Tag: network setup

Article

http://nakedsecurity.sophos.com/2011/11/10/fbis-operation-ghost-click-takes-out-operators-of-dnschanger-malware-network/

FBI guidance document on checking your computer’s DNS settings (PDF) – mainly applies to most regular-computer operating systems

My Comments and explanation

What are DNS servers?

The DNS is the Internet’s phone book

Domain Name Servers – the Internet’s phone book

The Domain Name Servers are effectively the Internet’s “telephone directories”. In this analogy, you may be thinking of calling a particular person or business in a particular area, but you don’t know their phone number. So you would have looked up the White Pages telephone book and searched this book by name and location till you found their number which you would dial to make that call. If you couldn’t find it in that directory, you would proceed to call a published “Directory Assistance” number like 411 in the USA, 192 in the UK or 1223 in Australia to ask for that number.

With the Internet, each computer is addressed by a particular IP address which effectively is the computer’s or network’s “phone number”. But it would be hard to remember these addresses for the Web sites we visit or the email servers we send the emails to. The Domain Name Servers take up the role of the telephone directories of the Internet by mapping the human-understandable Web addresses and domain names like homenetworking01.info to the IP addresses that are these sites and resources’ actual locations on the Internet.

How are these determined in your computer or network?

In most cases, the details about what DNS servers to use are passed on to your computer or other device through your home network by the router every time each piece of equipment on that network uses the DHCP protocol to get information from that device about where it stands in your network like its IP address. The router typically gets these details from your Internet provider’s servers every time it sets up the Internet connection with your Internet provider as part of asking the servers where it stands in the wider world of the Internet.

It is feasible to configure a DNS server list for a particular computer, device  or network using the operating system’s network-settings interface or the Web-based management interface in the case of your router. This is a practice that is commonly done by corporations with their private networks to create human-readable identities to particular servers or networks that host particular resources.

Why does the DNS appeal to computing’s “bad actors”?

The DNS appeals to computing’s “bad actors” because it allows one to redirect a particular domain name to a different IP address that what it is supposed to go to. This can be to a Web server that is loaded with malware, existing as one of many different traps for users to supply information that is confidential to them or their organisation; or to keep them away from sites that provide proper information like security updates for your computer in order to make it easier for the network to be used by the Internet’s “bad actors”.

For email, it can also be about creating “honeypot” addresses that take advantage of domain-name typos in order to catch confidential email that is mistakenly addressed.

It can also be used as part of a concerted attempt against Websites by setting up “click-fraud” or “malvertisement” activities against advertising networks or their stakeholders i.e. the advertisers and publishers by sending users to or through dodgy Websites instead of to the advertiser’s campaign landing page.

This modification can be caused by malware that modifies the computer’s DNS settings or gets at these settings on a home-network router that hasn’t been properly set up with a password to affect the settings that everyone on the network knows.

Keeping the DNS settings safe

DNS settings in Windows ipconfig / all screen

The first step is to know what the DNS settings are to be for your computer and network. Here, this should be found out from your Internet service provider or the IT support staff at your workplace.

Check the DNS settings on your equipment to make sure they reflect what these settings are meant to be. Most platforms will show these details in a “Network Connections” option like the “Control Panel – Network And Internet – Network And Sharing Center” in Windows 8 and 8.1, or “[Apple] – System Preferences – Networking” on the Macintosh OS X. Windows users can use the Command Prompt to obtain these details by typing “ipconfig /all” to obtain the full details about their network connection. Most other network-enabled devices like Smart TVs and network printers have these details as part of the “Network” or similar settings, typically as part of a “troubleshooting” or “settings” menu.

DNS settings on network setup screen on Brother network printer

Infact, if you suspect that malware has got at your computer because it appears to go to different Websites than what you asked for, make a “spot check” on your network’s DNS settings using your games console’s, smart TV’s or network printer’s user interface to see if your router has been “got at” by the malware.

As for your router, check the DNS settings in your WAN, Internet, Network or DHCP settings menu in its Web-based management page. The router’s management password should also be set to a password other than the default password so that any DNS-changing malware can’t change these settings for the home network and is something you need to do as part of commissioning a new router. Most of these routers also allow you to export the settiings to your computer’s secondary storage and import them back to the router. This is a practice that is worth doing once you have all the settings in place so that if you reset the router to “ground zero”, you can keep your configuration.

As well, practicing good computer housekeeping like “think before you click” on email and Website links and keeping your desktop security software and operating system up-to-date with the latest security patches is a prudent step towards keeping away from malware that can change your network’s DNS addresses. For mobile and other “platform” computing environments like iOS, Android or your smart-TV environment, researching on apps provided by that app store is also a prudent way to go about keeping the DNS information safe.

Article

How Fast Is Your Hotel Internet Connection? || HotelChatter

My Comments

The bandwidth available in the Wi-Fi service provided at these hotels may have to meet new realities

A reality that is starting to face travellers is a requirement for increased bandwidth while one is on the road. This is more so as we see the increased availability and cost-effectiveness of portable computing equipment that we don’t want to be without.

Here the hotel industry is having to adapt to this as more guests check in with at least two or three Wi-Fi capable gadgets per room and have these gadgets work with the Wi-Fi public-access network.

This HotelChatter article has raised the issue not just of the cost of the Internet service but also the kind of bandwidth that is provided. Typically, these places have a huge demand placed on their Internet connection by both the guests and the staff. This reality will become more intense as the quality for digital images and online video increases, along with the increased popularity of online video services.

Larger city business hotels may typically use what is expected for a big business’s head office with the high-bandwidth connections whereas smaller outer-urban and rural properties may use broadband of a grade similar to small-business or “enthusiast” residential setups. As well, Wi-Fi wireless setups may have access points shared by multiple rooms, thus you might find that the quality-of-service may not be there at times such as whenever someone is downloading or uploading a large quantity of data such as some video content. In some cases a multiple-SSID access point ends up “divvying up” bandwidth between devices on the “public-guest” SSID associated with the Wi-Fi service, a similar “event” SSID for a Wi-Fi service associated with people renting out conference facilities along with the staff / business SSIDs relating to the hotel’s line-of-business Wi-Fi segment.

According to an infographic that was in the article I am referencing. they reckoned that 1 Mbps would work well for email, Web surfing or audio content (Internet radio, Spotify and the like) with reasonable quality of service. Then they reckoned that 2-5Mbps would work well for Skype, Facetime and similar videocalls; along with video content with reasonable quality of service. More than this could see quick VPN activity, quick Dropbox transfers and excellent multimedia quality-of-service for Skype or streaming audio and video.

Of course, there are situations where the bandwidth available across a hotel can be “maxed out” at peak occupancy and usage times such as 8pm to 9pm most nights as I learnt from someone who lived in a rural area but effectively “lived out of” one of the larger downtown hotels when he was in town. Here, this is when most of the younger guests would be concurrently streaming video content from various video-on-demand services which they subscribe to or uploading a quantity of photos to one or more online services like Facebook, Instagram, Google+ or Dropbox.

The article was asking guests and staff in these places to speed-test the public Internet connection available to the guests and assess the bandwidth that these services provided. They were reckoning that apps like the SpeedTest app for Android and iOS would work as a benchmark tool for this situation.

Here, I would look at a bandwidth goal of preferably 2-5Mbps per room plus a similar capacity or more for public areas like the bar and lounge areas. Similarly, I would pay attention to any login environments that simplify the setup and login experience that clients have to encounter. Here, improvements like use of Wi-Fi PassPoint would benefit the user experience.

I also have raised the issue of the availability of Wi-Fi-based gadgets like wireless speakers, Chromecast modules and digital cameras that don’t work well with browser-based login routines that these public-access networks implement. Here, guests are likely to end up wanting to use these gadgets to the full potential while they travel the “switched-on” way and the industry will have to look at ways to support these “gadget clusters” especially in the guest’s own “domain” which is their room while keeping the data on these “clusters” private to that “cluster”. This also includes support for technologies like Wi-Fi Passpoint and other so-called “Hotspot 2.0” technologies that allow automated or “browser-free” login to these guest-access networks.

For that matter, when I review hotels, I would provide some commentary on the guest-access Internet service. This would encompass not just the cost of the service as well as the bandwidth and quality-of-service that the network provides as well as the login experience.

Article – From the horse’s mouth

TP-Link

TL-WPA4220 – Welcome to TP-LINK (Product Page)

My Comments

One main reason most of us would buy a HomePlug-based wireless access point is to extend the coverage of that Wi-Fi wireless network past that radio obstacle like the double-brick interior wall without needing to pull new cabling. Or you don’t want to butcher your garden or dig up your lawn so you can reliably extend your home network with its Wi-Fi wireless segment to that garage or bungalow.

But a setup hurdle that one can easily end up with is copying the SSID (wireless network name) and network security parameters from your existing wireless router to the access point and making sure these are accurately copied so you can have proper roaming operation for your wireless network.

TP-Link have made this simple through the use of a “Wi-Fi Clone” button on the TL-WPA4220 access point. Here, this access point uses the WPS-PBC “push-button” setup routine to learn the parameters associated with your small wireless network segment.

This procedure has to be performed with this HomePlug access point in good Wi-Fi range of a router or access point that implements WPS push-button setup.You push the WPS button on your suitably-equipped wireless router as if to enrol a new device to your home network, then push the “Wi-Fi Clone” button to complete the procedure. This means that the access point has what is needed to be part of the Extended Service Set which is you home network’s Wi-Fi segment.

From that point on, you just simply establish that HomePlug AV powerline segment as the backbone for your wireless network and benefit from the increased coverage. But I would personally have this access point equipped with the WPS client setup mode for enrolling client devices close to it to avoid the need to traipse back to your wireless router to enrol that Android smartphone or Internet radio that is to be used in the remote area.

What I see of this is that steps have been taken in the right path to move away from the so-caled “range extenders” towards a more reliable and proven method of extending a wireless network’s coverage by simplifying the tasks required for achieving this goal.

A technology that is being forgotten about when it comes to home and small-business networking is Power-Over-Ethernet. This is where a Category-5 twisted-pair Ethernet cable is used to supply power to a device as well as sending the data to it according to the Ethernet standards.

Typically this technology is used in larger businesses for providing power to devices that are to be installed in difficult places and/or where a reliable centrally-managed power supply is desired for these devices. Examples of these include IP-based video-surveillance cameras, wireless access points as well as VoIP desk telephones.

There are a few cabling technologies that are analogous to Power-Over-Ethernet in the form of most USB setups, TV aerial systems that implement a masthead amplifier, the traditional desk telephone that is powered from the exchange as well as microphones that implement “phantom power”.

But this technology can be considered relevant to home users and small businesses such as with wireless access points, VoIP telephones or small-time consumer AV applications.

Standards

Power Over Ethenrt concept

The two main standards are the IEEE802.3af PoE standard which was ratified in 2003 and the IEEE802.3af  PoE Plus standard which was ratified in 2009 and used for higher-power applications. The former standard yields 48 volts 350mA of DC power providing 15.4 watts of useable power whereas the latter standard yields 57V 600mA of DC power providing 25.5W of useable power.

There have been other proprietary standards for this application including some “passive” setups that pass 12V or 5V along a pair of wires in the Ethernet cable to a splitter. But these only work with matching equipment and it is better to stick with the industry standards for this application i.e. 802.3af Power Over Ethernet and 802.3at Power Over Ethernet Plus.

Device Roles

There are two key device roles: Power Sourcing Equipment which is what provides the power, and Powered Device which is what benefits from the power.

Power Sourcing Equipment

Ethernet Switch with PoE powering Access Point with PoE

This device can be a function of an Ethernet-capable network device like a switch, router or HomePlug AV bridge. Here, this simplifies the installation by having one box perform both these functions and, in the case of an Ethernet switch, such switches may be described as being “powered switches” or having Power-Over-Ethernet. Some of the cheaper small-business switches that have this feature may have the Power-Over-Ethernet power available to some of the ports rather than all of them.

Power Over Ethernet Midspan Adaptor powering Access Point with PoE

On the other hand, there are “midspan” power hubs which go between a regular Ethernet switch and the device that is to be powered using Power-Over-Ethernet. Such devices may be known as “midspan adaptors” or “power injectors” with the latter name used more for a “wall-wart” or “power-brick” device that provides power to one device.

These devices only supply the power when a Power-Over-Ethernet device conforming to the standard is connected to them. In the case of 802.3at Power-Sourcing-Equipment devices, they would also be able to provide the “juice” to the 802.3af-compliant PoE Powered Devices.

Powered Device

This would typically describe the devices that benefit from the power provided by the Power-Sourcing-Equipment devices, whether it be an Ethernet switch with Power-Over-Ethernet or a midspan device like a “wall-wart” power injector.

This can range from the devices that make use of the network such as the IP camera to network infrastructure devices like the access points or Ethernet switches. For that matter, most well-bred VoIP office telephones with Power Over Ethernet have an integrated two-port switch so a user can plug a desktop computer in to the phone to link it to the network.

Power Over Ethernet splitter powering an ordinary access point

But there are also the “Active Power Splitters”, sometimes known as Power Splitters or PoE Power Adaptors. These connect to an Ethernet connection that has Power-Over-Ethernet and “tap” this power to provide power to a device that can’t be powered using Power-Over-Ethernet.

They pass through the Ethernet data while providing the power to the device at a known voltage, typically 12 volts or 5 volts DC using the typical DC connector that most computer and network devices have. They may have the voltage fixed by the manufacturer, typically to serve the manufacturer’s devices or the so-called “universal” devices may allow the customer to determine the voltage.

Similarly, some Ethernet switches that are powered using this technique may have a “Power-Forward” feature where they can pass through power from the Power-Sourcing-Equipment to one or two of the ports while using the PoE power for their own switching function.

Why is this standard of value?

No need for a power outlet near the network device

The fact that the Ethernet cable is used for supplying the power to the network device means that you don’t need to have a power outlet near that device. This leads to flexible installation arrangements such as having the device in the ceiling or high up on the wall. As well, you don’t need to hire an electrician who is skilled in mains-voltage wiring to install that outlet.

Another benefit is that you don’t have the risk of a device like an access point or IP camera being accidentally disconnected by someone who wants to plug in a phone charger or, more commonly, cleaning or maintenance staff disconnecting the device so they can run that vacuum cleaner or power drill.

It also has benefits for outdoor installations where you don’t have to install a weatherproof power outlet near the device. It could then allow for you to install a power injector indoors, usually close to the “network hub”, then just run the Ethernet cable to the access point or IP camera. For small installations that are on a budget, the money saved on a weatherproof power outlet could go towards you preferring the device that is in a housing appropriate for the job i.e. a weatherproof housing.

Centrally-managed power

It also allows for the power supply to the network devices to come from a central source where there is a single point of control. This can allow for situations like the central power source to have an uninterruptable power supply this allowing the network devices, especially VoIP telephones and IP cameras, to function through power outages.

Similarly, a Power Sourcing Equipment device could be managed from the network thus allowing for remote control of a PoE device’s power. This could avoid things like car trips to the office to turn a balky access point off then on in an attempt to reset that device. Similarly, it may be feasible to have some devices turned off when the building is empty for security or energy-conservation purposes.

One cable for power and network data

The Power-Over-Ethernet technology also allows for one Ethernet cable as a data-bearing and power-supplying cable between the Power Sourcing Equipment and the Powered Device.

This is a real boon when it comes to installing the device because you don’t have to factor in another cable to allow that device to work as intended. This cuts down on the installation time especially where time is money; as well as allowing one cord to be shoehorned in to place providing for an aesthetically-pleasing installation. In the case of the VoIP desk telephone, the absence of a power cord to that device makes the installation similar to a traditional desk telephone and you don’t add extra cables to the Spaghetti Junction of cables that exists under most desks.

Relevance to the home network

When we see devices like the Asoka PlugLink PL-9660PoE “homeplug” which is also a Power-Over-Ethernet power source, it shows that this technology is increasingly becoming more relevant to the home network.

Multiple-box Internet-edge setups

If you subscribe to an Internet service that implements a separate modem like most cable-modem services, you will end up having to connect the separate modem to your broadband router via an Ethernet connection. The Power-Over-Ethernet technology can work well here by alleviating the need to provide separate power to that modem, which means one wall-wart less to deal with and a cable less to add to the rat’s nest.

This can similarly apply to setups where you have a wired modem router and a Wi-Fi access point or even those setups where you implement a wired broadband router that is linked to a modem and an access point.

The secondary access point

Not all homes can be covered easily by the access point integrated in a wireless router and a preferred method of extending coverage for the Wi-Fi segment in these locations is to implement an extra access point connected to a wired LAN backbone.

The Power-Over-Ethernet technology can provide for various improvements in how these access points are set up because of the need for only one cable to that access point. This would lead to an aesthetically-pleasing installation that can provide optimum performance for that area. For example, you could place the access point on top of the credenza or dresser or even on that pelmet above the window yet have the cable tucked away neatly yet the Google Nexus 7 tablet shows a strong Wi-Fi signal when used in the area.

To the same extent, wireless-client-bridge devices can also benefit from this same technology if the network device that they are connected to supports it. For example, a home-theatre receiver that has network capability via the Ethernet port  for DLNA media, the “new shortwave” (Internet radio) or Spotify could power an nVoy-compliant wireless-client-bridge that links it to a Wi-Fi segment. Here this device is configured using the receiver’s control surface or remote control but you only have one cable to that wireless-client bridge which sits on top of the wall unit that the receiver is installed in.

Ability to have more network devices be powered this way

Typically, when we mention Power-Over-Ethernet, we think of the VoIP telephone, the access point or the IP camera. But this could extend to more classes of device like small consumer AV equipment such as electronic picture frames or Internet radios. Network-capable set-top boxes including network media adaptors could be powered this way especially if used with a “homeplug” that is a Power-Over-Ethernet power source like the Asoka

To the same extent, a tablet, small notebook or “adaptive all-in-one” computer could benefit from a “clothespeg-style” Ethernet connection not just for reliable network connectivity but as an alternative external-power connection. Here, you could avoid compromising battery runtime while you have these computers plugged in to the Ethernet socket.

Conclusion

This article highlights what the Power-Over-Ethernet technology based on the IEEE 802.3af and 802.3at standards is all about and the fact that it isn’t just relevant to big business. This technology, like most communications and computing technologies is one of many that trickle down from the big end of town to the small office and to the home.

Website – From the horse’s mouth

nVoy home

My Comments

With nVoy, these devices become easier to set up and integrate in your network

There have been some previous methods available to allow one to manage a network from their desktop. One of these was SMNP which is used primarily to manage equipment in larger networks and is very difficult for anyone to use unless they had good IT skills. Another of these is TR-069 which was developed by the Broadband Forum for use by ISPs and telcos to set up and manage consumer modem routers.

These protocols, like a lot of other network discovery and management protocols relied on an operational network existing between the controller and the controlled device. Similarly, they haven’t work well as a way to allow an average householder or small-business owner to manage a small network effectively and with minimal help.

But a newer specification, known as the iEEE 1905.1 control specification had been set in stone and declared formal. It is now marketed as the nVoy specification and works at a level to manage network segments at the media level.

This is very important with the home-network setups that I prefer and stand for where there is an Ethernet and/or HomePlug AV wired network backbone along with an 802.11n Wi-Fi wireless network segment covering the property where the network is set up at.

This allows logic to be constructed to manage a Wi-Fi, HomePlug AV, MoCA or Cat5 Ethernet segment that is part of the typical home network without having to have a full IP logical network being alive across the whole network.  It also means that media-peculiar network-setup and diagnostics parameters like the ESSIDs and WPA2-Personal passphrases required for wireless networks can be propagated over different network media like Ethernet or HomePlug wired-network segments.

This simplifies setup routines like creating new Wi-Fi wireless or HomePlug AV powerline segments in a secure manner; or adding additional network devices to the existing heterogenous multi-segment small network. It even encompasses the establishment of secondary access points in order to extend the coverage of a Wi-Fi wireless network in a “cellular” fashion.

The user experience would be based on using NFC “touch-and-go” setup or two-button “push-push” setup of new Wi-Fi and HomePlug devices. As well, you would be able to manage the network from devices that use a full management interface, whether local to the network or remotely via something like TR-069 or SMNP.

Even through the life-cycle of the network, the nVoy specification can allow one to use a management interface at one single point of control to bring up diagnostic information about the network or parts thereof so as to identify points of failure or to optimise the network for best performance. The fact that nVoy is determined as a standard could allow computer operating-system developers to bake this function in to subsequent versions of their operating systems and establish one point of control in the operating system user interface.

Beyond the ease of setup and troubleshooting that it offers for small networks, nVoy has the ability to enable easy-to-manage “multiple concurrent pipe” connections in an easy-to-manage form. This allows for two or more connections to be aggregated for higher throughput, as a load-balancing arrangement so that particular traffic can go via one connection while other traffic goes via another connection as well as a fail-over arrangement if things don’t work out on one pipe. This will be more real with the common practice to equip most client devices with two or more network “on-ramps” such as Ethernet and Wi-Fi wireless.

Personally, I would also like to see nVoy work with most client devices in extending their network abilities. For example, a network printer or consumer AV device that has integrated Wi-Fi wireless and a wired connection like Ethernet or HomePlug be able to allow you to set up the Wi-Fi connectivity as an access point if it is connected to the network via the wired connection. Similarly, the same device could be set up as a wireless client bridge for another device like a PS3 or Blu-Ray player that is connected to the Ethernet socket on the device when it is connected via the wireless connection.

Similarly, the nVoy specification could also tackle quality-of-service for IP telephony, AV streaming and real-time gaming so as to guarantee throughput for these network activities. As well, when standards evolve for synchronous “broadcast” network activity on the different media such as for multi-channel wireless speakers or party-streaming modes, nVoy could be used to support network-wide synchronising abilities for these applications.

What I applaud about nVoy being set in stone is that the small network becomes easier to manage whether it is based on one segment or medium or uses many different segments or media.

Sony CMT-MX750Ni – an Internet-enabled music system that couldn’t benefit from a resort apartment’s complementary Internet access

Shortly after I reviewed the Sony CMT-MX750Ni Internet-enabled micro music system, I engaged in an online conversation with someone who bought one of these music systems for use in their apartment. This person’s apartment is part of a European “resort” development that provided Wi-Fi wireless Internet and they had to log in using a Web interface every time they wanted to gain access to the Internet.

Here, the user had to forfeit the network and Internet features that this system offered and gain access to Internet radio using their iPhone docked in the system’s dock and running TuneIn Radio. This is because, like most Internet-enabled consumer AV, the Sony music system wouldn’t support the Web-based login that the Wi-Fi service at the “resort” development needed. Similarly, a person may have to connect a regular computer’s sound output to a music system like this and run a Web app to listen to Internet radio on that system.

One of those apartment blocks that could implement shared Internet access for the residents

This conversation had shown up a reality concerning network-enabled consumer AV equipment when used in “resort” developments, apartment blocks, retirement villages and similar locations which require this kind of Web-based login. Typically these places may offer the Internet access as a complementary service for their residents, tenants, apartment owners or guests, and have this as a headline feature for that development. It is also an increasingly-common situation as people “downsize” and move towards smaller accommodation or as long-term project-based work out of town becomes more attractive.

Here, these guest-access or resident-access Internet services are architected as if the devices that would use the services are regular desktop / laptop computers or mobile smartphone / tablet computing devices. None of the consumer-AV devices would incorporate a Web browser or implement it as part of a login sequence, because they typically exist behind a router or other Internet gateway device.

This same situation also inhibits use of the local network for applications like media sharing, network printing and network gaming. This is because most protocols like DLNA, AirPlay and AirPrint work properly when the devices are all on a single subnet (logical network).

Personally I would like to see hotels, “resort” apartment developments and similar developments; and the companies who provide Internet service for resident / tenant / guest use at these locations tackle this issue. The reason I encompass hotels and serviced apartments which typically offer short-stay accommodation in this article is because a lot of them end up letting their rooms on a long-term basis for project-based workers and similar users.

You may have to hook this up to your computer via USB when you use it in some apartments

One way would be for each room or apartment to have its own Internet gateway device and Internet service in a similar manner to how Internet service is set up for the typical household or small business, As well, a separate Internet service feeds wireless access points that cover common areas like the swimming pool for the public Wi-Fi access. This one would have the Web-fronted access or Wi-Fi PassPoint authentication mechanism with the user supplying parameters that relate to their room or unit.

Here, the Wi-Fi segment served by these Internet gateway devices could be just enough to cover the room, suite or apartment. As well, the SSID for each room could represent the property name and room number and the Wi-Fi segment is protected with WPA2-AES security with a passphrase that is particular to each private space and each stay (in the case of a hotel or short-stay serviced apartment).

The authentication for this Wi-Fi segment that encompasses this private space would be required to support WPS-PBC push-button authentication as well as a passphrase that is written on a sticker attached to the gateway device, shown up on a TV screen in the case of hotels or given out on a plastic card for devices that don’t implement WPS-PBC setup like every Apple device.  As well, there would be Ethernet connections for wired-connection devices like desktop computers or consumer AV devices.

This kind of setup can then allow the residents to install and use network-capable equipment like consumer AV equipment or network printers in the rooms or apartments and behind the Internet gateway devices. But they would be able to use the equipment with their computer or other equipment if all the equipment is connected to the Wi-Fi segment or Ethernet connections served by the room’s / apartment’s Internet gateway device.

All of this management would be performed using software and hardware that implements the TR-069 protocol used by the broadband-Internet industry to manage customer-premises equipment from the wide-area network.

The question that is often raised about these setups is how one can create custom super-networks that encompass multiple rooms / apartments or permit users to gain access to data held within their own spaces from the public space. It also involves having people with limited computer skills creating these custom super-networks as part of booking guests in to short-term accommodation such as the archetypal business hotel.

A way to go about this would be to provide support for creating these super-networks using management software that uses a simplified user interface. In some cases, the network management functionality could work in conjunction with property-management systems so as to reduce the steps required for setting up these super-networks.

Other questions that may also be raised would include implementing VLAN, VPN or similar private-network technology between residents’ networks and public-area wireless access points. Here this may be about catering for network-enabled vehicles kept in the parking area linking to home networks in associated apartments through residents bringing in DLNA-capable AV to communal areas for functions, to smartphones used by residents in public areas linking back to network in the resident’s apartment.

At least this is a reality that needs to be tackled by the Internet-service industry when they provide “inclusive” Internet service to the multiple-tenant developments.

Article

What went wrong with iOS 6 Wi-Fi | ZDNet – loop

My Comments

You may have upgraded your iPhone or iPad to iOS 6. But after your Apple device shuts down and restarts as part of applying the update, you find that you are not on your home or business Wi-Fi network even though you downloaded that update through the same network.

The problem is not necessarily a flawed network configuration, but part of the iOS Wi-Fi automatic troubleshooting routine. Here, the software attempts to load a “Success” stub page from the Apple servers. This logic is intended to cause the iOS device to load a login or “assent” page that is part of a public-access or guest-access Wi-Fi network’s user experience. This stub was deleted by a former Apple employee before he left without realising it was part of iOS 6 troubleshooting logic.

The computer press have realised that this logic is flawed because this can place the servers at risk of denial-of-service attacks thus crippling iOS 6 devices. Similarly, someone could use a “man-in-the-middle” or “evil-twin” attack to point the device to a site that is of a malevolent nature. If a “show particular Webpage” logic is to be implemented in a network troubleshooting logic, it could work with a list of commonly-available Websites like Web portals or Web resource pages which the device chooses from at random.

It could be a chance for software developers to create network-test logic that makes less reliance on loading a particular Web site as proof of function. This could be through use of simplified randomised test routines that work with locations that are randomly chosen from a list of commonly-known highly-available Internet locations. This can be augmented by government standards bodies and similar organisations like NIST or BSI adding basic-HTML “Internet Success” pages to their Websites and making the URLs available to the IT industry.

Sometimes an NTP or similar time-fetch routine that obtains the time from one of many atomic-clock time servers to synchronise a device’s internal clock can work as a simplified Internet-functionality-test routine. If the time-server supports HTTP access where the UTC time is obtained via an HTML or text string, this could be achieved using HTTP so as to test Web-access functionality.

By not relying on one particular server as a proof-of-functionality test for Internet access and integrating a “login-page load” failover routine for public-access networks, we can achieve a safe and sure network setup experience.