Tag Archives: lowercase letters

Recommended DD-WRT settings

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Continue reading Recommended DD-WRT settings

Build the best, most secure wifi in your neighborhood

My neighbor asked me for advice on setting up wi-fi in his new house. I realized it’s been a while since I’ve written about wi-fi, and it’s never been cheaper or easier to blanket your house and yard with a good signal.

Blanketing your house and yard while remaining secure, though, is still important.

Continue reading Build the best, most secure wifi in your neighborhood

You need a Yubikey.

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here.

The Yubikey is the best solution I’ve seen yet for the problem of remembering passwords. I am a computer security professional by trade, but I will try to avoid as much techno-jargon as I can, and explain what I do use.

Continue reading You need a Yubikey.

Livingsocial got breached. Change your password, of course

Livingsocial got breached. You need to change your password, if you have a Livingsocial account.

There are two questions worth asking: How do you protect yourself, and how does this happen?

Continue reading Livingsocial got breached. Change your password, of course

How to set up powerline networking securely

When you live in a neighborhood where everyone has a wireless network, you’ll struggle to get adequate coverage in every room of your home. That’s just the nature of wireless networking; we don’t have enough non-overlapping channels to cover everyone. I’ve heard a number of complaints lately that U-Verse isn’t reliable, but I’ve traced that problem to the wireless network. The cable company has to operate in the same wireless space; so the problem isn’t specific to AT&T or Comcast or Charter or Time Warner or Cox.

One of these days the FCC is going to have to sort that out, but don’t count on it happening any time soon. To solve the problem yourself once and for all, you’ll either need to run Ethernet cables or do powerline networking to the part of your house that isn’t getting coverage. Ethernet is cheaper, but powerline networking is much easier, especially in a multilevel house. And if you rent, powerline may be your only option.

The Zyxel PLA-407 is a popular and proven choice. They’re easy to set up, but inherently insecure out of the box. Here’s how to set them up so that a neighbor with a powerline adapter can’t snoop on your network. Continue reading How to set up powerline networking securely

How to find all the capitalized words in a Word document

I recently edited a long document whose original author capitalized way too many words. I needed to fix it. To speed up the process, I needed a way to find capitalized words in Word–all of them, and automatically. Then I could make a decision whether the capitalization was appropriate.

Another time you would need to find capitalized words in Word would be when you’re creating an index. I’m sure there are others.

It’s easier than it sounds.
Continue reading How to find all the capitalized words in a Word document

How to make a DMZ with two routers

I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.

If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.

Continue reading How to make a DMZ with two routers

How I secured my new wireless router

For the first time ever, I actually have a wireless router that can cover my whole house. I’ve been interested in wireless security for a long time, but haven’t actually had to do much with it because I wasn’t running any wireless networks at home.

I spent a few minutes securing my network after I got it up and running. I talked at rather long length about that in the past, but on a really practical level, here’s what I did in a mere 10 minutes that will make a big difference.

Continue reading How I secured my new wireless router

What to look for in a router

What to look for in a router is a common question, and an important one. I’m glad to see people are taking security seriously. I visited that topic in 2004, but that was a long, long time ago. Things have changed somewhat in those six long years.

Of course, any router is better than having no router at all. And when you crack open the case, there’s not a lot of difference between them. But there are some things to look for.

Brand. Linksys, of course, is the brand most people know about. They’ve been making them the longest (the Linksys BEFSR41 wired router has been on the market in one form or another since 1999 or 2000), and they’ve been owned by Cisco, the biggest name in corporate networking, since 2003.

The other brands you’ll see in most stores that sell consumer electronics are Netgear and D-Link. Neither have the backing of a company like Cisco, but I haven’t seen much difference between the three. In a home environment, all three are likely to hold up. I’ve personally used all three in home environments with roughly equal success. All three made lemons in the 2001 and 2005 timeframes, but all consumer electronics from those two years is somewhat suspect so it’s not fair to single any of those companies out.

I trust Asus, but have no experience with their networking equipment.

Support-wise, any of those companies stop supporting their products after a time, and they’ll all send you to outsourced customer support in India.

It used to be that you wanted to buy your wireless network cards and router from the same company if you could. I found I had fewer issues that way. Interoperability works better now than it did then, fortunately.

I do favor brand names over whatever no-name stuff Dealextreme.com can ship you straight from Hong Kong this week. They have a reputation to uphold, after all. Whatever Dealextreme can sell could be an exact clone of a much costlier Linksys device. Or it could die on you after two weeks.

Customer ratings. It’s always a good idea to see what customers on Newegg and Amazon are saying about a product, regardless of where you plan to purchase it. If a thousand people give it their thumbs-up, that’s a good sign you’ll be happy with it too. If there are only a couple dozen ratings out there and most are negative, stay away from it.

Some of the people writing reviews on those sites are clueless, of course, but when I see a product with more than a hundred reviews and four stars (out of five) overall, that tells me it’s something worth looking at.

To me, that’s more important than my experience with a particular brand.

Third-party support. Ideally, you want any router you buy to be capable of running DD-WRT or Tomato. This gives you an out if and when the original maker stops supporting the product. DD-WRT and Tomato are both highly capable, free aftermarket firmware upgrades for routers that add lots of capability.

These days, some routers advertise DD-WRT compatibility, and even come from the factory with DD-WRT installed. There’s nothing at all wrong with that.

Installing either product voids your warranty if it didn’t come with it in the first place, so I suggest waiting until the warranty is up before upgrading to it. And if the factory firmware is working for you, I don’t blame you at all if you leave well enough alone. But compatibility with DD-WRT and especially Tomato gives you extra insurance, and increases the potential resale value of the product if you ever upgrade.

You can search DD-WRT’s database to verify compatibility in advance.

Antennas. It’s best to get a router with two or, better yet, three external antennas. One external antenna is the minimum you want. And you want the antenna(s) to be replaceable. Those specs won’t necessarily be on the box, so check the online reviews of anything you’re considering.

There are two reasons you want to be able to replace antennas. For one, they can break, and it’s a shame to throw away a piece of equipment when a $2 antenna breaks.

The other reason is to improve coverage. You may get lucky and be able to get coverage throughout your house right out of the box, but I’m 0 for 5 in that department, so you’ll have to be luckier than me. Chances are, no matter what you buy, you’ll be replacing antennas.

A box with internal antennas looks nicer, of course, but you don’t buy a router for looks. You buy it for functionality.

The higher dBi antenna the router comes with, the better. But I’d say your chances of needing to replace one or both antennas with aftermarket 5 or 8 dBi antennas is pretty good.

Don’t be too disappointed if you end up spending as much on antennas as you did on the router in the first place.

The other thing to keep in mind is that if you’re putting desktop PCs on your network, you can put your high-gain antennas on the computer rather than on the router, which improves security. If I put an 8 dBi antenna on my desktop computer, I haven’t increased the visibility of my network at all, but if I stick multiple 8 dBi antennas on my network, there’s a pretty good chance that I’ll have better signal in my yard (or my neighbor’s house) than I do in some parts of my own house. Wireless networking just seems to work that way.

But if you have one or more laptops, you probably don’t have any choice but to put big, heavy antennas on your router if you want to be able to use those laptops everywhere in your house.

While we’re talking about coverage, let’s talk repeaters. If you just can’t get wireless coverage everywhere, one option is to put repeaters on the edge of your coverage area to increase it. Dedicated repeaters are expensive and not necessarily easy to find, but this is where DD-WRT support comes in. Buy an inexpensive router that’s capable of running DD-WRT, and you can configure it to run as a repeater instead and save yourself a bundle.

You don’t have to use identical routers, but if I were starting from scratch, I would. That way if your main router fails, you have the option of raiding your repeater for, say, an AC adapter and keep limping along. In the unlikely event that your router drops dead at 10 PM and you’re facing an early morning deadline and all the stores are closed, it’s nice to have options.

802.11 what? Virtually anything on the market today will support 802.11b (11 megabits) and 802.11g (54 megabits). Newer and more expensive products support 802.11n (150 megabits and beyond).

In the United States in 2010, paying extra for 802.11n won’t make any difference in your Internet access speed. But in countries where you can get an Internet connection speed of 100 megabits or faster, you will want 802.11n.

But no matter where you live, 802.11n will make your local network faster. This can make a significant difference if you have networked printers and storage set up.

The other upside to 802.11n is that it operates in the 5 GHz space as opposed to the extremely overcrowded 2.4 GHz space, where cordless phones, microwaves, baby monitors, and a myriad of other consumer electronics can interfere.

But keep in mind that just because a device is rated at 150 megabits or 54 megabits, you probably won’t get full speed everywhere in your house. Interference will usually keep your network from hustling along at 100 percent.

Sometimes you’ll see a product offering “draft-n” support. These are pre-release versions of 802.11n. They’re supposed to be fully compatible with the fully official, blessed version of 802.11n. Given a choice between full 802.11n and draft-n, pick the released version.

Security. If you want wireless, make sure whatever router you buy supports at least WPA2. If it supports some kind of EAP, so much the better, but you may not find that on the box.

I mis-stated security in an earlier version of this. That really is a separate topic. I discussed, at length, hacking into wireless networks with someone who’s done it, and he gave me very candid answers when I asked, “If I lived next door to you, how could I keep you out of my network?” I’ll get that posted later this week or early next week. For now, it’s sufficient to enable WPA2 and use a password of a minimum of 14 characters, including upper and lowercase letters, at least one number and one special character.

AC adapter. This is something you may not think of. Make sure the AC adapter has a standard plug on it, and that its wattage, voltage and polarity specifications are written down on the router itself, the adapter, or better yet, both. The reason is that the AC adapter itself is much more likely to fail than the router itself is. When that happens, you want to be able to get a replacement at Radio Shack.

At most Radio Shack stores, they’ll let you bring the device in and try it out in the store with a replacement AC adapter to make sure it works. You’ll end up paying $15 or $17 for the adapter, but if your router stops working suddenly at 8 PM one night, you’ll probably be willing to pay that to get it working again in 30 minutes.

Frankly, I’d open the box in the parking lot to check the power adapter, and if it has anything other than a standard barrel connector on it, I’d march right back into the store to return it.

Used vs. New? Fundamentally, I have no problem with used equipment. I’ve been buying and using secondhand computer equipment for 20 years. And used equipment can have some advantages. Some revisions of popular routers are better than others, due to cost-cutting measures that the manufacturer might take in order to meet a price point.

And there certainly are legitimate reasons for selling their gear. Maybe they got a combo modem/router and don’t need their old router anymore. That was the reason I sold one of my Linksys WRT54Gs. Maybe they upgraded to higher speed. So don’t just assume that “used” is a euphemism for “broken” or “stolen.”

When buying used, I would want to know the revision of the hardware in order to check compatibility with DD-WRT or Tomato. Some versions of the popular Netgear WGR614 are compatible. Some aren’t and never will be. Others are stuck in “coming soon” limbo with no ETA. Sometimes you can get a used unit pre-configured with DD-WRT or Tomato on it. You may pay a little extra for the convenience, but if it’s worth it to you, go for it.

The other thing I would want to know is the approximate age of the unit. The reason for many, many broken routers is an epidemic of bad capacitors shipped in 2001 and 2005. I’m automatically wary of anything that was manufactured in those two years, although if you’re handy with a soldering iron you can replace them. So if someone offers you a broken router for a couple of bucks, it could be an opportunity for you.

I have a couple of nearly dead routers that I suspect are due to bad caps. They power up, but don’t function completely, and both date to 2005 or thereabouts. And, come to think of it, my original, wired-only Linksys router just mysteriously up and quit on me several years ago, and I’m pretty sure it was made in 2001. It, too, may have fallen victim to bad caps.

For hints on securing a router, look here.