Archive for January, 2004

Implementing High Availability in MySQL

Saturday, January 24th, 2004

MySQL provides a built-in data replication functionality for maintaining identical copies of its data to one or more backend servers, thus providing a simple High Availability mechanism. On the other hand, the Open Source community has several projects to implement failover techniques, being one of them Heartbeat.

This article will show you how to implement a clustered, highly available and inexpensive solution based on GNU/Linux and combining MySQL as the database engine and Heartbeat as the failover mechanism. The configuration will consist of a 2-node active/passive cluster.

(more…)

Posted in Articles, MySQL | 12 Comments »

Remote logging with syslog

Saturday, January 17th, 2004

The syslog daemon is a utility that provides logging of events (messages) received from programs. It can log events from your local machine as well as from remote machines.

Logging to a remote log server is a good practice to improve the security of your system. This tip will show how to configure a host to send messages to a remote log server through an encrypted connection using stunnel.

(more…)

Posted in Security | 2 Comments »

What time is it? Introduction to NTP

Saturday, January 17th, 2004

Once I read somewhere that Time has been invented in the universe so that everything would not happen at once.

NTP (Network Time Protocol) provides accurate and syncronised time across the Internet. This introductory article will try to show you how to use NTP to control and synchronize your system clock.

First approach

NTP is organised in a hierarchical client-server model. In the top of this hierarchy there are a small number of machines known as reference clocks. A reference clock is known as stratum 0 and is typically a cesium clock or a Global Positioning System (GPS) that receives time from satellites. Attached to these machines there are the so-called stratum 1 servers (that is, stratum 0 clients), which are the top level time servers available to the Internet, that is, they are the best NTP servers available.

Note: in the NTP lingo measure for synchronization distance is termed as stratum: the number of steps that a system lies from a primary time source.

(more…)

Posted in Articles | 2 Comments »

What is an ARP poisoning attack?

Saturday, January 10th, 2004

When two hosts want to communicate to each other through an Ethernet link, the source host must know the MAC address of the destination host. In this way, the source host looks at its ARP table to see if there is a MAC address corresponding to the destination host IP address. If not, it broadcasts an ARP Request to the entire network asking “arp who-has dst_host tell src_host”.

All the hosts on the network ignore the ARP Request except the destination host, which in turn sends an ARP Reply telling “arp reply dst_host is at aa:bb:cc:dd:ee:ff”.

As you can see ARP is a simple and efficient protocol that basically consists of an ARP request and an ARP reply (OK OK, there are also RARP request (Reverse ARP) and RARP reply). This simplicity leads to some security issues due to the fact that ARP does not implement authentication mechanisms.

ARP does not verify replies, so bad guys can force an  ARP cache poisoning. This could lead to MAC flooding attacks, man in the middle attacks, etc…

Despite ARP cache poisoning is a relatively easy exploit and can result in a serious network compromise, there are some preventive measures:

  • Bear in mind that attackers need access to your network, this technique can not be remotely exploited. So check and reinforce your firewalls.
  • If you administer a small network, you can create and maintain an ethernet address to IP number database (/etc/ethers, man ethers).
  • Install ARPwatch. Install IDS tools such as Snort.
  • Common sense.

References:

Posted in Security | 1 Comment »