Cow Computing » Security

Mapping Network Drive in Windows 7

Steve — Sat, 05 Jun 2010 08:17:15 +0000

Unlike Windows XP, mapping a network drive in Windows 7 is a nightmare. It is possible that during the mapping of a network drive, no matter how hard you try to enter your credentials or the drive is actually password-less, it still prompt you for a password repeatedly. This is annoying and is due to the security settings on Network Security. I shall introduce you two method to get around this annoying problem. *Do note that, for Windows 7 Home edition, the security setting is not available (RIDICULOUS isn’t it?), either you upgrade to Professional / Ultimate Edition or you could use Method 2 to achieve that (HURRAY!)

Method 1 (Windows 7 Professional / Ultimate Edition)

Under “Control Panel”, find “System and Security”
Open “Administrative Tools”
Double Click “Local Security Policy”
Expand “Local Policies”
Click “Security Options” and Scroll to find “Network Security: LAN Manager Authentication Level”
Choose “Send LM & NTLM, use NTLMv2 session security is negotiated” for the drop down.
Done. you can now map network drive as normal (like in XP)

Method 2 (Windows 7 Home Edition)

Use notepad and save the snippet below as win7fix.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000002

Double click the win7fix.reg you just create to run it
Press “Yes” to add that into registry
Done. you can now map network drive as normal (like in XP)

ref. http://www.ntnu.no/itinfo/read_article.php?aid=711

Jailkit – Limit User Account on Linux

Steve — Fri, 12 Mar 2010 07:16:07 +0000

There’s once I was required to setup a limited shell access user account on a commercial hardware product, in which to secure the original system from being modified and at the same time to provide a flexible environment for general work. I was on the way to make use of chroot command. Then i was lucky to came across Jailkit, which saved me a lot of time. So, i would like to use this post to give a little introduction on how to use it.

# First, let's create a directory for the jail account
mkdir /jail
chown root:root /jail

# Then we create a new user account specially for jail account
# *replace , ,  with your own value
groupadd 
useradd -d /home/jail -g  -p  

# For example, if we only want to allow the jail account to have ssh and basic shell access
jk_init -v -j /jail basicshell ssh

# Then we shall jail the user account we previously created to the jail directory
jk_jailuser -m -j /jail

Now the jail account and file system is ready, however if you want more control, we can do the following.

# OPTIONAL: Edit /jail/etc/passwd file and /jail/etc/group file to further limit the access
# The following further limit the user logged in jail account to have only access to bash
# Assume the jail user account & group = jail_user, and we edit the passwd file
jail_user:x:1016:1016:/home/jail:/bin/bash

# edit group file
jail_user:x:1016

Creating Keystore and Self-Signed Certificate with openSSL

Steve — Fri, 22 Jan 2010 04:49:09 +0000

It is in fact very easy to generate a self-signed certificate with openSSL.

In order to generate Keystore and Certificate using open SSL, we first need to generate a key

openssl genrsa -out .key 1024

then we need to generate a Certificate Signing Request by reading the private key we just generated

openssl req -new -key .key -out .csr

After that, we could Self-Sign the certificate (note: if you only want the key-cert pair, you could stop after this step, else go to the next step for keystore generation).

openssl x509 -req- days  -in .csr -signkey .key -sha1 -out  .cert

Finally, with the key and certificate, we could combine them into a keystore

openssl pkcs12 -name  -export -in .cert -inkey .key -out .p12

The key and certificate is ready to be used in various applications (e.g. Dovecot, Apache WebServer…)