Category Archives: Security

DTLS – Security for UDP

I had a short conversation yesterday about securing UDP data. When I dug around little it became clear that there is an existing, RFC documented protocol for handling that. I haven’t yet read the specification (though I likely will as it is an interesting technology).

There is a wikipedia description here and the primary RFC is here.

Being able to secure unsequenced and unreliable datagram traffic using a design that is reasonably well vetted seems extremely useful. There are places where UDP is uniquely useful and security is becoming a much larger issue in the market today.

Interesting looking sample code here.

A Weekend of Database and CertificateS

Spent some time over the weekend doing some more work on the MySQL database layout for the cluster game and working on getting self-signed certificates prepared for my various development machines.

PHP and MySQL

The database work went smoothly. Still largely on the whiteboard at the moment. I’ve also been going through a PHP re-familiarization as I’ll need to code this stuff in PHP for my hosting and I haven’t worked in that environment in some time. I did grab an evaluation license for PHPStorm a few weeks back, but I fear that was premature as I haven’t reached the point where I need such tools on this sandbox project yet.

Certificates

I finally took the time to create SSH certificates to permit direct logins to my linux machines from my windows systems. That part I’ve done many times before and it went flawlessly.

I created and installed self-signed certificates for various local systems and set up TLS on their Apache servers. The creation and installation went smoothly, but the end-result was not what I was hoping for.

After installing the certificates in several different ways on the systems/browsers involved, I still did not see the secure icon in the address bar. I’m not sure whether this is caused by the certificates being self-signed (shouldn’t be as I installed the keys directly from files into the trust stores) of something else I’m not doing properly. I’ll need to keep looking at that one.

I do want to verify that the connections are using TLS. If they’re encrypted but not ‘safe’ because they’re not signed by a major cert vendor then I’m probably ok with that. If the TLS handshake failed because they don’t have the right certs then there’s a bigger problem.

Sunday evening I started down the road to building a local CA to sign all of my certificates with. I’m wondering if setting this up and loading its public key as a trusted root may give better results. The process is a bit more involved but may be worth it if it gets closer to the results I’d get with a commercial certificate.

I still haven’t found a way to load a FreeTLS certificate on my GoDaddy hosting. One of these days I’ll spend the time to get on the phone with their support folks and see if this can be worked out.

I may try setting up a FreeTLS cert on my dynamic DNS connection that targets a port on my home firewall. That would provide more flexibility, but be less robust and scalable.

Samba SMB Shares

Toward the end of the evening I ran through samba installs on several systems. I had been pushing files around between my windows and Linux machines all weekend and wanted to make things closer to seamless.

I had no real luck on that front. I could get things to the point where windows recognized share names from the Linux machines. I could never get things to the point where my windows systems could connect to a share and see files inside. Not sure what I’m missing and the samba logs were not at all helpful.

I’ll probably re-visit this again sometime soon, but for now the convenience of having it working isn’t worth the effort involved in finding out why it isn’t.