linksys

An update on the shortcut to wiring a house with Ethernet

Dave Farquhar Servers and Networking , , ,
An update on the shortcut to wiring a house with Ethernet

Last week, I presented a shortcut for wiring a house with Ethernet using cheap keystone couplers. I’m happy to say I’ve done it twice now, and it all works, but I wanted to follow up and share a little more experience now that I’ve wired about a dozen ports this way.

Read more

Two more questions about wireless security

Dave Farquhar security , , ,

I got two good questions last week, via Facebook, that I answered briefly in the comments, but are worth further exploration: Does it beef up wireless security to hide the SSID and only allow the MAC addresses of hardware you own?

Those are good questions. Smart questions. I like those kinds of questions.

Unfortunately, neither measure gets you a whole lot. Against a sophisticated attacker, that buys you minutes, compared to the security of a strong password, which buys you years. It’s like having a locked screen door in front of the vault door at Fort Knox. (Assuming you’re using a strong password–if you’re using a weak password and these measures, it’s like having multiple locked screen doors.)

Then again, not everyone is a sophisticated attacker.
Read more

Disabling WPS by upgrading to DD-WRT

Dave Farquhar DD-WRT, security , , ,

Tom Gatermann told me he succeeded in disabling WPS by upgrading his Linksys router–I didn’t ask what model and probably shouldn’t post that anyway–with DD-WRT.

Explicitly disabling WPS in DD-WRT is unnecessary because DD-WRT doesn’t implement WPS at all–which is a good thing. There’s no setting to look for, it’s just automatic.

Read more

Balancing safety and versatility

Dave Farquhar security , , , , , , , , , , , ,

John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.

This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
Read more

How to make a DMZ with two routers

Dave Farquhar security , , , , , , , ,

I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.

If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.

Read more

Don’t use software firewalls: Good advice or bad?

Dave Farquhar security , , , , , , , , , , ,

A common piece of good-meaning advice you’ll hear is that you should never use software firewalls. But is that good advice, or bad?

On the surface, it’s good advice. It’s much better to use the firewall built into a cable/DSL router. But the software firewall built into Windows XP, Vista, 7, and (presumably) 8 makes for a good second line of defense, so I don’t recommend disabling it.

I’ll explain further.

Read more

How to power your computer up from away from home

Dave Farquhar DD-WRT, security, Servers and Networking , , , , , , ,

The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.

If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read more

How to secure your wi-fi router

Dave Farquhar Servers and Networking , , , , , , , , , ,

It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.

Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.

Read more

What to look for in a router

Dave Farquhar DD-WRT, Hardware, Servers and Networking , , , , , , , , , , , , , , ,

I revisit the topic of what to look for in a router every six or seven years. As important as it always was, I think it’s even more important today, as there are a number of underpowered routers on the market and it’s best to avoid them.

This post originated in 2010. I revised it for 2017 needs, and by the time I was done, I’m not sure much of my 2010 text was left. But that’s OK.

Read more

Review: D-Link DSL-2640B

Dave Farquhar Hardware, Servers and Networking , , , , ,

I’ve had DSL for right around 10 years. I would have ordered it sooner, except it wasn’t available in my area any earlier than that.

Over the years I’ve owned several modems. I started out with an Alcatel, then after I moved a mile down the street I owned a couple of different Speedstream modems. Each would drop connections every so often, and each had a different (and undocumented, of course) ritual to get it back online.

The highest praise I can give to the D-Link DSL-2640B is that I haven’t discovered such a ritual yet. If the phone line and electricity are working, it finds a way to stay online.

There’s nothing especially flashy about the 2640B. It’s an unassuming black and silver box, similar in styling to modern PCs, with jacks in the back. It’s a combination modem, gateway, and switch in one package, so in my case, it replaced two boxes–my Speedstream modem, and my Linksys WRT54G. Many ISPs have been distributing all-in-one units made by companies like 2wire in recent years; the D-Link is similar to those, but a bit smaller than many of them.

Setup is trivial for someone who’s set up devices like my old Linksys. Those who’ve never done such a thing may need assistance. I can’t vouch for the quality of D-Link’s customer service because I didn’t need it. Before I plugged the unit into my phone line, I plugged a laptop into the D-Link, brought the two units over to my desktop PC where I brought up my Linksys configuration, and I checked all my settings against the Linksys. About 10 minutes later, I plugged the D-Link into my phone line, it connected to my ISP, and it’s been online ever since.

The nicest feature is its ADSL information screen. It tells me the modem speed (downstream and upstream), number of errors, and other diagnostic information. I’ve seen my speed range from 1.5 megabit to as low as 256K (upstream stays steady at 384K), but it’s never dropped. I’ll take speed fluctuations over dropped connections any day. If the quality of my phone line deteriorates any further (or maybe I should say, “when”)–I’ll be armed with some good information. Southwestern Bell/SBC/AT&T have always been able to dismiss my complaints in the past. I imagine that’ll be harder to do when I can tell them exactly how many tens of millions of downstream errors I have, versus 96 upstream errors.

Despite those connections, the modem keeps on trucking. I’m impressed.

My sole complaint is that the DynDNS client doesn’t pass my domain name to my internal network. I had to put an entry for my DynDNS name into my hosts file. This won’t be an issue for anyone who isn’t running their own web server, but it’s a little aggravating for those who do. Less aggravating than a dropped connection though.

So if you need a new DSL modem for whatever reason, I recommend the D-Link DSL-2640B. It isn’t flashy, but it works and keeps working.

Update 10 October 2010: I’ve been using this unit for about 15 months, and it’s still going strong. So I can recommend it even more strongly than when I wrote this. It’s out of warranty now, and I didn’t even notice.