CodeAlias: Wireless, Security and More

PKI SSL certificate management with OpenSSL

2009-06-05T15:54:08-07:00

This is a simple howto for manipulating PKI SSL certificates using Openssl. Creating a PKI CA * Install openssl * Create a CA folder mkdir /CA * Locate the file “CA.pl” and copy it in the folder CA * Update the “openssl.cnf” file

Linux NAT

2009-06-05T15:54:08-07:00

This is a short howto for setting up wp>Network Address Translation on a linux system (Debian was used for this howto) Manually enable forwarding $echo 1 > /proc/sys/net/ipv4/ip_forward Enable forwarding aumatically at boot time add the following in /etc/network/options

Authorization in Microsoft network security protocols

2009-06-05T15:54:08-07:00

As you may already know, Microsoft network security protocols rely on Kerberos for authentication. Since authentication and authorization are two coupled functions, it is natural to bind them together in a protocol that does both. Kerberos as specified by the IETF only provides authentication. Application services rely on it only to validate client identities. Kerberos does not offer means to verify whether a client has the right and privileges to perform a certain action. Microsoft has specifi…

CVS and Kerberos authentication: Howto

2009-06-05T15:54:08-07:00

The Concurrent Versioning System CVS ”is an open-source version control system that keeps track of all work and all changes in a set of files, typically the implementation of a software project, and allows several (potentially widely-separated) developers to collaborate.”

Wireless handoff delay and its impact on VoIP performance and QoS

2009-06-05T15:54:08-07:00

In VoIP, audio signal from the emitting source is encoded to numerical data and encapsulated into UDP packets before being sent to the receiving end. Since voice is a real time phenomena, audio data must be processed and played-out in the receiver side in a timely manner. This article discusses the effect of wireless handoff delays on the QoS (Quality of Service) of VoIP sessions.

Cyrus IMAP with GSSAPI Kerberos - Configuration Howto

2009-06-05T15:54:08-07:00

In a previous article, we discussed how to build a CYRUS IMAP server with GSSAPI/Kerberos support from source. This article is a how-to for configuring cyrus with SASL GSSAPI Kerberos5 authentication. System configuration and setup Create user and group cyrus Make sure you have the following in /etc/services pop3 110/tcp imap 143/tcp imsp 406/tcp acap 674/tcp imaps 993/tcp pop3s 995/tcp kpop 1109/tcp lmtp 2003/tcp fud 4201/udp Clean up /etc/inetd.conf : Rem…

Capture and Analysis of RADIUS traffic using tshark

2009-06-05T15:54:08-07:00

Performance evaluation of wireless security systems - Part 4 RADIUS (Remote Authentication Dial In User Service) is a protocol standardized by the wp>IETF for carrying authentication information between an access point and a back-end authentication server. The RADIUS protocol is deployed by most Internet Service Providers and in enterprise wireless networks for managing scalable large networks with large number of subscribers. In this article, we explain how to use the tshark tool to capture au…

Cross-compiling wpa_supplicant for windows

2009-06-05T15:54:08-07:00

This is a howto for compiling the ope-source WPA2 supplicant 'wpa_supplicant' for the Windows OS. Steps * Install winpcap devel package * Get it from here * unpack it into a folder (../pcap) * Install mingw * apt-get install mingw32*

Wireless Security - WPA2 EAP-TLS using wpa_supplicant howto

2009-06-05T15:54:08-07:00

More and more wireless access networks are adopting WPA2, the latest wireless network security standard. This howto explains how to configure and run a WPA2 supplicant (wpa_supplicant) with EAP-TLS authentication on your wireless network device.

Howto create a FreeBSD wireless router/access point

2009-06-05T15:54:08-07:00

This is a howto for creating a wireless access point using a FreeBSD computer equipped with a wireless network interface. Prerequisites There are many (good and bad) reasons why you would want to build an access point using a Unix distribution. In my case, I did it for fun and for conducting experiments.

Autotools by example

2009-06-05T15:54:08-07:00

There are lots of tutorials and manuals on autoconf/automake/ libtool outhere that explain the basic usage. However, few articles provide examples and discuss more advanced topics. This document provides some collected examples that show the different features of the “autotools” build system.

Foundry VLAN Howto

2009-06-05T15:54:08-07:00

We have a cable connected to port 7 of the interface number 2 of a Foundry Bigiron switch. We want to setup this port and connect it to a specific VLAN. These are the steps. Procedure * Telnet to switch $telnet switch passwd = .... * Enable super user mode

Howto setup IPv6 DNS zones with bind

2009-06-05T15:54:08-07:00

This is a note that explains how to add a new IPv6 DNS zone into a running DNS server. Goal For illustration purpose, let's assume that we need to add a zone called v6.domain.com that has the following network address range 2001:200:130::/32 we will also add three hosts to the zone (cyclone, thunder and tornado).

Secure IPv6 over IPv4 IPSec tunnels with racoon2

2009-06-05T15:54:08-07:00

This document is a step by step tutorial for establishing an IPv4 tunnel secured with IPSec for encapsulating IPv6 traffic. The tunnel allows a host to connect to a router, establish a secure IPSec tunnel, then use that tunnel to receive router advertisements and configure a global IPv6 address and from there, connect the the IPv6 Internet.

Password-less Rsync over ssh howto

2009-06-05T15:54:08-07:00

This document describes howto use rsync and the required configuration to have duplication of a cvs tree in a secondary cvs server for backup. The secondary cvs server will use rsync over ssh (public key based auth) to synchronize with the primary cvs server.

Mounting and Accessing Windows/Samba shares in Unix/Linux with Sharity

2009-06-05T15:54:08-07:00

Sharity is a software package that runs on Unix machines and allows you to mount shares exported by Windows (NT, 95, for Workgroups, etc.), OS/2, samba etc. in your filesystem. It's NOT an ftp-like client like the smbclient program distributed with samba, it really mounts the shares in your filesystem just as NFS does. Since the major release 2, Sharity supports browsing (like the Windows “Network Neighborhood”) and has a GUI for the configuration. This howto explains how to use sharity to a…

Release engineering and methodology with CVS branching and merging

2009-06-05T15:54:08-07:00

Release engineering is the collection of methods, tools and techniques for managing software product releases. Projects using CVS need to define a clear method to facilitate the addition and integration of new features. This document described my own release engineering methodology based on CVS (Heavily inspired by FreeBSD release engineering)

The 802.11 handoff process

2009-06-05T15:54:08-07:00

Performance evaluation of wireless security systems - Part 2 This second article in the series “Performance evaluation of wireless security systems” is an in depth review of the 802.11 handoff process that occurs when a station (STA) changes of access point (AP). Since in this series we are focusing on enterprise networks, we will examine the 802.11i handoff and authentication process relying on back-end RADIUS servers.

Performance evaluation of wireless security systems and AAA (RADIUS) protocols

2009-06-05T15:54:08-07:00

Large wireless enterprise networks and wireless internet service providers use AAA (Authentication Authorization and Accounting) protocols in combination with IEEE wireless network security standards to manage their access network. Depending on several factors (network delay, packet loss rate, ...), the security and AAA operations may generate delays that can affect the over all quality of service. This is particularly true for VoIP users with high mobility. When the handoffs become frequent, th…

On the Inter Access Point Protocol (802.11F) aka IAPP

2009-06-05T15:54:08-07:00

The Inter Access Point Protocol (IAPP) is an IEEE standard (802.11F) that allows an enhanced management of resources and wireless stations within an ESS. IAPP involves communication between different APs over UDP. The packets can be protected using IPSec (ESP). All APs within an ESS share a secret with a central RADIUS server which is used as a distribution center for IPSec security policies and security associations.