Oct 072014
 

I’ve just activated a strong auth system to access this blog as Administrator.

It is a system we also use where I work and it is amazing for the simplicity and security blend that it adds to the authentication process.

They have huge integration with a number of systems and technologies, and you can find WordPress specific one here.

It is free up to ten users, but also paid versions have negligible prices (like 1$/user/month).

It really rocks for usability and strength of auth process.

Enjoy!

Jun 212013
 

This post is the fruit of quite big experience I’ve done to build what mentioned in the title.

The choice of the NGFW is because Stonesoft is the company where I happened to be working for the last decade… actually for the last 12 years 🙂

Since iOS devices have been announced, this question has been more and more recurring… and I even wrote a kind of a HowTo at one point. Which has been extended by a good friend of mine and published on a blog… which does not exist anymore.
The problem is that HowTo was not completely detailed… and it generated lots of questions and comment, to clarify various aspects of the topic.

Hence I’ve decided to avoid that knowledge to go lost, publishing this post on something that I control (well, sort of 😉 ).

Enriching it with bit more details and side information.

Still reading? Still wanting to have your iThing connected in VPN with the mighty Stonesoft NGFW? Allrite! Read on!

Continue reading »

Feb 232012
 

…because I simply love this new authentication technique.

When you install the WordPress plugin, the login screen changes with a small button to perform the BrowserID enabled login:

When you click on Sign in, the verification begins…

et voilà, you’re in your Dashboard!

Of course you need to have a user with email matching the email you’ve registered with BrowserID.

Easy, rather secure, immediate!

Kudos to Mozilla Identity Team!

Apr 062011
 

Few notes to myself, to avoid forgetting a cool thing I’ve just learned.

The need is to implement radius based authentication to access a directory on Apache2 Web server.

Here’s how to proceed (instructions have been tested on an Ubuntu 10.10).

First, you need to install the needed module for Radius authentication on Apache2, using the command:

apt-get install libapache2-mod-auth-radius

Then, you need to enable it with command:

a2enmod auth_radius

You need now to make your apache web server aware of where to send authentication requests for Radius. There are two ways, depending if you want to make this configuration apache-wide (therefore edit /etc/apache2/http.conf) or if you want to limit it to a specific virtual host (thus you’ll edit /etc/apache2/sites-enabled/<yoursitename>.conf).

Add the line:

AddRadiusAuth <IP address of the Radius server>:<port where Radius service is listening> <shared secret> [timeout [:retries]]

Assuming you want to protect a specific directory called auth-test, you can insert the following directive in your site/virtualhost configuration file (/etc/apache2/sites-enabled/<yoursitename>.conf):

<Directory “/var/www/testmyauth”>
Options Indexes FollowSymlinks
AuthType Basic
AuthName “Roarin RADIUS Authentication”
AuthBasicAuthoritative Off
AuthBasicProvider radius
AuthRadiusAuthoritative on
AuthRadiusActive On
Require valid-user
</Directory>

 

Naturally you might add the above directives also in a .htaccess file in the directory you want to protect with Radius based authentication…

Finally, restart or reload you apache2 using one of the commands:

service apache2 reload

service apache2 restart

Enjoy 😉

Oct 172008
 

Small howto to setup Freesshd on a Windows box and authenticate your client machine using Public Key.

There is plenty of howto on the ‘Net explaining procedures, but almost all of them are missing the most important thing.

Once you have created the file containing your Public Key you have to store it in folder configured in Freesshd GUI in Authentication tab… calling the file with the user name you’re using to connect.

In my case it is root, thus instead of calling it ssh_public_hey or authorized_key you have to call it root.

Tested and working on Windows Vista and Windows 2003.