|
[networknewsletters]
||
[Date Prev]
[10-2006 Date Index]
[Date Next]
||
[Thread Prev]
[10-2006 Thread Index]
[Thread Next]
Alternative Firmware for Wireless APs: Thibor
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Thu, 19 Oct 2006 11:41:01 -0400
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
=== CONTENTS ===================================================
IN FOCUS: Alternative Firmware for Wireless APs: Thibor
NEWS AND FEATURES
- Oracle to Enhance Patch Documentation with CVSS
- PhishTank Aims to Blow Scammers Out of the Water
- BartPE
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Tactile Passwords
- FAQ: Change the MIIS Service Account
- Know Your IT Security Contest
- Make Your Mark on the IT Community!
PRODUCTS
- Encrypt Files on the Network
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== IN FOCUS: Alternative Firmware for Wireless APs: Thibor ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
So far, I've told you about three alternative firmware packages for
wireless access points (APs): DD-WRT, OpenWRT, and Talisman. If you
missed those stories, you can read them at our Web site at their
respective URLs:
http://list.windowsitpro.com/t?ctl=3C96E:7EB890
http://list.windowsitpro.com/t?ctl=3C970:7EB890
http://list.windowsitpro.com/t?ctl=3C96A:7EB890
Continuing this series, this week, I give you a peek into Thibor.
Unlike the previously discussed firmware, Thibor is designed
specifically for the Linksys WRT54G, WRT54GL, WRT54GS, and WRTSL54GS
routers.
Like the other firmware packages, Thibor is based on the open source
code published by Linksys. Thibor is actually a continuation of the
firmware package HyperWRT, which started in 2004 and was, as far as I
know, maintained until early 2005. When HyperWRT development apparently
ceased, two other developers picked up the ball to continue independent
development of HyperWRT forks. Eventually the two packages were merged
into what became known as Thibor.
Like DD-WRT, OpenWRT, and Talisman, Thibor includes enhancements to the
core features available in the Linksys firmware. These include
enhancements to the Quality of Service (QoS) traffic shaping, port
forwarding, and port triggering subsystems, as well as access
restrictions including the blocking of specific services.
Added features include static DHCP leasing, a port redirector, a site
survey tool, support for DDNS including the ZoneEdit tool, and Wake-on-
LAN capability. In terms of security, Thibor also includes the Dropbear
Secure Shell (SSH) server and client as well as enhanced filtering that
can block potentially unwanted content, such as Java applets, ActiveX
controls, cookies, and P2P software such as BitTorrent, Kazaa, WinMX,
Direct Connect (DC), and Gnucleus.
As you might expect, Thibor supports PPTP for VPNs and Wired Equivalent
Privacy (WEP), Wi-Fi Protected Access (WPA), and WPA2 for communication
encryption, and even supports a number of file systems including NTFS,
FAT, FAT32, ReiserFS, Ext2, and Ext3.
In the previous articles of this series, I said that the firmware
packages include ipchains firewall software. However, reader Bonno
Bloksma wrote to correct me. Iptables is a much improved successor to
ipchains. The firmware packages I've mentioned to date, including
Thibor, use iptables. Thanks, Bonno, for pointing out that mistake.
Thibor not only includes iptables but can also be made to use Firewall
Builder. Firewall Builder is a GUI-based tool that's designed to make
creating iptable firewall policies easier. Firewall Builder creates a
script that you copy to the router. The script then configures iptables
with the behavior that you've defined. At the Firewall Builder site (at
the URL below), you can also see some screenshots of the tool in
action.
http://list.windowsitpro.com/t?ctl=3C97A:7EB890
Like DD-WRT and Talisman, Thibor (at the first URL below) includes an
easy-to-use GUI. Although HyperWRT isn't being maintained anymore, the
Web site (at the second URL below)is still active and has a Web-based
forum where people can openly discuss problems, request features, and
get help using the Thibor firmware.
http://list.windowsitpro.com/t?ctl=3C97C:7EB890
http://list.windowsitpro.com/t?ctl=3C97B:7EB890
===
Top 10 topics at the upcoming TechX World roadshows:
1. Run Windows commands at the same time as UNIX commands. With SUA,
applications can actually mix calling Windows APIs directly and calling
into the UNIX APIs.
2. Get a single view of users across your various enterprise
repositories.
3. Configure networked Linux systems to accept logins in a secured
manner using Windows AD accounts.
4. Improve how you manage access across Windows Terminal Services, UNIX
and Linux X Windows, legacy telnet, and even SSH.
5. Address problems with distributed identity management and enhance
the security of the network by preventing unauthorized access.
6. Query an LDAP server from AD and manage AD with LDAP. Ensure
tighter, more secure interoperability.
7. Set up transactional replication between SQL Server 2005 and Oracle.
8. Create reports that draw data from multiple heterogeneous data
sources such as SQL Server and Oracle.
9. Use SSIS to extract and cleanse data from an Oracle database and
then load that data to a SQL Server database.
10. Put virtualization tips & tricks to work immediately for security,
availability, backup/recovery, and server utilization.
http://list.windowsitpro.com/t?ctl=3C974:7EB890
=== SPONSOR: SurfControl =======================================
Ten Steps to Achieving Business Compliance
Learn the 10 steps you need to take to achieve corporate compliance,
including operational visibility in all communication data. As an extra
step, stop network assaults so that you can use the Internet
confidently, both on and off your corporate network.
http://list.windowsitpro.com/t?ctl=3C960:7EB890
=== SECURITY NEWS AND FEATURES =================================
Oracle to Enhance Patch Documentation with CVSS
Oracle's next batch of critical patch updates, which are issued
quarterly, are due out on October 17. Beginning with that release, the
company will introduce enhanced documentation to better help system
administrators and management understand the impact of a vulnerability
that a given patch is designed to correct.
http://list.windowsitpro.com/t?ctl=3C96C:7EB890
PhishTank Aims to Blow Scammers Out of the Water
A new team has entered the battle to stop scammers. PhishTank aims
to blow scammers completely out of the water by identifying, tracking,
and blocking access to sites that are designed to steal people's
personal information.
http://list.windowsitpro.com/t?ctl=3C96F:7EB890
BartPE
Work as a systems or security administrator long enough, and you'll
undoubtedly need to access a downed Windows system. Several tools can
help you access data from otherwise inaccessible systems. Jeff Fellinge
steps you through the wonderfully easy-to-use utility called BartPE.
http://list.windowsitpro.com/t?ctl=3C968:7EB890
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=3C966:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Tactile Passwords
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3C975:7EB890
Some folks in the UK have come up with a unique way to help prevent
people from stealing your password while shoulder surfing. Check it out
in this blog article.
http://list.windowsitpro.com/t?ctl=3C96B:7EB890
FAQ: Change the MIIS Service Account
by John Savill, http://list.windowsitpro.com/t?ctl=3C973:7EB890
Q: How can I change the Microsoft Identity Integration Server (MIIS)
2003 service account?
Find the answer at
http://list.windowsitpro.com/t?ctl=3C96D:7EB890
KNOW YOUR IT SECURITY Contest
Sponsored by Microsoft Learning Paths for Security
Share your security-related tips, comments, or solutions in 1000 words
or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=3C971:7EB890
MAKE YOUR MARK ON THE IT COMMUNITY!
Nominate yourself or a peer to become an "IT Pro of the Month." This
is your chance to get the recognition you deserve and get notoriety in
the IT community. IT Pro of the Month winners will be featured in
Windows IT Pro magazine and the TechNet Flash email newsletter, and
best of all will receive over $600 in IT resources. All you have to do
is email us your name, title, photo, and answers to the following
questions: How did your IT solution save your company money? In what
ways has your solution made innovative use of technology? and How is
your solution adaptable to other business environments? Email your
entry to: ITProoftheMonth@xxxxxxxxxxxxxxxx
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Encrypt Files on the Network
PGP announced the availability of PGP NetShare, a new product which
enables teams to manage and share encrypted network-based files. Like
PGP's other applications--PGP Whole Disk Encryption, PGP Universal
Server, PGP Universal Gateway Email, and PGP Desktop--PGP NetShare
makes use of the PGP Encryption Platform, which provides one
architecture for managing keys and enforcing policies for all the
applications. PGP also announced new versions of its existing
applications. For more information, go to
http://list.windowsitpro.com/t?ctl=3C97D:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@xxxxxxxxxxxxxxxx and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=3C972:7EB890
Any unscheduled downtime--especially of Exchange systems--can quickly
affect a company's bottom line. Learn essential skills for reducing
downtime to minutes instead of hours.
http://list.windowsitpro.com/t?ctl=3C962:7EB890
You know you need to manage your email data; how do you do it? What
steps are you taking? What additional measures should you enact? What
shouldn't you do? Get answers to these questions and get control of
your vital messaging data. Download the free eBook today!
http://list.windowsitpro.com/t?ctl=3C964:7EB890
Can disaster recovery planning create real value for your business
beyond mere survival? Justify your investments in DR planning, and get
real answers to your questions about how DR planning and implementation
affect the financial performance of your organization. Make cost-
effective decisions to positively impact your bottom line! Live Event:
Tuesday, November 14
http://list.windowsitpro.com/t?ctl=3C95F:7EB890
Join experts Douglas McDowell from Solid Quality Learning and Andrew
Sisson from Scalability Experts, as well as Intel insiders and other
database professionals, to learn the latest about SQL Server and Oracle
database mirroring, BI, 64-bit database computing, and high
availability. Coming to cities across the US this fall. Visit
http://list.windowsitpro.com/t?ctl=3C965:7EB890
Streamline and automate upgrades to SQL Server 2005 and manage multiple
databases in less time. Leverage the data management, business
intelligence, and performance improvements that you receive with an
upgrade to SQL Server 2005, and unlock the full potential of your
servers. Live Event: Thursday, November 2
http://list.windowsitpro.com/t?ctl=3C961:7EB890
--------------------------------------------------------------------------
Please link to the Educational CyberPlayGround
http://www.edu-cyberpg.com
Improving literacy through arts education and advocacy by providing
collaborative and interdisciplinary resources for understanding world
culture and our national culture.
---------------------------------------------------------------------------
=== FEATURED WHITE PAPER =======================================
Prevent installation and execution of unauthorized software on the
computers on your network. Download this free white paper today for a
comparison of different techniques for detecting and preventing
unauthorized code. Protect yourself against emerging risks today!
http://list.windowsitpro.com/t?ctl=3C963:7EB890
Special Offer: Download any white paper from Windows IT Pro before
October 31 and enter to win a Casio Exilim Card Camera! The more you
download, the more chances to win! Visit
http://list.windowsitpro.com/t?ctl=3C977:7EB890 for a full listing
of white papers and contest rules.
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
