Down to Business - What's a DMZ?

Comment

Down to Business - What's a DMZ?

A DMZ is kind of like a firewall, but it has a very specific purpose and is used for certain types of machines.

A DMZ is kind of like a firewall, but it has a very specific purpose and is used for certain types of machines.

Let's talk about some details when it comes to IT networks.  In the Down to Business series, I want to introduce you to some more advanced topics in the IT world.  It is my hope to increase your knowledge and interest in the field of IT while learning about all that goes on behind the scenes to make your Internet experience as seamless as possible. 

For our first topic, let's talk about DMZs - why have one, what are they, where are they used, should I have one at home or in my office, etc.  A DMZ, according to Wikipedia, "is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet."   Large networks have a lot of key pieces that need a high degree of protection.  These could include DNS servers, email servers, web servers, DHCP servers, routers, switches, SANs/NASs,/file servers,  domain controllers, etc.  A simple network in an enterprise sense doesn't exist!  They are very complicated and must be heavily monitored to ensure they work properly and are administered securely. 

Why the focus on security when discussing a DMZ you might ask? This is exactly what a DMZ is here for.  In a military setting a DMZ (or demilitarized zone) is an area that doesn't belong to either party.  Well, in the IT world, the DMZ does happen to belong to the organization hosting it but there is a difference - it is exposed to the outside world (carefully).  For email servers, web servers, DNS servers, FTP servers - anything that is a normal attack target for hackers - there is a choice that would lead to keeping the internal network much safer - keep them out of the internal network.  Think about the number of attacks that a web server faces on a daily basis; could you imagine this being inside an internal network where the rest of your precious files and devices live?  No.

The DMZ lives to protect the internal LAN.  Host a web server in the DMZ rather than hosting it internally to your LAN.  You can place specific safeguards on the DMZ to keep it safe from hackers, but you can also have it exposed to the world so that people can access your website with ease.  There are major types of DMZ configurations - the first has a single firewall and the DMZ logically placed outside of the physical network.  This aids in network management and keeps costs down.  The second implementation has 2 firewalls ordered FW-DMZ-FW-LAN.  This leads to a higher level of protection and granularity at the expense of higher costs and maintenance.

As a home user, do you have the need for a DMZ?  Can you even take advantage of a DMZ on a home router?  The answers are maybe and yes kind of.  As far using a DMZ, there are some routers out there (I'm thinking Verizon specifically) whose routers actually allow for a DMZ (it's a bit concocted and not truly a DMZ but it is close so we'll call it a DMZ).  This would be the place to stick a hardened FTP server, a webcam, a printer, etc. These items might need to be accessed from the outside world, and rather than poking a bunch of holes in your firewall, you could place these items in a DMZ instead and keep the rest of your network safe.  Now, this goes without saying, but make sure to keep these items well hardened.  A DMZ is almost open Internet with these kinds of home routers, so make sure to not place your valuables or anything personal outside your internal LAN.  You can definitely get by without having a DMZ, but why just get by?  Enjoy your IT world!

Comment

Top 3 VPNs to Secure Your Internet Privacy

Comment

Top 3 VPNs to Secure Your Internet Privacy

If you haven't heard, Congress just repealed a law protecting our internet privacy from ISPs (Internet Service Providers). Your data can now be shared across the board without your consent or knowledge. So with these new regulations going into effect, you have the right to wonder just a little bit about what your ISPplans to do with your data.  Why do they need to track every single site we visit or every place we click, how long we're they're, what else we're doing while on the Internet?  Is it to "serve us better"?  That can be your decision.

This blog will provide the 3 best and most secure recommendations for VPNs, or Virtual Private Networks.  VPNs essentially act as a tunnel around your traffic that forwards all of it to another party - away from the sight of your ISP or other snoopers. They provide the best method for ensuring your security as you browse the internet, regardless of the current laws surrounding online privacy. Click here to read more.

Comment

Top 4 Reasons to Use a Password Manager

Comment

Top 4 Reasons to Use a Password Manager

Have you ever thought about the number of passwords that we need to memorize on a daily basis? What about passwords for school, home, work, or any other place that requires you to create an account and login every time you want to use a service? Just counting in my password deck, I have about 150 to remember right now. Who knows how many I will have by next year!

For that reason, I have decided to go with a password manager. There are plenty of password managers out there, and we’ll talk about some in just a second, but basically a password manager is a secure vault that keeps all of your passwords safe – protected behind one very strong password that only you know.

Want some more information? Here’s the low-down on password managers. We all have so many accounts nowadays that it’s hard to remember all of our passwords. So what do we do? Use the same password on multiple accounts, of course. This makes it feasible to actually remember all of your passwords. But hold on, what if one of your accounts gets hacked? If your eBay and Amazon login are the same, who’s to say the bad guys aren’t trying a ton of default websites to see if their newly found treasure opens up other sites as well?

Using the same password in multiple places is dangerous, to say the least. Every password for every website should be unique. And, oh yeah, every password should be AT LEAST 12 characters, and have a) uppercase letters, b) lowercase letters, c) numbers, and d) special characters. You can remember all of these, right?

There are several types of password managers out there. Some live only on one system and remain there only. These static password managers do not sync over the web and will not communicate with any other program you may have on your machine. While these are arguably the strongest type of password manager out there, they are also a bit tough to use since they don’t sync to your devices automagically. Some password managers are features that exist inside of another application (think about your web browser asking you if you want a password remembered). Firefox is my browser of choice, and I could definitely save all of my passwords inside of it for safekeeping. Then I don’t have to remember any passwords and could safely login to all of my accounts. Others password managers can sync all your passwords to multiple devices. If you’re like me, you would prefer having all of your passwords at your fingertips at any moment on any of your devices. Here’s the awesome part – you can!

Why use a password manager?

1) Keep your passwords safe and available on all devices

2) Keep notes and other information in the password manager's vault

3) Keep your data from getting stolen with 2-factor authentication on any site

4) Keep unique, complex passwords for every single website (and application) that you use

There are a TON of password managers out there that allow you to sign in on a device and sync all of your passwords. I’m going to talk about my two favorites – LastPass and Dashlane (I am not an affiliate of either of these, so you can trust my opinion. I’m not getting paid to endorse here). LastPass is the de facto password manager. There are so many features that I could go into, but I’ll keep it simple – it works. On your iPhone? Yes. On your Windows computer? Yep. On Aunt Gertrude’s old Android? Yes indeed. LastPass is a secret vault of passwords protected by one super strong password. You can even log onto the Internet and see a password if you can’t remember it and you’re not using one of your trusted devices. 2-Factor Authentication is supported as well (if you’re into that). And at $1 per month, you can’t beat the price. Dashlane is equally a great password manager, although the interface can be a bit clunky at times. It’s a little more flashy than LastPass, but costs about $40 per year to maintain (still not a bad price for the functionality).

So yeah, use a password manager. It’s important. You don’t want to get your information stolen or your data cracked into. One super strong password is all it takes to have a vault of secret passwords and notes.

Comment

My Router and Me Part 4 - Set Up for Security | Home Router Basics

Comment

My Router and Me Part 4 - Set Up for Security | Home Router Basics

wifi router

Your use of the Internet will never be 100% secure.  Sorry Jack, it just can't happen.  But we can take steps to make your usage a lot more secure than it might be otherwise.  There are tons of things you could do (in fact, I'll probably do a more in-depth series in the future), but think of these few router precautions as the tip of the proverbial iceberg.

Let's talk about 3 ways you can configure your router for safety.  Now that you know how to log in (see Part 3 if you're not sure), you can hunt around a little bit and find these settings.  Every router is different, so we'll take a look at one router but just know that your settings might be configured in another place.

1) Change your admin password!  This is the password that you use to log in to your router.  Sometimes your login might be admin/admin for your username/password.  That's not very secure at all!  You want to use something that includes a) uppercase letters, b) lowercase letters, c) numbers, and d) special characters.  This will keep your router much more secure.  There are lists on the internet that exist solely to alert hackers to default passwords so that they can own your device.  Check out http://www.routerpasswords.com/ to see what I'm talking about.  Kinda scary, eh?

Change your password for safety.  Heck, go ahead and turn off UPnP if your screen looks like this. 

Change your password for safety.  Heck, go ahead and turn off UPnP if your screen looks like this. 

2) Make sure you are using WPA2 encryption for your wireless radio.  For 99.9% of people, there's no reason not to use WPA2 with AES as the encryption standard for your home or small business.  Without going into the details too deeply, WPA2 is a much better way to exchange credentials for a secure connection than was done previously.  There's no reason not to use it, nowadays, unless you are supporting very old equipment. 

Just try cracking this key.  And no, this isn't my password, so don't try.

Just try cracking this key.  And no, this isn't my password, so don't try.

3) Turn off WPS and UPnP.  WiFi Protected Setup is a button you can press to magically sync other WiFi items with your router.  Well, the way that WPS is configured, the key can be trivially cracked, and you could find yourself with a new router owner (i.e., a hacker on the Internet).  UPnP dynamically opens up ports on your firewall...well, let's keep it simple.  Don't use UPnP.  If you want to know more, check it out on Google or just email me at info@nncs.tech.

Disable UPnP.  This is for a media server, but it should reside somewhere in the settings for your router.

Disable UPnP.  This is for a media server, but it should reside somewhere in the settings for your router.

Disable WPS as well. 

Disable WPS as well. 

Comment

My Router and Me Part 3 - Your Router Has an Address | Home Router Basics

Comment

My Router and Me Part 3 - Your Router Has an Address | Home Router Basics

wifirouter

Alright, we have made it to part 3.  Yay.  Cue the party music.

Now it's time to connect the dots with Part 2.  Remember when I said that the router gives out the addresses to the different devices that you have on your home network?  Well if you don't remember, it does.  The router gives out the street name and number so that your computer has a place to live on the network for a while.

The router itself has an address as well.  However, it is static or unchanging.  Why would we want this?  Well, if you want to configure the router differently, you need to be able to connect to it.  Typically, you connect to the router by typing its address into your web browser (Chrome, Firefox, Safari, etc.).  Let's do this together.

1) Find your router's IP address. 
For PC people:  Click the Start button.  Type "cmd.exe".  A command prompt will appear.  Type "ipconfig".  Somewhere in those settings you will find "Default Gateway" - this is your router's IP address.  See the picture below.

ipconfig

For Mac people:  Click on the Apple icon.  Select System Preferences.  Click on Network.  The address called "Router" is your router's address.

macifconfig

2) Type this address into a web browser.  Usually it will be something like 192.168.0.1.

3) Log in to your router with your username and password.  This could be printed on the side of your router or it could be in the documentation that came with the router.

Phew.  That was a lot for one post.  Wait until part 4 - we go a little farther into the belly of the beast with some configurations that will help keep you safe and secure on the Internet.

See part 4 of this series to learn about some basic configuration steps-->

Comment

My Router and Me Part 2 - What is DHCP? | Home Router Basics

Comment

My Router and Me Part 2 - What is DHCP? | Home Router Basics

wifirouter

So this lesson has a point, and it's not just to be nerdy and explain hard computer concepts.  Stick with me on this - it will make sense in Part 3.

Very basically, DHCP is the part of the router that gives your computer an address to talk to the Internet.  DHCP stands for Dynamic Host Configuration Protocol.  Think about it like this:  you live on a street and have a number associated with your house/condo/apartment/etc.  DHCP wants to provide your computer an address, so it will give you a street name and a number so that you can talk to the other members of the street or to other people (i.e., the rest of the Internet).  It might look something like this:  192.168.1.5.  Usually the first part, the 192.168.1.x, is similar to the street name.  This is the same name shared by all of the people on your street. The last number, x.x.x.5, is your specific address.

Your computer knows that every time it connects to a network it also needs to ask for an address from the router.  The router doesn't have a big list of addresses ready and waiting for certain people; the router creates these dynamically (hence the "D" in DHCP).  DHCP is also used to pass a TON of other information necessary to use a specific network - but we won't go into that right now.

Bottom line:  DHCP is what lets you talk on your network by giving you an address.  But what about the router itself?  Does it have an address?  Does it matter either way?  Have no fear, friend, that will be addressed in Part 3 of this series. 

See Part 3 of this series to learn about your router's address -->

Comment

My Router and Me Part 1 - SSID | Home Router Basics

Comment

My Router and Me Part 1 - SSID | Home Router Basics

WiFi-Router-Pic

I’m starting off this blog with a series entitled “My Router and Me”. My hope is to lay out some basic concepts that will help you understand how to use your Internet connection at home proficiently. I’m not here to teach crazy difficult concepts that you might never see or hear; I want to show you stuff that you already interact with on a daily basis.

Everything has a name. And I mean everything. Even looking in home décor catalogs at pillows – these have names. Strange. Anyways, your home Internet connection is no different. It has a name. It might be something like “linksys” or “attwifi” or “J8YGV”, but it definitely has a name. This name is the SSID – or Service Set Identifier. Another common name for the SSID is the “network name”.

Why should the network have a name like this? Shouldn’t my WiFi just work as it is? Well, there are many radio frequency signals out there all vying for our attention, and WiFi is no different. WiFi puts out signals (called beacons) that keep saying “Hey, I’m here” over and over. Because there are many different people around your house or small business, there are a ton of WiFi access points saying the same thing. How can you distinguish them? The SSID (obviously there are other things involved, but go with me on this). So when you see “Jones WiFi” or “CharterNet” you can choose the WiFi you want to access (and enter the security password if there is one).

There’s a ton of other things that go on behind the scenes, but that’s basically it. Not too difficult, eh? The SSID is simply the name of your network. Go use your new term to impress your friends and family and earn a few brownie points with your local computer nerd.

See Part 2 of this series to learn about DHCP -->

Comment

Comment

A Quick Biography on No-Nonsense Computer Solutions | Hampton Roads Computer Specialist

A Quick Biography on No-Nonsense Computer Solutions

Hello everyone,

Welcome to the first of many blog/vlog posts that I will put in this space.  I hope to use this blog to publish key information that will assist users in utilizing their devices fully in this crazy complicated world and provide cool resources for those interested in learning more.

A little about me:  I'm here to help nonprofits, small businesses, and home users in Hampton Roads.  I love teaching, and I am passionate about passing on information and watching others grow into better _________(fill in the blank).  I still work full-time as an engineer, so I run this business at night and on the weekends. 

Regardless of where this adventure ends up, the purpose is the same (and this is my mission statement):

No-Nonsense Computer Solutions exists to glorify Jesus Christ by providing elite services and straightforward technological solutions for non-profits, small businesses, and home users.

You can trust that I will treat you with respect and honesty in my desire to honor the Lord.  I'm here to help.  Heck, even if you have random computer/technology questions and just want to ask, I'll search for answers and get back with you.  Of course this is a business, but I'm in this for much more than just paying the bills.  This is a passion of mine, so I want to give you my best in all I do.

Later.

P.S.  I want to thank Maria of Maria Grace Photography (mariagracephoto.com) for the pictures.  Also, many thanks to Andrew and Tianna for their space at The Studio at Chelsea Commons (thestudioatchelseacommons.com).  I am very thankful for each of these people.

 

Comment