I think this is a problem a lot of us have. We hear all these stories about simple passwords being an issue and how we can be more secure with our passwords. We read these articles and say to ourselves “Yeah I will be better with my password management”, but then we don't actually take the effort to change our passwords. We feel comforted by the fact that the passwords we do have are somewhat secure (full of numbers and symbols) and that we have a few different passwords for our many different accounts.
At least that's the way I am, and I think that's the way many people who read these articles are. I have quite a few accounts and a handful of passwords, but I certainly could be doing better at this whole password security thing. Unfortunately, password security is often something that you think seriously about after it's become a problem. It isn't until a problem has actually occurred, such as credit card information being stolen, that many of us take the steps to protect our accounts. That's why my goal for next year is to be more proactive about password security, so I don't have to deal with the headache later.
There are a lot of ways one can improve their password security. The easiest of ways is to follow some simple password rules: don't repeat the same passwords, make your passwords hard to guess, make sure your e-mail password is very secure, and activate multiple factor identification on sites that allow it. Unfortunately, part of the problem with these tips is that they make remembering the actual passwords that much harder (although xkcd points out that sometimes easier to remember passwords can be better). This becomes more of a problem the more accounts you have and the more passwords you have to remember.
Personally the number of accounts I have on the internet has ballooned in the past couple of years. From social websites to streaming accounts I have many more accounts that I have to manage and remember passwords for. Luckily, there are some services out there that help alleviate this problem. The most popular ones I have heard about are 1password and lastpass. From talking to a few people, I think I'm going to go with 1password. Hopefully this will make it a lot easier for me to generate and keep track of what passwords my various accounts have.
So that's my new years tech resolution. I plan to buy 1password, go find all my old accounts, change their passwords to be more secure, and hopefully keep at it going forward.
How about you guys? Do you have any new years tech resolutions?
Hey guys, I keep meaning to write more blogs but I end up getting distracted each time.
My most recent distraction was a little web app I made in my free time to learn more about jQuery and Google App Engine. I'm just calling it Chose Your Own Adventure! for now.
The app lets you create, edit, and read a classic Choose Your Own Adventure style story using a natural book like interface. Adding and editing pages in the book is fairly simple and straight forward, and CarRacer has already added a few starting pages.
If you'd like to check it out and mess with it, you can find it here.
Time for another wall of text.
NAT is an acronym that most people who use computers have heard of. Unfortunately, people have usually heard of it because it’s causing some sort of problem. Things like causing Xbox Live to be all wonky because your NAT is too strict, or making it so you can’t play games on-line.
However, even while we are familiar with the acronym itself, the term may as well mean anything. Most people don’t really understand what NAT is and why it causes so many headaches for them. After all, what is a Double NAT? What does it mean my NAT is too strict? It’s all just more confusing techno babble to the average computer user.
I hope to explain in this blog post exactly what NAT is, and more importantly what problems crop up with it and how those problems are typically solved. I am going to assume a basic understanding of things such as IP Addresses, Ports, etc. However, I am going to try to keep the discussion as basic as possible so as to cover the general ideas around NAT without getting mucked up in the details.
NAT, or Network Address Translation, was a solution to the problem known as address exhaustion. You may or may not have heard about this, because recently this problem has been a common news item (although its been around for a long time). The basic idea behind address exhaustion is that we have a limited number of IP addresses that can be assigned in IPv4 (roughly 4.3 billion) and we have more computers that want to connect to the Internet than we have addresses. How then can we let all of these computers connect to the Internet, and yet still uniquely identify them so they can communicate with each other? NAT was one of the many solutions to this problem, and one of the most popular.
The idea behind NAT, is that you take multiple computers and put them behind a router on a private network. None of the computers on the Internet outside of this private network have any idea that the computers inside the network exist, all they see is the router. An example of this is illustrated below:
In the above diagram, Computer A and B are hidden behind the router. Computer C and any other computer connected to the internet can not see them, only the router. The IP addresses they have are addresses that can only be used in private networks. The 10.X.X.X and 192.168.X.X addresses that most people are familiar are reserved for this usage. (Another range is also reserved but not typically used, 172.16.0.0/12)
This effectively allows you to assign the same IP address to multiple computers, which slows down the exhaustion of IP adddresses.
Whenever C wants to communicate with A or B it must send a packet to the router, and then the router will forward it to either A or B.
So how does it decide where to send the packets to? Answering that question is the core of NAT.
It's easiest to explain that using examples. There are two cases that matter: outgoing traffic and incoming traffic. We will first discuss internal traffic.
For our purposes, outgoing traffic can be defined as any sort of connection that is initiated by a computer inside the network to a computer outside the network.
When a computer sends a packet over the internet, there are 5 things included in the packet : the senders address and port, the receivers address and port, and the protocol (TCP and IP). The receivers address and port are used to determine where to send the packet, and the senders address and port give the receiver a way to respond to the packet.
Now if you had a network configured like the network pictured above and you sent a packet from A to C without touching it you would have a problem. The packet would contain A's address and port as the senders address and port. However, as I mentioned above that address isn't valid on the internet only in private networks. As a result C would have no idea how to respond to A.
Enter the "Translation" part of Network Address Translation. When A sends a packet to C, the router intercepts the packet in transit. It then replaces A's address/port with its own address/port to use. That way when C receives the packet it knows to send it back to the Router.
The router also records this translation in a look up table. That way, when C tries to send a packet and the router gets it, it knows who to send it back to. When the router receives a packet it takes a look at the look up table generated by translating packets, and checks to see if the port it received the packet on had been used in a translation recently. If so, then it knows to "reverse" the translation that was done on the outgoing packet, by replacing the destination address/port in the response packet with the address/port of the original sender.
If the router doesn't see any translations in the look up table that match, it simply drops the packet because it has no idea who to send the packet to.
For our purposes, incoming traffic is any communication that is initiated by a computer on the internet to a computer inside the private network.
So what happens if C just wants to send a packet to B out of the blue? Say B is hosting a web site and C wants to request a page from it.
Well as I mentioned above, when the router receives this packet from C it will look into the translation look up table to try to see if any computers inside the network have tried to contact C on that same port. If it finds that none of them have, the router will simply drops the packet.
This presents an annoying problem. It would seem if you use NAT you can't do things like host web servers, or game servers, or other such nice things. Luckily there is a workaround for this problem, and it's one that is very familiar. Port Forwarding.
Port Forwarding is essentially hard coding an entry into the translation look up table. When you tell a router to forward port X to address Y you are basically telling the router "If any computer on the internet sends you a packet on this port, pass it on to me". That way you can do things like host servers that require clients to initiate connections.
In the above example. if you tell the router to forward port 80 to computer B (10.0.0.2) then whenever the router receives a packet on port 80 it will forward the packet to computer B regardless of the translation table.
UPnP is another solution to this incoming traffic problem. UPnP is an automatic way for programs to request a router to forward a port to the computer it is running on. This removes the annoyance of having to manually configure and reconfigure ports for each program.
Finally let's talk about the two most common NAT problems: the Double NAT problem, and the Strict NAT problem.
The Double NAT problem occurs when you have a network using NAT inside a network already using NAT. Note that this doesn't stop the network from working. If a computer inside the nested network wants to send a packet out, the packet will be translated twice but still be sent fine and will receive response packets fine.
The problem with Double NAT is port forwarding. In a Double NAT situation you have to forward the ports on each router that the computer you want the port forwarded to is behind. Not only that, but it makes UPnP not possible. UPnP will only be able to forward the port on the innermost router, not on the outer router.
The Strict NAT problem is just another way to say that for some reason a port isn't being forwarded to your device. This could be because you haven't forwarded them, or your router has a firewall blocking the forwarded port, or you are behind some sort of network that you aren't aware of that isn't forwarding the port.
So there we go, I think that covers everything I wanted to cover with this blog post.