AOH :: ISN-3095.HTM

OpenWRT Firmware for Wireless APs

OpenWRT Firmware for Wireless APs
OpenWRT Firmware for Wireless APs


Manage Vulnerabilities. Defend Against Threats. 

Rogue Applications and Media Device 

Ten Steps to Achieving Business Compliance 

=== CONTENTS ==================================================
IN FOCUS: OpenWRT Firmware for Wireless APs

   - Microsoft Releases Patch for Critical IE Vulnerability
   - Symantec Reports on Current Threat Trends
   - Windows Vista's Take on Least Privilege
   - Recent Security Vulnerabilities

   - Security Matters Blog: Firefox 2.0 RC1 Available
   - FAQ: Controlling Group Policy Editor
   - From the Forum: EFS and WebDAV over SSL
   - Microsoft Learning Paths for Security: Multiple-Layer Defense for 
Secure Messaging
   - Know Your IT Security Contest

   - Encrypt Data in Flight and at Rest
   - Wanted: Your Reviews of Products 




=== SPONSOR: Core Security ====================================
Manage Vulnerabilities. Defend Against Threats.
   Your IT and Security budgets are tight. This White Paper shows real-
world case studies demonstrating the ROI potential of automated 
penetration testing. 

=== IN FOCUS: OpenWRT Firmware for Wireless APs ===============   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Before I return to our discussion of alternative firmware, I want to 
let you know about another portable Web browser. Last week, I wrote 
about Mozilla Firefox - Portable Edition and Torpark (see the article 
at the URL below). As I described, both these browsers can help protect 
your sensitive data by keeping it on portable media, such as a flash 
drive. A reader wrote to let me know about another portable browser 
that I didn't know existed: Opera@USB. 

As the name implies, Opera@USB is based on the popular Opera Web 
browser and is designed to be portable. Like Firefox Portable and 
Torpark, Opera@USB helps protect your privacy by not leaving traces of 
its existence or activity on the computer you use it on. Opera@USB is 
smaller than the other two browsers, weighing in at under 8MB. The 
current version is based on Opera 9 and installation is very simple: 
Just unzip the download package to a directory and fire up the browser. 
You can download a copy at 

Two weeks ago, I wrote about DD-WRT (see the article at the URL below), 
alternative firmware for wireless access points (APs). One thing about 
DD-WRT that I didn't mention is that it's based on the code of another 
alternative firmware product, OpenWRT, which is our main topic of 
discussion this time. 

The popular wireless router manufacturer Linksys developed a small 
Linux-based open source OS to drive its AP hardware. People took copies 
of this code and began tweaking it to fit their own needs. This trend 
gave rise to an alternative firmware product called Alchemy, which was 
also eventually published as open source. Alchemy led to a spinoff 
called OpenWRT, which in turn led to another spinoff called DD-WRT. 

Unlike DD-WRT, OpenWRT is completely command line based. The standard 
distribution package doesn't include a GUI. This fact has its pluses 
and minuses. On the minus side, using a GUI is easier than remembering 
all sorts of commands and their associated parameters. On the plus 
side, not having a GUI makes the code base smaller, which can be a big 
deal when a given router has only so much storage and memory capacity. 
If your router has limited space or you prefer using a Linux command 
line, OpenWRT (downloadable at the URL below) is a good choice. 

Like DD-WRT, OpenWRT supports quite a number of routers. You can check 
whether your particular model is supported by reviewing the hardware 
table, which includes some hardware that's been tested and found to not 
work with OpenWRT. 

OpenWRT supports many security features that you might find useful, 
including a firewall based on ipchains, Wi-Fi Protected Access (WPA) 
encryption, Remote Authentication Dial-In User Service (RADIUS) 
authentication, and Dropbear Secure Shell (SSH) server. Add-on 
packages, such as OpenVPN (at the first URL below), are also available. 
If you need help configuring OpenVPN, visit the second and third URLs 

Other useful add-on packages are listed at the URL below and include a 
mini Asterisk VoIP server, The Onion Router (TOR) server, a PPTP 
server, the Chillispot hotspot creation package, and handy shell tools 
such as Fyodor's Nmap and Dug Song's dsniff auditing and penetration 
testing suite. 

As with any alternative firmware, be sure that it will work on your 
hardware and that you're relatively comfortable that you can configure 
it to your needs before you try to load it. Be sure to read the 
extensive OpenWRT documentation, and if you have questions, use the 
forum at the OpenWRT Web site.

=== SPONSOR: SecureWave =======================================
Rogue Applications and Media Devices
   Threats to your data don't just come from the outside -- they can 
come from internally as well, whether a result of malicious intent or 
unintentional negligence. Download this free whitepaper today to learn 
to effectively establish and enforce security policies for all 
applications and devices in use on your network. 

=== SECURITY NEWS AND FEATURES ================================
Microsoft Releases Patch for Critical IE Vulnerability
   Microsoft released a security patch outside of its scheduled monthly 
patch release cycle to address a critical vulnerability in Internet 
Explorer (IE). Microsoft Security Bulletin MS06-055--Vulnerability in 
Vector Markup Language Could Allow Remote Code Execution (925486) 
should be applied to all Windows 2000, Windows XP, and Windows Server 
2003 systems, including Windows Server 2003 Release 2 (R2). 

Symantec Reports on Current Threat Trends
   Symantec said that according to data collected from its deployed 
products, attackers are shifting their attacks from network 
infrastructures and system services toward end users. The findings, 
from January through June, were revealed in the company's recent semi-
annual Internet Security Threat Report. 

Windows Vista's Take on Least Privilege
   One of the most fundamental security changes in the oft-delayed 
Windows Vista will be the OS's new least-privilege support, embodied in 
the User Account Control (UAC) feature (formerly called the Least-
Privileged User Account). Jan De Clercq provides an overview of this 
new security technology. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Surf Control =====================================
Ten Steps to Achieving Business Compliance
   Learn the 10 steps you need to take to achieve corporate compliance, 
including operational visibility in all communication data. As an extra 
step, stop network assaults so that you can use the Internet 
confidently, both on and off your corporate network. 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Firefox 2.0 RC1 Available
by Mark Joseph Edwards, 

On September 27, Mozilla Foundation announced the availability of 
Firefox 2.0 Release Candidate 1 (RC1). The new version includes many 
feature enhancements, a number of which are related to security. Get a 
quick rundown of the new features and a link to download Firefox 2.0 
RC1 in this blog article. 

FAQ: Controlling Group Policy Editor
by John Savill, 

Q: How can I control which .adm files are used when I edit a Group 
Policy Object (GPO)?

Find the answer at 

   A forum participant is having a problem with Encrypting File System 
(EFS) and Web Distributed Authoring and Versioning (WebDAV). When he 
uses a Secure Sockets Layer (SSL) connection (via HTTP Secure--HTTPS) 
to send a file from a client to the WebDAV folder on a server, the 
client decrypts the file and stores the file in unencrypted format on 
the server without warning. Join the discussion at: 

Secure Messaging 
   Multiple layers of defense help protect your business by decreasing 
the likelihood that any single threat can compromise your network. Use 
these resources to learn about a broad range of Microsoft security 
solutions that can help protect your messaging environment: guarding 
the perimeter with Microsoft Exchange Hosted Services, adding a buffer 
and firewall protection with Microsoft ISA Server 2006, helping to 
protect internal messages with Microsoft Antigen, and using Windows 
Rights Management Services (RMS) to help safeguard sensitive emails and 

   Sponsored by Microsoft Learning Paths for Security 
Share your security-related tips, comments, or solutions in 1000 words 
or less, and you could be one of 13 lucky winners of a Zune media 
player. Tell us how you do patch management, share a security script, 
write about a security article you've read or a Web cast you've viewed. 
Submit your entry between now and December 13. We'll select the 13 best 
entries, and the winners will receive a Zune media player--plus, we'll 
publish the winning entries in the Windows IT Security newsletter. 
Email your contributions to 
   Prizes are courtesy of Microsoft Learning Paths for Security: 

=== PRODUCTS ================================================== by Renee Munshi, 

Encrypt Data in Flight and at Rest
   BitArmor Systems announced the availability of BitArmor Security 
Suite, software that encrypts data both while in flight and at rest 
whether on workstations or servers, portable media, or storage systems. 
BitArmor lets you set policies for data encryption, retention, and 
deletion and provides an architecture for managing encryption keys. 
BitArmor Security Suite is designed to accelerate industry-standard 
encryption algorithms to provide "wire-speed" encryption and to secure 
data without any changes to applications, networks, or storage devices. 
For more information, go to 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Uncover Essential Windows Knowledge Through Excavator 
   Try out the ultimate vertical search tool--Windows Excavator. 
Windows Excavator gives you fast, thorough third-party information 
while filtering out unwanted content. Visit 

Join experts Douglas McDowell from Solid Quality Learning and Andrew 
Sisson from Scalability Experts, as well as Intel insiders and other 
database professionals, to learn the latest about SQL Server and Oracle 
database mirroring, BI, 64-bit database computing, and high-
availability. Coming to cities across the US this fall. Visit 

Your business, like most today, relies upon its computing systems to 
store financial information, house proprietary data, and maintain 
communications channels. This increasing reliance also increases the 
dangers to your systems from security breaches, including viruses, 
spyware, spam, and hackers. Visit the Windows Protection Site at for the latest tips on 
safeguarding your system.

Learn all you need to know about code-signing technology, including the 
goals and benefits of code signing, how code signing works, and the 
underlying cryptographic and security concepts and building blocks. 
Download the full eBook today--it's free! 

Learn from industry expert Michael Otey about different approaches to 
server consolidation and how to stop server sprawl by using 
consolidation and virtualization. Find out how to run legacy OSs, 
Linux, and Windows together and more using virtualization. You'll even 
get step-by-step instructions on building a virtual machine for Windows 
Server 2003. Live Event: Wednesday, October 18 

=== FEATURED WHITE PAPER ======================================
Examine the threats of allowing unwanted or offensive content into your 
network and learn about technologies and methodologies for defending 
against inappropriate content, spyware, IM, and P2P. 

=== ANNOUNCEMENTS =============================================
Monthly Online Pass--only $5.95 per month! 
   Includes instant online access to every article ever written in 
Windows IT Pro, as well as the latest digital issue. Sign up now:  

Save $40 off SQL Server Magazine 
   Subscribe to SQL Server Magazine today and SAVE up to $40! Along 
with your 12 issues, you'll get FREE access to the entire SQL Server 
Magazine online article archive, which houses more than 2,300 helpful 
SQL Server articles. This is a limited-time offer, so order now: 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Donate online for the Ron Santo Walk to Cure Diabetes! 

Site design & layout copyright © 1986-2015 CodeGods