Wednesday, June 27, 2007

How Long Does Throat Abscess Last

We design a home WiFi network password

WiFi technology has always interested me, but I realized early on that the security issues that you should meet with a design surface, are immense. It 's a very difficult topic to be explored, but I liked this article "A More Secure Home WiFi Design" that will translate synthesizing a bit' as usual ...

I'm convinced that home wireless networks are poorly designed and I also understand why the producers of this equipment they are complicit!

I think there is a better way to build a wireless network that guarantees to keep your system safe while users surf the Internet.

Questo post è organizzato in tre parti:

  1. Le falle presenti nel modo attuale di progettare il WiFi
  2. Un design WiFi migliore
  3. Configurazioni avanzate

WiFi è rotto

Se avete fatto ciò che comunemente si fa per implementare un router wireless, avrai seguito questi passi:

  1. Fase di design - “Vorrei navigare in internet e vedere la TV allo stesso tempo. Prenderò un router WiFi per sostituire il mio router.”
  2. Fase di scelta dell' hardware - “Quale scegliere?”
  3. Fase di realizzazione - “Scollego il vecchio router, connect the new ... I look for the WiFi connection ... Done! "

What you have created looks like this:

Bad WiFi Basically you give full access to your network to anyone with a wireless network card and is nearby. You could pull a long cable out of your door and put a neon sign that says "Free Internet Access! I can only pray that no one nearby is using Slurpr .

AND 'frightening verify that more than 40% of wireless networks released today is configured this way.

There are four primary areas of weaknesses in this project:

  1. Configurazione della connessione WiFi
  2. Configurazione del Firewall
  3. Accesso ad Internet
  4. Accesso alla rete

Diamo uno sguardo più approfondito a questi punti.

1. Configurazione della connessione WiFi

La maggior parte dei firewall wireless sono disegnate per essere facili da configurare, non sicure. Questo perchè i produttori di hardware non venderebbero un prodotto che il consumatore non fosse in grado di configurare o usare. Poichè la sicurezza nel WiFi è ben oltre la comprensione della maggior parte degli utenti, viene spesso trascurata. Non è insolito trovare connessioni WiFi con:

  • broadcast SSID Broadcast
  • Code default SSID
  • SSID that identifies the network gains no or weak encryption
  • No authentication with MAC address authentication without
  • shared key (key shared) or certificate
  • connection set so adhoc

2. Configuring the Firewall

As for WiFi, too often the firewall is configured with the least amount of security parameters, so it is easily usable. Many systems are configured with:

    Default admin password
  • active DHCP
  • Large areas
  • Default DHCP subnet mask (IP subnet)
  • No SSL encryption
  • Open a console on an external port for admin
  • Without monitor log files

All this raises security issues.

3. Allow free access to the Internet

Anyone happen to your wireless network will have full access to the Internet. This may not be taken as a problem at first, but there are some things to consider:

  1. If you have a limited bandwidth in upload and download from your provider Internet, potresti dover pagare un canone mensile maggiore se qualcuno fa uso intensivo di software p2p per fare enormi download di dati
  2. La maggior parte degli ISP per contratto vieta di condividere la la connessione ad internet con altri. Quindi se imposti una connessione wireless con libero accesso ad internet potresti violare il contratto e quindi perdere la stessa connessione.
  3. Se qualcuno usa la tua connessione ad Internet per compiere attività illegali (es. accedere a siti di pedofili) la polizia potrebbe verificare la proprietà della connessione ad internet tramite l'indirizzo IP e incolparvi per dei reati che non avete commesso.

4. Libero accesso alla rete

L'aspetto più annoying design a WiFi network design is that it bypasses your firewall that it should do: keep others off your local network. The wireless access is in fact allows its users to belong to the same network that has your system safe. " And if you're not careful to protect your PC, and neither were you in designing your wireless network, you understand that your personal data are in serious danger of theft.

A better design for WiFi

I spent some time thinking about how to improve the security of your WiFi network and I put forward this solution to help you put things more secure by eliminating vulnerailità in abbiamo parlato. La soluzione comprende:

  1. Mettere in sicurezza la connessione WiFi
  2. Mettere in sicurezza il firewall wireless
  3. Limitare l'accesso ad Internet a utenti pre-definiti
  4. Separare i computer della rete casalinga dagli utenti ad accesso wireless

Good WiFi

La cosa simpatica è che molte di queste operazioni possono essere fatte senza costi aggiuntivi perchè basta usare l'hardware che già possiedi.

E la soluzione è sufficientemente flessibile da consentirti di fornire accesso Internet a utenti WiFi con un minimo costo aggiuntivo.

1. Mettere in sicurezza la connessione WiFi

This is the most important part of the process. If you set this feature well, you can remove the greatest risks to your network. Follow these steps:

  1. Use WPA2 encryption for all communications
  2. sure to use certificates or shared keys for encryption
  3. not disclose your SSID broadcast. You should only do so in testing
  4. Change your SSID to something obscure kind 89cyr65g6vwe . Obviously do not use the default SSID that comes from the hardware vendor or worse information such as your phone number, name, address ...
  5. Use MAC address authentication to ensure that only alcuni specifici sistemi possano accedere al link WiFi
  6. Usa la modalità infrastructure , non quella adhoc , per la connessione

Fatte queste configurazioni siamo al sicuro? No. E' possibile avere accesso alla connessione WiFi se si conoscono le seguenti informazioni:

  • La tua chiave WPA2
  • Il tuo SSID
  • Il tuo indirizzo MAC

La persona che vuole accedere deve inoltre sapere come modificare il proprio indirizzo MAC della scheda wireless. Non è impossibile, ma ci vuole troppo lavoro per accedere alla rete di qualcuno.

E' molto importante usare la modalità infrastructure per la connessione . Deve essere settata nel firewall e nella scheda di rete wireless. In questo modo non sarà possibile usare la scheda di rete del tuo portatile come ponte wireless per accedere alla tua rete.

2. Mettere al sicuro il Wireless Firewall

Il passo successivo è mettere al sicuro il firewall wireless. E' importante perchè se permetti di violare il tuo firewall, tutte le altre misure di sicurezza possono essere forzate senza che tu neanche te ne accorga.

Assicurati di effettuare i seguenti passi:

  1. Cambia la password di amministratore (root o admin password)
  2. Utilizza criptaggio SSL per tutte le connessioni web tra firewall e Lock your system
  3. any external management interfaces
  4. Disable DHCP or at least set it to a range that is low in one or two IP addresses, setting the addresses reserved for DHCP
  5. Change the factory default subnet
  6. Create a small internal subnet. Use as a mask to 28 (2555.255.255.240) or 29 (2555.255.255.248) bit to limit your network to 14 or 6 respectively
  7. not allow hosts to ping external interface
  8. Log of all activities, preferably on an external device
  9. Keep a backup of the configuration in case something happens to the firewall configuration and jump

The downside in this way you will have to manually configure your devices you can connect to WiFi, but it's the price you pay for network security.

3. Restrict access to the Internet

With the above configuration you have in fact elimni access to the Internet to anyone who does not have permission. To access the Internet, a cracker should know the following information: Your SSID

  • The key WPA2
  • Your MAC address and your subnet and subnet mask: that is, IP network (eg 192.168.1.1) and the net (255.255.255.0)
  • A static IP address available
  • The name of your ISP to get DNS settings

4. Segment the network

With the home network behind the firewall, you are protected not only by users on the Internet but also by people who have enough information to groped a WiFi connection. It 'important to protect network systems and ensure that they are not violated.

Fortunately, many people are upgrading their drive with a wireless router, so it takes very little to integrate the second router in their network environment.

A contraindication to this simple configuration is that if you want to access shared resources on your network, you need to make changes as explained in the next section.

Advanced Configuration

This is just the tip of the iceberg. You can make several changes to the configuration for increased security or greater flexibility. Some ideas include: Making

  • VPN access to resources behind the firewall with SSH or SSL VPN solutions
  • Add a web proxy to access the Internet through authentication (username and password)
  • Implement IPSec for all network communication

Conclusions

Many of the default configuration of WiFi devices leave much to be desired with regard to safety, but a little effort in planning can afford to build an infrastructure much more secure at no additional cost.

Posted by admin at 7:20 AM 0 comments

Tuesday, June 5, 2007

Mario Lanza Beer Mats

O how beautiful ...


I read this article about password security, we feel a bit 'what to say ...

With the proliferation of web services we are forced to create new accounts, and to invent new and imaginative username password.

The solution to always use the same password or write them on a sheet of paper, rather than a spreadsheet, it is not very recommendable.
What should you do then those who surf the net? If you have more than one dozens of web services, surely he could not remember by heart. It 's time to use a password manager maybe free.

We see 10 useful services to manage your passwords:

  • Firefox or IE : The famous browsers offer a fairly safe way to store usernames and passwords for websites, simply type the first time and accept the request to store the credentials for that site. It 's very convenient and saves a lot of time, but it can happen that the password be lost, thus requiring reinsertion. If you've entrusted exclusively to the browser as a historical memory, you're in trouble. " Moreover, this solution is valid only for online passwords, not for network or computer.
  • KeePass : One of the most popular password manager is KeePass is as open-source, free and cross-platform - available for Windows, Linux, OS X, and mobile devices. Keep all your passwords, whether online or offline, in a secure database, so you should only remember the master password. Make sure that the master password is safe!
  • Clipperz : Unlike most password managers, this is a solution online - so you can access them from any computer connected to the Internet. Remember not only passwords, but also the credit card account numbers, just about anything. Store passwords and other private information online can make nervous, but Clipperz uses an encryption method that prevents the operators of this site to know what is stored. It 's a good solution if you want to access your password from multiple computers.
  • OSX Keychain : If you use a Mac, you are familiar with Keychain, which comes in OSX. In practice it is a password manager that uses your OS X admin password as the master password.
  • KeyWallet : Windows only, this little utility is placed in the system tray, and reminders when you enter a password. Being a utility, is independent of the browser.
  • Password Manager Plus: The toolbar of Billeo Free Password Manager Plus works with both Firefox and Internet Explorer, and also stores information other than passwords, such as credit card numbers and more. It also allows you to automatically fill the fields with your personal information when you shop online.
  • Password Hasher : This extension for Firefox generates passwords in a secure scrambling your master password with the name of the website visited. The passwords generated by this extension are by far better than what you invent yourself.
  • PasswordSafe : This free online service is compatible with any modern web browser, for each OS, and there is a desktop version for Windows or Mac In short, it uses a method of secure encryption to store your password or other personal information.
  • Password generator: This is a small bookmarklet that combines your master password with the name of the site to create more reliable and different password for each site. Very convenient and simple.
  • Algorithm: The best solution is not necessarily technology - difficult to remember passwords can be simple to use as a way to change a password base using the name of the online service to which you are connected. For example, if you have a base password of "xlg519" you can add the first and last two letters of the name of the service ("amon" for Amazon) and get your new password!

Some notes on passwords:

  • Never give out your master password if you use a password manager. Be sure to never forget it.
  • Do not write passwords on little pieces of paper stuck on your desk or on the side of the monitor. If you are stolen, you just have to curse yourself.
  • Managers passwords are not safe on a computer that we share with others - just run it on computers that only use us.
  • Use common information for the password is not secure - such as your birthday, initials, birthday, children, names, etc.. Obviously, no password is a secure password.
  • Use the same password for each service is not a good idea because once discovered a thief has access to all our accounts.
What can I say ... I have to start using it too, am a service password manager!
Posted by admin at 5:26 AM 0 comments

Monday, June 4, 2007

Where Can Wow Tcg Cards Be Bought In Toronto

Transfer files securely with SFTP

I've had to transfer files between linux workstations on the network, and often I used google each time, but now I found an article simple and clear that it is worth translating for you


Il protocollo FTP (File Transfer Protocol) è stato il più utilizzato per trasferire file tra computer. Tuttavia esso invia informazioni di autenticazione e contenuto dei file in chiaro, cioè non usa la crittografia dei dati, quindi non è un modo sicuro di comunicare. Secure Copy (SCP) e il più robusto SSH File Transfer Protocol (SFTP) mirano a migliorare la sicurezza fornendo dati attraverso una canale completamente criptato. Puoi usare queste alternative per trasferire file in sicurezza su Internet o qualsiasi altra rete non sicura.

Sia SCP che SFTP si basano sul protocollo Secure Shell (SSH). SSH stabilisce un canale criptato di comunicazione tra computer using Public Key Infrastructure . SSH uses crittagrafia for exchanging data for authentication and subsequent data transfer.

The SSH server and client software is shipped with most modern operating systems. For SCP and SFTP client are available as part of the OpenSSH suite in most Linux systems. Except for SCP and SFTP, SSH features are a suitable platform for remote shell session to create graphics and desktop connections, using SOCKS proxy for safe navigation and routing of TCP / IP.

SCP and SFTP

SCP is a descendant of Remote Copy (RCP). Unlike FTP, you can specify with SCP che devono essere preservate le modifiche dell'orario, tempo di accesso e modalità di accesso del file originale. Inoltre SCP può richiedere attendere una password se impostata, prima di effettuare il trasferimento. SCP può essere usato per copiare file tra computer o due host remoti in genere.

SCP è un tool da command-line comodo per effettuare operazioni batch. Tuttavia, SCP lavora su SSH1, una versione vecchia e superata di SSH, quindi conviene usare l'alternativa di SFTP che sfrutta la nuova versione SSH2.

SFTP è un protocollo completo per il trasferimento di file che implementa tutte le funzioni di FTP, incluse alcune che SCP non gestisce, come rinominare e cancellare file remoti.

SFTP acts as an SSH subsystem and works on the standard SSH port 22. This avoids the need to open multiple ports in the firewall as more in the case of FTP, where the ports 20 and 21 must be opened for the control and data traffic. A client called SFTP sftp OpenSSH suite is available in the system in Linux.

Using a password-based authentication system (you can avoid it if the remote host allows password-less SSH authentication ), we see how you can start a session SFTP: sftp

david@192.168.1.1

sftp requires password, and if authentication is successful, it has a shell with the prompt sftp> . Inside the shell sftp, you can use commands similar to those available in the FTP as cd, lcd , ls , chmod, chgrp , get , put , rename, and rmdir . You can end the session by writing exit at the prompt.

Server SFTP

The OpenSSH suite is the most popular open source implementation of SSH. The sshd server is called . To accept incoming connections should therefore be that the sshd daemon is running and listening on the port of SSH server. To enable or disable SFTP, you can edit the main configuration file for sshd, which by default is / etc / ssh / sshd_config . SFTP is enabled by default, you can comment the following line to disable it:

Subsystem sftp / usr / libexec / openssh / sftp-server

You can restrict access to SFTP and SCP, like other features of SSH-based IP address of the connecting host by modifying the hosts.deny file that includes a line like this:

sshd: 192.168.1.1

To block an entire network, you can specify the network and the ' Address of the form:

sshd: 192.168.1.0/24

or

sshd: 192.168.1.0/255.255.255.0

The SFTP server can accept client operating on different operating systems. Some popular client on Windows systems are FileZilla, WinSCP and DataFreeway .

Client graphical user interface (GUI) for SFTP

In addition to the command line client to the OpenSSH suite, the file browsers in desktop environments like GNOME and KDE handle SFTP connections in graphical mode. In Nautilus on GNOME or Konqueror in KDE, you can write the following line:

sftp: / / david@192.168.1.1: / home / david

The file browser will ask for the password, if authentication is successful and lists the files on the remote server. You can drag and drop (ie, simply drag and drop files) of files to copy them, and use the context menu (right mouse button) to change the file properties such as name and access permissions. You can also do the double click to open the file in the editor or viewer for. You can also bookmark a directory based on sftp to access faster again.

There are other interesting developments in this bed as a new file system called SSH File System made over the SFTP client, to mount remote file systems in simplicity and safety.

Posted by admin at 4:49 AM 0 comments
Subscribe to: Posts (Atom)