Category Archives: News

DHCPatriot 7.0.0 Enters Beta

DHCPatriot 7.0.0 has entered the beta testing phase.

Some key features of this version:

  • It is now possible to send a timezone offset other than UTC to DHCP clients
  • Customer status (active/suspended) can now be managed directly from the View Authenticated Users screen
  • The DHCPatriot web based GUI now supports LetsEncrypt
  • A Known Clients list, similar to same in DHCPv4, is now supported in DHCPv6
  • The API now supports JSON returns in addition to XML
  • Open-VM-Tools are now available on VMware DHCPatriot systems

Full patch notes available here.

If you are interested in participating in beta testing, please let us know:

By phone: 800-578-6381 option 3
By email: dhcpatriot@network1.net

USB 4.0, here we go again …

Ever heard of the USB Implementers Forum (USB-IF)? Chances are you have lived your life up until this point and never realized such an entity even existed. Obvious by its name, they are the group that decides the fate,
follow through and future of the USB tech standard. And they are set to make some changes, once again.

Odds are you probably, only now, have a few devices that utilizes the USB 3 type-C connection as its primary source of power and data. And while we’ve had USB 3 in various capacities and form factors, the type-C interface really helped cement the concept that version 3 is here and is now the future.

Funny how time flies, because the USB-IF have published their specification for USB4. Beginning in 1996, USB as we’ve come to know it has been the largish Type-A, only fits one way, connector. Now over 20 years we have USB 3 Type-C and everyone’s dreams were fulfilled with the universal style connector that can be plugged in via any orientation. However, our dreams will not be dashed, nor will we have to buy all new cables, yet again!

USB4 will operate on all Type-A and Type-C style plugs and be backwards compatible with USB3.x and USB2.x devices. The real difference is now it is also compatible with Thunderbolt 3. The Thunderbolt technology was designed and licensed by Intel exclusively for many years. It has always been a faster way of transferring files than USB, thankfully, that’s finally changing now as USB and Thunderbolt finally unite. The current USB3.2 spec caps out at 20 Gbits per second, while Thunderbolt 3 tops out at 40 Gbit per second! The only trouble is that any device that wants to announce its USB4 will work with Thunderbolt 3 will still need to be certified by Intel. A fact which makes Thunderbolt the less common standard in the industry as it allows Intel to exert certain control in the mix.

USB4 will also feature USB3 Power Delivery technology with a peak capacity of 100w of electricity over the cable. It will also feature intelligent and dynamic bandwidth sharing. This will allow it to automatically adjust data rates to what is demanding it more at that time. An example might be a large file transfer to an external drive would take precedence over video
frames being pushed to your monitor. This will squeeze every last bit of efficiency out of its new 40 Gbit speed abilities.

When will you see your first USB4 devices? This year, 2020. But like with other versions of USB it will take awhile to fully catch on, so you have plenty of time. At least the baby can stay in with the bath water since each new standard supports the last. That means you can keep the gear you like, longer – and that’s a good thing.

FNGi COVID-19 Response

To: All FNGi Customers
Re: Coronavirus (COVID-19) Readiness/Planning

With the current uncertainties, I want you and all of our valued clients to be certain and confident that First Network Group is here to serve your needs and those of your customers. To that end, I want to update you on our status and planning.

Please know that while all things Coronavirus (COVID-19) remain fluid and subject to change, at the present time, our departments remain open on our regular 24/7 schedules, we are actively monitoring and managing your network and server infrastructure. All DHCPatriot work continues as normal in upgrades and support. As well as providing end-user technical support, call center service, and Lawful Intercepts to your customers, and we stand ready to be there for you.

We have escalated internal policies and procedures that minimize the risk of exposure to our employees and their families as we are confident that you have too. Departments that are well suited to work-at-home have already begun the transition as practicable. 

In addition and at this juncture, we have no plans to close our offices, but if the need for that arises we will also migrate all call center services to a telecommuting model. That transition should be seamless for you and your customers.

Again, we see no need for those alternate operations at this time. 

We are honored to be at your service, and as always, feel free to call or write as questions arise. 

Respectfully,
Stephen C. Walter
Founder, President & CEO

Wi-Fi 6 is Here

Does your laptop support 802.11n, 802.11ac, or 802.11a10? If you don’t know you’re in luck and if you didn’t realize one of those protocols was not real, your life is about to get better.

The Wi-Fi Alliance, the body that sets all the standards and protocols for each for of Wi-Fi technology, is finally going to drop the archaic numbering and lettering scheme. The next revision of Wi-Fi will be known as Wi-Fi 6
(technically 802.11ax).

“For nearly two decades, Wi-Fi users have had to sort through technical naming conventions to determine if their devices support the latest Wi-Fi,” said Edgar Figueroa, president and CEO of Wi-Fi Alliance. “Wi-Fi Alliance is
excited to introduce Wi-Fi 6, and present a new naming scheme to help industry and Wi-Fi users easily understand the Wi-Fi generation supported by their device or connection.”

The naming scheme will go backwards as well.

  • Wi-Fi 6 to identify devices that support 802.11ax technology
  • Wi-Fi 5 to identify devices that support 802.11ac technology
  • Wi-Fi 4 to identify devices that support 802.11n technology

The Wi-Fi alliance has approved the new logos and descriptions of the naming system to be used by anyone meeting the standard (basically everyone).

And even though we are now past the big holiday shopping season, we’ve only seen a few of these products enter the market and be branded as such. Look for all of that to change as consumer network manufacturers begin
their push to the new labeling standard in earnest now.

Wi-Fi Protected Access v3

Currently, the best way to secure your wireless networks is using Wi-Fi Protected Access v2 (WPA2). However there are still some issues regarding how this system functions. Last year’s KRACK vulnerability has proven that
this 13 year old security protocol needs redone.

At this year’s Consumer Electronics Show (CES2018), the Wi-Fi Alliance debuted the version 3 of WPA, increasing the security capabilities of the process in several ways.

WPA3 will now support 192-bit encryption natively (with an assumed 48-bit initialization vector) and the Dragonfly Protocol (aka: Simultaneous Authentication of Equals (SAE)). Even the link between the device and the router, for example in on a public network, will be entirely encrypted as well.

The Dragonfly Protocol (SAE) allows for a cryptographically strong shared secret for securing other data– e.g. network communication. SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available. It is a peer-to-peer protocol, has no asymmetry, and supports simultaneous initiation. This will take most of the pressure off of users who do not create secure of varied enough network passwords and make linking devices (mesh networks) easier and just as secure.

The Wi-Fi Alliance has just finalized the spec on WPA3, so don’t look for it to enter the consumer realm in the current hardware cycle. Devices that feature WPA3 abilities are expected to reach the market in Q3 of 2018. WPA3 will only work if both devices are capable of using it and first party support from all major operating system vendors is expected in a timely manner. Until then and even after, WPA2 is not going away entirely. This cut over to WPA3 will be a natural and gradual process as new equipment and software come out that can utilize it.

While waiting for WPA3 firmware and hardware to be released to the public, currently the safest method of securing your WIFI is to utilize WPA2 security with AES encryption. While there are ways around WPA2, the likelihood of that happening compared to other security measures is quite low. Other best practices is to remember to rotate your password every few months or not broadcasting your SSID so people out snooping won’t even see your network. It’s also a good idea to log into your router and check the various devices attached to your network and take an inventory every few months as well.

First Network Group, Inc. Proudly Completes One Million Support Calls

FOR IMMEDIATE RELEASE

First Network Group, Inc. Proudly Completes One Million Support Calls

Handling their first support call over 20 years ago, First Network Group, Inc. reaches another  major milestone by making their One Millionth support call!

Wapakoneta, OH (July 2017)

First Network Group, Inc. is proud to announce a major milestone in the history of the company– their one millionth call produced by their Technical Support and Customer Care Call Center.

Small businesses are judged by longevity and First Network Group has already proven their mettle in that area by surpassing 20 years in business in July 2016. However very few companies can claim the benchmark of one million support calls. If you think you’re on the phone a lot, making one million calls adds up to nearly 400 days of non-stop talk time!

The past one million calls have been made been made at First Network Group’s home office, in the small town of Wapakoneta, Ohio. Each one of these calls has focused on providing the special type of warmth and neighborly approach that can only be found in a small Midwestern town.

First Network Group has always maintained a customer first attitude, which explains why they’ve been so successful. “We’ve always said, we could support Internet, TV, telephone or whatever, but at the heart of it all was the desire to help make someone’s life easier and more enjoyable through the use of technology,” states Cory Lykins, Vice President of Tech Services.

Small town values, a customer-friendly and focused approach and dedication to bringing technology in reach of everyone– it’s clear to see why First Network Group has enjoyed so much  success through the years.

About First Network Group, Inc.

First Network Group Inc. is a specialist in building and maintaining Internet Service Provider Networks. Based in Ohio, it provides Server Administration, Network Engineering, and 24×7 emergency monitoring to reduce ISP/NSP downtime. FNGi developed and sells the DHCPatriot– a DHCP accounting and authentication server appliance. FNGi has a flexible and robust Call Center that provides multi-product End-user Technical Support Services and Customer Care options 24/7/365.

www.network1.net

Press and Media Inquiries
Cory Lykins
First Network Group, Inc.
P: +1-800-578-6381
E: info@network1.net

###

DHCPatriot 6.1.0 has entered beta testing!

We will be contacting certain DHCPatriot customers to inquire about helping us with beta testing. If anyone would like to help us beta test, please feel free to contact us and inquire about beta testing!

Email: DHCPatriot@network1.net
Phone: 800-578-6381 opt. 3

Here are the current patch notes for 6.1.0:

  1. Previously ‘Auth DHCP Config -> Exclude IP Address’ did not expose the ‘Limit Displayed Entries’ box. This made searching within the list impossible. This has been resolved. The box now appears and searching of this list is possible.
  2. Filesystem trim support is now triggered on boot in addition to once daily.
  3. Swappiness is now reduced to 5% on boot.
  4. Trim is now activated on the boot flash in model 2013-1 and newer DHCPatriot systems which contain such flash.
  5. Comma Separated Value (CSV) exporter will have commas stripped from the fields as this can obviously cause a problem for comma separated value files if there are rogue commas in the file.
  6. Performance module from the upper right has been hidden on virtual systems. This due to our inability to predict the hardware available in a virtual environment.
  7. Moderate performance bug in Usage Graphs data collection found and repaired.
  8. Disabled subnets ip counts now removed from total available IPs. Previously it made no impact on the counts of available addresses or the warnings about networks being full.
  9. Sessions will now move with a subnet if a subnet is moved to a different shared network or a different type of DHCP (such as auth -> standard). Some times in the past, a subnet would be moved. Sessions would continue. But they would disappear because they were still tied to the old shared network that wasn’t their home anymore. The sessions would show up in search sessions, but not in the counts on view address usage and the graphs. They still won’t immediately show up even now, but as they renew, the count will become correct.
  10. Preliminary support has been added for temperature monitoring. In a future release, the data will be added to SNMP output and server status web administration interface function.
  11. On certain systems, syslogd can have a tendency to not restart properly after log rotation. This seems to be limited to VMware systems. To counteract this, detection and starting of failed syslog has been implemented.
  12. A problem was fixed in the Built-in Authentication where a response couldn’t be obtained if the user was suspended. This could allow the user to stay online when they shouldn’t have been. This has been corrected.
  13. A new backend feature has been added such that authenticated devices are added and removed directly from the DHCP server. This means that a DHCP server restart is no longer required when user devices are authenticated or get suspended. This will result in greater DHCP server availability than is present prior to 6.1.0. Please note that this is a rather substantial change in operation of the DHCPatriot and as such there could be some unknown bugs present. If any are discovered, we will get a patch out as soon as possible.
  14. Standard DHCP Actions -> Known Client will now automatically translate any single quote ‘ to a back-tick ` to avoid problems with queries as the entries are used during DHCP actions.
  15. Standard DHCP Actions -> Static IP Assignment will now automatically translate any single quote ‘ to a back-tick ` to avoid problems with queries as the entries are used during DHCP actions.
  16. API: The API log messages have been enhanced. More descriptive log messages for API actions and failed logins / errors and the like are now available. These can be searched by going to System Configuration -> System Logs and selecting index for the Daemon and entering *API* in the Search Text box. In certain instances, this may impact returned error messages for the API. Please ensure that your API scripts still work after updating.
  17. API: The Known Client API calls previously did not properly restart the DHCP server when performing actions. This has been corrected.
  18. User Admin Restriction fix implemented. Previously, if you had an auth network selected but no standard, it showed you all standard networks. Also, if you had a standard network selected but no auth, it showed you all auth networks. This behavior has been corrected. Now, if you have at least one from one of the types selected but no other, all of the non-selected networks are hidden regardless of whether they are auth or standard. This makes this feature behave as was intended and per the descriptive text of the feature. Network restrictions are a convenience to hide networks which a particular administrator has no interest in (such as might be the case if multiple companies are sharing a DHCPatriot system). It is located and configured in System Configuration -> Administrators on the web administration interface.
  19. VRRP for IPv6 has been added. Set this up under System Configuration -> General Setup in box 14. The IPv6 addresses of the DHCPatriot devices as well as the VRRP address must all be in the same subnet.
  20. Corrected various spelling errors in response messages.
  21. API: The Deny MAC Address list can now be added to and removed from via a new API function. To Add:
    https://patriot.network1.net/cli/?username=apiuser&password=apipass&function=DenyMacAddress&action=ADD&mac=00:00:00:00:00:01&note=A%20TEST%20OF%20API%20DENY%20MAC%20ADD
    To Remove:
    https://patriot.network1.net/cli/?username=apiuser&password=apipass&function=DenyMacAddress&action=REMOVE&mac=00:00:00:00:00:01
  22. A new area has been added to configure permissions for the various functions available on the DHCPatriot system web administration interface. We called this Set App Permissions and it can be found under the System Configuration menu. This can be used to adjust the permission levels so that custom administrator levels can be created hiding / showing certain things to various administrator levels according to requirements.
  23. DHCPv6 Option 18 and Option 37 are now supported on the DHCPatriot system. They are only supported in the case that they are ASCII text strings (as was the case with option 82 support in DHCPv4). These options will be recorded with the DHCPv6 sessions.
  24. DHCPv6 sessions are now being recorded in the database.
  25. DHCPv6 sessions are now searchable in DHCPv6 (IPv6) -> Search Sessions. You can search by Client DUID, IP Address (which will also search delegated prefix), options 18 and 37, date/time and show only online devices. Additional parameters shown (Username and MAC Address) are not yet relevant and there for future development. The search results look similar to those available in DHCPv4.
  26. A new DHCPv4 setting has been exposed. The One Lease Per Client flag can now be toggled in System Configuration -> General Setup. This flag has always been there and is thus enabled by default. The DHCP server is instructed to allow only one IP Address per client. If a client requests a new lease, the previous lease is released. In 99% of situations this is the desired behavior. Recently, we have encountered a situation with a customer where multiple IP addresses per client is desired. Thus we have exposed this setting. If disabled, a client will be able to obtain and use multiple IP addresses simultaneously.
  27. Extra DHCP settings for DHCPv6 have been added to System Configuration -> General Setup. This works in a similar manner to the extra settings for DHCP except on DHCPv6 instead of DHCPv4.
  28. A problem was corrected where, under certain rare circumstances, stop time could be one second less than start time causing session time sent to the radius server to be -1 which resulted in session time appearing to be the largest possible positive unsigned 32 bit integer from the RADIUS server’s perspective. session time will now be adjusted to 0 in this case.
  29. View Address Usage now appears in DHCPv6 complete with the ability to click the subnet and see a list of users in the subnet. Graphs are not yet present and will appear in a future version.
  30. It is now possible to disable subnets in DHCPv6. This works much the same as it does in DHCPv4. The only difference being that Prefix delegations are dependent on a subnet, and so if a subnet is disabled, all of the prefix delegations dependent on that subnet will also show disabled in view address usage.
  31. Prefix Delegation has been split off from Dynamic Subnet allocations in DHCPv6. This allows multiple Prefix Delegation pools to be setup per subnet. Access Prefix Delegations in the DHCPv6 (IPv6) -> Prefix Delegation menu item. At time of install of 6.1.x, any prefix delegation pools that are setup with a subnet will be moved to this area.

DHCPatriot 5.5.0 has entered beta.

We will be contacting specific system owners and asking them to join our beta test period. If You would like to be a beta tester, please contact us at dhcpatriot@network1.net or 800-578-6381 opt. 3

Here are the changes in 5.5.0:

  1. API: A new API feature allows the retrieval of the entire list of users from Built-in Authentication: User Maintenance (or some sub-set thereof) from the DHCPatriot. The results can be limited by Identifier, username, static IP, simuse and status. Here is an example URL of the API call:
    https://patriot.network1.net/cli/BuiltInAuthAPI.php? function=BASearchCustomers&username=apiuser&password=apipass&identifier=Jim%20Smith&user=jsmith&staticip=1.3.5.7&simu se=3&status=Active
  2. API: A new API feature,GetNetworkConfig, provides all of the DHCP subnets in one xml return. Here is an example URL of the API call:
    https://patriot.network1.net/cli/?function=GetNetworkConfig&username=apiuser&password=apipass
  3. API: Added a new set of API calls that provide the ability to add, edit, delete and list the known client entries. This is basically an API interface that lets you perform all of the known client (Standard DHCP Actions -> Known Client) operations. See below for example API calls:
    Add: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=ADD&mac=01:03:05:11:10:09&IDENT=Jose%20Aldo&TFT Pfile=some.file
    Edit: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=EDIT&mac=01:03:05:11:10:45&IDENT=John%20Doe&TFT Pfile=some.other.file&id=5
    Delete: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=DELETE&id=5
    List: https://patriot.network1.net/cli/? function=KnownClient&username=apiuser&password=apipass&ACTION=LIST

Continue reading

The End of Windows XP

Twelve years ago, Microsoft released Windows XP. After 3 Service Packs and well over 300 updates, Microsoft ended their official “Mainstream Support” for Windows XP on April 14, 2009 and it entered the “Extended Support” cycle for Windows XP. On April 8, 2014, Microsoft will end their “Extended Support” cycle for Windows XP closing the final chapter on one of the most successful operating systems in the history of computing.

Windows XP was so successful that it took nearly 30 months for their Windows 7 operating system to overtake the global Windows XP install base. Today Windows XP still enjoys an install base of ~35% or roughly 800 million of the world’s computers.

What  does  the  end  of  the  “Extended  Support”  cycle  for  Windows  XP  mean  moving forward?  The  Mainstream  Support  life  cycle  allowed  Microsoft  to  release  “hotfixes”, security  updates  and  provide  direct  commercial  and  end-user  support.  The  “Extended Support”  cycle  moved  the  product  into  only  receiving  security  updates  to  the  product and ended all other support. While Microsoft has made some allowances in the past for profound security-related issues for products outside of their Support Lifecycle system, on April 8, 2014, Microsoft will no longer be providing any new updates to Windows XP, including “hotfixes”, service packs or security updates.

This will expose Windows XP users to a myriad of new and evolving security, malware and virus threats. Microsoft Security Intelligence Report volume 14 (PDF) reports the following infection rates by operating system and service pack for the fourth quarter of 2012. While Windows XP Service Pack 3 has made a significant reduction in the amount of security vulnerabilities and infections on the XP platform, XP still leads the pack in infection rates across all Windows operating systems. The combination of large user base with lack of security patches leaves a large target on the venerable operating system.

To mitigate the risk moving forward, users must begin the transition from Windows XP when and where possible. The best option would be moving towards the latest operating system, Windows 8, as it is the most secure and reliable system Microsoft has yet to produce. That might not be an option for many people, so the next best option would be Windows 7. Between Windows XP and Windows 7 was Windows Vista, however, Vista is not an option as it is also nearing the end of its support life cycle.

Infection Attack Vectors Q4 2012

Infection Attack Vectors Q4 2012 by Operating System

If Windows XP must be used, for whatever reason, then a hardened security presence on the system must be maintained and updated regularly. There are many anti-virus, anti-malware and firewall software options available from Microsoft and third party vendors – both free and paid. The number of unprotected or under-protected Windows XP systems moving forward could create a ticking time bomb if left unchecked and unprotected.

We are urgently recommending the following actions be taken when and wherever possible:

  • Upgrade. Windows Vista and 7 will still be supported for a few years and Windows 8 even longer.

If you must continue to use Windows XP:

  • Make sure your copy of Windows XP is running Service Pack 3.
  • Stop using Microsoft’s Internet Explorer entirely. Use only a currently updated and supported web browser like Mozilla Firefox. Access to Internet Explorer can even be fully removed via the “Windows Components” feature in Add/Remove Programs.
  • Stop using Microsoft’s Outlook Express entirely. Use only a currently updated and supported email client like Mozilla Thunderbird or better yet a web-based email client.
  • Uninstall the Java runtime environment from your computer unless you absolutely cannot live without it.
  • Install a supported anti-virus client. Keep it updated and do a full system scan weekly.
  • Make sure Windows Firewall is enabled or use the one that comes with your 3rd party security software.
  • Limit your installation of programs off the internet to only trusted sites from trusted companies.