It is very easy to install using Synaptic/Apt and is available in the Ubuntu Universe Repository. There are two front ends available using GTK, and QT. The only issue I had to troubleshoot was that the recorded audio was out of sync and choppy. It was very easy to fix by changing the DEFAULT sound option to plughw:0,0.

The software is capable of using a variety of audio sources including Jack audio server. The capture provided an excellent quality file in .ogv format.

If you are sharing the video capture with Windows users, you will need to convert it to a Windows-friendly format for them. I used mencoder - 

mencoder -idx mycapture.ogv -ovc lavc -oac mp3lame -o mycapture.avi

For a helpful page on installing additional repositories and software in Ubuntu, see here Enabling Extra Repositories. You should also see the following link:  Medibuntu  – to install the W32 Codecs.

This is only required if you need to convert the output into a Windows format like .avi. In order to play the converted avi video in Windows,  I still needed to install this free codec: FFDShow MPEG-4.

I serve a large organization with multiple branch offices in remote places. Typically, these offices are staffed with from one to fifty employees. Most of the offices have a local Windows Domain Controller, which doubles as a file/print server, DNS, and DHCP server.

The larger of the offices are usually connected to the Internet via T1, or DSL via a local service provider. In addition, the offices have a firewall that is connected back to headquarters via IPSec VPN tunnel.

This arrangement has provided a good solution for several years, however there are limitations. Recently, many of our offices have begun providing Internet access for clients – this added network load, in addition to increased usage of high-bandwidth services like You Tube, have placed new demands on us to manage the bandwidth. In addition, configuring servers and firewalls per individual office – and getting local support who can help us on site – is challenging.

A major point of our current initiative is to make our network locations more homogeneous, and more under the control of IT staff at headquarters. Virtualization has become an attractive option for several reasons: it eliminates the cost of a separate hardware firewall, and it allows us to configure a hardware-agnostic server “image” for use on any local hardware.

My “One Box Solution” allows for the firewall, bandwidth management, and Windows Domain Controller to exist on a single, portable, server.

I recently began piloting such a solution in one of our offices. Not having a current budget for my project, I took advantage of an unused Dell workstation at HQ. I added an additional 10/100 NIC we had lying in our closet. I installed Ubuntu 8.10 server (any version of Linux will work) and VMWare’s latest version of free server for Linux.

If you haven’t been exposed to VMWare yet, go to www.vmware.com and download the free player and one of the free virtual appliances (pre configured workstations and computers). VMWare server is also free and will allow you to build and configure your own virtual machines.

Having built the Linux box and installed VMWare server, I configured one of my NICS as an internal nic, with an address on my local subnet, and the other NIC as an external NIC with one of my assigned Internet IP addresses.

Inside VMWare server, I configured three virtual networks. One network connected to my external interface of my Linux server. The second connected to a host only virtual network, and the third connected to the internal NIC of my Linux server.

The first virtual server I built was my M0n0wall firewall. Note that M0n0Wall is available PRE-BUILT! AS A VIRTUAL APPLIANCE! This means you don’t have to compile or build it. Just download the Virtual Appliance files and open them in VMWare Server.  I choose M0n0wall for several reasons. It is free. It is easy to configure. It allows for QoS, Traffic Shaping, and most importantly the IPSec tunnels that connect back to Headquarters and our DR NOC. The external WAN interface of M0n0Wall was connected to the external virtual network. The internal LAN interface of M0n0Wall was connected to the HOST ONLY virtual nework (we’ll see why in sec…). The WAN and LAN interfaces were configured with appropriate network settings, NTP server settings, DNS, etc. The WAN IP will be on our Internet subnet, and the Gateway will point to our ISP’s router or gateway IP address. The LAN interface will become the internal default gateway for our local network. M0n0wall is a powerful firewall solution for a small office. With the addition of a third NIC, you can easily set M0n0wall up to provide a DMZ, or a Captive Portal for your Wireless users. A Captive Portal will allow you to plug in a wireless device, authenticate users in a browser, and/or use RADIUS for advanced authentication.

The second virtual server is Untangle – also available Pre-built as a virtual appliance! Untangle can install as a bridge – meaning there is no routing involved. It sits between your firewall and your internal network. Untangle can also function as the firewall, but since it lacks the IPSec function for our tunnel back to Headquarters, we choose M0n0Wall. Where Untangle really excels is in Internet filtering and management. Untangle provides a suite of free modules for management and OpenVPN. There are also paid and supported modules available. The free version provides for very granular reporting and a powerful degree of access control right out of the box.

The third server is our Windows Domain Controller. This is the only commercial device which requires a paid-for license. Our virtual domain controller runs inside VMWare and connects via one interface to our internal network.

This arrangement has allowed us to provide a one-box all-in-one appliance to our remote offices that can be built and exchanged as needed, with a minimum of configuration. The Windows server can easily be promoted to a domain controller on site. IP Addresses and other site specific information can all be easily configured through graphical utilities.

Using online backup, such as Mozy Pro, in conjunction with our single box, we have discovered a way to provide highly-available network services to our smaller, budget and staff challenged offices in the field.

Options include using ESXi, which is VMWare’s free version of ESX server. The downside of ESXi is that it requires more expensive hardware. It will not run on a workstation with a SATA disk drive. However, if you have a true server that is on the hardware compatibility list, ESXi will provide a better platform. It installs as it’s own OS. Linux and Windows are not required. The management tools and options are also much nicer.

One additional thing we’ve looked at – and likely something we’ll be hearing more about in the coming months – are WAN optimization appliances such as Riverbed that run as a virtual machine. This will likely become a solution in our most remote offices where slow satellite connectivity is the norm.

I like to maintain good security practices in my personal as well as my work computing environments. I also enjoy being able to provide myself and the networks I manage with enough security that we are well covered from any reasonable threat, yet not to the point that things become overly complicated to manage or impact the usability of the environment.

I don’t consider myself a security expert. I would not feel comfortable designing a security policy or architecture for a major financial institution doing on line trading and banking. I do feel pretty comfortable with my ability to protect my personal data and networks, and very comfortable that I am part of a team that is focused on increasing security AND usability where I work.

On my personal and work laptops I’ve been running a combination of a popular free software firewall, AVG (free version), and Microsoft Windows Defender. This combination has worked extremely well on my IBM Thinkpad X31, which is not going into it’s fourth year of life with a 1.6 GHz Pentium M and 2 GB of RAM. The combination has provided excellent protection, even though I rarely use my laptops where they aren’t behind some type of hardware firewall already.

On my Intel Core-Duo HP Compaq nc2400, this combination of software – in particular the software firewall – has caused me a bunch of headaches. The issue I’ve had is constant freezing, having to reboot this laptop multiple times per day. The freezes happen whenever anything changes in the status of a network interface. For instance, if I open a vpn connection to my home network. The connection opens, routing table is correct – but there will be a few seconds where my local network applications like Outlook seem to get “confused” and not know where to go. If I wait a few seconds after making the vpn connection, sometimes everything is fine and the traffic for the vpn goes over the vpn and the local traffic goes local. However, more often than not, if there were any network applications open at the time—add or change an interface like this and the laptop freezes and must be hard re-booted.

I want my laptop firewalled at work. Knowing I’m not exposing any ports unintentionally is comforting. Knowing someone who happened to get local admin access can’t remotely browse my computer, connect via DameWare, etc, is a good feeling. Knowing that should some new worm come along and start probing the network, I’ll be immune lightens the load.

I discovered that my software firewall was probably the root of these network issues and freezes by trial and error. I don’t really blame the software firewall since it has worked brilliantly on my personal ThinkPad, and I use VPN connections frequently there too… But when I removed the software, a lot of my issues seemed to resolve themselves. No more holding my breath every-time I had to connect via VPN… I have a hunch part of it might lie in the IDS/Application scanning portion of the firewall software. Disabling those features might make a difference.

This is when the Yoggie caught my eye. It is a Linux based hardware firewall on a USB stick, for Windows only. One of the big marketing points for the device is that you offload the security duties to this Linux USB host computer. The only thing is that whatever you gain in getting rid of your software firewall application, you lose because now you have reduced your full duplex gigabit Ethernet connection down to a half duplex 480Mbps through this USB device. In addition the Yoggie must run a network RNDIS driver on your computer to setup a virtual network interface of sorts which becomes your computer’s firewalled address. This driver also diverts the traffic at layer two from the Ethernet or WiFi into the USB device before it reaches the operating system. It is a significant hit in network speed if you are using Gigabit Ethernet now. You’ll notice it if you do large file transfers, video, etc. The Yoggie GUI and driver aren’t exactly lightweights in cpu and memory usage either.

I first installed the Yoggie at home on my ThinkPad. The install went smoothly. I had done a lot of reading ahead of time and knew exactly what to expect. I allowed all traffic on my home firewall to pass to the laptop and the Yoggie logged and filter several port scan attempts. It seemed to work very well and I was quite pleased. Then I tried to check my mail. I use SSL encryption for IMAP and SMTP connections to my ISP. Yoggie wouldn’t let the SMTP traffic out. I disabled SMTP from the application scanning parts of Yoggie and it began working again. Ok, no big deal. Note that I uninstalled my software firewall prior to installing Yoggie.

The next day I installed it on my work laptop. This is where several days, yes days, of frustration and lost productivity began. The first thing that happened was that I could not connect to the Yoggie’s web console. This is the only way to connect with and configure the Yoggie. There is no telnet or ssh. If the web console isn’t working, you are pretty much out of luck. Yoggie has a tray icon that is green if the Yoggie is connected, Blue if the protection is disabled, and Red if the Yoggie is not connected. The Yoggie driver will disable all network connections if it is not connected.

I had a theory that the issue not connecting to the web console might have something to do with a local vlan we have with the exact same subnet the Yoggie was configured for. It shouldn’t have mattered, but trace routes to the Yoggie’s address were going to the default network gateway, not to the Yoggie device.

I unplugged from the Ethernet and rebooted. I was able to connect to the Yoggie this time around, so I changed Yoggie’s address to a very little used and highly unknown reserved IP segment of 1.0.0.0/29 – this is a perfectly valid address in the networking world, just a little unconventional. I immediately lost contact with the Yoggie after setting it’s address to 1.0.0.1.

I installed the beta driver, and the icon turned green again – showing that the driver and the Yoggie were again seeing each other. The Yoggie driver/network interface that it installs on the PC must have an IP address in the same subnet as the Yoggie. It would not configure itself with an address in the 1.0.0.0/29 subnet.

Once I figured out what was happening, I manually assigned a 1.0.0.2 address to the NDIS Network driver/interface. After rebooting I was able gain access to the console on the 1.0.0.1 address and change it back to a more conventional 172.x.x.x network subnet. I changed the NDIS driver/adapter back to DHCP and rebooted. The adapter picked up a new address in the same subnet as the Yoggie and everything *seemed* back to normal.

I tried opening our help desk ticketing system, it wouldn’t open. I tried opening our sharepoint site, it wouldn’t open. Disabling the HTTP scanning in Yoggie fixed those issues.

One of the most annoying things about Yoggie is the interface. Half the time, it comes up “page not found” for as yet unknown reasons. The interface itself is abstracted and obscures the true operation of the device – presumably to make it an ‘easy’ console for non-IT types. It makes it tremendously difficult to troubleshoot. Unlike other firewall configurations, there is no set of access-lists and hard defined configuration to check, dump, save, restore, etc… You have the ability to open ports to individual IP addresses, but not to a range or an entire subnet. You have very little control over anything else. The Yoggie has it’s own internal rules it follows, making ‘adaptive’ changes as it sees fit. The problem is there is no way to tell what these changes are, or how they might affect your legitimate operations. The firewall rules, which include a white list and blacklist in addition to individual ports are particularly confusing on the first time through.

It is very hard to know if the Yoggie is actually working. You can try a test download of the EICAR test antivirus file. Yoggie will pop up a webpage and say it was blocked. This is the only proof you have, unless you want to set up another machine and port scan yourself to see if Yoggie does anything.

I’m hoping that one more reinstall with the standard driver will get Yoggie working the way it is supposed to.

In theory it is a really handy device and lets me lighten the load on my machine considerably. In reality it has been really buggy and non-intuitive to get running past a default install.

Support has been responsive on one occasion. Of couse they are located in the UK and Israel, and Saturday is the sabbath so I don’t expect to hear anything until Monday.

One thing I’ve found very strange is that: A. their drivers are unsigned, and B. their support website has been overrun with pornographic spam in several places! – and it is several weeks old already. This reflects poorly on a security company.

They also make a Gatekeeper pro, which is a USB hub sized firewall that connects via Ethernet like a standard firewall. It gets power from the USB. You can use it with any OS, as Yoggie Pico is limited to Windows because of the RNDIS driver. The drawback is that it only works on your Ethernet connection.

My advice at this point – don’t bother. I’m a geek. I don’t mind playing around with this or that and usually pick up a little knowledge in the process. But as a solution, it just isn’t quite there yet.

I may end up going back to some version of my software security. We’ll see

- LATEST update: Yoggie came through and I got a brand new Pico PRO in the mail today. Downloaded the latest software and it seeems to be working like a charm. Many thanks to Gil and Ilan at Yoggie support.

- Another update. I have been in almost daily contact with Yoggie support. They’ve decided my unit is defective and given me a local address to return it to. Upon receipt, I’ll be sent a working unit. I’ll update on the new device. For now, my free Comodo firewall is providing ample protection and the extra load on my system has not been noticeable.

Update: I did hear back from Yoggie support on the web console issue. They told me I should be using the beta driver and not the standard driver. They suggested I try physically disconnecting and then reconnecting the Yoggie before I reboot the laptop. I tried that and it didn’t work. I’m still having issues accessing that web console. The AV aspects of Yoggie are pretty much disabled because of the issues mentioned previously – so EICAR simply downloads at which point AVG picks it up. I’ve tested Yoggie pretty extensively port scanning it from external machines on the same subnet. It has been a solid performer in that regard. This is kind of cool, especially on a public wi-fi network. I wish that dang web console wasn’t so buggy – I can’t view the logs or make any changes. I also wish there were some alternate interface like telnet or ssh from the client pc. I also wish there were more options for configuration. As far as the file scanning goes, and disabling those features – no external device is going to give you any virus scanning on an ssl connection anyway. The content is encrypted – so you need a software AV software running that is going to scan that sucker after it gets decrypted and before it gets executed in RAM. Oh yeah – I think the driver is signed now; and I contacted Yoggie support about the porn in their comments fields. It seems to be gone

–Charles Socci