Wednesday, August 6, 2014

iPhone is still an awesome SysAdmin tool. Literally fighting and warding off hackers with an iPhone.

As many of my readers know, I carry two phones. An iOS and an Android phone. However, when it comes to any real work, I use my iPhone. It has been very reliable and I've been using different versions of the iPhone to avert disaster in the last 7 years. Sure, many of these things you can do with Android. However, I have had problems mostly with VPN connectivity. As many already know, Android did not support IPSEC group cisco-vpn for many, many years. Thus, I've been using iOS as my go-to device. The largest screen in the world can't help you if you don't have connectivity access.
I also prefer some of the iOS equivalent apps. For example, Connectbot and JuiceSSH are no equivalent to iSSH.

Well, here is an example I would share with some of my readers why the iPhone still rocks!
Typical crisis scenario: Waiting in line for the latest movie, Guardian of the Galaxy, and the phone is ringing off the hook with NAGIOS notifications. NAGIOS is telling you that some servers are degraded or offline. You can either rush to the car or back to the office or.... Server meltdown and crisis  needs to be fixed ASAP. What do you do?  Well, that has happen to me on many, many occasions.  When it does happen, I rely on my iPhone. It also happend over the past weekend.

I use NAGIOS which is an enterprise grade network and intrusion monitoring. And boy, I constantly get text and email messages for down servers or degraded services. You know, the kind where Russian and Chinese hackers are chomping away. It is good to SSH in and apply a firewall rule just like that. I can restart services or launch redundant failovers.

Besides sysadmin duties, there are plenty of other scenarios where it comes in handy. Often times, I may be at lunch and a client wants me to export a MySQL report into an Excel spreadsheet. Easy. MysqlDump the query to a CSV delineated file then convert into Excel .XLS on the iPhone. And yes, I do this on a small 4" screen. iSSH has really good multi-touch gestures that makes up for a smaller screen. I actually prefer using iSSH over JuiceSSH on my HTC ONE M8. Thus, you can see why I a still a dedicated iOS user.

The other day, a client's email server was getting hammered with a brute dictionary attack. Within 15 minutes, I installed Fail2Ban and scp (Secure shell copied) a working configuration that monitors SASL intrusion with my iPhone. The attack was a coordinated brute force password "guessing" on the SMTP mail server.  They hit the servers hundreds of times per second so that the server can't handle regular requests. With my iPhone, I logged in via SSH and scp  a working /etc/ config (from another server) and bam, Fail2Ban was monitoring the mail logs and blocking African, Russian, and Chinese hackers in real-time. All of this was done in real time. And it was done using an iPhone.

Fail2Ban is actually very cool but that can be a different subject on a different blog post. Basically, it is a POSIX daemon that monitors log files and can be configured to block malicious intruders.  You can configure it to monitor different services and if there are so many attempts (say 3-4), you can deny them via deny-host of through a firewall IPFW rule. If this sounds all alien to you, lets just say, all you need is console access to install, configure and set-up.

If I can get root and shell access, I can handle crisis like this with my 4" wonder gadget. Another crisis averted. So the point is, devices are tools and you make it is what you want it to be. Thus, I still get a laugh when people say you can't do real work on a mobile device.

No comments:

Post a Comment