pfSense: SARG Reports (v2.2.6 Update)

This post follows on from my (surprisingly popular) article “pfSense: SARG Reports Not Showing

After an update to v2.2.6-RELEASE I had re-inherited the same

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

error.

On jumping onto the firewall via SSH, it appears that, at some point the sarg-reports directory under /usr/pbi/sarg-amd64/local/ had been turned into a symbolic link (this may have happened via the reinstallation of packages following the update).

As such, any attempts to link /usr/local/sarg-reports to /usr/pbi/sarg-amd64/local/sarg-reports would result in;

/usr/local/sarg-reports: Too many levels of symbolic links.

Continue reading “pfSense: SARG Reports (v2.2.6 Update)”

pfSense: SARG Reports not showing

Image: Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

This appears to be a somewhat common problem with the more recent pfSense installations, when SARG reports are accessed ({Status} > {Sarg Reports} > [View Report] Tab) the UI responds with:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

Edit: 02/01/2016 – After an update to v2.2.6-RELEASE I had re-inherited the same error, this time however, it was caused by symbolic link weirdness – See the fix here.

Some users have reported that changing options in the [General] tab, saving, then forcing a schedule has resolved this issue, I have not been so lucky, so the following is what I needed to do to fix things.

Continue reading “pfSense: SARG Reports not showing”

“Factory” resetting an OpenWRT router

There are many reasons to re-flash your  home router with a different OS than the one the manufacturer has cobbled together, the Misfortune Cookie attack (US-CERT) is just one of them, Having been involved in the testing of a number of domestic xDSL routers, I have a rather low opinion on the amount of care put into the default security levels of consumer devices (but that is not what this post is about).

Image Credit: commons.wikimedia.org
Image Credit: commons.wikimedia.org

I have chosen to utilise OpenWrt on one of my internal wireless access points, and – during a reconfiguration of the network, I managed to bork the settings by not paying attention. With an out-of-the-box device, there is usually a ‘Reset’ button you can hold in while powering up the device which will clear all settings and return you to the initial un-configured state. This is not quite the case with OpenWrt, but it is still a fairly easy process to return your router to a known state, and begin the configuration process again.

  • Disconnect WAN cable
  • Unplug power to router
  • Set your computers IP address to:
    • IPv4 Address: 192.168.1.2
    • Netmask: 255.255.255.0
    • Gateway: 192.168.1.1
  • Re-power your router, pressing the ‘reset’ button when the status light begin blinking (fast)
  • Using PuTTY (or your favourite *TELNET* client), connect to 192.168.1.1 and you should see the OpenWrt prompt. Type the commands below (in red) to reset the router to it’s initial, preconfigured state:
-----------------------------------------------------
root@(none):/# mount_root
jffs2 is ready
jffs2 is ready
switching to overlay
root@(none):/# firstboot
This will erase all settings and remove any installed packages. Are you sure? [N/y]
y
/dev/mtdblock3 is mounted as /overlay, only erasing files
root@(none):/# reboot –f
  • Unset your static IP and have fun reconfiguring your router.

PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST

So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.
The status post that launched a thousand words...
The status post that launched a thousand words…

TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.

Continue reading “PASSWORD MANAGERS, CRYPTOGRAPHY, AND TRUST”

XBox Live via an OpenWRT router

One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.

Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.

Continue reading “XBox Live via an OpenWRT router”

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading “UPnP – Why I don’t allow it on my Home Network”

Credential Security …again

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.

Don't put all your (credential) eggs into one basket
Don’t put all your (credential) eggs into one basket

It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.

For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

Continue reading “Credential Security …again”

Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]

Initial Configuration (via Web Browser)

In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).

In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).

The new network: Users are seperated into subnets

So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.

Continue reading “Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]”

Tweaking the Home Network – pfSense Firewall [Part 1: Installation]

So, now we have teenagers, I’ve realised a need to create a little more separation with our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit. With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.

Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.

070523-F-9059M-226So, now we have teenagers, I’ve realised a need to create a little more separation within our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit.

With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.

Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.

Continue reading “Tweaking the Home Network – pfSense Firewall [Part 1: Installation]”

Social Scams and Why They Work

Over the last week, as New Zealanders begin to change their jandals (flip-flops / thongs) for shoes, I’ve noted a significant increase in the number of “warnings” being posted in my social network feeds. This is not uncommon and it’s not unique only to my network of contacts as these articles point out.

Scam ImageNow, for the most part, folks in my social stream tend to only get caught on an infrequent basis by these messages. I do my best to flick a link back if it’s an obvious hoax, as do others who we share as common contacts. I have been caught myself and have more than once shared something which, if I’d relied on more than wishful thinking, would/should have been filtered out.

So – why do these attacks work, why do the hoaxes perpetuate, and what can we do as a community to reduce our chances of passing on misinformation to our networks?

The simple answer is diligence. Continue reading “Social Scams and Why They Work”