Primary Content: Home

Google Apps All In One Solution

Google not only provides good results on the web but also solutions for sharing information across the Internet, at first Google Apps didn’t seem that interesting I saw no advantage in using web based software at all then I forgot my USB drive for a very important event. In this day and age many companies compete for users but only a few provide solutions outside of regular that can be used by individuals and small businesses. Not long ago I decided that it was time to switch email provider due to lack of space and some form of application that could be used to share appointments between a small group of people, what’s needed?.

  • The ability to use my own domain name
  • Plenty of storage for email
  • Reliability
  • Mobile access
  • The ability to share and communicate with a small group on my domain
  • The ability to expand at a later time

After looking at different options both free and paid it became clear that Google Apps was the winner, some of the solution provided are.

  • 2GB for email storage and increasing
  • Web based calendar, allows for group use
  • Easy administration
  • I can use my own domain
  • Some of the services can be access from mobile devices

Now if you don’t have a domain I recommend you get one from Godaddy.com, the popular .com TLD can be purchased for $9.99 a year (may change). After you get a domain go to the Google Apps site and sign up for the free standard account, enter your new domain where required, also don’t forget to create an email account with Godaddy. Google Apps requires verification of the domain ownership you need to either add an HTML file on the public web directory or create a RECORD (that’s my choice) review then click on verify.

The following step requires a new “MX Record”, here is an example.

type: MS
name: linhost.info.
data: ASPMX.L.GOOGLE.COM.
auxiliary info: 1

Expect to create no more than 5 records, check your Google Apps account if it says “Active” you still need to tell Google that an MX RECORD change has been made, check your account again and the status should have change to “updating” wait for 2 to 24 hours to become fully functional. Navigate the “Manage this domain” link in the dashboard and create an email account, to make sure the service its working send an email from another email provider.

Great Google is working but the problem is that to access our email or other services we get a long URL that’s almost impossible to use. Lets create a simple URL leading to our email, docs and whatever they offer. Go to the Apps Dashboard, choose the service, and pick “change url” it will give you something like “docs.linhost.info” choose “ok”. Go back to the Godaddy Domain Control Panel and create a CNAME RECORD follow the example,

[GODADDY.COM example CNAME]

Enter an Alias Name:mail
Points To Host Name:GHS.GOOGLE.COM

Enter an Alias Name:start
Points To Host Name:GHS.GOOGLE.COM

Enter an Alias Name:calendar
Points To Host Name:GHS.GOOGLE.COM

Enter an Alias Name:docs
Points To Host Name:GHS.GOOGLE.COM

Now when somebody types “docs.linhost.info” they will be forwarded to “docs.google.com/a/linhost.info/”, after the login page appears you will only need to enter the username and password there is no need to enter the domain name after the username Google already knows you are associated with that account.

In case you have a Windows Mobile phone and want to sync Google calendar download Gmobilesync it will allow you to create or erase events from a mobile phone and lets your contacts know of changes to the calendar. The only downside to Gmobilesync is that syncing has to be manual. Regardless of the need for manual sync its a great tool. Google Apps can now be access from your phone web browser at the same URL “docs.linhost.info” and “calendar.linhost.info”.

Google Apps should be working without a problem, ask if you have any problems.

Secure The Default SSH Configuration

SSH is a secure protocol used for system administration, tunneling and many useful things that a secure encrypted channel can offer. Due to the importance it has on a system attackers tend to make it a priority when scanning for ports. Increasing the level of awareness and security requires common sense to avoid using short password and common user names like “user” on a system exposed to the Internet.

The location of the OpenSSH configuration may vary depending on the Linux distribution you are using, the fundamentals still remain the same.

  • When the sign # is present it means previous value

Improve the default configuration

On Debian based distribution the configuration for OpenSSH can be found at.

/etc/ssh/sshd_config

Usually the attacker will scan for common or default ports, SSH uses port 22. In order to reduce the amount of failed attempts on a system change the port to a number above 1024.

#Port 22
Port 1520

OpenSSH offer two protocols SSH1 and SSH2, all just need to is SSH1 is insecure. The solution is to simply select protocol 2.

#Protocol 2,1
Protocol 2

The Root account has no need to be reachable from the Internet, instead create a user with privileges. You do not want to grant the attacker a nuke!. Deny login access to the root account from the Internet.

#PermitRootLogin yes
PermitRootLogin no

Automated attacks benefit from default configurations, like allowing a high number of invalid attempts, limit the number of fails attempts before denying and requiring another attempt.

#MaxAuthTries 6
MaxAuthTries 2

Now lets limit the amount of unauthenticated connection the SSH server will handle at the same time. When we make the numbers smaller than the default of 10 we are making it harder for the attacker to coordinate an attack with multiple connections. The new values tell the SSH server to allow 3 users at the same time then randomly and increasingly drop the connections between 2 / 8.

#MaxStartups 10
MaxStartups 2:40:8

By default the SSH server will hold open an unauthenticated connection for 2 minutes which is a long time in the Internet, 30 seconds is more than enough time to log in.

#LoginGraceTime 2m
LoginGraceTime 30

SSH keys are far more secure than passwords, do not run the risk of an attacker guessing you password. Disable password authentication and only allow access by using SSH keys.

#PasswordAuthentication yes
PasswordAuthentication no

This may seem basic but we are actually giving the attacker a run for his or her money. For the changes to take effect restart OpenSSH.

 /etc/init.d/sshd restart

MotoQ Report

My Internet service provider with whom I have bundle all of my service was offering a great deal on wireless. The choice seem to narrow down to the MotoQ, after I received the phone my next task was to set up my email account and SSH client with only minor problems. The SSH client seems a bit slow but the ability to do a quick fix is better than nothing. My e-mail account is with my web hosting provider, has of now I have no Push e-mail instead the phone syncs with the account every 15 minutes.

If you are getting a Windows Mobile 5 device you should know that there are no document editing capabilities unless you buy a third party application from Dataviz, only Windows Mobile 6 has editing capabilities by the fault. There is a free solution for document editing on WM5 some one ported the editing functions from WM6 to WM5 and its available in a .CAB file. One piece of software that I have become addicted to is Google Maps which brings the ability to find pretty much any business or location and display the results in a very detail manner you are bound to become addicted. For those of you that are into managing your money and want to have some type of visual access there is Pocket Quicken, I find the Application to be very expensive for a mobile app, it even cost more than the desktop one.

In conclusion I’m pleased with the phone, but not with Pocket Quicken which cannot sync when Desktop Quicken is open. Also for some reason Windows Mobile 5 will not kill the applications after they are closed , I have to manually kill them otherwise the phone becomes a bit slow.

What’s needed

  • Organizer
  • e-mail
  • SSH
  • Document editing
  • Money management

Third party software loaded into MotoQ

  • Google Maps
  • Pocket Quicken
  • Zatelnet
  • Office 6

File Recovery With Photorec

Recovering files from an accidental erase or format should not be that hard, I use a tool call Photorec it makes wonders it will even recover files that have been deleted previously. I decided to use a USB flash drive for testing because its only 128MB and it would result in a faster recovery, the bigger the storage space the more time it will take to recover those files. One of the features that I like in Photorec is whether to search the entire medium or just for specific formats, also be prepare to sort between files because the software will recover previously deleted files, I always find that amazing. For more information on Photorec visit their site.

Testing equipment

128MB flash drive
2 JPEG pictures
and my desktop

The flash drive was formated to simulate and accidental erase.

Steps

  • Start Photorec, cdm appears.
  • We are going to choose our device which is being represented as /dev/sdc 123 MB, hit enter
  • In the next screen we are ask for the partition table type, I believe the most common one in this case is Intel/PC partition, then hit enter.
  • In the 3rd screen we choose the 2nd option which is being represented as partition FAT32, you can use the right arrow if you want to go to [options] or [file opt] in this case I don’t find it necessary.
  • In the 4th screen we get to specify the file system, lets choose the 2nd option FAT/NTFS/HFS+/ReiserFS/.
  • 5th Screen choose the 2nd option [ Whole ], we are going to extract all files from the medium.
  • 6th Screen you get to tell where the results will be saved, remember you have to press y/n.

Back Up And Install The Cisco IOS Image

In order to back up the IOS you need a TFTP server, SolarWinds offers a Free TFTP Server.

If you have no idea what version of the IOS you are using use the show flash command.

Router#show flash
System flash directory:
File Length Name/status
1 3289170 d1206.bin
[3289236 bytes used, 905068 available, 4194304 total]
4096K bytes of processor board System flash (Read/Write)

Backup

From the console in privileged EXEC mode enter the copy flash tftp command. When requested enter the IP address of the TFTP server.

Router#copy flash tftp
Source filename []? d1205.bin
Address or name of remote host []? 192.168.1.21
Destination filename [d1205.bin]? y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3289170 bytes copied in 47.668 secs (69982 bytes/sec)

Restore

To copy the IOS from a TFTP server use the copy tftp command. When requested enter the IP address of the TFTP server containing the IOS.

Router#copy tftp flash
Address or name of remote host []? 192.168.1.21
Source filename []? d1206.bin
Destination filename [d1206.bin]?
Accessing tftp://192.168.1.21/d1206.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeee ...erased
Erase of flash: complete
Loading d1206.bin from 192.168.1.21 (via Ethernet0): !!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 3289170/6578176 bytes]
Verifying checksum... OK (0xB6BD)
3289170 bytes copied in 89.272 secs (36956 bytes/sec)

Password Recovery For The Cisco IOS

Connect a PC with a terminal emulation software to the console port on the Cisco router. Cisco 2620 router, IOS 12.2.

Settings for the terminal

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

Turn off the router, then back on.

After the router is on press the BREAK key(Alt + b on Tera Term) within 60 seconds of start to have the router in ROMMON.

The prompt will show.

rommon 1>

Then type confreg 0x2142 to boot from flash (this will bypass startup configuration).

rommon 1>confreg 0×2142

Type reset at the prompt (ignores saved configuration, then reboots).

rommon 2>reset

Press Ctrl-c to skip the initial procedure.

Type enable at the prompt.

Router>enable

Then the prompt changes to Router#.

Now type.

Router#configure memory

or

Router#copy startup-config running-config

commands will copy NVRAM in to memory.

To show the current configuration on the router use.

Router#show running-config

The output will be :
enable passwords
enable secret
vty
console password

which will be in encrypted or unencrypted format, encrypted passwords should be change to a new one.

To change encrypted or enable secret password do the following.

Router#
Router#configure terminal
Router(config)#enable secret 
Router(config)#exit

Issue the no shutdown command on every interface.

Router#
Router(config)#interface serial 0/1
Router(config-t)#no shutdown
Router(config-t)#exit

Type config-register use the value 0×2102.

Router(config)#config-register 0×2102

Press Ctrl-z to leave configuration mode.

Router#

Type write memory or copy running-config startup-config to commit all of the new changes and configurations.

Install The Windows Recovery Console

More than once I had to do some repairs on my Windows box and the only tool that I used was the Recovery Console. I suggest you Google Recovery Console to learn all the commands, I will only show you how to install the recovery console so that the next time the system starts the recovery console will appear as an option in the boot menu.

Install the recovery console

  • Log into Windows as the local administrator
  • Insert the setup CD
  • Click Start > Run
  • Type the following in D: D:i386winnt32.exe /cmdcons
  • Follow the instructions on the screen

I hope this helps so that the next time you don’t have to look around for the CD to do the necessary repairs.