Stealth USB mail server


Forum: USB booting
Topic: Stealth USB mail server
started by: yttrium

Posted by yttrium on Jan. 12 2005,18:34
Hi all,

I haven't a clue how to do this, but this seems the most likely place to ask for help.

My supervisor (a passionate apple user--I've been working on him) and I (a PC Linux supporter) have an IT department that is completely married to MS products.  They kindly forwarded a full MS-Outlook configuration file containing all of the company's contact information.  Since neither he nor I use MS-outlook, this file was less than useless.  It also needs to be configured on each client.  

So that got me thinking:  I'd like to have just a remotely-configurable and updatable email reflector/server in which we can add and subtract contact information.  I.e., so that we can enter in new employees, and put them in groups so that someone can email 'marketing@company.com' and not have everyone in 'engineering@company.com' get stuff intended to go only to marketing.

We only have about 250 employees, so once it's set up, it should be relatively easy to maintain.

Here's the challenge:  I'd like to put the OS on a flash drive (USB), connect it to a standard ethernet port, and hide it somewhere in the building (hence the need to remotely activate and configure it.  We'd assign it an IP address (192.168.X.X) far enough out to not cause any problems.  

And we don't want to let the IT department know where it is, or even that it exists.  We figure that we'd let them figure it out.

We're all on one side of a firewall and router, so I don't think that security concerns are much of an issue, and as we only want to use it as an email reflector back to the mail.company.com main email server, there really isn't the need for a lot of storage.

So the scope of the project requires the following parameters:

1.  OS required (disk space)  

2.  List of services required (mail service, etc.)

3.  Hardware:  128 Mb USB Flash drive

4.  Some type of connector/interface between the USB and the internet network.  Is there a dongle/commercial type of product that will work?

5.  Can we have it self-powered off of the etherenet cabling itself?

Any ideas on any pieces (software or hardware) required to set this up are welcome.  Please post back here.

Posted by green on Jan. 13 2005,01:12
[/QUOTE]Here's the challenge:  I'd like to put the OS on a flash drive (USB), connect it to a standard ethernet port, and hide it somewhere in the building (hence the need to remotely activate and configure it.  We'd assign it an IP address (192.168.X.X) far enough out to not cause any problems.[/QUOTE]

Are you saying that you want to plug a USB pendrive into an ethernet port at a desk or someplace, then 'make it run' ? You need a PC to plug the USB pendrive into. There's no way around that. The USB will not 'run' an OS, it will only store an OS, like a hard drive stores things. The PC acutally does the work.

[/QUOTE]And we don't want to let the IT department know where it is, or even that it exists.  We figure that we'd let them figure it out.[/QUOTE]

There is a reason your IT department does the things they do. Whether or not you agree or understand it, is irrelevant. Besides, they would probably figure it out and then confinscate the hardware and could possibly accuse you and your co-conspirators of a security breach because you have PRIVATE company info stored on removable media, which could be easily removed from the premesis and sold to the highest bidder. Finding things on the network is fairly easy. The size of the object is of no consequence. My IT department would have HR inform you that your services are no longer needed. Also, I might even meet you outside in the parking lot inquiring why you had info about me in your possession and question you about any other possible data you might have gotten your paws on.


[/QUOTE]4.  Some type of connector/interface between the USB and the internet network.  Is there a dongle/commercial type of product that will work?[/QUOTE]

Yeah, it's called a computer.

[/QUOTE]5.  Can we have it self-powered off of the etherenet cabling itself?[/QUOTE]

No. Refer to number 4.


Now, my 2 cents.
It is the type of thing you suggest that frustrates IT staff to no end. I am not trying to dog on you, but you obviously do not understand the basics of networking (for starters) or hosting email services in a coroporate environment, or hardware platforms. You have a neat idea, but not in a company/corporate setting. I suggest you do some studying, or stay out of the IT business.

Posted by yttrium on Jan. 13 2005,15:30
I thought it would have been obvious from my post that our IT department does not seem to be able to provide multi-platform management now.  

We had slow DNS service on the half of the virtual private network that the engineers were on last week.  Internet pages were taking *minutes* to access (each page).  The frustration level was palpable.

The IT staff didn't have a clue that their network was not servicing the user base until I went to them and demonstrated it.  Turns out that they were all configured on the *other* VPN.

The idea was to set up an email reflector and manage the mailing lists.  That provides a single-point in the email process chain.  That impacts the security model less than the various viruses that come around, infect machines and then start blasting emails out.

And we'd demonstrate a creative way to manage a mailing list with few resources required.

As for hardware, how about something like this commercial product:?

< http://www.usbfirewire.com/Parts/rr-usb-ethernet-2996.html >

Posted by SaidinUnleashed on Jan. 13 2005,16:06
That is only a network adapter. Just like any pci or pcmcia card.

It still requires a computer.

Also, let me echo Green's statement.

This is REALLY not a good idea. Your company/employer has its network set up a certain way for a reason.

If it's slow, they are probably having technical problems. Give them time to fix it.

Is this really worth your job?

I worked, for a while, for a company that did network management by contract. One of the terms of the contract is this.

<snip>Under no circumstances may an employee of <contract holder> (its a form) place a node (earlier defined as a computer, printer, or anything else that can make use of a network connection) on the network managed by <our company, edited to prevent spam> without the explicit permission of <our company name again> and <contract holder>. Any violation of this is grounds for termination of this contract, as defined in section A.5 (i think) of this document (which basicly says that we pack up and leave, and the contract holder has to pay the total amount of the contract within 180 days).

Every time someone has EVER put something on our network without telling us, they have been terminater (fired) within 30 minutes. Even a lousy sysadmin will know that there is a new node on the net within a few minutes. This is not actually part of our contract, but is in many. And it's expected with us, since most companies don't keep the capital on hand to pay off a 2 year, <insert ungodly amount of $$$ here> in 180 days. (I don't know the amount of the contracts, usually. The other guys handle that. And even half a million dollars spllit between 10 or 20 guys, after a hundred thousand dollars or so of expences isn't really that much.)

And this is NOT an unusual part of a contract. Every company in this business that I know of has something similar.

So I ask again. Is it worth your job?

Think BEFORE you act.


-J.P.

Posted by yttrium on Jan. 13 2005,17:48
I think that people are missing the philosophical argument:

The user base should not accept poor service and design from software, hardware and configuration.

Isn't that one of the reasons why Linux is so popular and diverse?  (Someone doesn't like how things are working/behaving so they rewrite the code to add the capability or imrovement).

BTW, I have suggested (tactfully) to our IT staff that maybe it would be a good idea to set up company-wide centrally managed email lists.   It's been a looong while since then.


As with most places (I suspect), the user base just gives up complaining.  This reduces the efficiency of the organization overall.

I'll have to think a little more on the hardware.  Will require processor, of course, but still intriguing.  Might generally be easier using wireless.

Posted by green on Jan. 14 2005,06:24
Quote (yttrium @ Jan. 13 2005,12:48)

"The user base should not accept poor service and design from software, hardware and configuration."

Have you considered the costs associated with having the best of everything in regards to the IT environment? One single piece of equipment can cost hundreds of thousands of dollars, or more. IT staff can only do what they can with what they have. If you want to complain, then provide an alternative. But provide one that is reasonable and adheres to standards. Standards are there for a reason also. So is procedure and process. Keep those things in mind if you want to take over the IT department.

"Isn't that one of the reasons why Linux is so popular and diverse?  (Someone doesn't like how things are working/behaving so they rewrite the code to add the capability or imrovement)."

Yes, to a point. However, if you think a redesign of infrastructure is in order, perhaps you should learn what the infrastructure and all of it's components are and what they do. It is apples to oranges to compare writing code based on another code to improve upon it, vs. redesigning the way IT technology currently operates in a given environment.

"BTW, I have suggested (tactfully) to our IT staff that maybe it would be a good idea to set up company-wide centrally managed email lists.   It's been a looong while since then."

Perhaps they are waiting on the funds to do just that. Perhaps those with the money can not comprehend why he/she should spend the company's money so you will be happy about your email and have even more resources to email all your freinds. Also, it is a good thing that every IT department doesn't do what the client's want them to. Otherwise, everyone would have an OC12 ATM connection to their PC that goes straight to their favorite online shopping palace. They probably just ignored you, as they should.

"As with most places (I suspect), the user base just gives up complaining.  This reduces the efficiency of the organization overall."

Most company's (including small one's like the one you mention) can not afford to bow to every employee's whim, especially when those individuals complaining  do not have the expertise needed to suggest appropriate means of resolution. All the non-legitimate complaing also reduces the efficiency of the organization.

"I'll have to think a little more on the hardware.  Will require processor, of course, but still intriguing.  Might generally be easier using wireless."

A wireless solution is not solving the other issues. Wireles is also not as easy as physical connections if done correctly with appropriate security and installation. It would be 'neater,' but not practical. Wireless is also considered a security risk. Any one with a few hours and some old cheap/free hardware can access the WEP key's for the regular run of the mill wireless solutions. You get what you pay for. The higher end hardare, not for consumers, is much better but still not risk free. Physical connections in controlled environments is the way to go. That's why IT departments do it that way.

"I thought it would have been obvious from my post that our IT department does not seem to be able to provide multi-platform management now."

Money. Money. And, Money. Those three words will prevent any department from supporting any multi-platfrom, from diving boards to data. Most IT people know more than one platform, becasue most like what they do, but that does not mean that the corporate big dogs will pay for it. It's not cheap. Besides, multi-platform in a more detailed sense, is already being done there according to your posts. You just don't recognize it.

"We had slow DNS service on the half of the virtual private network that the engineers were on last week.  Internet pages were taking *minutes* to access (each page).  The frustration level was palpable."

Was it due to a malfunction of the DNS server? Or was the ISP experiencing issues? How many people were accessing eBay or steaming audio from SHOUTcast, etc? Perhaps the firewall was busy blocking traffic to places that should not be visited whilst folks are at work, or the syslog server was getting full and screaming that it's memory was low as well? It is very easy to pick up on terms that you've heard thrown around and use them for blame. The behind the scenes action is generally not know by the clients, and for good reason.

"The IT staff didn't have a clue that their network was not servicing the user base until I went to them and demonstrated it.  Turns out that they were all configured on the *other* VPN."

Usually, it is the clients perception that is the issue. You may well have had an actual issue, I would not discount that. However, if VPN's are setup, they are done so for a reason, especially when one department is 'quarantined' off from another. Why do they want to keep you separte from them? That answer would probably clue you in.

"The idea was to set up an email reflector and manage the mailing lists.  That provides a single-point in the email process chain.  That impacts the security model less than the various viruses that come around, infect machines and then start blasting emails out."

Do you know where 99% of viruses come from that effect an internal environment? Email. Do you know what the average *business* usage of email is? 20%. That means that companies are paying for 80% of your electronic jokes and pictures, not to mention spam and other undesireable taxes on IT resources due to people not using common sense about where they post their email address or how many discount coupons they sign up for using their company email. If they could use 80% less email server services and 80% less bandwidth, they could probabloy hire more IT staff and equipment.

"And we'd demonstrate a creative way to manage a mailing list with few resources required."

I thought you didn't want the IT people to know about it? Again, things are done the way they are for a reason. That does not mean you need to like it, you just need to accept it.

"As for hardware, how about something like this commercial product:?"

This, again, demonstrates the need for education. I see you are excited and persistent. Those are great qualities and I admire them. Use them to educate yourself on the various hardware platforms and standards that would promote your goal. Use them to learn about the various network topology standards and transport mechanisms in order allow your hardware to communicate efficently and properly.

What you are seeking to do has already been done. Not trying to burst your bubble, but it has been done properly. There are many ways to accomplish this task without re-inventing the wheel. It should be done right the first time, and with a qualified and experienced IT staff to do it. It seems that the vast client base seems to think poorly of their IT department. If the clients actually knew what the IT staff has to do in order to try to keep the peace in the network environment alone, the clients would have a better undestanding of the misconceptions and how the clients themselves are usually the cause of IT budget issues and problems in the infrastructue. Otherwise, you wouldn't need an IT staff because things would work and no one would be trying to usurp control and messing around with things they have clue about.

One more thought, don't go playing around with assigning your own IP addresses. In my experience, anyone who causes a conflict like that get's an ACL with their name on it.

Posted by John on Jan. 14 2005,10:06
I don't think you guys are going to agree on this, so let's just let the subject be.
Posted by green on Jan. 14 2005,23:18
Okay.
I guess I just got sent to my room.

Posted by Geo on Feb. 08 2005,22:22
Quote
Do you know where 99% of viruses come from that effect an internal environment? Email. Do you know what the average *business* usage of email is? 20%. That means that companies are paying for 80% of your electronic jokes and pictures, not to mention spam and other undesireable taxes on IT resources due to people not using common sense about where they post their email address or how many discount coupons they sign up for using their company email. If they could use 80% less email server services and 80% less bandwidth, they could probabloy hire more IT staff and equipment.


90% of statistics are pulled out of very convient asses

Posted by [Anonymous Coward] Midas on Feb. 09 2005,00:20
What I just read through is how righteously arrogance put out a sound technical question; I find it ugly... :angry:

yttrium had an interesting technical challenge; did he get an answer? Not even a hint; he got smoked instead. Green & SaidinUnleashed seem to think they own the truth.

Sound advice is always welcome, but lecturing on a situation one knows only from speculation like it was the gospels looks to me very much like a tumbleweed service... you know, Dodge City, midday shootouts, common folk packing, tumbleweed blowing in?

Posted by green on Feb. 09 2005,01:36
For the record (..and not arguing, so i don't get a 'time out'):

Maybe I was a little strong in my responses. What you see here is two sides of the fence. One is a user or client, the other is "an IT guy."
I am not speaking for all frustrated with the client IT guys, but sometimes it get's to you. You know?

I apologize if I came off a little too strong, but I still believe that the attempt that was being made was being made in the incorrect way nor with the proper knowledge.

So, to avoid "getting grounded" by John. I can't say anymore than that and I promise to play well with others....

Posted by ke4nt1 on Feb. 09 2005,07:18
Allow me to add a few brief points...

Quote
What I just read through is how righteously arrogance put out a sound technical question; I find it ugly... :angry:
yttrium had an interesting technical challenge; did he get an answer? Not even a hint; he got smoked instead. Green & SaidinUnleashed seem to think they own the truth.
Sound advice is always welcome, but lecturing on a situation one knows only from speculation like it was the gospels looks to me very much like a tumbleweed service... you know, Dodge City, midday shootouts, common folk packing, tumbleweed blowing in?


You, Mr. Coward, have been drinking a bit too much of Doc Holiday's juice,
or smokin too much crack...

The "interesting technical challenge" you refer to was to..
1. infiltrate a company network, unbeknownst to IP/staff,
   and "hide" hardware which will handle sensitive company info and email.
2. jeopardize the security of this network, and risk failure or intrusion
   by third parties due to lack of protocol and procedure (i.e. wireless)
3. Taking company owned property and resources clearly managed by a
   team of professionals, and using them for a revolutionary cause.
Quote

{ The user base should not accept poor service and design from software, hardware and configuration.}
{ our IT department does not seem to be able to provide multi-platform management now.}  

yttrium,
If you don't like the way the company that has employed you runs their IT,
then leave..
You are obviously not familiar with protocols or hardware in an IT environment.
( gotta admit, I got a good laugh out of your standalone USBKey mailserver! )

Quote
so that we can enter in new employees, and put them in groups so that someone can email 'marketing@company.com' and not have everyone in 'engineering@company.com' get stuff intended to go only to marketing.

To create the "groups" and email forwarders you seek, the IT department
could easily set this up in a matter of minutes with their mailserver.
I do it frequently for several companies.
Obviously , they don't WANT to..
Perhaps their idea of proper management and policy enforcement is to
have all of their email services centralized..

Quote

I have suggested (tactfully) to our IT staff that maybe it would be a good idea to set up company-wide centrally managed email lists.

Quote

They kindly forwarded a full MS-Outlook configuration file containing all of the company's contact information.


Seems that they have one, and forwarded it to every user...

Perhaps you could setup, using only a few computers OF YOUR OWN,
a small demonstration of what you have in mind, how it would work, etc. ,
that you could share with your IT staff.  Then let THEM decide..

Taking matters into your own hands is not the answer.
SaidinUnleashed and Green have both stated this clearly to you.

What would you think, if you found out that an employee of a company,
who was "trying to be innovative" caused the failure or loss of security
to a network that handled your friends or relatives medical records,
while they were in critical care? Or your credit card information?
Maybe your driving or criminal records? Bank Statements?

Companies have good reasons to keep a tight rein on their IT .
IT has good reasons to keep a handle on their network usage .
IT makes the rules.  If you don't like it , get your OWN somewhere else.

I feel that SaidinUnleashed and green HAVE given you good advice,
contrary to what Mr. Coward has posted.  Work WITH your IT,
and should they choose to continue without your innovation, then so be it.

Corporate IT is not the place to wear your "Mr. Fixit" hat.  
Do that at home, on your own network, and with your own computers,
then tweak it, package it, and sell the hell out of it.

73
ke4nt

Posted by MrG on Mar. 02 2005,16:31
For what its worth...
yttrium had a valid question. Just because you don't AGREE with his choice, does NOT mean you can bash him live you've been doing.

First: Yttrium, they might be right. Make sure you're not gonna get your rear handed to you. I can think of a couple ways to do this that are relatively cheap(50$).. and would work pretty good.

Second: Someone said, and I quote "any good sysadmin will know that there is a new node on their network in 30 minutes or less." Somehow, I doubt that. I've worked for three major companies, and in all 3 the sysadmins didn't know IPv4 from IPX. Maybe I just worked for crappy companies, but shrug.

Third: "Major breach of security"... by taking his departments e-mail and setting up some mail reflections? Relax. Unless he's got a level 5 security clearance(I watch too many movies...) you guys are going way over-the-top.

Now, yttrium, you could probably get away with getting a Linksys WRT54G router, and installing a flavor of linux on it. I've seen it done, converting wireless router into embedded linux server. With that, you could probably get it to read data from a network share somewhere and use that for the address book/etc. Look around online, there's many conversions for it.

Hope that helped,
George

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.