College Wireless Policy (Part 1)

August 23, 2008

Well, I am back on campus and I have had a bit of time to goof around before classes start. I came here early for marching band camp, which is why I have not had any posts in a little bit even though I have had some free time.

Our college has a very strict wireless policy, which is that you aren’t allowed to have your own wireless access point. Period. So, as a curious computer science student, I wondered how many people actually listened to this policy. I wrote myself a little perl script, which allowed me to simply walk around and it would poll (using iwlist scan) for wireless networks and then record them until I told it to stop. So once I had this all working and tested I spent about 15 minutes walking around picking up wireless signals. The results I found were more surprising than I had anticipated.

Here is a table of the unencrypted wireless networks I found:

#      Network Name                   Encryption
================================================
1      "04Z409107113"                 off
2      "alicia"                       off
3      "B2B"                          off
4      "B2B"                          off
5      "belkin54g"                    off
6      "CaptivePortalTemp"            off
7      "CaptivePortalTemp"            off
8      "CaptivePortalTemp"            off
9      "CaptivePortalTemp"            off
10     "CaptivePortalTemp"            off
11     "CaptivePortalTemp"            off
12     "hpsetup"                      off
13     "hpsetup"                      off
14     "linksys"                      off
15     "linksys"                      off
16     "linksys"                      off
17     "linksys"                      off
18     "<College_Name>"               off
19     "print server 053797"          off
20     "print server 075462"          off
21     "Rosa/Vazquez"                 off
22     "Wireless Network"             off
23     "Wireless"                     off

I know this table could look a little prettier, but its not for heavy anaylsis. For all of the networks that say “linksys” I made sure they were unique by using the MAC Address that turns up in the results of an ‘iwlist scan’ So it’s not just the same linksys network that was picked up 4 times 😉 .

I am going to guess that the “CaptivePortalTemp” entries are not related to students at my college. Other than that the one entry I changed to say “<College_Name>” was where the person actually named their wireless network to the name of the college, which couldn’t make it any more obvious that they go to the college. The campus is located close to a residential area, but a lot of these networks I picked up way too far away to be from non-college residences. Another point of interest is the unsecured print servers… I’m sure it would be quite easy for anyone to connect to those and, at the very least, waste someone’s paper. However, it might even be possible to get access to someone’s computer (assuming the printer allows more than one computer to connect at once) through the printer. I would hope the software the printer is running wouldn’t allow that, but who knows.

I would argue that there are probably at least 10 wireless networks that students from my college have setup that are unencrypted networks. This is, I believe, exactly what the college was trying to avoid by putting the wireless network policy in place. I can’t say there is really an easy solution to this problem, but I think if the college was willing to allow a wireless network after they educated the student on how to lock it down we would have less of a security problem on our hands than we do now. The best thing might be if the college just put wireless in all of the residences, but that costs money which they may or may not have to spend.

There were some networks that appeared to be run by college students that were encrypted, which is at least better than the unencrypted ones, but it still violates the college policy on wireless networks. I would love to have a wireless network myself because it would be nice for my laptop and for my Wii, but alas I will have to hold back on that. Seeing so many networks makes me wonder if the college actually checks for them because really all you would need is any old laptop that can scan for wireless networks.

People always ask me how easy it would be to scan for wireless networks on campus, and I guess the answer is all you need is ~30 minutes to write a perl script and the time it takes to walk around campus. I will walk around again after everyone has moved in and see if the situation changes at all. It should be interesting to see how many addtional networks I can find. Hopefully I have not given enough data for my college to use this to go after the people with these wireless networks because that was not the point of me doing this. I feel the college has every right to track them down, but they can do this on their own, if they are truly serious about their stance on student run wireless networks 🙂 .

Advertisements

Python 2.5 and encryption — PyCrypto under Windows

July 20, 2008

[Edit: 8-13-08] – Upon request I have provided a link to an installer for PyCrypto-2.0.1 that is compiled for Python 2.5. You can download it here . I didn’t post it originally because I was not sure how long I could provide a link for. This one should be good for about a year … 🙂 .

Note: The steps listed here will only work on Python 2.5 and above as that is when they added support for allowing MinGW to compile code

I mentioned in a previous post that I was looking for a way to get public/private key encryption in Python and I was having a bugger of a time until I found ezPyCrypto. I don’t know if I have mentioned this before, but I have been an Linux user for about 4 years now. Specifically Gentoo Linux ,and I would never run another OS now that I have been a Linux user. At any rate that’s not the point of this post. Since the script I was developing had to run on Windows I needed to install PyCrypto (it’s a dependency for ezPyCrypto). Well this would be trivial except that PyCrypto has C code that needs to be compiled. There are binary builds on the PyCrypto site for both Python 2.3 and 2.4, but not 2.5 which I am running. I wasn’t going to let this stop me however. The rest of this post will explain what you need to do in order to get PyCrypto working under Windows with Python 2.5. After completing this you will also be able to build your own installer that you could package with your scripts to let people who don’t want to install a C compiler run your code 🙂

The first thing you are going to want to do is install MinGW . MinGW will give you a nice C and C++ compiler for Windows. Just follow the instructions on their site and you will be good to go. After you have MinGW installed you will probably want to add entries to the Windows PATH variable so that when you are in a terminal you will be able to directly access MinGW. [As a note I still run Windows XP so these instructions will be done with that in mind] Doing this is quite simple:

  1. Right Click My Computer –> Properties –> Advanced –> Environment Variables.
  2. You will see User and System variables. If you want all users to use MinGW edit the Path entry in there. Otherwise add a Path variable under User variables.
  3. Go to the Path variable from step 2. Add an entry to the Path that points to MinGW’s bin directory. For me this was “C:\MinGW\bin” but it all depends on where you installed MinGW. Note: Entires in Windows Environment variables are separated by ‘;’
  4. Click ok a bunch of times

While you are changing environment variables you will want to add the main directory for Python to your path. For me this was: “C:\Python25”. This made my final User Path entry: “C:\MinGW\bin;C:\Python25”

Now that you are done changing environment variables you will want to reboot your computer so that Windows gets your changes. Really… you will regret it if you don’t reboot!

Now download PyCrypto and unpackage it. This turned out to be problem enough because not many people keep programs around that open .tar.gz files. Since am a Linux user I just unpacked them in Linux and transferred them to Windows (I run Windows XP under VirtualBox ). However, if that is not an option you can download and install IZarc Archiver. IZarc has been my favorite [Windows] extraction tool for a long time and it supports just about every archive format imaginable.I would recommend extracting the contents of PyCrypto to your desktop. Now is when the first starts!

First, open up a terminal. We will only be using a few commands and you don’t have to be a terminal wiz kid to do this. I normally open a terminal by going: Start –> Run –> “cmd” –> Press Enter

Now that you have a terminal up you want get to the PyCrypto directory. To move between directories in the terminal we use the “cd” command.

cd PATH-GOES-HERE

So, for example here is the command I used to get to where I had PyCrypto:

cd C:\Documents and Settings\Jinto\Desktop\pycrypto-2.0.1

Of course that command will only work for you if your user name is Jinto and you extracted it to the desktop exactly like I did 😉 So modify it to fit your needs. Once you are in the pycrypto directory do a quick:

dir /w

To make sure you see files. Specially make sure setup.py is there. We need to run that setup script and tell it to build the libraries. To do this issue the following command:

python setup.py build -c mingw32

If all goes well it should build without any troubles and all that is left is to install it by issuing the following command:

python setup.py install

You should be all set to use PyCrypto now, or to install ezPyCrypto which uses PyCrypto. As a bonus feature if you are looking to make an executable installer for PyCrypto you can run the following command:

python setup.py bdist_wininst

This will leave you with a .exe file located in the “dist” folder.

I hope this helps everyone get PyCrypto running under Windows. For those of you Linux users who think I am leaving you out check your distro specific respository system they probably already have a package for PyCrypto!


Python and public/private key encryption

July 5, 2008

Edit (7/20/08): If you are looking to get PyCrypto running under Windows with Python 2.5 I wrote a short guide located here . There are already installers for Python 2.3 and 2.4 on the PyCrypto Homepage

Edit (7/10/08): After noticing that this got some hits on google I rearranged the content so that the first part explains how I got public/private key encryption in python and the second part explains why I wanted encryption in the first place.

I was looking for an easy way to do public/private key encryption in python and I found it!

Enter ezPyCrypto! This package was actually able to generate and export a public key as a string AND import it back in. I should also mention that ezPyCrypto is merely a wrapper for PyCrypto. I have to say ezPyCrypto was quite uh… easy. Here is an example of how you would make a 1024 bit RSA key and export it to a string. It also demonstrates how to import that key and use it to encrypt a message:

from ezPyCrypto import key

myKey = key(1024) #defaults to RSA, 1024 is bits to encrypt with

#Just calling exportKey will export only the public key
publicKey = myKey.exportKey()

#print publicKey  

#Then to load it back in to a new key
myNewKey = key(0)
myNewKey.importKey(publicKey)

#Testing time!
testEnc = myNewKey.encString("cheesecake tastes yummy")

#You should see 'cheesecake tastes yummy'
print myKey.decString(testEnc)

Look at how easy that is! I am quite pleased that I will be able to continue my work, and have some good encryption. The one thing I will say is that ezPyCrypto does not seem like it has seen much development in a while, but oh well. As long as it works when it needs to I will not complain 🙂 Also I only tested this with python-2.5 so your mileage may vary. On to the back story…

So today, among other things, I was looking for some good python libraries to do public/private key encryption. I am trying to write a few scripts that help with the administration of the computers I work on for my college’s internet radio station. I started out writing them all in perl, but now I have most of them written in python. Currently I have written a small backend which starts up the basic services that the radio station requires. At present that consists of: shoutcast server, darkice, a script to monitor the listener counts, and lighttpd. This backend is capable of accepting clients over the network and displaying the basic running status of all these services (IE: running or not). Now, I would like to add the ability to remotely control the services. Hence I would have to have some way of authenticating users who want to log in.

Lets take a step back here. Some of you might be wondering why I don’t just administer everything with ssh. Indeed, this is how I did it for a year, and for someone like me (I loves me a good terminal) this was not a problem. However, I have to face the reality that someone will probably take over the station (at some point or another) who is not at one with bash. This is why I decided to start this project to help ease them into administering the servers, which rarely die anyway. Python and the Tkinter libs were great for this because they would be fully cross platform. Although I hate to admit it, I think the next admin will probably be a Windows user. I think being able to run the server from their dorm will go a long way in helping them accept the job.

Back to the main problem. To authenticate I don’t plan to have anything too breathtaking. The backend will be run as a normal user and I plan to use PAM to authenticate against the user that is running the backend. So I need to be able to send the password over the network! There are plenty of guides to public/private key encryption and a quick google search will provide an explanation better than I will ever be able to give as to how they work. I was able to find a few options. The first is the PyCrypto package. This package seemed quite sufficient but the lack of reasonable documentation for it made me have second thoughts. This isn’t something I want to mess up because we are sending sensitive data across the network. I had a look at the source code but got tired of trying to make sense of it.

Next I found a package called yawPyCrypto (yet another wrapper for python crypto). That seemed quite promising. I was able to work out a simple example where it would generate a 1024bit RSA key pair, and I could encrypt and decrypt a string with it. Only one problem… I could not successfully export and import the string from yawPyCrypto. This meant the server would not be able to the send the client its public key… LAME. Again, I poked around the source code, but I didn’t see anything obvious, and I was not about to reinvent the wheel here.

Then I discovered ezPyCrypto, which as you read from above, solved all my problems 🙂 I should also mention that on my Ubuntu machine I had to play around with the source code in ezPyCrypto to get it to import properly (remove references to variables it couldn’t find). Yeah… sounds stupid, but I was confident that what I was playing with was not related to public/private key encryption which is all I wanted.

I already fear that no matter how much I automate things there will be a problem. That is the way it goes however. I am hoping that I can polish off these scripts soon so I will not have to worry about radio station stuff until the beginning of the school year. I will most likely have more to say about these scripts and maybe a summery of everything I have done with them. That’s all for now though 😀