AOH :: ISN-3125.HTM

Alternative Firmware for Wireless APs: Talisman

Alternative Firmware for Wireless APs: Talisman
Alternative Firmware for Wireless APs: Talisman


Save on the #1 Ranked Web Filtering Appliance 

How to Build a Real Time Enterprise. Free White Paper! 

Improving Remote Access Security and Monitoring 

=== CONTENTS ==================================================
IN FOCUS: Alternative Firmware for Wireless APs: Talisman

   - Windows Shell Vulnerability Is Being Actively Exploited
   - Microsoft Aims to Outmaneuver Pirates
   - St. Bernard Reels in Singlefin
   - Recent Security Vulnerabilities

   - Security Matters Blog: Toolkits Help Increase Number of Malicious 
Web Sites
   - FAQ: New Admin Template Format in Vista and Longhorn
   - From the Forum: EFS Questions
   - Microsoft Learning Paths for Security: Multiple-Layer Defense for 
Secure Messaging
   - Know Your IT Security Contest

   - Flexible, Portable Data Safes
   - Wanted: Your Reviews of Products 




=== SPONSOR: St. Bernard Software =============================
Save on the #1 Ranked Web Filtering Appliance 
   iPrism, the IDC-ranked #1 Web filtering appliance has an offer 
that's too good to pass up. Purchase a 3-year subscription to the most 
accurate database in the industry and get your iPrism appliance at no 
charge. Or, purchase an iPrism and a 3-year subscription and get an 
extra year free. Only iPrism gives you two ways to save big. This is a 
limited time offer so get a Quick Quote now! 

=== IN FOCUS: Alternative Firmware for Wireless APs: Talisman =   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week I wrote about the alternative access point (AP) firmware 
OpenWRT (first URL below). Before that, I wrote about DD-WRT (second 
URL below). Both are good choices. If you recall, I mentioned that both 
of these firmware packages descended from Alchemy, which in turn 
descended from open source code published by Linksys. 

This week I'll discuss Talisman, developed by Sveasoft, which is the 
descendant of Alchemy, also by Sveasoft. Unlike OpenWRT and DD-WRT, 
Talisman isn't free. Talisman has caused some controversy--mainly 
because Sveasoft took open source code, improved and changed it, and is 
selling the result. Also, as I understand it, some people think 
Sveasoft didn't publish the modified code promptly enough to meet the 
licensing requirement of the code released by Linksys. Of course this 
sort of behavior is a sore spot among some open source proponents, but 
in my opinion, it's not necessarily a bad reflection on Sveasoft. After 
all, Talisman is very good software. 

Talisman currently works on ASUS, Belkin, Buffalo Technology, and 
Linksys APs and is available in four different versions: Micro, 
Hotspot, Basic, and VPN. The latter three are still in development 
stages, not officially released, but you can download beta versions. 
Several other versions (in addition to these four) are either in the 
planning or preliminary development stages.

The Micro version is for use in APs that have only 2MB of flash memory-
-most newer APs have more memory than that. Micro also supports only a 
subset of the features available in Basic, which I'll discuss in a 

The Hotspot version is designed to easily create public wireless 
hotspots, which can be completely open or can be made to require logon 
credentials. So when someone connects to the AP they'll be cable to 
just click-through to the Internet, if your hotspot allows free public 
access, or they'll be presented with your custom splash screen at which 
they can log on, if you require that. Hotspot also includes support for 
billing in case you want to charge for network access. 

Talisman Basic includes support for Wi-Fi Protected Access (WPA) and 
WPA2 encryption, Secure Shell (SSH), PPTP VPNs, Remote Authentication 
Dial-In User Service (RADIUS) authentication, port triggering, Virtual 
LANs (VLANs), VoIP, a firewall based on ipchains, Quality of Service 
(QoS) bandwidth controls, and much more.

Like OpenWRT, the Talisman line includes an easy-to-use Web-based 
interface for administration. And you can of course add tools and 
packages such as a router advertisement daemon (RADVD), which helps 
automatic configuration for IP version 6 (IPv6)-enabled systems. Other 
add-ons include an SNMP daemon and a GeoIP package that facilitates IP 
address-to-country cross-referencing that can be used with the QoS 
feature to develop filters. 

The Talisman VPN version might be very useful, especially if you need 
to connect offices. It supports the Basic features plus IPsec with 
Advanced Encryption Standard (AES), DES, and Triple DES (3DES) 
encryption; MD5 and Secure Hash Algorithm 1 (SHA1) hashes; and a 
special section in the Web administration interface designed to 
configure IPsec tunnels. 

Talisman is available via subscription for $20 per year. (You can also 
download the previous version, Alchemy, for free.) For that price, you 
get a copy of the firmware and access to the support forums. Because 
Talisman is commercial software, it's locked to specific MAC addresses. 
You must supply your routers' MAC addresses when downloading the 
firmware, and the firmware will operate only on those particular 
routers. You can enter up to five MAC address, so for $20 per year, 
it's a good deal. For more information about or to purchase Talisman, 
go to 

And while you're on the Web, stop by YouTube and view the video clip at 
the link below. It's an amusing couple of minutes that promotes the 
TechX World interoperability conference (produced by Windows IT Pro), 
which is coming soon to a city near you. 

=== SPONSOR: NetSuite =========================================
How to Build a Real Time Enterprise. Free White Paper!
   The vast majority of businesses have information scattered 
throughout the enterprise on paper, in siloed databases and in emails, 
making real-time operations difficult to achieve. Learn the benefits 
and explore the challenges mid-sized businesses face in their real-time 
enterprise efforts. 

=== SECURITY NEWS AND FEATURES ================================
Windows Shell Vulnerability Is Being Actively Exploited
   H.D. Moore discovered a vulnerability in the Windows Shell that 
could allow a remote intruder to execute arbitrary code on an affected 
system. The vulnerability is in the WebViewFolderIcon ActiveX control, 
and an exploit has been published. A module for H.D. Moore's popular 
penetration testing tool, Metasploit, has also been released. Exploits 
using the module are taking place in the wild on the Internet. 

Microsoft Aims to Outmaneuver Pirates
   Microsoft hopes its new Software Protection Platform will help it 
outmaneuver software pirates by changing product activation and online 
validation and by introducing better detection for tampering and 
hacking. The company said that Windows Vista and its upcoming Windows 
Server "Longhorn" will be the first two products to ship with the new 

St. Bernard Reels in Singlefin
   St. Bernard, provider of security appliances and software, is adding 
managed security and business services to its portfolio with the 
acquisition of Singlefin. St. Bernard can now offer on-demand email 
filtering, Web filtering, and instant messaging (IM) management as a 
hosted or managed service to small and midsized enterprises. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: SurfControl ======================================
Improving Remote Access Security and Monitoring
   Are you vulnerable when your users access the internet outside of 
the corporate network? Track and monitor remote access easily and 
unobtrusively to make sure that your intellectual assets are secure. 
Download the free whitepaper and find out more today! 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Toolkits Help Increase Number of Malicious Web 
by Mark Joseph Edwards, 

The number of malicious Web sites is on the rise, and with toolkits 
available to create them, it's really no wonder. According to Websense, 
the number of malicious sites increased by 100 percent during the first 
half of 2006. Read more about this trend in this blog article: 

FAQ: New Admin Template Format in Vista and Longhorn
by John Savill, 

Q: Where can I find details about the new ADMX format that Windows 
Vista and Longhorn Server use?

Find the answer at 

   A forum participant wants to know if there is an easy way to get 
Encrypting File System (EFS) to encrypt all the subfolders and files 
within the selected folder. He also wonders whether data encrypted in 
Windows 2000 using DESX can be decrypted in Windows XP, how to cause 
EFS to use certificates from a US Department of Defense (DoD) Common 
Access Card (CAC), and how to handle exporting a certificate for use on 
another machine should that be necessary. Join the discussion at: 

Secure Messaging 
   Multiple layers of defense help protect your business by decreasing 
the likelihood that any single threat can compromise your network. Use 
these resources to learn about a broad range of Microsoft security 
solutions that can help protect your messaging environment: guarding 
the perimeter with Microsoft Exchange Hosted Services, adding a buffer 
and firewall protection with Microsoft ISA Server 2006, helping to 
protect internal messages with Microsoft Antigen, and using Windows 
Rights Management Services (RMS) to help safeguard sensitive emails and 

   Sponsored by Microsoft Learning Paths for Security 
Share your security-related tips, comments, or solutions in 1000 words 
or less, and you could be one of 13 lucky winners of a Zune media 
player. Tell us how you do patch management, share a security script, 
or write about a security article you've read or a Webcast you've 
viewed. Submit your entry between now and December 13. We'll select the 
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security 
newsletter. Email your contributions to 
   Prizes are courtesy of Microsoft Learning Paths for Security: 

=== PRODUCTS ================================================== by Renee Munshi, 

Flexible, Portable Data Safes
   Steganos is releasing a new version of its encryption application, 
Steganos Safe 2007. New features include the ability to use picture 
sequences as passwords; support for Apple iPods, USB drives, and other 
devices and media to store encrypted data or keys; and protection of 
data in Microsoft Outlook. With Steganos Safe 2007, users can create as 
many virtual drives as they want for storing encrypted data, and these 
drives (called "safes") can be accessed from applications, Windows 
Explorer, and Web browsers. Each safe can be up to 256GB in size, and 
users can change the size of safes as necessary. Steganos Safe 2007 
costs $49.95. For more information, go to 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Windows Connections Conference 
   Come learn about Vista, Exchange, Office, SharePoint, and more in 
Las Vegas, November 6-9, 2006 at Windows Connections and Microsoft 
Exchange Connections. There will be exciting announcements from 
Microsoft that no one should miss! There's no better conference value 
in the US this fall. 

As an IT pro today, chances are that you work in a "Windows Plus" 
environment. Learn from and meet industry experts Gil Kirkpatrick, Mike 
Otey, Dustin Puryear, and Randy Dyess in this full day of training on 
managing Windows, Linux, UNIX, Apache, MySQL, and more. Join TechX 
World--coming to Washington, DC on October 24, Chicago on October 26, 
Dallas on October 31, and San Francisco on November 2. 

Whether you're an outsourced IT provider, a member of an in-house IT 
service staff, or simply provide remote support, this can't-miss Web 
seminar will help you discover how the right technologies can expand 
your services. You'll learn how to tap into a $30 billion market for IT 
services and expand your geographic reach. Live Web seminar: Tuesday, 
October 17 

How do you manage vulnerabilities? If you depend on vulnerability 
assessments to determine the state of your IT security systems, you 
can't miss this Web seminar. Special research from Gartner indicates 
that deeper penetration is needed to augment your vulnerability 
management processes. Learn more today! 

Do you have visibility of and control over your software licenses? Most 
organizations face serious challenges, including understanding vendor 
licensing models, cost overruns, missed deadlines and business 
opportunities, and lost user productivity. Learn to address these 
challenges and prepare for audits. Register for the free Web seminar, 
available now! 

=== FEATURED WHITE PAPER ======================================
One common set of controls can help you manage compliance across 
multiple regulations and standards. Download this free IDC white paper 
and find out how to map these controls and save time and money in 
demonstrating compliance. 

Special Offer: Download any white paper from Windows IT Pro before 
October 31 and enter to win a Casio Exilim Card Camera! The more you 
download, the more chances to win! Visit for a full listing 
of white papers and contest rules.

=== ANNOUNCEMENTS =============================================
Invitation for VIP Access  
   Become a VIP Monthly Pass subscriber and get instant online access 
to every article published in our network. You'll get full Web access 
to Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook 
Administrator, Windows Scripting Solutions, and Windows IT Security 
newsletters--that's more than 26,000 articles at your fingertips. Sign 
up now for only $29.95 per month:

Save $40 off on Windows IT Pro  
   Subscribe to Windows IT Pro today and SAVE up to $40! Along with 
your 12 issues, you'll get FREE access to the entire Windows IT Pro 
online article archive, which houses more than 9,000 helpful IT 
articles. This is a limited-time offer, so order now:

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods