Archive for the ‘Home’ Category

Sometimes convenience costs too much

Posted: December 11, 2019 in BBQ, General, Home
Tags: ,

I volunteer on a local Community  Emergency Response Team (CERT) and we are lucky enough to have gotten enough donations and grants to afford a command trailer that we have fitted out with first aid gear, radios, computer, monitor, video feeds and most important heat and AC.  We use it to keep track of weather and such we we work various community events.  In a real emergency the police or fire department might come in and take over as a primary HQ for the duration of an emergency but that is why we have it.

Anyway in the last year we added a propane RV generator instead of an external gasoline generator that made a huge racket.  We have 2 40 lb propane tanks to feed the generator.  With both tanks full we can generate power for 24+ hours, quite nice.

Because the tanks are 40lb size you can’t just take them to the exchange places at the supermarket or a big box store, you actually have to fill them at a propane refill station.  I was tasked with helping one day and we went over to a local store that had a propane station for refills.  They charge by the gallon for propane be it 1lb or 100lbs.  Easy right?  So they put a tank at a time on a scale and start filling.  One tank was dead empty, the other still had some gas left.  About $40 and change later we paid and left.  And I started wondering how could we fill 2 40lb tanks for $40 and change?  One tank was dead empty and the other did have some gas but I pay $18-$19 for a 20lb refill tank at the grocery store.  Hmmm……. Now the grocery store is just around the corner so very very convenient especially when I run out when we are grilling dinner and both of the tanks I own are now empty.  (I have two tanks just to avoid that but somehow it still happens).

The price difference of two (2) 40lb tanks compared to one (1) 20lb tank was just too much for me to ignore, so I went home grabbed my empty tank and went to the propane filling station.  We dropped the tank on their scale and sure enough it was dead empty.  They filled it to 20lb and the price was less then $11.75!  Yikes.  Then the kind gent that was filling the tank pointed out that I had been paying for 15lbs of gas at the swap station not 20lbs.  It said so right on the label from the tank swap company.  So lets see, if I had bought 15lbs of gas I would have paid $8.93 for 3.57 gallons of propane so I paid almost $10.00 extra for the “convenience” of the grocery store!

Now granted a 20lb propane tank has to be re-certified after 12 years (the month and year is stamped into the collar of the tank and again every 5 years after that.  I use at least 4 tanks a year usually more so I’ll be saving at least $40.00 – $50 a year by filling my own tank to 20lbs instead of swapping my tank for 15lbs.  I can replace the tank with a new tank for less then $30.00, problem solved and I end up saving at least $450 – $570 over the 12 years.  I’m sure that I could shop around and find the swap tanks cheaper but no where as cheap as filling them at a low cost filling station.  Really “Sometimes convenience costs too much”.

Do your own math, for those of you who burn propane how many tanks a year do you burn?  I have a friend who uses at least 2-3 x what I burn they have outdoor heaters to go along with their grill for winter use and they REALLY suck up the gas.

 

I started a company about 18 months ago, Secured by THEM. It’s a small company that I created to help small businesses be more secure on their networks.   There are bigger business that do this but they are not targeted at small businesses.

It was shocking to me what I’ve discovered since I opened the business: Any company with a cable modem as their primary Internet access has it set up incorrectly.  If you get your Internet connectivity from a cable company your cable modem is your first line of defense against Internet intrusion (being hacked).  If it’s not configured correctly it leaves a gaping hole in which crackers can reach in and infect your machines.

Apparently the tech’s that install cable modems are taught to pull a cable into the house or office, attache the cable modem to it and power it up.  If it boots and turns on the correct lights in the right order, it’s “good” and ready for the customer!  Usually the cable person attached a computer to the device and if they can reach the cable companies web site they are done.  If the cable modem has a standard default password like “password” the tech will change that some something random and write it on the side of the modem, but now a days, most new cable modems come from the factory with a random password assigned.

Little or no testing is done and little to no configuration at all.  What makes this even worse is how little you can do to correct the situation especially if it’s a “business” installation,  you’ll have a little more luck with a “home” installation.

If you are a business class user with many cable companies business class service you are out of luck you, can’t get the password and you can’t log in, the only thing you can do is buy a firewall and ask the cable company to bridge the modem to the firewall. (And of course setup the firewall correctly.)  I’ve watched some of the folks do installs and they leave the modems as they come out of the box!

If it’s a home based business you have the password to the cable modem (it’s usually on the side or bottom of the device) so you can log in and correct some basic mistakes.  But depending on the company and the cable modem you might be better off buying a firewall too.

Lets talk about what settings I consider to be  critical:

  1. Firewall functions turned on and set to the highest settings that allow you to get work done. (Medium or High)
  2. Universal Plug and Play protocol  (UPnP) turned off. The UPnP protocol “Internet Gateway Device” is not secure and can be used open your firewall up and make it easy to access machines in your network.
    1. See http://www.upnp-hacks.org/igd.html
  3. Primary WiFi network security using WPA2 or better security turned on.  WPA1 and WPA2 were cracked in September of 2017 and requires patches to be secure.
  4. WiFi Guest network turned on with WPA2 or better security turned on. Never leave WiFi access unprotected, never.
  5. If possible turn on 2 or 3 separate Guest networks, one for any device you own that leave the network and come back (phones and laptops) and one for Internet of Things (IoT) devices, friends and acquaintances” that ask for WiFi access.
    1. Coffee Shops can be places of infection.
    2. IoT devices in many many cases have little to no security and no security updates available.  More security issues in 2018.
  6. Remote access turned off.
  7. Turn logging on, it’s normally turned off.

Settings I consider to be important but you might not, or might not have.

  1. Static IP addresses via the DHCP server for each computer on the network.
    1. MAC address lockdown on the DHCP server so that no computers can get an IP address on the network without being manually added.
    2. You might only have this for the WiFi connections, some devices limit MAC address lockdown to only WiFi.
  2. Remote logging of cable modem logs to a computer that can store them for a couple of weeks vs the usual couple of hours or a day.

This blog went a little longer then I expected, so I’ll pick up with my next blog showing how to secure a Motorola Cable modem.  From there I’ll show setting up a Linux Firewall.