NYCBUG

Future Meetings: 2010-03-03 - PFSense II, Rocking The Datacenter
Events & Cons: 2010-02-22 - 2nd USENIX Workshop on the Theory and Practice of Provenance (TaPP `10); 2010-02-22 - First USENIX Workshop on Sustainable Information Technology (SustainIT `10); 2010-02-23 - 8th USENIX Conference on File and Storage Technologies (FAST `10); 2010-04-22 - 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI `09); 2010-04-27 - 2010 Internet Network Management Workshop/ Workshop on Research on Enterprise Networking (INM/WREN `10); 2010-04-27 - 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET `10); 2010-04-27 - 9th International Workshop on Peer-to-Peer Systems (IPTPS `10); 2010-04-28 - 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI `10); 2010-05-13 - BSDCan 2010; 2010-06-14 - 2nd USENIX Workshop on Hot Topics in Parallelism (HotPar `10); 2010-06-22 - 3rd Workshop on Online Social Networks (WOSN 2010); 2010-06-23 - 2010 USENIX Annual Technical Conference (USENIX ATC `10); 2010-06-23 - USENIX Conference on Web Application Development (WebApps `10); 2010-08-10 - 1st USENIX Workshop on Health Security and Privacy (HealthSec `10); 2010-08-11 - 19th USENIX Security Symposium (USENIX Security `10); 2010-10-04 - 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI `10); 2010-10-08 - EuroBSDCon 2010; 2010-11-07 - 24th Large Installation System Administration Conference (LISA `10)
Past Meetings: 2010-02-07 - BSD Certifcation SME Session; 2010-02-07 - BSD Certification Exam; 2010-02-03 - Systems Programming On A System On A Chip; 2010-01-06 - Hadoop a Worldwind Tour; 2009-12-02 - Holiday Meeting: Your Tips as Presents; 2009-11-04 - FreeBSD 8.0 New Release and Virtualized Networking for All; 2009-10-07 - Brian Cully on XMPP Takes AIM: A Lot of Jabber about Real Time Applications; 2009-09-02 - Jeffrey Hsu on How to Get Started with Kernel Programming; 2009-08-05 - BSD Certification: A Case Study in Open Source Community; 2009-07-01 - Next steps for GNUstep; 2009-06-03 - Building Better Tools; 2009-05-06 - Open Forum; 2009-04-01 - Git: A Case Study In Distributed Version Control; 2009-03-04 - What`s your biggest Time Management problem?; 2009-02-04 - Postfix Performance Tuning; 2009-01-07 - Introduction to Puppet; 2008-12-03 - 2008 NYC*BUG Holiday Party; 2008-11-05 - Hardware Performance Monitoring Counters; 2008-10-11 - NYCBSDCon 2008; 2008-09-03 - Organizing NYCBSDCon 2008; 2008-08-06 - Public Key sudo; 2008-07-02 - Configuration Management with Cfengine; 2008-06-04 - NYCBSDCon 2008 Organizing Meeting; 2008-05-07 - Managing OpenBSD Environments; 2008-04-02 - ZFS on FreeBSD; 2008-03-20 - Building a High-Performance Computing Cluster Using FreeBSD; 2008-03-05 - User Interfaces and How People Think; 2008-02-06 - Open Meeting on OpenSSH; 2008-01-09 - SSARES; 2007-12-13 - 2007 NYTC Holiday Party; 2007-11-07 - IPv6 Workshop; 2007-10-03 - IPv6 Implementation; 2007-09-05 - Cryptography in Web Apps; 2007-08-23 - NYCBUG-NYPHP Social; 2007-08-01 - Nagios; 2007-07-05 - The Real Unix Tradition; 2007-06-06 - DOS Mitigation; 2007-05-02 - pkgsrcCon; 2007-04-04 - OpenCVS; 2007-03-07 - Enterprise Security Mgmt; 2007-02-07 - Subversion; 2007-01-03 - PF; 2006-12-07 - 2006 Holiday Party; 2006-11-01 - NYCBSDCon 2006; 2006-10-04 - NYCBSDCon planning; 2006-09-06 - m0n0wall and PFSense; 2006-08-02 - Open Forum; 2006-07-05 - Sendmail Hacks; 2006-06-07 - Open Forum; 2006-05-03 - VPN & PAE; 2006-04-05 - Open Forum; 2006-03-01 - Systrace for Slackers; 2006-02-01 - Xen and the Art of SysAdmin; 2006-01-04 - Java on FreeBSD; 2005-12-07 - Jail(8); 2005-11-02 - Time Mgmt for SysAdmins; 2005-10-05 - The Summer of Code; 2005-09-17 - NYCBSDCon 2005; 2005-08-03 - Challenges of large Unix environ; 2005-07-06 - OpenBSD IPsec stack; 2005-06-01 - Open Source Software; 2005-05-04 - Heimdal Kerberos on NetBSD; 2005-04-06 - FreeBSD port maintenance; 2005-03-02 - OpenBSD on PA-RISC; 2005-02-02 - pkgsrc; 2005-01-05 - Anatomy of a Hack; 2004-12-01 - 2004 Holiday Party; 2004-11-03 - Lok Technology, Inc.; 2004-10-16 - Meet Mr. McKusick; 2004-09-01 - Jail(8); 2004-08-04 - OpenBSD on Soekris; 2004-07-07 - Secure Architectures; 2004-06-02 - Hacking Your iBook; 2004-05-05 - BSD Consulting; 2004-04-07 - OS X, Darwin and BSD; 2004-03-03 - NetBSD crypto disk; 2004-02-04 - OpenBSD Security

March 03, 2010

PFSense II, Rocking The Datacenter

In 2006, ike gave an overview on PFSense and it`s mother project
m0n0wall, which were new and exciting router platforms back then.

Quote from that first talk, (4 years ago):
  "throw your Linksys/SoHo/WiFi router in the garbage where it belongs"
  http://www.nycbug.org/index.php?NAV=Home;SUBM=10027

Quote for this talk:
  "You might wanna` put your Sonicwall/Juniper/Cisco routers up on Ebay."

pfSense is a free, open source customized distribution of FreeBSD
tailored for use as a firewall and router.  http://pfsense.org/

pfSense has matured into a full-fledged routing platform which fits 
right in at the datacenter.  As all the big router vendors now tout
fully browser-based administration- (over IOS, I2J, etc...) so the
stigma of using pfSense in the enterprise is gone.

Our speaker has been using pfSense in datacenter deployments for over 4 
years, and will be describing how pfSense was used to save and secure
several "organically dysfunctional" corporate networks, and maintain
business continuity.

Throughout the talk, these points will be emphasized:
- Deploys: "Performing an Oil Change at 80mph" (quoting Michael Lucas)
- Corporate Office/Colo Life with pfSense
- Quickly/Safely Training Junior/Senior Network Sysadmins on pfSense
- Taking the Magic/Macho out of HA networking
- Networking can be Reliable/Understood/Fun

Half of this talk is a quick pfSense bootstrap:
- What *is* pfSense? (A Terrific Routing Platform!)
- Hardware (Embedded and Regular x86 Systems)
  - The reality of recycling servers, (Go Green! and other buzzwords)
- Install, basic setup- focused on typical multi-zone networks

The other half of the talk will go through the incredibly advanced tools 
and features that make pfSense an excellent platform for
High-Availability and Security at the datacenter:

- CARP, Physical Redundancy, (and living with HSRP/VRRP/GLBP 
  from your ISP)
- Fully Redundant Load Balancing, 2 common roles:
  - (inbound) Load Balancing to scale Web Servers
  - (outbound) Load Balancing for multi-wan redundant networking
- "Deep Packet Inspection" and other infosec buzzwords, done the 
  PF/BSD way

- Missing your IOS shell?  pfSense gives you a UNIX Shell- infinite 
  possibilities!
  - pfSense/embedded shell specifics, (read-only filesysem on CF?)
    - NanoBSD/implementation notes...
  - Using pf from the shell
    - interacting with system firewall/traffic-shaping/etc..
    - dancing a tango with the GUI
- Syslog, SNMP, and all fixin`s
- Config Management for Network Scaling/Sanity

As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac ".ike" Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD`s jail (8).