My Favorite Technologies and Protocols

Based on the title of this post, you can guarantee that I've got to be one of the biggest friggin' nerds the world has ever seen. The bottom line here is that I love technology. Almost every aspect of (GOOD) technology fascinates me to no end.

My latest project that I am working on is a security-related idea of mine. My desire is, on my home network, to lock it down tighter than good ol' Fort Knox (tired on that expression yet?).  Yes, networking is probably my favorite part of computer systems. My grand idea this time is actually quite simple: implement 802.1x on my wireless network (check that one off!), get rid of Pre-Shared Key authentication (work in progress) and implement 802.1x on my wired network (work in progress). This completely prevents any unauthorized access to my network, thus protecting my data (or not).

Now another very simple method of protecting your data is permissions. First and foremost, whenever I setup a server, I always remove that damned entry in the list labeled "Everyone" as this effectively locks everyone out. To grant a user (or group) access to read/write/modify, simply add the user (or group if it's a larger environment so you don't have to add thousands or more individual entries) and grant them the most restrictive permission possible for them to do their job, but to also protect your crucial data. NTFS permissions are usually enough to ensure that only authorized people access data, but I don't stop there. I go a step further and remove "Everyone" from the share permissions (because I do lots of inter-network file sharing) and manually add specific users (groups) to have permissions.

To make sure my data and network are safe, I am actively snooping around my network as a lower-privileged user to look for holes. Since I'm using a basic user account and I have the knowledge of what is where, I can find flaws and turn around and patch them. 

Hopefully more to come later as I discover more and more technology!

Free Open Source Ghost (FOG)

I know that I haven't been religiously updating this blog or even checking it that much, but I am in a caffeine-fueled good mood right now, courtesy of my poison of choice: Mountain Dew. I want to talk about one of the best tools that I have found when it comes to managing massive amount of computers: FOG. It stands for Free Open Source Ghost, taking a poke at Symantec’s classic Ghost software. What’s so great about a free program? Absolutely everything. Let’s dive right in.

FOG, originally released on SourceForge.net on 8-29-2007,is a lot better than you would think (your thoughts probably courtesy of “You get what you pay for”) considering what it has available in it. A basic summary of what it can do: disk cloning, software deployment, memory testing, disk wiping, disk testing, antivirus and basic inventory, all wrapped up with a nice web GUI. Now that I’ve got your attention, I would like to go a little further in-depth with my favorite function.

Disk cloning. This is my favorite feature of FOG by far. Basically, you create one master image of a disk drive and you can deploy it endlessly to an unlimited number of machines, as long as they are of the exact same hardware configuration. If you’re not sure what you’re doing, don’t even attempt to deploy image A to computer type B, or however you want to phrase it. Windows doesn’t like that too much. So this process is done with a tool called PXE (pronounced “Pixie”) which allows a computer on a network to boot from a very slimmed-down operating (usually WinPE or PXElinux) and be configured from an image that sits on a server, or a fresh install of an operating system. I use PXElinux because it comes with FOG and requires no additional configuration. As I write this blog post, I am installing Windows 7 to show how FOG works. Keep this in mind, however: I am using a trial ISO of Windows, so I’m not installing it over the network; rather, I am using a “virtual CD” if you will:

Installing Windows 7 Enterprise on a VirtualBox Virtual Machine.

Now that it has finished installing and I have a fresh, working copy of Windows 7 to play around with, let's upload an image of it to FOG:

FOG login page.

Windows 7 VirtualBox Virtual Machine Booting from PXE.

FOG saving the Windows 7 image to the server.

One thing that I've noticed in the professional IT world over the past few years is that most mass-deployment tools that cost thousands and thousands of dollars, yet they still lack one feature that I love a lot: the web-based GUI! These programs require you to install a console application to whichever machine you want to use to control the deployment on machines, and it's usually not a small install (a few hundred MB, in my experience). A web-based GUI is a heck of a lot easier: just point your (already-installed) browser to the web server hosting your FOG installation and you're good to go. Granted, this method isn't the most secure, but if somebody can manage to crack a password stored on a remote computer, chances they are good enough to crack a Windows-based administrator password protecting your console software, too. This poses a question to consider: why make it harder on yourself if hacking is still a possibility? More importantly, shouldn't YOU as an IT professional know to use really strong passwords? :)

Ultimately, FOG is without a doubt the best software to use for cloning machines, if for nothing else the price alone.

To be fair, there is one major flaw with FOG: it's darn-near impossible to backup your configuration. Simple fix, though: virtualization. I use VirtualBox for hosting my virtual machines (if you couldn't already tell, based on the screenshots and me saying it so much). This makes backing up your FOG Installation very simple. Copy the VirtualBox files to another server and an external hard drive. Simply pull out your backup if anything goes wrong. After all, that's what backups are for, right? ;)

Enjoy and have a great day!

P.S. Need help with FOG or need more information? Leave a comment and let me know! I'd be happy to see what I can do to help.