search while logged in, will do the search over SSL, meaning their search query and the results will be protected from snooping by their ISP, Government, Law Enforcement and WiFi hackers.
  • This is an important step as google works to personalize your search results more and more.
  • An interesting side effect of this is that browsers do not pass referrer headers when you transition from an SSL site. So the sites you visit from the search results page will no longer see what your search query was. Clicks on Adwords and other sponsored links will still pass your search query.
  • The primary impediment to SSL for everything is performance, encrypting all traffic on the web would require a great deal more hardware. This is why Google defaults to a weaker encryption for things like search results, than what online merchants typically use.
  • Another impediment to SSL is the certificate system, typical setups require a unique IP for each SSL certificate (because the name based virtual hosting typically done by web servers relies on an HTTP header, that is not sent until after the encryption session is started). However modern browsers and web servers support ‘SNI’ (Server Name Indication) to allow that information to be passed as part of the initial encryption setup. There are also solutions such as wildcard certificates (ie, *.google.com) and Unified Communications Certificates (UCC, typically used for MS Exchange servers and the like).
  • Google will also provide website owners with the top 1000 search queries that lead visitors to their site via Google Webmaster Tools.
  • HTTPS Everywhere | Electronic Frontier Foundation

Feedback:

ZFS Segment

  • This week we will be taking a look at ZFS as a storage solution
  • ZFS was originally developed by Sun Microsystems to be able to store a zetta byte of data (A zetta byte is equal to 1 billion tera bytes)
  • ZFS is both the Volume Manager and the File System. This gives it some unique benefits, including the ability to increase the size of the file system on the fly and improves performance for the ‘scrub’ (integrity check all data) and resilver (recover from a failed disk) operations, as only data blocks that are actually in use need to be rewritten, whereas a hardware RAID controller must resilver the entire disk because it is unaware of the file system.
  • ZFS is a ‘Copy-On-Write’ file system, this means that data is not immediately overwritten when it is changed
  • Features
    • Multiple mount points – You can create various mount points from the same storage pool, allowing you to have different settings for different types of files.
    • Passive Integrity Checking (Fletcher Checksum or SHA–2) – As data is read, it is compared against the checksum (or hash, depending on settings). If the data is found to be corrupted, ZFS attempts to recover it (from a mirrored device, RAID Z, or copies). This feature allows ZFS to detect silent corruption that normally goes unnoticed.
    • RAID Z – RAID Z works very similar to RAID 5, except without the requirement for a hardware RAID controller. RAID Z2 provides two parity drives, like RAID 6. Recently, RAID Z3 was also introduced, using 3 drives for parity, providing exceptional fault tolerance.
    • Compression – Allow you to compress the data stored in this mount point (defaults to lzjb for speed, or you can choose a specific level of gzip). This can be great for storing highly compressible information such as log files
    • Deduplication – Since ZFS already knows the hash of your files as it writes them, it can detect that a file with the identical content already exists in your storage pool, and it will simply link the new file to the old one, and because ZFS is copy-on-write, if either file changes, it does not effect the other. ZFS also supports an optional ‘verify’ setting, where even if the checksum/hash matches, it will do a byte-by-byte verification to ensure the files are the same, to avoid a cache collision resulting in data corruption, even though the chances of this happening are around 10^–77. Deduplication uses a lot of ram, so it is recommended that you only use it on datasets where there is a high probability of duplication (It requires 320 bytes per block, meaning 1TB of data in 8kb blocks requires 32GB of ram. ZFS allows blocks up to 128kb). Deduplication will only use up to 25% of ARC memory, after that performance is degraded.
    • Purposeful Duplication (Copies) – Allows you to ask ZFS to maintain more than 1 copy of each file in a mount point. This is in addition to any redundancy provided by mirrors/RAID Z etc. Where possible the additional copies are stored on different physical devices. This allows you to get the benefit of a system like RAID Z but only for a specific set of data, while using regular striping for the rest, to maximize your storage capacity. (The ‘Copies’ system was not designed to protect against entire drives failing, just the loss of specific sectors, also this setting only effects newly created files, so you should set it when you create the mount point)
    • Snapshots – A read only copy of the file system from a specific point in time, great for backups etc.
    • Clones – A writable snapshot. Allows you to create a second copy of the file system that shares all of the same disk space, and any changes to either the original or the clone get saved separately.
    • Dynamic Striping – As you add more disks to your ZFS pool, the strips are automatically adjusted to take advantage of the write performance of all available disks.
    • Space Reservation – Since all mount points share the same pool of free space, you can set reservations to make sure specific mount points always have access to free space, even if another mount point is trying to use all of the space.
  • In summary, ZFS can be a great solution for your home file server, as it allows you the flexibility to add additional storage at any time, deduplicate files, provided limited redundancy without needing RAID and can even provide some Drobo like functionality.
  • If you keep at least one SATA port available in your file server, you can replace smaller devices by attaching the newer drive, and using the ‘zpool replace’ command, to copy all of the data to the new device, then remove the smaller one. You can eventually replace every device in the system this way, and the storage pool sizes up automatically.
  • RAID Z pools cannot currently have devices added to them, although this feature is in the works. If you create a RAID Z (or Z2/Z3) pool, you can still increase it’s storage capacity by replacing each disk one at a time, and waiting for it to resilver (unlike in non-redundant setups, you do not have to connect the new device before removing the old one). Again, because ZFS is both the Volume Manager and the File System, the resilvering process is faster, because only data that is actually in use needs to be written to the new device.

Round Up:

The Techie Geek – Episode 92 – Show Notes

without comments

Written by Russ Wenner

October 16th, 2011 at 5:13 pm

Ultimate File Server | TechSNAP 25

without comments

post thumbnail

Coming up on this week’s on TechSNAP…

Have you ever been curious how hackers pull off massive security breaches? This week we’ve got the details on a breach that exposed private data of 35 millions customers.

Plus MySQL.com spreads custom malware tailored just for your system, and the details are amazing!

On top of all that, we’ll share our insights are setting up the ultimate network file server!


Direct Download Links:

HD Video | Large Video | Mobile Video | WebM | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Show Notes:

South Korea’s SK Telecom hacked, detailed forensics released

  • Between July 18th and 25th, SK Telecom’s systems were compromised, and all of their customer records (35 million customers) were compromised. The records included a wealth of information, including username, password, national ID number, name, address, mobile phone number and email address.
  • The attack was classified as an Advanced Persistent Threat, the attackers compromised 60 computers at SK Telecom in total, biding their time until they could compromise the database. Data was exchanged between the compromised computers at SK Telecom, and a server at a Taiwanese publishing company that had been compromised by the attackers at an earlier date.
  • The attack was very sophisticated, specifically targeted, and also seems to indicate a degree of knowledge about the the target. The well organized attackers managed to compromise the software updates server of another company (ESTsoft) who’s software (ALTools) was used by SK Telecom, then piggyback a trojan in to the secure systems that way. Only computers from SK Telecom received the malicious update.
  • The attackers send the compromised data through a number of way points before receiving it, masking the trail and the identities of the attackers. A similar pattern was seen with the RSA APT attack, the attackers uploaded the stolen data to a compromised web server, and once they had removed the data from there, destroyed the server and broke the trail back to them selves.
  • Proper code signing, or GPG signing could have prevented this
  • Original BBC Article about the attack

Mac OS X Lion may expose your hashed password

  • The Directory Services command allows users to search for data about other users on the machine. This is the intended function.
  • The problem is that the search results for the current user also include sensitive information, such as the users’ password hash. You are authorized to view this information, because you are the current user.
  • However, any application running as that user, could also gain that information, and send it back to an attacker.
  • Using the hash, an attacker could perform an offline brute force attack against the password. These attacks have gotten more common and less time consuming with the advent of better parallel computing, cloud computing and high performance GPGPUs.
  • My bitcoin mining rig could easily be converting to a password hash cracking rig, especially now that the current value of bitcoin is sagging. If there were a big enough market for cracking hashed passwords, there are now a huge number of highly specialized machines devoted to bitcoin that could be easily switched over.
  • The tool can also allow the current user to overwrite their own password hash with a new one, without the need to provide the current plain text password. This means that rather than spend time cracking the password, the attacker could just change the current users password, and then take over the account that way.
  • These attacks would require some kind of exploit that allowed the attack to perform the required actions, however we have seen a number of flash, java and general browsers exploits that could allow this.
  • The current recommended work around is to chmod the dscl command such that it can only be used by root
  • Additional Article

MySQL.com compromised, visitors subject to drive by infection

  • The MySQL.com front page was compromised and had malicious code injected in to it.
  • The code (usually an iframe) caused a java exploit to be executed against the visitor. The exploit required no interaction or confirmation from the user. This type of attack is know as a ‘drive by infection’, because the user does not have to take any action to become infected.
  • Two different trojans were detected being sent to users, Troj/WndRed-C and Troj/Agent-TNV
  • Because of the nature of the iframe attack, and the redirect chain the attackers could have easily varied the payload, or selected different payloads based on the platform the user was visiting the site on.
  • There are reports of Russian hackers offering to sell admin access to mysql.com for $3000
  • Detailed Analysis with malicious source code, video of the infection process
  • Article about previous compromise
  • When the previous compromise was reported, it was also reported that MySQL.com was subject to a XSS (Cross Site Scripting) attack, where content from another site could be injected in to the MySQL site, subverting the browsers usual ‘Same Origin’ policy. This vulnerability, if not repaired, could have been the source of this latest attack.

Feedback:

Continuing our Home Server Segment – This week we are covering file servers.
Some possible solutions:

  • Roll Your Own (UNIX)
  • Linux or FreeBSD Based
  • Install Samba for SMB Server (allow windows and other OS machines to see your shared files)
  • Setup FTP (unencrypted unless you do FTPS (ftp over ssl), high speed, doesn’t play well with NAT, not recommended)
  • Configure SSH (provides SCP and SFTP) (encrypted, slightly higher cpu usage, recommended for Internet access)
  • Install rsync (originally designed to keep mirrors of source code and websites up to date, allows you to transfer only the differences between files, rather than the entire file) (although it is recommended you do rsync over SSH not via the native protocol)
  • Configure NFS (default UNIX file sharing system)
  • Build your own iSCSI targets (allows you to mount a remote disk as if it were local, popular in virtualization as it removes a layer of abstraction. required for virtual machines that can be transferred from one host to another.
  • Roll Your Own (Windows)
  • Windows provides built in support for SMB
  • Install Filezilla Server for FTP/FTPs (Alternative: CyberDuck)
  • There are some NFS alternatives for windows, but not are not free
  • There is an rsync client for windows, or you could use cygwin, same goes for SSH. Similar tools like robocopy and synctoy
  • FreeNAS
  • FreeBSD Based. Provides: SMB, NFS, FTP, SFTP/SCP, iSCSI (and more)
  • Supports ZFS
  • Chris’ Previous Coverage of FreeNAS:
  • FreeNAS, IN DEPTH
  • FreeNAS Vs. HP MediaSmart WHS
  • FreeNAS vs Drobo

Round Up:

Bitcoin Blaster:

FreeNAS vs Drobo

without comments

The final round up of contenders against FreeNAS. How does it all stack up? Watch to find out!

LINKS:
Drobo Review: http://hex.io/4qx
FreeNAS Review: http://hex.io/4tk
FreeNAS V. HP MediaSmart: http://hex.io/4qx
Drobo FW800: http://hex.io/5c0
Our Store: jupiterbroadcasting.com/store

You can watch this video’s embed, or download one of the many formats below:

  • Subscribe to the IN DEPTH RSS Feed
  • Catch videos as they are released over at our YouTube channel
  • Written by chris

    January 29th, 2009 at 2:31 pm

    FreeNAS vs. HP MediaSmart WHS

    without comments

    How does the open source FreeNAS stack up to the commerical Windows Home Server based HP MediaSmart? Find out in this battle to the bits!

    LINKS:
    Drobo Review: http://hex.io/4qx
    FreeNAS Review: http://hex.io/4qy
    HP MediaSmart: http://hex.io/4rr

    You can watch this video’s embed, or download one of the many formats below:

  • Subscribe to the IN DEPTH RSS Feed
  • Catch videos as they are released over at our YouTube channel
  • Written by chris

    January 24th, 2009 at 10:30 pm

    FreeNAS, IN DEPTH

    without comments

    Chris covers the powerful software that can transform an old PC into a full blown NAS, and talks about some of the great services and features that you may not know about!

    Links for this week’s episode:
    FreeNAS: http://www.freenas.org

    IDE to CF Adapter: http://hex.io/49k
    You can watch this video’s embed, or download one of the many formats below:

  • Subscribe to the IN DEPTH RSS Feed
  • Catch videos as they are released over at our YouTube channel
  • Written by chris

    January 21st, 2009 at 1:05 pm