linksys

If you use a Linksys router, you need to drop everything now and upgrade it

Dave Farquhar security , , ,

If you own a Linksys WRT54GL or EA2700 router, both devices have serious security vulnerabilities. Serious enough that the only way to continue using them safely is to load an alternative firmware such as DD-WRT on them. That’s not entirely a bad thing; DD-WRT is more capable, and unlike most consumer-oriented firmware, allows you to disable WPS.

The EA2700, in particular, is so trivially easy to hack it’s laughable–all it takes is entering a predictable URL into a web browser. That’s it.

Read more

An update on the shortcut to wiring a house with Ethernet

Dave Farquhar Servers and Networking , , ,
An update on the shortcut to wiring a house with Ethernet

Last week, I presented a shortcut for wiring a house with Ethernet using cheap keystone couplers. I’m happy to say I’ve done it twice now, and it all works, but I wanted to follow up and share a little more experience now that I’ve wired about a dozen ports this way.

Read more

Two more questions about wireless security

Dave Farquhar security , , ,

I got two good questions last week, via Facebook, that I answered briefly in the comments, but are worth further exploration: Does it beef up wireless security to hide the SSID and only allow the MAC addresses of hardware you own?

Those are good questions. Smart questions. I like those kinds of questions.

Unfortunately, neither measure gets you a whole lot. Against a sophisticated attacker, that buys you minutes, compared to the security of a strong password, which buys you years. It’s like having a locked screen door in front of the vault door at Fort Knox. (Assuming you’re using a strong password–if you’re using a weak password and these measures, it’s like having multiple locked screen doors.)

Then again, not everyone is a sophisticated attacker.
Read more

Disabling WPS by upgrading to DD-WRT

Dave Farquhar DD-WRT, security , , ,

Tom Gatermann told me he succeeded in disabling WPS by upgrading his Linksys router–I didn’t ask what model and probably shouldn’t post that anyway–with DD-WRT.

Explicitly disabling WPS in DD-WRT is unnecessary because DD-WRT doesn’t implement WPS at all–which is a good thing. There’s no setting to look for, it’s just automatic.

Read more

Balancing safety and versatility

Dave Farquhar security , , , , , , , , , , , ,

John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.

This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
Read more

How to make a DMZ with two routers

Dave Farquhar security , , , , , , , ,

I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.

If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.

Read more

Don’t use software firewalls: Good advice or bad?

Dave Farquhar security , , , , , , , , , , ,

A common piece of good-meaning advice you’ll hear is that you should never use software firewalls. But is that good advice, or bad?

On the surface, it’s good advice. It’s much better to use the firewall built into a cable/DSL router. But the software firewall built into Windows XP, Vista, 7, and (presumably) 8 makes for a good second line of defense, so I don’t recommend disabling it.

I’ll explain further.

Read more

How to power your computer up from away from home

Dave Farquhar DD-WRT, security, Servers and Networking , , , , , , ,

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more

How to secure your wi-fi router

Dave Farquhar Servers and Networking , , , , , , , , , ,

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

Read more

What to look for in a router

Dave Farquhar DD-WRT, Hardware, Servers and Networking , , , , , , , , , , , , , , ,

I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.

This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.

Read more