Category Archives: General Technology

CCNP Wireless – Not for the Faint

I recently had the privilege of reviewing some CCNP Wireless material. Although my CCNA expired a long time ago, I’ve worked with a lot of CCNP’s, CCIE’s, and Cisco gear (including wireless) over the years. I expected the material and content to be similar to other Cisco material I’ve read/studied. I have a CCNP Study Course sitting on my desk, if I can ever get to it.

Anyway, after reviewing the syllabus for CCNP Wireless, I can honestly say that you’re a Cisco Wireless Guru if you can pass all four of the exams without doing at least one cram course or buying the soon-to-be on-the-market Study Guides. You’ll need some strong experience and a good instructor to tackle this beast.
Read more…

iPhone: Hacker’s Choice Award

Techie-type folks have been using MAC PowerBooks for years because OS X gives them access to a UNIX operating system and a very functional GUI in a secure little package.

It seems logical the iPhone would make a great penetration testing or security assessment tool and if the good guys use them, it stands to reason the bad guys are too! Why couldn’t the iPhone be a hacker’s choice for mobile hacking platforms?

Except for Windows Mobile, most phone operating systems are unique to the manufacturer. The underlying firmware is often ARM-based but the popularity of hacking ARM devices isn’t there. This uniqueness is one of the major reasons why cellular phones have not seen the same level of malware target them that targets PCs, to date. The iPhone brings to the hacker a mobile UNIX hacking platform much more discrete than those shiny PowerBooks or plastic looking iBooks. It definitely costs less than a PowerBook or an iBook; granted it doesn’t have the same processor, RAM, or hard disk capacity, but attack code created on the iPhone and the ability to hack other ARM-based devices from the iPhone could open the doors for new attacks on existing mobile devices.

More hacking info over at Metasploit, one of my favorite penetration testing tools, and over at TUAW.

iPhone: Hacker Friendly

When Apple unveiled the new iPhone, hackers, crackers, marketing types, and media outlets alike salivated; oh techno-enthusiasts aka customers too!

It is no surprise that the iPhone has been center of numerous attempts to crack, hack, subvert, reverse engineer, and otherwise decipher the software, hardware, architecture, and interfaces. After all the iPhone represents the greatest advancement in phone technology since… hmm, I’ll have to get back to you on that one. 

Steve Jobs is quoted in a Fortune magazine articleas saying that the iPhone will change the phone industry and I think he’s right but I don’t think it has changed in the way he is intending. The hype and appeal over the iPhone is amazing. Security “experts” have been saying for years that mobile devices aka cell phones are the next hacking platform and these new mobile viruses (virii — eek!) could disrupt or disable entire cellular networks.  The iPhone introduces a new twist to the mobile malware argument because the underlying operating system in this case is universally available and accessible. The cute, sophisticated, secure operating system found on those impressive 24″ iMacs, dual-core Intel PowerBook Pros, and amazing MAC servers is at the heart of the iPhone.

The bugs, flaws, exploits, and vulnerabilities of MAC OS X have always been minimized or defeated because MAC OS X doesn’t run everything as the Administrator like Microsoft Windows, according to Apple website on MAC OS X Security Architecture:

Many people find that Windows-based PCs are unusable unless they use the admin account, which exposes their PCs to attack. The Mac OS X default configuration, in contrast, guards against shady characters who could so easily take control of your system. 

eWeek reported the iPhone apparently runs every program and process with root or Administrator privileges, based on information posted on the Metasploit Official Blog (Metasploit Project).The iPhones apparently mimic the simplicity Microsoft Windows versions enjoyed for years: run everything as Administrator or Super-user.  Who says Bill Gates’ investment in Apple isn’t paying off!

Now the iPhone can make even more headlines!

Silent Server? HTPC-based option

I recently built a server for a client who required server performance and reliability without the roar associated with popular rack-mounted servers of today; of course there was a price restriction of $1000.

 The server needed to provide basic file serving and run FileMaker(cringe) for 5 users and some factory automation devices, we agreed to tackle web hosting and email another day. I thought it would be a great opportunity to find a good looking HTPC-style case and turn it into a server. The problem I foresaw was cooling; could I get ample cooling for a server in an HTPC-style case? The major heat producers would be the CPU and hard drives, since I expected to use onboard video. Airflow would end up being the key design consideration because the airflow must be sufficient enough to remove heat but not be so forceful as to produce the roaring accompanying most servers available on the market today.

After building a number of custom PCs over the years, including some water-based gaming rigs, I knew I was looking for something with large fans, plenty of vents, and reasonable airflow. One of my favorite online retailers is Directon; they have always done me right. I also like NewEgg because ZipZoomFly did me wrong several times in their prior incarnation. eWizhas also had some amazing deals in the past and great response to questions and support issues. I began my search by looking at the top selling chassis from each of these online retailers and by reading reviews at HardOCP and Anand Tech for available products.

I opted for a vertical style desktop / HTPC-like chassis after reading about the design details of the Antec NSK-2400. I have been around rack-mount servers for a long time and the initial pictures of the NSK-2400 reminded me of a rack-mounted server chassis’ cooling pattern. I was very impressed with the vent hole location, partitioning of the airflow, and location of the two 120mm fans. I then came across this article at SilentPCReview and knew I’d found THE chassis, complete with an adjustable partition for directing airflow!

The SilentPCReview article discusses the design details that went into the NSK-2400. The chassis is black with a silver front-bezel with sound dampening mountings. The chassis looks very sleek and measures almost 18″ wide and 3U tall, so this opened new options for mounting the server with the networking equipment as opposed to locating the server under someone’s desk. The NSK-2400 is exceptionally quiet and offers solid cable management options to maintain airflow. The chassis not only runs quietly, it also looks good – which is often a boost when working with small and medium sized customers who want to show off their “flashy, quiet” server to clients and friends.

The only downside at this point is the form-factor, I would need a server-grade micro-ATX motherboard. Back to the review sites and forums I go!

I ended up placing the NSK-2400 underneath the Cabletron LAN switch we purchased, along with the firewall. The server looks great and moves plenty of air to ensure even the Cabletron switch is getting cooled.

Stay tuned for pictures, components, and testing.