Wireless Security – a 5 star need of today

December 25, 2008 at 12:27 AM | In Internet, Networking, Security, Software | Leave a Comment
Tags: , , , , , , , , , , , , , ,

Market is flooding with a lot many wireless devices, for home and business applications. Also, many wireless devices, especially wireless routers / access points are available at attractable prices.

Many of us purchase them, set up them, and often forget the rest – once we get it functioning.

But, setting up primary security is a very next step after setting the device and testing it.

Recent terror attacks was a red signal for many wi-fi home users.

Here is a brief idea, how we can set up primary but essential security with the available wireless router.

  1. Change default user name and password, few routers do not support change in user name. Default user name is generally admin in most cases. Use combination of aLpHaNuM3R1C (alphanumeric) and $peC|@l (special) characters as password. Keep password as long as possible to avoid break by bruit force technique. Providing sp a ce (spaces) in between password character increases strength in most cases.

  2. Once password is tightened, now it’s time to reduce number of maximum (possible) users. In DHCP settings, generally a lot – like 100 of users can be connected. If in actual situation, say there can be maximum of 2 users at a time, keep maximum user figure as 2, or keep IP allocation in such a fashion that the DHCP will be in position to allocate only 2 IPs, even if more attempt to connect. Of course, disabling DHCP, and allowing only manual configuration, is always best practice, since it is difficult to guess the settings by hacker, if IP allocation is made smartly.

  3. Now, actual security comes into picture. Disable SSID broadcast, unless it is very important. This makes it difficult to identify network name in wireless coverage area without smart tools. You may also reduce connection idle time and other router specific features to reset connection with client device such as laptop or PDA in case of idle time.

  4. Keep the SSID difficult to guess. Always change default SSID of your router.

  5. MAC filtering is another and important feature. MAC is a universally unique number of any network equipment. Typically for known usage, set MAC filter with allow policy viz. Allow devices to be connected only with mentioned MAC numbers, reject rest. Of course, MAC spoofing is possible through few tools, however for an attacker, it is very difficult to guess correct MAC without touching the device, without making single connection, or unless the user reveals it. :p

  6. Next in picture comes software enabled security, typically Keys. Define and set different set of keys and use appropriate method of key to set up and avoid unauthorised access to network. This will deny network connectivity to the client in case it is just standing before the network door. Without a key, the router does not allow access. Of course, few techniques and few weak key algorithms are there, those can be broken. :( But, combination of all mentioned techniques, here, is a fruitful solution to increase security.

  7. Port(s) blocking and service(s) disabling is also helpful, feature available in most of today’s routers.

A before buy tip – do not be trapped in marketing blues….. The salesperson will mostly encourage to buy best (in features and price too!) device. Go for a device which is good enough for security measures, and not really more that what you want – say wireless coverage area. If the need is max. 90 feet, a router with coverage up to 100 feet is best, no need to offer a chance to neighbor hacker, by purchasing a router with 150 feet coverage range! Of course, your needs are the best judge to decide suitable product, not always the sales person!! Buy and set the device in center area of its potential use, to utilise the covered radius area of connectivity.

Setting up Subversion under windows

October 14, 2008 at 6:15 AM | In IT, Networking, Programming, Software, Subversion, Windows | 1 Comment
Tags: , , , , , , ,

Prerequisites:

  1. Subversion Binary (http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=91)
  2. TortoiseSVN (http://tortoisesvn.net/downloads)
  3. SVN Service Wrapper for Windows (http://www.lw-works.com/files/svnservice/svnservice-1.0.0.msi) – svnservice

Alternate to 1 & 2 – download 1 Click Setup (http://svn1clicksetup.tigris.org/)

Step 1

  1. Install Subversion binary.
  2. Make sure that the bin directory of Subversion is under PATH environment variable.
  3. Set any text Editor’s path as SVN_EDITOR environment variable. (e.g. c:\windows\notepad.exe)

Step 2

  1. Create code / document repository (the main destination or data centre!!)
svnadmin create "d:\codeRepo"
               Alternatively, you may also use explorer’s context menu to add selected folder as repository using TortoiseSVN.
  1. Go to the repository folder (e.g. codeRepo)
    1. Edit /conf/svnserve.conf file

Uncomment following:

                               [general]
                               anon-access = read
                               auth-access = write
                               password-db = passwd
    1. Edit /conf/passwd file

Uncomment following / specify allowed username & passwords:

                               [users]
                               harry = harryssecret
                               sally = sallyssecret
                               harit = harit’s password

Step 3

  1. Start svnservice
               svnserve --daemon --root "d:\codeRepo"
  1. Add new Project directory by
               svn mkdir svn://localhost/myproject
  1. Provide correct username & password (that is configured earlier)

Otherwise, use SVN repository browser to browse SVN repos. Right click provides rich set of options like adding new files/folders, delete, etc. etc. Use svn://localhost/myproject or similar as URL to browse.

Optional options!

  1. Setup svn-service to start at startup
               svnservice -install --daemon --root "d:\codeRepo"
               sc config svnservice start= auto
               net start svnservice
  1. Bind windows user for authentication (see source link 1 – http://www.stanford.edu/~bsuter/subversion-setup-guide/#svnserve-windows-user)

Please make sure that the svnservice is running correctly. Use Control Panel > Administrator Options > Services > Subversion (or whatever you named it) to verify. If the service is not running, it is the root of many problems.

This setup also works on network. You can access this repo through other machines connected through network. Each time you modify the files and commit, subversion will do authentication based on username and commit new version.

Major advantage of subversion – old (and deleted) files remain there in repository and can be retrieved back, so is perfect backup solution for code!

Sources for more advanced setup:

  1. http://www.stanford.edu/~bsuter/subversion-setup-guide/
  2. http://blogs.vertigosoftware.com/teamsystem/archive/2006/01/16/Setting_up_a_Subversion_Server_under_Windows.aspx
  3. http://blog.excastle.com/2005/05/31/mere-moments-guide-to-installing-a-subversion-server-on-windows/

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.