• In chevron_right

      Comment les impôts et les normes amputent le pouvoir d’achat des Français

      Institut économique Molinari · tests.marevalo.net / Institut economique Molinari · Tuesday, 13 December, 2022 - 17:23

    • In chevron_right

      Le député Philippe Juvin invite l’État à transférer ses compétences

      Institut économique Molinari · tests.marevalo.net / Institut economique Molinari · Wednesday, 23 November, 2022 - 14:28

    • In chevron_right

      Réforme des retraites: le recul de l’âge de départ est-il vraiment nécessaire?

      Institut économique Molinari · tests.marevalo.net / Institut economique Molinari · Tuesday, 22 November, 2022 - 13:54

    • In chevron_right

      Virus hivernaux: ces pics épidémiques que nous ne verrons pas venir

      Institut économique Molinari · tests.marevalo.net / Institut economique Molinari · Monday, 21 November, 2022 - 14:15

    • chevron_right

      Don’t Let Your Pandemic Travel Credits Go to Waste

      pubsub.dcentralisedmedia.com / LifehackerAustralia · Friday, 8 July, 2022 - 21:30 · 2 minutes

    Travelling via any means is bonkers right now , so you may not be thinking about booking a trip anytime soon. Or maybe you are revenge travelling and booking all of the trips — either way, if you have e-credits or vouchers from trips that were cancelled during the pandemic, you should probably use them soon or find out how to save, extend, or get credit for them before they expire. As the Washington Post points out , travel companies were quick to hand out vouchers — rather than issue refunds, even when required to do so — for cancellations on the assumption that customers wouldn’t actually use them before they expired. And that’s exactly what’s happening. If you can’t use your vouchers or credits in the near future, here are a few ways to avoid losing them.

    Check the status and policies for your vouchers

    First, gather all the information. Log into your travel accounts and note what vouchers or credits you have, how much they’re worth, when they expire, and any policies or limitations for redemption.

    Ask for a refund instead

    Customers and company representatives who spoke to the Post reported that vouchers can often be redeemed for a full refund, which airlines, cruise lines, and other travel operators may be required to offer based on their terms and conditions if they cancelled your trip with no alternative. Of course, this may not apply if you cancelled. But it doesn’t hurt to ask — firmly.

    Use only part of your expiring credit

    If you have an e-credit for a certain dollar amount that’s set to expire, you may be able to keep it active by spending part of the money on a super cheap itinerary (like a one-way flight) and saving the rest for the future. Another hack: book travel using points or e-credits and cancel it within the 24-hour no-penalty window, which re-deposits the credit to your account and resets the expiration date. Note that there may be fees or restrictions for this.

    Prevent general travel points from expiring

    Another thing to check is whether the frequent flyer miles or travel points (and other benefits) you’ve accumulated over time are set to expire soon. Many rewards programs suspended mileage expiration and extended existing premium membership benefits, but those limitations are starting to kick in once again. For example, American Airlines AAdvantage miles expire after 24 months of inactivity, meaning no earning or spending on your account. American paused mileage expiration during the pandemic but reinstated the rule on April 1. To keep your account alive , you only need to make one transaction, which could include a credit card charge, redemption for a cheap flight or other travel, or a cash/mileage donation to charity.

    Plan that trip anyway

    Depending on the type of voucher you have, you may get pretty good bang for your buck when booking right now. For example, a cruise line may charge less than the total of your original credit, so you can cover more of your cost. If you want to get away, feel safe doing so, and have some flexibility, this may be better than letting your money go to waste.

    The post Don’t Let Your Pandemic Travel Credits Go to Waste appeared first on Lifehacker Australia .

    3b034539c02d1cf489cc0778904ab2ef.jpg?quality=80&resize=1280,720
    • chevron_right

      Why you should separate historical data from live data

      pubsub.slavino.sk / networkradius · Tuesday, 24 May, 2022 - 12:00 · 3 minutes

    ISPs and telecoms are often legally required to keep user accounting data for long periods of time. However, keeping these records can result in enormous databases which then affect the performance of your RADIUS system. There are ways of optimizing the database so that you can keep high performance while maintaining years of accounting data.

    Database performance slows down as the size of the database increases

    This limitation is potentially bad news for organizations who are legally required to maintain years of historical data. At any point in time, law enforcement might request records of user activity from several years ago. For large ISPs and Telecoms who have millions of users, historical databases can quickly mushroom into terabytes of data.

    If the RADIUS deployment uses a single database table which maintains both the historical data and live sessions, it will have enormous indexes that need to be updated with every new session. In a database with a hundred millions rows, adding a new row can take many seconds, where normally it should take less than a tenth of a second. This performance drop can create a huge bottleneck in the RADIUS system, and can prevent users from getting online.

    We recommend maintaining separate databases for the historical data and the current data, especially in situations where the historical data is very large.

    The design is very straightforward.

    • The “currently online” database maintains records for one or two months
    • Once or twice a day, an automated process finds all the old, closed sessions in the current database and copies them into the historical database, and then removes those records from the current database.

    These operations will be efficient because they are mostly bulk transactions, and can update hundreds of rows efficiently. Furthermore, because the appends are not being performed on the database used by RADIUS, any slow transactions will not impact the RADIUS system, and will not affect user experience.

    The result is that the current database can be maintained at a very small size, so that updates can be done within milliseconds. At the same time, the historical database is available for the occasional query from law enforcement, or for accounting queries during the billing cycle.

    The idea behind these changes is that database queries in a RADIUS system must be fast to computers. However, database queries for law enforcement must be fast to people, The difference is that computers need millisecond latency, and humans are happy with multi-second latency. This fact means that the databases used by RADIUS must be small and fast, while the databases used for law enforcement can be large and slow.

    It is worth noting that both the current and historical databases will typically have the same schema . However, their uses are very different.

    The historical database serves as long-term data storage, with potentially hundreds of millions of rows. The actions on it will generally be append-only and there will be very few read transactions.

    The current database is used for short-term storage, with about as many rows as users. The transactions on this database will generally be updating the same user session data over and over again.

    When to use this solution

    In scenarios where there is no requirement to archive user sessions for several years, or if the historical database is relatively small, is generally safe to put both sets of data into one table. However, the old data should be periodically deleted! The division of usage between the databases is most effective when applied to organizations that serve millions of users and sessions every day. Most commonly, large ISPs and Telecoms are in this situation.

    Need more help?

    Network RADIUS has been helping clients around the world design and deploy their RADIUS infrastructure for 20 years. We specialize in complex systems and have seen pretty much every variation and problem out there. If you want help from the people who wrote FreeRADIUS, visit our quote page to contact us for a consultation.

    Značky: #Network, #articles

    • chevron_right

      Is PAP secure?

      pubsub.slavino.sk / networkradius · Monday, 11 April, 2022 - 12:00 · 5 minutes

    A common misconception is that PAP is less secure than other authentication protocols such as CHAP, MS-CHAP, or EAP-MSCHAP(v2). This perception arises because of a misunderstanding of how PAP is actually used.. In fact, PAP is often the most secure authentication protocol option available, and it’s what we usually recommend people use.

    How can clear-text be secure?

    PAP transmits passwords in clear-text. This is the attribute which makes people believe that PAP is insecure. After all, how can a clear-text be secure?

    The truth is that PAP does not transmit passwords in clear-text over the network. This critical point is usually overlooked.

    The only part of the authentication process where PAP is transmitted “unprotected” is between the customer DSQL equipment and the NAS (see Figure 1). Although it is technically possible to intercept this communication, it requires physical access to the wires between the customer or the ISP.

    Figure 1: How PAP works

    How PAP Works

    While this physical obstacle does not completely eliminate the risk of intercepting the password, the reality is that in practice, the risk is negligible. The only groups that are remotely likely to conduct covert operations that involve sneaking onto premises are government actors. This type of espionage is out of reach for your average hacker.

    It’s also too expensive for the average attacker to drive your house, and hook up equipment to your DSL line.

    The average hacker is much more likely to target the user database from the comfort of their own home, rather than to risk sneaking onto your home property. By far, the most common way to get peoples passwords is by breaking into the database which stores passwords.

    In the event of a database breach, using PAP in your RADIUS ecosystem provides far better security than other protocol options. This is because when you use PAP, passwords can be stored in salted / hashed form. This is the most secure form of password storage. It means that if (or when) an attacker copies the database contents, they cannot use that information to “crack” peoples passwords.

    In contrast, when you use CHAP, passwords must be stored in the database in plain-text format (See Figure 2). This means that if an attacker copies the database contents, they can see everyones password in the clear! It’s hard to imagine anything worse for security than having your password stolen.

    Figure 2: How CHAP works

    How PAP Works

    It is important to note that this is not because of any inherent insecurity within the CHAP protocol itself, but with the constraints it puts on how passwords are stored in the database.

    Choose your Shared Secrets wisely, they secure PAP!

    When configuring FreeRADIUS, you must specify a “shared secret” between RADIUS and the NAS. This shared secret is used to secure the PAP passwords when they are sent over the network. A strong shared secret makes it difficult or impossible for an attacker to “crack” the passwords. We recommend a long (16 character or more), and random shared secret. Don’t use dictionary words!

    As we see in step 3 of Figure 1, the NAS uses MD5 to create an encryption key which is based on the shared secret. Many people will see that “MD5 is broken”, and will worry about the security of this operation, but there is no cause for alarm.

    MD5 is not perfect, but the shared secret makes it OK to use . In fact, after over three decades of analysis, there has yet to be a vulnerability found with how RADIUS uses MD5. All of the discussions of “MD5 is cracked” are for using MD5 in different ways, where there is no shared secret.

    There is an important caveat however. The security of the MD5 encryption depends significantly on the choice of the shared secret between RADIUS and the NAS. If the Shared Secret is a weak password such as “hello” or “123password”, then it can be decrypted by brute force methods. However, if the shared secret is a strong choice such as Lf34^_QrTB*wbec0 , then it cannot be practically broken.

    In the FreeRADIUS default distribution, the default shared secret is testing123 . Be sure to only use this shared secret for testing purposes, and to change it as soon as possible!

    But I read that CHAP is more secure than PAP

    It is true that much of the information online suggests that CHAP is more secure than PAP. However, many of the articles that make this claim contain half-truths, inaccuracies, and outright nonsense. See our recent article which debunks each of the claimed “facts” about PAP vs CHAP ..

    The bottom line

    The most meaningful distinction between PAP and CHAP is really where clear text passwords are stored or transmitted. The distinction is not a naive repetition of “one is secure, and the other is not”.

    When PAP is used, the most vulnerable part of your network is at the physical wires between the customer and the ISP. Due to historical issues with PPP the password is transmitted in clear text between these two points. Any attacker who can watch this link will only see one password.

    When CHAP is used, the most vulnerable part of your network is your database , because the passwords must be stored there in clear text. Any attacker who gets into the database will see everyones passwords.

    You already know this trade-off. Think back to the last dozen or so password breaches you read about in the media. How many of them were due to database breaches, and how many of them were due to physically intercepting traffic across wires? Database breaches are common, but we are hard pressed to find a single example of attackers breaking into networks by physically tapping into wires. That kind of attack is limited to governments with millions of dollars of equipment, and the movies.

    The analysis we have done here is just one of the reasons we always recommend using PAP whenever possible . It’s more secure, it works in more situations, and it’s easier to use.

    Need more help?

    Network RADIUS has been helping clients around the world design and deploy their RADIUS infrastructure for 20 years. We specialize in complex systems and have seen pretty much every variation and problem out there. If you want help from the people who wrote FreeRADIUS, visit our quote page to contact us for a consultation.

    Značky: #Network, #articles