Categories
Security Technology

Authentication for Free, as in Beer (FreeIPA)

I’ve been busy with work lately, but got some time this Sunday to work on the next part of my build – authentication.

The Unraid build itself is coming on well, but I now have 14 separate docker containers doing things for me, all with their own individual authentication methods. If I plan on opening up the server to external access (which I do), then I need something to manage usernames and passwords from a central point.

That something is LDAP.

LDAP stands for Lightweight Directory Access Protocol, and is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

The most common implementation of LDAP that people will probably have heard of is Microsoft’s Active Directory, itself an implementation of LDAP. It’s what I’m most familiar with, having worked with flavors of AD from 2003 onwards. It’s easy to setup and easy to work with, and is – in my view – the best implementation of LDAP for a heavily Windows-based environment.

I’m not exactly running a completely Windows environment. My primary machine, and that of my girlfriend, is running Windows 10. However, I have 14 docker containers (and growing), and some implementations I want to do that require some integration with whatever LDAP server you’re running, and I’m not sure how well AD would play with those.

Lastly, AD requires you to be running Windows Server, which requires a license, and also some fairly decent system requirements.

Plus, it’s fun to learn new things.

So I’ll be using something called FreeIPA (hopefully the punny title makes sense now) on a CentOS 8 install, with 2 vCPUs, 4GB RAM and a 60GB disk.

Read on for how it’s done.

Categories
Security Technology

Two Factors are Better than One

Information Security is a Big Deal these days, just as it should be. We are adding personal data (or personally identifiable data) to the internet at an unprecedented rate. Instagram alone sees 95 million new images  per day. Whilst most would – and should – agree that the level of technology now accessible to the world is an incredible, and incredibly powerful thing, it behooves us to understand the risks that come with sharing any sort of information, particularly anything that can compromise one’s live in the “real world”.

There was a time when the boundaries between the ‘Internet World’ and the ‘Real World’ were pretty well defined. Growing up in the 90s and early 2000s as technology growth exploded, I’ve seen the shifts from that world to today’s fully integrated one. Personally I think it’s amazing how far we’ve come in such a short time, but with ease-of-use comes ease-of-loss.

I can now buy almost any commercially-available item in the world from the palm of my hand, by opening up my Amazon app and using my pre-saved credit card information to have anything delivered to me in just a few taps. I can pay for goods and services (up to a certain amount) using the phone itself as a payment method. I can order taxis, buy airline tickets, send and receive money, all alongside taking pictures and sharing them with friends and family.

This boundless freedom and possibility is exactly why you should be practicing good Digital Security. It’s why simple passwords aren’t “easy to remember” but the digital equivalent of leaving your front door open and your valuables on display. It’s why using the same password for everything is like using the same key for every lock – and keeping the master key under your front doormat.

It’s why Two-Factor Authentication (often referred to as 2FA, TFA, or Multi-Factor Authentication (MFA)) is incredibly important today, and why you should all be using it.