Wednesday, September 07, 2005

Buffer Cache -++Sedikit linux ++-

Start.
Untuk melakukan proses baca dan tulis, sebuah file sistem yang dalam keadaan di-mount seringkali melakukan request ke dalam blok device. Semua blok data yang dibaca dan ditulis diserahkan ke device driver pada struktur data buffer_head melalui standar rutin Kernel yang disebut dengan call. Proses ini akan memberikan semua informasi yang berhubungan dengan blok yang dibutuhkan device driver, identifier pada device bersifat unik dan nomor blok digunakan oleh driver untuk membaca blok. Semua blok device ditampilkan sebagai sekumpulan blok yang memiliki ukuran sama. Untuk meningkatkan kecepatan akses ke dalam blok fisik dari device, linux mengatur hal tersebut pada sebuah cache pada buffer blok. Semua buffer blok pada sistem disimpan pada suatu tempat pada cache buffer. Cache ini digunakan bersama-sama oleh blok deice, yang pada suatu waktu terdapat beberapa blok buffer pada cache. Jika data yang tersedia valid dari buffer cache, hal ini akan memudahkan sistem untuk mengakses ke dalam device fisik. Setiap adata yang sudah digunakan untuk membaca dan menuliskan data dari sebuah blok device akan dimasukan ke dalam buffer cache. blok buffer pada cache bersifat unik karena adanya kepemilikan device dan nomor blok pada buffer. Buffer cache dibagi menjadi dua bagian fungsi. Funsi pertama adalah daftar blok buffer yang kosong. Buffer ini tidak memiliki ukuran karena tidak ada blok buffer didalamnya. Fungsi kedua adalah cache itus sendiri. Ini merupakan sebuah tabel hash dari pointer ke rantai buffer lainnya yang memiliki hash index. Hash Index berasal dari kepemilikan device dan nomor blok dari blok data.

Linux mendukung beberapat tipe buffer yang menggambarkan keadaan buffer itu sendiri diantaranya clean, locked, dirty, shared dan unshared.

Stop

BGP -++sedikit bicara++-

Apa ya...hmmm
bismillah
Border gateway Protocol (BGP) adalah sebuah protokol routing inter-Autonomous System. protokol ini dibuat berdasarkan pengalaman yang diperoleh dari teknologi EGP (apa ya EGP) sebagaimana terdokumentasikan dalam RFC 904, RFC 1092 dan RFC 1093(cari sendiri deh).
Fungsi utama sistem BGP adalah untuk bertukar informasi network yang dapat "dijangkau"(reachability/reachabilitas) oleh sistem BGP lain, termasuk didalamnya informasi-informasi yang terdapat dalam list autonomous system (AS). Informasi tersebut dibutuhkan untuk membuat grafik konektivitas, sehingga memungkinkan beberapa loop routing dapat dipangkas dan keputusan policy pada tingkatan AS yang dapat dibuat.

Untuk membuat keputusan policy yang bisa dikerjakan oleh BGP ini harus memperhatikan kaidah bahwa satu BGP speaker melakukan pemberitahuan(advertise) ke BGP speaker lainnya (peer).

Kaidah ini mencerminkan paradigma routing umum "hop by hop" dan beberapa diantaranya membutuhkan teknik lain seperti source routing.

contoh, BGP tidak mengizinkan satu AS mengirim trafik ke AS-neighbor jika trafik tersebut diambil dari rute berbeda. dengan katalain, BGP hanya mensupport policy yang mengikuti paradigma routing "hop by hop" -- dan karena internet hanya menggunakan paradigma routing "hop by hop", sementara BGP dapat mensupport policy-policy yang sesuai dengan paradigma tersebut --- maka jelas BGP sangat memungkinkan untuk diaplikasikan sebagai sebuah protokol routing antar-AS diantara koneksi-koneksi internet.

Sekarang kita bahas mengenai jenis protokol bgp dan laen laen.

BGP berjalan melalui sebuah protokol transport. ini untuk mengiliminasi kebutuhan-kebutuhan fragmentasi update, retransmisi, acknowledgment dan sequensi. Skema-skema authentifikasi yang digunakan oleh protokol transport dapat juga diikutsertakana ke mekanisme autentifikasi BGP.

Protokol yang digunakan BGP adalah TCP. BGP menggunakan port TCP 179 untuk membangun koneksi-koneksinya.

Istilah Autonomous System - sistem otonom - (AS) menurut definisi agus dan asep adalah seperangkat router yang berada dibawah otoritas/administrasi teknis tunggal. Untuk merutekan paket antar - AS interna, kita akan membutuhkan Interior Gateway Protokol(IGP). Sementara untuk merutekan paket ke AS lain, kita membutuhkan Exterior Gateway Protocol(EGP).

ah lieur


sumber: www.cisco.com (teuing nu mana)

wasalam

Keren bro Google earth

* Keyword "fanani=Aku adalah seorang pembajak, tetapi bukan kerbau, aku adalah pembajak win**" *

Sudah 1 Minggu aku terus-terusan jalan-jalan dipetanya google earth, sangat kereen.
Tiap malam pasti jalan-jalan. Thanks google.

http://earth.google.com/downloads.html

try it or leave it

PS: buat pengguna linux dan unix mungkin hanya pake http://maps.google.com :|:

Saturday, September 03, 2005

KEPINCUT google adsense

Jadi ngiler lihat http://pribadi.or.id/diary/2005/08/22/baru-tiba-google-adsense-cek/.
Turunkan lah dolar mu ankel samiri.
Sori nambah iklan juga.

Friday, September 02, 2005

Ten-Minute Guide To Network Security

Ten-Minute Guide To Network Security

The Internet can be a dangerous place, full of viruses, worms and hackers bent on doing harm to your network. "Security first" has become a kind of mantra for IT professionals and CIOs, while regulations like Sarbanes-Oxley have made network protection as much a question of legal responsibility as good business sense.

But between upgrading the local area network (LAN) to Gigabit Ethernet, deploying voice over IP (VoIP), putting out network fires and making sure everything runs smoothly, many IT managers are already stretched to the limit. Security can be a complex, expensive and time-consuming business.

Nevertheless, every great journey begins with a single step, and even if you only have ten minutes to devote to the project, you can still use that time to get the security ball rolling. "I think the key is not to think about securing your network in ten minutes," says Jason Hilling, Director of Managed Security Services Product Management at Internet Security Systems, "but to get the whole process started in those ten minutes."

So if you've got free ten minutes, here's what to do --- follow our ten-minute guide to network security.

Evaluate your security policy: Every organization needs some kind of security policy, but it is often surprising how many do not. The problem, of course, is that network security is often perceived as a technological problem that you can throw money and gadgets at to make better. If things were that simple, then worms and hackers would be a thing of the past.

"Every organization needs a policy to ensure that processes and procedures are in place to ensure security," Hilling says. "What are the acceptable use criteria? How are your systems built and have to ensured that there are no extraneous devices in the network or applications on networked devices? What are the acceptable communications applications? These are all things that you can deal with."

Hilling concedes that it takes time to develop a security policy and that no one can get the job done in ten minutes over coffee. But like all processes, this one can get underway quickly, with the decision to start and the selection of a manager who'll be responsible to plan and implement the policy.

Vulnerability Management: "One of the most important things you can do when you have limited time is to find out where you are vulnerable," Hilling says. "To a certain extent, everything follows from this."

As with the creation of a security policy, an audit of an organization's vulnerabilities can be a very daunting and complex process. "But the process has to be done," Hilling says. "Most security problems aren't related to the wily, determined hacker who uses his cunning to get into your network, they're more likely related to worms and denial of service (DoS) attacks."

Worms and DoS attacks exploit known network vulnerabilities. Consequently, the best way to defend against them is to find the flaws before the attackers do. It will take time to sift through every switch, router and server on your network, of course, but Hilling is quick to point out that it takes virtually no time at all to start the process and delegate someone to see it through.
Patch management: "Once you have the process in place to identify vulnerabilities, you then have to ask how you are going to patch them," Hilling says. "Patching can be the most important thing you can do."

As with everything else, this can be an involved process, but Hilling points out that it takes second to decide to implement a patching strategy and another minute to delegate someone to oversee it. "Patching is something that organizations can easily fall behind on," Hilling says. "Someone has to be responsible to see that that doesn't happen."

Get informed: The best way to stay on top of security vulnerabilities, of course, is to make sure you know about them before they bit you in the tender parts. That means taking the time to scan the latest warnings and maybe even reading your favorite networking or security websites over coffee. It doesn't take long to stay informed once you are informed but, as with everything else, you have to take the time to start the process.

"There are a lot of solutions that can bring security intelligence to you," Hilling says. "If you don't have the time to address security yourself, any good managed service provider will deliver intelligence to its customers about what's out there."

Go shopping: Even if security is not strictly a technology issue, you need technology to secure your network. It's probably not a good idea to drop $10,000 on intrusion prevention systems and firewalls in ten minutes -- and the board of directors would have your head if you did -- but it only takes a few minutes to see what what's out there.

Think of it as security window shopping, but take the time to think about what you need and how you will deploy it. "You need to look at security technologies from three levels," Hilling says. "First, what do I need to do to protect the network as a whole, secondly, what do I need to protect my servers. Finally, how will security impact my end users."

sumber: http://www.linuxsecurity.net