Once you get over the initial culture shock and myriad cruelties of Linux, it first starts to grow on you and then becomes your preferred way to build or run anything that needs real control, efficiency or tinkering. It’s little wonder then that it’s so popular with developers and administrators and so widespread in the data centre and the server room.
But that’s a distinct minority of people. Among civilians, Linux is mysterious and confusing and most office work gets done on Windows. There’s absolutely nothing wrong with this: as the Toyota Corolla of operating systems, Windows is really quite suitable for these short trips to the supermarket. It’s just that there’s a certain class of IT guy who ends up stuck in the middle of these two worlds – because all these Windows workplaces still need someone to run their Windows servers on their Windows network. Does this mean you have to completely leave behind your carefully collected bag of Linux tricks?
Well, actually, there are a fair few Linux distributions, Linux applications and Windows ports of Linux software that can all find a good place in a Windows network. Each of these can help make your work day easier.
One thing that can slowly drive any network admin nuts is constantly being asked to perform password resets. The best way around this is to ditch those hashing algorithms and store all passwords in plain text so that staff can retrieve them at any time.
Ok, ok, I kid, I kid.. that was just to check that you’re paying proper attention. What you can do to cut down your workload by automating this with a self-service reset tool on the local intranet.
There’s a paid product you can purchase from Microsoft, but it’s honestly not as good as PWM. This open source software can be very quickly set up to run on an Ubuntu virtual machine that sends the password reset instruction to your Windows server. Click here for full instructions to install PWM on a Windows network.
If someone broke into your network, would you have any warning they were there before anything bad happened? In most small business situations, you’d probably have no idea. One thing that can help with this is setting up a honey pot: a computer on your network masquerades as a juicy target to hackers. HoneyPi, built on Raspbian, lets you do this by flashing an image to inexpensive Raspberry Pi device.
Honey pots are often deployed on the outside of a network by security researchers who want to collect intelligence. But HoneyPi is a little bit different: it’s built to go inside your network, more as a burglar alarm. Because there’s no need for any legitimate user to connect to this device to get their work done, any connection attempt or port scanning activity is a pretty reliable indicator of a breach. By running it on a Raspberry Pi, you’ve got a small, discrete box that draws negligible power and can be hidden out of sight, without the worry of a nasty attack breaking out of the sandbox of a virtual machine and then having access to something that matters.
OwnCloud is a synchronised file storage application for seamless backups and collaboration, much like Dropbox et al, except that it’s open source software that you install on your own infrastructure, giving you total control over where and how your files are stored. That’s really helpful if you’re dealing with security or privacy rules that limit your use of commercially available cloud software.
Windows Subsystem for Linux
There’s one big thing that Windows has always lacked: a bash terminal. But now you can fire one up in Windows 10 using the Windows Subsystem for Linux. It’s available in several flavours, including Debian and Ubuntu, and you can run your scripts, binaries, install packages and so on. This uses less resources and is less work to get up and running than a virtual machine.
Nmap for Windows
Nmap, the open source network scanning tool for Linux, is also available for Windows. If you’ve never used Nmap before, it’s a truly excellent port scanning and network exploration tool that’s useful both for security and to diagnose network connectivity problems.
This is a version of Linux that boots from a USB drive and contains utilities to partition hard drives, recover data, and run benchmarking tools. So it’s pretty much ideal for when a machine on your network dies and it’s time to bust out those autopsy and resurrection moves. Download it from the website and keep it on a stick, ready to go.
IPFire is an all-in-one router/firewall/proxy security suite built around the Linux kernel with a huge library of modules and add-ons available. It’s quite happy running in a virtual machine or on bare metal. It’s managed through a web-based interface, and is a little bit different to work with at first, but you learn it very quickly.