231 Front Street, Lahaina, HI 96761 [email protected] 808.123.4567

Month: February 2021

Eliminate backdoors into your network: Secure remote employee’s SOHO routers

first_imgBy Bev Robb, IT consultantWith increasing commute times and technological advances, remote employees who work from home have become a reality. Even if a company has provided the employee with hardware, security software, a VPN connection, encryption, and security training — securing the Small Office/Home Office (SOHO) router is often overlooked and underestimated.Because I was an IT security consultant for two decades and currently work remotely as an employee for a threat intelligence corporation — I tend to look at all components and connections at my office with security in mind.For the past few years, we’ve seen an uptick in SOHO router vulnerabilities and exploits. This year alone, we’ve seen several router exploits.In a recent phone interview with Joe Stewart, Director of Malware Research at Dell SecureWorks I asked Joe about router vulnerabilities:Bev Robb: How would a hacker go about exploiting a router vulnerability?Joe Stewart: It depends upon the vulnerability. There are different contexts like exploiting it from outside the network and reaching across the Internet to its natural route, or a lot of other attacks work by exploiting the browser.There are a great number of these routers hanging out on the Internet that contain default passwords. Vendors set the default passwords and if the ISPs do not change them, they do not have any real security and expose administration of these devices over either a web administration page, telnet, or what have you.Sadly, the case of a lot of these router exploitations, worms, and things like that, they are cross-platform, so they don’t use an exploit that might only work on one brand of router — chances are that it is going to work on 50 percent of the vulnerable routers out there.Robb: What type of vulnerabilities are the easiest/the most difficult for hackers to use?Stewart: Default credentials on external facing management interfaces (web/SNMP/telnet/ssh). There are other types which include authentication bypass vulnerabilities that they try to hack into — and more advanced things like writing your own custom shellcode.Robb: What search term in Shodan did you use to discover vulnerable routers? Can you give an example?Stewart: We weren’t searching for vulnerable routers per se – just showing that there are a great deal of routers in Vietnam exposing their management interfaces, which we can search for in Shodan using the country code plus certain known ports or banner strings.On this IP address, there are certain banners being returned – this indicates a version. That’s very likely to be vulnerable if they did not update the version of the patch. I know that a lot of ISPs and vendors are shipping this particular model of router indicated by this banner and that they are shipping those with default credentials. So, I am thinking that some subset of these routers are still set to default. Shodan gives you a range of router targets to search for a vulnerability or default credentials, that’s all.Robb: What vendor(s) should home office workers be more aware of specifically in terms of not locking down public interfaces?Stewart: I am not pointing a finger at the vendors. In a lot of cases, consumers buy it off the shelf. Many of these router brands have learned their lesson and fixed a lot of the problems.The routers are actually secure against having a default listener on the web interface. It is a lot of work for vendors, because when they get an exploit they have to release updated firmware and provide support for consumers attempting to upgrade from the vulnerable versions.There are a lot of routers not sold to consumers directly. They are sold to ISPs. They might be made by one to two companies, a generic white-label router, and they sell to an ISP. The ISP private labels it, adds a model, and puts in their own modified firmware with their own branding.The final configuration of the router is up to the ISP — and they must decide whether or not to leave the management interface open or not. In some cases they might overlook that option, in other cases, it might be intentional on their part. If I said you can’t blame the ISP, what I meant to say is that you can’t blame the router vendor in some cases.There is a whole slew of routers with default configurations and many different model numbers made by the same vendor. Each ISP has an idea of how they want to administer their customer routers.Ultimately the ISP makes the final configuration decision. They hold responsibility for the routers being open to abuse in certain cases. However, in terms of internally-exploited vulnerabilities it’s hard to blame the ISP. Instead, ownership of end user security must fall on the vendor.Robb: Do you feel that broadband router vendors should provide basic education on how to secure their systems for the consumer?Stewart: I don’t believe that vendors should be educating consumers on the security end. Vendors should be providing instructions to the ISP on how to securely configure their router firmware.Robb: Regarding the “new” FCC rules that would like to ban Open Source router firmware, could you elaborate on this a bit more?Stewart: What we think about this is that it is kind of a non-problem, it is something that nobody is complaining about it. These new rules are harmful to the Internet. Somebody with custom firmware maybe cranks up the power level on their chip1. Maybe one in a hundred thousand people who load open-source firmware do this. There’s really not a lot of point to doing it, it’s not a significant improvement in range.I like to control the security aspect of the router firmware, like DD-WRT and OpenWRT in order to provide more and better security options.So, having the ability to have third-party firmware you can install on your router makes it a much more secure and more stable router for people who care about security.Ultimately this ruling is attempting to lock out people who want to make the router more secure. Imagine locking out people who want to be more secure in pursuit of something no one even asked for. It’s essentially a non-problem.I feel there might be one-in-a-million cases where the FCC ruling might be appropriate. In the interim, we want to encourage the FCC to not enact a rule without carefully considering the unintended consequences.Robb: Joe, that was eye-opening and thank you for sharing your insights today.ConclusionSince wireless routers can become an ideal target for cybercriminals, there are ways that a remote employee can better secure a SOHO router. Joe recommends that if a remote employee has the ability to lock things down on the router, they should definitely do this.He suggests six basic steps to better secure a SOHO router:Change the default password.Turn the firewall on.Turn logging on.Turn on WPA WiFi-encryption and set as high as possible.Keep routerfirmware up-to-date.Don’t forget to logout after configuring the router.Aside from remote employees securing their router with the six steps listed above — I would also suggest (if possible in the router configuration) to not use the default IP range of 192.168.0.1, 192.168.1.1; turn off UPnP (Universal Plug and Play, turn off WPS, and disable remote management over the Internet.Corporate security policies should have an inclusion that all remote SOHO routers used to connect to the company VPN have remote management disabled in the router management interface.Even with all the router attacks and exploits revealed over the past few years — remote employees can still work safely and securely from a home office with ease —   if the necessary security precautions are implemented in advance.1  The wording on the FCC proposal has some people worried that open-source software will be banned. The FCC wants to lock the Wi-Fi router chip down to prevent anyone from exceeding FCC broadcast power limits. It is already illegal to do this. An FCC document that was issued in March, urged manufacturers to prevent loading of software like DD-WRT.This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.With increasing commute times and technological advances, remote employees who work from home have become a reality. Even if a company has provided the employee with hardware, security software, a VPN connection, encryption, and security training — securing the Small Office/Home Office (SOHO) router is often overlooked and underestimated.Because I was an IT security consultant for two decades and currently work remotely as an employee for a threat intelligence corporation — I tend to look at all components and connections at my office with security in mind.For the past few years, we’ve seen an uptick in SOHO router vulnerabilities and exploits. This year alone, we’ve seen several router exploits.In a recent phone interview with Joe Stewart, Director of Malware Research at Dell SecureWorks I asked Joe about router vulnerabilities:Bev Robb: How would a hacker go about exploiting a router vulnerability?Joe Stewart: It depends upon the vulnerability. There are different contexts like exploiting it from outside the network and reaching across the Internet to its natural route, or a lot of other attacks work by exploiting the browser.There are a great number of these routers hanging out on the Internet that contain default passwords. Vendors set the default passwords and if the ISPs do not change them, they do not have any real security and expose administration of these devices over either a web administration page, telnet, or what have you.Sadly, the case of a lot of these router exploitations, worms, and things like that, they are cross-platform, so they don’t use an exploit that might only work on one brand of router — chances are that it is going to work on 50 percent of the vulnerable routers out there.Robb: What type of vulnerabilities are the easiest/the most difficult for hackers to use?Stewart: Default credentials on external facing management interfaces (web/SNMP/telnet/ssh). There are other types which include authentication bypass vulnerabilities that they try to hack into — and more advanced things like writing your own custom shellcode.Robb:  What search term in Shodan did you use to discover vulnerable routers? Can you give an example?Stewart: We weren’t searching for vulnerable routers per se – just showing that there are a great deal of routers in Vietnam exposing their management interfaces, which we can search for in Shodan using the country code plus certain known ports or banner strings.On this IP address, there are certain banners being returned – this indicates a version. That’s very likely to be vulnerable if they did not update the version of the patch. I know that a lot of ISPs and vendors are shipping this particular model of router indicated by this banner and that they are shipping those with default credentials. So, I am thinking that some subset of these routers are still set to default. Shodan gives you a range of router targets to search for a vulnerability or default credentials, that’s all.Robb: What vendor(s) should home office workers be more aware of specifically in terms of not locking down public interfaces?Stewart: I am not pointing a finger at the vendors. In a lot of cases, consumers buy it off the shelf. Many of these router brands have learned their lesson and fixed a lot of the problems.The routers are actually secure against having a default listener on the web interface. It is a lot of work for vendors, because when they get an exploit they have to release updated firmware and provide support for consumers attempting to upgrade from the vulnerable versions.There are a lot of routers not sold to consumers directly. They are sold to ISPs. They might be made by one to two companies, a generic white-label router, and they sell to an ISP. The ISP private labels it, adds a model, and puts in their own modified firmware with their own branding.The final configuration of the router is up to the ISP — and they must decide whether or not to leave the management interface open or not. In some cases they might overlook that option, in other cases, it might be intentional on their part. If I said you can’t blame the ISP, what I meant to say is that you can’t blame the router vendor in some cases.There is a whole slew of routers with default configurations and many different model numbers made by the same vendor. Each ISP has an idea of how they want to administer their customer routers.Ultimately the ISP makes the final configuration decision. They hold responsibility for the routers being open to abuse in certain cases. However, in terms of internally-exploited vulnerabilities it’s hard to blame the ISP. Instead, ownership of end user security must fall on the vendor.Robb: Do you feel that broadband router vendors should provide basic education on how to secure their systems for the consumer?Stewart: I don’t believe that vendors should be educating consumers on the security end. Vendors should be providing instructions to the ISP on how to securely configure their router firmware.Robb: Regarding the “new” FCC rules that would like to ban Open Source router firmware, could you elaborate on this a bit more?Stewart: What we think about this is that it is kind of a non-problem, it is something that nobody is complaining about it. These new rules are harmful to the Internet. Somebody with custom firmware maybe cranks up the power level on their chip1. Maybe one in a hundred thousand people who load open-source firmware do this. There’s really not a lot of point to doing it, it’s not a significant improvement in range.I like to control the security aspect of the router firmware, like DD-WRT andOpenWRT in order to provide more and better security options.So, having the ability to have third-party firmware you can install on your router makes it a much more secure and more stable router for people who care about security.Ultimately this ruling is attempting to lock out people who want to make the router more secure. Imagine locking out people who want to be more secure in pursuit of something no one even asked for. It’s essentially a non-problem.I feel there might be one-in-a-million cases where the FCC ruling might be appropriate. In the interim, we want to encourage the FCC to not enact a rule without carefully considering the unintended consequences.Robb: Joe, that was eye-opening and thank you for sharing your insights today.ConclusionSince wireless routers can become an ideal target for cybercriminals, there are ways that a remote employee can better secure a SOHO router. Joe recommends that if a remote employee has the ability to lock things down on the router, they should definitely do this.He suggests six basic steps to better secure a SOHO router:Change the default password.Turn the firewall on.Turn logging on.Turn on WPA WiFi-encryption and set as high as possible.Keep routerfirmware up-to-date.Don’t forget to logout after configuring the router.Aside from remote employees securing their router with the six steps listed above — I would also suggest (if possible in the router configuration) to not use the default IP range of 192.168.0.1, 192.168.1.1; turn off UPnP (Universal Plug and Play, turn off WPS, and disable remote management over the Internet.Corporate security policies should have an inclusion that all remote SOHO routers used to connect to the company VPN have remote management disabled in the router management interface.Even with all the router attacks and exploits revealed over the past few years — remote employees can still work safely and securely from a home office with ease —   if the necessary security precautions are implemented in advance.1  The wording on the FCC proposal has some people worried that open-source software will be banned. The FCC wants to lock the Wi-Fi router chip down to prevent anyone from exceeding FCC broadcast power limits. It is already illegal to do this. An FCC document that was issued in March, urged manufacturers to prevent loading of software like DD-WRT.This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.last_img read more

Dell and VMware: A Winning Team

first_imgDell’s “Dazed and Converged” dodgeball team might not have won the charity v0dgeball tournament that kicked off the event, but VMworld itself was a huge win!It is always great to be with our amazing partners and customers at VMworld. This year, I had the privilege of meeting with dozens of Dell partners and key customers, small and large, from around the globe, working in diverse industries. We spoke in one-on-one meetings, at social events, on the show floor, and in the halls of the convention center.Those conversations provided a lot of insight into how customers are leveraging Dell and VMware solutions to accelerate their businesses and achieve their goals. For instance, a number of customers I talked with are using Dell Ready Nodes for VMware VSAN to support VDI deployments and as platforms for core IT transformation.It’s always interesting at events to see what customers are most eager to learn and talk about. Based on the level of interest in our solutions with VMware, we’re on the right track.I fielded a lot of questions from customers and partners about the newly announced Dell Validated System for Virtualization, the industry’s most flexible converged system to-date, which allows customers of all sizes to accelerate their journey towards converged infrastructure.Customers were also very interested in the results of recent performance testing done on the all-flash FX2 VSAN configuration. Folks walked up to our hands-on display (which our team dubbed the “petting zoo”) in the HCI Zone specifically to talk about that particular offering. Customers crowded around to see the inner workings, and it was often difficult for staff to get near the hardware to have discussions!Finally, it was exciting to see such great energy and enthusiasm around the Dell Blueprints program! VMware is a cornerstone of the Virtualization Blueprint, and it was energizing to sit down with customers and explore how utilizing Dell Blueprints and converged systems can help them along their journey to digital transformation.All in all, this year’s VMworld really drove home the “incredibly vibrant ecosystem” that Michael Dell attributed to VMware during his interview on the Cube (you can watch the whole thing below). I look forward to another year of continued partnership with VMware worldwide, offering customers enhanced solutions that both support them now and help them grow in the future.You can catch up on our newly expanded solutions on our VMware page, and follow us on Twitter at @DellAlliances to keep up with the latest news. And please join us tomorrow at 10 a.m. CDT for an exciting announcement that touches our VMware partnership!&nbsp;</p><p>last_img read more

Dell Intern Experiences Light the Way to Bright Career Paths

first_imgWe recently spoke with three Dell EMC interns to learn about their experiences, opportunities and career paths. Each intern signed on for subsequent opportunities with Dell EMC, including two full time positions after graduation.A BOLD Career PathBrittany Bertorelli’s career path to Dell EMC started simply—with a friendship.“My friend helped me get my foot in the door with Dell EMC,” she said. “He had completed the internship program in the Finance Department and told me great things about the company.”Bertorelli (above), a senior at Bryant University majoring in Business Administration, felt that inside scoop eased her transition to her internship in summer 2016, within the Business Operations Leadership Development (BOLD) Internship Program. She has since worked remotely for BOLD and accepted a full-time position with Dell EMC in the Business Operations Program, starting in January 2017 after she graduates.While initially hired as part of EMC, during Bertorelli’s tenure, the Dell-EMC deal closed. The integration opened up opportunities within the scope of her internship, which fueled her excitement and desire to stay with Dell EMC.“I was actually very involved with the merger,” Bertorelli said. “My team worked hand-in-hand with Dell. I was able to sit in meetings with Dell employees talk to them and ensure everything went smoothly. I was right there with everyone else, which was really cool.”She’s most excited about the opportunity to work more closely with people she met through her internship once she comes on board full time in January. Having been so involved with the Dell EMC integration as an intern, she knows her next steps will include meaningful work.From Testing to DevelopingWhen Obe Okaiwele (below) started as an intern at EMC in 2012, the friendly environment both took him by surprise and left him wanting more. Fast forward to 2016, he got his wish; he works full time as a software engineer on the platform network team.Having started in software testing, Okaiwele found software development better aligned to his professional goals. He connected both with his manager at the time and University Relations to express his desire to advance his career in that direction.“Dell EMC’s size provides you the potential to move into a different role within the same company without having to look for a job somewhere else,” Okaiwele said. “That’s my own story, I was able to transition from one team to another that was a better fit for me.”Looking to the future, Okaiwele is most excited about technology that Dell EMC develops.“Michael Dell visited our office to talk about his vision for Dell EMC, going to the Internet of Things,” Okaiwele said. “I’m really excited to be part of that journey, to reach a new frontier and develop technology for a new industry.”He feels Dell EMC provides the perfect place to learn and develop technical skills, one of the more compelling reasons he opted to join.Opportunities AboundLauren Kaufman interned in both 2015 and 2016 for Isilon Sales.“In the summer of 2015, I worked really closely with my mentor,” Kaufman said. “She taught me how to forecast, how to put all the sales data in. I had that guiding hand.”Coming back the second summer, Kaufman felt she was given more autonomy to opt into work in which she was most interested. That meant she explored healthcare and media before finding a passion project: creating a partnership between the Women’s Leadership Forum and a charitable organization.At the time, the Women’s Leadership Forum (WLF) was welcoming a new president and simultaneously looking to become more involved in the community. Kaufman’s manager was involved with the WLF which provided an entry connection for Kaufman to find an organization she was passionate about and get involved with.“They gave me so much responsibility; I was able to take on a project full force,” Kaufman said.Kaufman identified the National Academy Foundation and worked directly with the organization’s CEO of to make a deal to partner with the Women’s Leadership Forum. The experiences Kaufman had over the past two summers have positioned her well and left her with a sense of excitement for the future.“Because I worked at Dell EMC, the possibilities are endless,” Kaufman said. “They’ve opened so many doors for me, whether that be within technology or because I’ve developed my skills, I’m ready to take on any challenge in the future.”***Dell offers a wide variety of internship opportunities for students at varying points in their education.&nbsp;</p><p>last_img read more

Dell EMC Expands Its Hybrid Cloud Portfolio With Azure CSP

first_imgIt seems to me that the original definition of hybrid cloud described a private cloud solution that accessed the public cloud as a secondary repository, a backup for applications, a bursting opportunity, etc.  As we have evolved our Cloud for Microsoft Azure Stack solution, it has become increasingly obvious that the line between public and private cloud is blurring to an extent that hybrid cloud is now more of an opaque combination of on-prem infrastructure and comprehensive, yet portable, cloud workloads.  Essentially, workloads running in public or private cloud won’t matter (… unless, of course, they matter).  Add in other business influences, like the trend toward pay-as-you-go everything, and you can see that the IT industry is hitting a seminal transition period.So, in our mission to always provide our customers and partners complete end-to-end solutions, we’re very pleased to announce our recent agreement with Microsoft enabling us to offer consumption-based cloud services as a world-wide Azure Cloud Solution Provider (CSP) Direct and Indirect partner.  What does this mean?  Well, there are several billing “elements” for Azure Stack — on-prem infrastructure software, on-prem cloud workloads, and public cloud workloads/services — and the CSP program is a preferred path to consolidate this usage into a single monthly bill.  And, since Dell EMC can administer provisioning, billing and support for these Azure services, in addition to the Azure Stack infrastructure itself, we are a single stop resource for our customers and partners, kiddingly described as “one throat to choke.”The nice aspect of having both CSP Direct and Indirect capability is that a Dell EMC Cloud for Microsoft Azure Stack solution will deliver the same high-quality experience for end users, regardless whether it is offered by Dell EMC or our partners.If you’ve got questions about Azure CSP, we’ve got answers.  Contact us at [email protected]  If you’d like to know more about the CSP program, find more info here.last_img read more

EXPLAINER: How experts will hunt for COVID origins in China

first_imgBEIJING (AP) — A World Health Organization team of researchers who are in the Chinese city of Wuhan to search for the origins of the coronavirus pandemic have finished their two-week quarantine. Their visit has been shrouded in secrecy, and it’s not known how much access China will give the researchers. WHO says they plan to visit hospitals, laboratories and markets and to speak with first responders and early COVID-19 patients. Scientists hope information on the earliest known cases will help them better understand where the virus came from and prevent future pandemics. The search for the origins is likely to last years.last_img read more

Report: Alaska AG quit after reports of sexual misconduct

first_imgANCHORAGE, Alaska (AP) — Alaska’s then-attorney general resigned while the Anchorage Daily News and the ProPublica investigative journalism organization were preparing an article about allegations of sexual misconduct with a 17-year-old girl three decades ago. The Daily News and the ProPublica Local Reporting Network reported Saturday that the resignation of Ed Sniffen was announced Friday as they were reporting the allegations made by Nikki Dougherty White, now 47. She told the news organizations that she and Sniffen began a sexual relationship in 1991 while she was a student at West Anchorage High School. At the time, he was a 27-year-old attorney with a local law firm and a coach of her school’s mock trial competition team, the news organizations reported.last_img read more

California man arrested after livestream shows 2 bodies

first_imgVACAVILLE, Calif. (AP) — Police in California arrested a man suspected of two killings after someone reported seeing a livestream on social media that showed him with a gun and two women lying on the floor. The Vacaville Police Department says officers went to an apartment complex Saturday after getting a call from a woman about the livestream. Police say the video showed the man carrying a handgun and two women lying motionless. A SWAT team arrested a 29-year-old Sacramento man and found the two women dead. Police have not released any information on the cause of their deaths or their identities.last_img read more

Nonprofit in alleged $60M bribery scheme to plead guilty

first_imgCLEVELAND (AP) — A plea agreement for the nonprofit used to funnel payments for an alleged Ohio bribery scheme has been filed in federal court in Cincinnati. The agreement filed Friday shows that Generation Now Inc. has agreed to plead guilty to a racketeering count, allow the seizure of nearly $1.5 million from two bank accounts and accept a sentence of five years’ probation. Authorities say former Ohio House Speaker Larry Householder and four others also indicted on racketeering charges used Generation Now as a conduit for FirstEnergy Corp. to secretly fund a $60 million bribery scheme.last_img read more