bwcbwc writes: Ricardo Montalban has died in Los Angeles at age 88. Known to Star Trek fans as the villainous Kahn, as well as Mr. Roarke on TV's Fantasy Island, Montalban brought a touch of class to automotive ads as he extolled the virtues of 'Corinthian Leather'.
bwcbwc writes: My home network is going to expand shortly as I upgrade my DSL modem to DSL/2 (possibly with an integrated router), and (finally) add wireless (802.11g since that's still at least twice as fast as the DSL port, and if I use 802.11n half the neighborhood will be able to scan my SSID).
While I've seen plenty of articles on the net about securing your wireless connections on the LAN side, and a few articles about hacking your router's firmware, I've never seen any deep articles about securing your router's internals from attacks from the WAN side. The only consistent recommendations in this area seem to be "make sure your firmware is up to date" and "change your admin password". Consumer-level stuff, not Slashdot-quality (is that an oxymoron?). This is fine if your router vendor maintains the firmware in the face of new attack vectors, but when the latest update for your router model dates back to 2004, it makes you wonder.
So my questions (maybe too many): 1) Which home routers (priced under US $100) or DSL Modem/Router combos (under $150) are the most secure? Which vendors seem to provide the best ongoing support for security and other programming issues?
2) What configuration options and mods can I make in the router settings to enhance my security. Changing the passwords, turning off uPNP and WAN ping seem pretty obvious, but are there any other good ones?
3) I know some/most routers are basically Linux boxes. Which routers are easiest to mod from a sysadmin's perspective? Is there a trade-off between LAN-side configurability and WAN-side security?
4) If I have 2 routers (one wireless+wired, one wired only), I have to plug one of them into the other. From a security perspective, is there a preference as to which router should be connected directly to the internet and which one should plug into the other? If the outer most router is compromised, it can become a man-in-the-middle against the inner network. On the other hand, if the inner router is compromised, it is already part of the outer router's internal subnet.
bwcbwc writes: The Palm Beach Post is reporting that Florida Universities are paying big bucks for software to block peer-to-peer file sharing networks. Florida Atlantic University paid US $500,000 plus annual maintenance of $50,000 for software that isn't even configurable to allow legal peer-to-peer networks. The University of South Florida seems to be getting a better deal at $75,000 initial purchase with annual maintenance in the same range. Their software is at least configurable, so their students will still be able to download those Knoppix DVD images. Sounds like another opportunity to PROFIT!!! (Fair warning to those with high blood pressure: the article has a decidedly pro-RIAA slant. Reading it may be hazardous to your health.)