| Subcribe via RSS

Troubles w/Kindle And “Consumer Security”

May 6th, 2012 | No Comments | Posted in General, IT Industry, Moble, Networking, Security

I just wanted to provide the results of an two-hourlong trouble-shooting session on a new Kindle brought into my household yesterday.  Not only was it a bit frustrating, but in light of a number of things, quite astonishing as well.  Astonishing that Amazon, Google and even Apple to some extent view and address the consumer market the way that they do.  As a consumer, I have to say it’s frustrating.  As a security professional, I have to say it’s disappointing to say the least.

First the problem: You’d think these days it would be a simple thing to go down, buy a wireless device and throw it on your network in no time flat.  That was exactly what I attempted to do yesterday.  I went down to buy a cheap Kindle for one of my children, throw it on the network and be done.  Two hours and an even exchange later, I finally figured out what the problem was.

For most devices, the act of associating with your wireless network and then using your network are two different things.  So we always get a device onto the network first, then worry about how it’s going to connect to outside services later.  Because, yes, admittedly, I’m not running normal equipment here at home.  We don’t allow full blown access to the outside, polluted internet for a number of reasons.  We have a combination web-filter/proxy server appliance (in the cloud, actually), a commercial grade firewall, a caching DNS server and a few other things sitting inbetween devices on the soft, chewy inside network and the hardened outer shell.

But again, in the past, this was not a problem.  We knew, once devices got on the network, some equipment might have to be visited and settings slightly tweaked into order to get a device to work.

Here Is Why Amazon States Kindles Don’t Work In Enterprise Settings

The thing with Kindle that is different however is… when you are attempting to connect to your wireless network, Amazon, in the name of let-me-hold-your-hand-consumerism (which isn’t necessarily a bad thing — Amazon lives and breathes based on the consumer’s point of view, or tries to anyway), does a little bit more.  The Kindle first tries to connect to your wireless network, utilizing the base amount of information you’ve provided it.  Once successfully connected however, the Kindle doesn’t immediately tell you this.  It tries to connect to a backend somewhere at Amazon first.  If you have a firewall blocking that access, the Kindle doesn’t indicate this is the problem, it merely punts and reports back that… it can’t connect to your wireless network. Which isn’t entirely the case, but that is what is reported.

Now again, as I stated parenthetically above, I understand why Amazon goes through the invisible two-step process, but… what is reported back is not the case and extremely misleading.  It took me some time to discover, after digging through numerous forums, to find that Kindle (Amazon) is going through this transparent, behind-the-scenes two-step process.  Once that was known, I was able to work around it, albeit by taking drastic measures I wouldn’t normally expect to take, but, I was able to register the device.

Which brings me to a major frustration as a consumer and disappointment as a security professional.  If Amazon truly lives and breathes from the consumer’s point of view, I hope they as well as Google and Apple — three of the world’s most major internet “impactors” (at present) — take the following into serious consideration:

Amazon, Apple and Google Seem To Be Ignoring The Obvious

I can’t go off on a complete diatribe right now, but… Amazon and Google and to some extent even Apple don’t seem to realize that the internet they have helped develop has, as a result of their efforts, gotten just a tad bit more sophisticated lately.  With that sophistication, some complexity has necessarily had to be driven down to the consumer level.  It’s not just corporations which utilize firewalls and proxies and other security devices and approaches any longer.  You can go down to Best Buy or buy right off the Amazon “shelves” ironically, any number of mainstream wireless access points and routers and nearly all of them come with a feature set that allows a more sophisticated consumer (shall we say) any number of options for securing their home networks.  Not just from people getting in, but controlling somewhat how people on the inside get out.

Yet, I can’t for the life of me understand why Amazon and Google (and again Apple to some extent) “act like” these kinds of features don’t exist and continue to act like we are still in 2005 when most people simply didn’t or didn’t know how to apply simple WEP, WPA or WPA2 security to their wireless devices or utilize any other security approach.  They act like every WiFi network you attach to has completely 100% free unhindered access to the internet and maybe a couple of devices hooked up to it.

Beyond that even, they seem to be pushing for this to be the normative setup in a day in age where security has to be taken into consideration even down to the consumer level. These devices weren’t designed with that in mind and in fact the companies seem to thumb their noses a little at any consumer who has taken security a little bit more seriously than most. And that is disappointing and annoying. (That is, their explanations read between the lines as “Yeah, we know that, but we don’t care; our devices were purposefully designed to only work on wide-open wireless networks — deal with it.”)
More »

Tags: , , , , , , , , ,

iPad Remote App Uses HTTP

October 25th, 2011 | No Comments | Posted in Moble, Networking

I’ve only recently gotten around to getting any semblance of order and imported CDs into my iTunes on my Macbook Pro. No need to run Apple‘s iPad Remote until now. I usually just use Teleport (highly recommended by the way) to move my mouse onto my wife’s Mac Mini screen which has some nice Bose speakers and play tunes through her computer anyway from our centralized MP3 share on the household file server.

But anyway, this afternoon I was trying to connect to my iTunes library using Remote and wasn’t getting anywhere. Apple has a link built into Remote that takes you to a page on Safari in their support forums that has detailed help on how to trouble-shoot Remote connectivity issues, but everything on my Macbook Pro and iPad 2 seemed to be setup just fine.

I got the notion however that Remote might be using HTTP to access shared iTunes libraries on the local LAN. Sure enough. And that did the trick. We’re using a proxy server on the premises and apparently my entries in iPad networking for ignoring proxy requests for .local domains isn’t working. (It’s time to get away from .local anyway… this is being utilized more and more behind the scenes — I’ve been warned.)

So if you’re having issues with iTunes home sharing in any way and you’re behind a proxy server, this could be the source of your grief. Try turning your proxy server settings off and see what happens.

Tags: , , , , , , , , , ,

Remote Windows (SMB) Sharing over Secure, Encrypted SSH

October 10th, 2011 | No Comments | Posted in Networking, Security

Here’s a blast from the past. For years I’ve kept an engineering notebook. Simply because after about a decade of playmaking, everything started to blur. Who, what, how and when started to just get hard to track. (And I still haven’t written down everything unfortunately — which really is just a tad irritating when I have to reclimb a mountain once already conquered… :-))

So from time to time, I may reach back and post something of interest, esp. if I’ve had a hard time finding the solution anywhere else. (There’s a million things I’ve done that everyone else has done. You don’t need this blog for that. Click here to find those. :-))

So, once upon a time — I’ll not state the time, place or occasion — I wanted to connect to my Windows shares at home from a remote location inside of a firewall. Now, everyone knows SMB and Windows file sharing in general is notoriously unsecure. How to do this without exposing myself and the network I was on? Enter the old trusty companion, SSH. Here’s how we do it, picking up from a post several years ago:

Original Posting

It’s not too hard to run a remote LAN connection over an SSH tunnel on Windows.  Assuming the SSH tunneling aspect of this is already in place (via Cygwin, PuTTY or something else), here’s what we need to do:
More »

Tags: , , , , , , ,