OSX tftp Daemon Control

By timadmin in OSX 0 Comment

Tonight I’ve upgraded the operating system and ASDM image on my ASA5505 firewall.  The toughest part always seems to be putting the files in the right place, and controlling the tftp daemon on my laptop.  So here is a post with the critical information.

First, the default location for tftp server activity on OSX is /private/tftpboot.  Files in this location must be world-writeable in order for the daemon to write to them, so a chmod may be necessary if you are backing up configurations.  Reading files should require no modification.

Second, the configuration file for the tftp daemon is /System/Library/LaunchDaemons/tftp.plist.  This is where you can define a different location for the server activity or add other command line parameters to the daemon.

Next we should start the daemon.  This is best done using the following command:

sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist

Ensure that the firewall is either disabled or allowing inbound tftp connections (udp/69) or things get messy.

When finished with the work it is a good idea to stop the daemon.  tftp isn’t known for being a well secured service!  Shut it down with this command:

sudo launchctl unload -w /System/Library/LaunchDaemons/tftp.plist

And there we go, a functional tftp server on OSX.

Password Management

By timadmin in Administrative 0 Comment

I’ve collected a huge number of username/password combinations over the years, and some time ago gave up trying to keep up with them all in my head.  Once you give up trying, the freedom is a great thing.  On the other hand this means finding some other process for managing account credentials.  The best process I’ve found is to use a Password Manager.

I follow the advice of one of the Three Wise Men of Cybersecurity, Bruce Schneier, on this topic.  His favorite password manager (which he did help to develop) is Password Safe.  More information can be found at this location:

https://www.schneier.com/passsafe.html

Sadly for me, it doesn’t support OS X.  Consequently I followed more of his advice and did some reading.  My personal favorite is Dashlane, which can be found at this location:

 https://www.dashlane.com

Here are some articles which led me to it (if I remember correctly):

https://www.schneier.com/blog/archives/2010/11/changing_passwo.html

https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html

http://www.nytimes.com/2013/06/06/technology/personaltech/too-many-passwords-and-no-way-to-remember-them-until-now.html?_r=0

 

Lastly, I need to comment on how to manage the ‘super-password’ – the one which opens the password manager.  If that one gets lost, we experience a denial of service attack against ourselves.  That would be embarrassing!  Somewhere on Mr. Schneier’s site I read that a really good idea is to write the all-important passwords down on something the size of a business card, laminate the card, and then store it with your drivers’ license.  How often do you lose your driver’s license?  Not often, I hope.  If someone steals your wallet you may want to have a backup copy with your passport (or whatever) so that you can maybe login to your password manager when you get home and change the password.  Fast.

Raspberry PI Hardware

By timadmin in Hardware 3 Comments

Today I’ve bumped across a couple of interesting tidbits for Raspberry PI Hardware.

First, the general purpose supplier (as opposed to Amazon, of course):
http://www.modmypi.com/

Second, the Raspberry PI does not include a real time clock in the base package. Naturally one can be added:
https://www.modmypi.com/blog/installing-the-rasclock-raspberry-pi-real-time-clock

Lastly, I may be developing a love for good keyboards.  Here is a source of a premium keyboard:

http://www.pckeyboard.com/page/category/UKBD

As I discover future useful resources I’ll either edit this entry, or add comments to it.  I sense a new category coming on too!

Administration & Latin

By timadmin in Philosophical 0 Comment

This morning I read yesterdays SANS News Bites (http://www.sans.org/newsletters/newsbites/ retrieved 3/4/2015) and was struck by a comment authored by Stephen Northcutt:  “Every month that goes by I see the similarity of cyber-security and the medical field. Primum non nocere.”  Personally I see more similarities between cyber security and safety, but his point that practicioners of cyber security must primum non nocere is true, and holds up well in the arena of securing industrial control systems too.  As cyber security if often seen as a loss prevention program first, a practicioner’s credibility with decision makers must be strong in order to persuade an organization to tolerate the inconvenience and spend the resources required to achieve the organizations security objectives.  Doing harm is a quick way to destroy credibility.

Moving on, I’d like to record a few latin phrases that I like, and that may prove useful in the day to day life of a controls engineer or a cyber security practicioner.

1.  Primum non nocere – First, do no harm  (https://en.wikipedia.org/wiki/Primum_non_nocere retrieved 3/4/2015).  Carried a bit further from the same source:  Another way to state it is that, “given an existing problem, it may be better not to do something, or even to do nothing, than to risk causing more harm than good.”

2.  Este Paratus – Be prepared (https://en.wikipedia.org/wiki/Scout_Motto#Motto_in_various_languages retrieved 3/4/2015).  I frequently find this in my work with the Boy Scouts of America.  Robert Baden-Powell explains the meaning more fully as “The Scout Motto is: BE PREPARED which means you are always in a state of readiness in mind and body to do your DUTY.”

And last but certainly not least:

3.  Semper Virilis – Always manly (http://www.artofmanliness.com/2014/06/09/semper-virilis-a-roadmap-to-manhood-in-the-21st-century/ retrieved 3/4/2015).  I have to include this simply because its cool.  I have to read the full article, but at the moment I think that a great deal of this concept can be summed up by this quote from the same source: “Some say that only a sucker would try to be his best when it isn’t required of him, when you can get ahead by simply getting by. That trying to be a man these days will simply get you taken advantage of by a system that no longer appreciates the effort.”

In closing I leave with a quote that isn’t in Latin, yet.  There is a rock that sits on my desk which bears a quote ascribed to George S. Patton.  “If a man does his best what else is there?”  Someday I’ll find the Latin.