Tempesta FW, a handfull firewall against DDoS attacks

Open source tools for protection against DDoS (IPS), such as, Snort, are based on DPI, that is, they analyze the entire protocol stack. However, they cannot control the opening and closing of TCP connections, since they are too high in the network stack of Linux and represent neither server nor client side. This allows to bypass IPS data. Proxy servers are also involved in establishing the connection, but they cannot protect against major DDoS attacks, because they are relatively slow, as they work based on the same principle as the server. For them, it is desirable to use the equipment which, despite being not as good as the one for the back end, can withstand heavy loads.

Read full article →

Using synctool for server configuration management

*nix systems are by default provided with remote management tools, while the method of storing and format of configuration files allows you to rapidly distribute the updated version of settings by simply copying them to the node. This scheme will be good enough for up to a certain number of systems. However, when there are several dozens of servers, they cannot be handled without a special tool. This is when it becomes interesting to have a look at configuration management systems that allow a programmable rather than manual configuration of servers. As a result, the systems can be configured quickly and with fewer errors while the administrator will get the comprehensive report. Also, a CM system knows how to keep track of all changes in the server while supporting the desired configuration.

Read full article →

Review of ROSA Fresh Desktop 4

ROSA Linux has no less than seven variants:

  • ROSA Enterprise Desktop X 1 is recommended for use in a corporate environment and is designed to equip the workstations and servers without special requirements for information security;
  • ROSA Enterprise Linux Server is, in fact, yet another clone of RHEL with some additions from the corporate variant of Mandriva;
  • ROSA Desktop Fresh is the most recent distribution that contains the latest improvements from the developer;
  • ROSA CHROME is a distribution certified by the Russian Federal Service for Technical and Export Control (FSTEC of Russia) and is designed for work with the state secrets;
  • ROSA NICKEL has the similar purpose as the previous variant, but it is certified by the Russian Defense Ministry;
  • ROSA COBALT is certified by FSTEC of Russia, including for the work with personal data.

Unfortunately, the last three distributions are not publicly available, and there is no point to talk about ROSA Enterprise Desktop and Server, so this article will focus on the recently released ROSA Desktop Fresh R5.

Read full article →

High Load Theory

In our work, we are faced with very different projects. In one way or the other, many of them could be called “high-load projects”. If you spend some of your spare time on categorizing these projects and discard such ordinary things as second-rate online stores while roughly grouping what is left, you can come up with an approximate classification. It includes four types of high load:

  • By the number of requests (banner networks);
  • By traffic (video services);
  • By logic (complex back-end calculations);
  • Mixed (everything that fell into several categories).

Now, let’s have a closer look at them.

Read full article →

Getting acquainted with Liferay

Enterprise Information Portals (EIP) have gradually been transformed from fashion to an irreplaceable business tool providing employees with a single point of access to data, tools for management of business processes and information exchange facilities. The Liferay project to be distributed under an Open Source license competes quite successfully with most commercial solutions.

Read full article →