December 1, 2010

Geek to Live: How to access a home server behind a router/firewall

by Gina Trapani

Recent Lifehacker features have covered how to run a personal web server , how to control your home computer from anywhere , and how to set up a personal wiki . For users on a home network with a router installed, home servers are not accessible from the Internet because of many modern routers' built-in firewall.

Today we'll cover how to open up specific ports on your router to allow access to a home server behind a firewall.

Please note: this tutorial is for advanced users. Your router's firewall is there to protect you from evildoers who try to control your computer over the Internet. Make sure that any service you expose to the Internet is secured with a strong password.

Enabling outside access to an internal computer on a home network requires that you set up NAT – "network address translation," or port forwarding. Forwarding sends requests for ports on the outside of your firewall to the right computer on the inside.

For instance, someone on the outside requests a page from a web server at your router's IP address. With port forwarding viagra brand cheap set up, your router knows to forward requests for port 80 (a web server's default port) to the computer with the web server running only – and none of the others on your network.

Port forwarding is only necessary when you want to expose a service to computers on the Internet outside your firewall. Some servers you'd want to do that with:

  • a home web server
  • a personal wiki
  • a BitTorrent client uploading as well as downloading
  • a VNC server
  • a home FTP server

While all routers vary slightly, port forwarding is fairly simple. Here's how to get it set up:

Step 1. Determine your server's internal IP address.

All the computers on your internal network have an IP address which looks something like 192.168.0.XXX. Get on the computer with the server running and open a command window. Then type ipconfig to determine the machine's internal address, like so:

C:\Gina>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.0.11 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1

In this case, as you can see, the server's internal IP address is 192.168.0.11.

Step 2. Configure your router.

Most routers have an web-based administrative interface that's located at http://192.168.0.1. (This address does depend on your model. Consult your router user guide for more info.)

Once you've gone to the router administration, entered the password (if one is set up), there should be an area called "Port forwarding." There, you'll set the port number that requests from the Internet will come in, and the internal computer that should fulfill those requests. Here's a screenshot of my Netgear router set up to port forward 5900 to my VNC server, which is at 192.168.0.11 (see above). Click on the image to see a larger version.

Here's a table of common services and their default port numbers.

Service Port number
Web server 80
VNC (remote control) 5900
Instiki wiki 2500
FTP 21
BitTorrent 6881-6990

Any other services you port forward for that I missed? Add it in the comments to this article or drop me a note at tips at lifehacker.com.

Filed under security, servers - home by al

Permalink • Print • Comment

August 11, 2010

The “M” Word – Protecting Yourself from Malware

The “M” Word – Protecting Yourself
from Malware

By Bryan Lambert – August 8, 2010

In this year, 2010, malware seems to be as ubiquitous as the air we breathe. While computer users today are much more savvy against the threat of malware, there’s still more that we can do. In this Tech Tip we’ll look at some very practical things to do to keep yourself protected as well as some things that you can do if you have inadvertently picked up some malware on any of your PC computers .

Protecting Your Computer

In a nutshell this is what you’ll need to keep your computer humming along:

  1. Have some kind of anti-malware protection on your computer and keep it current. While many new notebook computers and PCs come with trial anti-malware software, it is up to you to keep it current (for a price). There are, however, free alternatives.The viagra and premature ejaculation foremost among them is Microsoft’s own Security Essentials. It doesn’t come with Windows, but can be easily downloaded and installed. Other free programs include the popular AVG ; AVast , Avira and BitDefender (they have paid versions as well) while the usual suspects round up the paid products: MCAfee , Norton , Panda , Kaspersky and Trend Micro . This is not an exhaustive list by any means as there are many other free and paid programs that can be used.
  2. Keep your computer up to date.You can rely on automatic updates, but to be sure that nothing is being missed you may want to manually run updates from time to time – particularly on the Operating System and the Web Browser.For example, in Windows Vista and 7, click on Start button and in the search box type in Windows Update – the first program listed will be the Windows Update program. Click on this and check if you have any updates to run. In XP, go into the Control Panel and click on Windows Update there.With the browser, if you are running Windows Explorer, your Windows Update will update that. With other browsers, check their help files for how to update them. Besides that, also be sure that you have your firewall up and running.
  3. Don’t fall for bogus phishing scams, fake anti-virus scans, software from “nowhere.” Because of increased protection, malware programmers are hitting the most vulnerable target in the chain – you. If they can get you to install the program from a fake anti-virus scan that pops up while you’re surfing,a bogus link in your e-mail, in your messenger or on a website then they get by all those protections that have been carefully laid in place. Just don’t do it.

OK – you got “something” – Now what?

No computer is perfect – even with all your protections in place, something may slip through. If something does, there are things that can be done to minimize damage and risk.

  1. If you have access to a second computer, download onto a flash drive some tools to scan and hopefully fix your PC. Typically you can grab one or two antivirus programs available (I’d recommend AVG or AVast mentioned earlier) and a good, free anti-spyware program (I highly recommend Malwarebytes ). Install these on the infected computer and run a full scan on the computer. Depending on how bad the infection is, you may need to pull the computer off the Internet while running these scans.If you can get to the Internet, then be sure to get the latest updates for these programs. You may also look into running either Panda’s or Trend Micro’s online scanner programs. Be sure to scan ALL drives.
  2. If you have second computer or the infected computer has access to the Internet – then simply look up your computer’s symptoms online to see what other people are seeing and possible ways to fix it. There will be some dead ends, but often you can find out what is causing you the problems as well as how to fix it.
  3. After all the scans, run the more advanced tool, HijackThis from Trend Micro (a free tool) to see exactly what is running. HijackThis also gives you the ability to manually remove items as well.While you are at it, you can also run Trend Micro’s other free tools, RUBotted and RootkitBuster . If you cannot make heads or tails of the log files from HijackThis, there are many sites out there that will help you with it.
  4. If all else fails, you can always format and restore your PC back to the original configuration.

What about everyone else?

What about other Internet connected computers and devices that aren’t Windows based? Are they vulnerable to malware ? You bet that they are!This includes Linux; FreeBSD; OSX and UNIX based computers; Android; BlackBerry; iOS; Microsoft and Symbian based SmartPhones/devices. Is there anything that you can do to protect yourself here?There is.

Besides making sure that you are up-to-date on all the latest software patches, just know what kind of software and apps you are loading. Many companies, such as Symantec and others , are now making security software for these other non-Windows based operating systems and devices.

While there hasn’t been widespread infections in the past – it doesn’t mean that they won’t be the target in the future – remember, there is no such thing as a perfect, invulnerable OS.Of course, it’s up to you if you to do this if you think you may need protection on these other items.

Wrapping it up

Keeping your PC safe isn’t rocket science. It involves keeping your security software, operating system and other software up-to-date; watching what gets installed on your computer and knowing what to do if something gets through. When it comes to security, no one tip can possibly cover everything. So, we open this up to you too – what do you use personally to keep your computer safe.

Filed under security, virus by al

Permalink • Print • Comment

It’s time for Microsoft to supply ALL patches to All users

By Adrian Kingsley-Hughes | April 2, 2009, 4:45am PDT

It’s time for Microsoft’s policy of tying the availability of Windows Updates to Windows Genuine Advantage (WGA) validation to end.

Brian Livingston writing for Windows Secrets had the following to say:

“It’s ridiculous to say that Microsoft provides all security updates to Windows users, whether or not they pass Windows Genuine Advantage (WGA) validation. No, Microsoft doesn’t.

“First of all, a system that fails WGA is restricted in using Microsoft’s update and download sites.

“WGA has a reputation for rating some PCs as unlicensed when in fact they’re completely legitimate. For this reason, many people exit Windows Update at this point and turn off Automatic Updates (if it was enabled) rather than risk disabling their expensive computers.”

Windows Update and WGA are interlinked . If you have a PC that doesn’t validate as running a genuine copy of Windows (or you are uneasy about putting it through the validation process for whatever reason), then you are limited to receiving only those updates that are labeled as “Critical”. While this still gives users access to the most important updates, it means that users miss out on updates classified as “Important” or “Moderate”.

To make matters worse, back in 2006 someone at Microsoft decided to push an update for the WGA mechanism (KB905474) through the Windows Update mechanism and marked it as a “Critical” update. This mixing of genuine security updates and marketing propaganda was an enormous abuse of trust on Microsoft’s part (Apple later pulled a similar stunt when it pushed Safari to Windows users though its software update mechanism) and shouldn’t have been allowed to happen.

It’s now time for Microsoft to disconnect WGA from all Windows related updates. Same goes from Office Genuine Advantage and updates for Microsoft Office. The current situation doesn’t make good sense. I don’t have a problem with Microsoft demanding that users wanting additional content (games, new apps, templates viagra and alcohol and so on) have to go through a validation process, but ALL updates should be available to ALL users, irrespective of whether users are running a genuine copy of Windows or not. Users who have unwittingly been sold a counterfeit copy of Windows shouldn’t be penalized and have their security compromised. In fact, when it comes to security updates, even those who know they are running a pirated copy of Windows should get access to all updates. It’s in everyone’s best interests that as many machines as possible are patched.

Filed under Microsoft, security by al

Permalink • Print • Comment

April 16, 2010

Free Wi-Fi – Is it worth the risk?

Free Wi-Fi – Is it worth the risk?

by Mark Tiongco – March 21, 2010
Since its inception in the early 2000s, Wireless-Fidelity Internet (Wi-Fi) has become virtually a staple in our technologically-enhanced lives.  Its convenience increases productivity in countless industries, academics and even the family home.  Retail establishments such as Panera Bread, McDonald’s and Barnes and Noble offer free Wi-Fi in their stores as an amenity to get customers to browse and buy their  products.  While “free Wi-Fi” might seem like a no-brainer, customers should keep in mind the inherent risks of free Wi-Fi.


What’s the Big Deal?  It’s free

Since it’s free, most establishments do not use Wi-Fi encryption to secure their respective networks thus offering hackers a way to steal your usernames and passwords.  For example, Panera Bread has signs that say “802.11b Wi-Fi” in their restaurants.  802.11b was created in 1999 which has little security so a hacker can literally intercept your Facebook username and password as you’re logging on.  Even if Panera Bread equipped their bakeries with WEP (Wired Equivalent Privacy), this security is so outdated that it can be cracked in under a few minutes.  With that being said, Barnes and Noble, Starbucks and McDonald’s also have zero security in place for their Wi-Fi.  Upon reading Starbucks’ Wi-Fi policy, they explained the reason for using unencrypted 802.11g was to ensure maximum compatibility between communication devices. 


A Hacker’s Point of View

"War driving" is the idea of driving around town and looking for a Wi-Fi network that is unencrypted or has weak encryption and can be easily cracked.  Wardriving can happen near a Starbucks, your neighborhood or a business park where Wi-Fi networks are online 24 hours a day, 7 days a week.  With zero or minimal security, a hacker can intercept, unscramble and figure out the information being sent between a customer’s laptop to the Wireless Access Point of an establishment.The essence of Wardriving involves time. For natural viagra example, a hacker can crack the password to a wireless network in possibly 3-4 hours.  You spend 8 hours sleeping and 8 hours at work.  So theoretically a hacker has 16 hours to try and compromise a home or office Wi-Fi network. And let’s not forget the fact that Notebook Computers have become more powerful over time. Multi-core CPU’s and on-board Video Cards processing power is being utilized to run more advanced hacking programs.Going from bad to worse, current WPA (Wi-Fi Protected Access) can be cracked in about 15 minutes along with WPA2 as seen in 802.11n network products. Two popular ways of cracking a wireless network are Brute Force and Dictionary Attack. Brute Force involves exhausting every single letter, number and special character in multiple combinations until the correct combination is found.  Dictionary Attacks utilizes a specific set of words and phrases from a dictionary to “guess” the correct password.  Another tactic that can easily swipe your login credentials is a Rogue Access Point. In this case, a hacker can set up a Wireless Access Point that imitates the true Access Point.  If your notebook connects to this Rogue Access Point, you won’t see any difference as the hacker can duplicate the log-in screen with near 100% accuracy.  This is like phishing, where you receive an alert email from your bank or credit card company asking you to click on their link and “verify” your account is okay by logging in.


What You Can Do

There are a few steps you can take to minimize the chance of your information getting stolen:

  • First, make sure your passwords are long and are fairly unique.
    Having “GOLAKERS_1981” as one of your passwords wouldn’t
    be difficult to crack.
  • Second, speak to your employer’s IT department about a VPN
    connection.  VPN stands for Virtual Private Network and allows
    you to connect to your company’s network in a secure way. 
  • Third, when logging in, pay attention to the URL address along
    with any inconsistencies with the log-in page (i.e. spelling,
    inaccurate pictures).

Also, check to make sure your laptop is connected to the correct Wi-Fi network and not to one with a questionable name.

  • Fourth, access your important banking and credit card
    accounts at home so as to minimize the chance of
    being a victim of financial identity theft. 

In Conclusion

Wi-Fi has come a long way in a short while with its speed, convenience and utility.  By knowing the risks associated with free Wi-Fi service, you can minimize the chance of a data breach and possible identity theft.

Filed under internet, security, WiFi by al

Permalink • Print • Comment

March 21, 2009

GoogleAnon

If you're like everybody else who uses the Web, I imagine you use Google's popular search engine to look up information about different topics. Well, just like about any other Web site out there, Google sets cookies on your browser for various reasons, such as remembering preferences.

With Google however, it keeps cookies that track user searches and stores them on its database for possible future needs. Some of these cookies are set to last for 30 to 35 years into the future. That is some time to keep search information, don't you think? Although Google doesn't keep actual user's names and addresses, it does assign your system a unique ID that is complete with your IP address.

Now, I'm not trying to make Google out to be the bad guys. I actually think that they are a great company. In an industry where I have seen a lot of companies gauge their users for more and more to become successful, Google has always been there for the users, all the while keeping the rest of the industry on its toes. But, it still doesn't mean I want my cookies stored in my browser or on their server for an umpteen amount of years.

So, the cookies might not bother you. You know and trust Google, so why worry? There are a couple reasons I choose to worry.

1.) It's my job.

2.) AOL, MSN and Yahoo have already given up some information like this to the government upon request and this is the information Google was being suspended for at the beginning of this year.

3.) Even though Google's motto is “Don't Be Evil,” there is no telling what will happen in the future. The IT industry is volatile at best and business makes strange bedfellows. With Google offering more services, such as e-mail and blogs, they have much more information about users than they used to. This, to me, means that If Google changes their mission statement, they will have potentially tons of information on users.

4.) My final reason for the Google cookie paranoia is hackers and data leaks. This information can be invaluable to certain entities; so much so that not only hackers, but employees have been stealing information as well, so why leave it out there?

So, what do you do about this? Well, you can clean out your cookies regularly (which you should do anyway), but if you have a lot of Web settings you don't want to change, there is another way.

I found this the other day and I thought it would come in handy as an online security utility. It's called GoogleAnon and it helps you conduct Google searches anonymously. GoogleAnon sets your Google GUID buy viagra on line to all zeros so you can perform search after search without leaving a trace as to whom you are.

GoogleAnon is a service that you save as a favorite in order to use. You can also drag it from your browser bookmarks to your personal links for quicker access. Once you have the GoogleAnon setup, open up an Internet browser and navigate to google.com. Now, access the GoogleAnon, which is in your favorites and you should see the following box come up, which shows your assigned Google ID.

Select OK and it will zero out your ID. Once this is done, you are taken back to the Google preference page to reset three to four different settings that are usually stored by Google cookies. Select OK again. Now you are ready to use Google without worrying about being observed for future endeavors, projects or experiments.

GoogleAnon should work on the following browsers: IE4+, Opera, AOL, Netscape, Mozilla and Firefox.

Click here to access GoogleAnon. Once there, scroll up a little and look for the little box that says GoogleAnon. You're going to save it to your Favorites and then close and reopen your browser, so it will displayed in your Favorites list. Just follow all the instructions to get started.

Filed under browsers, Google, security by al

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and a healthy dose of Semiologic • Sky Gold skin by Denis de Bernardy