Security UPDATE--Alternative Firmware for Wireless APs: DD-WRT--September 20, 2006

Get more functionality out of your wireless APs with firmware such as the free DD-WRT, but proceed with caution. Also, get links to security news and other resources.

ITPro Today

September 19, 2006

11 Min Read
ITPro Today logo in a gray background | ITPro Today

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Filtering the Spectrum of Internet Threats

http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=SECTop0920

Extending SMS to Handheld Devices

http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_middle

Ensure Instant Access to Files at Remote Servers/Offices

http://findtechinfo.com/penton/nl/118

CONTENTS

===========================================

====================

Filtering the Spectrum of Internet Threats Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P. http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=SECTop0920 === IN FOCUS: Alternative Firmware for Wireless APs: DD-WRT ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net You might recall that some time ago, I wrote about the possibility of using alternative firmware in your wireless access points (APs). (See the article at the URL below.) I asked whether you'd like to have more information about such firmware. The positive response was tremendous, so this week, I begin a series covering alternative AP firmware. http://www.windowsitpro.com/Article/ArticleID/47817/47817.html You might want to use alternative firmware for many reasons, the most popular of which is to gain functionality not present in your particular APs. Using alternative firmware shouldn't be difficult for an experienced administrator, but some words of caution are in order. Make absolutely certain that the firmware you choose works on your particular hardware. In some cases, you must examine the serial number on an AP to know this. Follow the installation instructions precisely, because any simple mistake could render your AP unrecoverable. Read any related forums regarding your AP firmware of choice before loading the firmware to learn about incompatibility problems with specific APs or other possible gotchas. And finally, keep in mind that using alternative firmware might void your manufacturer's warranty. Any alternative firmware's support of a given router depends on the chipset used in that router. That is to say, if the firmware is designed to run on a particular chipset (such as a particular model from Broadcom) and your router uses that chipset, then the firmware might work on your router. But as I said earlier, check for specific compatibility (including your AP's model number and serial number) unless you want to experiment and can afford to risk rendering an AP completely useless. The first alternative AP firmware that I want to make you aware of is DD-WRT, which is essentially a mini version of Linux designed specifically to support wireless APs. Because DD-WRT is based on Linux, many common tools available for Linux are either already integrated into the standard firmware package or can be added after installation, provided that your AP has enough free flash memory to store the tools and enough RAM to run them. DD-WRT works on a variety of APs, including some models from ALLNET, Askey, ASUS, Belkin, Buffalo Technology, Linksys, Motorola, RAVO, and Siemens. For a complete list, view the DD-WRT wiki page at the first URL below and read the DD-WRT news for May 11 at the second URL. http://www.dd-wrt.com/wiki/index.php?title=Installation#Supported_Devices http://www.dd-wrt.com One advantage of using DD-WRT is its support for Remote Authentication Dial-In User Service (RADIUS) authentication. This feature lets you consolidate Wi-Fi authentication to a centralized RADIUS server. DD-WRT also comes with a Secure Shell (SSH) daemon, which can be very helpful. For example, you can use a standard SSH client to connect to the router to use its shell and available tools. If you travel and use open wireless networks, you can also use the SSH daemon to tunnel traffic securely when you're on the road. Doing so helps prevent snoops from obtaining sensitive information. See James Strassburg's blog at the URL below for a example of how to set up a secure tunnel by using DD-WRT and PuTTY. http://jstrassburg.blogspot.com/2006/01/howto-tunneling-http-over-ssh-with-dd.html Another useful feature of DD-WRT is the built-in PPTP client. You can use the client to connect your AP router directly to any VPN that supports PPTP. So for example, if you have remote offices with APs, you can use DD-WRT on one or more of those APs to connect the remote offices to your central office to access any necessary corporate resources. At the same time, you can configure DD-WRT so that traffic not destined for resources on the VPN goes directly to the Internet. As you might expect, DD-WRT also supports SNMP for management and monitoring. Other advantages include a built-in Samba client, a firewall based on Linux ipchains, and Quality of Service (QoS) traffic-shaping capabilities. And finally, one notable advantage of using DD-WRT as opposed to some of the other alternative firmware packages is its Web management interface. The interface is well-designed and very easy to use, which of course makes administration easier. === SPONSOR: iAnywhere

===============================

Extending SMS to Handheld Devices Join iAnywhere on September 26th for a webcast on the Afaria SMS Integration Suite. Recognizing the critical role that mobile and other distributed technologies play in business today, iAnywhere and Microsoft have partnered to make the combination of Afaria and Systems Management Server 2003 the most comprehensive solution on the market for managing frontline solutions. In this session, we'll provide an overview of Afaria's management and security capabilities with a special focus on how it can be used to enhance and extend SMS to a wide range of mobile devices. http://www.ianywhere.com/forms/afaria_sms.html?referrer=Registered_security_update_middle === SECURITY NEWS AND FEATURES

=======================

European Commission Clarifies Its Concerns Regarding Windows Vista On the heels of its previous troubles with the European Commission (EC), Microsoft might again find itself facing difficulty over the release of Windows Vista, this time regarding the bundling of security software with the OS. http://www.windowsitpro.com/Article/ArticleID/93499/93499.html Spammers Step Up Use of Disposable Domains According to trend research conducted by security software vendor McAfee, spammers are cycling through new domains faster than in the past. While this trend is certainly a boon for domain name registrars, it is in fact a bane for recipients of email as well as mail system administrators. http://www.windowsitpro.com/Article/ArticleID/93518 Visio Connector for MBSA The Visio Connector for Microsoft Baseline Security Analyzer (MBSA) lets you scan computers and access all MBSA commands and output directly through Visio. In case you don't already know, Visio is a drawing program that lets you use stencils to represent the devices in your network as graphical objects. http://www.windowsitpro.com/Article/ArticleID/92710 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html === SPONSOR: Availl

==================================

Ensure Instant Access to Files at Remote Servers/Offices Confused by WAFS, Wide Area Mirroring, DFS, WAN acceleration, or Replication technologies? Do you have remote sites with common data or file needs? Get a free software trial, and register for the free seminar. http://findtechinfo.com/penton/nl/118 === GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: New Tool: ASP Auditor by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters If you run servers that use ASP.NET, you might want to test the new ASP Auditor tool (written in Perl by David Kierznowski) against those servers. The tool checks for potential security problems. Link to the tool and some sample output in this blog article on our Web site. http://www.windowsitpro.com/Article/ArticleID/93466/93466.html FAQ: Logging the ADS Process by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: How do I enable logging for Automated Deployment Services (ADS) deployments? Find the answer at http://www.windowsitpro.com/Article/ArticleID/93479/93479.html INSTANT POLL: Your General-Purpose Account Which account do you typically use to do your day-to-day work on your Windows workstation/laptop/computer? - A plain user account - The built-in Administrator account - Another account with administrative privileges Submit your vote at http://www.windowsitpro.com/windowssecurity#poll SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS

=========================================

by Renee Munshi, [email protected] Discover, Properly Store Sensitive Data Abrevity announced availability of FileData Classifier 2.1 software, which discovers files that might contain confidential or nonpublic information, tags those files, and implements policies to migrate them to the proper storage tiers. FileData Classifier 2.1 now includes advanced pattern recognition, "target-based" data mining, heuristic proximity searching, and other features that Abrevity says provide faster, more accurate, and more scalable searching than other solutions that use more conventional technologies. For more information, go to http://www.abrevity.com WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate. === RESOURCES AND EVENTS

=============================

=============================

The average enterprise spends nearly $10 million annually on IT compliance. Download this free whitepaper today to learn how to streamline the compliance lifecycle and dramatically reduce your company's compliance costs! http://www.windowsitpro.com/go/whitepapers/scalable/compliance?code=0920featwp === ANNOUNCEMENTS

====================================

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

http://www.windowsitpro.com/windowssecurity

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like