Windows 10: Return of the Start Menu and A Whole Lot More

Windows 10 is out!

Everyone is frantically downloading Microsoft’s new FREE upgrade.  It looks to be packed with features but I’d like to save that discussion for a few weeks or so after using it.  Aside from being really buggy, Microsoft has delivered on the promise to return the Start Menu to its rightful home but yet they brought so much more.  By offering a free OS Microsoft is hoping that Windows will deliver profit in the ecosystem rather then the operating system itself. Continue reading

Establishing a DMZ

I have now completed my DMZ!  In adding a real firewall to my network, I wanted to take the opportunity to create a proper DMZ.

What is a DMZ?

DMZ stands for Demilitarized Zone.  A DMZ is an area of your network that is semi-trusted because it is accessible from the public internet using specific white listed or allowed ports.  It’s semi trusted because of this access and the sheer fact that it is accessed by people daily.  Typically, and in this setup, a DMZ can be accessed from your LAN or using Jump Servers.  Hosts on the DMZ cannot access the LAN as connections must be established from the LAN side or white listed ports. Continue reading

Field Day as it relates to IT

This past weekend many HAM operators participated in Field Day.  For some this is a large contest where operators try to make as many contacts as possible.  For the majority of HAMs this weekend is testing their skills and practice for the emergencies we support.  This year the Amateur Radio Relay League encouraged participants to work with emergency power.  HAMs also are encouraged to go outside of their “HAM Shack” to operate and setup with less than ideal situations.

In IT, we have a term for this, Disaster Recovery.  HAMs are essentially practicing under DR.  High stress situations where one needs to get the communications network back up.  Sounds a lot like work doesn’t it?

YES!

That is the fun and the beauty of it.  HAMs, just like IT Engineers, need to practice to be able to quickly restore connectivity.  This practice could be the difference between helping during an emergency and having to sit out.  In IT, this DR exercise leads to MTTR or Mean Time To Recovery.

I hope everyone had a productive DR exercise at Field Day!

73,

WA8LIV

D-Star + DVMEGA = DV Hotspot

Ever since Hamvention I have been intrigued by digital voice and the ability to set up a Hotspot.  Like a WiFi hotspot, one could connect to the DStar network and connect with reflectors from something resembling a wireless AP.  Rather then transmit and receive the 802.11 standard maybe it could perform GMSK modulation on the 440Mhz, 70CM band.  This is very possible and luckily for us people have built Raspberry Pi images supporting this functionality.  The fine folks at dvmega.co.uk make a great kit for this.  Karl will even send one pre-programmed for those who aren’t comfortable using Linux or Raspberry Pis.

Continue reading

The need for a better home router (Part 1 of probably many)

A few months ago, I took the plunge and finally acquired better networking gear for the home.  For years, I have worked with professional equipment at Ohio University and on the job with Progressive.  For some reason, when I came home names like Linksys and Asus became reasonable options for routers and switches.  DD-WRT and flashing my router were commonplace as I could “upgrade” my consumer gear to something that was still consumer.  Not really an upgrade…

I finally chose to get a tiny APU4, a low-power server’esque device that can run pfSense.  pfSense has been a pleasure!  It’s got really neat graphs, packet captures on every port, logging, ntp, all the bells and whistles a developing network engineer could want.  One of the best features is that it can run Snort as a downloadable package.  Snort, is an intrusion prevention system and intrusion detection system or IPS/IDS.

The ability to run Snort has opened my eyes to why the consumer needs a better home router.  Snort can identify patterns or signatures of various known attacks and can deflect them based on these known patterns.  These patterns can be updated and are updated very frequently.  It will log these patterns and hopefully deflect the attacks.  It has been written (by USA Today) that a Windows XP SP1 computer can be hacked within 4 minutes.  A home firewall is simply not enough or sophisticated enough to catch and defend against complex attacks.  Home firewalls typically include basic firewalls designed for NAT.  This no longer is applicable though as NAT is no longer needed with IPv6.A buddy and I have always joked that NATing is “a poor man’s firewall.”  I certainly will not condone using NAT as a firewall as that is not it’s intended purpose.

Blocked

Blocked Hosts in the past hour

pfSense_recent

Recent attack signatures identified by Snort

With Snort, I can view the attempted attacks within the past hour and view what the attack signature was.  Even as an IT professional, specializing in networking, these logs hit home.  I knew that the world is a dangerous place but I did not expect some of the complex attacks snort is defending against.  Attempted SQL injections on my public IP address surprised me as I wasn’t running any servers when I first installed snort

These logs shocked me.  Home routers need to up their game in my opinion.  I am hosting a Pi for a webserver, with protected ports but what about grandma who just wants to play Mahjong and check email?  She won’t probably have IDS/IPS at home and is being attacked just like I am but is her system defending?

Protect yourself and realize that I focused primarily on IPS/IDS.  I didn’t even begin to mention how vulnerable the Linksys and Asus routers actually are.  I’ll let these links [1, 2] do the talking for now.  Even pfSense is vulnerable but the ability to catch patterns could secure even those vulnerabilities.

I’ll probably do a few more of these focusing on other areas.  I’ve been so impressed with Snort that it deserved “first dibs.”

73,

-WA8LIV

The ID-5100a is in place, a tour of the shack

I considered “christening of the Hamshack” for a title but didn’t feel this truly was the beginning.  For over two years my Hamshack has been wherever I am using handheld radios.  For the first time since growing up I am establishing a radio home for myself.  Since I live in an apartment what better place for a Hamshack then my living room?

Controlhead

My Control head and side table

The head unit for my ID-5100a will live on a corner table.  From here i can tilt it towards me for a comfortable operating position with me comfortably sitting in the couch.  This corner table has a lamp for light as well as a wicker enclosure to hide headphones.  In beginning to build this shack I wanted to hide as much as possible.  I made sure to put the gear somewhere accessible, yet somewhere out of the way.  When I’m not using the radio I place the control head farther back on the table out of my way.

baseunit

Under my couch where my gear is stowed

The couch in the picture also hides my power supply and actual base of the radio.  The handmic lies on the floor allowing me to reach for it when it is needed.  The power supply and radio are connected using powerpoles for easy set-up and eventually portability.  When I get a battery someday it will most likely run on powerpoles.  This will make setup and tear-down easy.

 

Antenna

Antenna hidden behind the couch

Behind my couch is my vertical radiator or simply antenna.  For an antenna, I am using a SuperAntenna’s MP1.  Rather than load it for HF, i have left the loading coil in my go-box.  I have made sure to use properly tuned radial wires with the antenna.  The top of the antenna is about  six inches above where my window begins allowing signal to pass.  The coax and radials are neatly hidden behind the couch and behind a fake tree hiding the antenna.  Again, this antenna is very portable.  Once I get a portable battery I will be able to tear-down this antenna and toss it in the go-kit.

 

So far this setup has worked well.  I have been able to make good 2M and 440Mhz contacts using it.  My noise level is a bit high but that is a product of being indoors and having a 5th floor apartment.  All in all I was able to check into my first net hitting the local repeater with a 5×9 signal report.

 

Other thoughts:

I also wanted to try and push more pictures, 3 in one blog post will test the Raspberry Pi.  Load times will most likely be slow but on 1Mbps upload that is expected (please dont DDoS me).  PHP caching will ease this a bit as the project moves forward.

 

73,

-WA8LIV

Hamvention: New Toys and Learning to use them

The 2015 Dayton Hamvention is in the books!  It was a wonderful time.  This year truly proved the popularity and wild growth of digital forms.  Even in a hobby, one can relate the lessons learned to the workplace.  I’m quite fortunate, being a HAM and a Network Engineer I can really study both in tandem.

I finally have a good 2 Meter and 70CM kit!  I decided to splurge and purchase an ID-5100a giving me the capabilities of Digital Voice and hopefully soon Data.  I don’t see a problem with this “newfangled” methodology of radio.  The POTS line is dying and frankly maybe too should FM.  Digital Voice ushers in a new age of radio with less static and more efficient use of precious bandwidth.  In terms of business Digital Voice means replacing multiple DS3s with single OC circuits.  IT calls this Converged IP.  It’s here to stay so maybe the old HAMs need to embrace it.  It’s evolution and I believe it’s here to stay.

Where HAM radio falls behind the professional world is the lack of inter-operable communication methods.  Yaesu’s System Fusion and ICOM’s D-STAR are not able to talk.  Even being in the same family tree these two versions lack what FM will always enjoy.  DMR, P25 and other forms exist too in the professional space with walled gardens between vendors.  For the professional world the lack of is less of a big deal as businesses choose a single vendor for standardization.  In the Amateur world there must exist basic inter-operability.  A major purpose for HAM Radio is to perform public service.  In an emergency we as HAMs must be able to communicate.  If we cannot communicate, than we aren’t doing out job.  I hope the systems of future are inter-operable, without this functionality FM is here to stay alongside.

I can’t wait to send pictures using Data and Bluetooth.

73,

-WA8LIV