|
[networknewsletters]
||
[Date Prev]
[10-2006 Date Index]
[Date Next]
||
[Thread Prev]
[10-2006 Thread Index]
[Thread Next]
In Focus Alternative Firmware for Wireless APs: Talisman
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 12 Oct 2006 12:26:16 -0400
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
*********************************************************************
Emergency Communication Disaster Plan Check List
Is your State Prepared? Does your school have a plan?
Do you have a plan? Have we learned anything yet?
SHARE THIS WIDELY
Get Your Personal Disaster Plan
http://www.edu-cyberpg.com/Technology/disaster.html
*********************************************************************
=== CONTENTS ===================================================
IN FOCUS: Alternative Firmware for Wireless APs: Talisman
NEWS AND FEATURES
- Windows Shell Vulnerability Is Being Actively Exploited
- Microsoft Aims to Outmaneuver Pirates
- St. Bernard Reels in Singlefin
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Toolkits Help Increase Number of Malicious
Web Sites
- FAQ: New Admin Template Format in Vista and Longhorn
- From the Forum: EFS Questions
- Microsoft Learning Paths for Security: Multiple-Layer Defense for
Secure Messaging
- Know Your IT Security Contest
PRODUCTS
- Flexible, Portable Data Safes
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: Alternative Firmware for Wireless APs: Talisman ==
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week I wrote about the alternative access point (AP) firmware
OpenWRT (first URL below). Before that, I wrote about DD-WRT (second
URL below). Both are good choices. If you recall, I mentioned that both
of these firmware packages descended from Alchemy, which in turn
descended from open source code published by Linksys.
http://list.windowsitpro.com/t?ctl=3BBAE:7EB890
http://list.windowsitpro.com/t?ctl=3BBAF:7EB890
This week I'll discuss Talisman, developed by Sveasoft, which is the
descendant of Alchemy, also by Sveasoft. Unlike OpenWRT and DD-WRT,
Talisman isn't free. Talisman has caused some controversy--mainly
because Sveasoft took open source code, improved and changed it, and is
selling the result. Also, as I understand it, some people think
Sveasoft didn't publish the modified code promptly enough to meet the
licensing requirement of the code released by Linksys. Of course this
sort of behavior is a sore spot among some open source proponents, but
in my opinion, it's not necessarily a bad reflection on Sveasoft. After
all, Talisman is very good software.
Talisman currently works on ASUS, Belkin, Buffalo Technology, and
Linksys APs and is available in four different versions: Micro,
Hotspot, Basic, and VPN. The latter three are still in development
stages, not officially released, but you can download beta versions.
Several other versions (in addition to these four) are either in the
planning or preliminary development stages.
The Micro version is for use in APs that have only 2MB of flash memory-
-most newer APs have more memory than that. Micro also supports only a
subset of the features available in Basic, which I'll discuss in a
moment.
The Hotspot version is designed to easily create public wireless
hotspots, which can be completely open or can be made to require logon
credentials. So when someone connects to the AP they'll be cable to
just click-through to the Internet, if your hotspot allows free public
access, or they'll be presented with your custom splash screen at which
they can log on, if you require that. Hotspot also includes support for
billing in case you want to charge for network access.
Talisman Basic includes support for Wi-Fi Protected Access (WPA) and
WPA2 encryption, Secure Shell (SSH), PPTP VPNs, Remote Authentication
Dial-In User Service (RADIUS) authentication, port triggering, Virtual
LANs (VLANs), VoIP, a firewall based on ipchains, Quality of Service
(QoS) bandwidth controls, and much more.
Like OpenWRT, the Talisman line includes an easy-to-use Web-based
interface for administration. And you can of course add tools and
packages such as a router advertisement daemon (RADVD), which helps
automatic configuration for IP version 6 (IPv6)-enabled systems. Other
add-ons include an SNMP daemon and a GeoIP package that facilitates IP
address-to-country cross-referencing that can be used with the QoS
feature to develop filters.
The Talisman VPN version might be very useful, especially if you need
to connect offices. It supports the Basic features plus IPsec with
Advanced Encryption Standard (AES), DES, and Triple DES (3DES)
encryption; MD5 and Secure Hash Algorithm 1 (SHA1) hashes; and a
special section in the Web administration interface designed to
configure IPsec tunnels.
Talisman is available via subscription for $20 per year. (You can also
download the previous version, Alchemy, for free.) For that price, you
get a copy of the firmware and access to the support forums. Because
Talisman is commercial software, it's locked to specific MAC addresses.
You must supply your routers' MAC addresses when downloading the
firmware, and the firmware will operate only on those particular
routers. You can enter up to five MAC address, so for $20 per year,
it's a good deal. For more information about or to purchase Talisman,
go to
http://list.windowsitpro.com/t?ctl=3BBBD:7EB890
And while you're on the Web, stop by YouTube and view the video clip at
the link below. It's an amusing couple of minutes that promotes the
TechX World interoperability conference (produced by Windows IT Pro),
which is coming soon to a city near you.
http://list.windowsitpro.com/t?ctl=3BBBC:7EB890
=== SECURITY NEWS AND FEATURES =================================
Windows Shell Vulnerability Is Being Actively Exploited
H.D. Moore discovered a vulnerability in the Windows Shell that
could allow a remote intruder to execute arbitrary code on an affected
system. The vulnerability is in the WebViewFolderIcon ActiveX control,
and an exploit has been published. A module for H.D. Moore's popular
penetration testing tool, Metasploit, has also been released. Exploits
using the module are taking place in the wild on the Internet.
http://list.windowsitpro.com/t?ctl=3BBAD:7EB890
Microsoft Aims to Outmaneuver Pirates
Microsoft hopes its new Software Protection Platform will help it
outmaneuver software pirates by changing product activation and online
validation and by introducing better detection for tampering and
hacking. The company said that Windows Vista and its upcoming Windows
Server "Longhorn" will be the first two products to ship with the new
technologies.
http://list.windowsitpro.com/t?ctl=3BBB2:7EB890
St. Bernard Reels in Singlefin
St. Bernard, provider of security appliances and software, is adding
managed security and business services to its portfolio with the
acquisition of Singlefin. St. Bernard can now offer on-demand email
filtering, Web filtering, and instant messaging (IM) management as a
hosted or managed service to small and midsized enterprises.
http://list.windowsitpro.com/t?ctl=3BBB3:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=3BBAB:7EB890
=== SPONSOR: SurfControl =======================================
Improving Remote Access Security and Monitoring
Are you vulnerable when your users access the internet outside of
the corporate network? Track and monitor remote access easily and
unobtrusively to make sure that your intellectual assets are secure.
Download the free whitepaper and find out more today!
http://list.windowsitpro.com/t?ctl=3BBA7:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Toolkits Help Increase Number of Malicious Web
Sites
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3BBBB:7EB890
The number of malicious Web sites is on the rise, and with toolkits
available to create them, it's really no wonder. According to Websense,
the number of malicious sites increased by 100 percent during the first
half of 2006. Read more about this trend in this blog article:
http://list.windowsitpro.com/t?ctl=3BBB0:7EB890
FAQ: New Admin Template Format in Vista and Longhorn
by John Savill, http://list.windowsitpro.com/t?ctl=3BBB6:7EB890
Q: Where can I find details about the new ADMX format that Windows
Vista and Longhorn Server use?
Find the answer at
http://list.windowsitpro.com/t?ctl=3BBB1:7EB890
FROM THE FORUM: EFS Questions
A forum participant wants to know if there is an easy way to get
Encrypting File System (EFS) to encrypt all the subfolders and files
within the selected folder. He also wonders whether data encrypted in
Windows 2000 using DESX can be decrypted in Windows XP, how to cause
EFS to use certificates from a US Department of Defense (DoD) Common
Access Card (CAC), and how to handle exporting a certificate for use on
another machine should that be necessary. Join the discussion at:
http://list.windowsitpro.com/t?ctl=3BBA4:7EB890
MICROSOFT LEARNING PATHS FOR SECURITY: Multiple-Layer Defense for
Secure Messaging
Multiple layers of defense help protect your business by decreasing
the likelihood that any single threat can compromise your network. Use
these resources to learn about a broad range of Microsoft security
solutions that can help protect your messaging environment: guarding
the perimeter with Microsoft Exchange Hosted Services, adding a buffer
and firewall protection with Microsoft ISA Server 2006, helping to
protect internal messages with Microsoft Antigen, and using Windows
Rights Management Services (RMS) to help safeguard sensitive emails and
documents.
http://list.windowsitpro.com/t?ctl=3BBAA:7EB890
KNOW YOUR IT SECURITY Contest
Sponsored by Microsoft Learning Paths for Security
Share your security-related tips, comments, or solutions in 1000 words
or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=3BBB4:7EB890
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Flexible, Portable Data Safes
Steganos is releasing a new version of its encryption application,
Steganos Safe 2007. New features include the ability to use picture
sequences as passwords; support for Apple iPods, USB drives, and other
devices and media to store encrypted data or keys; and protection of
data in Microsoft Outlook. With Steganos Safe 2007, users can create as
many virtual drives as they want for storing encrypted data, and these
drives (called "safes") can be accessed from applications, Windows
Explorer, and Web browsers. Each safe can be up to 256GB in size, and
users can change the size of safes as necessary. Steganos Safe 2007
costs $49.95. For more information, go to
http://list.windowsitpro.com/t?ctl=3BBB8:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@xxxxxxxxxxxxxxxx and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=3BBB5:7EB890
Windows Connections Conference
Come learn about Vista, Exchange, Office, SharePoint, and more in
Las Vegas, November 6-9, 2006 at Windows Connections and Microsoft
Exchange Connections. There will be exciting announcements from
Microsoft that no one should miss! There's no better conference value
in the US this fall.
http://list.windowsitpro.com/t?ctl=3BBC1:7EB890
As an IT pro today, chances are that you work in a "Windows Plus"
environment. Learn from and meet industry experts Gil Kirkpatrick, Mike
Otey, Dustin Puryear, and Randy Dyess in this full day of training on
managing Windows, Linux, UNIX, Apache, MySQL, and more. Join TechX
World--coming to Washington, DC on October 24, Chicago on October 26,
Dallas on October 31, and San Francisco on November 2.
http://list.windowsitpro.com/t?ctl=3BBB9:7EB890
Whether you're an outsourced IT provider, a member of an in-house IT
service staff, or simply provide remote support, this can't-miss Web
seminar will help you discover how the right technologies can expand
your services. You'll learn how to tap into a $30 billion market for IT
services and expand your geographic reach. Live Web seminar: Tuesday,
October 17
http://list.windowsitpro.com/t?ctl=3BBA8:7EB890
How do you manage vulnerabilities? If you depend on vulnerability
assessments to determine the state of your IT security systems, you
can't miss this Web seminar. Special research from Gartner indicates
that deeper penetration is needed to augment your vulnerability
management processes. Learn more today!
http://list.windowsitpro.com/t?ctl=3BBA6:7EB890
Do you have visibility of and control over your software licenses? Most
organizations face serious challenges, including understanding vendor
licensing models, cost overruns, missed deadlines and business
opportunities, and lost user productivity. Learn to address these
challenges and prepare for audits. Register for the free Web seminar,
available now!
http://list.windowsitpro.com/t?ctl=3BBA5:7EB890
=== FEATURED WHITE PAPER =======================================
One common set of controls can help you manage compliance across
multiple regulations and standards. Download this free IDC white paper
and find out how to map these controls and save time and money in
demonstrating compliance.
http://list.windowsitpro.com/t?ctl=3BBA9:7EB890
Special Offer: Download any white paper from Windows IT Pro before
October 31 and enter to win a Casio Exilim Card Camera! The more you
download, the more chances to win! Visit
http://list.windowsitpro.com/t?ctl=3BBBE:7EB890 for a full listing
of white papers and contest rules.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
