Archive for February, 2003

Lock Down SendMail in Mac OS X Server 10.1

Monday, February 24th, 2003

While you can lock the SMTP relay option in 10.1.x server, it cannot be done from a GUI. You will need to edit some .conf files.

Follow these steps to prevent open SMTP relay:

1. Connect to the server via Server Settings.
2. Click the Internet tab.
3. Choose Configure Host Settings from the Mail Service menu (Mail service must be running).
4. Click the radio button to Allow SMTP relay for only hosts in this list.
5. Enter the IP address of the server and the range(s) of IP addresses for your network.
6. Click Save.

Results
Any computer that is in the IP range for your network will be able to relay without authenticating.
Any computer that is not in the IP range will have to authenticate in order to relay. They can authenticate using CRAM-MD5, PLAIN, or LOGIN, regardless of what you have selected in SMTP options. Users should be encouraged to use CRAM-MD5, as it is much more secure.

Notes

1. CRAM-MD5 authentication requires the use of the password server.

2. If you select “Require authenticated SMTP using CRAM-MD5″ option in SMTP Options, all users must authenticate before they can relay mail through your server, even if they connect from a computer in the approved hosts list.

What is Kerberos

Thursday, February 13th, 2003

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be “honest” about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that “the bad guys” are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network — and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.

Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.

In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. We hope you find Kerberos as useful as it has been to us. At MIT, Kerberos has been invaluable to our Information/Technology architecture.

Windows Keyboard Shortcuts

Monday, February 3rd, 2003

F1-Universal Help in 90% of Windows programs.
F2-Renames selected Icon
F3-Starts find from desktop
F4-Opens the drive selection when browsing.
F5-Refresh Contents

Ctrl + A-Select all text/items.
Ctrl + B-Bold selected text.
Ctrl + C-Copy selected item.
Ctrl + I-Italicize selected text.
Ctrl + N-Open new blank file.
Ctrl + O-Open file.
Ctrl + S-Save file.
Ctrl + U-Underline selected text.
Ctrl + V-Paste
Ctrl + X-Cut selected item.
Ctrl + Z-Undo.

Ctrl + Left arrow-Moves one word to the left at a time.
Ctrl + Right arrow- Moves one word to the right at a time.
Ctrl + Backspace-Delete word to the left of cursor.
Ctrl + Del-Delete word to the right of cursor.

Home-Goes to beginning of current line.
Ctrl + Home-Goes to beginning of document.
End-Goes to end of current line.
Ctrl + End-Goes to end of document.
Shift + Home-Highlights from current position to beginning of line.
Shift + End-Highlights from current position to end of line.
Cut Keys Operating System Description
Alt + Tab-Switch between open applications.
Alt + Shift + Tab-Switch backwards between open applications.
Alt + Esc-Switch Between open applications on taskbar.

Alt + F4-Closes Current open program.
Ctrl + F4-Closes Window in Program
Alt + Enter-Opens properties window of Selected icon or program.
Shift + F10-Simulates right click on selected item.
Shift + Del- Delete programs/files without throwing into the recycle bin.

Holding Shift-Boot safe mode or by pass system files.
Holding Shift-When putting in an audio cd will prevent CD Player from playing.

Use of the Windows Key

Windows + Tab-Cycle through buttons on the taskbar
Windows + F-Display Find: All Files
Control + Windows Key +F or F3-Display Find: Computer
Windows Key + F1-Display Help
Windows Key + R-Display the Run command
Windows Key-Display the Start menu
Windows Key + Break-Display the System Properties dialog box
Windows Key + E-Display Windows Explorer
Windows Key + D-Minimize or restore all windows
Shift + Windows Key +M-Undo minimize all windows

cd c:\pro*-You can use the ‘*’ in a change directory command to automatically change to a directory as a wild card.

INTERNET EXPLORER SHORTCUT KEYS

Alt + Left Arrow-Back a page.
Alt + Right Arrow-Forward a page.
F5-Refresh current page / frame.
Esc-Stop page or download from loading.
Ctrl + Enter-Quickly complete an address. For example type 318 in the address bar and press CTRL + ENTER to get http://www.318.com.
Ctrl + N-Open New browser window.
Ctrl + P-Print current page / frame.