Pages

Sunday, December 29, 2013

Check These Things Before Implementing the BYOD Policy

There is no doubt that BYOD is the new trend in the industry, but the big question is "Do you really need it?". Dont just implement the policy because other companies are doing it, no matter what anyone says it could be very expensive risk when the things go out of control. So here are the questions that you should ask yourself before implementing this policy in your organization.

Are your employees mature enough to use it wisely?
I have noticed many people even those who are working in an IT organization tend to hand over their devices to unknown people or people who they least know in order to fix the issues. What if unknowingly or knowingly they give these devices to your competitors or hackers? Before implementing BYOD it is always wise to do this check and if you still think that implementing the policy is crucial to your organization make sure that your employees are well trained on these aspects.Conduct few training session and explain them the precautions that they need to take to mitigate the issues.

Who are included in this policy?
It is not wise to include all the users in the organization under this policy, if you are implementing this policy for the first time only include limited people for sometime to analyse the usage, risks and technical challenges involved in it. This helps in making the policy even more secure before applying to everyone. However it is always recommended that you limit this policy to only certain people in the management level as these are the people who stay with the organization for a longer time and are experienced enough to use the policy securely.

Do you have all the resources available to protect the data?
User data is obviously the biggest asset of the organization, before implementing BYOD make sure you have all the tools and technology to safeguard the device and the data. This is because devices under this policy are more harshly used than the usual workstation or the other devices inside the organization. There is nothing that can be done once the data is lost and if you cannot retrieve it back. SMB should take this into consideration because I have seen most of them use opensource application and technologies for their businesses, opensource is great but it has lot of bugs on them, poor updates and no support if something goes wrong. Make sure that you have the correct tools for implementing this policy.

Does the IT team has experience in managing a BYOD environment?
This is the most crucial aspect before implementing the policy, when you go to a war you should make sure that the soldiers are ready for it or else there are many chances that you may loose it. Same applies to any organization, before implementing the policy make sure that atleast the IT heads are aware of what they are dealing with and they train their teams on the precautions and the steps to be followed in preparing the devices and the scheduled maintenance that need to be performed to minimize the disasters.
BYOD is already proven to be the most efficient way to improve the productivity in any organization, but poor knowledge on it and without continuous security measures this policy could lead to a catastrophe, follow the right measures and have a great technique in implementing the policy.

Wednesday, November 20, 2013

Starting MYSQL in innodb recovery mode

Recently my SQL server has crashed and was unable to start, I have tried to fix the issue but could not, by seeing the log file I could only understand that there is a problem with the innodb database and the only way to work around with the issue is to recover innodb. But I cannot loose the database since it was very critical for my project.

So after little R&D I was able to start the server using the innodb recovery mode, here is how to do it

Open the mysql config file i.e. my.ini and add the following line under the [mysqld] line

innodb_force_recovery = 4

this will start the mysql server in innodb recovery mode and gives you the chance to repair the database.

For your information the mysql logfile

131121  1:18:48  InnoDB: Page checksum 4132264320, prior-to-4.0.14-form checksum 47764882
InnoDB: stored checksum 4132264320, prior-to-4.0.14-form stored checksum 1792345140
InnoDB: Page lsn 0 58314446, low 4 bytes of lsn at page end 58279508
InnoDB: Page number (if stored to page already) 590,
InnoDB: space id (if created with >= MySQL-4.1.1 and stored already) 0
InnoDB: Page may be an update undo log page
InnoDB: Database page corruption on disk or a failed
InnoDB: file read of page 590.
InnoDB: You may have to recover from a backup.
InnoDB: It is also possible that your operating
InnoDB: system has corrupted its own file cache
InnoDB: and rebooting your computer removes the
InnoDB: error.
InnoDB: If the corrupt page is an index page
InnoDB: you can also try to fix the corruption
InnoDB: by dumping, dropping, and reimporting
InnoDB: the corrupt table. You can use CHECK
InnoDB: TABLE to scan your table for corruption.
InnoDB: See also http://dev.mysql.com/doc/refman/5.5/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.
InnoDB: Ending processing because of a corrupt database page.
131121  1:18:48  InnoDB: Assertion failure in thread 2996 in file buf0buf.c line 3602
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.5/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.


Tuesday, November 19, 2013

Convert Time stamp from UNIX to Human readable format in SQUID Proxy Log

I work with an IT organization and my Security team as a part of their routine audits asked me to provide the SQUID proxy server log. I have provided them the logs but they were not happy about it since the time stamp in the log is in UNIX format. So they have assigned me the task to change the time stamp to human readable format.

I have started to do the R&D on how this can be achieved, after I googling for a long time I have found the solutions for it which I am explaining now since I have found many administrators searching for this configuration on the internet.

The configuration is pretty simple, we just need to add the following configuration line at the end of squid configuration file located at /etc/squid/squid.conf

The configuration is

### Custom Log Format ###
logformat squid %tl.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt


after adding the above configuration, restart the SQUID proxy server for the changes to take effect.

That's it now the time stamp in SQUID log would be in Human Readable Format.

Thursday, October 31, 2013

Junk values after Converting a document to PDF in Adobe

Issue:

While converting Word Documents to Adobe PDF, sometimes we observe the below error message.
%%[ ProductName: Distiller ]%%
Cambria not found, using Courier.
%%[Page: 1]%%
%%[ Error: invalidfont; OffendingCommand: xshow; ErrorInfo: CharOffsets         82 30 44 29 59 52
0]
([1]
)
%%[ Flushing: rest of job (to end-of-file) will be ignored ]%%
%%[ Warning: PostScript error. No PDF file produced. ] %%

Resolution:

This error can be resolved by changing one of the Adobe PDF printer settings.  

  • When you are in the print dialog, and you have selected the appropriate PDF printer, select "Properties."  
  • In the dialog box, there should be a tab titled "Adobe PDF Settings," and it should look like the below image.

image

  • Un-check "Rely on system fonts only; do not use document fonts."  
  • This solves the issue for documents created using XP or Vista, then upgraded to Windows 7.  The Cambria font somehow gets changed between XP/Vista and Win7.

Install and Configure postfix

Postfix is the Linux Mail Transfer Agent that is being used very widely in recent days because of the features that it offers. Installation of Postfix is pretty simple in Debian based OS and a bit tricky in Redhat based. The following tutorial will show you the installation of Postfix in Ubunt and Redhat(in the next tutorial).

Before proceeding we need to make sure that the default MTA sendmail(if installed) should be removed. This can be done by executing the following commands

Debian or Ubuntu :

apt-get purge sendmail

Redhat :

yum remove sendmail

Now we can proceed with the installation of Postfix MTA by executing the following command as a root or a sudo user.

apt-get install postfix
apt-get install mailutils

Normally in Debian based or in Ubuntu operating systems once after the installation a wizard is started to complete the configuration of the Postfix, follow the below steps to complete the general postfix configuration

image

image

image

image

image

image

image

image

image

once the configuration is Done, restart the postfix service for the changes to take effect.

service   postfix   restart

Wednesday, October 30, 2013

Ubuntu Installation Video Tutorial

Ubuntu is the most famous Linux distribution widely used at home and at enterprises. The desktop version of Ubuntu is very stylish with amazing visual effects and very user friendly. Ubuntu comes with the software center with thousands of applications ready to install with just a click.

Installation of Ubuntu is pretty simple, here is a video tutorial that shows step by step instructions of Ubuntu 12.04 installation on a VMWARE workstation.



Enable Apache SSL in Ubuntu

Enable Apache SSL in Ubuntu

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

The following tutorial will tell you how to configure apache with SSL and browse your website using https protocol. In ubuntu its pretty easy and the steps are as follows.

In ubuntu open a terminal and login as root and run the following commands

1. install apche2 webserver
apt-get install apache2

2. Browse to the following directory using

cd  /etc/apache2/mods-available/
3. Enable the SSL module for apache using
a2enmod ssl
4. Now browse through the following directory
cd /etc/apache2/sites-available/
5. And enable the defaulf virtual host with SSL using
a2ensite default.ssl
6. Now restart the webservice for the changes to take effect
service apache2 restart
To confirm if all went well just open the firefox browser and type the following URL in the address bar.
https://localhost/

If the default webpage is loaded then you have successfully installed and configured apache2 with SSL support.