Archive for the ‘Networking’ Category

Your router’s security may not be as secure as you think it is

Thursday, December 29th, 2011

I read a report from Sophos that there is a fairly critical security flaw in many consumer wireless routers. I’ve gone on before about how you should use the strongest encryption method available for your equipment to use (WPA2 if all your stuff can handle it). However, while these routers support that, they also have a feature called WPS (for Wi-Fi Protected Setup) which makes it easy for you to set this up by either pressing a button or entering a PIN on either the device connecting to the network or the router.

Using the PIN method is potentially risky if all you have to do is enter the PIN on your computer or other device. It seems the authentication method for the pin results in a mere 11,000 options remaining which can be brute-forced in less than two days.

When I setup a new router, I’ve always gone for the manual approach and determine a wireless network name (SSID) and key which the clients can remember or have easily available. I don’t even install the software which came with the router but instead go to its web-based administration. I’ll turn off WPS so that it’s not accidentally used (the first and only time I tried using WPS, it scrambled what I’d previously set to something random for both SSID and key).

This falls in line with how security decreases as convenience increases. I advise to disable WPS and do it by hand.

SOPA and PIPA are bad

Wednesday, December 28th, 2011

The Internet in the United States is under a threat of assault, the likes of which I’ve never seen. Two bills going through Congress right now, SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), will likely cause secure breakage to the technical underpinnings of the Internet.

The idea behind these bills is to go after copyright violators. However, the methods allowed are extremely aggressive. Can you imagine a single image uploaded to Facebook which turns out to be owned by someone else being the catalyst which makes it impossible to go to Facebook unless you know its IP address? These bills don’t take sites of the net so much as they break your ability to look up the underlying address of the site.

A thorough treatise is posted here at the Stanford Law Review. There are many other sites which go into detail on SOPA such as this one by Adam Savage of Mythbusters and this one over at Lifehacker (which includes a nice video describing the problem).

There has also been some collateral damage in this war. GoDaddy, for instance, had initially shown support for SOPA. As a result, a boycott was called unless they inform Congress that they don’t support the bills at all.

It also appears that SOPA will break the forming DNSSEC (a secure form of DNS, the “phone book” of the Internet) specification.

All in all, this must stop. Letters and calls to Senators and Congresspeople are a good idea at this point.

Google is using your wireless router

Sunday, November 20th, 2011

I’ve known about Google’s (and other companies’) use of the SSID and location of my wireless router for some time. My phone, for instance, uses this information to approximate my location. Other phones do this as well. In fact, before GPS became common in smart phones, it was the only way to determine where you were for location-based services (such as finding a local restaurant).

Google does offer a way for you to opt out of this, but as this article points out, that’s not necessarily the right way to go about things. For instance, not everyone knows how to make the changes in the router to accommodate Google’s opt-out method. What if, like myself, you have a long-running network and don’t wish to change everything (not only do you have to change the settings on the router, but you now have to tell all your equipment the new setting)? Another thing suggested in the article is how accommodating Google won’t help you if another company decides to offer a similar service and doesn’t honor the same opt-out method as Google (or any opt-out method at all).

In my opinion, I have bigger things on my mind than people using my wireless network for location-based services. I understand that by broadcasting my SSID, it is visible from the outside. Half of the problem of using wireless networks for location determination is that people have a tendency to move and this will disrupt that kind of service. I even have a mobile hotspot that I use. I can just imagine how that can disrupt things.

WPA encryption may not be safe for much longer

Wednesday, January 12th, 2011

I’ve stated before how important it is to encrypt your wireless network.  I’ve also suggested going with at LEAST WPA (wireless protected access).  Now, it looks like that won’t be enough.  A security researcher has figured out a way to crack a WPA password with a brute-force attack using Amazon’s Elastic Compute Cloud service.

According to Reuters, the researcher will be releasing the software at the Black Hat conference that’s happening later this month in Washington, D.C.

Amazon says that using their services to hack into an unauthorized network is against their terms of service, but if it can be done in just a few minutes and you don’t run down the street every day doing it, who’s going to know?  Of course, the rub is that you need access to the internet to be able to hack into access to the internet.  Is there a point?  Maybe if you’re using an expensive cellular service and want to connect to someone else’s wireless to save yourself some money.

The same advice I’ve given in the past about the password being only useful to stop the casual user and not the determined hacker still applies.  You should have a password because you don’t want someone getting in.

The big downside to this is that the WPA method that was cracked, PSK (pre-shared key), is the one used on consumer-level equipment.  More robust methods generally require a special server running on your network to handle them and possibly special software on your computer.

I guess we’ll see another encryption method next year (this is a prediction and not based on anything I’ve read or heard).  Computing power is getting so great that we need to greatly expand the size of the keys used to protect our networks.  WPA uses a 256-bit key.  Maybe we need to have 10,000-bit keys (but you’ll need to use a paragraph-long passphrase to create it as it’s only as good as the length of the passphrase).

I saw a neat little wireless gadget

Thursday, December 30th, 2010

A client of mine showed me a wireless networking adapter that I thought rather ingenious.  The Hawking Technology HWU8DD Hi-Gainâ„¢ USB Wireless-G Dish Adapter. It’s a USB wireless adapter with a parabolic dish on it to concentrate the signal.  I hadn’t seen anything quite like it before.  My client got it for use in RV parks where they provide wireless to their guests but it can be spotty depending upon where you are in the park.

Previously, I’d be recommending getting a device that allows you to connect your own antenna and getting a high-gain antenna of some variety attached to it.  The cost for this could get pretty high depending upon the equipment.

Now, using a dish antenna of any type requires that you aim it directly toward the access point.  This adapter had five LEDs to let you know how strong of a signal it was getting, which would help out a great deal with aiming.  It’s also far less costly than previous solutions I would have recommended.
I’d recommend something like this to anyone who has a sketchy signal, but doesn’t want to go through the expense of setting up large antennas.

Their current products are the HWDN1 and the HWDN2, which are both wireless-N devices.  The HWDN1 supports speeds up to 300Mbps, the HWDN2 only 150Mbps.  Both are compatible with Mac and PC computers but neither has the convenient LED readout to tell you the strength of the signal.  The software that comes with it has a nice signal strength gauge (at least for the Windows version).  The HWDN1 has a list price of $75 while the HWDN2 is $65.

All in all, if you need to get a mildly distant wireless signal, one of these units may do the job.  Keep in mind that the further you are from your access point, the slower your network connection will be, but these adapters will help stretch that out quite a bit.