I've added some Halloween photos (taken with a digital camera) to my flickr site and I'll have more up later after I scan the ones from my SLR Camera.
Anna had a blast and we took her to twice as many homes as last year. We each took turns taking her out to Trick-Or-Treet while the other stayed home to hand out candy.
Of course they are only visable to people I've invited to my flickr site. Except for a few public photos that don't incude people.
Monday, October 31, 2005
Sunday, October 30, 2005
Wireless Security for the Home Network
I have been running a wireless network in my home for a couple of years and I have setup wired and wireless networks for other people for several years. In that time I have researched security settings and watched the industry introduce WEP then move on to WPA and WPA2 encryption levels. Along with the position on other router or access point settings that may improve the security of your network. I thought I'd put together a list of the current recommendations based on my reading and experience from real life setups.
(You may think you want to leave your network open for other to use. If so, just keep in mind that anything done on-line by another person will be tracked back to your access point or router. So, if they do something illegal you may be the one that is liable.)
Here are the basic things that should be done:
Remember to save the passphrase to a file on your computer or on a memory stick so you can just copy and paste it in when configuring devices. You don't want to have to type it in manually and possibly make mistakes. The first part of Steve Gibsons Security Now! episode #14 "Virtual Private Networks (VPN): Theory" talks about the crackability of WPA passphrases.
I'll update this as things change, as they constantly are, in this industry. Updates will be indicated in italic.
Also see these articles at ars The ABCs fo securing your wireless network & Wireless Security Blackpaper.
(You may think you want to leave your network open for other to use. If so, just keep in mind that anything done on-line by another person will be tracked back to your access point or router. So, if they do something illegal you may be the one that is liable.)
Here are the basic things that should be done:
- Never ever use the default settings or password that the manufacturer provided with the equipment.
- Disable remote administration on your router.
- Change the default password for accessing the routers configuration page.
- Turn off the broadcasting of the SSID. (Not a real security measure but it may help keep the neighbors from accidentally using your wireless)
- change the default channel. (Not security but reduces interference from all your neighbors on channel 6)
- Change your default subnet.
- Reduce your key renewal time limit to be less than 12 minutes. I use about 10 minutes (600 seconds).
- MAC Address Filtering - This is the unique identifier that all networking devices have and is assigned by the manufacturer.
On the surface the idea of filtering access to your network by limiting it to your hardware devices seems like a great idea. However it turns out that all the communication between devices sends the MAC and IP address of the source and destination as part of the unencrypted header. So all anyone has to do is use any one of the many freely downloadable network sniffing tools to view the traffic from your wireless network and they have at least 2 MAC addresses and the IP range that is in use based on the 2 IP addresses. If someone is looking for networks to break into they will have one of these sniffer programs. Using this feature will help keep casual or accidental connections from your neighbors or passers buy from happening.
- DHCP Server - Most routers and access points have the ability to act as a DHCP server. A DHCP server dynamically assigns IP addresses to each device that announces it's self to your network. Some may think that disabling the DHCP server option and manually assigning addresses to your devices will keep an attacker from being able to guess you r IP range. As noted above this doesn't really even slow down an attacker. This information is broadcast in the unencrypted header of each message block.
- SSID Broadcasting - Disabling the broadcasting of your SSID or network name to hide your network really only helps keep casual or accidental connections from happening. An attacker will be able to see this information just like the MAC and IP address info mentioned earlier. Using this feature will help keep casual or accidental connections from your neighbors or passers buy from happening.
- WEP Encryption - WEP Encryption was broken from the beginning. It was designed by a group of engineers with out consulting security experts so it has many features that sound good but have been implemented poorly leaving WEP open to easy cracking with in minutes. I could write out everything that is wrong with the implementation but I'll refer you to Gibson Research's web site grc.com where thy provide the audio from a weekly radio show on security that Steve Gibson does with "This Week in Tech" called SecurityNow!. Check out episode 11 "Bad WiFi Security"
- WPA Certification - WPA has been designed much better. It uses TKIP (Temporal Key Integrity Protocol) to manage the keys and RC4 to encrypt the data. WPA is an early implementation of the 802.11i specification before it has been finalized, AES while offered on most hardware may not be properly implemented in this version of WPA. Episode #13 from the SecurityNow! show from grc.com "Unbreakable WiFi Security" discusses this in detail. Essentially TKIP uses RC4 encryption the correct way and dynamically rotates the keys based on a master key generated from your pass phrase. On my Linksys router I have the option of TKIP+AES so it can use the AES encryption rather than the RC4 and have the keys dynamically rotated. Either encryption will work and work well. AES is stronger but it also requires more processing power and some older hardware may not support it. WPA is susceptible to a dictionary attack on the passphrase you use, so using a strong passphrase is important. Steve Gibson has created a web page on his site that securely generates very good random strings of characters you can use.
- WPA2 Certification - is the better choice since it is actually based on the finalized 802.11i specification. In this version AES is officially implemented in a standards based way across hardware. Do not use TKIP even if it is still an option on your hardware with this version of WPA.
Remember to save the passphrase to a file on your computer or on a memory stick so you can just copy and paste it in when configuring devices. You don't want to have to type it in manually and possibly make mistakes. The first part of Steve Gibsons Security Now! episode #14 "Virtual Private Networks (VPN): Theory" talks about the crackability of WPA passphrases.
I'll update this as things change, as they constantly are, in this industry. Updates will be indicated in italic.
Also see these articles at ars The ABCs fo securing your wireless network & Wireless Security Blackpaper.
Labels:
technology
Saturday, October 29, 2005
The Long Run
Todays 17 mile run was much harder than the previous weeks 14 and 16 mile runs. My legs fatigued towards the end and our pace slowed quite a bit from previous long runs. I'm sure it was just an off day and nest weeks 18 mile run will be better.
It felt great to get into the warm shower after almost 3 hours of running on a cool overcast morning. Up at 6am and running since 6:30 was actually a sleep in day compared to the mid week runs where we are up at 4:50 to 5:20 depending on the distance.
It felt great to get into the warm shower after almost 3 hours of running on a cool overcast morning. Up at 6am and running since 6:30 was actually a sleep in day compared to the mid week runs where we are up at 4:50 to 5:20 depending on the distance.
Friday, October 28, 2005
Flickr Photos
Most of the photos on my Flickr site are marked as private but there are five photos I have made publickly available. I'm sure over time I'll add more photos that are public.
I have another blog that I manage for the Buffalo Chips Running Club. It is mostly workouts, news, and articles the the members have submitted to be sent to the club via my weekly email news letter.
I have another blog that I manage for the Buffalo Chips Running Club. It is mostly workouts, news, and articles the the members have submitted to be sent to the club via my weekly email news letter.
Backup Server
I have an old server that was decommissioned during a systems upgrade at my office. It is old, slow, and has relatively small amount of drive space. However, for my home network it seems like a perfect opportunity for me to set it up as a back-up for the other computers on the network. It has duel power supplies and 4 drives running in Raid 5 on an Adaptec SCSI controller. So, it is redundant and should be pretty reliable. The only thing I need to make setting it up easier is a small monitor. Then I can begin reinstalling the OS. I'm thinking I'll run it from another room so it is out of sight, not to mention it is noisy with the fans from the duel power supplies.
It should be a fun project.
It should be a fun project.
Marathon Training
Matt and I have been advancing through our training as the miles increase with virtually no difficulty. The mileage hasn't been a problem however I have had a couple of things slow me down like some pain around my left knee which I managed to eliminate by stretching better and more frequently. I found a targeted stretch in Runners World that seemed to help greatly. Then as I mentioned in a previous post my heal injury while on vacation. Most recently Matt and I were our for a pre dawn run mid week (just 5 miles) and just before the 2 mile mark I stepped on a Magnolia tree blossom and twisted my ankle on the way down to the ground. I missed last Saturdays long run of 16 miles but I'm going to make it to tomorrows (Saturdays) 17 mile run. We only have 2 long runs left after this an 18 mile and 20 mile before we start our taper!
I'm slightly worried about topping out at 20 miles. I'd prefer if we started earlier and built up to the whole distance or maybe a little longer. Our 20 mile run is going to be the Clarksburg 20 mile race.
I'm slightly worried about topping out at 20 miles. I'd prefer if we started earlier and built up to the whole distance or maybe a little longer. Our 20 mile run is going to be the Clarksburg 20 mile race.
Subscribe to:
Posts (Atom)