Free security for Aunt Mathilda or other family members

securityAs many of you may have experienced the Internet is not just filled with wonderful “things” and cute kittens, its equally filled with malware as well.  Just over the past 6 months, I in my professional capacity, have experienced Cryptolocker like malware more than 5 times, in the professional scene this was mainly a nuisance as we could “just” revert to backups – however in many private homes this could often mean “pay up” or loose your family photos etc. – seeing that many home users do not have a good backup strategy.

Sure antivirus may detect and protect against many of these things, however why rely solely on that – why not add an extra and free layer of protection to the internet of your friends/family and kids?  A protection that is not only free but also auto-updating thus maintenance free.

It is actually REALLY simple, all you do is to configure your DNS to use the DNS servers of Norton (and yes, it is totally free for home use).  Instructions for configuration is on their site https://connectsafe.norton.com/configurePC.html – on the top right you can even select the level of protection – three levels are available, may I suggest level 3 for Aunt Mathilda.

“Advanced” use

if you administer your own network and or router (or that of family and friends), then you can setup the DHCP to hand out these Norton DNS addresses and protect each and every device in the network (even that Internet of things ;-))..

Word of caution..

If you configure this setting manually (like shown below) and have a laptop you carry with you, then you MAY run into problems at schools/workplaces – in my company we ONLY allow our own DNS servers access to the internet and subsequently if you set your own DNS addresses these requests are blocked in the firewall.  This is not a problem for Aunt Mathilda or the toddlers using the home desktop computer, but keep it in mind if using laptops – the VERY best solution is to setup your DHCP to hand out the Norton DNS addresses..

2015-07-23 14_23_46-Internet Protocol Version 4 (TCP_IPv4) Properties

How good is it?

That is a difficult question to answer, as you get no statistics it would be pure guesswork – but seeing it is free and MIGHT protect you and your loved ones, why not just go with it.

Alternatives

This sounds really cool, but are there no alternatives?
Well sure there are alternatives, not sure if they are better but to mention a few;

https://www.comodo.com/secure-dns/ – Equally free, but give you adds for non-existing domains.

https://www.opendns.com/enterprise-security/threat-enforcement/packages/ – OpenDNS is a great and old player in this field, you can customize things and it even works in corporate environments – however it’s not free, you will need the “Umbrella Prosumer uses” license which is a bit hard to find on their site, however it will give you 3 devices for 20US$.

http://www.securly.com/parent-signup   – This one I just read about, it sounds cool though even though the purpose seem more parental control than security – by using Google accounts you keep track of your loved ones internet use and you get to see cool graphs etc.  But this one is equally not free.

Reddit – bookmarks -> the easy way..

Npolitifact_photos_redditow I have for the longest time been way to occupied to do a lot of reading on Reddit – which is actually a shame as there is lots of good info flowing around in there..  But anyhow, I came across a neat little trick which might be wellknown to you Reddit sharks out there, but I did not know it so I’ll share 😀

See the thing I hated was that in order to get to the groups that interests me I had to logon and then do several mouse clicks afterwards..  Might not sound like a major undertaking, but if you are busy then everything that takes mouse clicks may put you off..

Then I discovered that you could actually embed the groups you wanted to see in the URL and hence bookmark it!?  Now I have one bookmark with the mail groups I want to read and thats it…  Nice..

A few examples;

First one group;

http://www.reddit.com/r/sysadmin

Now a bunch of groups, you see you just add a “+” sign and the groupname..

http://www.reddit.com/r/andSec+antiforensics+AskNetsec+computerforensics+homelab+HyperV+netsec++PowerShell+pwned+SCCM+sysadmin+sysadmintools+usefulscripts

As mentioned, this is likely childsplay to Reddit know-it-all’s but to me it is a real neat trick.

Web-server caching.. Varnish Cache

5df133c41bfcbf3289618ffd525f199a_largeI just read about a free caching solution (Open Source) for your web-server, it sounds like an excellent solution and it seem it has been around for some time.

What it does is basically to cache incomming requests in order to reply rapidly to repeated requests, thus taking a load of your servers and possibly reduce the need for a clustered solution.

Again there are many aspects on solutions like this, but if you “need more power” (as Cpt. Kirk always said to Scotty in Star-Trek then this may be a possible road to go down).

Header from website;

Varnish Cache is a web application accelerator also known
as a caching HTTP reverse proxy. You install it in front
of any server that speaks HTTP and configure it to cache
the contents. Varnish Cache is really, really fast. It
typically speeds up delivery with a factor of 300 - 1000x,
depending on your architecture. A high level overview of
what Varnish does can be seen in the video attached
to this web page.

Link to video that explain what it’s all about (in VERY general terms 😀 but still)..
http://sl.klogmand.dk/1nARoMe

Link to website;
http://sl.klogmand.dk/1k0Bo6p

Livemaps for SCOM

If you use Microsoft SCOM for system management in your company then this is worth a look, Live maps from SAVision – it’s cool yet slightly expensive..

What it will can do is to allow you to create simple visual representations (Dashboards) of your system, you can even “publish” these dashboards as webpages and “drill-down” into these.

Not only does it allow to represent servers, routers and other equipment but it allow you to group different servers, services, equipment etc. into one (Dynamic objects) – eg. your CRM system may rely on some SQL databases and perhaps an active internet connection – in one icon you can represent the status of your CRM based upon internet being available, SQL running, Server Running etc. etc. Clever…

http://www.savision.com/products/live-maps-system-center

But as I mentioned it’s not the cheapest solution 🙁  a starter package with 25 dashboards/views should set you back $7000 I have heard – I also heard that a demo version with 5 views should be available upon request – but this is all hearsay so do check yourself.

WordPress Security -> Wordfence

WordFence

You are likely familiar with WordPress, if not well – interesting 😉  anyhow, you may also have heard about the recent attacks on wordpress blogs by a worm like virus/malware?  Attacks on WordPress installations is not something new, it has always been there as it’s such a popular platform however time has revealed some not so smart features with wordpress security, one thing is that you can try to log in as many times as you like without any action being taken – hence there is nothing to stop a brute force attack on your wordpress installation’s login!?

Well Wordfence to the rescue, a simple plugin you install on your wordpress installation that all of a sudden offers you a ton of cool security features, I will just mention a few here – for the complete listing visit their website..

Features;

  • Login limiter – limit how many incorrect passwords/usernames are accepted
  • Site and theme scanner – scan your wordpress blog for changes
  • Block unwanted IP’s from accessing your site
  • Manage crawlers (search engine index bots)
  • and many many many more cool features

You can define what the reaction to different attacks, eg. block IP/Lock account for xx min/throttle traffic.

Wordfence1

Now a thing like that must cost a fortune you say!?  well no, there is a TOTALLY FREE version with basic functionality (enough for most I would say) and the deluxe version which cost a bit.

Now after adding this you should also add Two Factor Authentication, eg using “WordPress Google Authenticator Plugin” – http://wordpress.org/extend/plugins/google-authenticator/screenshots/ Or one of the other TwoFactor authentication solutions out there.

So, what are you waiting for 🙂 protect your WordPress blog now 🙂

Crackle.com – more streaming

While ‘playing’ with my Roku2 box I came across Crackle.com and thought I’d mention it.

Www.Crackle.Com is a fully Free (yes I don’t get the business model either) streaming service (USA only, but this can be fixed with either www.witopia.net eller www.unblock-us.com), not quite as good selection as www.netflix.com but FREE 😀

Roku 2 HD getting it to work in Europe (Partly anyway)

Today my Roku2 set top box arrived from the USA (my first order via www.shopusa.com which seem to have workd fine), I had ordered this to be able to watch Netflix in my bedroom and the Roku2 box seemed the easiest and cheapest way.

The device which comes with remote and build-in wifi seemed nice, small and elegant and I did not expect many issues connecting it, I had read in advance that the service www.unblock-us.com was supporting this unit so everything should be a brease.

Well things did not go acording to plan 🙁

First things first, www.unblock-us.com works by you replacing your DNS servers with servernames (or rather IP’s) they provide, well the darn box has no network settings it gets it’s configuration from DHCP and that is it.  Well no problem, I run a Windows 2008R2 server with DHCP so I just created a new reservation for the MAC address of the Roku 2 box and setup the Unblock-us DNS server ip’s for this reservation – and sure enough this part worked like a charm (note you have to follow the instructions on the www.unblock-us.com site and activate the service before starting to use it, I’m not 100% sure how they register you, likely by your external IP – but how do they deal with dynamic IP’s then??).

So now I had the device connected to my WLAN and tv.  The first thing is then to link the Roku box to an account, you need you computer for this – so I created an account and entered the ID-code from the Roku 2 box (it displays a code you need to enter into your new Roku account to link the device to your account), and everything worked like a charm (I used a P.O.Box address in the USA as my postal address and my American Express as credit card, everything was fine).  But now began my trouble, see the device somehow knew that it was not in the USA and only showed a few totally uninteresting streaming channels (no Netflix, no Hulu etc. etc.), and now began a lot of googling – I found these two threads that seemed to give some insight to the matter;

http://support.unblock-us.com/customer/portal/questions/141869-roku-2-not-showing-us-content

http://forums.whirlpool.net.au/archive/1695235

And the issue appears to be that the account somehow is not accepted as a fully valid USA account, now I tried deleting the account and recreating it via a USA vpn as some suggested, I tried different credit cards, I tried creating a USA Paypal account but nothing solved the issue.  It was suggested that by using a verified USA creditcard you might overcome the problem, however USA credit cards are hard to come by in Europe :-/  I only know of a few places where you can obtain these and these are not free so a streaming service would end up being fairly expensive 😐

Link to obtaining a USA credit card;
http://www.unblock-us.com/how-to-set-up/us-unlocked
http://www.kanmandet.dk/?p=1860 (might also work)

I did however in the end find a liveable solution to my torment, once the device is fully configured and setup you unlink it from your Roku account – then you wait a few minutes and either restart the Roku or refresh your channels – this strangely enough caused the device to remove all channels BUT at the same time restore the Netflix launch button to the frontpage – and now Netflix works (and possibly also Hulu) – you still need Unblock-us not to forget, however all other channels are gone…  Ok, my objective was to get Netflix so I’m happy with this, but at the same time it’s a shame to not be able to try out all the other stuff – but I guess there is no winning every time 🙁

Btw; the powersupply supports both 110v and 220v so no problems there other than the wall jack which a universal adapter took care off

So status at the moment is; Got Netflix working (by unlinking the Roku from my Roku account) but now that is all the device can do…..  Hrmpf I am not totally satisfied, but guess this will have to do…

Streaming and Netflix navigation seem to work fine, quality is not fully as good as when I stream from a PC but quite acceptable.  Do let me know if anyone figures out a way around this messy situation.

Another odd thing about the Roku 2 box, there is no standby?  you need to unplug the darn thing to shut it down, acording to Roku it is because it uses so little power, now I don’t know in these days where we all are suposed to be thinking about the environment :-/

UPDATE March 8th 2012;
Found this site that appear to offer a workaround for any non USA credit card problems, I have not had the need to test it myself but it looks like a workable solution:
http://www.buyfrompowerseller.com

iPhone Configuration Utility – easy configuration of iPhones/iPads

You may be an IT administrator or just the person in charge of helping your users (or friends for that matter) configuring iPhones.  Now setting up an iPhone is not hard once you have tried it once or twice, but it is still time consuming and lets face it not very fun, well imagine that you had a piece of software in which you could prepare the configuration and then just sms the configuration to anyone?  Well it is almost as easy as that 🙂  and best of all, I will show you how 😀

What you need is the “iPhone configuration utility” from Apple, you will find it here;
http://www.apple.com/support/iphone/enterprise/

Now you install this and are set to go, with this software you can create configurations for the iPhone (or iPad) and by connecting the device to your machine you can transfer the settings directly, this is easy enough but as mentioned you can do even better – you can send the configuration over the internet – the latter however require a web-server and maybe a little more skill that the average home user.

Anyhow, if you are an IT administrator etc. and need to setup a log of iPhones, then this is interesting for you..  You create a configuration with “iPhone configuration utility” and upload this to a web-server, eg. as http://www.webserver.com/iphonesettings.mobileconfig and now you can just sms the link to this page/file to new employees or BOD “bring your own device” users.  Now one word of caution though, if you publish your config this way you MUST omit ANY sensitive information like email, domain name, username and passwords, this however is not a problem – any information not entered will just be prompted – so if you omit the username and password the user will just be prompted for this when installing the configuration (information like this is likely known by the user, or could be included in the sms).  That some outside user may be able to read what mailserver you use is not really a problem, this information is already public knowledge via eg. NSLOOKUP – so there is really no security issue with this unless you include passwords etc. which you should avoid as mentioned.

The settings set this way are entered into the phone as a “Profile”, you can configure that this “Profile” can be removed “Anytime”, “Via Password” or “Never” (never mean that you need to reset the device to remove), if you remove the “Profile” it will also remove all data related to the profile (eg. if email settings was part of a profile, it will also remove the emails as part of the removal – but if you setup additional email’s manually these will be left alone).

What can you configure;
Almost anything, just to mention a few things; Email, VPN, WiFi, Policies (you can enforce password etc. etc.).

See my walktrough here for more details etc;

 

Ps.
If you upload the configuration to a webserver, you may need to set the mime type and remember to NOT change the extention of the file (.mobileconfig).

New logo

As part of the redesign of my site (this blog) I stumbled across something that looks promising, a site where you can order a new logo for as cheap as $19.

So I have ordered the package with three logos and I am quite interested to see what they come up with, judging from their logo portfolio they appear to be capable of creating quite competent logos.

So, more to follow once I get my new logo 🙂

http://www.19dollarlogos.com

Microsoft Lync for iPhone

Found an interesting mention on the Microsoft Lync client for iPhone (Lync is more or less a corporate version of the MSN-Messenger).

Sadly it won’t work on my iPhone as I have jailbroken mine and is FAR behind in iOS version 🙁 but then again, if I were to install this I would propable get IM’s from work all the time so guess I can live with it 😉

—————————————–
From Bink.nu
—————————————–

http://bink.nu/news/microsoft-lync-2010-for-iphone-and-ipad-released.aspx

Microsoft Lync 2010 for iPhone requires a Lync Server or Office365/Lync Online account and will not work without it. If you are unsure about your account status, please contact your IT department.

Download for iPhone: http://itunes.apple.com/us/app/microsoft-lync-2010-for-iphone/id484293461?mt=8

Download for iPad: http://itunes.apple.com/dk/app/microsoft-lync-2010-for-ipad/id484222449?mt=8