Maybe. I’ve dealt with CCIE’s in the early days who had trouble understanding simple frame networks, so not sure I have much faith in training for training sake, but I take your 
!! and don’t get me started on certification … bah !! 
2 Likes
Speaking of dodgy IoT devices like the Bitdefender BOX…
Large, small and medium businesses are being attracted to the concept of ‘middle-boxes’. These are (normally) physical devices that sit between your network and your ‘pipe’, checking all your traffic and dropping anything that they don’t like.
Once you have considered this for a minute or two, you will realise that there’s a problem - one that is referred to by people in the FBI and similar agencies as ‘going dark’. The web, that is. Increasingly, law enforcement agencies are having trouble reading your Internet traffic because it is encrypted. If it isn’t encrypted, chances are that at least one government is reading your stuff, and while I may not be doing anything criminal I certainly don’t subscribe to the ‘if you have done nothing wrong you have nothing to hide’ - for all sorts of obvious reasons regarding privacy, over-reach and so forth.
So - if your Internet traffic is encrypted, ‘middle boxes’ can’t work, right? Wrong! Without getting into the plumbing of it all, they just say that they are you. As long as you have told your computer to trust that ‘middle box’, it will decrypt and scan all the traffic coming in and out of your network. (Hint: never do your banking on the work computer.)
Okay, but all this is fine and dandy, right? We can trust these ‘middle box’ people like Bitdefender, can’t we? Well, yes - of course you can trust them… if you really feel that they deserve to be trusted with absolutely everything that comes into and goes out of your computer. If you are sure that they haven’t taken any shortcuts in their security model. If you’re sure they’ll continue to support the device and update it when the next security hole is discovered. If you are sure they are not ‘downgrading’ security certificates because they don’t want to make things too complicated.
I used Bitdefender on my computer for several years, and found that the anti-virus software installs its own ‘software’ middle-box when you just go with the standard configuration. I always changed that setting, because I do not trust one company to get it right. Many other anti-virus vendors will be doing the same thing.
How do you check and see if your traffic is being intercepted? Well, you need to know how to view the details of a security certificate in your browser. Annoyingly, Google has been making this harder to do in Chrome of late and the others probably don’t make it easy. To see the certificate details in Chrome on a PC, press . This will take up half your page with a ‘console’ that has several titles across the top. Click on ‘Security’, and then the button that says ‘View certificate’. The certificate will pop up, and will have three tabs - ‘General’, ‘Details’ and ‘Certification Path’.
If they have been lazy, you will see that the certificate issuer is (e.g.) Bitdefender Labs. Otherwise you will have to go through a few more steps.
- Go to the web page https://www.grc.com/fingerprints.htm. This actually lists what certificates various sites - including itself - issue.
- Open up the certificate for that page, click on the ‘Details’ tab, and scroll to the last field - ‘Thumbprint’.
- Make sure the ‘Certificate Name’ matches between the GRC web page and the “Issued to:” field on the ‘General’ tab of the certificate.
- Compare the contents of the certificate to the first row on the above website - which currently shows its fingerprint as “3F:C3:24:5C:36:B3:89:B1:75:CA:20:C0:1F:C0:F1:49:4B:74:73:E6” (it should not change very often at all). If any part of these ‘fingerprints’ does not match, then there is something between your browser and the GRC website that is intercepting and reading your traffic.
Personally, I would stay away from middle-boxes (and any certificate that intercepts all of my traffic) until their technology has improved to a much greater extent than we have seen to date… and that includes the attempt by Bitdefender.
EDIT: I realised after posting this that it may appear in some way to relate to the Choice Broadband Monitor project. A quick glance through that tells me that it does not appear intended to affect my security in the way I have described here - that would involve major scope creep, if I read the intent correctly. So just to be clear, I think the Broadband Monitor sounds like a dandy tool that I could definitely use!
2 Likes
I certainly wasn’t advocating the use of the BOX but rather in your post that I was replying to you indicated problems about Botnets. It doesn’t matter how much you try to protect your interactions on the web if you are part of a Botnet you have nil, nada, no protection. Mirai is just one of many threats out there but it’s continuing presence on devices is a very worrying trend as it shows that some people are complacent about their security or just plain don’t understand the threats at all.
To add to this discussion about the tool described in the first post, it is testing firstly if a connection can be made but many pieces of malware can and do allow connections to be made so a normal user would not suspect that they may have malware in place. Then perhaps a test of firewall settings could be appropriate to ensure they are at least of a reasonably secure nature. What about a check if AV products, Updates and similar are installed, working and up to date (in Windows could this be linked to the Windows Security Center Service?). For other versions of operating systems similar checks could be instituted.
When troubleshooting network issues for family and friends the first step I take is turn off the computer (including removing power supply), wait 15 seconds then restart. If this doesn’t resolve it then I turn off firewall, if used, then test if connection is ok. If connection can be made with firewall off then I go digging for the firewall rule blocking access. If available I replace the network cable (I carry a spare but sometimes they have long distances between the router and the computer) or at least unplug it at both ends and and re-plug it back in (I also do a cable check). I try to ping the modem/router.
Next I check the connection from the router/modem to the wall socket/connection (eg the NBN NTD) and if they use a separate modem and router I check the connection between the two. If still no connection then I check the network settings on the device (eg PC), this includes checking the drivers for the network card/chip and if the network card has any hardware issues, I have a USB to GB Network adapter to check if Network Card has possibly failed, and if Wifi I ensure the SSID, passphrase, and type of security are correct.
I flush the DNS cache, I ensure DHCP is correctly set for mode of setting IP address (fixed or dynamically allocated). I check DNS settings are correct (I also try alternative DNS services eg Google’s). I check gateway address if used/set. I retry the connection if any changes have been made. If not connecting then I restart modem and or router, I do this by powering off (and removing power supply) and waiting 15 seconds then powering it/them on. If using a modem and a router I restart the modem first then the router and allow enough time between the two restarts that the modem is in full operation.
After restart of modem/router, if connection is back up no further action required, if not then if able to access the router/modem from the device (eg PC) I check the settings in the router and or modem, ensure DHCP set appropriately, check user name and password set correctly or in bridging mode if used, if a DMZ is used I ensure the settings are correct, if a DynDNS service is being used I ensure settings are correct. If changes are made I save them and restart router, if connection made then no further action, if no connection then I usually check that no service interruption is being experienced in that area.
If no connection and no service issues then I get the router ISP/RSP settings and do a reset of the router and re-input the settings needed for the ISP/RSP (I prefer a Hard Reset). If it is a Telstra device it is usually better to get their phone assistance to do this as they have settings that they do not disclose as Vince has encountered. [quote=“NubglummerySnr, post:2, topic:12745”]
we need to use the Telstra modem in order to use the landline phone and we haven’t been able to find any working third party alternatives for the thing.
[/quote]
If connection is ok after this then no further action. If no connection I then try a spare modem/router (with more moving to NBN I have had to upgrade the spares I use), this does not work for the Telstra supplied NBN modem/routers. If this works then I replace the old modem/router or if they use both a modem and a router I replace whichever has failed or replace them with a single combined unit.
If still no connection and if used a replacement has not worked then I ring the ISP/RSP to ensure the user isn’t being blocked at their end (have had issues with blocked ports, account issues and failed authentications).
My apologies @grahroll ; I failed to make clear in my post that what you had gathered was extremely useful information and very relevant. In my ordinary, tunnel-visioned manner, I saw reference to Bitdefender’s amazing ‘Box’ (I wonder what they paid to the experts who dreamed up that name) and thought that I should say something before the Choice community charges to the counter of Tandy… I mean, Dick Smith… er, JB HiFi(?), and hands over their hard-earned Dingoes for a device whose background workings are deliberately obscured from the user who doesn’t need to worry his or her pretty little head over it…
Bull. China shop. Danger.
Yes, the information you posted is very handy and relevant, and we need to remember that there are lots of bad guys out there who would really like to borrow your computer. “Just for a few minutes. You’ll have it straight back. You won’t even notice that anything’s changed” (we hope).
On the good news side, Australia is finally starting to get a few laws that require basic things like telling your customers when you have lost all their data. Even the US beat us on this!!!
I want my NBN 
.
1 Like
