Easily Tighten DHCP

Dislike static addressing? Me too. I loathe having to manually add addresses to machines. This post is going to show you how to quickly and easily control your DHCP addresses by limiting the number of addresses and mapping IP's to MACs.

The image below is from is from a Linksys router, but if your router is so equipped, you should be able to figure this out without too much fuss. Having all of your machines connected to your router will make this really simple. There are three things to note: 1.) I'm not using the default network and subnet address. Although I highly recommend changing this, it's not necessary. 2.) The DHCP Reservation button. This is where we map the IP to MAC. 3.) The maximum number of users is set. This number should be set to the exact number of machines on your network for maximum effectiveness.

By clicking the DHCP Reservation button, a window similar to the image below will appear. If all of your computers are connected, they should appear in the "Select Clients from DHCP Tables" section. Select the checkbox(es) and click add clients. The name of the system, the address it is currently using, and it's MAC will appear in the "Clients Already Reserved" section. If your computers are not connected to the router, they can be manually added through the "Manually Adding Client" section, providing you know the MAC addresses.

And that's all there is to it. This is a quick and simple way to gain control over your DHCP addressing and add a layer of security as well.

SIP of Asterisk

Ever wondered how difficult it is to setup a PBX (Private Branch Exchange)? In my book it's a monumental task. I have setup a couple of these machines in my time, and my time for PBX configuration is over. There are many pitfalls in setting up one of these servers. Not the least of which is available information on which hardware (other than the higher end models) that will work to cobble together even a rudimentary build. Other considerations complicating the task are decisions about the type and reliability of the service carrier, the number of lines, voicemail accounts, automated answering, and data backup.

There is plenty of older hardware that will work with Asterisk, but you must rely on the trial and error method of finding it. The place to start with older (or cheap) hardware, is finding a modem with voicemail capability and a motorola chipset. If you are unsure, google the chipset plus "asterisk" and begin there. Stay away from "unlocked" hardware from other providers. They are a pain as well. In my experience Digium hardware and Cisco phones are the only way to fly.

Backup, make notes, and research. Configuring a PBX is no simple task. There many variables that need to be set, and many more that can effect other parts of the system. If you reach a point where something is working the way it should, back up the system. Make notes of configuration changes, and research configuration options when unsure. Sometimes reading other people's issues and solutions can help down the road.

Choosing a carrier isn't easy. There are many good companies that offer reliable SIP/IAX service or interface with traditional POTS (phone company) line. They all offer competitive rates, but some are better at customer service than others. You want to avoid startups. Go with a company who has been around the block. This will save you headaches down the road.

Configuring voicemail, automated answering, caller ID, and more advanced features aren't simple tasks. I remember voicemail being a particular nuisance. The first (or even the second and third) build are a labor of love and learning.

Backing up all of the data stored on your newly employed PBX is an important consideration as well. Voice messages require more space than text files, email volume can be taxing on a backup system, and you may want to keep a running list of incoming calls. Simple configuration changes can effect data adversely, so backup is extremely important.

Want to know more? Google "configuring asterisk". There are plenty of sites with good information on specific hardware and configurations. My last build was 3 years ago, and I will never forget (or replicate) it.

Moving DIV with Javascript

Dynamic HTML has always fascinated me. The first time I visited Dynamic Drive the hook was set. I have written many scripts with moving, growing, and bouncing DIVs. Many news tickers use this technique to scroll links and text. The following is an example of how to do it. All you need is a plain text editor, but an editor like Dreamweaver or Aptana will work nicely.

First, you need to create a web page with a DIV. Type or copy the code below into a text editor and save it as "mover.htm":

<html> <head> <title>Moving DIV</title> </head> <body> <div></div> </body></html>

Next, we need to edit the DIV tag and give it a few attributes. To start with, it needs an id attribute. This will be the name that will allow the script to find it. Next, we have to give it some style information to set some parameters like size, position, background color, etc. To do moving or floating layers position HAS to be set to absolute. For this example I am setting height at 75px, width at 100px, dropping it down 16px from the top of the browser window, setting the visibility to visible, and setting the background color to black:

<div id='target' style='position:absolute;height:175px;width:100px;top:160px;left:10px;visibility:visible;background-color:#000000;'></div>

Now it's time for the script. This script will placed under the DIV, since javascript can't "see" HTML containers until they are loaded. This is where the magic happens. The DIV 'target" is called and given the variable name "box". By using css we can dynamically set the left position of the DIV by calling parseInt(box.style.left)-1 and setting a timeout using setTimeout(scrollRight()",20) to control the interval (or speed) of the DIV's travel. By calling window.onload we can load the "scrollRight()" function when the content is loaded in the window:

<script language="Javascript" type="text/javascript"> <!-- var box=document.getElementById("target"); function scrollRight(){ box.style.top = 16; box.style.left=parseInt(box.style.left)+1; setTimeout("scrollRight()",20); } window.onload=scrollRight; //--> </script>

Save your work and open it up in a browser. To stop the DIV you can use the setTimeout("scrollRight()",20) as a named variable, use an if statement limiting the count of the parseInt method and use clearTimeout() to stop the count:

function scrollRight(){ box.style.top = 16; box.style.left=parseInt(box.style.left)+1; var sto = setTimeout("scrollRight()",20); if (parseInt(box.style.left)==1200){ box.style.left=100; clearTimeout(sto);} }

Enjoy!

Use Default Browser To Protect Your PC

This little trick I picked up long ago after getting a malicious email from one of my contacts. Simply turn off scripting, disable all plugins, and do not load images automatically. If you happen to open an attack site from your email client (or any other client that spawns a browser window), this will offer some protection. Of course you will use a secondary browser for everyday surfing, but this is one way of protecting your PC from yourself ;).

Cybersecurity and IP Law

**This article was published prior to this date**

These subjects are currently being debated as Congress begins the process of beefing up IP law and cybersecurity. While we do have a need to protect our infrastructure, there is little (if any) real dialogue about actually securing national resources. The bills that have been introduced revolve around censoring the internet in an attempt to protect the IP (intellectual property) interests of Hollywood, the recording industry, patent holders, and major software manufacturers. They seem to be using critical infrastructure as a convenient excuse to create new legislation. No one involved in drafting these bills seem to have even a passing understanding of IT or network security.

After reading this 3 part article and this one on Forbes.com, I have serious reservations about the drafting process and the people involved in it. Any hacker worth their salt knows corporate naming conventions. AV programs and firewalls are good for scanning files and traffic control, but they offer no protection against a pointed attack. These attacks can be launched in many different ways using common ports, applications, and protocols. They may or may not leave any evidence behind, other than empty log files. Any hacker will tell you the only sure fire defense is to disconnect your machine from the network and shut it down. To assert that any serious security firm would prescribe AV and firewalls as a serious defense against these types of attacks is laughable. The fact that these attorneys don't get it is disturbing. How can people with such a poor understanding of corporate IT draft legislation to deal with cyber threats? Do they actually know what they are doing?

How is blocking pirated media, websites, or stiffening intellectual property going to secure the national power grid? The problem with the proposed legislation is the lack of protection for internet users from over zealous and tyrannical policing of content that may not be popular with the powers that be. Websites could be taken offline on a whim. It could take years to get a site back online, if at all. It could also potentially keep new technological break throughs, in virtually every field of science, from ever being used outside of the select few that develop or own them. These laws could potentially be used to erase or cripple other technologies.

The cybersecurity and IP legislation in their current form are being created to protect corporate profits, and nothing more. I'm not against turning a profit, it's the American way. But when does IP become more valuable than our rights as American citizens? I have a feeling we're about to find out.

11 Things To Know About Your Home Network

Many people are surprised to learn they are criminally responsible for the use of their home network. In some jurisdictions it's a crime to run an unsecured wireless network. Here are 11 things you should know about your network in order to avoid future issues:

1. Encrypt your wireless network - Use WPA, never use WEP. While WPA can still be broken, it's widely available, stronger than WEP, and is actually easier to setup.
2. Hide your SSID - Less visibility is always better.
3. Control addressing - Use a subnet calculator to calculate a new address scheme, link addresses to machines if using DHCP, or use static addressing.
4. Block basic protocols - Most users can block protocols like TFTP, Telnet, and SNMP on their network. If no file shares are present, protocols like SMB and NFS can be blocked. It's worth looking into.
5. Enable Logging - Make it a point to check your logs every week.
6. Adjust network range - Play with this setting until you achieve the right balance of lowest range setting and connectivity. Most users don't need to run their router full on.
7. Turn off "Web Utility Access" - Only allow your router to be configured from a wired connection.
8. Turn off Remote Management - If you can access your router's settings over the network, so can an attacker.
9. Block the IPs of any machine you don't want accessing the web
10. Use Wireless MAC filtering - By restricting access to only your machines, you reduce the risk of infiltration.
11. Change the default password and username.

10 Quick And Easy Case Mods

If you are tired of staring at the same old case, try sprucing it up with some inexpensive and (mostly) easy mods:

1. Paint it - The plastic front panel of most modern computers pop or screw right off. Use masking tape or painter's tape to tape off any remaining holes from the inside and cover any areas you may not want painted on the outside, and paint away.
2. Add some design - If you like the industrial/punk look, most craft stores carry reuseable vinyl stickers that you can paint over and remove. Masking tape can be used to tape off a custom design to paint over. If you have a plasma cutter available to you, you can cut out the side and add Plexiglas, or cut designs straight into the case, after removing the components of course ;).
3. Lights make a bold addition to systems with Plexiglas sides.
5. Add a hardware monitor - These are relatively cheap and easy to install. All you need is an empty drive bay.
6. Install a removable drive bay - Even you don't have a drive to fill it, they make great drawers for usb cables, jump drives, or other small items. They are lockable, too.
7. Insert metal screws - Most hardware stores have a huge selection of specialty screws that can add zip to your system. A series of short screws down the edges, around the front panel, or in a simple design on the side can add a polished industrial look to your case.
8. Add light metal and heavy plastic designs - Some specialty hardware stores carry a decent selection of light metals that be easily cut, bent, or used off the shelf for accent pieces. Metal and plastic designs can be found in places like flea markets, auto parts stores, motorcycle shops, and even the local wally world. Add screws or super strength glue, and you're good to go.
9. Add LED's - If you have soldering or electronic skills, LED's can be easily added to any case, anywhere.
10. Customize controls - Adding simple switches to control things like lights, fans, or even power. On most systems, the button covers, or tops, can be interchanged. An empty drive bay could be utilized to create a custom control panel.
11. Create accents with sticker paper - There are millions of images available on the internet, and some are really kewl. Sticker paper can be used to add some clever touches to your case.