Sunday, May 09, 2021

Reload Windows on Your New PCs

Now, Dell is not my favorite PC vendor. It probably has something to do with the smoke that came out of my coworker's office as her new Dell laptop burned up.

But I'm not going to jump on Dell in this post. You can do whatever you want.

This post is about what you should do as soon as you buy a new PC.

But first, I will mention what cranked me up on this.

Since 2009, Dell has been distributing "nice" utilities on all of its PCs that updated their firmware. These packages were variously called Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.

The problem is that these packages installed Dell's DBUtil.


In December 2020, SentinelOne notified Dell of five vulnerabilities in this utility.

DARKReading described it:
The bugs give adversaries a way to bypass security products, wipe a hard drive, or install a malicious driver on a domain controller. "The attacker is effectively the system administrator."
What I don't want to do is suggest that this is exclusive to Dell. Lenovo has had similar issues on its products.

So, what should you do?

Format and reload Windows on ANY PC you get before you do ANYTHING with it. Get the bits from Microsoft here. Don't worry. Windows Update will install all the drivers that you need. You'll save significant disk space and won't have any bloat-ware the vendor installed.

You can thank me later.

Sunday, May 02, 2021

iOS 14.5 Fake News

Now that I've got your attention, iOS 14.5 really isn't "Fake News." It's just that the news around it was so over-hyped.

Here are a few headlines from early April:

iOS 14.5 is making the biggest change to apps in years - here's how
Apple Now Rejecting App Updates That Defy iOS 14.5 App Tracking Transparency Rules
Apple reminds developers to prepare for App Tracking Transparency ahead of iOS 14.5 release

Then iOS 14.5 was released on 04/26/21.

I approached it cautiously. First on my iPhone, then my iPad, then my iPad Mini, ...

But I haven't seen any of these predicted pop-ups.

Why?

Business Insider has a good explanation here.
However, some people who've updated to iOS 14.5 haven't seen any permission pop-ups.

Mobile-advertising experts suggested three possible reasons. 

1. The 'allow apps to request to track' privacy setting is toggled off
2. Some users might not have the option to toggle 'allow apps to request to track' on
3. Some apps haven't rolled out the prompt yet
What should YOU do?

Go ahead and install iOS 14.5. Then go to Settings, then Privacy, then Tracking. Make sure the slide for "Allow Apps to Request to Track" is to the left.


That'll turn off all of those pop-ups.


Sunday, April 25, 2021

Building Data Centers

Have you ever built a data center?

In my 40+ year career, I've probably been involved in building around 10 data centers.

Then this article was mentioned in Windows Weekly episode 721.



Wow!

Microsoft currently operates more than 200 data centers. Think of the logistics of building 50-100 data centers each year! I'd guess there would have to be 10-20 people dedicated to each project not to mention the expenditures.

After each data center is up and running, then you've to facilitate the network connectivity, the power, the operations, etc.

In this article was a link to a virtual tour.

PS. The article mentions that few people ever get to tour Microsoft's physical data centers. I was fortunate enough to tour Microsoft's Redmond facility in the mid-2000s. The thing that made the longest lasting impression on me was a single server they had over in a nook in front of a glass window. They described that as a "generic" server. The idea was that any manufacturer could build a server to those specifications and the hardware would be interchangeable. In hindsight, no manufacturer wanted that as it would be too easy to displace them but the idea eventually manifested as virtual machines that aren't tied to a hardware specification.

Sunday, April 18, 2021

Application Layer Gateways - Part II

In Part I, I discussed Network Address Translation (NAT).
That seems like a good idea and it is.

But...

What if the response doesn't come back on the same PORT as it originated on? Then NAT Port Address Translation (PAT) won't let it through.

How does NAT PAT know what to do?

That's when Application Layer Gateways (ALGs) come into play.

[ALG] allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer ... protocols ...

In Security Now Episode 792, Steve Gibson explains:

The problem is that Application Layer Gateways attempt to be completely transparent to the application protocols they’re proxying for. They’re sitting there in our routers, enabled by default, hidden, powerful, and automatic.

So you say that YOU don't have any of these? Think again.

Here's what my router has:


Even deep in the bowels of a really good router, this is described only as "Enable NAT Passthrough to allow a Virtual Private Network (VPN) connection to pass through the router to the network clients."

Fooled you, didn't it?

Look at that list of applications that are allowed to "tweak" the router so that traffic to different incoming ports is allowed.

Back to Security Now Episode 792, Steve Gibson related that he had gone through and judiciously turned these to "Disable." But then his Verizon femtocell wouldn't work. It needed IPSec.

More in Part III.

Sunday, April 11, 2021

Application Layer Gateways - Part I

This is the first in a series of posts about Application Layer Gateways. But first you have to understand Network Address Translation (NAT).

NAT is what makes your router such a good firewall.

Basically it makes all of your Internet requests look as if they originated from the router, hiding your various devices. But more than that, it only allows incoming packets that are responsive to outgoing packets.

Here's how wikipedia explains it:

[T]he port numbers are changed so that the combination of IP address (within the IP header) and port number (within the Transport Layer header) on the returned packet can be unambiguously mapped to the corresponding private network destination.

By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795882

In plain English, every time something is sent out from your network, the router keeps a record of it and will only allow incoming traffic that is responsive to that.

This has 2 benefits. First, the Internet can't see your internal network. All traffic looks like it originated from your router. Second, any non-responsive traffic, e.g. from hackers, is simply disregarded.

Part II will dig another layer deeper.

Sunday, April 04, 2021

Risks of Remote Work

I follow KnowBe4's blog. Recently they covered a white paper by Cybersecurity Insiders.


It raised several issues that I've been worried about since the pandemic hit and everybody went home.

KnowBe4 called out the following key findings:
  • Almost three-quarters of organizations are concerned about the security risks introduced by users working from home; despite these challenges, 86% are likely to continue supporting remote work in the future.
  • Key security challenges cited include user awareness and training (57%), home/public WiFi network security (52%), and sensitive data leaving the perimeter (46%).
  • The applications that organizations are most concerned with securing include, file sharing (68%), the web (47%), video conferencing (45%), and messaging (35%).
  • More than half of organizations see remote work environments having an impact on their compliance posture (70%). GDPR tops the list of compliance mandates (51%).
  • Organizations prioritize human-centric visibility into remote employee activity (34%), followed by next-generation anti-virus and endpoint detection and response (23%), improved network analysis and next-gen firewalls (22%), and Zero Trust Network Access (19%).
How is your organization going to mitigate concerns about continuing remote work?

How is your organization going to mitigate WiFi network security and data exfiltration?

How is your organization going to mitigate file sharing, video conferencing, and messaging?

Keep me posted.

Sunday, March 28, 2021

More Internet Speed Tests

Several years ago, I stumbled across Google's Internet speed test. That prompted me to look at several other Internet speed testing tools. The post is here.

This article on CNET prompted me to look again. CNET had a couple of tools I hadn't heard of before so I ran them against my previous set of tools.


At my house I have a 200Mbps Xfinity connection. I was using my ThinkPad X390 with an Intel(R) Wireless-AC 9560 160MHz Wi-Fi adapter. Intel says that adapter can deliver 1.73Gbps so that probably wasn't a limiting factor.
TestDownload
*Ookla196Mbps
*fast.com200Mbps
*Google Fiber205Mbps
*Google181Mbps
speedof.me215Mbps
testmy.net186Mbps
* were in my earlier test

Conclusion: Mox nix!

The results were much more sensitive to other traffic than the accuracy of the various tests. In my initial tests of speedof.me and testmy.net, they were both around 125Mbps. I retested them and they both came in over 155Mbps. A third test gave the above results.

A more extreme demonstration of interference was at my daughter's house who has a 1Gbps Xfinity connection.

TestDownload
Ookla330Mbps
fast.com150Mbps
Google Fiber91Mbps
Google50Mbps
speedof.me54Mbps
testmy.net83Mbps

I didn't have the opportunity to rerun the tests at this location. In hindsight, there were streaming applications running outside of my control during the testing.