Category: Technology Stuff

Goodmorning fellow sysadmins! 🙂

A lot of you that I know manage small networks for your home, church, family business or small business. Many of you may not consider yourselves sysadmins, but as you’re the only ones with passwords to the router and computer, you are effectively acting the role. If this matches you in any way, please keep reading.

This morning, technical details were published on a reliable method (called KRACK) to break the WPA2 encryption algorithm. WPA2 is used to encrypt wireless traffic on networks. Hackers exploiting the vulnerability will be able to decrypt network traffic from WPA2-enabled devices, hijack connections, and inject content in at the network layer. (http://www.tech-faq.com/wp-content/uploads/2009/01/osimodel.png)

WPA2 has for years been the preferred method of wireless network encryption. If you are using a wireless network anywhere, it is almost certainly using WPA2. You can read more on the vulnerability and attack here https://www.krackattacks.com/ and here http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/.

Should you panic?

If all that you use your wireless network for is connecting to it from smartphones and laptops, probably not. The vulnerability is one that is on the client side, not router side; while I haven’t checked, it’s likely that Android, iOS, Windows, Mac, Linux-based distros and others have developed or are developing patches for WPA2 devices and publishing them. Additionally, any website you visit or download data from that uses an HTTPS connection (look for the https://www.site.com in your URL bar) encrypts data with an additional layer of security that hackers using this exploit would not be able to read. You may have noticed by now that this blog is not using HTTPS; however this blog does not require you to send any sensitive credit card or personal information, so your risks are minimal. Do make sure to check for software updates on your devices if you’re still worried. Actually, do make sure to check for software updates on your devices even if you aren’t worried. Yeah, that would be good.

If you use wireless networking for connecting printers or servers or if you use mixed networking (eg. wireless networking for printers or other devices + wired networking for servers or other devices), then yes, you may go ahead and start to quietly, low-grade panic. Picture this: your 7-year-old laser printer, the most economical option at the time, is set up to connect to your network via wireless since it’s in a different room from your router. This printer is no longer supported by the manufacturer, and even if it was, it never checks for or installs updates automatically. Now, you have a fileserver or file sharing system set up internally via a Windows workstation environment or via FTP. Neither of these are terribly secure, but they’re easy to set up, and since only people who can connect to the network can access these, you’re good right?

Well, not anymore. A hacker with malicious intent can now hack the connection you have through your printer (remember the vulnerability is on the client side, so even if your router is patched you may still be vulnerable). From hacking the connection, they can send requests to your internal network or steal information to connect to your network. Voilà! They can now access all the files you have internally shared or stored on your fileserver. And believe me, there are other things they can do as well.

What you do with this information is up to you, but taking the following steps will help no matter what kind of network you are running. Some of these you should be doing anyway, but if you aren’t, now’s a good time to start doing them:

• Make sure your router is up-to-date. Start checking for patches on it regularly if it isn’t automatically updating.
• Make sure all your devices are all downloading and installing updates as well.
• Make sure every older device or any device that you aren’t sure about whether it is up to date or not is disconnected from the wireless network. Reconnecting it via a wired network won’t pose any vulnerabilities.
• If you can, disabling the wireless network if you aren’t sure what to do yet doesn’t hurt.
• If you give the wireless password to people who aren’t part of your organization, update the wireless password. You can’t be sure if their devices are up-to-date or not. Make sure to set up a guest network for these kinds of people in the future, and make sure guest network traffic is isolated from your main network.
  
  Get Emails When I Write Stuff

For a period of time over the past year or so, I have had no backups of data on my personal computer.

Yeah yeah, I know this is a tremendously bad idea and that if a drive goes or a fire happens I would lose everything that wasn’t on my Google Drive. For some time I was using a service called Symform, which let me back up as much as I wanted for free, so long as for every gigabyte I backed up that Symform could use several gigabytes of my drive to backup other people’s data. This seemed like a marvelous solution for a cash-strapped college student who had a secondary 2TB drive with almost nothing on it. Alas, Symform was acquired by some company called Quantum, and the Symform service was shut down early last year.

Since then I’ve looked into Carbonite and Backblaze. They seem like good enough services, but $9.99 (Carbonite) or $5 (Backblaze) a month for personal plans still adds up significantly over the course of a year. As a cash-strapped college recent graduate, I wondered to myself if there was a way that I could get the job done less expensively.

As it turns out, there is.

Backing Up Data Directly to the Cloud

Microsoft, Amazon, and Google (and other providers most likely) all offer cloud computing services for running things like scalable, on-demand web servers that don’t go down when your power does. These companies additionally offer cloud storage options as well. They are set up to take advantage of economies of scale, and are all in a knock-down, beat-’em-up fight with each other to gain the upper hand in this market. What this means for us as tech-savvy consumers is that we can back up our data directly to the cloud at a price of pennies a month per gigabyte.

This is currently what I’m doing to back up data on both my main rig and my webserver. I’m using a service provided by Google called Google Nearline; if you decide you’d like to do something similar to back up your data (or if I forget how the heck I did this and need to set it up again five years down the road), I wrote down the steps I took so you or Future Michael can get started with doing the same thing.

Google Cloud Nearline

Google Nearline has a splendid whitepaper with more information published here https://cloud.google.com/storage-nearline/nearline-whitepaper with more details on their pricing schematic published here https://cloud.google.com/storage/pricing. For those of you for whom that’s a TLDR, the short story is that Google Nearline will store your data for $0.01 per gigabyte. You do need to pay extra to retrieve or delete the data, but that only costs $0.01 per gigabyte as well. Although unless something goes horribly wrong you won’t need to retrieve your data anyway, and let’s be honest, if you really *do* need to retrieve that data, $0.01 per gigabyte is not that steep an extra price to pay. Once you read over the whitepaper and are as pumped for inexpensively backing up your data as I am, go ahead and mozy over to https://cloud.google.com/ to sign yourself up with your Google account. If you haven’t used Google Developer Tools before, you can opt to start a trial when you set up your account. Doing this will ask you for a credit card to verify you are a real person; I did this and haven’t seen any small charges come through, so you should be safe to do this no matter what your balance is.

Once you have familiarized yourself with the Google Cloud Console, install the gsutil tool onto your machine. gsutil runs in the terminal, and is free to use. If you do some Googling you may even be able to find a wrapper utility that runs gsutil in a graphical user interface. Instructions are provided by Google at https://cloud.google.com/storage/docs/gsutil_install for Linux, OS X and Windows. Once the host set up, link the tool with your Google account by running gsutil auth login in the terminal; this will give you a link to paste into the browser, which will give an authentication code for the tool.

Create Backups

I’d like to take a moment to give credit where it’s due for this next part. Bradley Falzon saved me a good bit of time with his article at https://bradleyf.id.au/nix/google-storage-nearline-linux-backups/; for the sake of preservation, I copied what he wrote at the bottom of his tutorial.

Restore Backups

Remember you will be charged your monthly fee to retrieve your data. Restoring backups is much the same as creating them, but by reversing the directory and bucket parameters on rsync. So to restore data from a bucket to your computer, the following would be run:

# gsutil -qm rsync -r gs://bucket_name /directory

The rsync command is what you’re going to be using the most often to perform backups of your data. More information is given on rsync at https://cloud.google.com/storage/docs/gsutil/commands/rsync