I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.
The experts cited in the article have a few recommendations, which I will repeat and elaborate on.Read More »Linksys isn’t the only company building insecure routers
If you own a Linksys WRT54GL or EA2700 router, both devices have serious security vulnerabilities. Serious enough that the only way to continue using them safely is to load an alternative firmware such as DD-WRT on them. That’s not entirely a bad thing; DD-WRT is more capable, and unlike most consumer-oriented firmware, allows you to disable WPS.
The EA2700, in particular, is so trivially easy to hack it’s laughable–all it takes is entering a predictable URL into a web browser. That’s it.
Read More »If you use a Linksys router, you need to drop everything now and upgrade it
Last week, I presented a shortcut for wiring a house with Ethernet using cheap keystone couplers. I’m happy to say I’ve done it twice now, and it all works, but I wanted to follow up and share a little more experience now that I’ve wired about a dozen ports this way.
Read More »An update on the shortcut to wiring a house with Ethernet
I got two good questions last week, via Facebook, that I answered briefly in the comments, but are worth further exploration: Does it beef up wireless security to hide the SSID and only allow the MAC addresses of hardware you own?
Those are good questions. Smart questions. I like those kinds of questions.
Unfortunately, neither measure gets you a whole lot. Against a sophisticated attacker, that buys you minutes, compared to the security of a strong password, which buys you years. It’s like having a locked screen door in front of the vault door at Fort Knox. (Assuming you’re using a strong password–if you’re using a weak password and these measures, it’s like having multiple locked screen doors.)
Then again, not everyone is a sophisticated attacker.
Read More »Two more questions about wireless security
Tom Gatermann told me he succeeded in disabling WPS by upgrading his Linksys router–I didn’t ask what model and probably shouldn’t post that anyway–with DD-WRT.
Explicitly disabling WPS in DD-WRT is unnecessary because DD-WRT doesn’t implement WPS at all–which is a good thing. There’s no setting to look for, it’s just automatic.
John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.
This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
Read More »Balancing safety and versatility
I’ve alluded in the past to why it’s a good idea to make a DMZ with two routers, but I’ve never gone into depth about how and necessarily why to do it.
If your ISP gave you a combination modem/switch/access point/router and it only supports 100 megabit wired and 54-megabit (802.11g) wireless and you want to upgrade to gigabit wired/150-meg (802.11n) wireless, here’s a great way to make the two devices work together and improve your security.
A common piece of good-meaning advice you’ll hear is that you should never use software firewalls. But is that good advice, or bad?
On the surface, it’s good advice. It’s much better to use the firewall built into a cable/DSL router. But the software firewall built into Windows XP, Vista, 7, and (presumably) 8 makes for a good second line of defense, so I don’t recommend disabling it.
I’ll explain further.
Read More »Don’t use software firewalls: Good advice or bad?
The low-tier, DIY VPN has proven popular. The biggest drawback with its approach has been that it requires you to keep a PC on at home. But if your computer is configured to hibernate after a period of inactivity, or if the power goes out, you’ll have a problem.
If you’re willing to do some work, you can use Wake-on-LAN over any Internet connection to solve that issue and power on the computer at will.
Read More »How to power your computer up from away from home
It’s not enough to know what to look for in a router. I wanted to get some solid advice on wi-fi network security. Who better to give that advice than someone who built an airplane that hacks wi-fi? So I talked to WhiteQueen at http://rabbit-hole.org, the co-builder of a wi-fi hacking airplane that made waves at Defcon.
Hacker stereotypes aside, WhiteQueen was very forthcoming. He’s a white hat, and I found him eager to share what he knows.