Friday, September 21, 2007

Tactical Network Security Monitoring Platform

I am working both strategic and tactical network security monitoring projects. On the tactical side I have been looking for a platform that I could carry on a plane and fit in the overhead compartment, or at the very least under the seat in front of me. Earlier in my career I've used Shuttle and Hacom boxes, but I'm always looking for something better.

People often ask "Why don't you use a laptop?" Reasons to not use a laptop include:

  • Laptops don't have PCI, PCI-X or PCI Express slots to accommodate extra NICs, especially for fiber connections.

  • Laptops are not designed to run constantly.

  • Laptop storage is not as robust as server storage, since laptops usually accommodate up to two internal hard drives, with some capacity for external storage.

  • Laptops are consumer devices and not generally built for server-type operations.


Today I think I found the device I needed: NextComputing NextDimension Pro, pictured above. The specs are as follows:

  • Single dual-core 2.2 GHz AMD Opteron 275/940

  • 4 GB RAM (2 GB x 2, PC3200/400 MHz DDRAM)

  • Two Marvell Yukon 88E8052 Gigabit Ethernet

  • One NVIDIA nForce4 CK804 MCP9 Networking Adapter (Marvell 88E1111 Gigabit PHY)

  • Two 160 GB 7200 RPM SATA 2.5" Seagate Momentus HDDs connected to on-board four port SATA controller

  • Four 160 GB 7200 RPM SATA 2.5" Seagate Momentus HDDs connected to PCI-X four port SATA RAID controller

  • Four USB 2.0

  • Two external SATA ports

  • One RS232 serial port and one RS232 serial port with RS422/485 adaptor

  • DVD drive

  • Two PCI-X slots OR two PCI Express slots OR one PCI-X and one PCI Express; mine has one 16x PCI Express slot and one PCI-X full length slot.

  • Graphics out via Nvidia


I tried FreeBSD 7.0-CURRENT-200709-amd64-disc1.iso on this machine and it installed flawlessly. If you want to see dmesg output please visit Dmesgd courtesy of NYCBUG.

Check out the storage available. If I need to I could combine /nsm1 and /nsm2 into /nsm using Gconcat.

$ df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ad4s1a 989M 194M 716M 21% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad4s1e 9.7G 24K 8.9G 0% /home
/dev/ad4s1f 77G 4.0K 71G 0% /nsm1
/dev/da0s1d 577G 4.0K 531G 0% /nsm2
/dev/ad4s1g 9.7G 12K 8.9G 0% /tmp
/dev/ad4s1d 39G 1.2G 34G 3% /usr
/dev/ad6s1d 144G 258K 133G 0% /var

I am really pleased FreeBSD 7.0 installs on this machine. I may try the i386 version at some point, but I hope to stick with the AMD64 version if possible.

8 comments:

Omar Cruz said...
This comment has been removed by a blog administrator.
ryan said...

What software/versions are you going to put on your mobile NSM?

LonerVamp said...

Is it really as sweet as it looks? Seriously, that's a pretty sexy case!

Any chance for a ballpark price? If not, I totally respect that, but that case looks pretty darn nice, and could be fodder for my annual bonus. ;)

Richard Bejtlich said...

Ryan,

Not yet determined.

LonerVamp -- I prefer you ask the dealer. I didn't get any special deals but I'd rather not list a price. It was not more than $10k however.

Robert Wachsman said...

If you would like to learn more about NextComputing technology, please contact either Robert Wachsman or Dave Hartley. Thank you!

Robert Wachsman
Government/Military Sales
NextComputing
Direct (603) 459-2449
Mobile (603) 401-1922
Email: rwachsman@nextcomputing.com
4 Townsend West # 17, Nashua, NH 03063 USA
Main # 603 886 3874 / Fax # 419 828 2030
Product Service Direct: 603 459 2446
www.nextcomputing.com

David Hartley
Vice President, Sales
NextComputing
Direct/Cell # (760) 831-1992
Email: dhartley@nextcomputing.com
4 Townsend West, Unit 17 Nashua, NH 03063 USA
Main# (603) 886-3874 / Fax# 419 828 2030
Product Service# (603) 459-2446
www.nextcomputing.com

Robert Wachsman said...

Loner Vamp: We would love to hear from you and would be glad to provide pricing for a NextDimension solution to support your projects.

Robert Wachsman
NextComputing
rwachsman@nextcomputing.com
603-459-2449

Richard Bejtlich said...

Note to self: I had to reinstall Windows XP, which paved over the MBR. To reinstall the MBR I booted an Ubuntu live CD and ran grub as root.

find /boot/grub/stage1

returned

hd(2,0)

So I then ran

root (hd2,0)
setup (hd2)
quit

When I rebooted Grub was available again.

pci said...
This comment has been removed by a blog administrator.