October 2010 ~ Blogistan

Monday 11 October 2010

Multicast Stream – Tandberg MXP 990

05:13 Blogistan No comments

Make sure that the PC is connected to the same LAN (or multi-cast enabled WAN) as the codec that is to be streaming

Note: The entire configuration related to my IP settings are erased or replaced with ‘X’. Please let me know if you face any problem, and keep following @ahsantasneem for more

Step 1: Static Public IP assignment, entering in all the IP fields for address, subnet mask, and gateway and DNS.

Step 2: Go to Endpoint Confiuration -> Streaming

Address: is defined as the IP-address of a streaming client, streaming server or a multicast address. Giving an address in the range 224.0.0.1-239.255.255.255 will broadcast the stream to any host that has joined the specified multicast group. Specifying normal broadcast address 255.255.255.255 will broadcast to any members on the LAN.

Address Port: If several codec’s are streaming to the same IP-address, different ports have to be used in order for the client to know which stream to receive. In this case 22232

Source -> Auto: Enables streaming of both local and far end video. Selection of which site to be streamed is done using voice switching (the site that speaks is streamed).

Streaming Password : Set password so that only participants entering correct password will be able to view the streaming session. Entering a password will prevent unauthorized people from accessing the streaming session

Step 3: Click -> Overview -> Streaming and press the link “Start Streaming” to start the stream.

A new webpage is opened with the streaming view displayed within the page. You can also open your web-browser directly to the streaming page by entering this URL into the browser(In this case): http://124.x.x.x/stream.sdp where 124.x.x.x would be the IP of your streaming device (Tandberg mxp 990). If a streaming client is successfully installed on the computer, a window will start up and soon show the incoming streamed information as shown below:

Step 4: To receive the stream directly from within QuickTime Player, launch QuickTime

player, and under the File Menu select ‘Open URL’ and enter http://124.x.x.x/stream.sdp where 124.x.x.x would be the IP of your codec.

SDP file

When streaming, the codec will generate a SDP file 'stream.sdp' which can be retrieved through the codecs web-interface (by http). This file describes what type of media is used (G.711 / H.261) and which (multicast or unicast) address the streaming is sent to. The clients (QuickTime and RealPlayer) use this information to listen for the stream.

Step 5: To end the streaming session, just press the “Disconnect Call” button on remote control or click the ‘Stop Streaming’ icon on the web page provided the ‘Allow Remote Start’ is set to on.

Note: That just closing the web application will not end the streaming session, as other codec’s still might be able to receive the streamed information.

Supported Streaming clients

Cisco IP/TV, QuickTime version 4 or greater, RealPlayer version 7 and VIC

Cisco IP/TV http://www.cisco.com

QuickTime version 42 or greater http://quicktime.apple.com

VIC http://www-mice.cs.ucl.ac.uk/multimedia/software/vic/

RealPlayer7 or greater http://www.real.com

New Facebook 'Groups' Designed to Completely Change the Way You Use Facebook

00:05 Blogistan No comments

Facebook has just revealed a new version of Groups at its live press conference in Palo Alto, California. Facebook Groups are a shared space where members can participate in communal activities like group chat, e-mail lists, document sharing and group photo-tagging.

The new Groups product was built from the ground up; Facebook Founder and CEO Mark Zuckerberg says Groups is an entirely new product that only shares the name in common with the old Groups functionality. The old Groups will continue to remain in place, but moving forward members will only be able to create new Groups.

Groups are closed by default (but can be secret or open) and are designed to be spaces where small groups of friends share information, with each group controlled by the entirety of its members — an important new direction for Facebook. The group chat feature is just as it sounds; members can participate in back-and-forth IM conversations with everyone in the group at the same time.

Once you start participating in Groups, the most-viewed ones will automatically live in the left-hand navigation of the page for easier access.

Facebook has also released a mobile interface and an Open Graph API for Groups, which means that soon Facebook Groups will be accessible in all imaginable capacities.

With everyone in control, Groups will function much differently than before. Facebook asserts that social norms will govern activity. Ultimately, the company believes the new Groups will fundamentally change the way you use Facebook and give you more control over the distribution of your messages.

From our initial tests, we can assert that Groups is, as Zuckerberg promises, something “so simple that everyone on the site will want to interact with it.” And, by design, everyone will use it.

As Facebook clearly stated during the press event, its goals are to map all real-world groups, to ensure that everyone participates and to build something useful in lots of contexts. What this really means is that Facebook wants to fully understand member relationships (an extension of its Open Graph undertaking), and that the company will use your behavior in Groups to better understand these relationships.

Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 2]

05:02 Blogistan No comments

Configure the Wireless Network Connection

Complete these steps:

Log off and then log on by using the WirelessUser account in the wirelessdemo.local domain.
Choose Start > Control Panel, double-click Network Connections, and then right-click Wireless Network Connection.
Click Properties, go to the Wireless Networks tab, and ensure that the Use Windows to configure my wireless network settingsis checked.
Click Add.
Under the Association tab, type Employee in the Network name (SSID) field.
Select WPA for the Network Authentication and ensure that Data Encryption is set to TKIP.
Go to the Authentication tab.
Validate that EAP type is configured to use Protected EAP (PEAP). If it is not, select it from the drop-down menu.
If you want the machine to be authenticated prior to login (which allows login scripts or group policy pushes to be applied) checkAuthenticate as computer when computer information is available.
Click Properties.
As PEAP involves authentication of Server by the client ensure that Validate server certificate is checked. Also, make sure the CA that issued the ACS certificate is checked under the Trusted Root Certification Authorities menu.
Choose Secured password (EAP-MSCHAP v2) under Authentication Method as it is used for inner authentication.
Make sure the Enable Fast Reconnect check box is checked. Then, click OK three times.
Step - x : Select the option Configure and uncheck the option present there if you want to enter the user and password manually, and ignore the Step - x if you are already logged in with the correct user and password.
Right-click the wireless network connection icon in systray and then click View Available Wireless Networks.
Click the Employee wireless network and click Connect.
These screen shots indicate if the connection completes successfully.
After authentication is successful, check the TCP/IP configuration for the wireless adapter by using Network Connections. It should have an address range from the DHCP scope or the scope created for the wireless clients.

We have also configured the Cellphones (tested on Nokia N79 and Windows Mobile) to connect to the wireless router by adding the certificates on them, and now they are also able to authenticate through RADIUS Server. I'll post all the steps involved in it soon.

Related Articles:
Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 1]

Configuring Cisco Secure ACS for Windows PEAP-MS-CHAPv2 - [Part 1]

05:00 Blogistan No comments

Introduction

I was working on improving and managing (logging) the security of my wireless network and for this purpose I was searching for steelbelted RADIUS which used to be a freeware, but recently I found that Juniper bought it and its no more freeware now. Therefore I started looking for an alternative and I found one that is Cisco ACS. My plan was to place RADIUS behind the wireless routers placed in my office and authenticate the users trying to connect to Wifi through RADIUS server preventing the unauthorized users access and also generate their logs. Below article helped me in the process I have also specified the changes done by me to make things work. The procedure mentioned below is for the workgroup environment not for the Domain environment.

Do let me know if you face any problem I'll be posting more on this soon keep following @ahsantasneem

[Contd..]

Background Theory

Both PEAP and EAP-TLS build and use a TLS/Secure Socket Layer (SSL) tunnel. PEAP uses only server-side authentication; only the server has a certificate and proves its identity to the client. EAP-TLS, however, uses mutual authentication in which both the ACS (authentication, authorization, and accounting [AAA]) server and clients have certificates and prove their identities to each other.

PEAP is convenient because clients do not require certificates. EAP-TLS is useful for authenticating headless devices, because certificates require no user interaction.

Network Diagram

I have used Linksys Wireless Router N-Series instead of Aironet AP1200.

Cisco ACS is installed on a Vmware on Windows Server 2003 (nothing much has to be done just click next-next and access it after installation http://127.0.0.1:2002)

This document uses the network setup shown in the diagram below.

Obtain a Certificate for the ACS Server (Self-Signed Certificate)

The Self signed certificate will be valid for 1 year.

Go to -> System Configuration -> ACS Certificate Setup -> Generate Self-Signed Certificate

Replace xxxx with the name of the certificate.

Install the Generated Certificate

Click System Configuration.
Click ACS Certificate Setup.
Click Install ACS Certificate.
Choose Read certificate file and type the location of the cert in my case it was c:\xxxx.cer
Click Submit.
Click System Configuration.
Click Service Control and then click Restart.
Click System Configuration.
Click Global Authentication Setup.
Check Allow EAP-MSCHAPV2 and Allow EAP-GTC.
Click Submit + Restart.
Click System Configuration.

Restart the Service and Configure PEAP Settings on the ACS

Follow these steps to restart the service and configure PEAP settings.

Click System Configuration, and then click Service Control.
Click Restart to restart the service.
To configure PEAP settings, click System Configuration, and then click Global Authentication Setup.
Check the two settings shown below, and leave all other settings as default. If you wish, you can specify additional settings, such as Enable Fast Reconnect. When you are finished, click Submit.
- Allow EAP-MSCHAPv2
- Allow MS-CHAP Version 2 Authentication
Note: For more information on Fast Connect, refer to "Authentication Configuration Options" in System Configuration: Authentication and Certificates.

Specify and Configure the Access Point as an AAA Client

Follow these steps to configure the access point (AP) as an AAA client.

Click Network Configuration. Under AAA Clients, click Add Entry.
Enter the AP's hostname in the AAA Client Hostname field and its IP address in the AAA Client IP Address field. Enter a shared secret key for the ACS and the AP in the Key field. Select RADIUS (Cisco Aironet) as the authentication method. When you are finished, click Submit.