Technology

*Note* All content is redirected from nexusshield.com to here, nexushield.com is being phased out.

Background

Google Fiber is great. For just 70$/month one can get true gigabit internet, both upstream and downstream.

However, the router (Google dubbed Network Box), is, to put it lightly, not good. The few features it has only seem to work half the time. There is no bridge mode on the unit; there is no way to turn off DHCP, and no DMZ functionality. I originally posted a guide directing users how to bypass all the controls Google has put into place to prevent a customer from using their own router. The previous guide required a managed switch that was ~70$ and a high-end consumer router, or a good pfSense/linux router machine, view the original guide here. Ever since then I have been looking for ways to improve this situation in terms of making it more accessible money-wise and knowledge-wise.

Enter Ubiquiti’s Edgerouter lineup of products, these are feature-rich enterprise-grade routers that have a very reasonable cost. Ubiquiti’s EdgeOS is based on debian linux and therefore highly customizable. With even the lowest end Edgerouter, which should run you under 100$, you will be able to get rid of the need for a middleman switch and make use of the full 1Gbp/s download/upload.

 

Important Notes

The attached script will setup Interface 1 as WAN, Interface 0 as LAN (192.168.2.1/24) and no touch any other interfaces.

The attached script will need to be run as root on your Edgerouter.

You will want to modify at least line 101 on the script to change it to your domain name.

You may also want to modify like 104 to your timezone, if you don’t live in Provo.

Packages do NOT survive system upgrades, if you upgrade to 1.6+ in the future you will have to apt-get the vlan package again, or run the script again.

If you do not have TV service you do not need to run the second script.

Before running the attached script you should upgrade your Edgerouter to version 1.5/1.6! Follow this guide for assistance upgrading your edgerouter.

 

 

Hardware

Buy an edgerouter: here

Preparation

You will need a SSH client: Putty

Plug your edgerouter into power.

Plug an Ethernet cable into eth0 of the edgerouter, and the other side of the cable into your computer.

Plug another Ethernet cable into eth1, and plug the other side of that cable into the Fiber Jack.

Set your computer’s ip address to 192.168.1.2, so we can communicate with the edgerouter.

SSH should be enabled by default, open putty and type 192.168.1.1 into the “Hostname or IP address” field and click open.

Click Yes to continue with the SSH connection.

Scripts

Edge-Setup-Interfacesv2

EdgeRouter-TVScript6

Running the script

You should get a login prompt, the default username and password will both be “ubnt”.

Type in “sudo su” to switch users to the root user.

Simply copy the script content off of this blog and right clicking in the putty window should paste it.

You should see the script running and configuring your router.

If you have TV Services through google repeat the above steps with the TV script.

Other things you might want to do

Change the default password for the ubnt user. This is done with the following command:

set system login user youruser authentication plaintext-password PASSWORD

Set your computer’s ip address back to DHCP.

If you do not have the technical skills to implement this yourself, you can contact an IT support provider, like https://netswat.com.

16 Comments  10

bigstock--D-White-People-Antivirus-Pro-43001323

Much like layering clothing to protect yourself from the elements, computer systems need layers of protection to keep them safe from attackers. In the day of Advanced Persistent Threats (APTs), new malware created by the day, and ransom ware such as CryptoWall, small businesses need to be much more vigilant in protecting valuable company resources from viruses, malware, botnets, hackers, and other threats. This can no longer be accomplished by just getting an antivirus solution from your local big box store. This must be handled with layered security, including such devices as;

 

  1. Netswat Safe Browsing – The first line of defense for blocking dangerous websites, botnet blocking, and preventing malware from leaking data to the internet.
  2. Unified Threat Management (UTM) Appliances – Your second line of defense for real-time scanning of incoming data for viruses and known threats.
  3. Antivirus – The last line of defense for your computer system. If a threat makes it through the first two layers, it can be picked up and removed by your Antivirus solution.
  4. And of course, vigilant monitoring of all the above.

 

Utilizing the proper layered security approach will cut downtime of resources, speed up company resources, and save you, as the business owner, from costly data corruption or theft. At Netswat we simplify this greatly by including it all in our Diamond support package, so you as the business owner don’t have to worry about system security. We believe doing so will cut support costs and increase employee productivity, as well as giving your business the best line of defense on the market for protecting all of your computer resources.

Leave a comment  4

bigstock-Firewall-lock-on-mainboard--c-39564091

Password managers aren’t exactly a new idea, but in recent years their popularity has increased dramatically as everyone creates an ever expanding amount of online profiles, and accounts across the internet. These days it’s not uncommon for a person to have dozens of logins that enable access to financial institutions, online stores, and social media sites and etc.

Password managers promise to help manage the plethora of data by keeping it in one place as well as generating strong passwords to accompany each login. All you have to do is remember the master password, and the password manager will do the rest.

But what happens if the password manager suffers a security breach?

That’s exactly what happened last month to LastPass, a popular, cross-platform password manager. It’s bad enough when one of your accounts is compromised, so i am sure you can imagine the conern from everyone when LastPass announced they had been the victim of a hack that exposed users’ email addresses, encrypted passwords, and cleartext reminder hints.

Single Point of Failure

Password managers can be some of the biggest targets for hacks on the internet, because if someone is able to breach one enough then they have thousands, potentially millions of people’s “digital keys” and can take over their online lives.

Security conscious companies will require employees to change their passwords every 90-120 days, and strong passwords are strictly enforced. Not allowing users to reuse any of the last 10 passwords, So many employees of those companies just write down their password on a Post it note and stick it to their monitor, or under their keyboard.

But are Password Managers Safe?

Probably so, if used correctly. They are definitely safer than many of the so-called crafty places people come up with to hide their password near their desks.

I’ve personally used LastPass across multiple devices for a number of years, and if you’re considering using any password manager i would strongly encourage you to heed the following advice:

  1. Make sure you’re operating a virus and malware-free computer. Keep your Ant-Virus updated and don’t click on suspect links.
  2. This one is critical, Enable multi-factor authentication, this gives you another strong layer of security in the event of a security breach.
  3. Secure your mobile devices with passwords, PINs, or pattern locks.
  4. Memorize a strong master password(the longer, the better, complexity doesn’t actually matter much) for the password manager.
  5. Your password manager login should timeout after minutes of inactivity.

What have been your experiences with password managers? Have they made your life easier?

Leave a comment  2

datacenter-300x199

Every three years. I know some IT professionals will say servers last longer, and some do. However, after the third year of ownership, the cost of supporting a server start to escalate dramatically. According to IDC, starting in the fourth year, support costs increase by approximately 40%. By year five, that has swelled to 200%. Hold on to the server for seven years and support costs hit a mind boggling 400%. At that point you’ve become more of a firefighter than a business owner!

That means that the ideal time to replace your server is  before the increase in support costs in year three. Additionally, many business owners replace a new server at that time because the warranty expired on the old equipment, and continually purchasing extended warranties on top of the escalating support costs is very expensive.

Your company’s server may be humming along just fine, and I hope that’s the case. A server crash can be catastrophic to a business; a scenario best avoided for both your IT professional and your business. Replacing a running server is always preferable to replacing one that’s crashed, as a crashed server involves many more hours of labor and, potentially, even loss of data.

Non-Supported Operating System
Next month, Microsoft will pull the plug on support for Windows Server 2003. This means that it will stop receiving critical security updates, and that it’s probably time to replace your server’s hardware as well. This effectively nixes two problems before they can affect your business. It gives you an opportunity to move to modern, more efficient, and more powerful hardware.

Slow Performance
Slow performance can be difficult to define. Many employees learn to work around general “slowness.” Your server may be running reliably, but it may not be running optimally. This is where we help determine if a replacement is needed, or just a quick upgrade.

Conclusion
Your servers are the backbone of your company’s IT infrastructure. It’s wise to have a replacement plan for each one, so that you’re not scrambling to justify a surprise replacement cost when it crashes. You can help your company make wise decisions by remembering the inherent risk in forcing a server to perform critical functions well past their life cycle.

Leave a comment  2
Real Time Web Analytics