Date: November 29th 2010

METTLE NEWS
[News letter on Mettle(tm) brand of products; Industry updates, Tips and Case
studies]

November 2010
Volume 3, Issue 9


In this issue:

* Editorial
* IT Industry news: Stuxnet Worm
* Tip of the month: Deactivating Content Filter & Gateway Anti virus
* A Mettle SE feature: Captive Portal


* Editorial

If you keep a log of viruses and worms coming out every month, you won't be amazed on new break outs and only
thing is that you need to be prepared for it. Preparation is a vague word to describe this scenario. And this
time, the threat is in the form of a worm called Stuxnet and its destruction power is not limited to just
computer system but process control system. See this months industry news for more information.

Many a time, you might need to turn off Content scanning and Gateway anti-virus feature for one reason or
other. This month's Tip of the Month column describes how to do this.

Captive Portal is one of the admired features in Mettle SE that allows you to prompt your users to login
before accessing WAN/Internet. This month's Mettle SE Feature describes how easy it is to set up.

As we enter into the last month of the year, we are preparing to for a change for the better; details will
follow.

Warm regards,

Editor, Mettle News
(mettlenews@mettle.in)


* IT Industry News: Stuxnet Worm

US government officials revealed that a malicious computer worm which targets Iran's nuclear plants could be
modified to wreak havoc on industrial computer systems around the world and could be the most severe cyber
threat known to industry.

As industrial houses merge the networks and computer systems to increase efficiency and productivity they are
becoming more vulnerable to the Stuxnet worm. Stuxnet's complex code is able to infiltrate and take over
systems that control manufacturing and critical operations and has sophisticated abilities to steal
intellectual property and sensitive data. Symantec Corporation's Global Intelligence Director, Dean Turner,
told the US homeland officials that the real world implications of the Stuxnet worm is is beyond any threat
seen so far.

Experts warned that the industries are becoming increasingly vulnerable to the so-called Stuxnet worm as they
merge networks and computer systems to increase efficiency. The growing danger, said lawmakers, makes it
imperative that Congress move on legislation that would expand government controls and set requirements to
make systems safer.

Stuxnet targets businesses using Windows operating system and a control system designed by Siemens AG.
Sean McGurk, the acting director of US Homeland Security's cyber security operations center, says that this
Windows and Siemens combination software is used in many critical sectors, like automobile assembly and
chemical industries. Experts have warned that attackers can use information made public about the Stuxnet worm
to develop variations targeting other industries.

Michael Assante, President of the National Board of Information Security Examiners have told authorities that
control systems needs to be walled off from other networks to secure it from unauthorized access from the
hackers and make it harder for them to access it. Mr. Assante participated in a research in 2007 at the
national lab, in which during a test they used commands delivered over the Internet to destroy a Diesel
generator. He believes stuxnet worm could be such a weapon but with capability to wreak chaos on a larger
scale.

India ranks 4th, followed by United States in 5th in the Stuxnet invasion statistics.

Read more:

http://news.yahoo.com/s/ap/20101117/ap_on_hi_te/us_cyber_threats
http://news.yahoo.com/s/csm/20101118/ts_csm/344234_1
http://en.wikipedia.org/wiki/Stuxnet


* Tip of the month: Deactivating Content Filter & Gateway Anti virus

Turning off the Content Filter or the Gateway Anti virus is not recommended operation for the sake of your
network security. But if you ever need to disable these services for this is how you do it.

1. In the Mettle SE web interface go to Status -->Services. You can see the list of running services here.
2. The green 'Play' button against each item means that it is active.
3. To stop the Content filtering service, click on the 'Stop' button next to Dansguardian.
4. To stop the Gateway anti virus service, click on the 'stop' button next to ClamAV.

Once you have stopped these two services the content filtering will no longer work and the network will be
vulnerable to viruses, worms, trojans and similar threats from the Internet. Be sure to re-activate these two
services as soon as the need for them being inactive is over.

To re-activate these services, come back to the same page and click on the 'Restart' button next to them.

KB article: http://kb.mettle.in/entry/8/


* A Mettle SE feature: Captive Portal

Captive portal is the technique in which a device trying to access the Internet is forced to a login page
asking for credentials before it is allowed to access the Internet. Mettle SE supports Captive Portal used for
HTTP authentication with a web browser. When Captive Portal is enabled the clients on the network will be
re-directed to a HTTP authentication web page before they can access the Internet.

This is how you enable Captive Portal feature in your Mettle SE.

1. Go to Services --> Captive Portal --> Captive Portal tab
2. To enable captive portal check the box "Enable Captive Portal"
3. Choose the interface captive portal is to enabled. Usually this is your local network.
4. Enter the maximum number of concurrent connections to be allowed
5. Enter the idle timeout in minutes. Idle clients will be logged out after the timeout.
6. Enter the hard timeout in seconds. Clients including active clients will be logged out after the timeout.
7. Check the box to enable logout pop up window if required.
8. Redirection URL - All clients will be redirected to the specified URL after logging in.
9. Concurrent logins - If enabled only the most recent login of a user will be active. Previous logins of the
same user will be logged out.
10. MAC filtering - If disabled, attempts will not be made to ensure that the MAC address of clients stays the
same while they're logged in. This is required when the MAC address of the client cannot be determined
(usually when there are routers between Mettle SE and client computers). RADIUS MAC authentication cannot
be used when MAC filtering is enabled.
11. Authentication - Select an authentication method; 'No Authentication', 'Local user manager' or 'RADIUS'.
If RADIUS is chosen, enter RADIUS server details below. If 'Local User Manager' is selected you can manage
users in the "Users" tab.
12. Enable HTTPS login - If enabled, login information would be transmitted over secure HTTPS connection.
13. Enter HTTPS server details in the fields below.
14. Click on 'Save'

Captive Portal Pass through MAC

Pass through MAC If a pass through MAC is added to Captive portal then users logging in from this MAC address
will not be taken to a portal authentication page.

1. Select Services --> Captive Portal-- > Pass through MAC tab to enable this.
2. Click on the '+' button
3. Enter the MAC address
4. Enter a description (not parsed)
5. Click on 'Save'

Captive Portal Allowed IP address

Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without
being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS
server on another network, for example. By specifying from addresses,

1. Select Services --> Captive Portal --> Allowed IP addresses
2. Click on the '+' button to add an IP address
3. Choose the direction either From or To
4. Enter the IP address to be allowed
5. Enter a description for the IP address added (not parsed)
6. Click on 'Save'

Managing Captive Portal Users

1. Select Services --> Captive Portal --> Users
2. To add an user click on the '+' button
3. Enter the user name
4. Enter the password
5. Confirm the password
6. Enter users full name (not parsed)
7. Enter an expiry date for the user you have created by clicking on the 'Calendar' button next to the text
area. If a date is not entered the account will not expire.
8. Click on 'Save'

KB article: http://kb.mettle.in/entry/31/





--
We would like to receive feedback regarding the content of this newsletter and
request for articles. Please send in your valuable suggestions to
mettlenews@mettle.in.

--
Mettle and Linuxense are trademarks of Linuxense Information Systems Pvt. Ltd.
Other trademarks belong to respective owners. 2010 (C) Linuxense Information
Systems Pvt. Ltd. All rights reserved.