ABOUT
Visit BalaBit site
Posts Tagged ‘windows’
Learning SCB: the fun way
Learning a new and complex software, like SCB, is difficult, even if it has a fantastic documentation. I started learning SCB this way, reading the docs from page one. Then I learned, that we have just finished preparing a brand new e-learning based training material, which also includes webex consultations and an exam at the end (commercial, available for customers and partners, register here). And instead of using rdesktop from my laptop, I got a chance to use a real thin client to access servers through SCB: a small PC which fits in a hand.
Of course, course using the e-learning training does not mean, that one does not need to read documentation. But it means, that not all documentation needs to be read. Each chapter gives a good overview of an important aspect of SCB and at the end there are pointers to further reading in the administrators guide. One can find there additional details if necessary.
There are also some screen casts of SCB, so one can see how to use the software even without starting it. And as setting up a good test environment is often difficult, these examples are more life like than a simple test environment with one or two connections.
While learning SCB I met with a friend who is specialized in miniaturized computers. When he found, what I’m doing, he pulled out something looking like a power supply out from his pocket, just a little smaller. Looking at it more closely, it turned out, that it’s a complete computer, which can be used for many things, but used primarily as a thin client.
SCB was running as a virtual machine on my laptop, and I could also simply use rdesktop or ssh from it to create connections through SCB. But using a separate machine as client has some advantages other than being fun. I could do four eyes authentication while watching what happens on the client side. Or follow in real time what is happening on the screen of the thin client using the Audit Player.
It’s still difficult for me to believe the size of the machine. Even my ARM systems are larger in size, but it’s an x86. The machine is using a Vortex86 system on chip, which is somewhere between i486 and i586. This of course means, that not all Linux distributions run on it, but I have seen XP on it and used Debian to build a thin client.
The machine is powered using a standard USB cable, has Ethernet, video, audio, three USB pots and an SD card slot. It boots from USB or an SD card, which is emulated as an IDE HDD. There are no moving parts inside, so it’s completely silent. It has VESA mounting holes, so it can easily be attached to the back of modern LCD monitors. This way it is not visible at all, or takes any precious desk space.
If you are interested in, how your thin client infrastructure could be secured and audited, please read our SCB thin client white paper.
The new iPad: why I don’t want it?
Last week a new iPad was released. It has a standard 10” screen with almost twice the screen resolution of my ThinkPad mobile workstation. Still, I plan to write write about an Intel Atom based tablet, the ekoore Python. Looking at the technical specifications, it can’t even remotely match the specification of the iPad. On the other hand it has a great feature, few of the other tablets have: freedom.
Syslog clients for Windows
Central logging using syslog is long part of the UNIX / Linux infrastructure. But if someone also happens to have Windows machines, it is still possible to use the proven syslog-ng servers. There are many clients available, both open and closed source, ranging from simple event forwarders to complex logging solutions.
Some more applications to forward Windows events to syslog-ng
There are many smaller and mostly abandoned projects to forward Windows events to syslog. I did not have a chance to test all them, as I only have access to the latest Windows releases, still, they might be interesting if you have older Windows versions running on legacy hardware. These include Kiwi and three open source applications NTsyslog, winlogd, Project Lasso.
Patterns for Windows Server 2008
Two weeks ago I promised some Windows patterns. They are now available for download from http://people.balabit.hu/czanik/patterndb-win2k8.xml Obviously it does not cover every single event from Win2k8, but many common events are included. They are not just recognized, but some useful information is also extracted from them.
Snare
Snare Agent for Windows is one of the popular syslog clients for Windows. It has many installation possibilities, so it’s easy to install on a single machine and also on larger networks. It has a web based GUI for configuration, which makes local and even remote configuration possible. There are two editions of Snare, a free, GPL and a commercial version with more features bundled with Snare Server.
Eventlog to syslog
Central logging using syslog is long part of the UNIX / Linux infrastructure. But if someone also happens to have Windows machines, it is still possible to use the proven syslog-ng servers. There are many tools to forward Windows events to syslog-ng. The simplest is called “Eventlog to Syslog”.
