Metageek’s Eye P.A. – 802.11 Frame Visualization
I wrote up a review of the just launched Eye P.A. tool from Metageek… but it is full of graphics and a bit of formatting that doesn’t easily port to an HTML blogpost. So I saved it here as a PDF instead.
Enjoy!
Families and Firewalls
I was asked to give a lesson to the adults at our church on how to help keep their families safe online.
I thought it might also make a nice blogpost. Here is the ‘handout’ for those attending.
Keith
“Youth in this generation are “digital natives” – being inundated by technology since birth. But many parents are not and need to educate themselves about technology.”
Cellphones for kids http://www.kajeet.com/kajeetStore/whyKajeet.do
Internet Filters
Open DNS http://www.opendns.com/home-solutions/
OpenDNS is a perfect solution for people who either lack the time or expertise to set up and administer a full-out content-filtering server. OpenDNS replaces your current DNS server and allows you to filter every connection coming out of your house if you change the DNS settings at the router level. No matter if someone is on your main desktop or connecting into your wireless via laptop, everything will be filtered by OpenDNS. You can set custom filters to white list and black list specific sites and customize the range of filters they provide for you
K9 http://www1.k9webprotection.com/
Many have had experiences with K9′s internet filtering, if for no other reason than it’s used in thousands of schools across the country. One of K9′s strong points is the division of filtered content into 60+ categories which allows you to easily block and unblock large chunks of their blacklist without having to get your hands too dirty. K9 is a desktop solution; you install the software and it checks all the Internet requests you make against the filters you have specified.
DansGuardian http://dansguardian.org/?page=whatisdg
One way to measure whether or not Dansguardian is the right filtering tool for you is your willingness to install and tinker with an operating system like Linux. If OpenDNS (below) is the Mac-like “It just works!” one click solution, DansGuardian falls into a much more Linux-like “I can change every setting and experience real, ultimate power!” category. DansGuardian is extremely configurable and allows you to do all sorts of things, like block all images, filter ads out across your entire home network, block files from being downloaded by extension type, and control the effects of the filters, whitelists, and more based on which computer on your network is doing the accessing.
Computer Monitoring
WebWatcher http://www.webwatchernow.com/
SnoopStick http://www.snoopstick.com/
Spytech SpyAgent http://www.spytech-web.com/spyagent.shtml
Spector Pro http://www.spectorsoft.com/ – PC, Mac and Cellphones
Wireless LAN Security
- Open – no Authentication, no Encryption
- WEP – Encryption key=Authentication – Broken, do not use
- WPA Personal – Passphrase for Authentication – TKIP simpler Encryption
- WPA2 Personal – Passphrase for Authentication – AES complex Encryption
- WPA/WPA2 Enterprise – Username/Password for Authentication
Open Wireless networks may be a target for accessing Internet without any controls.
Lock down your Wi-Fi with at least WPA Personal.
Warning: a SoHo version of WPA called WPS has been hacked. Use manually set passphrases.
Some suggestions for setting family rules:
- Anything on the family network is accessible by the parents. Children have no privacy rights.
- Computers and Televisions in an open, public area of he home.
- Cell phones, Internet Access, and Television is a privilege, not a right and can be revoked at any time.
- Never give out personal information online, to anyone you don’t personally know.
- Not answering a cell phone or a text message within 5 minutes is grounds to loose the privilege.
- Never open email attachments from anyone you don’t know personally.
- Always check for SSL (this “lock”) before entering any personal information or credit card information online.
- If using Windows, keep Virus and Malware protection up to date.
- Parents will periodically check on all children’s communications, chat room activity, website activity, Google searches, Facebook posts, and text messages.
“Teach them correct principles, and they govern themselves”
It’s not about RSSI
Just a quick post to talk a bit about RSSI, and why it’s NOT the best way to judge your Wireless LAN.
First a bit of history, more than a decade ago I started into Wireless Networking. Back then the only tools we had were the Cisco ‘Breadcrumbs’ RSSI meter built in the Cisco (Aironet) client software.
Back then we thought Coverage was the Holy Grail – how to get the most coverage with the least amount of Access Points. So getting a strong RF signal, as measured by RSSI was everything. Then we found RF Amplifiers – and we made some HUGE RF coverage circles.
Site surveying was running around with AP-on-a-Stick and measuring how far the RF coverage went. That was all. Just RSSI.
Sad to admit, but I did hundreds of these. (I can only sleep at night knowing that everyone did it that way and no one had any better idea back then of what else to do)
But today we know it’s NOT about the RSSI! Sure, you *must* have good signal. But good signal alone won’t give you a great Wireless LAN design. It’s all about the actual throughput of data over the RF medium.
The new Holy Grail in Wi-Fi is getting the network to provide the actual data throughput and specs needed by the client devices. That is all encompassing.
So instead of measuring only for RSSI, we really need to be measuring better the net throughput, under load, of our Wireless Networks.
Sure, an RF amplifier can transmit a strong signal a long ways… but the net result is you have clients that can see the AP, but the AP can’t see the clients. And you now have HUGE contention domains (Collision Domains) where all devices must wait for the others they can see on the same channel to ‘Share’ the RF medium.
Remember – it’s not about RSSI – it’s about consistent, measured, available throughput!
