Google Chrome Pilot Program
Posted by clamasters in blog on February 9, 2011
A few days ago I received a pretty new Google Chrome Notebook model CR-48. I was, completely caught off guard by a very nicely packaged device sitting the table when I got home. I still had no idea what I was because I forgot that I signed up for this program. Ecstatic doesn’t quite cut how happy I was when I discovered what it was. I was actually selected as a Google Chrome Notebook pilot user. I doubt this is a rare thing, however I almost never get selected to test stuff that I think is cool.
So far the experience has been pretty good. When I first booted the system, I had a bit of a hard time connecting to my wireless. I have a WRT-160N running DD-WRT with WPA2 AES/TKIP enabled. I reconfigured it to just TKIP and it seemed to work after that and then I was able to login and get the notebook updated. Pretty neat that EVERYTHING is handled under Chrome.
My wife said it’s the perfect computer for her. It’s small and light enough to take around the house and we pretty much use Google Docs exclusively for document creation and sharing. We both use Hulu for video’s, Picasa for photos and I use WordPress for blogging. I have not found a telnet/ssh client for the browser yet so I may take a stab at creating one or finding someone who can. Since I’m a network engineer, this is an essential function for me. I’m happy to see the Cisco ASA Clientless SSL VPN now supports Chrome as a browser since that will be my primary view into my work network.
I’ll put up some more posts as time goes on about the use of the Google Chrome Notebook CR-48.
New Chapter – all systems go.
Posted by clamasters in blog on February 9, 2011
Well, it has been over a year since I have last posted something worthwhile and I feel a little bad about that. Even if nobody is reading this, I use it to help me remember things that I know I’ll need later. So if I haven’t posted in a while then I’ll probably forget everything I’ve learned over the last year 
. Hopefully not.
OK, so a few new things have happened. My daughter, Kacy was born 8/24/2009 and is now the fire in my life…literally she makes me burn inside with love, anger, cheer, fear, and laughs. She’s pretty awesome. My wife who stays at home with her has been very patient and we are now making good progress towards potty training.
I am now employed at KeyOn Communications, Inc as the Sr. Network Engineer. I updated my about me section so you can check some details there, but in short, I’ll be posting some things up here about what I’m doing at work. This change is bigger than it sounds. I used to work in SMB/SME systems where I was the “go to” person for everything under the sun. Servers, Exchange, Outlook, Quickbooks, etc…you name it, I had to support it. Now, I get to focus on something and move away from the “Jack of All Trades, Master of None” mentality to finally becoming an expert on something…and I feel GREAT… Working for a smaller ISP that is growing pretty rapidly, I think, is the perfect place for me.
I now have my CCNA. This took me 6 years too long to get. I should have taken it while I was in the Marine Corps but didn’t, then I feel into two jobs that didn’t care one way or another…therefor I took the path of least resistance…not anymore. Now I am working towards my CCNP and then off to CCIP and CCIE in time.
</update> Until next time…
Terminal Server Aware Web Proxy Server with pfSense
Posted by clamasters in Microsoft, pfSense on March 17, 2009
At work, I have a client that was requesting the ability to monitor/block sites that their users were visiting. This is traditionally quite easy with just a squid proxy server or a Barracuda Web Filter but they really didn’t want an extra server to be installed during this process AND they were using a terminal server.
I started looking for server side applications that I could install and just have the admin pull the data from there, however, the costs I was finding were a bit too much. I setup a pfSense in a quick lab to demo this up. After installing pfSense on some old hardware, did a basic configuration of the box, and then installed the Squid proxy package. I configured this to be a traditional proxy where I had to send traffic on a specific port, and the user was required to login. That was really the trick to get the terminal server users broken apart. I know it could probably use a little masaging with NTLM authentication or some other clean mechanism but for the lab and the purposes of this client, this hit the mark for a great price.
I did mention that they did not want to install new hardware during this process, but the knew they needed to upgrade their Linksys “router” that was currently firewalling their network. I am once again impressed with the flexibility and ease of use that pfSense gives you. I truly only have 1 complaint about the system at all but it has nothing to do with this and as I understand it, that feature has been added in pfSense 2.0. The management of OpenVPN clients/certificates is somewhat of a nightmare for large installs unless you use a single certificate for all users (not recommended).
Cisco – tcp-small-servers and udp-small-servers
Posted by clamasters in blog, Cisco on February 19, 2009
For some truly unknown reason, Cisco’s devices still have support for “small servers” or “simple services”. Examples of these include echo, chargen, daytime and discard. An attacker could possibly start a denial of service attack (DoS) against one or more network devices with those configured. In this case; echo and chargen are to blame by allowing an attacker to cause the chargen service to hit the echo services causing an endless loop of character generation and echo between the two hosts. To disable this, simply enter the following commands:
configure terminal
no service tcp-small-servers
no service udp-small-servers
These commands can be run on nearly all IOS based Cisco equipment.
Cisco Switching – switchport nonegotiate
Posted by clamasters in blog, Cisco on February 19, 2009
Dynamic Trunking Protocol (DTP) is a standard feature of Cisco switches and allows two switches to dynamically configure interfaces interconnecting each other to be trunked ports. DTP has 5 modes; Auto (default), On, Off, desirable and nonegotiate. These 5 modes all have a purpose. I have layed out the groundwork below:
- auto – The default setting allows the port to willingly convert to trunking, however, the port will not trunk unless the neighbor is set to on or desirable. When two switches are connected together and set for auto, they will NOT trunk.
- on – This setting forces the port to be a trunk regardless of the neighbor’s settings.
- off – This setting forces the port to not trunk, even if the neighbor is set to on.
- desirable – This causes the port to attempt to become a trunk, however, the neighbor would have to be set to on, desirable or auto.
- nonegotiate – This setting, forces the port to be a trunk but disables DTP frames between the two switches. This is useful when you are working with non-Cisco equipment and just want to ensure that the ports won’t do anything you do not want them to….this is my preference.
To configure this on your switches, issue the following:
configure terminal
interface g1/0/49
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
Hopefully this was somewhat worthwhile. It is very basic so I apologize but this is the easiest way to give you the needed information without boring you to death