Many security vulnerabilities have been found in older software and WordPress is no exception. Some malicious elements have found a way to alter parts of the header or footer files in many unsuspecting WordPress installations. So it would be very prudent to keep up with the release of recent patched software.

If you follow the guidelines as detailed here, it will be relatively painless. I will also go over a few ways how you can secure better your WordPress installations. Remember that you have to be lucky all the time whereas for the malicious hacker – he has to be lucky just once.

Recipe for Upgrading WordPress

Items Required & Method

1. Grab the latest version of WordPress from here: http://wordpress.org/download/

At this time it is available in two formats – gunzipped version for the Unix/Linux boxes and zipped version. You can grab any version which will suit you. Extract to a local directory and keep aside.

2. Backup your present Installation. If you have access to the control panel of your server, take a mysql backup of all the data from your WP.

Copy all the files from the root, wp-admin, wp-content and wp-includes into another directory, or better still copy to your local machine. In case something goes wrong, you need to have a fall back plan.

Open wp-config.php and save the // ** MySQL settings ** // information somewhere close. You will need to hang on to this file if you want to have a trouble free upgrading experience.

3. Place an index.html with a message – “The Blog is undergoing some changes” and some polite message to the effect that the service will be unavailable for some time. You should take only a few minutes for the complete upgrading process. But still it is nice to put up a temporary index.html

At the time of upgrading your server will likely throw up some error message which is best avoided.

4. Now it is time for the Rock and Roll ! Now go ahead and delete the following 2 directories ONLY:

Wp-admin

Wp-includes

Some FTP clients will protest if you are trying to delete the directory with files inside. Use your control panel’s file manager for this task.

Upload your extracted wp-admin and wp-includes to the production server.

Now copy all the files over the old files. If you use any of the themes from the themes directory, leave them for now.

You will find the following files under the themes directory:

1. comments.php
2. comments-popup.php
3. sidebar.php
4. header.php
5. footer.php
6. functions.php
7. index.php
8. style.css
9. rtl.css
10. screenshot.png

Edit them – adding whatever changes you have incorporated into these files. Then transfer these files over.

5. The final step: Launch your browser and point to your blog/wp-admin/ and you will be greeted with a login screen. Login and you will be taken to the upgrade part where it will ask your approval to fill in the data. The upgraded version will look for the config file from the root where it stores the database connection details. So if you have done the steps as detailed here, you will have completed the upgrading process with out any fuss.

WordPress Security Details

Matt Cutts has this to say about securing the WordPress installation - http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/

The recent version ( at the time of writing this blog – it is 2.5.1) doesn’t have the earlier vulnerabilities regarding the plugins where anyone can see what plugins you have installed by just looking at the directory index. The newer version will show the “Sorry, no posts matched your criteria.”

It would be a good idea to lock down the wp-admin directory by any of the following means:

1. Place Password protection to this directory. Use Apache server’s password protected directory mode. You will see this error message – “Sorry, no posts matched your criteria.” Instead of a 403 Status code.
2. Use .htaccess to block unauthorized access. A sample is shown as below:

Order Deny,Allow

Deny from all

allow from 67.23.67.255

The above directives will block the world from accessing this directory, but allows access only to the IP 67.23.67.255 ( not a real IP )assuming that is your IP.

OCR with Ubiquitous Webcam

Optical Character Recognition (OCR) technology has matured to include digital image processing and with the kind of processing power available in the average Personal computer, it should come as no surprise that in these days the accuracy of the OCR exceeds 99 %.

Typically most software commercial or free would require that you use a TWAIN compliant scanner to capture the image you want to use for converting to editable text. For best results this might be the only way as you need to present the best possible image for the OCR software to work upon. You will need to acquire black and white or grayscale image as color information would confound the OCR process.

In case your software has any issues working with your scanner, you can still save the scanned image in a TIFF (Tagged Image File Format) format and invoke the OCR software with this TIFF file. Most image editing tools will have no problem converting the images to this TIFF format.

When you are in the office, it would not be an issue to use the services of a desktop scanner to convert the magazine page or newspaper page to electronic format. Many a time you would see when you are traveling – a magazine article or a newspaper page which would be ideal to illustrate your stand. Only thing that would stop you is the lack of accessibility to a desktop scanner. You don’t have to wring your hand in despair anymore.

Your Laptop may already be equipped to take care of not only the means of capturing the newspaper/magazine page, but also the requisite software to convert the acquired image to editable text format. I wanted to do a bit of test in this line and this is what I found out.

I have a Laptop with barebones software installed and not too many techno wiz attachments. The notebook is equipped with a 1.3 mega pixel (extrapolated resolution) Web camera and MS Office installed amongst other things. A typical scenario.

I used the webcam to “capture” this image displayed here from an old magazine. You can see from the faded sepia toned color that the magazine must have been sitting at the shelf for ages. Again the choice of this torn page was deliberate to demonstrate that if we can get any decent result from such a faded magazine page, you should get far better results with a better recent subject.

Now you need an OCR software to complete the conversion process. You need to look no further than the standard MS office software suite for this.

Click on All Programs - > Microsoft Office - > Microsoft Office Tools - > Microsoft Document Imaging

You will have a “free” OCR software here and it will take the above image acquired from the Webcam. Just click on Page from the top menu and select the and you will get the following page:

Click on Tools - > Recognize Text using OCR and it will have converted the image into editable text ready to be ported to MS Word. Click again on Tools - > Send Text to Word and your MS Word will fire up with the converted text.

This is what mine did at the end of the exercise:

A T one tirn, p!opIe
did&t daw to svar
t3eMhe’r—go1d’ look. But
rw dlnw gold teamed
with pLItinuTn or white
ldz so in, and Ioks so
good, u wonder why it
took u so long. At InterCold. there i a .triking rngi. of unfussy, elcg.mt jcseItery — rings. earrin. chair . and pvidant in theit very f fordable Career Carals range. embellished with diamond and pearls. Prices begin at R 3.)OO. And for tho thinking of tying the knot, it you haven’t chcn our wedding nng yet, take a peek at the ‘Rings for E1rnitv’ range. You’ll go mad trying to make up your mind…

Not too good – You would say. But you had supplied a color image in the first place. With a bit of image manipulation and a grayscale image the eventual outcome is almost 85 % accurate. Not bad for a basic web cam based OCR.

We covered installation of a simple wireless Router about a year back. At that time to make the installation as painlessly simple as possible, we have mentioned that we will use WEP - Wired Equivalent Privacy with 128 bit WEP key by using a string of 26 Hexadecimal (Hex) characters.

But WEP is not really suited for a secure Wifi connectivity due to its poor security implementation. With more and more security risks associated with WEP being publicized, it is essential that home and corporate users move on to more secure means.

WPA and WPA2: Wifi Protected Access is a type of system to secure Wireless networks available in 2 modes – Enterprise version and Personal version. The personal version of WPA uses Pre-Shared Key (PSK) in which every computer is given the same passphrase on a shared basis as the name implies. So as a corollary the security of the system depends on the passphrase. In this mode, the data is encrypted using RC4 Stream Cipher with a 128 bit key together with a 48 bit initialization vector. The major security feature is the dynamic changing nature of the Temporal Key integrity protocol. Together with additional security features like Message Integrity Code, WPA provides a better secure Wireless network.

With the technical background covered briefly as above, we again show you how to set up a WPA secured Wireless Access Point in this blog.

We use the same Wireless Router as we have used earlier in our last year example – DLINK DI 524.

• Fire up your Wireless Router’s control panel in your browser. Head to the Wireless button on the left side of the panel. You should be greeted with a  Wireless Settings section of the AP (Access Point) portion.
• Enable the Wireless Radio button
• Select the security to the last option – WPA-PSK/WPA2-PSK mode.

-        The other options include :

-        None (Not Recommended at all)

-        WEP (not recommended again)

Enter a 15 character Passphrase in the PreShare Key column.

Click Apply and exit.

Go to your Laptop or any other Wireless enabled computer and set up the Wireless connectivity. You should be able to browse the list ( depending upon the available Wireless Access point in your locality) and select your now secured Wireless Network by the Network ID (SSID). It should display a dialog box in which the option of providing the PreShare Key is visible. Enter your key here and click to save. I am using a Laptop with Windows Vista Business OS. Your OS may allow you to enter this when you select the Wireless connectivity mode in a slightly different way. But essentially, you will need to enter the same Passphrase across all the computers sharing the same Wireless Network.

And you are ready to Rock and Roll …

Let us face it – many times as a webmaster, you find that you have to move your hosting account from one to another for various reasons. Some hosts offer additional advantage, better servers, physical location of the DC (data center) to the targeted audience, consolidation of online assets and better value for the money – to name a few common reasons for moving hosts.

It can be quite disruptive for the uninitiated and in the process of moving your host you might end up losing the rankings from some of the search engines. We have done this many a times and we try to cover the basic steps involved in moving your hosting provider.

Step 1 ; Creation of Full Backup:

Before you proceed any further, first take a full backup of your site. Many webmasters rely on the hosts to get a full backup on a periodical basis. It would be prudent if you have an independent backup created offline at a set period on a regular basis.

If you have a database, take a full dump of the database ( if it changes every minute as they do in most production environment) and you can sync your data to that of the new host eventually.

Step 2 : Setting up the New Host:

We will assume that you have found a new and better host and you have created an account. Some hosts will charge some nominal amount to set up your account. Most will give you a control panel to set up customization. If you are on a shared hosting, insist on a unique IP address. It does not cost a lot. A dedicated IP address helps establishing your unique presence. It comes in handy for many things too.

Set up your FTP details from your control panel and start uploading your files. Take care to preserve the same directory structure. If you have taken a full backup and you have a shell access to your hosting account, you can use the tar function from the shell to place all the files along with the original file permissions. In Unix/Linux Hosting, some pages may require specific file permissions to work. If you have a database, set up the database and make sure that you create the username and password to access the database as per your old hosting account.

Now use your dedicated IP address to test your pages. As you have not started the transition of the DNS, you will have to depend on the IP address to display your pages.

If you are sure that everything is working normally as usual, proceed to the next step.

Step 3 : Setting up DNS :

Your new host will have provided you with information about their Domain Name Servers. It would be something like this:

Nameserver 1: ns1.targetwoman.com 70.84.70.105

Nameserver 2: ns2.targetwoman.com 70.84.70.99

Login to your domain name registrar and find your way to the domain name server part. It should show you the old host’s name server details.

Make the required changes to the entries – pointing to the new host’s domain name servers.

Don’t expect to see your browser immediately displaying pages from your new host. It won’t. You need to wait for the DNS propagation which can take typically about 72 hours.

If you are using a Windows machine to browse, learn how to purge the old DNS cache as here: Go to Start – Run – cmd ->

You will be presented with a black window reminding you of the old days of DOS. You type:

ipconfig/flushdns

Whereupon you will be told that the operation of flushing the DNS was successful. Now type

ping yourdomain.com

You should see the IP address of your new host now.

If not wait for a few hours and try again.

Step 4: Post Moving … :

Don’t shut down the old server – yet. If you have a constantly changing database, you will need to sync the old database to the new one. You will have to keep the old server up and running for a week. Purge the contents after the 3 day from your old server.

What you should know about your IP number ?

Lots of people especially webmasters are familiar with the IP Numbers which identify their unique address in the “stateless world” of Internet. Equally there are many who blink at this term. This blog sets out to unravel the mystery of this in a simple way.

For example the adjacent number (unless you have javascript disabled in your browser) shows your IP address along with some information about the browser type - .

Your IP number identifies your computer – like your physical address. IP (Internet Protocol) Address refers to a set of four octets (numbers) separated by a dot (.). Each octet consists of a number between 0 and 255. There was a popular movie in which the main actor is peering into the monitor of her computer displaying some IP address with one octet as “275”. You can’t have such IP addresses in real life.

Many computer peripherals operate assigned with their own IP addresses to help the users manage them easily. Your network printer can be fed with the document to print by assigning the print task to the particular IP. In the modern networked environment each peripheral or machine can be controlled, monitored and managed in a more effective manner if they have their own Network interface. This also is the main reason why we may face a shortage of available IP numbers in the near future. The current system which uses IPv4 uses 32 bit addresses which has a maximum limit of 4,294,967,296 addresses.

If the entire world is going to be connected to the Net along with their machines, then this IPv4 system simply will run out of available numbers. So they may eventually shift to the IPv6 system in which 128 bit addresses will be used.

To give you an analogy of how things are – we will use a hypothetical physical address like this:

[Note: all addresses given below are imaginary and do not represent anyone]

32, West side Avenue,

San Jose, CA

USA

Class A:

IP numbers are grouped under classes too. Class A represents the first octet like so :

72. xxx.xxx.xxx

This might be like your country code. But each country may have many sets of Class A addresses assigned to them.

Class B:

72.84.xxx.xxx This example shows a typical address which is like your city code.

Class C:

72.84.70.xxx This example shows a typical address which is like your country:city.street address

The last octet represents your machine.

There is one more detail: Many ISPs assign your IP number dynamically using DHCP (Dynamic Host Configuration Protocol). Not all users need the IP addresses permanently. Servers and other mission critical users require permanent dedicated IP addresses while the rest can manage with dynamically assigned ones when they need it.

Now that we have reached your “home” you can specify the connecting port – your entry point to your machine. You can operate many systems assigned to individual ports in the IP address. For example, you can run a web server under port 80 and a mail server under port 25 and so on.

In our firewall blog we have touched upon locking down the ports we don’t use. Using the same physical analogy as above, you secure the windows and doors when they are not normally used. You close the access to the particular ports ( in our case of firewall, we close all the ports unless otherwise required) when not required.

Geotargeting: In these days of highly competitive world, you want to maximize on your advertisement dollars. You don’t want people from Timbuktu to click on your ads targeted at the New York city dwellers. Or you want to maximize the reach of your specific ads to the specific target audience. The easiest way is to use Geotargeting which sends specific pages/ads to specific location based on the visitor IP number. Many search engines use this technique all the time to deliver localized search results.

Next time you see something like the following in your server log file – you are unlikely to be fazed by the IP numbers :

192.168.0.3 - - [28/May/2007:11:31:43 +0530] “GET /cgi-bin/info HTTP/1.1″ 200 250 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)”

Just as there are differences in the Operating Systems, there are differences in software firewalls and the way they are implemented.

Basic Firewall Rules: To start with, you deny all inbound traffic unless explicitly allowed and specifically under authorized open ports. It is a good idea to log all denied traffic and the log files checked periodically for any signs of determined effort to bypass your security. Log files serve no useful purpose unless reviewed periodically.

Some commonly used Terms:

NAT - Network Address Translation - This is used to send traffic addressed to outside IP from the local internal network and back. For example if an internal computer with the IP address of 192.168.0.5 browses the Net and sends the request to the server of Targetwoman, the NAT enabled system routes the request to the targetwoman server as if the request emanated from the external IP of our Network and collects the sent traffic from the targetwoman server and returns it to the right machine - 192.168.0.5 - even if there are dozens of machines in the local network.

Packet Filter - The firewall reads each data packet for filtering based on a set of Firewall rules.

DMZ - De Militarized Zone - Has nothing to do with the Army except for the military parlance. A local machine is deliberately set to access the Net for some specific or all ports. For example, if a webserver is running in a local server, it would be prudent to avoid the latency and added burden of monitoring the Web server traffic - in some cases.

Reject/Drop Distinction : If a packet is rejected by the Firewall, it returns “connection refused” error to users who attempt to connect. On the other hand, if a packet is dropped, the Firewall doesn’t send any error message. It may be wise to drop packets to avoid giving a malicious user any clue.

With the preamble as above, we will see how a simple Firewall can be setup using Netfilter and Firestarter.

Depending upon your distro of the Linux, you should have downloaded the RPM package or the source tarball. Goto a terminal and type su ( You must be root to install this ) and proceed as follows:

rpm -Uvh firestarter*rpm

Which should install Firestarter if you have no unresolved dependencies.

If you have downloaded the source file, you will need to do the following:

tar -xvzf firestarter*tar.gz
cd firestarter
./configure

With that out of the way, you can start the firestarter by going to RedHat - > System Tools - > More System Tools - > Firestarter Firewall Tool ( if you are running RedHat 9 )

You will be presented with what looks like the image given here:

If you are impatient, head for the Wizard and it will set up a basic Firewall using default set of rules, which you can change any time later.

When it starts Firestarter sets a restrictive policy which you can modify in the preferences section. You will have to go to Edit - > Preferences to access this section.

Under General - select Start Firewall on program startup. Under Services, enable only the services you need :

From the Net ( public access) you can provide access to any of the services listed here. SSH may be the only thing you may need to give access if people are required to access the Linux box from outside. Enable as required.

You can enable NAT (Network Address Translation) from the preferences section. Set the internal network device to point to your actual device from the drop down menu. If you are in doubt, check by typing at the terminal:
ifconfig

If you leave the Autodetect internal IP range, it will select the private class C - 192.168.0.0/24.

Select the external device as appropriate and you are done.

Congratulations if you had followed through to this point. You have a firewall running ….

Sometime back we have covered the basic installation of a Wireless Router for networking a few computers. This time we will explore the actual setting up of a simple but effective Firewall and Internet Connection Sharing for a number of computers.

Windows Internet Connection Sharing (ICS) :
If you want to connect one computer which has access to the Internet to other computers in a local network, sharing the internet connection, you need an extra Network Interface Card (NIC) and you need to enable ICS in your primary computer. This would automatically set the local network card IP address to 192.168.0.1 and allow you to share the internet connection for all machines in the range 192.168.0.2 to 192.168.0.255 .

If your network address is not compatible with this range, or if you have Virtual Private Networking (VPN) then this option is not suitable. You will be better off with a dedicated Hardware Router or what we propose here: - Linux Firewall and Router. In fact you will find hundreds if not in thousands of pages of content about Linux firewalls and software routers running from a modestly equipped box.

Most hardware firewalls and routers come equipped with standard protection against Denial of Service (DoS) attacks and offer network reliability through Stateful Packet Inspection (SPI). Still a well designed software firewall adds the extra feature of scalability and flexibility unmatched by the hardware equivalents.

Besides extended logging allows one to enhanced monitoring for attacks. Intrusion detection is easier with this.

It must be said in bold that a firewall is the first step in your Network security. It is not a complete solution to your Network security. It does not work in isolation. You must have a complete comprehensive security policy involving effective monitoring and intrusion detection.

Simply put, a firewall examines the incoming packets and outgoing packets on specific open ports, and applies a set of pre-defined rules to determine whether an individual packet should be permitted. These rules can be based on allowable originating and destination hosts, ports, packet header information, or any combination of these factors.

Linux, as always comes with many security features in-built including a Firewall. Ipchains with a set of configuration files in Iptables is standard for most distros of Linux. Netfilter offers a set of loadable kernel modules that extends the firewalling capabilities of Linux to allow session-based packet examination.
Linux Kernel with the added features of firewalling through Netfilter has made network security easy to manage.

We will start with Firestarter - a GUI tool to control Netfilter from GNOME. It is simplicity itself. It says in its cute help page : “An all-in-one Linux firewall utility for GNOME”.

Get Firestarter from here: http://www.fs-security.com/

Its features include:

• • Easy to use graphical interface
  • Has a Wizard mode to get up and running in a few seconds
  • Allows Internet Connection Sharing
  • Option to whitelist and blacklist traffic
  • Set up a Dynamic Host Configuration Protocol (DHCP) for the local network ( this is not built-in but uses the system’s dhcpd)
  • Has an advanced kernel tuning Feature
  • Supports Linux Kernels 2.4 and 2.6
  • Ability to hook up user defined scripts or rule sets before or after firewall activation
  • View active network connections, including any traffic routed through the firewall

We will come back with the installation and setting up in the second part.

About a year ago, we noticed that we were running up our regular quota of one-month usage of bandwidth within 15 days. One thing about our portal is we have lavish illustration or images adorning every page. Most of the images and flash files are systematically optimized for maximum resolution with minimum file size with the specific intent on keeping our average page loading time to manageable level for the end users.

Images and flash files consumed about 58-65 % of our total bandwidth and any savings in this region would help our cause. But as I mentioned earlier, things appeared to be going out of control for a time. We were getting lots of hits from hundreds of other sites hot-linking to our images and we ended up paying for the additional bandwidth consumption for that month.

Fortunately, as our server is Apache – the most popular HTTP server on the planet, modifying the behavior of our server is easy. Setting server directives tailor made for each directory is quite easy with simple text directives in a .htaccess file. Apache server’s mod_rewrite module is called as the Swiss Army Knife for a number of reasons. You can create a complete bomb-proof web application with little more than a few lines of PHP/Perl code strung together with a carefully set of instructions deployed in a .htaccess file.

It is decided that only pages from our server can use the accompanying images and any other site linking to our images will be served a simple small image – about 6 k, with our site name embedded.

We deployed the following directives in the .htaccess file in the image directory:

All the directives shown below are populated with comments starting with a # symbol.

[code]

RewriteEngine on # Invokes mod_rewrite module

RewriteCond %{HTTP_REFERER} !^http://targetwoman.com$ [NC] # identify the referer

RewriteCond %{HTTP_REFERER} !^http://www.targetwoman.com/.*$ [NC]

RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.targetwoman.com/image.jpg [R,NC]

[/code]

The last directive indicates to the server that it must serve the default image.jpg for other sites directly linking to the images from this directory.

Most webmasters who directly link to our images are not aware of the implications of the bandwidth consumption for us. This method ensures that there are no ruffled feathers as a consequence. There is a flip side to this – if someone views the page from a search engine’s cache, they will be mildly amused by a single image in various sizes adorning our own pages. But that is small price to pay for avoiding a convoluted solution for the prevention of hot-linking.

My partner has long been complaining about the bird’s nest of networking cables behind her main computer. She has a simple enough set up – 3 desktops and a couple of Laptops equipped with Wifi. But the growth of networking cable and the constant changing of settings in her main computer was getting on our nerves.

So it was finally decided that I ought to sort out this problem with minimal interruption. A quick look at the available options was bewildering. What she needed was a sure-fire quick solution, which required easy setting up, and the route has to be the least complicated.

To cut a long story short, I decided on a Wireless router with a few LAN Ports thrown in. It needs to have a basic firewall as well. This is not a tall order and there are hundreds of products available. A call to the local store revealed that they have many brands to choose and I selected DLINK DI 524 router for this task. The selection process was not based on any obscure logic. It was a matter of availability and ease of use.

The existing set up used an Ethernet Switch and all computers shared the internet access through the main computer’s ICS ( Internet Connection Sharing). Windows 2000 and Windows XP allow you to share your internet connection with other networked computers. Windows XP also ships with built-in firewall. I had installed an additional Network Card to handle the external cable modem and the first NIC (Network Interface card) was configured as the gateway for the rest of the computers.

So I unpacked the DI 524 from its box and connected the mains supply. Nothing much happened, of course, save for the front green LEDs lighting up. All 3 computers were connected to the Ports. DI 524 comes with a 4-port Ethernet switch and a DHCP server. As we have manually setup the individual IP addresses for all the computers and there are not too many computers around, the use of DHCP was not enabled.

DI 524 is ideally suited for a small home office (SOHO) networking needs. It has the usual hardware Webserver to administer the router. It is based on 802.11g which operates on 2.4 GHz frequency. Not much of a choice when you go by the standard 802.11b/g as they use this frequency, which is also used by some cordless phones and microwave ovens. This would become an issue with women and laptops in the wrong place – kitchens. Fortunately as it turned out, my partner’s microwave or the Wireless router or the partner never complained about each other – at least to me.

With its stub 4 inch antenna, the unit provided excellent connectivity up to the lawn – about 100 feet away.

When connected to the webserver through a browser – http://192.168.0.1/ you get a nice crisp screen of menu. There is a wizard to help you along the way, which I didn’t use as I wanted to set up everything manually. I like the hard way in everything I do.

You can do it in any order. But I went straight to the LAN.
Click on LAN and set up the IP address of the router. I set up the IP address to 192.168.0.100 as already the main computer has its internal IP set to 192.168.0.1
Use the default subnet mask at 255.255.255.0 and click on apply. This router is like Windows – it loves to reboot after every move.

Now point your browser to http://192.168.0.100/- and continue.

Click on WAN and set up the cable modem details as you would normally in the main computer. It pays to note down the exact IP address, subnet mask, ISP gateway IP address and the DNS IP addresses. Now click on apply and it will whir for a couple of seconds and say rebooted.

It is not over yet. You still need to set up the firewall before anyone can see anyone inside or outside. You can build complicated firewall rules later when you need them. I added one bit of line – called as action – normal – and allowed LAN complete access to WAN. Not a bright idea when you set up a firewall. You simply bypass the firewall with this rule. But then we just want to rig the unit up as quickly as possible. We will write elaborate firewall rules as we cross this stage.

Voila. We are done and we can see that all machines can access the Net without any machine using ICS.

Now time to set up the Wireless section. Here is a snippet from the device’s help file:

Network ID(SSID) :Network ID is used for identifying the WLAN. Client stations can roam freely over this product and other Access Points that have the same Network ID.
(The factory setting is default)

Channel :The radio channel number. The permissible channels depend on the Regulatory Domain.
(The factory setting is channel 6)

Security :This device supports four different types of security for wireless network.

Wire Equivalence Protection (WEP) :This is a security feature to secure wireless data transmission. Enable WEP encryption to protect your data while it is transferred from one station to another. Select from 64, or 128-bit WEP encryption. 64-bit WEP requires 10 hexadecimal digits, 128-bit WEP requires 26 hexadecimal digits. Hexadecimal digits consist of numbers (0-9) and alphabet characters(a-f).
802.1X (Authenticate with Radius Server) :If the users want to use this security-type.At least,a radius for authentication or WEP for data Encryption. Enter the IP address of Radius server.Then select the encryption bit (64 or 128) and RADIUS Shared Key.
WPA-PSK :Another encryption options for WPA-PSK, TKIP (Temporal Key Integrity Protocol). enter a password in the WPA-PSK field between 8 and 63 characters long for ASCII. 64 characters(0~9,a~f) for HEX.
WPA (Authenticate with Radius Server) :The users have to get a access form RADIUS server by performing user authentication. Enter the IP address of Radius server and RADIUS Shared Key.
WPA2-PSK(AES) :Accept WPA2 clients only and Pre-share key (encryption key) must be entered manually. You can input either 32 ASCII characters or 64 Hexadecimal digits asPre-share key.
WPA2(AES) :Accept WPA2 clients only and work simultaneously with RADIUS Server. The encryption key is got from RADIUS Server dynamically.
WPA-PSK / WPA2-PSK :Accept WPA1 or WPA2 clients to connect simultaneously and Pre-share key (encryption key) must be entered manually. You can input either 32 ASCII characters or 64 Hexadecimal digits as Pre-share key.

To keep things simple, I opted for WEP (Wired Equivalent Privacy) with 128 bit WEP key by using a string of 26 Hexadecimal (Hex) characters and the Laptops can access the network with similar combination of WEP key. I have followed the dictum – KISS – Keep it simple Stupid. You can always add complexity later as you go along. But this is a hands-on on a painless way to set up a Wireless Router.

For a device barely costing about $30, it provides all the basic functionality.

Time to brew a strong coffee from the microwave ….

Administrator role of a leading women portal requires you to don various roles at the same time. To research, design, write, review and edit technical documentation is just not enough.
Amongst other things, you will have to demonstrate a strong understanding of professional web application concepts and techniques, such as servers and application integrations to designing and managing content.

Managing servers, fine-tuning them for peak performance and writing server control directives to get the maximum out of a server is almost routine in this line of work.
Towards this, you must have a development server, which matches the real world production server in closer details. We intend to share our experiences in this field – not as a means to trumpet our prowess but to show that we have much humbler origins.