Top 7 Wireless Security Habits You Should Have for Your Home Network

Standard

 

There are things the average; non-tech can do to ensure a safer, more secure network at home. For purposes of this article I’ve used a Cisco / Linksys device, but many of these tips can be translated to whatever wireless access device you’re using.

1. Change the default administrator password for your WAP device (WAP = wireless access point). To me, this is the most important of all of these points.  It’s different for every wireless type.  Check with your manufacturer’s instructions (the ones that came with the device, when you bought it), for your default password. Logon with these defaults and change your password.

Tim - blog post image 2.JPG

Tim - blog post image 3

 

2. Turn off the WPA/WEP Encryption. Of all the levels of encryption, these are the weakest, the least secure. Select WPA-2 from your dropdown list for the strongest encryption available for wireless networks.

 

3. Enable MAC address filtering for the laptop or device that needs to authenticate to your WAP. “MAC address” doesn’t mean an Apple Mac computer. The MAC address is the unique hardware address of the device. This list allows only those who are defined, or specified, to access your wireless network.

Tim - blog post image 4

 

4. Change and hide your default SSID. SSID refers to the name of your wireless network or Service Set IDentifier. You can hide your network name from being broadcasted.

Tim - blog post image 5

 

5. Enable firewall & AV (antivirus) on each computer and WAP (firewall only). That will create another, added layer of security to prevent a hacker from accessing your WAP.

Tim - blog post image 6

 

6. Position WAP in the center of your home, and not near exterior walls, to eliminate any signal leakage. This is an interesting point: most of the time wireless signals can broadcast about 1000sq feet. The signal broadcasts out in all directions, 360 degrees. If you place it in the back of the house, your neighbor is going to get a stronger signal than you are, at the front of your house. Also, they make plenty of signal boosters to get good signal throughout your environment. This varies amongst all households and building structures, but is still something to think about.

Tim - blog post image 1

 

7. If you’re leaving, like on a vacation, disable the broadcast of your wireless. A lot of people don’t do this. They leave on vacation, and this gives hackers plenty of time to get into their network, unnoticed. I just unplug mine when I go out of town. Simple as that.

Tim - blog post image 7

Happy vacationing!

 

Sonicwall Registration Issues

Standard

 

Hi all,

I have never used my blogging to complain about anything. I believe blogs should be helpful and should allow you to learn something new that you may never have known before. The blog I am writing now hopefully doesn’t come off as complaining, but maybe more as a way for me to get this information out there for others to review — and maybe we can discuss solutions. Because unfortunately, at the end of this blog, there is no resolution.* But I want to discuss Sonicwall Registration issues.

I am not talking about what to do when you have a Sonicwall, and you need to register it for your account. I am referring to registering for a mysonicwall.com account. I have had the unfortunate experience of having to deal with this, and I want to get some myths and facts squared away.

First off, a little background here: I am a Watchguard guy. I was originally trained on Watchguards, I love the interface, and in my time in Florida it was 90% Watchguard, 10% Sonicwall. We had one client who had a Sonicwall, and I dreaded it. Until I realized they had the Public Server Wizard in the upper right hand corner of the webpage, creating simple rules was as difficult to me as an ASA (I won’t even get into that right now). I have always been a server guy, never strong on networking, so I didn’t understand why Sonicwall needed all of the various components to open a firewall rule. Watchguard made sense to me. You created everything right there with your system manager. I loved it, but upon moving to Colorado, much to my horror, I found that Everon is almost primarily Sonicwalls.

Nevertheless, I took this in stride and began to learn everything I could about these devices. Sonicwall, which was acquired by Dell a few years back, is a good product. It definitely can go toe-to-toe with Watchguard and Cisco ASAs. It is at the forefront of firewall security, so it was something that I needed to learn. I ended up getting a chance to take a Sonicwall home and connect it to my home network. I have a TZ 200, and I wiped it, uploaded the latest firmware at the time, and modified it to match what I wanted out of a firewall.

Flash forward: Everything is working great, but now I want to go further. I want to open some ports and play around a little bit. But first, since it’s been several months, I want to register it as my own. I want a mysonicwall.com account, and I want to update its firmware.

I initially went to mysonicwall.com and began the registration process. Everything seemed right in-line. It looked like I would have my firmware updated by the weekend.

Hold on…. it says my password is poor, with this error:

This password is publicly available in hacking/security forums and can be easily compromised. Please use a different password.

Wow that sounds intense. I really hope the password I chose isn’t available in some forum! I believe it’s a very secure password: I used capital letters, symbols, numbers, and didn’t follow a pattern. It’s over 15 characters! I figure I am going to have to review this later and see if I can find out if I have been compromised in any way. For now, let me input another password….

Same result. (?) How about a different browser…?

Same result. (?!) How about if I VPN into my office at work and try, using a different public IP (because what if, for some weird reason, maybe my IP is blocked)…?

Same result!

Here is a screenshot of the error in all its glory:

Sonicwall

I decided to call Sonicwall to discuss. After all, I am sure they want me as a customer, right? I have called Sonicwall probably at least 100 times before with client issues, so I know that, yes, it can take a while to get someone on the phone. But once I do they are great and will help me out.

Once I got a technician on the phone and explained the issue, he said this can only be taken care of through their Customer Service team, by emailing: [email protected]. OK, that was fine, it sounds like I am not getting to work on my Sonicwall at this time, but whatever, as long as we are moving along. I emailed that address, and a ticket was created immediately, and a response came within 24 hours, so progress. The response that was given was simply:

Dear Customer,
 
You should not use special characters while creating an account.
 
Regards,
DELL SonicWALL Customer Support

OK… pretty sure I had tried without special characters, but let’s go at this again and see what happens. Yep, tried without special characters and I still got the error message. So I emailed Sonicwall back to state this and to see if they will set up the account, or what further can I do. Unfortunately here is where the trail goes cold….

…crickets…

It’s been 5 days now, absolutely no responses. I have tried the registration 3-4 times a day, and responded back to the original ticket requesting assistance, and nothing.

Today I thought about the idea, “What if I just click on ‘Register?’ Will it allow me to somehow register an account?”

NO. (This time the error is that my security question/answer has errors in it. The registration page just gives me two blank fields to fill in whatever I want, so I created a question, and filled in an answer! How could there be errors?! I even tried clicking on the question marks to the side of the fields, assuming those are helpful hints, but even those are not clickable.)

At this point I wrote a “less than happy” email back to Customer Support, because I am at the end of my rope. Even when you Google this Sonicwall error message, you don’t really get anything, so that is one reason I decided to write this blog. Am I the crazy one, or are others out there having the same issue?

I found one response on superuser.com, stating that the reason that error exists is because they are reviewing the password in rainbow tables, and if it exists, they are throwing it out. This made me feel a little more secure, like the password I created was not stolen. To further give myself solace, I created an EXTREMELY long and miserable password by typing random letters, numbers, symbols — everything you could think of — into this registration process… and still nothing. (The password was akin to looking something like this: !@We340rj58tr7j&%#$F093jd938de%^&* That looks pretty secure, but apparently not secure enough for Sonicwall.)

Also, just to state, before I get to my conclusion: if/when I get this resolved with Sonicwall, I will let you all know. I know someone, somewhere in that company will resolve this, and I will continue to be a very happy customer of Sonicwall’s. Just right now we are not on the best of terms.

So, In the end, the point of this blog is really to reach out to the world and state a few facts:

  • This is a big part of being a remote engineer. We are constantly having to contact 3rd party companies all the time, and when they drop the ball it’s tough to relay that information to the client. Because even though you know you have done everything you can, when your client is wanting you to get info from a 3rd party, and they drop the ball, you can’t help but to feel for your client. It’s like you’ve failed them in some way.
  • Sonicwall’s devices are amazing, they are great products, and I recommend them.
  • Dell’s customer service for Sonicwall is less than desirable. If anyone has figured out how to create a registration for mysonicwall.com, please email us at [email protected], subject line: Sonicwall.
  • And lastly… Watchguards RULE! I still love those devices!

245845c*UPDATE [Two weeks later]: I have resolved this issue, and I have my Sonicwall account created finally! I almost gave up, but I decided that if the original engineer who was assigned to my ticket was not going to get back to me, I was going to email in again separately and create a new ticket. I know how their CRM works — just like at Everon — where when you email in to a specific email address, a ticket gets created and assigned out to an engineer. My thinking is that I received an engineer who didn’t care to help me — unlike at Everon. But this situation does happen at some companies sometimes. So if I email in again and a new ticket gets created, maybe I would get an engineer who cares.

So when I emailed in and a new ticket was created, I did get a response — albeit it took 2 days, and they requested a screenshot of the issue. I sent them a screenshot with my phone number, and they actually called me and set the entire account up! They didn’t sound too happy on the phone, and I am sure they were nervous about talking to me since I sent a very nasty email beforehand. Regardless, the issue is resolved, and I have my account. I hope to never have to use Dell Sonicwall’s customer service center ever again. I will say this as well: my password I ended up using has special characters, so the original technician who suggested I could not use special characters was flat-out wrong.

I hope this helps anyone else who might have been going through the same issues, as this was a nightmare for what honestly should have been a very easy, and quick issue. Good luck!

 

 

Mac Tips for Techs: NetSpot

Standard

 

A while ago at Everon I had to troubleshoot a pretty complex wireless system, set up by Cisco. I had to call Cisco to discuss their setup, and I was fortunate enough to get a technician who was so passionate about his job, he decided that once the issue was resolved, he would like to give me a 1-2 hour lesson on wireless technology, regardless of the Cisco brand. For the 1-2 hours he spoke to me on the phone, I feverishly tried to write down notes on every single thing he said. I wish I’d had a record of the call we had together, as I would go in and make better notes. It was one of the best lessons I have ever received.

Technicians who work on certain brands, whether it is HP, Dell, Cisco, whatever… in my experience they all seem to be reading off of a sheet and don’t really care if you understand what they are discussing, as you blindly follow their instructions. And, for the most part, I do blindly follow their instructions. (Because how can I argue about the results? Its their equipment!) But occasionally you will find that one technician who is so passionate about his (or her) field of expertise, that he would like you to experience it as he does. I was so fortunate to have this experience come to life a few months back. (In all honesty, I think that is the way some of our engineers operate here, at Everon, as well. We don’t have rigid scripts, we get a call, and we work on it based on our own, personal knowledge, the knowledge of our peers around us, and various tools, so every interaction can be different and exciting. If you are excited to learn what we are doing, we are equally as excited to teach you!)

Anyways, that is my tangent on technicians, now back to wireless technology….

Out of everything the Cisco engineer showed me, one thing he said needs to be done before you purchase any wireless equipment is a wireless site survey. I had never thought of that previously, but it makes sense. How do you know what you need? How much ground do you need to cover? What type of signal strength can you get by with? All of these questions can be answered by a professional who does site surveys for a living. However, if you were interested in doing one yourself, or even if you needed to troubleshoot your existing wireless, what tools do you have at your disposal? It isn’t like you can actually see wireless to be able to troubleshoot, so what can you use to help you understand wireless? (There are many different products for Windows machines, none of which I will get into here, as this article is for the Mac engineer who is in need of troubleshooting wireless.) I encounter instances like this all the time, where I am sent out to a client’s location, and I have to troubleshoot much more than a simple Mac. Sometimes I will need to troubleshoot their environment and, for wireless environments, I find the best tool for anyone with a Mac is NetSpot.

NetSpot can be downloaded here for free: http://www.netspotapp.com/netspotpro.html

NetSpotThe Pro version is for commercial use. The free version can only be used on you and your friends’ home networks. My advice would be if you are going to begin doing site surveys, spend the $149.00 and get the Pro version. The Pro version also includes unlimited data points in every zone (the free version allows 50), flexible grouping of various items in the survey such as APs, SSIDs, channel, vendor, etc (free only allows grouping via SSID), and much more.

However, if you are learning how to do wireless site surveys, the free version is great. It gives you a ton of information on your wireless network, such as the SSID, band (2.4 GHz, 5 GHz), security (WEP, WPA, etc), vendor, mode (b/g/n), level (signal to noise), signal percentage, the noise in DBm, and much more. It updates in real time, and doesn’t take up much battery life on your Mac. Using this app is a great first step into reviewing a network, as it will easily allow you to see any issues without the need to jump into the AP or wireless router.

Check out this tool, and if you would like to discuss it further, any of our engineers at Everon would love to talk wireless! Call us at 888-244-1748.

 

Tech Tips for Techs: Windows 10 and the Cisco AnyConnect VPN client

Standard

 

As a tech who provides remote support, I rely fairly heavily on several VPN clients to connect to a variety of networks for my day-to-day work. I recently acquired the Technical Preview for Windows 10, and immediately installed it on one of my spare laptops.

(Disclaimer - I subscribe to the “every-other-one” theory in regards to Microsoft OSes. This is to say that every other operating system that M$ releases is a complete piece of garbage. e.g.,

Windows 3.1 - crap
Windows 3.11 - not bad
Windows 95 - crap
Windows 98 - not bad
Windows ME - crap
Windows 2000 - not bad
[exception] Windows XP - not bad
Windows Vista - crap
Windows 7 - not bad
Windows 8 - crap

I completely skipped Windows 8 because I despise the interface, so I avoid it like the plague.)

W10

Microsoft’s Windows 10 Start Menu

That said, I’m surprisingly not-as-disgusted by the Windows 10 interface as I thought I might have been, despite how many remnants of 8 are hanging around. I have to hand it to Microsoft — they did a pretty good job melding the two without completely offending the zealots of both the 7 and 8 camps. After deciding not to promptly format the hard drive after the install, I started installing most of my ‘regular’ applications onto it without any drama until I got to the Cisco AnyConnect VPN client.

I should have known.

After typing in my firewall’s address and pressing Enter, I was promptly greeted with a message saying "Failed to initialize connection subsystem." Gee - that’s nice. A cursory search of the intArwebz brought me to a couple of common things and solutions people have seen with this piece of software: changing the name of the connection in the registry, uninstall and reinstall, deleting multiple instances of the VPN adapter, etc etc. Of all the things I tried, I didn’t think to try the most obvious (which was the winner, I might add.) So much for the K.I.S.S. principle.

First, I changed the DisplayName of the vpnva service in HKLM\SYSTEM\CurrentControlSet\Services\vpnva by deleting the string of garbage in front of the word Cisco (@oem8.inf,%VPNVA64_Desc%). This caused the connection process to “think” a little longer than normal, but ultimately brought up the same error. Drat.

Second, I noticed that the VPN Adapter in my network connections was disabled. Re-enabled it… same problem. Ugh.

Third, I tried uninstalling, cleaning out the registry, rebooting, checking the registry again, rebooting again, and reinstalling. Same problem.

Fourth, I was going to manually tell it to Run as Administrator, but before clicking the option I was reminded about Compatibility Mode. D’oh! How could I have forgotten that? I set it to run in compatibility mode for Windows 7, fired it up, and it connected. Like a charm. No fuss, no muss. Evidently, there’s something about the Windows 10 kernel that causes the 3.1.x AnyConnect software not to want to connect. So for anyone out there running on the bleeding edge, and you use Cisco’s AnyConnect client… check the simple things first. ;)