Friday 30 December 2011

Storing Passwords

The most effective way to manage your passwords for personal or professional use us to use a password manager.  This allows you to manage unique logins for all the different resources you access (bank vs email vs general forums vs ...) and only have to maintain one master password.  Pick a reputable password manager, like KeePass, and remember that backing up and restoring your password database is critical.

Keeping electronic copies is fine, but also consider keeping a hard-copy as well in a relatively secure location.  One suggestion is that you print off your passwords every time you change your master password (annually is pretty minimal) but write that master password down on the print out so you can recover it if you forget it!  Useful if you do cycle your master password frequently.

Friday 16 December 2011

WiFi Routers and NAS

The last time I bought a new router was when the Linksys WRT54G was "the king" of home WiFi routers - and mostly because you can replace the useless stock firmware with DD-WRT.  Otherwise, it was "a router".  At the time, 4 years ago, which is like many generations in Internet time, you had to manually setup security on your WiFi AP still so you saw lots of open WiFi hot-spots like "Linksys" or "Dlink" around.   Then the WiFi router manufactuers started providing security setup as part of their setup wizard so you see more SSID customization and security enabled.  Now, apparently, everyone auto-configures security with a magic button called "WPS".  Then you've got other features USB ports so you can run a file-server from a USB drive or print server and "guest networking" so you can isolate isolate your workstations from other users.

"WPS" - WiFi Protected Setup is definately a cool feature.  It comes as a button on the router so when you press the button, its like the router goes into a sort of "security auto-config mode".  WPS, if its supported on your client (I assume it's a software install), will then automatically configure your client and your router with strong security settings. It means no more default passwords and streamlining the security options for users who frankly don't need to have "WEP" as an option.

[Edit: WPS is broken and should be disabled on all routers that support it according to SANS.]

Guest networking is another cool feature on some routers.  It is a separate SSID for, well, guests to use your WiFi from.  It is isolated from your main network so that guests won't have access to, for example, your network attached printer or to your media collection you stream from your laptop to your television.  This is just so cool for people who may be sharing their Internet connection with their neighbours or roommates but just don't want their surfing habbits to infect their own systems :)


And the USB ports.  Many routers seem to have one or two USB ports on them which is interesting, but what's more interesting is what you can do with them.  A lot of new routers have built-in file servers so as soon as you attach some storage, you can share files and folders from it to the PCs on your network.  How convenient is that?  Some routers have more sophisticated web interfaces than others and let you specify which folders are or aren't shared - but either way, if you're buying a new WiFi router anyhow and you get this feature, it means you get a functional NAS for the cost of a USB key or USB attached hard drive!  *And* some routers are starting to come out with USB 3 - SuperSpeed USB which if you consider these routers have not only 802.11n speed on the WiFi but also Gigabit speed for the network ports, is an awesome feature.

And that's not the only thing you can do with the USB port - some routers will also act as a print server!  So you attach your generic USB printer to the router, and it's now a network printer you can print to from any laptop or PC in the house.  Talk about great value-added feature!  I love it!

And did I mention that new routers are all now wireless N with Gigabit LAN interfaces?  WiFi is still garbage and a ways away from being reliable outside very small deployments, but N is an improvement over previous specs.  Interestingly, I found out the other day as well that if you run your router in "dual band" to support both N and G clients, your wireless speeds on both N and G suffer.  So ironically if you have any wireless G clients, unless you really need your N devices to run at "slightly faster than G but nowhere near N speeds", you should still run G only.

Cool beans!  I'm liking some of the features I'm seeing on the box these days from some of the WiFi routers.  A nice change from the utter crap they used to shlep out where the only smart thing to do was check if you you run a custom firmware on the device and replace the junk software sold with it.

Popular Posts