Category Archives: Security

Turning the Human Firewall On – The Analogies Project

April 30, 2015Security, Technologydata, employees, firewall, human, information, infosec, psychology, securityMike Dixson

Interesting course as part of Infosec 2015.

http://www.infosecurityeurope.com/en/education/training/Analogies-Project/

Configuring Radius Authentication on Linux

September 2, 2014How To, Linux, Security, Tech Solutionsauthenticate, Authentication, Configuring, debian, linux, login, pam, pam_radius_auth.so, Radius, ssh, su, tutorial, UBUNTUMike Dixson

Install libpam-radius-auth
sudo apt-get install libpam-radius-auth
Configure libpam-radius-auth with your radius servers and secrets
sudo pico /etc/pam_radius_auth.conf
Set permissions on /etc/pam_radius_auth.conf
sudo chmod 0600 /etc/pam_radius_auth.conf
Add auth sufficient pam_radius_auth.so to /etc/pam.d/login and then the following as desired just above the line reading @include common-auth
/etc/pam.d/sshd /etc/pam.d/sudo /etc/pam.d/su
Add try_first_pass to auth line in /etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
Make user locally with disabled password
sudo useradd -m USERNAME
or to add a user and add to the sudo group
sudo useradd -m -G sudo USERNAME

Ta Da!

The one caveat that I’ve found with this is that when logging in with local users to the local console you are prompted for a password twice, this is fixed via step 5 but note that if you run pam-auth-update this change will be overwritten.

Activating an iPhone or iPad Through a Firewall

January 29, 2014Security, Technologyapple, firewall, securityMike Dixson

In order to activate an IOS device when behind a firewall allow the following traffic

https 17.149.240.70 nwk-unbrick2.apple.com

Allowing Apple App Store Access Through a Firewall

January 29, 2014Security, Tech Solutions, Technologyapp store, apple, firewall, ip, ports, rangesMike Dixson

If you allow port 80 and 443 access out of your network then accessing the Apple App Store from behind your firewall it’s a doddle.

However if you have a more locked down area of a network but have iPads etc that need App Store access here’s what you need to allow port 80 and 443 access to:

17.154.0.0/16 Apple's Class B Subnet includes phobos.apple.com address(es)
23.63.98.0/23 Akamai Technologies CDN

I appreciate this is a bit of a wide range of addresses, but unless you want to be having to packet capture and analyze where the App store is heading too that week it’s a reasonable. I doubt anyone would give up a class B IPv4 range nowadays.

Hope that helps some of you out!

Mac OS X’s Hidden FTP Server

January 27, 2014Security, Technologyapple, built in, file, free, ftp, hidden, mac, os, osx, protocol, server, transfer, xMike Dixson

Seeing as there is already the capability to run a built in ftp server on OS X why bother downloading and potentially paying for one?

Starting the OS X FTP Server

sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist

Stopping the OS X FTP Server

sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist

You could even easily knock up an Automator app to start and stop this (sod it I might even make one myself).

Sourced from: http://osxdaily.com/2011/09/29/start-an-ftp-or-sftp-server-in-mac-os-x-lion/