Monday, September 7, 2009

How to configure your CISCO router to authenticate from your Active Directory

Routers and switches are usually forgotten in network, we always drop them from password changes policies, so it will be a nice idea to use your active directory accounts for login to your cisco routers, here it is the steps,
It's mainly divided into two main configurations, one to be done in your domain controller( or any member server) and one to be done in your Cisco router or switch.


1- Windows configuration:
We have to configure RADIUS on a Windows memeber server or domain controller:
go to add/remove windows components:

















Now you can configure IAS from the administrative tools in control panel:

















right-click RADIUS Clients, and select New RADIUS Client

















Name is any friendly name, and IP is the ip address for the interface which connected to the same network where the Radius server exist.










Now we have to create a remote access policy.

name it anyname ! and choose custom:



















Click add and choose Windows-groups.
click add again, and choose a windows group (this group will be the only one which have access to your routers!, you can add more groups later, but i don't recommend adding everyone!)

















Then click Ok.

Select grant:















Then click next and Edit Profile:














select the Authentication tab.
Check Unencrypted Authentication (PAP/SPAP), and uncheck all the rest.



















Then select the advanced tab.

Select Service-Type, then click Edit,
In the Enumerable Attribute Information dialog box
select login from the attribute value














Then click ok,
in advanced tab choose frame protocol and then choose remove.



















Now you have to click ok, and when IAS ask you whether you would like to see help or not, its up to you for sure whether you like to see it or not :-).

Now we finished the Windows configuration, and we have to move to the router configuration.





2-Router configuration:

Ill assume that you are familiar with cisco commands and modes, and you know your interfaces!

First of all we have to have secret password enabled.





Then we have to configure our router for RADIUS authentication.
aaa anyrouter
radius-server host 192.168.1.16 auth-port 1645 acct-port 1646 key cisco (the key must be the same as the one which we configured in Windows RADIUS installation.)
ip radius source-interface f0/0 (you know your interface which with the RADIUS!)
aaa authentication login mylist group radius local (mylist could be any list even the default)



Let's add a local user now, to use it in case we couldn't access the Radius server!





Now we have to configure lines to use the list which we created earlier (mylist)
#line vty 0 4
#login authentication mylist

We have to set a host name for the router:
#hostname xyz

then we have to configure our domain:
#ip domain-name roseicollis.net

Then,lets generate the crypto keys:
#crypto key generate rsa

Finally lets restrict our lines to use SSH instead of telnet (Remember you have to use Putty to access it remotely)
# Line vty 0 4
# Transport input ssh

Now if everything worked well, you can use any user from the group which enabled in Radius, and its associated password (remember you use just the user name only not followed by@domain name nor domainname\username format)

Thursday, August 20, 2009

Firefox vs Chrome


VS











Google browser is out for about a year now, and google used its fame to distribute the browser, you could notice it easily at their sites, which offer links like running faster on chrome ,or try chrome and so on, anyway i am not going to offer a new comparison cause others offers a good ones already:
http://www.pcworld.com/article/150828/browser_battle_firefox_31_vs_chrome_vs_ie_8.html
http://www.techradar.com/news/internet/web/tested-google-chrome-vs-ie8-vs-firefox-3-1-462848

But personally i believe chrome itself is a big mistake, being dominant in searching does not mean you are going to success in browsers market, also i think it was a lot better if google supported firefox instead of developing it's own browser, well

Why firefox is superior?

Simply cause it have add-ins, everyone could write an add-in adding function to the browser, go and search in add-ins you will find a lot more than what you can imagine, so that its simply collect the best of all browsers, for example safary coming from a progress bar in address bar, its nice, someone could switch to safary for that(some like eye candy), then firefox simply can go and pick an add-in adding the same thing to firefox, Internet explorer 7 colored the address, an add-in can do the same for firefox, so its not about its always the better browser but its about every time something neat appear in browsers market, someone add it to firefox by an add-in which i believe will keep firefox the best for a while, for sure without a good structure for the browser core it was not going to work out , but firefox have a good enough core to stay the best. so im going to stay with firefox and getting add-ins adding the new features which other browsers offer, and ill try to discuss the useful firefox add ins at the next topics (with ALLAH well), :)

Tuesday, August 11, 2009

Check RAM from USB!

A lot of PC problems could have RAM as a suspicious, any fault in RAM could lead to application crash or even totally OS crash, so we need frequently to test RAM, out of fake applications which just show a progress bar running and no more, there is a tool really do the job which is memtest86+
here it is a few steps to get a bootable flash drive can run this tool, and do your test with.
1-you will need to a usb drive any size even 64 mb flash memory will do the job.
2-You will need to HP usb desk storage format tool (This tool working with all flash types not HP only, and it can format in ntfs and make the flash bootable)
3-Windows 98 boot disk.
4-memtest86+ for usb.

Now you have to extract the windows 98 boot disk files to a directory
Then, we have to format the flash drive using the HP usb desk storage format tool.




















Device: will be your flash device DOS system files location: will be where you extracted the Windows 98 Disk files

Now open the flash drive, it suppose to have these files:










Now extract the memtest86+ binary file from the downloaded zip file and copy it to the flash
its just one file named mt211.exe
so your flash root suppose to be like this now:









Now all what you have to do is reboot your machine, (make sure your first boot device is usb)
while your USB device is plugged, you will be into Win98 boot disk, now simply type mt211
and the ram tests will start( it could take sometime to finish all tests so try to do it while you don't need the machine).

Monday, August 10, 2009

Firefox 3.6

Firefox 3.6 at its alpha phase right now, but i would like to say its really promising,
you can install the alpha build(Namoroka) here:
https://developer.mozilla.org/devnews/index.php/2009/08/07/firefox-3-6-alpha-1-now-available-for-download/

some of the new features:
  • tabs preview(which is not enabled by default and you can enable it from about:config by setting browser.ctrlTab.previews to true)
  • Auto complete recommendations.
  • Better performance for java scripts.
  • Better Session Restore.












Simply its a really promising version, and i cannot wait to get the final build!.

Thursday, April 9, 2009

Flash drives Autorun viruses

I think removable media devices viruses, is one of the most annoying and time consuming computer problems ,or to be more specified Windows XP users problems, while Windows Vista and Windows 7 have the UAC (user access control) which require user to confirm the malicious virus actions before it happen, Windows XP lacking to a similar feature, so whats happen actually, simply thats what happen:
Windows XP by default configured to autorun any removable device (removable devies like CD-ROM, flash memorey, Mp3 players, digital cameras, etc...)
- The innocent user simply plug its infected device.
- Windows start to read from the autorun.inf file on the device.(Autorun.inf contain information
about the excutable file (the virus in our case) )












-The excutable file (the virus) run infecting your machine!

-The virus itself start to copy itself (and its autorun.inf) to all partitions, so each time you try to open any partition or device Windows autorun it back and infect your machine, or another machine this device moved to!

Sometimes user format its machine using Windows CD and installing a new clean fresh install, then he or she find his machine infected after it which make them wonder how is that happen?!
simply the virus copied itself to the other partitions, and when the user double click on any other partition Windows try to autorun it which means autorun the virus and infect the whole system back!
Silly feature isn't it !?
so what can we do to get rid of this feature and to avoid the virus infection?
We have to follow this steps carefully after installing Windows:

1- Finish installing Windows
2- After fnish installing Windows, We will install tweakUI tool from microsoft site:
http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-839afb2a2679/TweakUiPowertoySetup.exe
3-We will open tweakUI and go to My Computer>Autoplay>drives
and we will uncheck them all!
















4-We will Apply it then we will restart our machine,
Now try to plug a Flash drive and it will not autoplay and even if its contain a virus it will not affect your machine with ALLAH well :-).

Sunday, January 25, 2009

Windows 7 rocks

I got my hands on a copy of Windows 7 recently, and i can say it, its the best Windows ever!, personally i found the beta version more stable than many final release OSs ;), interestingly the version of Windows is actually 6.1 which make me wonder whether they just revise Vista kernel with a minor modification or they just set it like this for the pre release version, maybe they will change it later to 7
anyway here it is some screenshots:


لعرض عدد الهارد ديسك المتصل بالكمبيوتر:   #!/bin/bash foo=$(lsblk | grep -c ^sd*) final=$[$foo-1] printf '%b\n' "You have...