Monday, June 23, 2008

Open Source IDS, Firewall, VPN Gateways

A few years back, if a SMB(small and medium business) shop wanted to install Firewalls, Network Intrusion Detection systems, VPN Gateways, etc. then it needed to shell out hundreds of dollars for commercial software from giants such as Cisco, Juniper etc.

But in the last few years, we have a slew of options available from the open-source world. I have been closely watching 2 products in this space:

1. Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

2. Untangle

Untangle delivers an integrated family of applications that help you simplify and consolidate the network and security products you need, in one place at the network gateway. The most popular applications let businesses block spam, spyware, viruses, and phish, filter out inappropriate web content, control unwanted protocols like instant messaging, and provide remote access and support options to their employees

Today Snort has become the de-factor standard for IDS. Even Untangle uses Snort for its IDS application. I was impressed with the range of applications available on the Untangle Gateway Platform. It includes SPAM blocker, Web Filter, Firewall, IDS based on Snort, VPN Gateway based on OpenVPN, a patented attack blocker, etc. A must try-out product :)

Saturday, June 14, 2008

File Watcher programs

During the early years, we often had to write our own component to monitor file changes or changes to a directory. Recently a friend of mine introduced me to the FileSystemWatcher class in .NET. We needed such a solid component and were contemplating writing it ourselves.
I was impressed with the wide range of features available in the FileSystemWatcher class. Not only will it detect changes in files, but it can monitor folders and sub-folders too.
And it can monitor a wide range of attributes - not just whether a file exists or not. For e.g. it can monitor whether the file size has changed, renamed, deleted etc.

I started wondering why there was no equivalent component in the Java SDK. The answer lies in the fact that such kind of event-raising is not available on Unix platforms. So polling is the only option that works cross-platform. When we poll, we cannot detect directory changes like renaming or moving. Also polling for a directory and all sub-directories has a big performance hit!

There a few programs available in Java that a developer can use instead of reinventing the wheel. Here are a few links that provide File watcher programs in Java:
Jahia File watcher

Tuesday, June 10, 2008

VSTS 2008 has a memory profiler

Visual Studio Team System 2005 had a profiler that was useful in obtaining response times and diagnosing time taken by each component/method.

Now in v2008, the Profiler comes equipped to do heap analysis. Information on how to enable heap analysis can be found at this blog
At the end of it, we get a report of the top methods allocating most memory, the types occupying most memory, etc.
This report is not as comprehensive as that provided by Numega DevPartner Studio.

Monday, June 09, 2008

Numega DevPartner Studio

Recently I installed DevPartner Studio and have explored the features provided by the tool. The tool integrates seamlessly into VS.NET and has the following high-level features:

- Static Analysis (Similar to FxCop or Code Analysis in VS Team Studio)

- Error Detection (You actually run the application/program and the tool would give a report of possible errors. This tool is more valuable in case of COM usage through .NET and in C, VC++ projects to detect OutOfBounds errors and dangling pointers, etc)

- Code Coverage (You run the application and at the end of it, a report is generated giving us code paths that were not executed. So helpful in finding dead code.)

- Memory Analysis (Heap analysis, shows object graph till root objects, no of objects created/destroyed etc.)

- Performance Analysis (E.g. U can create snapshots while running the application and the tool would give you the time spend in each method and many other stats. E.g. top 20 methods consuming most time, call graph, etc. Another cool feature is the source code window with time stats for each line on the left side. No more guessing what is taking so much time. )

- In Depth Performance Analyzer (CPU stats, Disk IO, Network IO, etc)

Visual Studio Team System provides us with many similar features. A VS product comparison can be found here.

Monday, June 02, 2008

Interesting features in Web 2.0 feature pack of Websphere v6.1

IBM has recently released a new feature pack for WAS 6.1 that has a host of cool features to build Web 2.0 applications.
AJAX support is provided by the DOJO Toolkit. There are a host of gadgets available (some added by IBM on top of DOJO) for RIA screens. Some features that were of particular interest to me are:
  • A javascript SOAP client that will enable web clients to make webservices requests directly.
  • Web-remoting RPC component that would enable a JS client to call an EJB method or a POJO method directly.
  • Apache Abdera library for manipulating ATOM/RSS feeds
  • JSON4J library on the server side to convert between JSON text and Java objects
  • AJAX messaging to implement Server side push. This is totally cool. I always wanted to experiment with the CometD functionality available in DOJO and here the interation between the DOJO Message Bus (client) and Websphere Service Integration bus was provided out of the box :)
A good example showing Stock Quote Streaming can be found here.