Security UPDATE--Alternative Firmware for Wireless APs: DD-WRT--September 20, 2006
Get more functionality out of your wireless APs with firmware such as the free DD-WRT, but proceed with caution. Also, get links to security news and other resources.
September 19, 2006
PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
Filtering the Spectrum of Internet Threats
http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=SECTop0920
Extending SMS to Handheld Devices
http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_middle
Ensure Instant Access to Files at Remote Servers/Offices
http://findtechinfo.com/penton/nl/118
CONTENTS
===========================================
IN FOCUS: Alternative Firmware for Wireless APs: DD-WRT NEWS AND FEATURES - European Commission Clarifies Its Concerns Regarding Windows Vista - Spammers Step Up Use of Disposable Domains - Toolbox: Visio Connector for MBSA - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: New Tool: ASP Auditor - FAQ: Logging the ADS Process - INSTANT POLL: Your General-Purpose Account - Share Your Security Tips PRODUCTS - Discover, Properly Store Sensitive Data - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: St. Bernard Software
====================
Filtering the Spectrum of Internet Threats Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P. http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=SECTop0920 === IN FOCUS: Alternative Firmware for Wireless APs: DD-WRT ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net You might recall that some time ago, I wrote about the possibility of using alternative firmware in your wireless access points (APs). (See the article at the URL below.) I asked whether you'd like to have more information about such firmware. The positive response was tremendous, so this week, I begin a series covering alternative AP firmware. http://www.windowsitpro.com/Article/ArticleID/47817/47817.html You might want to use alternative firmware for many reasons, the most popular of which is to gain functionality not present in your particular APs. Using alternative firmware shouldn't be difficult for an experienced administrator, but some words of caution are in order. Make absolutely certain that the firmware you choose works on your particular hardware. In some cases, you must examine the serial number on an AP to know this. Follow the installation instructions precisely, because any simple mistake could render your AP unrecoverable. Read any related forums regarding your AP firmware of choice before loading the firmware to learn about incompatibility problems with specific APs or other possible gotchas. And finally, keep in mind that using alternative firmware might void your manufacturer's warranty. Any alternative firmware's support of a given router depends on the chipset used in that router. That is to say, if the firmware is designed to run on a particular chipset (such as a particular model from Broadcom) and your router uses that chipset, then the firmware might work on your router. But as I said earlier, check for specific compatibility (including your AP's model number and serial number) unless you want to experiment and can afford to risk rendering an AP completely useless. The first alternative AP firmware that I want to make you aware of is DD-WRT, which is essentially a mini version of Linux designed specifically to support wireless APs. Because DD-WRT is based on Linux, many common tools available for Linux are either already integrated into the standard firmware package or can be added after installation, provided that your AP has enough free flash memory to store the tools and enough RAM to run them. DD-WRT works on a variety of APs, including some models from ALLNET, Askey, ASUS, Belkin, Buffalo Technology, Linksys, Motorola, RAVO, and Siemens. For a complete list, view the DD-WRT wiki page at the first URL below and read the DD-WRT news for May 11 at the second URL. http://www.dd-wrt.com/wiki/index.php?title=Installation#Supported_Devices http://www.dd-wrt.com One advantage of using DD-WRT is its support for Remote Authentication Dial-In User Service (RADIUS) authentication. This feature lets you consolidate Wi-Fi authentication to a centralized RADIUS server. DD-WRT also comes with a Secure Shell (SSH) daemon, which can be very helpful. For example, you can use a standard SSH client to connect to the router to use its shell and available tools. If you travel and use open wireless networks, you can also use the SSH daemon to tunnel traffic securely when you're on the road. Doing so helps prevent snoops from obtaining sensitive information. See James Strassburg's blog at the URL below for a example of how to set up a secure tunnel by using DD-WRT and PuTTY. http://jstrassburg.blogspot.com/2006/01/howto-tunneling-http-over-ssh-with-dd.html Another useful feature of DD-WRT is the built-in PPTP client. You can use the client to connect your AP router directly to any VPN that supports PPTP. So for example, if you have remote offices with APs, you can use DD-WRT on one or more of those APs to connect the remote offices to your central office to access any necessary corporate resources. At the same time, you can configure DD-WRT so that traffic not destined for resources on the VPN goes directly to the Internet. As you might expect, DD-WRT also supports SNMP for management and monitoring. Other advantages include a built-in Samba client, a firewall based on Linux ipchains, and Quality of Service (QoS) traffic-shaping capabilities. And finally, one notable advantage of using DD-WRT as opposed to some of the other alternative firmware packages is its Web management interface. The interface is well-designed and very easy to use, which of course makes administration easier. === SPONSOR: iAnywhere
===============================
Extending SMS to Handheld Devices Join iAnywhere on September 26th for a webcast on the Afaria SMS Integration Suite. Recognizing the critical role that mobile and other distributed technologies play in business today, iAnywhere and Microsoft have partnered to make the combination of Afaria and Systems Management Server 2003 the most comprehensive solution on the market for managing frontline solutions. In this session, we'll provide an overview of Afaria's management and security capabilities with a special focus on how it can be used to enhance and extend SMS to a wide range of mobile devices. http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_middle === SECURITY NEWS AND FEATURES
=======================
European Commission Clarifies Its Concerns Regarding Windows Vista On the heels of its previous troubles with the European Commission (EC), Microsoft might again find itself facing difficulty over the release of Windows Vista, this time regarding the bundling of security software with the OS. http://www.windowsitpro.com/Article/ArticleID/93499/93499.html Spammers Step Up Use of Disposable Domains According to trend research conducted by security software vendor McAfee, spammers are cycling through new domains faster than in the past. While this trend is certainly a boon for domain name registrars, it is in fact a bane for recipients of email as well as mail system administrators. http://www.windowsitpro.com/Article/ArticleID/93518 Visio Connector for MBSA The Visio Connector for Microsoft Baseline Security Analyzer (MBSA) lets you scan computers and access all MBSA commands and output directly through Visio. In case you don't already know, Visio is a drawing program that lets you use stencils to represent the devices in your network as graphical objects. http://www.windowsitpro.com/Article/ArticleID/92710 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html === SPONSOR: Availl
==================================
Ensure Instant Access to Files at Remote Servers/Offices Confused by WAFS, Wide Area Mirroring, DFS, WAN acceleration, or Replication technologies? Do you have remote sites with common data or file needs? Get a free software trial, and register for the free seminar. http://findtechinfo.com/penton/nl/118 === GIVE AND TAKE
====================================
SECURITY MATTERS BLOG: New Tool: ASP Auditor by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters If you run servers that use ASP.NET, you might want to test the new ASP Auditor tool (written in Perl by David Kierznowski) against those servers. The tool checks for potential security problems. Link to the tool and some sample output in this blog article on our Web site. http://www.windowsitpro.com/Article/ArticleID/93466/93466.html FAQ: Logging the ADS Process by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: How do I enable logging for Automated Deployment Services (ADS) deployments? Find the answer at http://www.windowsitpro.com/Article/ArticleID/93479/93479.html INSTANT POLL: Your General-Purpose Account Which account do you typically use to do your day-to-day work on your Windows workstation/laptop/computer? - A plain user account - The built-in Administrator account - Another account with administrative privileges Submit your vote at http://www.windowsitpro.com/windowssecurity#poll SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS
=========================================
by Renee Munshi, [email protected] Discover, Properly Store Sensitive Data Abrevity announced availability of FileData Classifier 2.1 software, which discovers files that might contain confidential or nonpublic information, tags those files, and implements policies to migrate them to the proper storage tiers. FileData Classifier 2.1 now includes advanced pattern recognition, "target-based" data mining, heuristic proximity searching, and other features that Abrevity says provide faster, more accurate, and more scalable searching than other solutions that use more conventional technologies. For more information, go to http://www.abrevity.com WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate. === RESOURCES AND EVENTS
=============================
For more security-related resources, visit http://www.windowsitpro.com/go/securityresources Windows Connections Conference Now in its seventh year, Windows Connections returns November 6-9, to Mandalay Bay in Las Vegas. Don't miss your chance to interact with industry experts and hear the latest information on Windows Server 2003, Windows 2000 Server, and Windows XP Professional! Register and attend sessions at Microsoft Exchange Connections FREE! http://www.winconnections.com ORACLE AND SQL... BETTER TOGETHER? Learn about optimizing 64-bit database computing, business intelligence for SQL Server and Oracle, high-availability proof points for database computing, and the implications of architectural differences between Oracle and SQL. Coming to 12 US cities in September and October. Special price--sign up now for just $49! http://www.windowsitpro.com/roadshows/sqloracle/?code=enews0906 How will compliance regulations affect your IT infrastructure? Help design your retention and retrieval, privacy, and security policies to make sure that your organization is compliant. Download the free eBook today! http://www.windowsitpro.com/go/ebooks/sherpa/compliance/?code=0920emailannc Total Cost of Ownership--TCO. It's every executive's favorite buzzword, but what does it really mean and how does it affect you? In this podcast, Ben Smith explains how your organization can use virtualization technology to measurably improve the TCO for servers and clients. http://www.windowsitpro.com/go/podcast/hp/virtualization/?code=0920emailannc When your systems go down, your users' productivity grinds to a halt. User downtime is one of the fastest growing concerns among businesses. This free Web seminar teaches you how to keep your users continuously connected and your business up and running. View the on-demand Web seminar now! http://www.windowsitpro.com/go/seminars/neverfail/usercontinuity/?code=0920emailannc === FEATURED WHITE PAPER
=============================
The average enterprise spends nearly $10 million annually on IT compliance. Download this free whitepaper today to learn how to streamline the compliance lifecycle and dramatically reduce your company's compliance costs! http://www.windowsitpro.com/go/whitepapers/scalable/compliance?code=0920featwp === ANNOUNCEMENTS
====================================
Discounted Offer for the Windows IT Pro Master CD Save 50% off the Windows IT Pro Master CD! Order now and get access to the entire Windows IT Pro article database on CD. Subscribe now: https://store.pentontech.com/index.cfm?s=9&promocode=eu2269uc Get the Windows IT Pro Utility Kit FREE SAVE up to $30 on Windows IT Pro and get an exclusive Windows IT Pro Utility Kit CD FREE with your paid order! You'll also get unlimited access to the entire online article archive, which houses more than 9000 helpful Windows IT articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2069uw
===========================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).
http://www.windowsitpro.com/windowssecurity
https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb
Subscribe to Security UPDATE at
http://www.windowsitpro.com/Email/Index.cfm?action=archive
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%
Be sure to add [email protected] to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About your product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
About the Author
You May Also Like