Tag: router

A step towards a secure home network from Czech Republic

Article

This crowdfunded router updates its own security | Engadget

From the horse’s mouth

Project Turnis

Home Page

Crowdfunding page (Indiegogo)

My Comments

A constant thorn in the side of the secure-home-network effort is the network-infrastructure equipment. This is more so with the router which stands between the Internet connection and the home network.

There have been issues where the firmware on the typical home-network router hasn’t been updated or is riddled with software exploits and bugs that can make it attractive to cyber-criminals. It is in addition to these devices being configured poorly, typically running “out-of-the-box” default configurations like “admin/admin” management passwords or default ESSID names and passwords for their Wi-Fi wireless-network segments.

AVM took a bold step towards this goal by supporting automatic software updating for their Fritz!Box routers. But now a Czech effort, spearheaded by the Czech Republic’s domain-name registry, has taken place to facilitate an open-source router design that also supports automatic software updates and enhanced networks security.

The Project Turnis effort is based around a multi-computer effort which keeps track of security threats that can affect home and small-business networks and uses this to amend firewall rules to protect your network better.

The router supports Gigabit Ethernet for WAN and LAN connections and 802.11a/g/n dual-band for Wi-Fi wireless LAN connections and can even support USB-based failover functionality with a USB mobile-broadband modem. It also has native IPv6 capability which makes this unit futureproof and able to work with next-generation broadband. There is even a view to have this router designed to work with the Internet Of Things as a hub device or to store data.

All of the software and even the hardware design is open-source with the software being a “fork” of the OpenWRT open-source router firmware effort, which can allow for further examination and innovation. This can lead towards more vendors offering home and small-business routers and gateways that are designed for security which would lead to a breakthrough for an affordable secure Internet service for consumers and small businesses.

The router is also about supporting other “central data server” roles such as being a NAS once coupled with a USB external hard disk or even a DVB-T broadcast-LAN server when DVB-T USB tuner sticks are connected. But I would expect a lot more from these devices like VPN endpoints, public hotspot functionality and the like. Who knows what could come about?

Article

Touchscreen-enabled routers double as home automation hubs | Engadget

From the horse’s mouth

Securifi

Almond routers

Product Page

My Comments

Previous, if you were to integrate home automations or the “Internet Of Everything” to your home network, you had to use a separate “bridge” device for sensor devices that worked with Zigbee or Z-Wave. Most of these devices worked as a control surface for these devices such as showing their current status or turning appliances on at certain times or in response to certain events.

Now Securifi have built up the latest iteration of their Almond series touch-controlled routers and integrated Zigbee in them and Z-Wave in the Almond+ premium version. Both these devices can be set up to work as wireless access points or range extenders as well as routers.

They have the ability to show the current state of nominated sensors or allow you to control the sensors from the router’s touchscreen. But they also have a time-switch functionality or triggered functionality so that an appliance can come on or off according to certain conditions. These use the application-based standards associated with Zigbee and Z-Wave which is on an open-frame basis.

As well, Securifi have been working on iOS and Android apps that provide the ability to manage the home-automation ability from your smartphone’s or tablet’s screen. This may mean that you can check whether that heater in your room was actually on using your iPhone’s display and turn it off remotely as you are getting in your car rather than run in to check that it is off as I have seen before. As well, you could avoid having to glance in that rear-view mirror as you drive out slowly from home to check if that garage door is closing properly.  Securifi could extend the Almond app to work with the iOS and Android in-car, wearable and voice-assistant functionalities in order to show the various status reports on your dashboard or smartwatch or allow you to ask Siri or Google Now the current status of various appliances.

Could this be a chance for router manufacturers to integrate the home-automation hub functionality in some of their products? Here, it could open up the path for more of the smart-home ideas to come across for most people and reduce the need for extra boxes to be part of your home network.

Article

Bilan: la Freebox Révolution a quatre ans | Freenews (French language / Langue Française)

Freebox Révolution – 4 years old (à quatre ans)

My Comments

As a consequence of the highly-competitive triple-play communications service market in France, Free had developed one of the “n-boxes” that has a lot more that is expected for this class of carrier-supplied equipment. Now this device, known as the Freebox Révolution, which is available in just about all of France for EUR€29.95 a month as part of a very tasty triple-play pack, has reached its fourth anniversary.

I have given a fair bit of editorial space to the Freebox Révolution including citing it as an example device in an article about setting up for Internet in France. This is due, not just to its exciting Philippe Starck design but due to the increasing amount of functionality that this device has come with and received over the four years. Here, Free kept with a program of frequent firmware updates which weren’t just about fixing up technical problems but were also about adding functionality to these devices, some of which I have drawn attention to on HomeNetworking01.info.

The Freebox Server was more than just a VoIP gateway with DECT base-station and wireless broadband router. Here, it had DSL and fibre support on the WAN side of the equation and a 250Gb NAS. There was even the ability for the unit to be a media player for Apple AirPlay, DLNA or online media, including playing audio content out via integrated speakers or through external active speakers. The LAN side had a four-port Gigabit Ethernet switch along with 2.4Ghz three-stream 802.11n Wi-Fi, but the Freebox Révolution comes with power-supply units that have integrated HomePlug AV-Ethernet bridges. The newer iterations had been upgraded to HomePlug AV500 and the Wi-Fi on newer releases was upgraded to a dual-band dual-radio variety. Let’s not forget that some of the newer variants even came with a Femtocell that provided local mobile-phone coverage for your home as part of Free getting their paws in to a mobile-telephony service.

Firmware upgrades even had the Freebox Server acquire full Apple compatibility along with being a VPN endpoint router and one of these upgrades was fashioned as the “Freebox OS” with an interface very similar to a newer Linux distribution, one of the mobile-platform operating systems or something you would get with one of the newer high-end NAS devices. The server functionalities included UPnP AV / DLNA, Apple Time Machine, iTunes Server and a BitTorrent server, known as a “seedbox”.

The Freebox Player which served as the “décodeur” for the IP-based TV component of the triple-play service was infact a “full-blown” 3D Blu-Ray player, games console and digital-TV tuner. The gaming functionality was part of an app-store that Free operated, which was to the same standard as most smart-TV platforms, if not better. This device was also controlled by a “gyroscopic” remote control which communicated to it via Zigbee RF technology and supported “gesture-driven” operation. Lets not forget that this was a DLNA-capable media player which gained MediaRenderer functionality from a subsequent firmware upgrade. This device also served as an Internet terminal for the TV screen and even had the ability to interact with most online services courtesy of either the Web view or a native-interface “front-end” that came with one of the firmware upgrades or downloaded from the app store. There was a firmware update that give the Freebox Player “Shazam-like” song-identification abilities.

The Freebox Révolution raised the bar when it came to the concept of a premium triple-play “n-box” offer with the competitors offering systems that had very similar functionality and aesthetics. Examples of these include Numéricable’s La Box and the Neufbox Évolution. As well, I had a casual conversation with someone who came out from France and they even mentioned about someone they knew having one of these devices and being impressed with what it could do.

For me, I have viewed the Freebox Révolution as the flag-carrier for the competitive French Internet market because of the way the carriers can add more value to the equipment they supply their customers. In this way, I would place this device alongside the TGV or the Channel Tunnel as a symbol of French technological progress.

Happy Birthday, Bonne Anniversaire, Freebox Révolution!

Article (German Language / Deutsche Sprache)

AVM kündigt FritzOS 6.20 mit neuen Sicherheitsfunktionen für Ende Juli an | ZDNet.de

From the horse’s mouth

AVM

Press Release (English / Deutsch)

My Comments

AVM Fritzbox 3490 to be able to update itself like your Windows or Mac computer

Previously I had covered AVM being the first consumer router manufacturer offering automatic firmware updates for their router products. Here, this firmware, known as FritzOS 6.20 will have this feature and be rolled across most of their product lineup.

But it will also have the ability to notify users of newer firmware being available along with identifying ports that are open and who logged on or off the management user interface.

What AVM have done is reacted to an industry-wide issue with consumer and small-business routers running old unpatched firmware, typically the software that is “out-of-the-box”. This is often found to be a security risk due to software exploits or vulnerable configuration setups not being rectified even though manufacturers do rectify this through newer firmware updates which the customer has to download and deploy.

A step in the right direction for idiot-proof home network security

As well, they are throwing in enhanced Wi-Fi hotspot, VPN endpoint setup functionality and Web based access to shared storage in to this firmware. It is becoming a sign that firmware integrated in an Internet gateway device is being treated by the device manufacturers as an operating system along the same lines as what you would run on a computer, tablet or smartphone. This means having a continual upgrade program to rectify any bugs or vulnerabilities, allowing for hands-off or one-touch software deployment and even adding functionality in a device’s life.

Article (German language / Deutsch Sprache)

Automatische Updates für Fritzbox-Router | PC Welt

From the horse’s mouth

AVM

Software update page

My Comments

AVM Fritzbox 3490 to be able to update itself like your Windows or Mac computer

One of the big holes in data security that has been recently identified is the typical Internet gateway device sold to most households and small businesses as the “edge” between their home network and Internet connection.

This hole has been identified because most of the devices, especially those sold through most retail, value-added reseller and most service-provider channels, work simply on the firmware installed in them when they left the factory. As we all know, a lot of this firmware can be full of bugs and software exploits that place the home network and the computer equipment on it at risk of security breaches.

Most regular and mobile computer equipment and some set-top boxes benefit from a continual update process with the ability to have the critical updates delivered by the software vendor automatically without any user intervention. But this doesn’t hold true for the typical consumer router, which requires the customer to install updated firmware manually. In a lot of cases, the user may either have to run a firmware-installation tool on their regular computer or download a special firmware-package file from the manufacturer’s Website and subsequently upload the firmware to the device via its Web-based management interface.

A few devices may allow you to deploy updated firmware by causing the device to download and install the latest firmware from the manufacturer’s Web site by clicking on an “Update” button. These devices make the job easier but you have to regularly visit that user interface to check for new updates and start the update process.

These tasks can be considered very difficult for anyone to do unless they have had a lot of computer experience and expertise and is something commonly performed by the computer expert in the family or community.

AVM, a German company who makes premium-grade routers and networking gear for consumers and small business, have answered this need with the latest firmware for the Fritzbox 7490 Internet gateway device. This firmware offers automatic updating for firmware patches to enhance the device’s security.and reliability.

You would have to visit the AVM site to download and install the latest firmware in to the Fritzbox 7490 but this would be the last time you would need to do this because the Fritzbox could simply “look after itself” when it comes to the updates. There is a question remaining about whether AVM will roll this feature out to other Fritzbox routers and network devices so as to keep them secure.

At least AVM are setting a good example for all Internet-gateway-device manufacturers and resellers to follow by putting up the idea of self-updating equipment in to the consciousness. This could even extend to other devices like smart TV and devices that constitute the “Internet Of Everything” as we think of the smart home.

Increasingly every home-networking equipment vendor is pitching a mid-range or high-end router range that offers “cloud” abilities and features. This kind of feature was simply offered as a remote-access feature but is being marketed under the cloud term, used as a way to make their devices appear to look cool to the customers.

These features are more about simplifying the process of providing authorised users remote access to the control functionality and similar features on these devices and providing this kind of access to someone who is using a smartphone or tablet. It also extends to file access for those of us who connect an external hard disk to these devices to purpose them as network storage.

What benefits does this offer for the home network router

The key feature that is offered for these devices is the ability to allow you to manage them from any Internet connection. This may be about troubleshooting your connection or locking down the Internet connection for rarely-occupied premises like a holiday home or city apartment.

If you connect an external hard disk to your cloud-capable router, you would have the same remote-access functionality as a cloud-capable NAS. This means that you could put and get data while you are on the road using your regular or mobile computing device and an Internet connection.

Some vendors integrate an application-level gateway to their cloud-assisted network services like video surveillance as part of this cloud functionality. This allows you to gain access to these services from the same point of entry as you are provided for your router.

How is this achieved

Like the cloud NAS, this involves the vendor providing a dynamic DNS service to aid in discovery of your router along with the use of SSL and other technologies to create a secure path to your router’s management dashboard.

It is also assisted with a client-side app for the mobile computing platforms so as to provide an integrated operational experience for your smartphone or tablet. This caters for items like access to the notification list, use of the interface style that is distinctive for the platform as well as the ability to get and put files according to what the platform allows.

Vendors who offer other cloud-based services would provide an application-level gateway in the router that ties in with these services and the devices that benefit from them. This is to provide a tight and finished user experience across all of their devices on your network, and is a way to keep you “vendor-loyal”.

Current limitations with this setup and what can be done

As we head towards cloud-capable network devices and add more of these devices to our networks, we will end up with a situation where we have to remember multiple Web addresses and user logins for each of these destinations. The manufacturers like D-Link would exploit this by integrating the cloud functionality for all of their devices or, more likely, devices within certain product ranges so that a user comes in to one entry point to benefit from the cloud functionality for that manufacturer’s device universe.

But the reality is that most of us would create a heterogenous network with devices supplied by different manufacturers and of different product classes. Here, one would have to keep a list of usernames, passwords and Web entry points or install multiple apps on a mobile device to benefit from every device’s cloud functionality.

Similarly, a manufacturer would be interested in evolving their “cloud-side” part of the equation for newer products but could place older products at risk of being shut out. Here, they could maintain the same functionality by keeping the remote access functionality alive and passing stability and security improvements to those of us who maintain the older devices.

Of course, working on systems that are true to industry standards and specifications like TR-069 for remote management can allow for pure interoperability and a future-proof environment. It can also allow for increased flexibility and the ability for third parties to provide the “cloud router” services with their own functionality and branding.

Articles – French language

La Freebox Révolution accueille Freebox OS – DegroupNews.com

Mise à jour Free : capacités de partage renforcées | 59Hardware.net

My Comments

Just lately, Free had rolled out their latest firmware update for the Freebox Révolution “n-box” router. This has various improvements like cloud-assisted remote management and storage access, including management of the “FreePlug” HomePlug AV power-supply units for these devices.

But they describe this firmware not as firmware for customer-premises equipment but as “Freebox OS”. This is like placing the Freebox Révolution on the same stage as one of the recent consumer or small-business network-attached storage devices. Here, they lay out the management dashboard for this device so it reminds you of a desktop operating system’s GUI, This is carried over whether you use it from a Web browser or the freely-downloaded iOS or Android mobile apps.

They also are publishing an application-programming interface so that third-party software developers could create management programs for the Freebox Révolution. This could allow for things like management software which works native to particular host-device operating environments through improved dashboard software.

But who knows what is in store for this device once the groundwork is laid down in this operating system. For example Free could start curating an app store and software-development environment for the Freebox Révolution so that others could add functionality to this device. Think of such options as access to third-party cloud storage, additional application-level gateway functionality and, perhaps, adding business-grade features like VPN-endpoint or VoIP “virtual extension” abilities to a consumer-grade device.

It is another example of the lengths the French telecommunications companies are going to to yield multi-play Internet services that are facilitated with highly-capable equipment.