Domain: ultraviolet.org
Stories and comments across the archive that link to ultraviolet.org.
Stories · 12
-
Intel Laptop Competes With One Laptop Per Child
Tracy Reed writes "According to the BBC, Intel has designed and begun marketing it's own low-cost laptop targeted at education in developing countries. 'Professor Negroponte, who aims to distribute millions of laptops to kids in developing countries, said Intel had hurt his mission "enormously". Speaking to US broadcaster CBS, Intel's chairman denied the claims. "We're not trying to drive him out of business," said Craig Barrett. "We're trying to bring capability to young people." Mr Barrett has previously dismissed the $100 laptop as a "gadget".'" -
802.11 Security
JadeSky writes "Having played around with wireless networking at home a little bit, and then being faced with implementing a wireless network at the office for the purposes of in-house customer training in a cosmetically clean room (wires are ugly), I had been thinking for some time about the best way to implement a secure wireless networking solution. Amusingly enough, shortly after the idea of a wireless network at the office came up, I managed to win 802.11 Security in a raffle at the Kernel Panic Linux Users' Group monthly meeting. The book was thoughtfully donated (with a few others) by O'Reilly on the condition that the recipients contribute reviews. Since I've found the book genuinely helpful, I thought I'd let others know, and hence, my first Slashdot book review. Hooray!" This book emphasizes a multi-layer approach to wireless security; read on for more of JadeSky's review. 802.11 Security author Bruce Potter and Bob Fleck pages 192 publisher O'Reilly rating very good reviewer Gregory Ruiz-Ade (JadeSky) ISBN 0596002904 summary Securing wireless networksWith the amazing proliferation of wireless networks these days, there seems to be constant churning about how best to secure them, while at the very same time, barely anybody is actually doing anything about it. Potter and Fleck have offered up this little book, 802.11 Security, as a no-nonsense guide to understanding the problem of wireless networking security (or, as the case may be, the complete lack thereof) as well as demonstrating how to implement viable solutions.
Straight from the horse's mouth, "This book is aimed at network engineers, security engineers, systems administrators or general hobbyists interested in deploying secure 802.11b-based systems." The greatest attention is given to Linux and FreeBSD systems, though OpenBSD, Mac OS X and Windows are covered as client systems, too. The authors split the book into four parts: "802.11 Security Basics (Part I)," "Station Security (Part II)," "Access Point Security (Part III)," and "Gateway Security (Part IV)."
Part I, "Security Basics," gives a very good introduction to the concepts of wireless communications. Chapter 1 explains how radio transmissions work (and how antenna shapes affect them), and why radio transmissions are inherently insecure (i.e., anyone with an antenna in range can listen in). 802.11 is explained, as well as WEP, and WEP's problems. Chapter 2 describes in detail the risks involved with wireless networking, and gives examples of types of attacks which can be performed against wireless networks.
Part II, "Station Security," outlines in great detail what you need to do to make sure your wireless network clients are as secure as possible. We're given two goals for client station security: prevent any access to the client systems, and make sure that the clients speak secure protocols for any network services they access. To the paranoid, both these goals are rather obvious, but they're important enough that the authors spent time explaining them. They follow with a couple paragraphs on logging and security updates on the client systems, and the rest of Part II (Chapters 4 through 8) give specific information on how to best secure client systems of various OSes.
Part III (Chapter 9, really), "Setting Up an Access Point," delves into the intricacies of setting up and securing a wireless access point, from generic advice on how to configure access point appliances to more specific instructions on configuring host-based access points running Linux, FreeBSD and OpenBSD. Comparatively little time is spent on host-based access points in the book, probably because most people generally don't do things things way since access point appliances are so cheap and simple to configure/install.
The remainder of the book is spent on Part IV, "Gateway Security" (Chapters 10 through 15), which describes the infrastructure end of how most wireless networks will likely end up being integrated to wired networks. Basic suggestions for structuring the combined networks are given, and follow what I'd consider to be really good advice: wireless networks should be on their own interface of the gateway (or firewall), physically separated from both internal networks and the Internet. The authors strongly recommend against simply attaching the access points to the internal network, as that introduces too many security risks (an example involving ARP poisoning is given to illustrate why and how). The next three chapters detail the configuration of Linux, FreeBSD and OpenBSD as a secure gateway.
Chapter 14, "Authentication and Encryption", introduces the idea of using strong authentication and encryption mechanisms outside of WEP, using NoCat (which will run on Linux, FreeBSD and OpenBSD) and WiCap (for OpenBSD only) for authentication and IPSec for strong encryption. The idea the authors present here is that for the most secure setup, in addition to enabling strong WEP (as detailed in the rest of the book), your wireless network is set up to not allow clients access to anything until they are authenticated. Then, and only then, the gateway will allow wireless clients to access other network segments (i.e., the internal LAN, and/or the Internet), but only if all the communications over the wireless segment are done through secure tunnels. Sadly, the authors neglected to mention OpenBSD's, Windows 2000's or XP's ability to do IPSec, and their treatment of IPSec for FreeBSD and Linux certainly isn't very detailed, though pointers are given to the appropriate web sites for more information. 802.1x authentication (physical port authentication) is also explained in some detail, though it is of little use, since very little equipment deployed today has support for it. It is an interesting concept, though.
Closing out the book, Chapter 15 is appropriately titled "Putting It All Together." Here we get a final overview of all the pieces as well as how they fit together, and how certain aspects of the system as a whole affects both the administrators and the users of the system.
Overall, I'd have to say that this is exactly the type of "security in depth" book I've been needing to help me figure out how best to implement wireless networking at the office with minimal risk to the rest of the network. The authors write in a very approachable style and do a very good job of giving the necessary background before launching into any detailed discussions. I would highly recommend this book to anyone considering installing wireless networking without wanting to simultaneously install a simple back door to their network. Honestly, I haven't found much to complain about.
I'm of the opinion that, after reading this book, and using it as a guide to setting up a secure wireless network, I'll be able to sleep at night. Even though people can still war drive (or even war fly) and find your access points, even if they managed to crack the WEP keys and associate to the AP, the network will still be secure because of the multiple layers that have been put in place.
You can purchase 802.11 Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Warflying: San Diego
geogeek6_7 writes: "WarFlying over SanDiego reveals hundreds of WAPs, and some very interesting statistics. There is a second write up of the same adventure at the pilot's personal website. All this of course should not be confused with that 1500ft 'WarDriving' effort in Australia." -
Xdaliclock Fails Y2k (But Everything Else Seems Fine)
Tracy R Reed writes "Like any real geek I was near my computer and used the xntpd-synchronized time to determine when midnight really struck. As soon as it happened, xdaliclock did something strange!" Besides the terrifying xdaliclock crisis, 2600 had a great page up that seemed to fool quite a number of Slashdot readers. Several other joke websites popped up, and several others had real (minor) glitches. So far I've heard rumors of an ATM system that went down for a few minutes, and some radiation monitors that messed up for a bit. But apparently that was about it. The most overhyped event in years. Enjoy the day off if you get one! -
Xdaliclock Fails Y2k (But Everything Else Seems Fine)
Tracy R Reed writes "Like any real geek I was near my computer and used the xntpd-synchronized time to determine when midnight really struck. As soon as it happened, xdaliclock did something strange!" Besides the terrifying xdaliclock crisis, 2600 had a great page up that seemed to fool quite a number of Slashdot readers. Several other joke websites popped up, and several others had real (minor) glitches. So far I've heard rumors of an ATM system that went down for a few minutes, and some radiation monitors that messed up for a bit. But apparently that was about it. The most overhyped event in years. Enjoy the day off if you get one! -
On The Linux Culture and Money
Andrew G. Feinberg writes "The latest Andrew Leonard piece on Salon.com deals with whether our favorite corporations will still be true to the community while having to keep shareholders happy. Excerpt is below: "Will the huge financial worth of the founders of companies like Red Hat and VA Linux end up disillusioning small-time developers? These companies must now keep their shareholders happy -- will the goal of keeping stock prices high interfere with code design decisions that used to be based on purely pragmatic factors? And what happens if Red Hat and VA Linux stock goes down in flames?" " -
RMS The Coder
Andrew G. Feinberg writes "Here is a article on the LinuxCare website. " This is a cool interview just because its not dealing with the usual GNU/Open Source/Free Software stuff, but more with code, coding, and lots of other stuff that frankly just isn't political. Enjoy it. -
Waiting for the Knock
Andrew G. Feinberg writes "in this LinuxToday story, Richard Stallman talks about some upcoming laws that could be disasterous for British citizens." Guilty until you prove you're innocent, no right to remain silent, no right to a jury trial, produce your encryption keys or go to jail... At least in the U.S. we have some time off while Congress takes a break. -
LinuxOne Releases a Product
Andrew G. Feinberg noted that Linux Today has a bit about LinuxOne releasing something. They are no longer vaporware: 'Linux Lite' is a distribution, and its selling point is that it coexists with windows and doesn't require any partitioning. Definitely nice for the novice, but there sure is a lot of hype in that press release for what seems to amount to using umsdos and a bootloader that loads the kernel from under windows? -
Review:Linux Programmer's Reference
Andrew G. Feinberg sent in a review of Richard Petersen's endeavor Linux Programmer's Reference. The book itself is a guide to scripting and other mini-languages, so if brushing up on that looms in your future, click below to read more about it. Linux Programmer's Reference author Richard Petersen pages publisher Osborne/McGraw-Hill rating 9 reviewer Andrew G. Feinberg ISBN summary A reasonable, small book to mini-languages. The Scenario I was looking for a good book to read that had nothing to do with computers, when this little (and it is little) book caught my eye. It looked like it was going to be a huge book, but all it is is a little guide to scripting and other mini-languages.
What's Bad? The title is a bit misleading, but otherwise that is the only bad thing about the book.
What's Good? Everything else! It's not a heavy read, but it's a quick tutorial and reference on shell scripting (bash, tcsh, and my favorite, zsh). It also touches on make, rcs, creating man pages, and tcl/tk. The book also sports a section on LaTeX (a quickie). It's no camel book, but it's cool. Oh, yeah. It also rounds out the mix with a section on gcc and g++. Fun for the whole family.
So What's In It For Me? If you do alot of shell scripting for quick-and-dirty tasks, this book lets you look up more advanced stuff, as well as the cool trick you forgot. It also teaches you how to package a program, and write documentation. I keep it on my desk where I can see it, so if I need to look up a function, it's there.Pick this book up over here.
Table of Contents- Chapter 1: BASH Shell Programming
- Chapter 2: TCSH Shell Programming
- Chapter 3: ZSH Shell Programming
- Chapter 4: Compilers and Libraries
- Chapter 5: Development Tools
- Appendix A: PERL - Quick Reference
- Appendix B: Tcl and Tk
- Appendix C: TeX and LaTeX
-
Intel... a good place to work
Tracy R Reed writes "Apparently, Intel hasn't been treating it's employees so well and the people who worked in the former DEC plant recently purchased by Intel aren't so happy with the changes being made. Merced may also be in serious trouble due to lack of experienced engineers. The Face Intel website is a place where former and current Intel employees air their grievances. " It's a pretty punchy site, well worth a look at. -
The Future of Netscape Source
Tracy Reed writes "Netscape's decision to support free software by making Netscape free and releasing the source was apparently heavily influenced by a paper written by Eric S Raymond titled The Cathedral and the Bazaar. He is going to Netscape's headquarters to meet with top people in Netscape and the industry to help them define their freeware strategy. They realize that the freeware approach is the only way to topple Microsoft's stranglehold on the industry." Guys like Raymond really go this rolling, now let's hope that he can help make it work.