firewall

What to do with insanely fast routers

Dave Farquhar Hardware , ,

I read a story last week about an insanely fast router that can run at up to 5.3 gigabits, far faster than even the crazy-fast gigabit Internet service that only a lucky few people are able to get. The article questioned what anyone would do with it.

Think beyond network speeds, though, and there’s a lot you can do with that power.

Read more

Microsoft releases EMET 5

Dave Farquhar security, Software ,

Late last week Microsoft released a new version of EMET. I’ve written about EMET before and I still recommend it. EMET 5.0 adds a couple of new mitigations, tries to be harder to bypass, and offers improved compatibility, so there’s little reason not to upgrade.

EMET does more than anything else I can think of to protect you from the many things that get past your antivirus software and firewall’s defenses, and it’s free. I can’t think of any good reason not to run it. Of course, the people not running it at all stand to benefit the most from it, but if you’re already running EMET 4.1, upgrading to get better protection is worthwhile, too.

Listen to this if you think a router makes you invincible

Dave Farquhar security , , , ,

One myth that I hear over and over is that having a router on your Internet connection makes you invisible, and makes you somehow invincible. I even heard someone say recently that if you have a router/firewall, you don’t need to run antivirus software.

Security researcher HD Moore appeared last week on Risky Business and he talked about ways that entire classes of routers can be compromised. Give it a listen. Read more

A Comcastic-ally bad idea

Dave Farquhar security , , , ,

If you haven’t heard about it, Comcast has plans to build a wifi network for its subscribers, on the back of its other subscribers’ routers. What’s worse is it’s an opt-out service. If you don’t hear about it and say something, you’re a hotspot for any other Comcast customer who happens to wander by.

I’m not a Comcast customer. I’m in Charter territory, and I’m not a Charter customer either. But I have so many problems with this it’s hard to know where to begin, so I sure hope other ISPs don’t copy this. Read more

Takeaways from Patrick Gray’s AusCERT coverage

Dave Farquhar security , , , , ,

I’ve been listening to Patrick Gray’s coverage of the AusCERT security conference, and I walked away with two major takeaways, one for security professionals and one for everyone.

Everyone first: Use SSL (https) everywhere you possibly can. Generate superfluous https traffic if you can.

Network professionals: Block as much UDP at the firewall as you can.

Read on for more. Read more

Microsoft was wrong whether it patched XP this time or let it burn

Dave Farquhar security, Windows , , , , ,

Years ago I heard a joke that reminds me of the situation Microsoft found itself in last week with its latest IE vulnerability:

If a man is alone in a forest, and there’s no woman there to hear him, is he still wrong?

I was as shocked as anyone when Microsoft released just one last Internet Explorer patch for Windows XP on May 1. I can argue either side of the issue, but I don’t think I can argue either side convincingly enough to get a simple 50.1% majority of people to agree with me, because I’m not sure I can argue either side of the issue convincingly enough that Iwould agree with myself.

I think it’s important that 26% of all web traffic is still coming from Windows XP today, nearly three weeks after it went end of life. That likely played into the decision. Microsoft was in a no-win situation here, and they had to decide whether they wanted to lose 1-0 or 24-1. So I don’t think it matters all that much, but here are the pros and cons of each side, as I see them. Read more

The publicity around security is a good thing

Dave Farquhar security , , , , , , ,

On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing.

As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness. Read more

How to patch less

Dave Farquhar security, Windows , , , , , , , ,

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”

The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.

That said, there are things you can do to patch less. Read more

The world’s fastest budget PC

Dave Farquhar Hardware , , , , , , , , , , , , , , , ,

So, a relative’s PC was getting a bit aged, and runs Windows XP, barely, so I talked them into an upgrade. I noticed that Micro Center had HP/Compaq DC5700s for $99. They were standard issue office PCs a few years ago, and there are a lot of them in the refurb channel. We went and got one over the weekend.

“What are you going to do with that?” the sales rep asked. “We only use them as cash registers.”

“Word processing,” I said.

“You sure you want to run Windows 7 on an 8-year-old PC?”

“I wrote the book on running Windows on older PCs. Literally. It’ll be fine.”

I hate calling rank like that, but sometimes it’s what you have to do.

And really, for $99, it’s awfully good. Web browsing is plenty fast, Libre Office runs fine on it, and think about it. Windows 7 retails for $100-$109. So it’s like getting the hardware for free. Or Windows for free, however you want to look at it.

Read more

More about Pfsense, the alternative to the crappy consumer router

Dave Farquhar security , , , , , , , , , , , , , , ,

I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe it or not, an ancient Netgear 10/100 card with the late, lamented DEC Tulip chipset on it. Great card for its time, but, yeah, nice 100-megabit throughput, hipster.

If you actually configure your routers rather than just plugging them in, you can do this. Plug in a couple of network cards, plug in a hard drive that you don’t mind getting overwritten, download Pfsense, write the image file to a USB stick, boot off the USB stick, and follow the prompts. Then, to add wireless, plug in a well-supported card like a TP-Link and follow the howto. Read more