Matthew Buck’s Blog – Principal Engineer at RatwareUK

If I could have a pound for every time I’m meeting a new client and they ask “Can we have a wireless network, instead of a wired one?” we’d be a) rich and b) doing a serious mis-service. If everyone was as familiar with the words “virtualisation” as they are with “wireless” we’d be very happy. I guess it’s because people have wireless networking thrown at them by TV adds, ISPs and their savvy, computer-addict children. Why can’t people request virtualisation?

Today RatwareUK decided that, unless there was a specific technical circumstance against it, virtualisation was from now on, going to be the preferred solution we push to SMEs. VMware, memory and processing power have come a long way since I used to run Linux through a VM window on my home PC almost a decade ago. Now VMware is a credible and widespread solution, providing a multi-server deployment on minimal hardware and revolutionising IT support, security and provisioning. Within an SME context it consolidates everything and gets rid of the need for complex restoration processes and the constant up-hill support battle present on a multi-OS client environment. Virtualisation kills the need for complex group policy work, scripting and client upgrading. It pools your resources and configuration into one place.

I’m unsure what’s next for virtualisation. Maybe transferring your virtual machine solution from your office, to your hosting company’s cloud?

IT professionals have simply ignored Vista. Windows 7 could now change everything.

I was thinking the other day about Windows 7.  It was only released in the back end of October, however, with Vista being such a flop, it dawned on me that Windows 7 will, by virtue, be the biggest change in business user experience since 2001. That’s almost a decade. You may dismiss this and believe that Vista bridges the gap between XP and Windows 7 and this isn’t really big news, but it doesn’t and it is big news.

Think about it. Although new domestic PC sales have pushed Vista as the “number one” OS and ditched XP, most business IT professionals have refused to deploy Vista. An ideology so stubborn that it has caused Dell Commercial to continue selling XP Professional, alongside Vista to this day. In the history of Microsoft, this has never happened before. Also, the statistics for operating system market share state that XP peaked at 76.1% in 2007. That’s 76.1 percent of the world’s computers running Windows XP. In 2008 this market share is said to have grown to over 80%. This is telling, especially considering it’s two years into Vista’s release, and I bet this percentage is even greater when you consider just commercial networks on their own.

I was chatting with my colleague and we recall commissioning just one Vista machine since its release in 2006. And guess what? This was by accident! (We messed up the order with Dell). Adding insult to injury, we refused to join it to the domain and booted it straight into a terminal server window, providing a 2003 style user-experience. XP is just so much nicer for the “domain experience”.

So although you may have been using Vista at home for some time, don’t forget that at work your PC is more than likely XP Professional. And, as first reviews of Windows 7 are extremely positive and the door has finally closed on the Vista debacle. Techies all over the world are lifting their noses out of their Cisco manuals and evangelizing Windows 7. As XP completely bypassed Vista in the commercial world. A huge change is definitely upon us.

Dell have launched a brand new product range aimed at the serious professional and entrepreneur. It’s the Dell Latitude Z.

Aimed at professionals and equipped with enhanced mobile capabilities, this is the most exciting development from Dell in the last 12 months – I want one. Customers can view an independent article about the product here – V3.CO.UK

RatwareUK are Dell Premier Partners and we’re authorised to quote cheaper than Dell Online! Please contact us if you would like a price.

OK. I thought I’d stop twittering and do a blog post. I’m going to talk about a gateway solution we recently deployed for a customer – Untangle. I’m impressed. In brief, Untangle is a free, open source gateway solution designed to untangle the complex patch work quilt security solution that many network managers find themselves dealing with after a few years of running an expanding domain.

Installation

It’s essentially an out of the box Linux solution which can be installed on a relatively low specification machine with two network cards, bridging your LAN with the internet. In order to implement it on one of our networks, I took an old PC, jammed some more RAM into it, bought two new network cards and began the install:

The installation took approximately 20 minutes on our machine and required no Linux knowledge at all. If you understand the concept of network bridging, you’ll also fly through the setup wizard which asks you which network card is WAN facing, etc.

Configuration & Usability

Like many security devices that sit on your LAN, I expected that setup would be straightforward but that inevitably I would spend about a week tweaking the settings, ironing out all the false positives and getting Untangle running smoothly. This took me by surprise. I wasn’t – it took about 5 minutes and even better than this it has been running itself for a month!

The interface is graphical and the configuration again requires no Linux knowledge. It works on a drag-and-drop concept, where you can download and drop network devices onto a virtual rack. Some components you have to pay for, but the main and most useful ones are free.  I won’t bore you with the list, you can check it out here – Untangle Overview .

The interface is accessible from either the Untangle computer or via HTTP.  I’ve found it works much quicker via the web interface and obviously you’ve got full control over it from anywhere. I’m finding the Spam Blocker and Web Filter the most useful components, however this is because our requirement for these features is greater than anything else. Logging in today, the spam blocker has scanned 22,286 emails in 24 hours. 21,210 of these were rejected connection, some were quarantined and only 81 were passed through to mailboxes.

Users on the domain have also taken to their new spam quarantine like a duck to water. Each day, they receive an email digest linking to their Untangle quarantine. From there they can control their own whitelist/blacklist and release legitimate email caught up in the system. As Spam Blocker uses Spam-Assassin, Untangle learns automatically as it goes along. The process is so simple, out of approximately 70 users, I’ve had 2 queries on how to use the quarantine.

Conclusion

A very powerful, easily deployable and manageable security solution suitable for any SME network. I’m so impressed I have ditched Sophos Pure Message, providing the network with a better solution, with a saving of over £1,500 per year in subscription costs. It’s so good, I’m even thinking of decommissioning the networks hardware firewall, a Draytek 3300v.

Untangle is free (most of the components) and Untangle provide free updates. It is well worth some time to test it out.

Hello again. I felt guilty about not blogging here in a while and using twitter too much, so I thought I’d do a quick blog containing some pictures of the work we’d been busy with recently…

The above as pictured is unfinished, however it shows our ability to provide a high end, complete infrastructure install. The building was being renovated, so we installed 66 CAT5e points, one Avaya IPO phone system and two Dell PowerEdge servers providing virtualisation and redundancy. The complete package, all wrapped up in a RatwareUK custom server cabinet.

Network Installation

IT Relocation Case Study

Before I start, please understand that this is not a politically motivated post. I’m purely interested in the mechanics behind the Golden Shield Project or what’s known as the Great Firewall of China.

Since 2003, the Chinese government has imposed a mass censorship program on china’s internet activity; essentially cherry-picking and blocking communications in and out of the country.  Unfortunately, this series of firewalls stand between China and the rest of the Internet.

RatwareUK first met this problem some time ago, when one of our customers who deal with China were experiencing some serious and unexplained email lagging. On inspection, it’s reported that China uses various censorship methods, such as:

• Access to certain IP addresses denied. This causes issues, for example, where a blocked website resides on a virtual hosting server, all websites on that server are blocked. Quickly you’ve got a lot of blocked sites!
• DNS filtering and redirection (to prevent IP addresses from being found).
• URL filtering (to prevent access to websites with a specific domain name).
• Packet filtering (terminate packets with a specific keyword contained within).
• Connection blocking (if a previous TCP connection is blocked, future attempts from both sides are blocked for a period of time).

Chinese users can get around these issues, by using proxies, VPNs and other encryption methods. However, it does make the average user in China completely restricted to the authorities’ prescribed information.

You can see whether your website/domain name is outright blocked in China by using this handy tool – http://www.websitepulse.com/help/testtools.china-test.html . If it’s not blocked though, don’t be surprised if any communications with China are slow, as your data is filtered through some serious hardware!

It’s not often I recommend a company! RatwareUK have been dealing with BarTel for some time now through several of our clients and we’ve been extremely impressed with both their level of service and results. BarTel are a well established business, based in Bolton and are one of the only few remaining, independent telecoms companies in the UK.

Because BarTel buy wholesale from BT, they can provide cheaper business call rates, saving companies around 20-30% on their business calls! BarTel also provide:

• Business Broadband standard or guaranteed
• Line Installation copper, ISDN or fibre
• Low Cost Calls
• Telephone Systems

In our experience, it has been far more reliable, cheaper and a better level of service dealing with BarTel compared to BT. For more information:

Contact Chris at BarTel: chris.hinde@barkertelecoms.co.uk / 0800 195 9011.

OK, so this weekend I find myself in the situation whereby I’ve got a POP3 account that I need to check regularly whilst I’m on the move. At RatwareUK we’ve got a BES solution, so I thought about creating a forwarder on the target email server to my principal email address which would push it through MSExchange and via BES to my blackberry. I hate email forwarding though – and it’s probably unwarranted – but I’ve got hangups from dealing with companies whose email aliases are setup on an unfathomable web of forwarders. I guess I’m biased but I try to avoid them at all costs! Using my Blackberry, I wanted to connect directly to my additional POP3 mailbox:

Introducing LogicMail – free, open source – I’m impressed. Implementation took around 2 minutes and I did it directly from their website on my Blackberry. I’ve now got a fast and reliable POP3 client which allows me to relay out through an SMTP server of my choice. The client also integrates with my Blackberry address list and has a host of settings to customise identity etc.

Pull technology will never be as fast or reliable as Push and we all know BES is the best at this. However, LogicMail provides a really good and painless alternative solution. It got me thinking about future blog posts. I think one day I’ll have to do a post detailing BES vs Windows Mobile.

Sec52 provide active network security for companies concerned with the vulnerability of their network, servers or data.

Their standard host assessment consists of a monthly scan of a pre-defined IP/Server or subnet. The scan is performed via an automated and manual assessment of all the ports, services and web scripts that are present. A security report is then available detailing all the vulnerabilities and a suggested remedy to secure them. The security report also indicates statistics and a vulnerability trend from month to month!

For companies that have a strong brand to protect or process sensitive data, Sec52 can really help establish a security culture among developers and prevent successful attacks. For more information, find out the benefits of vulnerability scanning and take a look at Sec52’s superb sample security report .

I’ve been using Ubuntu 8.04 LTS on my personal laptop for sometime, I also have a 9″ Dell Netbook which is running a remix version of Ubuntu. I’m primarily a Windows user, but over the last couple of years I’ve used Linux on and off generally because it looks nice and costs nothing. I’m writing this blog entry because I’ve just upgraded my Dell laptop to Ubuntu 8.10 and I’m astounded.

With Ubuntu 8.10, they’ve made a fantastic operating system. This is coming from a Windows Professional. The upgrade from 8.04 to 8.10 was seamless and instantly the new Ubuntu 8.10 came to life, correcting its own upgrade issues and cleaning up files. It even indicated to me that some icons had changed in the upgrade and where I could find them in 8.10 . Ubuntu 8.10 even includes a fix allowing <h> tags to finally display properly in Firefox. Browsing is now very very smart.

I also noticed that now my WiFi connection LED flashes on and off when it’s transceiving data. This is a smart and useful feature which was never available when my Dell laptop was under the control of Microsoft Windows XP (which apparently it was designed for).

Is it that Ubuntu 8.10 is actually controlling my laptop’s hardware better than Windows? With Ubuntu 8.10 I can use Remote Desktop to communicate with my Windows terminals, connect to my office via a VPN and I can even use Outlook Web Access inside Linux’s Evolution mail client.

Enough said, see for yourself: Download and try Ubuntu on a LIVE CD