Recommended DD-WRT settings

Recommended DD-WRT settings

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Read more

How hard-coding your DNS can improve your security

I’ve long recommended hard-coding your DNS settings as a performance and reliability enhancement–here’s my guide for that–but it turns out it can be a security enhancement too.

Botnets targetting routers aren’t new at all, but there’s a particularly nasty one named Moose running around right now. Among other things, it changes routers’ DNS settings to point to rogue DNS servers that allow the attackers to steal your social media credentials, furthering the bot. Read more

Hillary, hackers, threats, and national security

I got a point-blank question in the comments earlier this week: Did Hillary Clinton’s home-made mail server put national secrets at risk of being hacked by our enemies?

Depending on the enemies, maybe marginally. But not enough that any security professional that I know of is worried about it. Here’s why.

Read more

Dave Farquhar, lunch ninja

My boss doesn’t think I’m human. His proof: He asks anyone who knows me if he or she has ever seen me eat. No one has.

They’ve seen evidence of me eating. But actually taking a bite? No. Not even the time we went out for BBQ.

Read more

Why I don’t scan networks with my own credentials

I scan the network I’m paid and sworn to protect on a nearly daily basis. I experienced a problem with the account I use for that, and I tested by scanning a small quantity of machines (my own and my cubicle neighbor’s) with my own account to make sure the problem was the account, not the tool.

Fixing the account has become a problem–my boss’ problem now–but when I told him about it, I said I could scan the network with my personal admin account, but didn’t want to. One reason has to do with liability and HR. The other, believe it or not, is technical.

Read more

What to do with insanely fast routers

I read a story last week about an insanely fast router that can run at up to 5.3 gigabits, far faster than even the crazy-fast gigabit Internet service that only a lucky few people are able to get. The article questioned what anyone would do with it.

Think beyond network speeds, though, and there’s a lot you can do with that power.

Read more

Outsource your DNS to make your Internet connection more reliable

Early this week, Charter had a major outage affecting most of its customer base. Those who use third-party, non-Charter DNS servers were unaffected.

This is a case where making a performance-related change to your system also makes it more reliable.

Read more

Takeaways from Patrick Gray’s AusCERT coverage

I’ve been listening to Patrick Gray’s coverage of the AusCERT security conference, and I walked away with two major takeaways, one for security professionals and one for everyone.

Everyone first: Use SSL (https) everywhere you possibly can. Generate superfluous https traffic if you can.

Network professionals: Block as much UDP at the firewall as you can.

Read on for more. Read more

Windows Technical Support calls me again

“Oh, so you think you’re Mr. Genius Man,” the crackly voice said, drowned out by static caused by his cheap VOIP connection. “Enjoy your broken computer, Mr. Genius Man. Goodbye, Mr. Genius Man.”

So ended 23 minutes of my life that I’ll never get back, but I figure it’s 23 minutes he wasn’t spending scamming someone else. I don’t do it often, but my kids were playing nicely and we were all in the same room, so I guess I don’t regret it too much. Read more

Something strange is going on

I’ve been noticing a lot of slowness that I’ve traced to DNS issues lately, typically with the caching DNS in routers. It happened to me, and it happened to my mom. We have different routers from different manufacturers, and they probably even use different embedded operating systems. Hers almost assuredly runs Linux; I have an oddball one that runs FreeBSD.

But the caching nameservers aren’t working well lately. I haven’t investigated why just yet. The solution I found was to hard-code the DNS settings on all my computers rather than letting them pull it from DHCP (my oddball router won’t let me specify external DNSs to use–lovely). Be sure to pick the best ones for your network.

Making that simple change fixed my mom’s dog-slow computer, and fixed my unreliable one.