Security UPDATE--OpenWRT Firmware for Wireless APs--October 4, 2006


Manage Vulnerabilities. Defend Against Threats.

Rogue Applications and Media Devices

Ten Steps to Achieving Business Compliance



IN FOCUS: OpenWRT Firmware for Wireless APs


- Microsoft Releases Patch for Critical IE Vulnerability

- Symantec Reports on Current Threat Trends

- Windows Vista's Take on Least Privilege

- Recent Security Vulnerabilities


- Security Matters Blog: Firefox 2.0 RC1 Available

- FAQ: Controlling Group Policy Editor

- From the Forum: EFS and WebDAV over SSL

- Microsoft Learning Paths for Security: Multiple-Layer Defense for Secure Messaging

- Know Your IT Security Contest


- Encrypt Data in Flight and at Rest

- Wanted: Your Reviews of Products




=== SPONSOR: Core Security


Manage Vulnerabilities. Defend Against Threats.

Your IT and Security budgets are tight. This White Paper shows real-world case studies demonstrating the ROI potential of automated penetration testing.

=== IN FOCUS: OpenWRT Firmware for Wireless APs


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Before I return to our discussion of alternative firmware, I want to let you know about another portable Web browser. Last week, I wrote about Mozilla Firefox - Portable Edition and Torpark (see the article at the URL below). As I described, both these browsers can help protect your sensitive data by keeping it on portable media, such as a flash drive. A reader wrote to let me know about another portable browser that I didn't know existed: [email protected]

As the name implies, [email protected] is based on the popular Opera Web browser and is designed to be portable. Like Firefox Portable and Torpark, [email protected] helps protect your privacy by not leaving traces of its existence or activity on the computer you use it on. [email protected] is smaller than the other two browsers, weighing in at under 8MB. The current version is based on Opera 9 and installation is very simple: Just unzip the download package to a directory and fire up the browser. You can download a copy at

Two weeks ago, I wrote about DD-WRT (see the article at the URL below), alternative firmware for wireless access points (APs). One thing about DD-WRT that I didn't mention is that it's based on the code of another alternative firmware product, OpenWRT, which is our main topic of discussion this time.

The popular wireless router manufacturer Linksys developed a small Linux-based open source OS to drive its AP hardware. People took copies of this code and began tweaking it to fit their own needs. This trend gave rise to an alternative firmware product called Alchemy, which was also eventually published as open source. Alchemy led to a spinoff called OpenWRT, which in turn led to another spinoff called DD-WRT.

Unlike DD-WRT, OpenWRT is completely command line based. The standard distribution package doesn't include a GUI. This fact has its pluses and minuses. On the minus side, using a GUI is easier than remembering all sorts of commands and their associated parameters. On the plus side, not having a GUI makes the code base smaller, which can be a big deal when a given router has only so much storage and memory capacity. If your router has limited space or you prefer using a Linux command line, OpenWRT (downloadable at the URL below) is a good choice.

Like DD-WRT, OpenWRT supports quite a number of routers. You can check whether your particular model is supported by reviewing the hardware table, which includes some hardware that's been tested and found to not work with OpenWRT.

OpenWRT supports many security features that you might find useful, including a firewall based on ipchains, Wi-Fi Protected Access (WPA) encryption, Remote Authentication Dial-In User Service (RADIUS) authentication, and Dropbear Secure Shell (SSH) server. Add-on packages, such as OpenVPN (at the first URL below), are also available. If you need help configuring OpenVPN, visit the second and third URLs below.

Other useful add-on packages are listed at the URL below and include a mini Asterisk VoIP server, The Onion Router (TOR) server, a PPTP server, the Chillispot hotspot creation package, and handy shell tools such as Fyodor's Nmap and Dug Song's dsniff auditing and penetration testing suite.

As with any alternative firmware, be sure that it will work on your hardware and that you're relatively comfortable that you can configure it to your needs before you try to load it. Be sure to read the extensive OpenWRT documentation, and if you have questions, use the forum at the OpenWRT Web site.

=== SPONSOR: SecureWave


Rogue Applications and Media Devices

Threats to your data don't just come from the outside -- they can come from internally as well, whether a result of malicious intent or unintentional negligence. Download this free whitepaper today to learn to effectively establish and enforce security policies for all applications and devices in use on your network.



Microsoft Releases Patch for Critical IE Vulnerability

Microsoft released a security patch outside of its scheduled monthly patch release cycle to address a critical vulnerability in Internet Explorer (IE). Microsoft Security Bulletin MS06-055--Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) should be applied to all Windows 2000, Windows XP, and Windows Server 2003 systems, including Windows Server 2003 Release 2 (R2).

Symantec Reports on Current Threat Trends

Symantec said that according to data collected from its deployed products, attackers are shifting their attacks from network infrastructures and system services toward end users. The findings, from January through June, were revealed in the company's recent semi-annual Internet Security Threat Report.

Windows Vista's Take on Least Privilege

One of the most fundamental security changes in the oft-delayed Windows Vista will be the OS's new least-privilege support, embodied in the User Account Control (UAC) feature (formerly called the Least-Privileged User Account). Jan De Clercq provides an overview of this new security technology.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Surf Control


Ten Steps to Achieving Business Compliance

Learn the 10 steps you need to take to achieve corporate compliance, including operational visibility in all communication data. As an extra step, stop network assaults so that you can use the Internet confidently, both on and off your corporate network.



SECURITY MATTERS BLOG: Firefox 2.0 RC1 Available

by Mark Joseph Edwards,

On September 27, Mozilla Foundation announced the availability of Firefox 2.0 Release Candidate 1 (RC1). The new version includes many feature enhancements, a number of which are related to security. Get a quick rundown of the new features and a link to download Firefox 2.0 RC1 in this blog article.

FAQ: Controlling Group Policy Editor

by John Savill,

Q: How can I control which .adm files are used when I edit a Group Policy Object (GPO)?

Find the answer at


A forum participant is having a problem with Encrypting File System (EFS) and Web Distributed Authoring and Versioning (WebDAV). When he uses a Secure Sockets Layer (SSL) connection (via HTTP Secure--HTTPS) to send a file from a client to the WebDAV folder on a server, the client decrypts the file and stores the file in unencrypted format on the server without warning. Join the discussion at:

MICROSOFT LEARNING PATHS FOR SECURITY: Multiple-Layer Defense for Secure Messaging

Multiple layers of defense help protect your business by decreasing the likelihood that any single threat can compromise your network. Use these resources to learn about a broad range of Microsoft security solutions that can help protect your messaging environment: guarding the perimeter with Microsoft Exchange Hosted Services, adding a buffer and firewall protection with Microsoft ISA Server 2006, helping to protect internal messages with Microsoft Antigen, and using Windows Rights Management Services (RMS) to help safeguard sensitive emails and documents.


Sponsored by Microsoft Learning Paths for Security Share your security-related tips, comments, or solutions in 1000 words or less, and you could be one of 13 lucky winners of a Zune media player. Tell us how you do patch management, share a security script, write about a security article you've read or a Web cast you've viewed. Submit your entry between now and December 13. We'll select the 13 best entries, and the winners will receive a Zune media player--plus, we'll publish the winning entries in the Windows IT Security newsletter. Email your contributions to [email protected]

Prizes are courtesy of Microsoft Learning Paths for Security:



by Renee Munshi, [email protected]

Encrypt Data in Flight and at Rest

BitArmor Systems announced the availability of BitArmor Security Suite, software that encrypts data both while in flight and at rest whether on workstations or servers, portable media, or storage systems. BitArmor lets you set policies for data encryption, retention, and deletion and provides an architecture for managing encryption keys. BitArmor Security Suite is designed to accelerate industry-standard encryption algorithms to provide "wire-speed" encryption and to secure data without any changes to applications, networks, or storage devices. For more information, go to

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.



For more security-related resources, visit

Uncover Essential Windows Knowledge Through Excavator

Try out the ultimate vertical search tool--Windows Excavator. Windows Excavator gives you fast, thorough third-party information while filtering out unwanted content. Visit today!

Join experts Douglas McDowell from Solid Quality Learning and Andrew Sisson from Scalability Experts, as well as Intel insiders and other database professionals, to learn the latest about SQL Server and Oracle database mirroring, BI, 64-bit database computing, and high-availability. Coming to cities across the US this fall. Visit

Your business, like most today, relies upon its computing systems to store financial information, house proprietary data, and maintain communications channels. This increasing reliance also increases the dangers to your systems from security breaches, including viruses, spyware, spam, and hackers. Visit the Windows Protection Site at for the latest tips on safeguarding your system.

Learn all you need to know about code-signing technology, including the goals and benefits of code signing, how code signing works, and the underlying cryptographic and security concepts and building blocks. Download the full eBook today--it's free!

Learn from industry expert Michael Otey about different approaches to server consolidation and how to stop server sprawl by using consolidation and virtualization. Find out how to run legacy OSs, Linux, and Windows together and more using virtualization. You'll even get step-by-step instructions on building a virtual machine for Windows Server 2003. Live Event: Wednesday, October 18



Examine the threats of allowing unwanted or offensive content into your network and learn about technologies and methodologies for defending against inappropriate content, spyware, IM, and P2P.



Monthly Online Pass--only $5.95 per month!

Includes instant online access to every article ever written in Windows IT Pro, as well as the latest digital issue. Sign up now:

Save $40 off SQL Server Magazine

Subscribe to SQL Server Magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire SQL Server Magazine online article archive, which houses more than 2,300 helpful SQL Server articles. This is a limited-time offer, so order now:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.