• Search for:

    Monthly Archives: November 2022

    1. Home  - 2022  - 
    2. November
    6Nov, 2022
    Wireless Isolation for Guest Networks

    Whenever I am configuring a guest network in a public location, I always have this image in my head of each person having their own private island.  It is peaceful, and quiet… and nobody is trying to snoop on your personal devices, read your email, or access your bank account.  

    Whether you are setting up a home network or a business network, most network gear will allow you to enable wireless isolation.  This feature isolates each device that connects to the network so that it has a direct connection to the Internet, but in such a way that it is not allowed to see other devices on the local network.

    The setup wizards push you in the direction of setting up a wireless password (WPA/WPA2), though for a public guest network, some administrators prefer to disable the logon password and opt for using a click-through usage agreement in conjunction with wireless isolation.  For example, you’ll see these click-through usage agreements used a lot in hotels and coffee shops.

    Personally, I would advise password protecting your networks in most settings, but I have set up guest networks in the past using wireless isolation so that devices can’t see each other on the password-less, open network.

    I recently set up WiFi in an apartment building using a TP-Link ER605 router, TL-SG3428 switch, and EAP245 access points.  The setup is super easy, the access points provide the aforementioned settings for wireless isolation, and as a bonus, the switch also provides port isolation options for those wanting to plug their devices up to the wall in their apartment.  All of these devices work with TP-Link’s Omada platform, which allow for remote management.

    As a rule, I always ask myself (as an admin) if the security I am configuring on the network is good enough for me to do my own mobile banking.  And personally… I want to bank from my own private island.

     

     

    2Nov, 2022
    Use a Password Manager

    It is always interesting to me to see how other people keep track of their passwords.  I’ve seen everything from having passwords written down on sticky notes to being kept in a physical password book to being typed into a clear-text file.  The file may have been stored on a phone, computer desktop, or perhaps on a USB drive.  With today’s password complexity requirements and the sheer number of passwords that any of us need to remember, it feels almost impossible to keep up with how to log in to all of the internet hosted “things” that are so ingrained in our lives.

    Writing a password down is not so bad as long as you have a way to secure it.  Unfortunately, most of the time written passwords are not locked away, and are free game for anyone who happens to stumble upon it.  I worked with a guy who said that he had nothing to hide and that he didn’t care who had his password.  But as the security guy, I’ve seen enough passwords exposed and email accounts (and others) hijacked for nefarious reasons.

    The same could be said for keeping your passwords in a file that is not encrypted.  Anyone else who has access to that system has access to your passwords.  Should your system become infected with Malware, you should just assume that your passwords are compromised.  With storing passwords on a USB flash drive, there are several risks to consider.  First, there is the possibility that the drive could become corrupt or stop working, in which case you could lose your data.  Should the drive become lost or stolen, there is the issue of other people accessing your data.  To prevent this, there are options out there like the Kingston Ironkey or Kanguru Defender drives, which will password-protect and encrypt your data.  There are other methods to encrypt a USB drive yourself, but for many it is worth buying a flash drive that already does it for you.

    My personal recommendation is to use password management software (1Password, Dashlane, LastPass, etc) that encrypts and stores your passwords in the cloud so that you can access them from anywhere.  As a hybrid solution, you can also use KeePass, which is a locally installed password manager and you can save its password database anywhere.  Though if you use this approach, I would definitely recommend keeping a backup copy in case the file becomes corrupt or lost.

    Current generation password managers encrypt your password database, so that even if someone else finds or steals it, your passwords are still secure as long as they don’t have the key.  And many now have more advanced features that incorporate multi-factor authentication, single-sign-on integration, and team or family password sharing.  As a bonus, the more mainstream managers will check your passwords against compromised password lists of the “dark-webs.”

    This is how I personally keep up with my own passwords.  Password managers today are simple, convenient, and secure.  Most are multi-platform and you can take them with you wherever you go, whether it is on your laptop, tablet, or phone.  How are you keeping up with your passwords?