Date: March 31st 2010

METTLE NEWS
[News letter on Mettle(tm) brand of products; Industry updates, Tips and Case
studies]

March 2010
Volume 3, Issue 3


In this issue:

* Editorial
* IT Industry news: Websites that can take a punch!
* Tip of the month: Firewall States
* Mettle SE feature: RRD Graphs


* Editorial

Greetings!

We are at the closing of one more financial year. The year passing by was both exciting and troublesome for
many. But the year ahead seems very promising in the soaring economy. We wish all of our clients a prosperous
year ahead and hope to strengthen our relationships further!

This issue's Industry News examines how MIT succeeded in preparing Web sites can stand an attack.

Tip of the month this month features “Firewall States” in Mettle SE. Feature of the month column introduces
RRD Graphs in Mettle SE.

Once again all at Linuxense wish readers a prosperous year ahead!

Yours truly,
Editor, Mettle News
(mettlenews@mettle.in)


* IT Industry News: Websites that can take a punch!

The recent, well-publicised cyber attack on Google was just the latest skirmish in a long war. And like most
long wars, this one features an arms race, as hackers seek out new security holes, and web site administrators
try to close them.

When a web site is under attack, its only viable defence may be to take its servers offline, which in the
short term can cost them money in lost revenue and productivity and, in the long term, could hurt its
credibility. Indeed knocking a site offline may be an attackers’ sole intention.

MIT researchers have developed a system to keep web servers or any Internet-connected computers running even
when they’re under attack. The work was funded largely by the U.S. Defence Department. In a pair of tests
whose thoroughness is unusual in academia, DARPA hired a group of computer security professionals outside MIT
to try to bring down a test network protected by the new system. In both tests the system exceeded all the
performance criteria that DARPA set for it, says Martin Rinard the professor of electrical engineering and
computer science who led the research.

The MIT system during its operation, monitors the programs running on an Internet-connected computer to
determine their normal range of behaviour, and during an attack, it simply refuses to let them wander outside
that range. Suppose that a program running on a web server routinely stores data in one of two memory
locations - A and B. During an attack, malicious code tries to trick the program into storing data at location
C instead. The MIT system won't let that operation happen,it sends the data to either location A or location B.

Of course, the data may not be of a type that belongs at either of those locations. And the system will modify
behaviours that could be even more disruptive than data storage. At sites with large banks of servers the MIT
system gets several chances to find the best response to an attack. If storing at location A causes one server
in the bank to crash, the MIT system will tell the other servers to store it at location B, instead.

"The idea is that you've got hundreds of machines out there," Rinard says. "We're saying, 'Okay, fine, you can
take out six or 10 of my 200 machines.'" But, he adds, "by observing what happens with the executions of those
six or 10 machines, we'll be able to deploy patches out to protect the rest of the machines." The entire
process of recognizing an attack, testing a number of countermeasures and deploying the most effective ones
can take a matter of seconds.

Read the complete article at:
http://web.mit.edu/newsoffice/2010/web-attacks-0317.html


* Tip of the month: Firewall States

Mettle SE has a stateful firewall and uses one state to track each connection to and from the system. These
states may be viewed in the web interface.

To view the states go to Diagnostics --> States. Here you will see the protocol for each connection, its
Source, Router, Destination and its connection state. When viewing NAT entries the three entries in the center
column represent the system which made the connection, the IP address and port Mettle SE is using for NAT
connection and the remote system to which the connection has been made.

Individual states may be removed by clicking the 'X' button at the end of each row.


* Mettle SE Feature: RRD Graphs

RRD graphs are a useful set of data provided by Mettle SE. It keeps track of various sets of data and how the
system performs and stores this data in RRD files. To view RRD graphs go to: Status --> RRD Graphs.

Some graphs can be viewed in 'Inverse style' or 'Absolute style'. In the Inverse style the graph is split in
the middle horizontally, incoming traffic is shown as going up and outgoing traffic is shown as going down. In
the Absolute style graph is superimposed. Each graph is available in several time span and each of these is
averaged over a different period of time based on how much time is being covered in each graph. Each graph
will have a legend and summarisation of the data being shown.

There are six tabs on the RRD graphs page: System, Traffic, Packets, Quality, Queues and Settings.

a) System graph: This shows a general overview of the system utilisation, including CPU usage, total
throughput and firewall states.

b) Processor Graph: This shows the CPU usage for user and system processes, interrupts and the number of
running processes.

c) Throughput Graph: Shows the incoming and outgoing traffic totalled up for all interfaces.

d) States Graph: Shows the system states but breaks down the value in several ways. It shows the filter states
from firewall rules, NAT states from NAT rules and the count of unique active source and destination IP
addresses and the number of state changes per second.

e) Traffic Graphs: Shows the amount of bandwidth used on each available interface in bits per second. There is
an 'All graphs' choice which will show all of the graphs in a single page.

f) Packet Graphs: This works like traffic graphs but instead of reporting based on bandwidth used it reports
the number of packets per second (pps) passed.

g) Quality Graph: This graph tracks the quality of WAN interfaces with gateways specified. Response time from
the gateway in milliseconds and percentage of lost packets is reported in this graph. Any loss on graph
indicates connectivity issues or times of excessive bandwidth use.

h) Queue Graphs: If traffic shaping is enabled queue graphs will show a composite of each traffic shaper
queue. Each queue will be shown represented by a unique colour. You can view either the graph of all queues or
the graph representing the drops from all queues.

RRD Graph Settings:

RRD graphs can be customised to suit your preferences. Its possible to turn of RRD graphing is you prefer to
use third party external graphing solution. Remember to click on 'Save' when you're finished.

a) Enable Graphing: Check the box to turn ON RRD graphing. Uncheck the box to turn OFF RRD graphing.

b) Default Category: This option selects the tab to be displayed as default when you visit RRD Graphs page.

c) Default Style: This option selects which style of graph to be displayed by default, Inverse or Absolute.

d) Save the settings when finished.

KB Article: http://kb.mettle.in/entry/50/



--
We would like to receive feedback regarding the content of this newsletter and
request for articles. Please send in your valuable suggestions to
mettlenews@mettle.in.

--
Mettle and Linuxense are trademarks of Linuxense Information Systems Pvt. Ltd.
Other trademarks belong to respective owners. 2008 (C) Linuxense Information
Systems Pvt. Ltd. All rights reserved.