Skip to content
Home » VPN » Page 2


Why SSL isn’t fooolproof security

Over at Rabbit-Hole, a commenter posted that my low-tier VPN is unnecessary if you’re using SSL. He’s wrong.

Perhaps I should have titled this “When SSL isn’t foolproof security,” but it’s too late now. Oh well.

When you’re sitting on a strange network (not your home or work network), SSL is vulnerable to a classic man-in-the-middle attack. If you’re paying attention, you should know if your session is being hijacked. But who’s paying attention?

Read More »Why SSL isn’t fooolproof security

How to power your computer up from away from home

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read More »How to power your computer up from away from home

Secure that public wi-fi with a low-tier, no-cost home VPN

If you spend any time at all using unencrypted wi-fi networks at hotels and coffee shops, you need a VPN. Public connections are fine for reading news headlines and checking sports scores, but cannot be considered safe for e-mail, online banking, making purchases, or anything that involves a username and a password. A VPN, which encrypts that traffic from prying eyes, is the only way to make them safe.

Here’s how to set up a VPN that’s good enough for personal use. All you need is a home Internet connection, a computer at home, and the laptop you take on the road.

Of course corporations can set up VPNs that are much faster and much more robust, but this is something you can set up in a couple of hours on a weekend afternoon without spending anything.

Read More »Secure that public wi-fi with a low-tier, no-cost home VPN

I’m back.

Four words: Worst. Business trip. Ever.

I’ll give some more details later, after the airline decides what they’re going to do to make things righter (they can’t make it right). They managed not to crash the plane.  Which is less of an achievement than me managing to drive to the airport without crashing my car. Other than that, they didn’t do much of anything right.

I had a nifty VPN set up that let me connect back into my home network to post, but a power outage knocked out my proxy server, which I had forgotten to configure to auto-start. I wasn’t about to log in here via unencrypted hotel wifi, which was why I was absent here for a few days.

I’ll have some more stuff in a while, but for now I need to take care of a few other things.

SQLSlammer takes its toll on the ‘Net

If the ‘Net was slow today, it was because of a new worm, called SQLSlammer, that infected vulnerable Windows servers running Microsoft’s SQL database.
The exploit it used was old, but it was made possible because Microsoft’s cumulative hotfixes not being cumulative, and one of the patches not included, if applied afterward, reverted the server back to its vulnerable state. This was not mentioned clearly in the documentation for the hotfixes. Probably Microsoft didn’t know–until it was too late.

But in some cases it’s not Microsoft’s fault. Try getting a pointy-haired boss to give you 15 minutes’ downtime per server so you can roll necessary security patches across your enterprise. Since many people who ultimately make IT decisions never actually administered a Windows server in their careers, a lot of bad decisions get made and servers stay unpatched, as a matter of policy, either out of fear that a patch that closes a security hole might create a new bug, or that some remote VPN user in Kenya might be trying to work during that proposed scheduled time.

Linux got a bad rap in the security press last year because it allegedly had more security vulnerabilities than Windows did last year–never mind that a vulnerability in, say, BIND would get counted several times because it’s included in every Linux distribution, so whereas a vulnerability in IIS would get counted once against Windows’ total, a vulnerability in BIND might get counted 8 times.

We’ll ignore that. Fine. Linux has a larger number of security problems and vulnerabilities than Windows does. Fact. Undeniable. Fine. Answer this question then: Has any worm affecting Linux ever had the devastating effect that SQLSlammer had? That Nimda had? The most notorious worm that affected Linux was called Slapper. Do you remember it? More than 60% of the servers on the ‘Net run on Apache. A worm affecting Apache should have been huge. It wasn’t.

Statistics are, well, statistics. Just because I can find you a set of numbers that suggests the sky is pink doesn’t make it any less blue.

Why anyone, anywhere, has a Windows server on the ‘Net with anything more than port 80 exposed is beyond me.

Trustworthy Computing? Nice buzzwords. Billy Gates has yet to put any meaning into them.

And incompetence rises. Managers didn’t learn from Nimda, so they won’t learn from this either.

Great combination. What does it mean? History will repeat itself. Something like this will happen again. Probably sooner rather than later.

Windows XP networking advice

I ran into a problem yesterday with a VPN client not working in XP. After a Usenet search, someone suggested that removing the QoS client (which does nothing useful anyway) fixes the problem about 80% of the time. In my case, that worked.
If something networking-related isn’t working right in WinXP for you, try removing the QoS client and see what happens. At the very least, you’ll speed up networking slightly, and at best, you’ll fix the problem.

Getting out of a sticky BIND

Setting up DNS on Linux isn’t supposed to be the easiest thing in the world. But it wasn’t supposed to be this hard either.
I installed Debian (since it’s nice and lean and mean) and BIND 9.2.1 and dutifully entered the named.conf file and the zones files. I checked out their syntax with the included tools (named-checkconf and named-checkzone). It checked out fine. But my Windows PCs wouldn’t resolve against it.
Read More »Getting out of a sticky BIND

We’ve got problems.

It all happened two nights ago when I put a questionable disk in my Linux box that’s running a highly experimental kernel. The task crashed. OK, fine. Everything else was still happy. So I tried to close out that shell. Hello, Mr. Freeze. Well, that’s what I get for running an experimental kernel. These things happen. So I rebooted. It came up fine, except it couldn’t see the network.
Figuring I’d catch all kinds of crap about this one, I shut off the monitor and resolved to come back to it later.

Then I came home last night and figured I’d check my mail on one of my Windows boxes. It errored out immediately. So I opened a command prompt and tried to ping. The network was unreachable. What? Is this contagious? So I went to my Web server. It saw the world just fine, and the world could see it. Curious.

So my router/switch was fine. I looked under my desk. There it was, blinking away. Then I noticed something wrong down there. I glanced at my hub. No lights. No nothing.

I reached down and unplugged it. Dead. I unplugged the power cable from the power supply. Dead. I reached over to the hub’s plug and pulled it.

My Web server went dead. So much for my 270+ days of uptime. And I guess that wasn’t my hub after all.

So I traced the cable from my Windows box to the hub, and moved it to the switch. I opened a command prompt and typed ipconfig /renew. I was back in business immediately.

I tried my Linux box, but I couldn’t trace its cable. I’ll do that some other time.

And of course I needed to plug my work laptop in and VPN into the LAN to try to do a little maintenance. Every night needs to be spiced up with some adventure, you know.

I guess I’ll be finding out about Netgear’s customer service later.