Route Policy With Linux

In one of our premises I have two firewalls; A Linux iptable and a Microsoft ISA Server.
I got two Internet connections, each connected to one firewall and the plan is to remove the ISA server and add the Internet connection (currently servicing ISA server users) to the Linux box which makes two internet connections on the same server. I got around 20 VLANs and I want to split Internet traffic between these two connections based on the source address. This can easily be done by iproute2 suite. I have not done this before but I am studying it and it seems easy and straightforward. I will post more on this later.

Hardening Linux: Service Shutdown!

I am developing a security guide to provide recommendation to harden a Linux box after a base installation. One of the basic steps to harden a Linux box is to evaluate all Services and shutdown anything that is not necessary for the operation of the operating system and services it offers to its clients. Shutting down Services provides the following benefits:

• Decreases boot up process resulting in higher uptime
• Less system resources are consumed which increase the overall performance of server
• Removes / reduces the risk of any Service vulnerability or abuse

To accomplish this you should know about the functions of each and every Service. There are different documents available to explain this. Here I have found something that helped me a lot because my document is based on Redhat I have found this matching my requirements the best:
Understanding Your Redhat Enterprise Linux Daemons

Application Layer Monitoring

It's been some time since I set up "ManageEngine Applications Manager" to monitor our services availability and health status. Like many popular monitoring applications it provides SNMP (Monitoring resources like CPU, Memory, Network Interfaces, Disks) and ICMP (Monitoring Layer 3 availability) monitoring but it goes beyond that by sending application specific probes to make sure different applications and services are available and healthy. A variety of application and services are supported like:

• POP3 and SMTP
• Web Server monitoring: This includes IIS and Apache with the ability to perform URL Monitoring
• Database Monitoring: DB2, MS-SQL, MySQL, Oracle
• Microsoft .NET / Tomcat / JBoss / WebSphere Monitoing

For the complete list click here.
The top reason I choose ManageEngine was the ability to monitor URLs. We are hosting around 200 web sites and it happens that a single URL goes down while the web server itself is healthy and no sign of service fault can be recognized.
Currently I am using MS-SQL, MySQL, Apache and IIS monitors and I really like the outputs, Reports and Graphs. The GUI provides quick overall view and quick access to monitors and reports.
Another great thing is the SLA management feature which lets us defining different SLA levels and assign them to monitor groups and report when a monitoring group has violated SLA Agreement.
It is really crucial to have a complete logging and monitoring solution functioning up to the application layer. There are a lot of application layer monitoring systems available; Commercial and Free. Many vendors are now including this level of monitoring into their network monitoring products.
To learn more on Different Monitoring tools just visit: http://www.monitortools.com/

Aimlessness is a vice

"Until thought is linked with purpose there is no intelligent accomplishment... Aimlessness is a vice ... They who have no central purpose in their life fall an easy prey to petty worries, fears, troubles, and self-pityings, all of which are indications of weakness, which lead, just as surely as deliberately planned sins (though by a different route), to failure, unhappiness, and loss, for weakness cannot persist in a power-evolving universe. "

As a Man Thinketh, James Allen