Am I part of the attack bot?

Topic

New Reply

ON SECURITY By Susan Bradley The other day, a headline popped up that made me stop and read the news story. It was all about the American government’s
[See the full post at: Am I part of the attack bot?]

Susan Bradley Patch Lady/Prudent patcher

12 users thanked author for this post.

ibe98765, AlexEiffel, jburk07, Norio, windbg, Alex5723, lmacri, Sky, Elly, DLivesInTexas, Casey S, mcbsys

Reply | Quote

Replies

Thanks for this post.  I have a TP-Link AX5400 WiFi Router which was rated as the top router when I bought it about 3 years ago.  I logged into it this morning and lo and behold there was a firmware update waiting!!!  Update went smoothly.

1 user thanked author for this post.

TechTango

Reply | Quote

No doubt the router was  “top” in terms of speed amongst consumer routers. Speed is not the only criteria for judging a router. At least, not for me. And, consumer routers are also not the only routers in the world.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

jburk07

Reply | Quote

Such a meaty article. THIS is why AskWoody is so worth it–detailed, actionable info on small business computing.

I ran the PowerShell command on my Exchange mailbox. The “-IncludeHidden” flag only adds the (default and expected) “Junk E-mail Rule”, Priority 0. If this Compass Security blog post from 2018 is correct, hiding a rule requires using a MAPI client, so maybe not too common. They report that -IncludeHidden is only for MS internal use. That verbiage in the Help has been replaced with “This parameter works only in on-premises Exchange.” Huh.

I like Michael Horowitz’s links to check your IP’s open ports. You can also test common ports, or specific ports, on-demand using Steve Gibson’s Shields Up! https://www.grc.com/shieldsup. And MXToolBox can check if your IP is acting as an SMTP server or open relay, which it shouldn’t be unless you host your own mail server https://mxtoolbox.com/SuperTool.aspx?action=smtp.

Re. router brands and updates, I’ve switched all businesses to UniFi. Updates are almost too frequent. If I had a home network to configure, I’d probably want to try their new-ish Cloud Gateway Ultra (no Wi-Fi built in) or UniFi Express (includes a Wi-Fi 6 AP). That said, if these use the same interface as the Dream Machine, that’s a pretty advanced setup. I have a colleague here that uses Synology routers even for small businesses.

UniFi is made in China, Vietnam and Taiwan. Synology is made in Taiwan. We’ll see if either comes onto the naughty list.

1 user thanked author for this post.

jburk07

Reply | Quote

One of the annoyances of Microsoft 365 is that documentation is hard to determine if it’s still correct and secondly some of the exposure to determining if you’ve been attacked is in the higher licensed products.

https://blog.soteria.io/hidden-inbox-rules-in-microsoft-exchange-office-365-discover-detect-remediate-ea66c6dc5e7e

https://m365scripts.com/microsoft365/manage-inbox-rules-in-outlook-using-powershell/

But those should work to show you any hidden rules.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

mcbsys

Reply | Quote

Do you have a router or do you have a wireless access point?

I’d be far less concerned if it was a standalone AP and not one of the all-in-one consumer devices like their “Archer” line.

If it’s the latter, then yeah, I wouldn’t want to run a TP-Link device at the edge for anything important.

Reply | Quote

Tell me it ain’t so!! I just installed a TP-link OMADA managed network in my home. The network comprises a hardware OMADA controller, a wired router, four switches, and three WiFi access points. Every item received a firmware update out-of-the-box. In only two weeks of operation, TP-link released another update for the switches. I am still in the process of creating VLANS for improved security, so I have to believe this OMADA gear is not part of the troublesome equipment. I would hazard to guess that the issues Microsoft described are with entry level router/WiFi devices used by non-technical folks.

Reply | Quote

My concern with Firewall is  (I have NO hands-on experience with it) is privacy.

First, you must have an account with them to use the system. Then too, it can only be administered with an app, there is no local web interface. Finally, this article is, to me, quite disappointing:  Can Firewalla see my private data?

FYI: Dong Ngo felt it was too complicated for non techies
Firewalla Gold Review: An Expensive but Totally-a-Keeper Add-on Firewall.

If you get a model without Wi-Fi, then you have to deal with the Wi-Fi mesh/AP system and the Firewall router, two things to get up to speed on. Looks like they do not make their own Access Points.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

My current and previous two routers were TP-Link.  That being said, their updates are sparse, they early obsolete their models so that they force people to buy new hardware if they want updated firmware downloads and their support basically sucks.

But I’ve never has any successful hack attacks that I am aware of, so I guess their hardware works adequately for home users.

There is no easy answer to security when hardware or software is manufactured in another country.  Who knows what backdoors exist in anything?  And this applies to not just computers or routers.  Think anything that has computing power from cameras to cars to phones, etc.

Reply | Quote