Date: February 23rd 2010

METTLE NEWS
[News letter on Mettle(tm) brand of products; Industry updates, Tips and Case
studies]

February 2010
Volume 3, Issue 2


In this issue:
* IT Industry news: Hacker attacks from China
* Tip of the month: Traffic Graph
* Mettle SE feature: Time-based Firewall Rules
* Case Study


Greetings,

Presenting you yet another edition of Mettle News with more tips, news and case studies.

To thank your patronage and to celebrate the completion of one year of Mettle News, we are giving out
Mettle(tm) goodies to Mettle News readers. To get yours, just send an email to goodies@mettle.in saying hello.

This edition presents you a Mettle SE tip that explains how to use the traffic graph facility to troubleshoot
and analyse WAN/Internet traffic in real time.

Time-based firewall rules are handy when it comes to transparent enforcement of organisational policies.
Feature of the month explains how to do this in Mettle SE.

Case study of the month explains how Mettle SE helped a premier University in the country to secure and manage
their fairly complex campus LAN using Mettle SE.

As usual, we expect your feed back and suggestions to improve Mettle News. Requests for HTML version of this
news letter is being considered. Soon you will have the option of opting HTML version if you like it.

Yours truly,
Editor, Mettle News
(mettlenews@mettle.in)


* IT Industry News: Hacker Attacks from China *

Last month Google announced that it had been the target of a highly sophisticated hack attack against its
corporate infrastructure. Google said that hackers had stolen intellectual property and gained access to the
email accounts of human rights activists. This attack, according to Google, originated from China.

It has been reported that Google managed to gain access to a computer in Taiwan that was suspected of being
the source of the attacks. Probing inside that machine Google engineers found evidence of attacks not only at
Google but also at 33 other companies including Adobe Systems and Juniper Networks. Adobe acknowledged in a
blog post that it discovered on 2nd January that it had also been the target of a “sophisticated, coordinated
attack against corporate network systems managed by Adobe and other companies.”

The attackers used a dozen pieces of malware and several levels of encryption to burrow deep into the bowels
of corporate networks and obscure their activity. The encryption was supposedly highly successful in obscuring
the attack and avoiding common detection methods. Even though China has denied that it has anything to do with
the hacker attacks, experts believe that the attack might have been supported by Chinese Government agencies.

Once the attackers were in systems they siphoned off data to command-and-control servers in Illinois, Texas
and Taiwan. Alperovitch, VP of threat research at McAfee, wouldn’t identify the systems in the United States
that were involved in the attack but reports indicate that Rackspace, a hosting firm in Texas, was used by
hackers. Rackspace disclosed on their blog that they inadvertently played a very small part in the attack.

http://www.nytimes.com/2010/02/19/technology/19china.html?em
http://www.wired.com/threatlevel/2010/01/operation-aurora/#ixzz0frmLPVlU


* Tip Of The Month: Traffic Graphs *

Mettle SE provides you with a solution to view network traffic on any of the Interfaces in real time. Traffic
graphs in SVG (Scalable Vector Graphics) format is being rendered constantly live showing the traffic flow of
the selected network interface.

To view Traffic Graph go to: Status --> Traffic Graph

Choose which interface to view from the Interface drop down list. When you select an interface, the page will
automatically refresh and start displaying the graph. Traffic graph is a quick tool that helps to analyse the
network speed and find out if any link is showing unexpected traffic.


* Mettle SE feature: Time-based Firewall Rules *

Time-based rules allow to set up firewall rules that come into effect only on specified days and/or time
period. The schedule determines when to apply the rules specified.

To configure a Schedule go to:

1) Firewall --> Schedules --> Click on the '+' (Add) button
2) Enter a Schedule Name of your choice containing only letters and digits

Now specify schedule:

3) A schedule can apply to specific days of a month or days of the week
4) To select any given day within the year, choose month from the drop down list and click on specific days on
the calendar.
5) To select for any day regardless of the month click on Mon, Tue, Wed, Thu etc. This will make the schedule
active for Mondays, Tuesdays, Wednesdays etc.

Defining Time Range:

6) Select the Schedule start and end time in Hours and Minutes from the drop down box.
7) You may enter a Time Range Description for ease of understanding.
8) Click 'Add Time' once time range has been selected.
9) You can add more than one time ranges. You may use same time range for identical days and another time
range for each day with different times (For e.g. Working hours on Monday to Tuesday might be from 9Am to
5Pm and on Saturdays it might be from 9Am to 2Pm).
10) Save the changes once defining Schedule has been completed.

Using the Schedule in a Firewall Rule:

11) Create a Firewall Rule as you would normally create to allow or deny particular traffic.
12) Inside Firewall Rule editing page you can find the 'Schedule' heading and a drop down list box next to it.
13) Select the Schedule you have created from this drop box.
14) Configure the rest of the Firewall settings and Save the configuration.

The Firewall Rule you have now created would be active during the Schedule you have defined.

See the Mettle Knowledge article: http://kb.mettle.in/entry/49/


* Case Study *

Vertical: Education/Campus
Geography: Trivandrum, Kerala

Client Profile:

This client is the oldest University in the state of Kerala, established in the year of 1937 in the then
Travancore state. The University has sixteen faculties and 41 departments of teaching and research and there
are around 157 affiliated colleges under the wings of the university. The University Departments offer a wide
range of teaching and research at post-graduate and higher levels.

Problems to be solved:

Campus is connected to the Internet by multiple ISP links to satiate the demand for high bandwidth
necessitated by large number of computers requiring Internet connectivity. Unequal bandwidth ISP links are
deployed at the campus. Load balancing two ISP links is to be implemented taking care not to over saturate the
link with lower bandwidth. College campus network was not secured from Internet borne virus attacks and
threats since they do not have a gateway anti virus solution. To keep the campus network from offensive and
inappropriate content, content filtering is to be implemented. Students and faculties rely upon video feeds as
a part of their curriculum and such content has to be accessed from the campus network. Servers hosted in the
campus running public services have to be made accessible from the Internet.

Solutions built up with Mettle SE are classified into the following sections:

a. Terminating redundant ISP links with fail over and load balancing
b. Firewall, Gateway Anti-virus and Content Filtering
c. Port Forwarding

a. Redundant ISP links

Internet connection to the campus is provided by two ISP links. These two links are of unequal bandwidth, one a
higher bandwidth link and the other comparatively lower in bandwidth. Both links are terminated at Mettle SE
and configured in a load balanced set up. ISP links being of different bandwidth, Mettle SE has been
configured to pass proportionately more traffic through the broader link and direct less traffic through the
narrow bandwidth link. Load balancing is set at a ratio of 4:1. Such a set up has been implemented to ensure
the best possible utilisation of the links.

With load balancing enabled, automatic fail over mode is also active. If an ISP link goes down Internet
traffic is diverted over to the active link. Though browsing speed will be proportionately lower one of the
link goes down, Mettle SE will keep the campus connected without interruption. Once the ISP link is back up
Mettle SE adds it back into the load balancing pool.

b. Firewall, Gateway Anti-virus and Content Filtering

Campus network at the time of deployment did not have an effective gateway anti-virus system, firewall and
content filtering service. With Mettle SE the the aim was to provide maximum security for the campus network
with Mettle SE's inbuilt Firewall, Gateway Anti-virus system and Content Filtering services. Campus LAN is
divided into two different subnets based on the security and management requirements. Main network is the
campus LAN and the smaller network is the DMZ network.

Mettle SE's firewall secures the LAN from unauthorised access from other networks. Firewall rules combined
with Aliases feature in Mettle SE enables restricting unauthorised access to resources hosted in the LAN and
DMZ network with ease. Public servers are hosted behind Mettle SE's Firewall to protect them from Internet
borne threats and attacks.

Mettle SE has an inbuilt Gateway Anti virus engine which filters all viruses and worms coming from the Internet
before it reaches the local area network. The Gateway Anti-virus engine inside Mettle SE automatically
maintains an up-to-date virus definition without user intervention. This helps to identify and quarantine most
viruses propagating over the Internet. Thus Mettle SE Gateway Anti-virus goes a long way in keeping the campus
network safer from viruses and malicious codes.

University wished to implement an Acceptable Usage Policy (AUP) with the aim of enforcing effective Internet
usage in the campus. Best way to enforce such a policy is to enforce it at the point of presence of ISP links,
which helps to filter out content before it reaches the local network. With Mettle SE implementing AUP was
made easy. Mettle SE was configured to block certain types of web sites and web resources that goes against
University's general policies and websites which allow Internet users to circumvent usage policy. Mettle SE's
White List and Grey List feature allows complete exclusion and partial exclusions of web sites respectively.
If a particular website is white listed, it will not be scanned and thus the website access will be faster for
the user. If a website is Grey listed then the website will be scanned and if that website content falls
within the AUP it shall be allowed. Black listing a website is possible and doing so those websites will be
blocked.

c. Mettle SE for Port Forwarding

The institution hosts several servers in the local network which needs to be accessed from the Internet by
authorised users and general public. These servers are hosted behind Mettle SE and protected from hacker
attacks and viruses. To make these servers available on the Internet Mettle SE uses port forwarding which
translates the the local IP address assigned to the servers to a public IP address for a specific port or set
of ports.

Conclusion:

Mettle SE enabled the University to provide high quality Internet and Internet enabled services in the campus.
Mettle SE is the secure gateway for their connections to public networks and secures the servers and computers
in the local networks. Mettle SE does bandwidth aggregation of two unequal bandwidth WAN links with load
balancing providing the campus with high bandwidth and redundancy.



--
We would like to receive feedback regarding the content of this newsletter and
request for articles. Please send in your valuable suggestions to
mettlenews@mettle.in.

--
Mettle and Linuxense are trademarks of Linuxense Information Systems Pvt. Ltd.
Other trademarks belong to respective owners. 2008 (C) Linuxense Information
Systems Pvt. Ltd. All rights reserved.