Recent Articles
Handling a Subversion Repository URL Change
Sunday, May 3, 2009
If your repository URL changes, you can use the following command to fix existing snapshots.
vfat Mounts Default to Lowercase Shortnames
Tuesday, April 21, 2009
I want a "this is brain-damage" quote from Linus for this mess.
VirtualBox or VMWare Virtual Machine at Login
Sunday, April 12, 2009
How to start a virtual machine in X when a user logs in.
Dialog Progress Bar Through Pipe
Sunday, April 12, 2009
How to use dialog to display a script progress bar and communicate progress to it through a named pipe.
Ottawa Linux Symposium 2008
Sunday, July 27, 2008
Here are some pictures from the 2008 Linux Symposium.
A life without cause is a life without effect.
- Barbarella
Sys Admin
Securing...
If you've just purchased an 802.11x router and you've plugged it in and it works- you are not done. You've just exposed your computers and network to anybody that drives by or might be in the next building. There are a couple things you can do to minimize security risk and even go so far as to eliminate it. I'll let you decide. Many of these precautions can be corrected simply by logging into your router configuration interface by pointing your browser to the IP address of your access point.
I shouldn't even have to mention this, but I will. DON'T LEAVE DEFAULT PASSWORDS SET. When you buy a wireless router it has a default password. Everybody knows the password and can do some pretty nasty stuff if they have complete control of your router.
The first thing you want to do is disable broadcast of your SSID. While this won't stop a real wardriver, it will thwart people from mistakely realising you have a network up and having curiosity kill the cat.
Disable remote configuration. This means that the router won't listen on an external interface to be configured. If you require this it's not so bad if you trust your router, but if you don't need it then turn it off!
This is the wireless encryption protocol standard that encrypts anything you send over the air. There are quite a few (easy) cracks your neighborhood script wanna-be-hacker can use to break lesser encryption like WEP. Again, it will help thwart them to go somewhere else unless they know you have something they want. Sometimes it's more fun to get your name and address this way instead of looking at your mailbox. Anyway, use the highest setting. If you only have anything under 128bit encryption buy new hardware.
Besides using the above solutions, you can create an SSH tunnel over your wireless connection (see Stunnel - Universal SSL Wrapper). If your wireless encryption just so happens to be cracked, they'll be met with a far more secure layer of encryption. You can do this for traffic on a port by port basis. I won't go into details on how to set it up here, because it's not all that of a trivial process. This won't encrypt all traffic but it will get those protocols you really care about.
Build a shield around your location comprised of 1 foot thick lead walls followed by a 3 foot think concrete wall for extra precaution. Don't forget the bottom and top.
Linux NFS Root and PXE-Boot
Emacs Tips and Tricks
Embedded libc Options
X11 Config
Lost Root MySql Password
MySql >= 4.1 Client does not support authentication protocol...
Stunnel - Universal SSL Wrapper
g4u Hard Drive Imaging
Home Network Layout
Securing...Securing your Wireless LAN
Saturday, August 7, 2004 by digitalpeer, updated Wednesday, August 18, 2010
No Default Passwords
I shouldn't even have to mention this, but I will. DON'T LEAVE DEFAULT PASSWORDS SET. When you buy a wireless router it has a default password. Everybody knows the password and can do some pretty nasty stuff if they have complete control of your router.
Disable SSID Broadcast
The first thing you want to do is disable broadcast of your SSID. While this won't stop a real wardriver, it will thwart people from mistakely realising you have a network up and having curiosity kill the cat.
Disable Remote Configuration
Disable remote configuration. This means that the router won't listen on an external interface to be configured. If you require this it's not so bad if you trust your router, but if you don't need it then turn it off!
Use WPA2
This is the wireless encryption protocol standard that encrypts anything you send over the air. There are quite a few (easy) cracks your neighborhood script wanna-be-hacker can use to break lesser encryption like WEP. Again, it will help thwart them to go somewhere else unless they know you have something they want. Sometimes it's more fun to get your name and address this way instead of looking at your mailbox. Anyway, use the highest setting. If you only have anything under 128bit encryption buy new hardware.
SSH Tunneling
Besides using the above solutions, you can create an SSH tunnel over your wireless connection (see Stunnel - Universal SSL Wrapper). If your wireless encryption just so happens to be cracked, they'll be met with a far more secure layer of encryption. You can do this for traffic on a port by port basis. I won't go into details on how to set it up here, because it's not all that of a trivial process. This won't encrypt all traffic but it will get those protocols you really care about.
NSA Type Security Measures
Build a shield around your location comprised of 1 foot thick lead walls followed by a 3 foot think concrete wall for extra precaution. Don't forget the bottom and top.
Related Local Pages
vfat Mounts Default to Lowercase ShortnamesLinux NFS Root and PXE-Boot
Emacs Tips and Tricks
Embedded libc Options
X11 Config
Lost Root MySql Password
MySql >= 4.1 Client does not support authentication protocol...
Stunnel - Universal SSL Wrapper
g4u Hard Drive Imaging
Home Network Layout
Comment Friday, October 27, 2006 by
anonymous
seriously, the paranoid spooks would just put upp multiple faraday cages and call it a day. Hell the NSA wouldn't even bother with wireless, it's to insecure.
Fiber thats the way to go, hard as hell to tap into....
Fiber thats the way to go, hard as hell to tap into....
Comment Saturday, April 19, 2008 by
Jas
If I disable the SSID Broadcast name then how can I find my access point on my client hosts? sorry kinda a n00b at this.
Comment Sunday, April 20, 2008 by
digitalpeer
Jas, if you disable SSID broadcast then you will need to enter it manually into the clients wanting to connect to it along with the rest of the configuration. It's more of a pain because now you simply can't browse broadcasted SSIDs and connect to it. You have to know i before hand.
Comment Saturday, April 26, 2008 by
lemur
This post is a few years old but comments indicate that it still gets some audience.
Maybe you should not let such an article point to WEP as something to rely on: WEP cracking has become a *very* common sport, and there's now the much more secure WPA / WPA2, which can only be attacked using brute force, so far.
People discovering wifi today might be fooled into thinking WEP can be enough...
Maybe you should not let such an article point to WEP as something to rely on: WEP cracking has become a *very* common sport, and there's now the much more secure WPA / WPA2, which can only be attacked using brute force, so far.
People discovering wifi today might be fooled into thinking WEP can be enough...
Comment Saturday, May 18, 2013 by
by anonymous
if you are a civilian like me then I must say that none of those wise precautions would stop your ISP for example besides stunnel. encryption is the key. double check ssl certs. grc.com has a wip process and a podcast on the topic that is in laymen terms. I fear that liberty is dying in America as we devolve into a total police state. Bin laden started the fire but we still are pouring gas. Id rather die to a terrorist attack from a foreign source than bend shackled knee in my secure safe prison. Privacy is a right. Truth is never an evil thing to desire. Overdramatic? Read for yourself. Dont buy gold from Conspiracy fear mongers. Think for you. Dems Repubs we are equally screwed.
