Tag Archives: patch

Keeping Up with Updates

It is commonly understood that computer systems need to be kept up to date in order to keep them secure, and to fix bugs. End-user computers have updates that either automatically happen, or at least notify the user when they are ready to be installed. For servers, it is typical to have scheduled maintenance to install updates and reboot.

Unfortunately, network routers, firewalls, and switches are often not given the same care. There are several reasons that this may happen:

  1. The appropriate decision maker is not aware of the need
  2. There is a desire to not modify network devices that are deemed “working”
  3. There is a desire to not have any outages of network devices
  4. A support contract is often required to get the latest software.

For #1, it is simply a matter of education, which we hope this article serves to help.

For #2, it needs to be understood that by not keeping network systems up-to-date, you are potentially exposing your network to security issues, and denial-of-service attacks.

For #3, there are a variety of techniques to make your network redundant, so that outages caused by updates are minimal. These features also make your network more robust in general, protecting against device failure. First Network Group can help to design and deploy a network architecture that is less vulnerable to outages.

#4 should be considered as a required cost of doing business. Depending on the hardware vendor, the costs will vary. There are some vendors whose support contracts are significantly less costly than others. It is important to factor in the ongoing operational costs when deciding on the particular brand and model of gear for your needs.

The bottom line is that updates to all server, storage, and network devices are critical to keeping your network secure and available to serve your customers.

To discuss your options, contact Randy Carpenter, Vice President of IT Services: rcarpen@network1.net or 1-800-578-6381, option 2

DHCPatriot 5.3.0 has been released

Arguably the most important new feature in this build is the floating IP support implemented with Virtual Router Redundancy Protocol (VRRP). This is the last piece of the puzzle in making the DHCPatriot completely high availability.DHCPatriot logo

Previously, the router would need to be changed to force authentication traffic to one DHCPatriot device or the other in the case of outage. Using VRRP allows a third IP address to “float” between the two devices. This allows the router to be configured to force authentication traffic to this third IP address. The IP address never goes down as long as at least one DHCPatriot device is functional.

Other enhancements in this version include: Searchable Option 82 information that is stored with the sessions; Template based configuration of static address definitions in standard DHCP for quick configuration of ONT networks, for example; Optional protection of the authentication page against automated clients via a simple math problem; Checking stored credentials against the RADIUS server during an un-suspend operation; Optionally send RADIUS ALIVE (interim-update) packets upon DHCP client lease renewal; Optional RADIUS forwarding to external devices that need a RADIUS accounting stream.

Patch notes for this release:

  1. Floating IP (VRRP) implemented. It is now possible to add a third IP address to the DHCPatriot system that will float between the two devices. This IP address should be used with the captive portal page and possibly as the destination address when administrating the machine. Restrictions to using VRRP are that the DHCPatriot system devices must both be in the same subnet and the floating IP must be in that same subnet as well.
    empty_pixel
  2. Optional simple page for protecting the database from being accessed by pre-auth / unauthenticated automated clients such as Weatherbug. This page asks a simple math problem before proceeding to the actual authentication page for pre-auth users. The page has no images and no database access. Automated clients such as Weatherbug will not answer the question and proceed to the login page. Continue reading

DHCPatriot version 5.2.1 has been released

DHCPatriot logo

This is a maintenance with bug fixes only. Only DHCPatriot systems experiencing the bugs repaired in this release will receive this software. All of the fixes from this release will of course be in version 5.3.0.

Release notes:

  1. Added hardware support for the 2013-1 model of DHCPatriot system.
  2. Gave space on startup to launching programs so that they don`t all launch simultaneously. This should help with some freeze-up on startup problems.
  3. Added diagnostic software that will allow us to access hardware information in the field.
    Continue reading

DHCPatriot update 5.2.0 released!

DHCPatriot logoDHCPatriot update 5.2.0 has been released. Patch notes for this release.

  1. It is now possible to add fully qualified domain names to the DHCPatriot
  2. Force lower case usernames now works from the admin form. Previously it only worked from the customer facing authentication page.
  3. ISC DHCP version 4.2.4-P1 is now the core dhcp server. This release contains bug fixes as well as some refinements.
  4. Sticky IP notes are now possible. Notes can be included with a sticky IP assignment so that it can be remembered why it was done.
  5. Exclude IP notes are now possible. Notes can be included with an excluded IP so that it can be remembered why it was done.
    Continue reading

DHCPatriot update 5.1.2 released!

DHCPatriot logoDHCPatriot update 5.1.2 has been released. Patch notes for this release.

  1. Added firewall rules to place a limit on the number of connections that can be opened by a single client machine to the web authentication page. The limit is 20 hits in 10 seconds. It works like this: once a client opens his 20th connection in 10 seconds, he cannot open anymore. If he continues to try during the time that he cannot open more connections, this counts as well. The client machine will need to wait and not open any more connetions until 10 seconds has passed. It is unlikely that clients with a virus infection opening large amounts of web page ports will be able to get to the authentication page.
  2. Changed MaxRequestsPerChild to 1024 from 0 in the web server. This will allow running servers to exit after serving a certain number of pages as per manufacturer recommendation.
  3. Removed text wrapping from all textareas to prevent inconsistancies with visual wrap versus storage of actual data.
    Continue reading