http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127 http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&internet+background+noise == Internet Background Noise == Internet background noise (IBN) consists of data packets on the Internet which are addressed to IP addresses or ports where there is no network device set up to receive them. These noise packets are the result of port scans and worm activities. A nice view of the internet background noise \\ http://www.switch.ch/security/services/IBN/ == Dark Internet == Part of routed IP space in which no active services or servers reside. Trafic received on these adresses is considered as Internet background noise. Monitoring incoming traffic on part of this adress space can be used to build intrusion prevention systems. === Ressources === The Team Cymru Darknet Project [[http://www.cymru.com/Darknet/]]\\ A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are "dark" because there is, seemingly, nothing within these networks. Any packet that enters a Darknet is by its presence aberrant. No legitimate packets should be sent to a Darknet. Such packets may have arrived by mistake or misconfiguration, but the majority of such packets are sent by malware. This malware, actively scanning for vulnerable devices, will send packets into the Darknet, and this is exactly what we want. Darknets have multiple uses. These can be used to host flow collectors, backscatter detectors, packet sniffers, and IDS boxes. The elegance of the Darknet is that it cuts down considerably on the false positives for any device or technology. The network telescope [[http://www.caida.org/analysis/security/telescope/]]\\ A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning. Internet Motion Sensor [[http://ims.eecs.umich.edu/]]\\ The Internet Motion Sensor (IMS) is a globally-scoped threat monitoring system whose goal is to measure, characterize, and track emerging threats such as worms, denial of service attacks and network scanning activities. The IMS utilizes a large collection of distributed sensors that monitor blocks of globally routable unused address space. Because the blocks contain no active hosts, the traffic must be the result of misconfiguration, backscatter from spoofed source addresses, or scanning from worms and other probing. Thu, 26 Mar 2009 17:06:54 GMT http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&internet+background+noise fabrice gaillard 2009-03-26T17:06:54Z http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&monitoring+systems == Monitoring == Open Source monitoring systems == **nagios** [http://www.nagios.org/]\\ Nagios is an enterprise-class monitoring solutions for hosts, services, and networks released under an Open Source license. **GroundWork** [http://www.itgroundwork.com/downloads/]\\ * Open source-based IT infrastructure monitoring platform * Advanced, UI for Nagios * Configuration tool for Nagios **zabbix** [http://www.zabbix.org/]\\ ZABBIX offers advanced monitoring, alerting and visualisation features today which are missing in other monitoring systems, even some of the best commercial ones. **Helios** [https://helios.dev.java.net/]\\ Helios is an Open Source performance monitoring, visualization and reporting system. It's core premise is a domain structure of MBeans that represent real time scalar and aggregated performance data and a web application that supports the creation of web based dashboards that can display the data in the form of text, graphs and other custom widgets. **hyperic** [http://www.hyperic.com/]\\ Hyperic HQ Open Source delivers visibility for web infrastructure to today's IT professional. **zenoss** [http://zenoss.com/]\\ Zenoss is an enterprise-grade open source monitoring solution built on the python-based Zope application server. Thu, 26 Mar 2009 16:03:17 GMT http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&monitoring+systems fabrice gaillard 2009-03-26T16:03:17Z http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&performance+monitoring == performance monitoring solutions == **MRTG** [http://oss.oetiker.ch/mrtg/]\\ You have a router, you want to know what it does all day long? Then MRTG is for you. It will monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface. **Cacti** [http://cacti.net/] \\ Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. **Munin** [http://munin.projects.linpro.no/] \\ Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine "what's different today" when a performance problem crops up. It makes it easy to see how you're doing capacity-wise on any resources. **Hyperic** [http://www.hyperic.com/]\\ Open source systems monitoring, server monitoring, and IT management software. Developed for web apps and service provider scalability. Thu, 26 Mar 2009 15:54:10 GMT http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&performance+monitoring fabrice gaillard 2009-03-26T15:54:10Z http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&cryptographic+filesystem == Cryptographic filesystem implementations == === Multi plateform solution === **T r u e C r y p t** [http://www.truecrypt.org/]\\ Free open-source disk encryption software for Windows Vista/XP/2000 and Linux === Platform specific solutions === **On NetBSD** : cryptographic device driver (CGD)\\ [http://www.netbsd.org/guide/en/chap-cgd.html] see also [http://www.onlamp.com/lpt/a/6384] NetBSD's CGD compared to other systems on *BSD et Linux. **On FreeBSD** : GEOM Based Disk Encryption (gbde)\\ [http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html] **On OpenBSD** : svnd\\ [http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html] **On Linux** : Loop-AES\\ [http://www.ibiblio.org/pub/Linux/docs/HOWTO/translations/fr/html-1page/Cryptoloop-HOWTO.html] Thu, 26 Mar 2009 15:39:46 GMT http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&cryptographic+filesystem fabrice gaillard 2009-03-26T15:39:46Z http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&FrontPage I use this wiki as a king off notbook on the web. \\ \\ \\ Thu, 26 Mar 2009 15:23:27 GMT http://www.w3architect.com/web/en/wiki?p_p_id=36&p_p_lifecycle=0&p_r_p_185834411_nodeId=12127&p_r_p_185834411_title=&FrontPage fabrice gaillard 2009-03-26T15:23:27Z