Soluții pentru problemele tale IT
Pi-hole is a network-wide ad blocker that acts as a DNS sinkhole. By running it on a Raspberry Pi, you can block ads and trackers for all devices on your network without needing browser extensions.
[mai mult...]Atunci când lucrezi cu documente PDF ce conțin declarații, este util să poți atașa fișiere direct în PDF și, la nevoie, să primești o notificare automată dacă lipsesc. În Adobe Acrobat, această funcție se face folosind „agrafă” (Attach a File) și, opțional, un mic script intern.
[mai mult...]Pentru a rezolva foarte multe probleme, deficiente si neplaceri in Windows 10 sau 11 o sa folosim programul FixWin. Acesta rezolva majoritatea problemelor intalnite in Windows destul de rapid si eficient.
[mai mult...]Advanced System Font Changer este conceput pentru a umple golul creat de decizia Microsoft de a intrerupe optiunea de a seta dimensiunile fonturilor in Windows. Optiuni avansate de vizualizare a setarilor, in prezent neacceptate de sistemul de baza.
Setarea optiunilor pentru tipul, dimensiunea și stilul fontului (Bold sau Italic) pe categorii de vizualizare, setarea distantei dintre pictogramele de pe desktop. exportarea backup-ului de siguranta și a setarilor si urmarirea modificarilor curente ale setarilor. Practic cu acesta putem seta orice tip de font din Microsoft Windows 8, 10 si 11.
[mai mult...]In today’s context, network security is a top priority. The increase in cyberattacks, data leaks, and traffic interception makes using a VPN (Virtual Private Network) and Multi-Factor Authentication (MFA) essential for both workplace and personal use.
Windows 11 natively supports VPN configuration and allows enabling MFA through a Microsoft account without third-party apps. This project demonstrates the steps to configure a secure VPN connection in Windows 11 and activate MFA, ensuring data protection and traffic confidentiality.
[mai mult...]Wireless Guest Network is a very common feature for an Access Point device. In this article, I’ll explain why do we need such network and how exactly it is implemented in a typical access point.
As the name suggests Guest Network is for the guest. Now a days, almost all, if not all, organisation provides wireless network in the office for their employees to connect and access various network resources. However when some external customers, employee’s friend, relatives, interviewee etc comes to visit the office, how the organisation can provide internet connectivity to them? Of Course not, it’s a grave security concern. We need to find a way to allow guest internet access, at the same time deny any access to LAN resources.
Let’s consider above topology. Real office topology can be way more complex or simpler depending on the size of organisation. My intention here is is just make it complex enough to demonstrate the concept.
Employee connected to emp_ssid should be able to reach to server1, server2, server3, server4 as well as internet. Firewall can do routing when server2 or server3 are accessed Or there can be an L3 switch in the mix or some router also can be there for routing. Let’s assume some magic box is there to route between resources on switch1 & switch2 side and switch3 side. With this assumption, let’s put the requirements for Guest Network (guest_ssid).
Whenever we think about traffic isolation, the default option come to our mind is VLAN. We can isolate guest traffic using VLAN without using guest network feature of access point. Most, if NOT all, access point supports VLAN configuration for a specific network (a.k.a SSID). We can put guest_ssid network on a specific VLAN other than the ones where LAN resources are . But there is a catch here. We have to be very careful about routing part in the magic box. We have to make sure that routing for guest VLAN subnet must not happen to switch3 side.
Even though VLAN can handle the Guest, it requires a certain level of competency. But most of the access point provides a very simple, one click solution for the same.
Press enter or click to view image in full size
Single click fulfils all of the requirements, but let’s see how all of those requirements are achieved. I have seen two kind of implementation in the access points.
This feature makes sure that clients connected to same AP, can’t talk to each other. Typically, it’s a single click and when guest network is chosen, this is also chosen by default.
Press enter or click to view image in full size
Underlying implementation is done at the wireless driver level. I have found some wireless driver code in github and providing link of the same. Client Isolation selection results in setting up IEEE80211_F_NOBRIDGE flag in the driver. At wireless driver data delivery path there is a check if this flag is set or not. If not set (i.e. client isolation is disabled) then that means bridging within the wirless interface will be attempted. If destination is connected to same interface, data is retransmitted to same, without pushing the packets to network stack. If destination is doesn’t belong to same interface or IEEE80211_F_NOBRIDGE flag is set, packets are pushed to kernel network stack.
Now the biggest question is which method to use for securing the network so that guest can’t access network ?
VLAN is the fundamental element in networking, used for traffic isolation, but it requires a some technical competency. If competency is available, one must use VLAN to isolate guest traffic. On the other hand Guest network, combined with Client Isolation is also a robust mechanism to restrict guest for any other access and configuration is just few clicks and a layman can do it. Any attempt to access private network will be dropped at access point itself.
One must use guest network and if competency is there, guest network with VLAN is the best option.
[mai mult...]