Chances Are Your Router’s Firmware Blows

Linksys WRT-54G RouterYou surely have a lock on your front door. Do you have such a lock on your network? Though you may think so, but it may well be wholly unlocked. Or at least, you may not be able to know for certain that it’s locked. If you use a commercial Wi-Fi router from your ISP, or one of the big names like Linksys, Belkin, DLink et al, your network may not be as secure as you think.

At the outset let me state that, as someone who reads hereabouts, you’re no dummy. You’ve taken steps to ensure that the router doesn’t still have  the default admin password. You’re using modern encryption on your Wi-Fi. You’re being responsible, but there are things beyond your grasp.

The simple fact is that the firmware the runs most retail, commercial routers is closed source. As such, you have no ready way to verify it’s behavior. Yet, the manufacturer, by virtue of necessity, uses various common software modules to create their firmware. They may even use some open source modules, but end up with an closed source binary in the end.

The upshot of this reality is that you have a very small team of developers responsible for maintaining the code. That means updates come along slowly, if at all for older devices. By extension, serious security issues get addressed slowly, if they ever get addressed at all.

Continue reading “Chances Are Your Router’s Firmware Blows”

Grandstream On SIP For Surveillance

VUC529-promoVUC529 on Friday, February 20th will feature Grandstream Networks addressing issues of security and surveillance. Phil Bowers, Global Marketing Communications Manager, will be discussing their range of security cameras and new NVR-3550 network video recorder. One of the key things he will highlight is the natural synergy between SIP telephony and the video surveillance requirements common to business installations.

This appearance arises in part from my own recent effort to install a couple of surveillance cameras on our property. We now have several of their GXV3672-FHD “bullet” cameras monitoring the area around our home & office. Our goal in this effort was primarily to keep watch on our vehicles, which are typically parked on the street.

We have had the cameras installed for several weeks, but very recently deployed the new Grandstream GVR3550 Network Video Recorder (NVR). It replaced a Windows PC as the means of recording and managing the camera feeds.

This is the start of a series of posts that I’ll be crafting documenting how we came to select the gear deployed in our installation. If all goes as planned the collection will comprise a “SOHO/SMB Guide to Video Surveillance.”

Ars Technica: 12M home and business routers vulnerable to critical hijacking hack

DIR 600 FrontYesterday Ars Technica ran an article once again detailing how millions of consumer and SMB routers are vulnerable to exploit. This exploit, dubbed Misfortune Cookie, leaves the network open to those who would penetrate your systems and steal your personal information. The vulnerability is many years old, and the fix almost a decade old. Even so, it seems that there are still devices being offered that include the vulnerable code.

Announcements like this make me glad that we rely on well-proven, open source software for our network edge. We’ve long used m0n0wall and pfsense around here. Software such as these running on a small, single board computer, are a compelling solution. Sure, it costs more than a bargain router from Frys. The piece of mind is worth the extra $100.

A recent little project that I’ve been working on has used some Buffalo routers, but in that case we use those models that run DD-WRT, the open source firmware for small consumer router hardware.

There are so many great, open source solutions available. I see no reason to risk the cheesy consumer routers.

An Analog Phone For Our Front Gate: Done Deal!

While I ordered the DoorBell Fone back in August the fact of our extreme Houston summer kept me from completing the installation. The buried wire run out to our gate was broken and there was just no way I was going to bury a new wire in 100+ degree heat. This past weekend I was able to find the time and temperature to complete the installation.

The largest task was to completely replace the wiring from the central closet in our house out to the gate. I replaced the old-skool solid copper pair with a length of Cat-5 cable. Using Cat-5 is a bit of future-proofing. It means that I can change to a POE-powered network device at the gate without replacing the cable again.

For the moment I’m using only one pair from the Cat-5 wiring, connecting the DoorBell Fone remote unit to the controller in the wiring closet. The total cable length is about 80 feet.

Continue reading “An Analog Phone For Our Front Gate: Done Deal!”

Freeswitch Community Call October 13th: Phil Zimmermann on VoIP Encryption

While I have been basically offline for the past week, I took some time while awaiting one of my flights home to read some news. That little exercise revealed that the Freeswitch community call this past week featured Phil Zimmermann describing VoIP encryption and more specifically his ZRTP protocol. Happily, the recording of the call was put online Thursday.

Phil is of course one of the leading lights in the world of encryption. The call features Phil speaking plainly and openly about the need for encryption and the manner of its implementation in ZRTP.

The call remains a community call, so it goes off in various directions at times, including a little Asterisk bashing. However, Phil makes a good effort to keep the call informative, making it a great listen for anyone interested in voice security.