VPNFilter Malware

Malware tied to Russia can attack connected computers and downgrade HTTPS

Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware that could be used for a range of nefarious purposes. Now, researchers from Cisco’s Talos security team say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers.

The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack on incoming Web traffic. Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced “essler,” the module can also be used to surreptitiously modify content delivered by websites.

(Much) bigger attack surface

Talos said VPNFilter also targets a much larger number of devices than previously thought, including those made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The malware also works on new models from manufacturers previously known to be targeted, including Linksys, MikroTik, Netgear, and TP-Link. Williams estimated that the additional models put 200,000 additional routers worldwide at risk of being infected. The full list of targeted devices is:

Asus Devices:

RT-AC66U (new)

RT-N10 (new)

RT-N10E (new)

RT-N10U (new)

RT-N56U (new)

RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)

DIR-300 (new)

DIR-300A (new)

DSR-250N (new)

DSR-500N (new)

DSR-1000 (new)

DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200

E2500

E3000 (new)

E3200 (new)

E4200 (new)

RV082 (new)

WRVS4400N

Mikrotik Devices:

CCR1009 (new)

CCR1016

CCR1036

CCR1072

CRS109 (new)

CRS112 (new)

CRS125 (new)

RB411 (new)

RB450 (new)

RB750 (new)

RB911 (new)

RB921 (new)

RB941 (new)

RB951 (new)

RB952 (new)

RB960 (new)

RB962 (new)

RB1100 (new)

RB1200 (new)

RB2011 (new)

RB3011 (new)

RB Groove (new)

RB Omnitik (new)

STX5 (new)

Netgear Devices:

DG834 (new)

DGN1000 (new)

DGN2200

DGN3500 (new)

FVS318N (new)

MBRN3000 (new)

R6400

R7000

R8000

WNR1000

WNR2000

WNR2200 (new)

WNR4000 (new)

WNDR3700 (new)

WNDR4000 (new)

WNDR4300 (new)

WNDR4300-TN (new)

UTM50 (new)

QNAP Devices:

TS251

TS439 Pro

Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN

TL-WR741ND (new)

TL-WR841N (new)

Ubiquiti Devices:

NSM2 (new)

PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)

We looked at the Ubiquiti devices that are on the list. Notice that out of the huge list of equipment that Ubiquiti sells, 2 part numbers are mentioned.  Lim IT Consulting doesn’t have any of these in the field! And next to that, these parts have a very specific use case and are in fact not ROUTERS at all. The NSM2 is the Nano Station, and the PBE M5 is the PowerBeam (with the large dish antenna). Both devices are predominantly used to extend wireless networks, either to out-houses on large properties, or as in the case of the Powerbeam for Internet Operators making connections over a distance of more than 12 Miles. All other devices from the other manufacturers are indeed routers and are very prone to being attacked over the internet.

As always, it is important to keep up with the latest firmware to make sure your network is as safe as possible. We at Lim IT Consulting test all firmware before we roll them out to our customers.

Upgrade to NVR firmware 3.9.5

As you may recall, we decided not to upgrade our Ubiquiti Unifi NVR’s to version 3.9.4, because we saw some issues with regard to connectivity. It turned out our testing was done well, because Ubiquiti later decided to pull the 3.9.4 firmware from it’s repository, and posted an article on how to revert back to version 3.9.3.

Two weeks ago, version 3.9.5 was released to the public and we decided to do some testing again (as we always do) before upgrading our production environments.  In the release notes we can read the following:

Bug Fixes:

  • Fixed an error in motion recording that caused Minimum Motion Event Trigger content to be truncated for short recordings
  • Fixed motion recording playback sometimes including an extra video segment
  • Fixed motion images sometimes not included in alert emails
  • Fixed cloud disconnections caused by websocket pong timeouts, when network is slow or cloud server responses are slowed down.  This solves the repetitive disconnected/reconnected cloud issue.  If your UniFi Video install continues to be disconnected after upgrading, it should come back to a Connected status in 15 minutes or less
  • Fixed Email username field not populated correctly
  • Fixed UniFi Video cloud re-connection hanging after the controller is disconnected either due to degraded network or the UniFi Video installation losing its IP address

Results:

We found the issue we had with the prior release to be fixed and have decided to deploy this version to production environments. Which means that our production environments will go from version 3.9.2 to 3.9.5.

NVR Firmware (3.9.4) on HOLD

At Lim IT Consulting, we thoroughly test software and firmware updates, before we deploy them in a production environment. We do this for all of the product that we support (most of Ubiquiti’s Unifi line of products and  Synology NAS).

We have been testing the new firmware that Ubiquiti sent out a week ago (3.9.4), and we have found some issues with remote connections. We will NOT install this version on any of our installations, and will wait until a newer version comes out, that we can verify to be in correct working order.

UPDATE:

Our testing was good, as Ubiquiti published the following statement:

In light of the cloud connection issues related to UniFi Video 3.9.4, we have decided to pull that release and revert back to 3.9.3 as the current GA release.

We would like to sincerely apologize to our user base and to our exceptional community for the inconvenience this has caused and are committed to getting the next release as stable and reliable before it goes to a public release.  This is not our best work and certainly not up to our standard of quality.

We at Lim IT Consulting are looking forward to the next release Ubiquiti is going to release. They usually do a good job, and we consider this release to be an exception.

Unifi© CloudKey firmware and controller update

Ubiquiti released a firmware update and a controller software update for the Unifi CloudKey. As always, we will have tested the updates before rolling them out to our customer’s networks.

As far as we can tell at this moment, a few new features have been added, which mostly make life a little easier for network and system administrators like us. However two features that are still in Beta, and likely to be released for production soon are called: IPS and IDS. And this will be a big deal for everyone, as the Unifi networks are going to be even more “Fort Knox” impenetrable for hackers.

IDS stands for Intrusion Detection System and IPS stands for Intrusion Prevention System. Unifi’s Intrusion Prevention System will protect the network from attacks and malicious activity. It will block and shut down connections that could compromise your security. The IDS system, will only send alarms when it suspects an attack, but will not act on it.

It was one of the things that we have been asking Ubiquiti to add to their software, and it is good to see that they listen to their customers. In a few months when this feature comes out of Beta, we will apply this to all our managed networks. In the mean time: we still have you covered. The networks are still very safe and no-one will be able to easily gain unapproved access to your networks.

Online Gaming

Playing online video games is probably one of the most network intensive things one can do on the network.  Playing games is a nice way to relax, if the technology doesn’t fail you.

When everything starts getting sluggish, and you already made sure that your internet provider gives you enough bandwidth (upstream and downstream), what could be causing this issue?

More often than not, when you run into these types of issues, the cause is that your WiFi router cannot keep up with the demand.

The regular consumer grade WiFi router does 3 or 4 tasks:

  • provide WiFi access
  • route traffic to and from the internet
  • network switching (connects all the ethernet cables to the network)
  • and sometimes it is also a modem (AT&T, Comcast etc.), which connects to the actual internet provider’s network.

Although it is tempting to use these all in one solutions, they are what you’d call: Jack of all trades, master of none. Most likely the routing function and/or the WiFi function are lacking horse power. Routing actually needs a speedy CPU, as does the WiFi function. However the WiFi is also hampered by things like interference and maximum range. The farther from the antenna, the slower the speed. Interference of neighboring networks, microwaves, drywall and other obstructions will only make it worse. And gamers typically already use the 5GHz network for WiFi, which by technical limitations has a lesser penetration to begin with (but is faster). What that means is that the range of the network is much smaller compared to the slower 2.4 GHz network, and that the speed decrease, as a function of distance is even worse! If you want to have maximum speed at the 5GHz network you need to be within a few feet from the antenna.

It is often said that for online gaming you need to use a wired connection instead of a WiFi connection. However this is only true if your WiFi network is not up to the task. Lim IT Consulting can fix that for you! You can even invite a few friends to your party and have them also play on your WiFi network. If you use the right equipment and set it up correctly, this is all possible.

We at Lim IT Consulting recommend simple enterprise grade solutions by Ubiquiti. The separate components together cost just slightly more than a high end consumer grade solution, but everything just goes fast! All the time! Just as we like it when we’re playing games at 60fps!

Give us a call or send an email if you want to learn more, or need help.

 

Remote access to the network in your shop

After a long day, all you want is to go home, have dinner and take a long shower. However, you still have to send out some invoices, pay some bills, and do some other book keeping things. You can’t go home until you finished these tasks….. or can you?

We understand that you want to see your kids, before they go to bed! We have solutions that make it possible to securely login to your small business network from your couch, using your Mac or Windows computer.

With our solutions using the Unifi line from Ubiquiti it is all possible without breaking the bank.

Call us or send us an email if you want to learn more: (408) 218 2775  or info@lim-it.com

Mac OS CRM software

Although it is not a product that we sell, we are just such big fans of BusyCal and BusyContacts that we can recommend it to our customers who own small businesses and use Mac computers. We’ve been using this software at Lim IT Consulting for nearly 2 years and we like it a lot!

We like how wel the integration works with email, calendar and the contacts application. Whenever you lookup a contact, you can immediately see all the email exchanges that have taken place between yourself and the contact. On top of that you can add all relevant notes (for example when on the phone) and give it a date and time stamp.

The products have many more features than what we have quickly posted, here. But since we have been getting questions about CRM and Mac OS, we thought it would be a good idea to put something in our blog about what we use.

BusyCal and BusyContact by ‘busymac‘. If you need a good working solution  for CRM, that doesn’t break the bank and also integrates in your normal workflow on your Mac, have a look their website.

And of course, if you need any other IT assistance with regard to WiFi, networking, routing or other IT “Stuff”, give us a call on: 408 218 2775 or reach out to us via email: info@lim-it.com

 

Synology DS1815+ memory upgrade

At Lim IT Consulting we use a Synology DS1815+ for our file storage. We also use this NAS to run our mail server and other things. The beauty of the Synology NAS over a full fledged server is the very low power consumption, small foot print, and the ease of use, while still more than powerful for the use in our small business.

We predominantly use Apple MacBooks and iMac’s in our business and we use the Synology as our Apple Time Machine target. This means that whenever we are in the office, our computers will get backed up. Apple Time Machine is a very good back up solution. It backs up all changes every hour, which in practicality means that it usually doesn’t take long. The other nice thing about the Time Machine backup on the Synology is that you can actually restore a specific file from a specific moment in time (not just the latest version). And this is all done in the background. Our Synology is the hub of this all.

Another great feature of Synology is that it can backup folders which are stored on the Synology NAS, to the cloud. This gives us even more peace of mind. Should the entire NAS fail (which is very unlikely with all the redundancy that is built in), we have the important files also securely in the cloud.

original memory module in the NAS
in the left window you can see the new 8GB module

The Synology DS1815+ comes factory equipped with 2GB of RAM. This is enough to run the machine properly. Officially the machine can be expanded to 6GB by adding a 4GB memory module to the open slot, which can be accessed by removing the cover (just remove 6 philips screws). We figured that as the DS1815+ uses an Intel Atom C2538 Quad Core 2.4GHz processor, it should be able to address 8GB per slot. Sure enough, when both memory banks were fitted with 8GB DIMM’s (Crucial 16GB RAM kit)   the system booted up and performed flawlessly. 

Why did we want to upgrade the RAM? Well we wanted to use the Synology DS1815+ for more tasks than what we were using it for. Additional load, without enough memory slows down the NAS, as it needs to swap the RAM to disk. This disk swapping causes lag. And here at Lim IT Consulting, we want things to move along fast! Which is why we also love the Ubiquiti network solutions!

So now our very small, low power, no noise, centralized storage solution is also running a mail server, anti virus, Cloud Sync, MariaDB (MySQL), Apache web server, DNS, and a WIKI.

 

Finished installation of Ubiquiti Security Camera system

We finished a nice project, for a customer who wanted a simple, yet effective security camera system for his house. We are of the opinion that it is best to use a wired system instead of a wireless system. Next to that, being able to use the ethernet cabling that is also being used for the computer network makes things so much easier.

We chose the Ubiquiti Unifi® NVR  for the recordings, and we used 2 UniFi® Video Camera G3 Domes and 5 UniFi® Video Camera G3’s. Everything is power over the ethernet cabling, so no additional power outlets were required. One specific camera was pointed at the mailbox, which was a little further away, so we added the IR Range extender to that camera to have perfect night vision. The 1080P recordings are really good, crisp details and great night vision.

 

Test Bench

This is our new test equipment to make sure customers’ networks operate reliably

 

We do installations and configuration of Ubiquiti network equipment, as well remote network management for our customers. And to do this most effectively we need to make sure that all of the settings that we are going to apply are going to work, and don’t introduce reliability or performance issues (or even worse: introduce security risks). We test all of this in our lab, and today we upgraded our lab with new test bench equipment. Not in the picture is the WiFi Access point and we also left out the servers and other computers we use. The equipment listed below is ‘punished’ on a daily basis by upgrading firmware and testing out settings, rolling them back etc. etc. We make sure we have everything checked out before we expose our customers with upgrades.

  • Unifi Cloud Key (like our remote customers use)
  • Unifi Switch 8 – 60 Watt (same firmware as the bigger Ubiquiti Unifi switches)
  • Unifi Security Gateway (like most of our remote customers use. But same firmware as the bigger USG PRO.)

If you like to learn more about our solutions, please reach out to us via email: info@lim-it.com or call us on: (408) 218 2775