A while back I offered my thoughts on the benefits of wiring devices rather than relying on WiFi, and my efforts with installing Ethernet drops. The system worked well, but I had nagging doubts about my install. Specifically, my jack punchdowns were not up to spec, my patch cables were self-made, and my drops terminated in the basement with RJ45 connectors. In short, it was an amateurish install and didn’t look good.
After re-punching my wall jacks with the proper method, I decided that I would finally bite the bullet and buy a patch panel. The only thing that had been holding me back was the price, and the fact that I lacked a networking rack to hold it, but these concerns were alleviated with a little bit of searching. I decided upon these two items:
The intent was to mount the patch panel in the bracket on the concrete wall in the basement. And, despite the irritations involved with drilling concrete, this idea played out perfectly:
It was also much easier than crimping. A simple punchdown tool secured the wires and clipped the excess, and in short order I had secured my existing 5 drops.
For the record, I chose T-568A. Although now, having purchased patch cables all configured in B, I probably should have chosen B. Ah well, the difference is pretty negligible. Regardless, though I haven’t benchmarked anything, the network does seem a little snappier now. The previous RJ45s were properly rated for solid-core CAT6, but I still don’t think it’s possible to manually crimp a connection as well as punching.
I’m sure at some point I’ve complained about internet tracking. There’s no way I haven’t, but I can’t find the right article to link to at the moment. So instead, I’ll ramble on for a bit about the over-discussed and tired topic.
I did find this topic, wherein I discussed my router upgrade. Recently, the manufacturer pushed an update to it, and in this update I found some more robust traffic management and firewall tools. Naturally, I poked around, and discovered that I could control domain blocking with more refinement. On a whim–well, more than a whim really–I blocked Facebook and some other well-known web analytic and tracking domains in a custom rule that I then assigned to all my personal devices.
The result was even worse than I had suspected. There were all manner of things that were linking to Facebook. Even if I chose to ignore all Facebook prompts, applications and pages were still running their scripts in the background. Why?! The question, of course, is rhetorical.
One more incremental step in fighting for internet privacy.
I was talking to my father, as I tend to do, and as what usually happens when I engage in such discourse, especially whilst imbibing, I acquired certain information from a specific point of view and found it interesting. And so, a blog post is born.
We were discussing technology and the inevitable variances by which the differing generations adapt to it. It’s cliché, certainly, to envision some old geezer hammering away at a keyboard and yelling at a computer monitor. For many years, in fact, I provided customer service to such people who couldn’t figure out the difference between a browser’s search menu and address bar–possibly why so many modern browsers have now dealt away with the differentiation altogether.
Of course, I knew the stereotype to be a half truth, and I considered my own father a model example to the contrary. Dad, a professor, had a history of spending his research grant money on computer equipment, and in fact I, as a child, had been quite enamored by his laboratory on campus. I willingly accompanied him into work during those summer days of my youth for the sole reason of gaining access to the banks of computers which lined the old slate countertops of those musty rooms. And, by observation and from rudimentary instruction, taught myself how to type properly on a modern QWERTY keyboard–years before keyboarding was introduced into gradeschool curriculum.
Many years prior, Dad had typed up his doctoral dissertation on an electric typewriter. And now, while I still can’t hope to capture even his most basic interest in networking technology and infosec, still see the man using modern hardware beyond a simple intuitive ease, but with something approaching mild obsession. In short–he’s entirely comfortable with modern technology. And this is a man who has no connective tissue in his leg to speak of (he’s old).
And during this particular discussion, he was musing over his students’ inability to use basic computing equipment. A particular anecdote involved his class sending him email invites to subscribe to Office 365 (a rant for another time), so that he might log in and view their term papers digitally. Basically, his students sent him friend requests to a digital subscription service to view their shared documents…rather than use a printer.
But anyway, Dad told me this story because he had been approached for his thoughts on how his aging generation anticipates adapting to our world of rapidly-changing technology, to which he responded that the youngest generation doesn’t know anything about using current technology, and so such concerns were misguided.
As a point of comparison, I thought about young drivers and realized that the youngest generation doesn’t know how to operate motor vehicles properly. But then again, neither do most people…and most people don’t really know how to effectively use modern operating systems, or we wouldn’t have Windows 10.
Sooo, I guess my point is that expectations are higher than reality and generational gaps have nothing to do with an individual’s ability to learn and adapt…to a point. I mean, old people still need to stop driving, but I also don’t think most people are competent enough to handle the responsibilities of the Internet either. Hmm–a conundrum.
Earlier this year I wrote about the shortcomings of on-board car diagnostics and how I was searching for a computer-reader that would provide more information in the event of a problem. Like a fire extinguisher, it’s something that I had hoped to never need to use.
But I had to use it. And I’m glad I had it.
Less than a year after purchasing the CR-V, it died in a grocery store parking lot. I, being at work, dutifully responded to my wife’s texts in a most timely manner–an hour later–and was off to save the day…cursing and muttering the entire way.
The vehicle, refusing to start, notified me of such by informing me that the parking break was malfunctioning, as well as the antilock breaks, and the electronic break stabilizers, and the gate lift mechanism, and a number of other systems. It was disconcerting, but not very helpful.
So I plugged in the OBDII device and waited while it ran a diagnostic. It then informed me that two systems had insufficient voltage to operate. I cleverly deduced that voltage insufficient to operate the breaking mechanism probably meant the starter wouldn’t work. I’m a real mechanic I am.
So I jumped the car and it started, and it promptly died when it got home. Presumably the battery was bad, but that seemed unlikely given how new it was.
AAA agreed, once they came out and tested the electrical system. Surely the battery was fine, and something was drawing power when the vehicle was off.
Then the Village Elder came over and gave us a charger, and after manually giving the battery a full charge, I tested it an hour later and it had already been drained. Ultimately, a replacement battery seems to have fixed the problem, though we’re still left wondering why the original died so quickly. Maybe it was just a lemon.
I’m also left with the nagging irritation at Honda’s dash alerts. While telling me that every electrical system was malfunctioning was technically accurate, it wasn’t very practical information, especially considering the error codes themselves had the information we needed.
Oh well, at least the computer reader proved its worth. I can finally give it a solid recommendation now.
It’s interesting to me how obstinately we refuse to take basic network security precautions. Usually, introducing the topic for conversation is met with contempt for nerds, as if I were attempting to discuss comic books and card games with high school jocks (neither of which have I associated in my adult life). But concern for such trivialities is gradually waning in light of big news’ headlines (Russia!), so people are now at least acknowledging that infosec is something we might casually entertain (though only in outrage that our government isn’t protecting us).
But elsewhere, in the tech community, network technology itself is becoming increasingly under fire–specifically, consumer-grade NAT routers. I had previously covered my recent transition to a more commercial-class router, the Ubiquiti Edgerouter X, and I had been pleased with its performance for the time I used it. Alas, a botched firmware upgrade left the device bricked, so I was forced back to my old D-Link while I considered options. The experience had taught me a lesson: I wanted the security and features of a commercial grade router, with the hand-holding of a consumer grade one. But that seemed an unfilled niche.
Eventually, I went back to my NAS’ manufacturer, Synology. Their NAS management software has proven incredibly robust, with timely and automatic patches immediately following a CVE disclosure. They had formerly tried to introduce a router but had discontinued it. But now they were trying again with a new model. It was hard to find an expert review on the device, as most of the Amazon community’s comments boiled down to “It’s fast and doesn’t drop connections”–something I consider to be bare minimum requirements for $200 piece of network equipment. Still, I discovered enough information elsewhere that compared its router management software to that of its NAS products, so I decided to bite.
I could go on at length, exulting its software, but for the sake of keeping this post within the casual Internet-peruser’s attention span, I’d like to call attention to its simple and effective firewall.
Configuring a firewall shouldn’t be difficult, but until now I had never owned a router that managed to balance simplicity with effectiveness. I was delighted with the level of customization. For example, I decided to block all inbound connections from geolocated Russian and Chinese IPs. I was disturbed to find out that two days later, 1800+ connection attempts from these regions had been blocked. I suppose it’s mostly just Internet noise–passive scanning–but it’s still disconcerting.
Next up–a particularly troublesome IP range that my ISP uses to perform DNS and reverse-DNS queries. To be clear, I don’t want my ISP messing with my DNS traffic, but as DNS is largely unencrypted, there’s not much I can do to stop them. I specified my preferred DNS servers, but they appear to be bypassed when the lookup returns a 404, and my ISP serves me a “helpful” page of suggested results.pithy
Fortunately, their DNS servers appear to be static, and using a Whois service I pithynarrowed down the IP range and blocked it outright. The router has since blocked 48 connection requests to these IPs, so while I might not be able to prevent my ISP from intercepting my DNS queries, I don’t have to look at what they decide to serve me back.
Lastly, and equally unsettling, was my cable modem’s hard-coded internal IP: 192.168.100.1–the address used by the majority of modem manufacturers. In reality, there is no reason that a LAN-side device should need to contact the modem (that’s the router’s job), other than the remote possibility that the modem might need some user administration. But that’s a stretch.
And the modem lacks any form of user authentication. While there isn’t much someone could mess around with (apart from rebooting and resetting it), I still don’t think it should be open to anything on the LAN. So, just no. I blocked all traffic to its IP. I didn’t count on anything trying to access it regularly, but the router counts 48 attempts now. I’d really like to know what was trying to access it and why, but the conventional logs don’t provide that level of detail. Oh well.
In conclusion, my router upgrade has increased my network security at the cost of equal paranoia.
I’d end with something pithly snarky, but I just realized I’m out a aluminum foil.