Traveling Ruby (multi-platform portable Ruby binaries)

Traveling Ruby consists of a set of multi-platform portable Ruby binaries, which can be used to distribute Ruby-based products and run them even in machines where Ruby is not installed. It’s very useful, as you can also use it to pack multi-platform applications.

You can check the project’s home page here:

Traveling Ruby is a project which supplies self-contained, “portable” Ruby binaries: Ruby binaries that can run on any Linux distribution and any OS X machine. It also has Windows support (with some caveats). This allows Ruby app developers to bundle these binaries with their Ruby app, so that they can distribute a single package to end users, without needing end users to first install Ruby or gems.

It can run on

  • Linux x86.
  • Linux x86_64.
  • OS X
  • Windows

 

 

Video:

https://vimeo.com/phusionnl/review/113827942/ceca7e70da

 

VMware Cloud Products Survey (Slides)

Regarding VMware vCloud Suite components, VMware terminology can be confusing


This presentation tries to clarify some VMware component names and analyse VMware vRealize
Operations in-depth

The vCloud suite includes almost all VMware products, including:
○ Hypervisor: vSphere (ESXi + vCenter )
ESXi: Single-machine Hypervisor 
vCenter : Handles multiple ESXi’s
● Handles vMotion, High Availalability, Load Balancing
○ vCenter Site Recovery Manager 
■ Policy-based disaster recovery and testing for all virtualized applications
Full presentation at:

Preview:

Screen Shot 08-25-16 at 06.25 PM.PNG

Anomaly & Intrusion Detection+Prevention – Overview and Survey

Anomaly Detection is an scientific subject focused on detecting “unusual” and “interesting” patterns on system events (a.k.a. “outliers”).

Screen Shot 07-15-16 at 06.47 PM.PNG

Just published a new slide presentation on academia.edu focused on:

  • Anomaly Detection,
  • Anomaly Detection vs Intrusion Detection,
  • Intrusion Detection and Prevention Systems (IDPS),
  • Open Source IDPS systems

You can check it here:

 

Fundamental References

  1. Intrusion prevention system – http://en.wikipedia.org/wiki/Intrusion_prevention_system
  2. Guide to Intrusion Detection and Prevention Systems – http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf
  3. Network Intrusion Detection Signatures, Part Five – http://www.symantec.com/connect/articles/network-intrusion-detection-signatures-part-five
  4. Network Intrusion Detection Systems – http://www.cse.scu.edu/~tschwarz/COEN250_07/LN/NIDS.ppt
  5. Intrusion detection system evasion techniques – https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
  6. An Overview of Intrusion Detection Systems Technology and Research – http://www.bzaugg.com/2010/06/an-overview-of-intrusion-detection-systems-technology-and-research/
  7. An intrusion-detection model (DE Denning) – http://web2.utc.edu/~djy471/CPSC4660/DenningModel.pdf
  8. Intrusion Detection using Sequences of System Calls – http://www.cs.unm.edu/~forrest/publications/int_decssc.pdf
  9. Anomaly Detection : A Survey – http://dl.acm.org/citation.cfm?id=1541882
  10. Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks – https://repository.lib.fit.edu/bitstream/handle/11141/106/cs-2002-06.pdf?sequence=1
  11. Learning Rules for Anomaly Detection of Hostile Network Traffic – https://repository.lib.fit.edu/bitstream/handle/11141/123/cs-2003-16.pdf?sequence=1
  12. Open source intrusion detection tools (a quick overview) – https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview
  13. Security Onion – http://blog.securityonion.net/p/securityonion.html https://securityonion.net/
  14. Snort – https://www.snort.org/https://www.snort.org/faq/
  15. Snorby – https://www.snorby.org/
  16. Squert – http://www.squertproject.org/
  17. BRO – https://www.bro.org/documentation/index.html
  18. Network Taps – http://en.wikipedia.org/wiki/Network_taphttps://www.blackbox.com/resource/genpdf/Network-Taps.pdf
  19. vSphere 5 Networking : Port Mirroring – http://blogs.vmware.com/vsphere/2011/08/vsphere-5-new-networking-features-port-mirroring.html
  20. OSSEC – http://ossec-docs.readthedocs.io/en/latest/

TOR: introduction

TOR stands for “The Onion Router”.

It is a network designed to protect its users anonymity by routing the user’s TCP/IP traffic through multiple layers of encryption and multiple proxy nodes, obfuscating the user’s real IP address.

The proxy nodes are contributed by network volunteers,  mostly in a distributed and decentralized fashion.

Web servers are normally unable to detect the user’s real IP, as traffic seems to originate from the last proxy node in the user’s TOR proxy chain (a.k.a. TOR circuit).

A TOR circuit is typically composed by:

  • the user’s real IP
  • 3 TOR nodes
    • 1 Entry node
    • 1 intermediate node
    • 1 Exit node

Traffic is encrypted using several “onion layers”, for TCP/IP connections (UDP is not supported), as follows (simplified):

  • A data packet (DP1) is encrypted with the Exit Node’s public key
    • P1 = PKexit(DP1)
  • The encrypted packet is again encrypted with the Intermediate  Node’s public key:
    • P2 = PKiterm( PKexit(DP1) )
  • The encrypted packet is again encrypted with the Entry Node’s public key:
    • P3 = PKentry ( PKiterm( PKexit(DP1) ) )

Each node only knows the preceding and following node. No node gets to “know” the complete circuit.

TOR can be useful in a number of situations, for example:

  • protect whistle blowers identity
  • circumvent network censorship in censored regions
  • NGOs communicating with its volunteers in a foreign country
  • users can publish web sites without needing to reveal the location of the site (using TOR’s hidden services)

Nevertheless, TOR must be used carefully, so that no “real IP” address leaks or other identity leaks occur (more info here (TOR Overview) ). Attention must also be paid to the risk of possible attacks from powerful adversaries, such as governments and agencies.

Usually a “TOR Browser” is used in combination with TOR. The TOR Browser is a modified version of the official Mozilla Firefox web browser. It usually disables dangerous features for anonymity, such as javascript, cookies and direct TCP/IP connections (it always routes all connection through the TOR network).

TOR Browser

To connect to the TOR network, a user usually has to install the “TOR Client” in its device or network. You can download it at here (TOR project official site)

I’ll be exploring “TOR Client” low-level features in future posts.

[UPDATED with the new posts:]

References

 

Anonymity tools: “whonix”(first impressions)

Just started trying “whonix”, an anonymity-hardened Linux distribution.

“whonix” is based on Debian Linux and uses TOR for all external connections.

Interestingly, it consists of two separate virtual machines, “whonix workstation” and “whonix gateway”. That machine where the user can perform anonymous tasks  (“whonix workstation”) is isolated from the external physical network and can only communicate with the internet via the “whonix gateway”, which relays TOR traffic to the TOR network and the internet.

The main design decision for “whonix” is that the user’s physical IP should not be disclosed even if the “whonix workstation” is compromised with some types of malware. Indeed, the “whonix workstation” does not have access to the external network, which is a very interesting concept.

I’ll be writing more about “whonix”, TOR and Anonymity soon.

Why Anonymity Matters (quoted from https://www.torproject.org/)

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Screen Shot 06-30-16 at 07.26 PM.PNG

Screen Shot 06-30-16 at 07.33 PM

References:

Gamification of Education

Gamification is a very interesting concept for motivating individuals and teams for business objectives, by using concepts usualy found in games, and more specificaly in computer games. For example, I have been involved in the development of a tool for motivating contact center agents using leaderboards and KPIs.

I have stumbled upon this interesting video/lesson where these concepts are explored for educational purposes:

The following advantages over conventional education are interesting to think about:

  • faster failure feedback
  • retrying tests (faster learning with multiple oportunities to take tests)
  • more frequent tests

Fear of failure could be reduced with multiple chances to take a test, don’t you think ?