I recently loaded up a new virtual machine with Ubuntu 7.04 Feisty Fawn (32-bit) running on Vista Ultimate (64-bit) and have had no problems thus far. Everything works, dual monitors, sound, networking, etc…
I’m seriously impressed with the quality of VMWare Workstation 6. I’ve been a user of their product since version 4, and it’s done nothing but improve. I’m also impressed with Ubuntu. It took almost zero effort in order to get a working system installed to disk. After the install a simple sudo apt-get install build-essential was all I needed to get what I need for development.
My reasons for the linux vm are 2 fold. First of all I prefer it to windows as a “safer” platform to do my banking and such on. Secondly, I’ve started another class in my Master’s program at DePaul University, and it requires a linux system. We’ll be learning assembler from the programmer’s point of view; that is understanding what data structures, control statements, etc look like in assembler as well being able to take compiled programs and debug them at the assembler level to find/troubleshoot bugs.
I’ve also been spending some time thinking of ways to give to the security community. One of my ways was recently mentioned in a Security Catalyst Community forums post. Basically, create a matrix of security controls and common implementations cross referencing them with all the different security standards out there. A person could for instance check all the controls they already have in place. The site would then list off the standards they are already compliant with. If they wanted, they could pick a standard and it would list off both what they already have and what they are lacking. Not easy and not quick, but useful.
I’ve also been playing around with some type of more useful way to glean data from CheckPoint firewall logs that have been exported to ASCII with the fwm logexport –i <date> –o <date>.out –n –p –m raw command. Specifically, I’m looking for ways to visually make unusual activity “jump” out at the analyst. I’ve been able to create graphs of port usage over time, but haven’t gotten the code into a state where comparision against the standard diviation is viable yet. I also haven’t come up with a solid interface either. Thus far its a hodge podge of perl scripts that can print graphs if STDOUT is redirected to a png file :) I’m debating between open source, free software, web-based stuff and C# in a Windows App. The developer in me wants to use C# since I’m very comfortable with the language, but the student in me wants to use perl, mysql, and php. Oh the choices!
Another interesting thing I’ve been mulling over is file carving from libpcap files. Often I find myself wanting to grab a file that was sent over the network that I have a capture of. I’ve been thinking of 2 ways to solve this: (1) write my own parser for files as I need them or (2) contribute to the tcpxtract project so that it works more accurately.
Well that’s my brain dump for now. One of my goals is to use blogging as Richard Bejtlich has, and that’s as a personal dumping ground to find thoughts, articles, etc in case I need to refer back to them in the future. Let see how this works out!