Skip to content

TP-Link Archer C9 Wireless Router

As noted in a previous post I’ve started checking the security status and general well being of my home office gear and upgrading where needed.

I recently decided to replace my home office router. It was a Netgear WGR614v10. It still did the job but I was having trouble getting older devices to grab and hold a WiFi connection, had some strange hiccups on the laptops that could have been router related, and, most importantly, it was not clear that firmware to address the latest threats was being pushed out regularly. It also did not support newer high speed WiFi standards, had no provision for a guest network, and no way to share out a printer.

So I went looking for a replacement. I wanted to address the issues identified above but still stay in the home office price range. I found a few sources that recommended the TP-Link Archer C9. I found it for US$110 on Amazon so that seemed a safe choice.

Set up was straightforward although, as some of the reviews pointed out, you need to wait for a lot of reboots if you’re doing anything but the most basic setup.

So far so good. It didn’t help much with getting my original iPad Mini to hold a WiFi connection but everything else seems to have been checked off.

I upgraded it to the latest firmware (October 2016). The process of downloading the firmware from their website and then installing it was straightforward but it would be nice if you could just hit a “check for updates” button in the web console and not have to download it manually from a separate browser window.

Again, the takeaway is to pay attention to what you’re running – especially the stuff that “just runs” and so never gets looked at. It’s usually fairly cheap and painless to move something better and more current and avoid the risk of something failing or falling victim to a security breach (which always happens at the least convenient moment).

 

But it still runs

Suse

The recent spate of malware attacks caused me to check on the security status of the various machines on the home/home office network that sit quietly doing their business without regular attention being paid to them. One of those is a machine used primarily as a file server. It’s a Linux box running Samba which raised issues with the recent SMB attacks (security notice from samba.org ).

My Samba install was too old to patch, so I went to find an update, which meant updating the web browser, which finally got me to check the operating system and hardware and realize that the server had been doing it’s job just fine but was too long in the tooth to keep going in the malware age. It’s running SUSE Linux Enterprise Server 10 (only 11 years old) but on an AMD Athlon and 1GB of RAM. I could probably get a current lightweight Linux to install on that hardware but I think I should throw in the towel and replace the server with something more current.

The point of this post is not to highlight my tendency to hold onto stuff, but to comment on a new reality. There was a time when working and filling a need was justification for keeping a machine in use. In the current reality security concerns change the equation.

When I was coming up in the IT world it was common to share stories about servers that had been walled in and forgotten and found years later but still running and in production the whole time. My server is not quite in that category but it was purchased in 2007, a then year-old OS was installed and it was put into use and that was pretty much it. There’s disk space left, it’s fast enough for what it does and I have a central place for my files. But in the modern world it’s a security disaster waiting to happen. Even with good patching practices, operating systems lose support and there is often no way to upgrade on old hardware.

Maybe if I can just find that old NetWare box inside a wall that will solve my problems…

Four Lessons from the recent ransomware attack

What can computer users and small businesses learn from the recent widespread ransomware attack?

One: Back up everything regularly! This is the most important lesson. Ransomware and most computer attacks destroy the information on your computer. If you have a good current backup of everything the worst you will lose is a little time as you reinitialize your computer and restore your data.

Most recent computers come with a CD, USB device or boot option to reset the machine back to the way it was when you first bought it. From there just run the restore option for your backup system. For Windows users doing manual backups you may have to first install any software you had installed, then restore your files.

Two: Patch your operating system. Every operating system, whether Microsoft Windows, Macintosh OSX or any distribution of Linux, receives regular security and bug-fix updates from the publisher. Check to be sure that your system is set to receive those updates automatically and that the feature is actually working (check your update history). In this latest attack Microsoft had already released a fix for the flaw being exploited, so the only machines affected where those that didn’t have the patch applied.

Some people like to wait to apply patches. They may fear that the automatic updates may introduce unintended problems or just like to feel in control. That was a legitimate concern at one time, and it’s reasonable for large organizations with big IT staffs to test and distribute updates. But for the rest of us the risk has become too great. You need the operating system updates, at least the security updates, as soon as they’re available.

Three: Don’t run unsupported operating systems unless you really need to. In practice that means update or replace any computer running Windows XP, Windows Vista or Windows 8. Unsupported means they don’t receive updates and you generally can’t get any support from the publisher. But it doesn’t mean they’re immune from newly discovered or newly exploited security flaws.

The only reason to run these older systems is if you have older software or hardware that won’t run with newer systems. If that’s the case you should at least be aware of the risks. Take extra precautions and don’t use the older machines for general-purpose computing. Only use them for the needed functionality.

Four: Use antivirus and antimalware software. Some products are better than others but the best system is one that is recently updated and running. For most users the free software included with Windows, such as Windows Defender, is adequate for virus protection. You can supplement your protection with a malware product such as Malwarebytes. Again the key is to make sure it’s up to date and used. Pay attention to the status icon(s) for your security software. If it gets turned off without your knowledge you may have a problem, or it may just be a one-time glitch, but you need to turn it back on and run a scan ASAP.

The bottom line: It pays to take precautions but eventually we all get stung by an attack, a scam, or simple hardware failure. Planning for recovery in advance makes it much less stressful, and potentially much less costly, when things eventually go wrong.

(In)Security in the Air

File_000 (1)I recently did a round trip on Delta – short domestic flights on Airbus A320. Both flights had WiFi from gogoinflight. You can use the WiFi for free for in-flight entertainment and flight information, or pay for Internet access.

I was somewhat surprised to see that even connected just for the free services a scan from my iPad (Fing) appeared to reveal the manufacturer and MAC address of  every connected device on the plane. For some devices it also revealed the owner’s name. All manner of hacking was, at least theoretically, available to anyone so inclined. I tried it on both legs of the trip, same results.

I also tested in my hotel, to confirm this was not expected behavior. A scan there, on the hotel’s free WiFi, revealed only my own device and the router.

Just thought folks might want to be aware of this potential exposure.

Google account without mail on iPhone

This may be old news to many but I just hit it for the first time.

iPhone, at least at iOS 10, will not allow you to add a Google account that doesn’t have GMail associated with it. It lets you go through the whole Add an Account, authenticates, then throws the account away before you have a chance to turn off Mail. There seem to be a lot of folks posting on the Apple forums with the same issue. The solution below is also there but you need to dig for it.

The workaround: For Calendar go to Settings > Calendar > Accounts > Add Account > Other > Add CalDAV Account. Use google.com for the server name. For Contacts it’s the same except you’re adding a CardDAV account.

Why do they make you jump through hoops like this instead of using the standard Google account setup? We may never know.

 

Technology changes, people don’t

I just came across a Novell Success Story featuring me and the network I managed in 1991. It touts the productivity benefits of having folks store files in a central location where they can be easily found by others and where everyone will see the same version of a document.

The technology around meeting that need has changed drastically since 1991, and having everyone mobile and wanting their documents from anywhere in the world added some wrinkles we didn’t have when rolling out a file server in the 1990’s. But the business benefits, and the challenges of getting users to understand the benefits and think about it when saving files, has changed much less than we would have imagined back then.

Enjoy for nostalgia or for plus ça change

 

 

What should I be when I grow up?

channel_careers3I will be leaving my long-time position as Director of Technology for the management consulting firm Schaffer Consulting at the end of the year. So what do I do now?

Over the years I’ve thought of myself as a system administrator, a server, networks and desktop support guy. I’ve done a lot of telecom management over the years. I’ve worked a lot with collaboration systems.

And lately I’ve been getting more involved with marketing support – websites, social media, email campaigns, CRM. In this new role I’ve suddenly found some of my older experience relevant. I was a trade magazine editor and conference director before getting to where I am now.

I’ve developed a pretty broad range of experience in both tech and business.

But what does it prepare me for? Consultant, analyst, writer, sysadmin? New roles such as community manager? Am I looking for a job, a gig or engagements as an independent businessman?

I think the reality is that I will be exploring any and all of those.

Your thoughts, ideas and encouragement are much appreciated.

David