Securing Home Routers – Keeping Your Data Safe

Routers are apart of everyday life. Anyone with an active home internet connection has one. It keeps a constant connection to the internet, it allows more then 1 computer to share the same internet connection, it blocks out bad traffic from entering your network, and can perform more sophisticated tasks; share files via FTP over the network and to the wider internet for example.
Your router is filled to the brim with technology but not all of it is safe, even though it might be helpful. Simply buying a router and connecting it up is not enough; like any device, it needs updates and maintenance to have it running well and safely.

All routers are different and it helps to log into your routers settings and familiarize yourself with the options available to you. Not everything you see will be apparent as to what they do so it’s worth noting these down and doing a bit of research yourself.
Additionally a general rule of thumb; if your not using a specific service or option in your router, disable it! Continue reading “Securing Home Routers – Keeping Your Data Safe”

Node-Red: The interesting world of API

The pi I have running at home had accumulated alot of updates. Anyone who owns a pi can tell you that a small collection of updates can take an exceedingly long time to complete. About 20 minutes into the upgrade, I noticed apt stalling on one particular package : node-red. Knowing that it’s not usually included in a standard installation, I did some digging and found something interesting.

Node-red is a graphical wiring program that allows you to do some cool things with different API’s. I mean, really interesting things.

Starting it up for the first time, it listened to port 1880 and told me to connect via a browser. What then arose was a brilliant piece of technology.

A scratch like interface with pastel coloured buttons and brief descriptions about their purpose filled the left colomn. Those are, as I understand, the nodes. Simply dragging and dropping these building blocks and linking them up felt seamless; some functional boxes for different languages such as html, xml and json. Switches to initialise case logic, splitters to manipulate the direction of data and in and out nodes for twitter implementation. Also for the pi, nodes to make use of gpio pins for muchly anything you can think of. This is for the makers. Brilliant.

To my surprise (and burden however), there’s not a great deal of documentation that I could find for this platform. There a few tutorials for the very basics but when it came to slightly more complex stuff, it’s almost non existant. Either way, I plugged on and crafted a twitter bot as an excersise; expanding on some of the basic tutorials on YouTube. My first small ‘flow’ was a program that pinged to a network address and recorded the time and latency in a text file. Pretty low grade but if I wanted to, I could expand to tweet myself a message if the ttl lapsed.

I’m still unsure of the language used in main function block, it looks like java (being objective) but I don’t know enough about it to know exactly. I would like to make my @awkwardbot_ a bit more intelligent but will need to dig deeper into this exciting framework.

SSH bruteforce; change in direction?

One thing that I like to do is read. Stephen King, probably makes up for the majority of fiction I’ve read. Closely followed by Andy McNab, Stieg Larsson and Dan Brown (in no particular order). I like non-fiction too but mainly in the sciences; our treasured Prof. Stephen Hawking (should be knighted), the great Carl Sagan and the inspirational Prof. Brian Cox. I’m sure there’s more unbeknownst yet to make it to my shelf.

However, there’s only really one 100% reliable news page that I have the occasional binge on. Found in  /var/auth.log, this page has it all. Drama, frustration, desperation, success, comedy. Strangely enough, I can genuinely associate these human emotions to this silly little file. Today I will talk about both comedy and perhaps some terror too.

I like to filter the news for most of the comedy.

sudo grep "Invalid user" /var/log/auth.log

Ethen, ftp, 1111, recruit, allison, xbian, uwot, support, hadoop, test, guest, admin, jonah (my fave) … the list literally goes on. Incredible to think that these bots or people have probably cracked open a server using those names before and have been successful? Maybe. Or maybe they are trying to think outside the box. I can literally spend a day trying to understand the reason behind those user names and still be clueless. Hilarious! Jonah.

But it’s the most obvious of them all that worries me. Admin, root, and pi. The latter being the most obtainable. Pi. The default username for a main linux flavour. And maye more.

It’s scary to think that easy to follow guides for home VPN’s, plex, cloud software, ftp, webserver (the list goes on..), may not always be security conscious and may not always instruct the user to change default username, let alone the password or enabling firewall. Lets hope, for their sake, time is spent to secure a home internet facing host and does not help to breach their home networks. Sobering.

Internal Storage – A Ponder At Prices

Anyone in the market for a harddrive at the moment may be having a hard time. It’s not as simple as it once was; you’ll be looking at many different factors.

Speed, reliability, capacity, bus interface, and more importantly price.

You’ll have an even harder time if you already have an SSD and a traditional harddrive. If the SSD fails, it’s a no brainer. But how about if your HDD is on the way out? What do you replace it with? This question is what I’m asking.

For the time being, I’m negating alot of the variables that’s been mentioned and just focusing on price. I’ve trawled through almost all the harddrives on one particular UK computer retailer and started to play around with the numbers. I’ve concentrated again on only SATA devices as they are my most likely replacement.

On average, they all look to be on a linear price point when it comes to GB per £; except those of smaller capacity. At this level, I am talking about the jump in price of HDD 0.5 – 1tb and in SSD, 60-120 GB. in both cases, the “sweetspot” is the latter with a small jump in price for double the capacity. It’s both weird and confusing to think there is a genuine demand for a lesser product. It’s not so obvious in the following graph as this is a combined average of many products in the same category.

Comparison of SATA drive prices – December 2016

Again, there are 2 more interesting points with this graph. The jump in price for SSD products around the 1TB capacity and the striking difference between capacity of the top end scales of both SSD and HDD. SSD has yet, a long way to go.

Now lastly, I have picked desktop grade components for these results with a mixture of both top and bottom end products. Some lines of drive had really poor reveiws and others, really good. They were all sourced from the same site and in my veiw gives use an accurate comparison of prices in the UK.

This may well be day and night for some, but it will be interesting to do another comparison in a year to see how far things have moved forwards. If someone were to tell me we’re at a data crossroads, I couldn’t deny that.

do-release-upgrade killed my server!

It has been only within the last couple of days the website has been back online. For better or for worse, in October I decided to do a backup and hit the do-release-upgrade button on the box. It didn’t go well.

Nowadays with security holes being flagged left right and centre, being a great advocate of keeping the software updated, I took a stab. Funnily enough, the system decided to use ‘slight of hand’, turned my arm and drove the knife back into me. 100% damage. 1 hit. Didn’t really see that coming.

More annoyingly, my resurrect potion had no affect because the backup was totally rubbish. (I really must play about with backups more…).

Anyway after a nice system admin reset my box, the painstaking task of preparing, installing and configuring started again. But this time, with some interesting revelations! I decided to ditch loads of software thus making this new build a bit more economic.

Lets see, a massive ditch of vsftpd! This has always been a pain in the arse to configure and setup correctly, especially when it comes to permissions. I now use SFTP which is not only a bit less fiddly, but it also allows me to close about 25 ports and relieves F2B on having to monitor the auth logs. Sorted!

I have also come to the conclusion that I may have to understand openvpn a bit more; I decided to ditch openvpn-as because of a few reasons. Mainly because of the juggling needed to effectively secure the web admin interface. It wasn’t worth broadcasting on the internet for just an initial connection setup of 2 devices.
I tried having the pages on a different port which I would manually open/close when needed, also tried .passwd in .htaccess but that could be circumnavigated.

Lastly I decided to remove the training wheels, that is, phpmyadmin. Just like the openvpn-as UI issue, this is the same difference. I really do love phpmyadmin to bits but unless your hosting sites for friends / family etc, it’s not worth having such a security risk left public.

Lastly, WordPress. I decided that for compatibility, Google ReCaptcha must go. However, I have replaced with askimet and fail2ban plugin to hopefully cover my ass. I will be looking at this more closely.

So all in all, It wasn’t such a bad ordeal in the end but it has taken me some time to rethink the situation. I have a few things to check off my list before I can happily say that recovery time is at a low, but atleast for now this build is running really well!