Before we had the Apple’s OS X Tiger there was no way to do screen sharing across the Internet.  My grandfather, who lives in Michigan, had just bought a new  Mac.  I wasn’t going to fly out there but he desperately needed some help showing him how to use his Mac.  I, therefore, needed a way to control his computer remotely.  In most households there is a router with at least one, if not multiple computers, sharing the Internet connection.  This is, essentially, a network setup.  We can share printers, share files between computers, amongst other things. With my grandfather, what I really needed was to be on his network; this way I could easily connect to his computer with his IP address. Now you’re going to ask, why don’t you just get his IP address and connect over the Internet without being on his network?  Good question!  Remember, his IP address is not the IP address of his computer, it’s the IP address of his router.  The truth is it can be done, though we would need to configure his NAT router, punching some holes to allow certain traffic to flow through the router to his MAC.  This type of configuration is complex and besides, there is no way my grandfather is going to be able to do this.  What we need here is a VPN (Virtual Private Network) and Hamachi is just the solution, plus it’s free!

A VPN is a network that uses the public infrastructure, such as the Internet to provide users with secure access to their organization’s network.  Very often you will find corporate VPN’s. What that means is an employee who is out on the road or working from home and needs access to the corporate network, is able to gain access via the corporate VPN and thus, work off-site.  Since the VPN’s operate over the Internet, an insecure medium, there is a real need for bullet proof security using extremely robust encryption protocols. 

I downloaded and installed HamachiX for the MAC.  I was able to easily set up a network then I gave the network a name and a password.  Now that I have a VPN setup on my end,  I had my grandfather install HamachiX on his MAC.   He joined the network I created by using the name I gave it and the password.  I was then able to see him logged in.  I then had him configure his MAC to run the remote desktop service and also have his firewall accept the VNC client connection.  VNC is remote control software which allows you to view and fully interact with a computer desktop.  I fired it up on my MAC.  I make the connection using the IP address that Hamachi gave my grandfather’s computer and the port the service was running on; voila! His screen appears in the window.  I am now able to control his computer.  Hamachi is “zero configuration”, meaning I did not have to re-configure my grandfather’s router.  It was like his computer was in my house on my network.  I was able to telnet to his computer and I could even set up to print to his printer in Michigan if I wanted to. 

 If you’re in a hotel away from home using the hotel’s insecure wireless, Hamachi would be a great solution to securely connect to your home computer and access files, or even browse the net off your home computer.  It’s really an intelligent solution for the small business or home user who needs to access computers across the net in a secure mode.

There is a very neat open standard that is helping solve the ubiquitous SPAM issue. If you have an email account you must know what SPAM is. SPF stands for “Sender Policy Framework” and is an extension to the SMTP standard. We need to understand SMTP before we delve into SPF.Most Internet technologies are based on the concept of a client/server relationship. Sending email is no different. When you browse on the Internet you have a browser (client) and the web-server (server) that serves you the page. With email you usually have an email client that is configured to talk to an SMTP server for sending email. For receiving email your client can talk to a POP3 server or an IMAP server. When you compose an email there must be at least one recipient. Let’s say you have an account with Verizon (your ISP) and you are sending email to a Gmail recipient. You write your email and click “send” and the email is sent to Verizon’s SMTP server, the server that handles all outgoing email. The SMTP server then looks at the recipient and sees that the domain (after the @ ) is intended for someone over at Gmail. It then makes a DNS request to find the IP associated with it’s counterpart over at GMAIL, which is Gmail’s SMTP server. Verizon SMTP server sends the email off to Gmail’s SMTP server. Gmail’s SMTP server will then see that the recipient has a Gmail account and it will drop the email into that person’s mailbox. Now, if you open up an email and look at the headers, there will be a series of “received” headers that will show you the path that the email took. This path looks like a stack, with the first one being the last destination. The “Received” header at the top is actually the last SMTP server that received the email and the bottom “received” header is the first SMTP server that received the email. Every SMTP server that receives that email will stamp a received header onto the email with the IP address of the client or server they received the email from. The received header information becomes essential for SPF, as you’ll see.

The difficult part with this approach is that the FROM address can be spoofed. So my address rongoodbin@veizon.net can be substituted with bill@microsoft.com easily. Nearly all SPAM is sent by fake people who hijack peoples’ real email address’. Spammers like to use addresses with domains that have credence on the Internet. You are more likely to read a piece of spam sent from john.goldstone@ibm.com than some other email like girly1234@aol.com. This type of thievery undermines the credibility of email, which is an unfortunate consequence, and like other Internet technologies security, it wasn’t even a thought at design time.

SPF was created to help remedy this problem and try to help restore the confidence in email integrity. We need some way to authenticate the sender’s email address and not just blindly accept what was supplied as the true sender. Here’s how it works. We talked earlier about the email hopping as it goes from one server to the next en-route to it’s destination. As it travels, the server will stamp the email with the IP address of where it came from. Say there is an email sent to someuser@gmail.com from someone claiming to be rongoodbin@verizon.net. Now, if Gmail is configured to operate with SPF, Gmail will then make a DNS request for the SPF record that verizon.net has configured and stored. This SPF record from Verizon tells Gmail what the IP range this email should be coming from. Gmail then checks the IP address from the received header on the email. Remember, an IP address can’t be spoofed, as we saw with my
question on security now post. If the IP address checks out ok - meaning that it’s in the range allowed by the SPF record, then we know this email was actually sent by Verizon’s SMTP server and not someone from a different SMTP server out in Russia sending mail on behalf of a verizon.net user. Now this valid email will be forwarded to the recipient’s mailbox. If it turns out to be invalid, then the email is discarded. SPF, along with other technologies, is definitely a step in the right direction in the constant fight against SPAM.