Alan Doherty [Rated By ICRA] Level Double-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0
Valid CSS! Valid HTML 4.01 Strict

Some reasons for calling me first


I have been working for ISP's and network security companies, from a support role through to senior network consultant since 1996. And as a consultant i have designed and built both network infrastructure {LAN/WAN} and backend servers DNS/RADIUS/SMTP/PROXIES/NTP for more than one ISP. and many large multi-national spanning private WAN's In that time have developed standards still used by several security companies for building Windows cisco and Linux based firewalls, my old templates for cisco router configuration are still being used by Esat.Net and modified versions are being used by at least 2 other ISPs. {with credits removed I have noticed} Also I have run several workshops on linux and cisco routers for it staff wanting to design build and maintain everything themselves.


I use a large selection of self developed freeware tools/scripts templates and checklists that make it largely impossible for me to overlook a particular area of configuration, and make the configurations more uniform to ease the burden of support. {as most mistakes I've found in 'other peoples' work aren't due to incompetence, although it happens too often, but more often its purely an oversight} This uniformity also ensures if I have to pass a particular support call to an associate, he will be able to familiarise himself with the system easily.


I only bill for the hours worked and for the expenses incurred, I do not re-sell equipment or software so my advise to buy XYZ piece of equipment instead of ABC is never influenced by profit.


As my mobile is never off I am at your disposal nearly all of the time, but I will not make unreasonable promises about my response time, i do however promise that if for some reason i cannot respond, you will have the number of at least one of the other contractors i regularly work with and he will be able to assist you in a support situation.

Why should you consider a Unix/Linux install from me instead on windows for firewall, mail, web or file server?

The advantage of most *nix installs is first and foremost performance, and security through the finer granularity of user access controls {when properly administered}. Additionally the fewer os/fixes per year necessary to keep it secure. Also with RPM based Linux distributions, you have the possibility for use of the Yum utility with email notifications to guarantee the greater invulnerability of the server, also with the addition of a few of my own shell scripts the server will automatically inform the local administrator of suspicious events, reboots, shell logins etc. The use of Tripwire makes intrusion detection built in I also have developed a range of interactive customisable shell scripts to ease administrative training by making all day to day tasks menu driven {adding and removing various types of users etc. changing passwords, adding sites to a webserver etc.} also the fact that they can be fully supported/administered remotely by myself or any other designated administrator.

Why should you consider using having me setup your windows for firewall, mail, web or file server?

Few consultants installing windows based systems really take the time to fully lock down and fix windows systems as far as possible. They prefer to leave all the security to the firewall, Leaving your system vulnerable in cases of failures in firewall software {licence expiry, bugs etc.} and in cases where the attack comes from your internal network or in a mode that the indistingushable from valid traffic to the firewall. {classic case running IIS+Exchange for outlook web access, but not ensuring that all other IIS plugins allowing remote administration etc. are in a seperate IIS instance} I on the other hand will by default shutdown any and all unnecessary services, set up correct ntfs file permissions across the drives, turn on auditing options for system changes, set reasonable values for system logs and page files apply all relevant hotfixes, and make the registry modifications necessary to reduce the avenues available to attackers.

What is the real price/feature difference between linux and windows 2xxx

The only down sides of using nt/2k are features that are not available in the o/s for secure remote administration, service level access-control and reliable intrusion/modification detection and e-mail alerting. There are software products available to do this but they are not provided as part of the o/s so they have to be purchased separately also the cost of windows Server and user licences can be prohibitive, and if you are audited, not having the appropriate licences can be costly. This lack of secure remote admin facilities makes it necessary for a small company to either train an in house IT person to make all day-to-day modifications, or to pay for an external support person to visit their site to make day-to-day modifications. {both of these can be securely done remotely but few companies offering this service} With linux all typical windows server functions can be provided as well as many unavailable to windows without additional software Additionally the fact that there is no cost for the software or user licences is a bonus {but function rather than price should be the focus}. The secure remote admin facilities make it possible for all day today admin functions to be done remotely by myself or another competent admin. or to be performed by a relatively inexperienced admin via customized scripts which don't allow him to adversely affect the server.

Last updated July. 2002 Alan Doherty