Re: [Ilugc] Modem updates or Hardening Guidelines
On Thu, Jun 14, 2012 at 8:43 AM, Balasubramaniam Natarajan wrote: > Yes, I agree. My concern was I was expecting some thing at least one > firmware for a quarter. This is because I use to get a paper along with my > ISP bill to have my router switched off while I am not using it as the > Modem is just like a mini PC which attacker can take over and start up > something which might end up on unsuspecting owners of the modem. That would depend on how many services you are exposing to the outside world. Ideally nothing to very little. > I have to accept I did not understand the point above. Are you trying to > tell that the embedded system are much more secure than the Distros which > we are using ? Not more secure, they are tightly integrated as hardware and software and thus the development effort required to provide upgrades is considerably more. The software is required to be much more optimised due to hardware constraints and as thus a lot of pieces are tightly tied together. It's unusual to see small updates to individual software as in desktop distros. Most of those distros won't even have a proper package manager or one that is less functional. That would make the process even harder. ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
On Thu, Jun 14, 2012 at 8:20 AM, Balasubramaniam Natarajan wrote: > I am unable to see any of Beetle modem on > http://www.dd-wrt.com/site/support/router-database > You mean Beetel? I am guessing they are mostly OEM models from various manufacturers and re-branded. You may have to resort to finding out what chipset it is using (telnet, uname etc.) and then find the equivalent @ DD Wrt. Also consider openWRT they too support Linux "firmware" for a whole slew of WiFi AP brands. Also avoid top posting. -- Arun Khan ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
> I am unable to see any of Beetle modem on > http://www.dd-wrt.com/site/support/router-database > Looks like dd-wrt is only for ethernet routers/modem and they don't seem to support combo devices which do DSL, I could be wrong here. http://www.dd-wrt.com/phpBB2/viewtopic.php?p=452901 You can use the Beetle modem for DSL and configure it to support PPPoE relay or as a bridge, which ever is applicable. Then you can use an ethernet router with PPPoE to configure your internet and connect the uplink on the router to your beetel modem via a ethernet cable. I feel, this is more than what you asked for but this is what comes to my mind since dd-wrt doesn't support ADSL modems. I think, the same is the discussion in the above link. >> >> A few years back, I risked my old modem for installing dd-wrt and it has >> been working flawlessly ever since. >> > If you don't mind can you tell me (aside) what is the modem which you are > using. > I have an old Linksys modem (before it was acquired by Cisco) WRT150n, I don't think, you get these anymore. http://en.wikipedia.org/wiki/Linksys_routers#WRT150N http://homesupport.cisco.com/en-us/wireless/lbc/WRT150N Newer models in the WRT54 series like WRT54GL run Linux themselves and might be easier to flash, http://en.wikipedia.org/wiki/Linksys_WRT54G_series#WRT54GL -- 0 ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
> > > 1. Distros like Ubuntu run off testing branch, if you'd use something > like Debian stable you'd have lesser updates. > > > 2. A lot of updates you see are related to desktop software, which are > mostly feature updates or small fixes rather than security fixes. The > security fixes you receive are relatively lesser. > Yes, I agree. My concern was I was expecting some thing at least one firmware for a quarter. This is because I use to get a paper along with my ISP bill to have my router switched off while I am not using it as the Modem is just like a mini PC which attacker can take over and start up something which might end up on unsuspecting owners of the modem. > > 3. My little experience with embedded systems, which your routers > would fall under, are much more tightly bound together than desktop > distros so releasing updates for it is a relatively difficult task. > I have to accept I did not understand the point above. Are you trying to tell that the embedded system are much more secure than the Distros which we are using ? > > 4. The companies producing these products are more of a hardware > company than software. They have little to no incentive to keep > providing regular software upgrades. They'd rather focus on quickly > releasing new hardware in the market. > :-( > > If you combine all the 4 above reasons you'd see why it's uncommon to > see regular software updates to your modems/routers. > Think about how often do even smartphones receive security updates? > Mostly what you'd see are feature upgrades. > > -- > With Regards, > Mehul Ved > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > -- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
I am unable to see any of Beetle modem on http://www.dd-wrt.com/site/support/router-database > > A few years back, I risked my old modem for installing dd-wrt and it has > been working flawlessly ever since. > > If you don't mind can you tell me (aside) what is the modem which you are using. -- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
On Wed, Jun 13, 2012 at 10:46 AM, Balasubramaniam Natarajan wrote: > Hi > > I have always wondered that the ubuntu machine which I work with receives > lots of security updates, if so why not the modems which we use as it is > direcly on the line of fire. Are there any tips to harden the Modem which > we get from the local ISP ? Some reasons which I believe deserve a mention 1. Distros like Ubuntu run off testing branch, if you'd use something like Debian stable you'd have lesser updates. 2. A lot of updates you see are related to desktop software, which are mostly feature updates or small fixes rather than security fixes. The security fixes you receive are relatively lesser. 3. My little experience with embedded systems, which your routers would fall under, are much more tightly bound together than desktop distros so releasing updates for it is a relatively difficult task. 4. The companies producing these products are more of a hardware company than software. They have little to no incentive to keep providing regular software upgrades. They'd rather focus on quickly releasing new hardware in the market. If you combine all the 4 above reasons you'd see why it's uncommon to see regular software updates to your modems/routers. Think about how often do even smartphones receive security updates? Mostly what you'd see are feature upgrades. -- With Regards, Mehul Ved ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
On 13 Jun 2012 12:35, "Balasubramaniam Natarajan" wrote: > > > > > Turn on the hardware firewall if present. > > Setup mac security on any multi-access device. Dont let unknown devices > > access. > > Use any access control list that it is capable of. > > > > How do I do it on the Internet facing side of my model for the same ? Depends on your modem. Would tell you for mine, but no power, so cant connect to it now. > > > > > I would like to know why the firmware for these modems are not being > released once in a quarter to address .. They may release bug fixes. But these are low price high volume products. Most dont have any majorly new features since the initial standards were written. Bug fixes are rare, newer models probably have the same codebase+fixes. IIRC airtel has an ftp site with updates for their modems, but these are not regular. You are better off using community firmware on/or a higher end modem+wireless router that has more security features/better community/ support. > -- > Regards, > Balasubramaniam Natarajan > www.etutorshop.com/moodle/ > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
> > Turn on the hardware firewall if present. > Setup mac security on any multi-access device. Dont let unknown devices > access. > Use any access control list that it is capable of. > How do I do it on the Internet facing side of my model for the same ? > > I would like to know why the firmware for these modems are not being released once in a quarter to address new vulnerabilities which might be found on these modems, I am not sure if this is the right forum to ask these questions, however Any bright mind here might be skill full enough to get the trusted updated firmwares and lead me to the same place. Or if people has not though about that it is really good that we show some light in to this modems perspective. -- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
> I have always wondered that the ubuntu machine which I work with receives > lots of security updates, if so why not the modems which we use as it is > direcly on the line of fire. Are there any tips to harden the Modem which > we get from the local ISP ? > If you are looking for updates, you can find firmware updates from the manufacturers site. But if you are really paranoid, you should buy a ADSL modem and flash it with one of the community built firmware which supports lot more features. Although, you should know, you can brick you device if something goes wrong while flashing the ROM (including power cuts). A few years back, I risked my old modem for installing dd-wrt and it has been working flawlessly ever since. http://www.dd-wrt.com/ http://www.dd-wrt.com/site/support/router-database There are a few other firmwares such as OpenWrt and tomato but I don't have much idea about them. http://en.wikipedia.org/wiki/OpenWrt http://en.wikipedia.org/wiki/Tomato_(firmware) -- 0 ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
Re: [Ilugc] Modem updates or Hardening Guidelines
On 13 Jun 2012 10:46, "Balasubramaniam Natarajan" wrote: > > Hi > > I have always wondered that the ubuntu machine which I work with receives > lots of security updates, if so why not the modems which we use as it is > direcly on the line of fire. Are there any tips to harden the Modem which > we get from the local ISP ? Turn on the hardware firewall if present. Setup mac security on any multi-access device. Dont let unknown devices access. Use any access control list that it is capable of. As such if one can access your dlink made modem and save to config file, they can connect to the isp using your credentials easily. I lost the isp password and my beetel modem was overheating and needed to be replaced. So I just copied the hashed(?) string from the saved config from the beetel into the saved config of a new dlink box. Copied the new config to the dlink box and it worked :-P -t > > -- > Regards, > Balasubramaniam Natarajan > www.etutorshop.com/moodle/ > ___ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ___ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
