Archive for March, 2010

The FCC’s Plan To Broaden Our Backbone

Saturday, March 13th, 2010

An article or two ago, I wrote that regular telephone lines were going away soon, and that the FCC was already seeking public and industry comments on the subject. The FCC’s National Broad Band Plan is was to be delivered to Congress on February 17. 2010.

Well folks, what a delivery it has been. In my opinion, not only is it a healthy 8 pound baby boy, it’s the equivalent of a fully grown working adult. The FCC has delivered a sweeping plan that will pull the nation’s communications (kicking and screaming) firmly into the 21st Century.

I can’t lie, I like what I am reading so far.

This morning, NYtimes.com published an article on the FCC’s delivered plan that should be read by anyone who plans on using a telephone or computer in the next 10 years.

The FCC’s plan is extremely ambitious. They are proposing nothing less than changing our entire communication infrastructure to broadband high speed Internet based communications in less than a decade. The plan also addresses getting broadband to rural areas, schools and other public institutions. The FCC is also recommending that all military communication infrastructure be upgraded to ULTRA high speed broadband service. Read the NYtimes.com article on Cisco’s new high CRS-3 router for an idea of whats in store in the nearer future.

The get the ball rolling, The FCC has begun studies on where broadband is currently available, how fast it is, and how much it cost consumers. The FCC has even begun providing consumer usable test tools online at their new broadband web site http://www.broadband.gov/ Please visit this site. The master plan as it stands today is there along with consumer Internet speed test tools. It’s a very eye opening website if you are able to read between the lines and see the FCC’s intentions about the future of our nations communications.

I have seen this change coming, and I would like all of our customers to be aware that this new national policy will affect all Americans, in all areas of communications, including alarm signal transmission. Some of our customers have already met the future with alarm controllers that use IP based communications. The rest of our customers need to make plans. Do not wait until some dead line nears, there will be a rush to change everything over to the new way, and according to the laws of supply and demand, it will be expensive. Save money and do it now.

One big reason that this ambitious plan will work is that the need for the change is being driven by consumers and businesses, a classic example of market driven dynamics. This does not mean a smooth road ahead. I think we should be prepared to see epic battles between the FCC and all parties involved; setting standards and policies will always be more beneficial to one party than another (always a winner and a loser). I see an approaching period of mergers, cooperation and contention between communication companies, large and small. This is also a great time for entrepreneurs and small companies with good ideas to move into the shoes vacated by companies that cannot or will not adapt to a new landscape of IP based national and global communications.

Evolve or die. It is the law.

Poking Holes In the Wall (Your Firewall)

Monday, March 8th, 2010

Over the past 2 years I’ve seen a great change in customer’s attitudes toward network security. One of my biggest worries (right behind physical and electronic security) is computer and network security. Network security in both commercial environments and residential settings.

Our commercial customers (who have always had the right idea, if not the time and budget) lately have been paying more attention to hard to get to things like patching every server and updating security software. Upper management has seen cyber espionage on the increase and do not want to called ‘Victims’ (this usually leads to firings, heads rolling etc..) and so have mandated more attention be paid to all things related to security, computers and networks.

Our residential customers, while not too tech savvy a few years back, i applaud loudly! It seemed that residential customers as a whole were very fast to embrace the wireless home network idea, but did not understand the ramifications of a unsecured wireless network. I used to pass my idle time by sniffing wireless networks where ever I happened to be. Two years ago more than 50% were unsecured and open to possible mayhem. These days, when engaging in the same sort of time killing, I can happily say that it is rare to find an unsecured network! I think that computer and router manufacturers have made security setup simpler (and turned ON by default in many cases).

People like me are always bringing  up computer and network security. It’s almost uncanny, I can bring up this subject in almost any conversation in almost any context. Maybe security is better these days  just because customers are tired of hearing me complain that the network is not properly secured, and would you like me to secure it for you? Maybe securing a network has become akin a knowing how to operate a TiVo, it’s just something you learn to do as a normal part of life (the jury is still out on this idea).

All that is fine, but I’d like to talk about something that (for the most part) residential customers have not caught onto, the danger of opening, forwarding and triggering ports in their firewalls. In most commercial settings, the IT department would frown upon you if you asked them to open a port to connect something like a DVR for remote viewing, where as residential customers have no qualms about opening as many ports as needed to add convenience for things like remotely programming your cable TV DVR, looking into a CCTV DVR, remotely controlling stuff like an alarm system (PLEASE NOTE, THIS DOES NOT APPLY TO HONEYWEL TOTAL CONNECT PRODUCTS). Most companies with an IT department have a VPN in place that allows their Road Warriors to securely connect to the home base network and all the good stuff on it, i.e. DVR’s.

There are 65,536 ports available for network communications (ports 0 -65,535, port number 0 is never used, but it could be). Ports come in two flavors, TCP and UDP. Ports are like doorways that programs and services can use to enter and leave a computer (I mean communicate with other computers over a network). Some programs use specific ports, and some can be assigned arbitrary ports. Here in lies the danger, because some ports are more secure than others. For instance, port 443 is used for HTTPS:// secure Internet communications and is handled by the host computer as such.

Why so many ports? I don’t know, but 65,536 is a number any computer enthusiast would recognize. Actually, ports have a 16 bit value, meaning that there are 65,536 possible combinations (remember hexadecimals? 1234567890ABCDEF). Ports 0 through 1023 are called ‘Well Known’, as many of them have official uses (like port 443) and others in this range have, over the years, by default become the ports used for many applications. Check out this handy chart at Wikipedia http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Ports 1024 through 49,151 have been registered, or claimed by various hardware and software vendors. Ports 49,152 – 65,535 are known as dynamic ports and can be freely used. These are the ports that are typically opened, forwarded and triggered to make our lives more convenient and less secure (it can be done securely if you know what you are doing).

Please consider this fact of life, every time you open a port, your are opening a hole in your networks defenses. There are hackers running programs called scanners, running 24 X 7 “pinging” the Internet across various ranges of IP addresses looking for computers with open ports. Once they see an open port, they ‘probe’ the port to see what device or service is there. If you have connected something that uses a password, and that password strength is weak, the hacker will try to use this weakness as a vector to gain deeper network access, trying to get ‘root’ privileges. At this point the hacker owns you. This is one of many possible security snafu’s that can happen when ports are opened.

How secure is your computer? There is a well known and trusted automatic port scanner located at www.grc.comClick on ‘Shields Up’ and follow the directions. I use this service all the time. It will tell you what is open and how to secure open ports and if your computer is responding to “pings”. There is also tons of information concerning various ports and their vulnerabilities and possible solutions to closing them. Ideally, your computer should be invisible to hackers pinging your network.

Of course, life without open ports would be tough, you could not run programs or communicate with and through other networks to other machines. The right course of action is to understand what the contractor means when he/she says ‘Ill open a port on your router and forward it to the DVR IP address (or whatever device)”. It can be difficult to understand all of the implications of opening that port and how to protect it. The chances are good that the technician doing the work does not truly understand it either.

When using Honeywell IP products, like Total Connect remote services, there is no need to open ANY additional ports in your firewall. Why? Because the Honeywell equipment polls (or checks into) the Honeywell AlarmNet Center every 20 seconds. When you want to connect to your equipment, you actually are connecting to a secure server at AlarmNet. When AlarmNet gets your request to connect to your equipment, it waits for your equipment to check in, and connects the two of your through a secure server located and maintained at alarmNet. DoD, DoE and the military like this idea and use AlarmNet by Honeywell it because it is secure.

There is a small monthly fee to use the AlarmNet service. Why? Because they hire people who know what real network security is to run the place. You get what you pay for. Pay nothing, and you could get about that much security.

Whats the sense of installing a DVR and cameras for security if you need to compromise the firewall to use it? There is a better way, email me and I’ll tell you all about it. mlomega@safe-t-tech.com