vincentkong.com

This covers how to protect parts of a website in Apache using the .htaccess files.

To use .htaccess files, you need to enable it in the server configuration by specifying the directive AllowOverride AuthConfig, typically within the <Directory> section.
<Directory /opt/apache/htdocs>
AllowOverride AuthConfig
</Directory>

Create a password file, which should be placed somewhere not accessible from the web. For example if your documents are served in the directory /opt/apache/htdocs, you can put the password file in the /opt/apache/passwd directory. To create the file use the htpasswd command that came with Apache.

$ htpasswd -c /opt/apache/passwd/passwords myusername

Create an .htaccess file in the diretory you wish to protect. For example, if you wish to protect the directory /opt/apache/htdocs/protect:

$ cd /usr/local/apache/htdocs/protect/
$ nano .htaccess

Add the following lines inside the file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /opt/apache/passwd/passwords
Require user myusername


• The AuthType directive determines the method that is used to authenticate the user. The most common method is Basic, however, it sends the password unencrypted.
• The AuthName directive sets the Realm to be used in the authentication. The realm is used by the browser to determine what password to send for a given authenticated area.
• The AuthUserFile directive sets the path to the password file that created with htpasswd.
• The Require directive provides the authorization part of the process by setting the user that is allowed to access the protected area. To allow anyone in that is listed in the password file use: Require valid-user

Once the .htaccess file has been saved, you have restricted access to the area you want to protect.

For more information: http://httpd.apache.org/docs/2.0/howto/auth.html

Firestarter is a firewall program which provides an user friendly graphical user interface.

Installing Firestarter

1. Select System -> Administration -> Synpatic Package Manager and select firestarter. Then choose to install the package.
2. After installing Firestarter, log out and then back in again (to update the menus to show Firestarter).
3. Once the desktop is back up, select Applications -> System Tools -> Firestarter. When you run Firestarter for the first time, it will walk you through a wizard which should be very easy to follow.
4. After you finish the wizard save your settings. The Firestarter main window then opens.

Configuring Firestarter

The configuration files for Firestarter could be found in /etc/firestarter, however it is not recommend that you edit these files manual. The graphical interface is very intuitive making it easy to add and remove firewall rules.

More information on Firestarter configuration

I always believe its a good idea to protect my important files even if my computer is password protected. Two key things to help protect my extra sensitive data is to encrypt it, and shred it when deleting.

• To encrypt files I use AxCrypt a free software by Axantum Software AB.
• To shred files or securely delete them, I use Eraser.

These two software also comes with portable versions so that it can be installed in a USB flash key or portable hard drive.

Another software that I use is TrueCrypt. This software is able create a virtual encrypted disk within a file on a hard drive and then mounts it as a real disk. What I find particular useful that “Traveller Mode” functionality. It allows TrueCrypt to be installed on any portable hard drive or storage devices.

To setup the traveller mode, I had to first create a new volume on my portable drive by following the tutorial.

After creating the volume, I followed these instructions to complete the traveller mode setup.

Remote Desktop enables you to connect to your computer across the Internet from a computer. Once connected, you can control your computer using the mouse and keyboard while showing you everything that’s happening on the screen. With this, you can access your files, applications, and e-mail while leaving your computer at home or in the office.

Remote Desktop is very convenient, it suffers from to flaws: Although the connection uses 128-bit encryption, it still has the man-in-the-middle vulnerability where the traffic can be decrypted along the way. The default port of Remote Desktop is also 3389 which in most circumstances is blocked by firewalls in the network.

A solution to these flaws is to use Remote Desktop through a SSH tunnel.

SSH Server

The first requirement is to have an SSH server existing on your network. If you already have a Linux server like Ubuntu then you can install OpenSSH. However, if you only have computers with Windows then you can install copSSH.

Port Forwarding for SSH

To access the SSH server from a remote location you need to do port forwarding on port 22 through any firewall and router.

Enabling Remote Desktop

To enable Remote Desktop on Windows XP, right click on “My Computer”, and select “Properties”. Under the “Remote” tab check the box “Allow users to connect remotely to this computer”. The Remote Desktop user will require a password associated with the account.

Connecting to the SSH Server

To connect to your SSH Server remotely requires knowledge of your public IP address. This can be checked easily using the website http://checkip.dyndns.org. If you are using an ISP that provides you with a dynamic IP address, then you can setup a free account with No-IP http://www.no-ip.com or DynDNS http://www.dyndns.com where they can provide you with a fully qualified domain name.

Install/Configuring PuTTY

To open a SSH tunnel from the remote computer to your SSH server, you need to install PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty on the remote client computer. Open the application after installation is completed.

1. Expand “SSH” under “Connection”, and then go to “Tunnels”.
2. Under “Add new forwarded port:” enter a port number beside “Source port” e.g. 3390
3. Beside “Destination” enter your computer name or computer local IP address along with the port for Remote Desktop 3389 e.g. 192.168.1.10:3389, and click on the “Add” button.

Use a different Source port for each additional Remote Desktop host PC.

To improve traffic click on “SSH” under “Connection”. Check the box “Enable Compression”

Click on “Session” and under the “Host Name (or IP address)” enter the public IP address or a fully qualified domain name of the SSH server PC. Enter a unique name in the “Saved Sessions” window and click on “Save”. Click on “Open” and login to the SSH server with the appropriate user and password information.

SSH Tunneling the Remote Desktop session

Establishing a Remote Desktop connection through SSH tunnel is accomplished when PuTTY is started and the user has logged on to the SSH server. To Remote Desktop from the client computer, on the client computer go to “Start” > “All Programs” > “Accessories” > “Communications” and select “Remote Desktop Connection”. In the “Computer:” textbox enter “localhost:3390″, and click on the “Connect” button.

The number of freeware and open source software has growth tremendously in the past decade. Today I have moved away from many commerical software which I relied on in the past, and found replacements that are free and work just as good or even better. Here is a list of free software that currently use:

• 7-Zip is a file archiver with a high compression ratio.
• FileZilla is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.
• UniTTY is a multi-faceted client that does much more than just standard SSH.
• Putty is a free implementation of Telnet and SSH for Win32 and Unix
  platforms.
• PSPad is a freeware programmer’s editor for Microsoft Windows operating systems.
• Notepad++ is a free source code editor (and Notepad
  replacement), which supports several programming languages, running
  under the MS Windows environment.
• CutePDF Writer is the free version of commercial PDF creation
  software.
• FlashGet is a leading download manager and has the highest amount of users on the internet.
• KeePass Password Safe the free, open-source, light-weight and
  easy-to-use password manager.
• SyncBack Freeware is a freeware program that helps you easily backup and synchronise
  your files.
• SyncToy helps you copy, move, rename, and delete files between folders and computers quickly and easily.
• AVG Anti-Virus Free Edition is one of the most popular solutions to provide basic security protection on home and non-commercial PCs.
• Ad-Ware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week.
• Spyware Terminator a free spyware removal and spyware protection program.
• CCleaner a simple program that removes unused and temporary files from Windows machines.
• Recuva (pronounced “recover”) is a freeware Windows utility to restore files that have been accidentally deleted from your computer.
• Smart Data Recovery is a free data recovery tool for Windows operating system
  that supports the FAT and NTFS file systems.