Tag Archives: security

I’ve been putting this off…

I’m sure that all of you are focused individuals.  I’m sure that all of you see tasks clearly laid before you and that you systematically work your way through them with the persistence of a census-taker… each one in turn until all the jobs are done.  How wonderful that must be.

I’ve always been full of curiosity.  I seek knowledge and experiences of all kinds, which has led me in many interesting directions.  It’s probably also the reason that I’m so drawn to open-source, because there is always something new to discover.  Recently, I came across this article:  Work Smart: How to Make Procrastination Productive

I like the way this person thinks.  Procrastination isn’t so much laziness, or fear of action.  It’s a sort of intuitive prioritization where things get done, just not in the way that some would consider logical.  Are there out there who suffer from my fascination with the next shiny thing moving at the corner of vision?  Does this broaden your reach or weaken your grasp?

One of the things that I’ve been exploring in my distraction is what one can do with a Web Cam.  (Great!  Some of you are already writing your own jokes.  Fine!  Laugh it up.)  I hadn’t looked to seriously at webcams because I just didn’t have a specific need for one.  Additionally, most equipment like that tends to be pretty Windows-centric and, while I can usually find the right piece and get it to run OK under Linux, I just wasn’t motivated.  Then, I’m in a big-box technology store beginning with an F where I normally don’t shop because I don’t find that the cheap prices are worth all of their other hassles.  (I might as well order on-line!)  Yet, there I am, looking for an adapter for my Droid, that I thought I need to have that day.  I happen by the webcam section and start looking at the different models.  I find a Creative Live! Cam Socialize HD, which actually lists Linux as an option under it’s system requirements!  I’m so pleased and surprised that I find myself taking it home.

I connect the camera and it works right out of the box!  Yay.  I talk to my dad and convince him to get a web cam as well.  The next night we experiment a little and decide that for bed time we’ll let Grandma and Grandpa join us for story time.  It’s pretty cool.  My daughter read her story (she always reads one to us too) and she would read the text and show the pictures to the camera.  Another night we did it again and Grandma and Grandpa had a story for us.  What a wonderful way to reach out and touch bases with each other.  As someone with a home-office I appreciated the value of being able to have some virtual presence and sharing seemingly insignificant things.

Now something weird has started.  Skype, which is what we were using, has suddenly decided to only use my camera at 15 FPS, rather than the 30 that it will do, and all of the settings and adjustments are shielded from me in Skype.  I can make it work fine with the other, open applications that talk to the camera.  I did some digging and found that this was not unusual for the Linux version of Skype.  I don’t know if they are behind on the video technology that’s available through the Linux kernel, or what.  Perhaps they are doing some of that intuitive prioritizing.  In the mean time I’m looking for other options that are more open that will also be easy for my dad to use.  I’ve even toyed with setting up my own SIP server using Kamailio, but I haven’t had a chance to learn the in and outs of how it works.  Too many shiny things… like getting articles done, drawing a paycheck and other things that.

Maybe soon my intuitive priorities will align and I’ll be able to share with you the secret formula for doing this yourself.  In the mean time I’ll share a little hint with you:  You don’t need a fancy service to connect to your computer from anywhere.  You can do it with SSH and a system that you leave connected to the Internet.  I’ll give the basics for the adventuresome and maybe write up a more substantial tutorial later:

  1. Set up the openssh server on your home system.  Make sure that you have a port opened to the Internet for ssh.  I recommend choosing something other than 22 or you’ll just get your log files clogged by script-kiddie attacks.  I also recommend setting it up so that you require key authentication for a good connection.  It’s a little bit of a pain to deal with the keys, but it makes your setup exponentially more secure.
  2. Get a dynamic DNS address and configure your home network to update that address whenever your home IP is reset.  Now you can get to the home system by domain name rather than having to know the IP.
  3. On your “work” system set up ssh and vnc.  Whenever you want your system to be reachable set up a reverse-port-forward (-R) of the vnc port (590x) back to your home system.  At that point, only your home system will be able to connect back to the work system through VNC.
  4. If you want to connect from another machine, establish another ssh connection from, say, your laptop to your home PC, doing a standard port forward (-L) to the same port that you reverse-forwarded.  Now you Use VNC to go from the laptop through the home PC to the work machine.  Here’s a brief example:

Connecting Work PC to home:
ssh -i mykey -R 35900:127.0.0.1:5900 myuser@mypc.dyndns.info
Connecting from Home PC to Work PC through encrypted channel:
vncviewer localhost::35900
Connecting from remote laptop to Work PC:
ssh -i mykey -L 35900:127.0.0.1:35900 myuser@mypc.dyndns.info
vncviewer localhost::35900

That’s the sort of expert view.  Maybe some of you can use it.  Selecting a higher port like 35900 helps avoid firewall issues where lower ports are blocked.

Ooo!  Something shiny!  I’m just going to take a moment and–

Is it safe?

I read an interesting article today: Hackers aren’t as sneaky as you think.  Ah!  The good old days.  I grew up on the hacker culture.  I remember the inspiration of the movie War Games and the almost romantic vision of young, smart people getting past the system and into the secret world of government and big business.  Of course, the truth underneath was a little less glorious.  Cracking computer security is now much more about vandalism and identity theft.  Yet, that early curiosity gave me an awareness of computer security and steps that could be taken to protect one’s self.  Most computer crime is result of sloppiness on someone’s part.   It could be the system administrator who’s not a big fan of browsing logs and running patches.  There’s not too much that you can do about that.  However, you can do things about your own security.

I’ve thought about a few ways that I do to keep safe, and they’re not too hard to do.  Yes, you have to make some changes to your behavior, and you will have to learn a few things, but it’s not any more difficult than the things that you have learned to keep yourself safe on the motorway.  I’m sure that some will argue with a few of my conclusions, but at least they’ll be thinking about it!

Start with a safe vehicle

I quit using Windows.  I know that not everyone will do this, but I simply had repeated problems with viruses (should that be virii?) and other issues that I just could not keep a handle on.  When I discovered Linux and started making it work for me all of those issues went away.  I have had zero virus infections.  I also got a lot more information through logs as to what people were trying to do to attack my system and came up with ways to complicate that.  I think of it this way… when driving on a dangerous highway, which would you rather have between you and the idiots: a Pinto or a Volvo?  If you decide that you must stay with Windows, then make sure that you have all of the safety features installed.  You should have firewalls, virus scanners, spyware scanners and make sure that they are always up-to-date.

Maintain your vehicle

It’s great to have a solid vehicle, but if you don’t keep it running smoothly then it will cease to be reliable.  The most critical thing is to keep your patches and software up-to-date.  Elderly software tends to be behind the times on security issues.  If cost is what is preventing you from staying current, then you really should consider finding a freely available solution.  The Open Source World provides a good number of solutions that you should consider.  If cost is not what is holding you back, then set up a regular procedure for making you are up-to-date.  Many software packages have ways to automatically check for updates.  Turn this on.

Pay attention to how your computer is running.  A slow computer may mean that you’re just overloading it with software and outgrowing the system.  It may also mean that your computer may be doing a lot of work on behalf of a SPAM-bot or something else.  If nothing has changed on your computer, no major software changes or changes to how you are using it, then it is not normal for your computer to suddenly start running more slowly.  If you were driving on a straightaway and your car suddenly started losing acceleration you would be concerned.  Computers are the same.  When you see signs of problems, check them out.

Keep a look out

A while back I got SPAM from my sister’s email address.  I wrote to let her know that I had gotten it.  Generally if SPAM comes from someone and it’s a random mix of email addresses (usually alphabetical) then it’s just someone spoofing that email address.  The SPAM did not actually come from your friend’s computer.  However, if the SPAM was sent to people from their address book, then you are likely dealing with something that is more of an attack.  The computer needs to be checked out.  Don’t ignore it when something suspicious happens.  Tell the people who need to know.  They can’t do anything about it if they don’t know.

Accept that security may require some inconvenience

Yes, it’s nice to be able to turn on your computer and get to work.  But that also means that anyone can turn on your computer and get to work.  Are you sure that the kids aren’t on there when you’re not around doing things that they aren’t supposed to?  How about your spouse or your roommate.  If you keep something on a computer that you would not leave laying around for people to read at a party then you should probably close the door on your computer with a password.  It’s not just your personal information, either.  Maybe you have nothing to hide, but what if this other person goes poking around in places that they shouldn’t.  They see the warning that says “Are you sure that you want to activate this malicious program that will steal your identity?” and they click “OK” because they just want to get to the video.

If you’r going to have a password it should be a good one.  When I was working as a system tech supporting a company I was called to do some work on a workstation in the security department.  She had left, even though she knew that I was coming and her screen was locked– which was good.  She had a Corn Huskers football plush sitting on top of her monitor and a few other Huskers things laying around.  I took a guess and typed “huskers” and I was in!  I left her a note telling her that it was pretty easy to guess and she made it more secure.  The best passwords are phrases with numbers and letters.  Abbreviations that only you would know are good too.  “H0w much is that doggie in the wind0w?” would be a pretty difficult password to guess.  Names of family, birth dates, etc are terrible password.  Take a line from your favorite song in High School.  Many security requirements demand that you change your password regularly, but once you find a way to pick things you can remember you will find it easier to change and maintain.

Consider encryption

There are many ways now to encrypt information.  Encryption turns things into secret code so that no one else can read it.  You can do this with emails (and most people should) so that email to you can only be read by you.  You can also do it with file systems, so that you have a section of drive that requires a password to access what’s in there.  Encryption is a larger subject than I’m prepared to cover here, but you should take a look at what can be done with the Gnu Privacy Guard, which is free and powerful encryption software.  You can hook this functionality automatically into your applications and make encryption easy to deal with.

Is that it?

There is a lot more ground to cover to keep yourself from being cracked, but these things right here will make a dramatic difference in your vulnerability.  If there is more interest in this topic, especially about specific practices or solutions I’d love to write more about it.  Shoot me a note and we’ll try to cover more detail.  If it’s enough conversation it might be worth a group on My developerWorks to help everyone participate in the conversation.