Connect your Mac to the office

During the first few months I've worked from home more often than I did all of last year. I'm not on any official company teleworker program; it's just that we've had quite a number of storms hit the area. I think we had about three snow storms in February that left so much snow on the ground it did not melt until the rains started in early March. Last week we a "small hurricane" knocked over trees and caused streams to flood blocking the normal roadways that take me to work. Fortunately Mac OS X 10.6 has features that easily integrate with the typical corporate systems running Microsoft's and Cisco's ubiquitous enterprise technologies - Exchange, Active Directory and Cisco VPN.

Cisco VPN

Setting up my Mac to use my employer's Cisco VPN was simple but not foolproof. I had all the information I needed but I had to use a few manual steps and trial and error to get things working just right. OS X 10.6 has support for Cisco VPN built in. The settings we need to configure are in the Network section of System Preferences. Click the + to create a new service. Select VPN for the interface and Cisco IPSec for the VPN Type. Change the service name to something meaningful and clock OK. If you have VPN connections for different things (e.g you are a consultant with many clients), you can name each VPN connection accordingly so that you can keep track of what you are connecting to.

Screen shot 2010-03-20 at 12.22.41 PM.PNG

Once the service is created it is time to enter the connection specifics. Select the service and enter the server address and your account login name. Server address can either be a fully qualified domain name or an IP address.

Screen shot 2010-03-20 at 12.23.16 PM.PNG

Click "Authentication Settings". Enter your shared secret and group name information. If your employer uses certificates then set that up. My employer uses shared secrets instead of certificates so I won't provide any more guidance on that.

Screen shot 2010-03-20 at 12.23.40 PM.PNG

If you employer uses a web gateway (web proxy) clicked Advanced to enter that information. It might be convenient to have the VPN connection controls easily available so go ahead and click "Show VPN status in menu bar". When you enable that check-box a small icon will appear in your menu bar. Clicking that icon pops up a small menu from which you can control the VPN connection. It is also convenient when you need to rapidly switch from one VPN connection to another.

Screen shot 2010-03-20 at 12.43.57 PM.PNG

Outside looking in

Convergence is again a hot topic. In the past, it described how voice and data traffic would eventually coexist on IP networks. Now it frequently refers to the trend of integrating information security functions into traditional corporate risk management organizations. There are good reasons for doing this, but the risks may ultimately outweigh the rewards.

read more | digg story

Internal IP address - NAT addresses, Private IP, NATed Addy

I am discovering just how challenging it is to be secure and anonymous while using the web. Aparently Java code embedded in a web site can read various configuration settings of your computer while you are browsing that site. This happens without prompting the user. In my case I was browsing the Audit My PC web site using Firefox, a browser most consider to be more secure than Internet Explorer. The only option available to the user is to disable Java and JavaScript. Of course this prevents the user from experiencing the full functionality of some sites such as Gmail which make heavy use of AJAX. I guess the lesson here is while connected to a remove server one must be ever vigilant.