|
[networknewsletters]
||
[Date Prev]
[10-2006 Date Index]
[Date Next]
||
[Thread Prev]
[10-2006 Thread Index]
[Thread Next]
OpenWRT Firmware for Wireless APs
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 05 Oct 2006 12:49:12 -0400
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Manage Vulnerabilities. Defend Against Threats.
http://list.windowsitpro.com/t?ctl=3AE89:7EB890
Rogue Applications and Media Device
http://list.windowsitpro.com/t?ctl=3AE71:7EB890
Ten Steps to Achieving Business Compliance
http://list.windowsitpro.com/t?ctl=3AE72:7EB890
=== CONTENTS ===================================================
IN FOCUS: OpenWRT Firmware for Wireless APs
NEWS AND FEATURES
- Microsoft Releases Patch for Critical IE Vulnerability
- Symantec Reports on Current Threat Trends
- Windows Vista's Take on Least Privilege
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Firefox 2.0 RC1 Available
- FAQ: Controlling Group Policy Editor
- From the Forum: EFS and WebDAV over SSL
- Microsoft Learning Paths for Security: Multiple-Layer Defense for
Secure Messaging
- Know Your IT Security Contest
PRODUCTS
- Encrypt Data in Flight and at Rest
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Core Security =====================================
Manage Vulnerabilities. Defend Against Threats.
Your IT and Security budgets are tight. This White Paper shows real-
world case studies demonstrating the ROI potential of automated
penetration testing.
http://list.windowsitpro.com/t?ctl=3AE89:7EB890
=== IN FOCUS: OpenWRT Firmware for Wireless APs ================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Before I return to our discussion of alternative firmware, I want to
let you know about another portable Web browser. Last week, I wrote
about Mozilla Firefox - Portable Edition and Torpark (see the article
at the URL below). As I described, both these browsers can help protect
your sensitive data by keeping it on portable media, such as a flash
drive. A reader wrote to let me know about another portable browser
that I didn't know existed: Opera@USB.
http://list.windowsitpro.com/t?ctl=3AE78:7EB890
As the name implies, Opera@USB is based on the popular Opera Web
browser and is designed to be portable. Like Firefox Portable and
Torpark, Opera@USB helps protect your privacy by not leaving traces of
its existence or activity on the computer you use it on. Opera@USB is
smaller than the other two browsers, weighing in at under 8MB. The
current version is based on Opera 9 and installation is very simple:
Just unzip the download package to a directory and fire up the browser.
You can download a copy at http://list.windowsitpro.com/t?ctl=3AE8D:7EB890
Two weeks ago, I wrote about DD-WRT (see the article at the URL below),
alternative firmware for wireless access points (APs). One thing about
DD-WRT that I didn't mention is that it's based on the code of another
alternative firmware product, OpenWRT, which is our main topic of
discussion this time.
http://list.windowsitpro.com/t?ctl=3AE77:7EB890
The popular wireless router manufacturer Linksys developed a small
Linux-based open source OS to drive its AP hardware. People took copies
of this code and began tweaking it to fit their own needs. This trend
gave rise to an alternative firmware product called Alchemy, which was
also eventually published as open source. Alchemy led to a spinoff
called OpenWRT, which in turn led to another spinoff called DD-WRT.
Unlike DD-WRT, OpenWRT is completely command line based. The standard
distribution package doesn't include a GUI. This fact has its pluses
and minuses. On the minus side, using a GUI is easier than remembering
all sorts of commands and their associated parameters. On the plus
side, not having a GUI makes the code base smaller, which can be a big
deal when a given router has only so much storage and memory capacity.
If your router has limited space or you prefer using a Linux command
line, OpenWRT (downloadable at the URL below) is a good choice.
http://list.windowsitpro.com/t?ctl=3AE90:7EB890
Like DD-WRT, OpenWRT supports quite a number of routers. You can check
whether your particular model is supported by reviewing the hardware
table, which includes some hardware that's been tested and found to not
work with OpenWRT.
http://list.windowsitpro.com/t?ctl=3AE8F:7EB890
OpenWRT supports many security features that you might find useful,
including a firewall based on ipchains, Wi-Fi Protected Access (WPA)
encryption, Remote Authentication Dial-In User Service (RADIUS)
authentication, and Dropbear Secure Shell (SSH) server. Add-on
packages, such as OpenVPN (at the first URL below), are also available.
If you need help configuring OpenVPN, visit the second and third URLs
below.
http://list.windowsitpro.com/t?ctl=3AE8B:7EB890
http://list.windowsitpro.com/t?ctl=3AE7B:7EB890
http://list.windowsitpro.com/t?ctl=3AE83:7EB890
Other useful add-on packages are listed at the URL below and include a
mini Asterisk VoIP server, The Onion Router (TOR) server, a PPTP
server, the Chillispot hotspot creation package, and handy shell tools
such as Fyodor's Nmap and Dug Song's dsniff auditing and penetration
testing suite.
http://list.windowsitpro.com/t?ctl=3AE81:7EB890
As with any alternative firmware, be sure that it will work on your
hardware and that you're relatively comfortable that you can configure
it to your needs before you try to load it. Be sure to read the
extensive OpenWRT documentation, and if you have questions, use the
forum at the OpenWRT Web site.
=== SPONSOR: SecureWave ========================================
Rogue Applications and Media Devices
Threats to your data don't just come from the outside -- they can
come from internally as well, whether a result of malicious intent or
unintentional negligence. Download this free whitepaper today to learn
to effectively establish and enforce security policies for all
applications and devices in use on your network.
http://list.windowsitpro.com/t?ctl=3AE71:7EB890
=== SECURITY NEWS AND FEATURES =================================
Microsoft Releases Patch for Critical IE Vulnerability
Microsoft released a security patch outside of its scheduled monthly
patch release cycle to address a critical vulnerability in Internet
Explorer (IE). Microsoft Security Bulletin MS06-055--Vulnerability in
Vector Markup Language Could Allow Remote Code Execution (925486)
should be applied to all Windows 2000, Windows XP, and Windows Server
2003 systems, including Windows Server 2003 Release 2 (R2).
http://list.windowsitpro.com/t?ctl=3AE7F:7EB890
Symantec Reports on Current Threat Trends
Symantec said that according to data collected from its deployed
products, attackers are shifting their attacks from network
infrastructures and system services toward end users. The findings,
from January through June, were revealed in the company's recent semi-
annual Internet Security Threat Report.
http://list.windowsitpro.com/t?ctl=3AE7C:7EB890
Windows Vista's Take on Least Privilege
One of the most fundamental security changes in the oft-delayed
Windows Vista will be the OS's new least-privilege support, embodied in
the User Account Control (UAC) feature (formerly called the Least-
Privileged User Account). Jan De Clercq provides an overview of this
new security technology.
http://list.windowsitpro.com/t?ctl=3AE80:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=3AE76:7EB890
=== SPONSOR: Surf Control ======================================
Ten Steps to Achieving Business Compliance
Learn the 10 steps you need to take to achieve corporate compliance,
including operational visibility in all communication data. As an extra
step, stop network assaults so that you can use the Internet
confidently, both on and off your corporate network.
http://list.windowsitpro.com/t?ctl=3AE72:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Firefox 2.0 RC1 Available
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3AE86:7EB890
On September 27, Mozilla Foundation announced the availability of
Firefox 2.0 Release Candidate 1 (RC1). The new version includes many
feature enhancements, a number of which are related to security. Get a
quick rundown of the new features and a link to download Firefox 2.0
RC1 in this blog article.
http://list.windowsitpro.com/t?ctl=3AE7E:7EB890
FAQ: Controlling Group Policy Editor
by John Savill, http://list.windowsitpro.com/t?ctl=3AE85:7EB890
Q: How can I control which .adm files are used when I edit a Group
Policy Object (GPO)?
Find the answer at
http://list.windowsitpro.com/t?ctl=3AE7D:7EB890
FROM THE FORUM: EFS and WebDAV over SSL
A forum participant is having a problem with Encrypting File System
(EFS) and Web Distributed Authoring and Versioning (WebDAV). When he
uses a Secure Sockets Layer (SSL) connection (via HTTP Secure--HTTPS)
to send a file from a client to the WebDAV folder on a server, the
client decrypts the file and stores the file in unencrypted format on
the server without warning. Join the discussion at:
http://list.windowsitpro.com/t?ctl=3AE6E:7EB890
MICROSOFT LEARNING PATHS FOR SECURITY: Multiple-Layer Defense for
Secure Messaging
Multiple layers of defense help protect your business by decreasing
the likelihood that any single threat can compromise your network. Use
these resources to learn about a broad range of Microsoft security
solutions that can help protect your messaging environment: guarding
the perimeter with Microsoft Exchange Hosted Services, adding a buffer
and firewall protection with Microsoft ISA Server 2006, helping to
protect internal messages with Microsoft Antigen, and using Windows
Rights Management Services (RMS) to help safeguard sensitive emails and
documents.
http://list.windowsitpro.com/t?ctl=3AE73:7EB890
KNOW YOUR IT SECURITY Contest
Sponsored by Microsoft Learning Paths for Security
Share your security-related tips, comments, or solutions in 1000 words
or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
write about a security article you've read or a Web cast you've viewed.
Submit your entry between now and December 13. We'll select the 13 best
entries, and the winners will receive a Zune media player--plus, we'll
publish the winning entries in the Windows IT Security newsletter.
Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=3AE82:7EB890
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Encrypt Data in Flight and at Rest
BitArmor Systems announced the availability of BitArmor Security
Suite, software that encrypts data both while in flight and at rest
whether on workstations or servers, portable media, or storage systems.
BitArmor lets you set policies for data encryption, retention, and
deletion and provides an architecture for managing encryption keys.
BitArmor Security Suite is designed to accelerate industry-standard
encryption algorithms to provide "wire-speed" encryption and to secure
data without any changes to applications, networks, or storage devices.
For more information, go to
http://list.windowsitpro.com/t?ctl=3AE8E:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@xxxxxxxxxxxxxxxx and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=3AE84:7EB890
Uncover Essential Windows Knowledge Through Excavator
Try out the ultimate vertical search tool--Windows Excavator.
Windows Excavator gives you fast, thorough third-party information
while filtering out unwanted content. Visit
http://list.windowsitpro.com/t?ctl=3AE8C:7EB890
today!
Join experts Douglas McDowell from Solid Quality Learning and Andrew
Sisson from Scalability Experts, as well as Intel insiders and other
database professionals, to learn the latest about SQL Server and Oracle
database mirroring, BI, 64-bit database computing, and high-
availability. Coming to cities across the US this fall. Visit
http://list.windowsitpro.com/t?ctl=3AE75:7EB890
Your business, like most today, relies upon its computing systems to
store financial information, house proprietary data, and maintain
communications channels. This increasing reliance also increases the
dangers to your systems from security breaches, including viruses,
spyware, spam, and hackers. Visit the Windows Protection Site at
http://list.windowsitpro.com/t?ctl=3AE88:7EB890 for the latest tips on
safeguarding your system.
Learn all you need to know about code-signing technology, including the
goals and benefits of code signing, how code signing works, and the
underlying cryptographic and security concepts and building blocks.
Download the full eBook today--it's free!
http://list.windowsitpro.com/t?ctl=3AE74:7EB890
Learn from industry expert Michael Otey about different approaches to
server consolidation and how to stop server sprawl by using
consolidation and virtualization. Find out how to run legacy OSs,
Linux, and Windows together and more using virtualization. You'll even
get step-by-step instructions on building a virtual machine for Windows
Server 2003. Live Event: Wednesday, October 18
http://list.windowsitpro.com/t?ctl=3AE6F:7EB890
=== FEATURED WHITE PAPER =======================================
Examine the threats of allowing unwanted or offensive content into your
network and learn about technologies and methodologies for defending
against inappropriate content, spyware, IM, and P2P.
http://list.windowsitpro.com/t?ctl=3AE70:7EB890
=== ANNOUNCEMENTS ==============================================
Monthly Online Pass--only $5.95 per month!
Includes instant online access to every article ever written in
Windows IT Pro, as well as the latest digital issue. Sign up now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu206Aum
Save $40 off SQL Server Magazine
Subscribe to SQL Server Magazine today and SAVE up to $40! Along
with your 12 issues, you'll get FREE access to the entire SQL Server
Magazine online article archive, which houses more than 2,300 helpful
SQL Server articles. This is a limited-time offer, so order now:
http://list.windowsitpro.com/t?ctl=3AE79:7EB890
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
http://list.windowsitpro.com/t?ctl=3AE87:7EB890
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=3AE7A:7EB890
Be sure to add Security_UPDATE@xxxxxxxxxxxxxxxxxxxxx
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@xxxxxxxxxxxxxxxx
About technical questions --
http://list.windowsitpro.com/t?ctl=3AE8A:7EB890
About your product news -- products@xxxxxxxxxxxxxxxx
About your subscription -- windowsitproupdate@xxxxxxxxxxxxxxxx
About sponsoring Security UPDATE -- salesopps@xxxxxxxxxxxxxxxx
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
