security – Geoff Boeing

AnyConnect VPN on Linux

I run Linux on my school computer, which I brought home to get work done during the stay-at-home order. But when I tried to set up a VPN connection, I was surprised to discover that USC IT didn’t seem to provide a Linux client for Cisco AnyConnect. When I contacted them to ask how to connect, I was informed that “at this time IT doesn’t support Linux.” Shrug emoji.

Fortunately I do support Linux, so if anyone else wants to connect to the USC AnyConnect VPN, here’s how. You could roll your own solution using OpenConnect and a vpnc-script, but that’s complicated. Instead, you can download a current Linux client for Cisco AnyConnect here (you’re welcome). Install it and run it.

You want to connect to sslvpn.usc.edu (the normal vpn.usc.edu server does not work here). To log in, enter your normal USC username and password. For “second password” open your Duo Security app, generate a two-factor code, and enter it here. And ta-da, you’re in.

Pattern Unlock an Encrypted Android Phone

We’re all familiar with the possibility of data security breaches. Web sites get hacked, passwords get compromised, laptops get stolen. To mitigate these risks, we (try to) use strong passwords, keep our computers under lock and key, and encrypt our personal data. But what about our phones? They are increasingly relied on as mini-computers in our pockets, replete with email accounts, banking apps, and sensitive Dropbox files. Many apps store usernames and passwords in plain text.

What happens if your phone gets stolen? Many people don’t have any security or lock screen enabled at all. Others simply use a pattern or short PIN that is easily cracked in minutes. Android offers encryption, but it’s turned off by default. It’s also very inconvenient. To be effective, encryption requires a strong password, and Android (4.x) requires that you enter this password to unlock your phone when it boots-up, and also every time you unlock the screen.

The problem is that once you encrypt your phone, Android (again, versions 4.x – maybe this will change in a future release!) disables the ability to lock/unlock it with a pattern (annoyingly) or with a different, shorter PIN (perhaps understandably). Having to type in a long password every time you want to use your phone makes this is a non-starter for most users.

Ideally, we would enter a strong password to unlock and decrypt the phone at boot-up, and then use a simpler, user-friendly security mechanism (such as a pattern) to unlock the phone throughout the day. This would balance the benefits of strong-password encryption with the practicalities of making the phone accessible throughout the day.