Save the date for the Middle TN Cyber Security Conference.
Website and registration details will be posted soon.
Save the date for the Middle TN Cyber Security Conference.
Website and registration details will be posted soon.
Need to check your PC for Meltdown or Spectre? Use Steve Gibson’s free tool to check if you are vulnerable.
Open PowerShell as an administrator
Copy each of these commands and enter each into PowerShell –
If you are prompted to continue, select Y
If you receive a False, you are vulnerable. Look for Bios and Windows Updates–
Example of a System that is vulnerable
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: False
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Install the latest available updates for Windows with support for speculation control mitigations.
BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False
New Wi-Fi® security features available in 2018
Las Vegas, NV – January 8, 2018 – Wi-Fi Alliance® …Read more
Many people who set up their wireless routers never optimize the channel to keep from ‘bumping’ into their neighbors. Regardless if you are a Apple, Linux or Windows user, you should select a channel as far away from your neighbors devices as you can. Use WiFi Analyzer for Android, (Apple), or InSSIDer for a PC to see what channels are being used around your home or business.
The second tip is involves fragmentation.. We don’t have one or two internet devices anymore, we have four or more. Computers, laptops, netbooks, e-readers such as Kindles or Nooks, iPods, iPhones, Android tablets, iPads, Android, Windows Phones, Blurays, TVs and more. So how can this be optimized? These devices send packets of data in frames.
Imagine you talking. Each word is a packet and the packets together are a sentence. In a wireless environment, each device has to wait for the other to complete their sentence before it can talk.
Computer talking to router – ” I am going to WordPress to read a blog!”
Tablet waits on router and says – “I want to go to YouTube!”
Your router listens to the computer while the tablet is waiting. The router processes the computer’s request and then listens to the tablet. So how can this be optimized?
The default fragmentation for routers is 2346. Many professionals recommend to set this at 800 or 1000 if there are many devices on your network. So your router should work like this –
Computer and Tablet say – “I am going to – I want to go to – WordPress to read – YouTube! – a blog!”
See how each device gets a small piece of what it wants to say in to the router? The router can process the information a little at a time keeping each devices wait time down. This in turn works with the RTS Threshold.
The RTS Threshold is used as a trigger to engage the back and forth of RTS (Ready to Send – “I have something to say”) and CTS (Clear to Send – “I am listening”) messages between the wireless router and your device. The trigger’s purpose is a type of “handshaking”. The default value for RTS is 2347. Try 2340 and lower as necessary.
Note: Before changing these defaults, remember – you can reset these if you cannot connect. Read your owner’s manual on how to reset your router in the event you have connectivity problems. Every situation is different.
Here’s my settings on Fragmentation and RTS Threshold.
The preamble should be set to short. Long is for 802.11b devices (old legacy laptops or devices). Auto is just in case you have someone with old computers that are coming into your home. Auto works for old and new. Generally older devices today have 802.11g. 802.11g and 802.11n work with long. So if you don’t anticipate someone visiting with older devices, move the preamble to short.
DTIM is a traffic indicator. It basically says – “Yo, I got something for you” during the beacon. Setting this 1 point higher can actually save power when devices are listening. So the device will awaken only when DTIM tells it to.
These settings are for people who have several devices on their network and are true consumers of the internet. They are by no means the settings for everyone. You may have to play with the settings to get optimal throughput. Remember, test your bandwidth with two devices side by side and simultaneously. Have each device strain your network by testing their throughput by going to an ISP site that test download speeds or stream a video at the same time. You’ll see a difference. The default values very well may be what you need if you don’t have many users and devices.
Give it a try. You can always go back to your routers default values.
Is your Wireless dropping? Update your driver of course and then try changing your Scan Valid Interval. By default, most wireless cards are set to 60. This is the amount of time before your wireless ‘looks’ for other access points (for roaming). Try changing the interval to 120.
Open the device manager, double click on the wireless adapter, under advanced, click on Scan Valid Interval – change this to 120. If you have a card that has roaming under advanced, select the lowest option.
Note: If you have a laptop and are moving around in an area, you may need to lower this number.
Also, you may want to lower the Beacon Interval in your router if your signal is low or if you have drops. This sends beacons more frequently and can help with your signal. This may slightly decrease your bandwidth (wireless) and use a little extra battery on mobile devices.
While the default is 100, did you know if you increase this time (assuming you have a great signal in your home or business) that you can increase wireless bandwidth (slightly) and even increase your battery life of devices?
Got Atheros? Follow this link to drivers.
Also, do a quick survey of your entire home. As you can see, one side of our house has interference on channel 11. Because the ‘user’ of the other wireless is using Channel 6 + 10 (40 mhz ) spread, Channel 6 and 11 are NOT optimal. Therefore, channel 1 is the optimal channel (you can see two devices – my AP and printer)
Left – host computer Right – TightVNC into another computer in my home.
Remember, router position and direction matters. As you can see below, repositioning the router got rid of “Saw Tooth” (signal that goes up and down).
It is important to perform a wi-fi survey so that you can determine not only the perfect place to locate your access point or bridge but to gain an understanding of the channel co-existence challenge you may face. With wireless access points in surrounding neighborhoods and businesses, you will need to perform a survey by walking around and mapping out the BSAs (Basic Service Area) of wireless that surrounds you and your organization.
Below is an example of our school’s perimeter. Matt, Chris and James, students in the Computer Information Technology, class performed a survey using a Microsoft GPS and Vistumbler. This survey revealed access points and their channels of current wireless at our institution and includes APs in surrounding businesses and neighborhoods. These were mapped using Google Earth after exporting their KML file from Vistumbler.
This type of survey allows IT professionals to analyze data exported to ensure the correct channels can be used at their organization.
After exporting the wireless information, you can analyze each access point or wireless device by clicking on it. Below is an example of the information exported into Google Earth. Each device shows SSID, Network Type, Mac Address, Channel, Security, Encryption Type, Data Rates, Latitude, Longitude and Manufacturer information. Analyst using this information can also determine the best placement of wireless devices along with channel information.
Channel co-existence is when access points share channels that are very close to one another.
802.11 wireless on 2.4 Ghz has three non-overlapping channels. These channels are 1, 6 and 11. The closer channels are, the more likely interference will take place. With the amount of wi-fi in use today, IT professionals have to chose between 2.4 Ghz and 5 Ghz and and try to select channels that are not in use if possible. Professional access points and bridges can also adjust power as necessary. A dense population can make this very challenging.
If you look at the students’ survey by zooming out to see how many access points can be seen, this is what you are looking at! Now you can see why site surveys are important at your organization.
In addition to this survey, a secondary survey using a spectrum analyzer is very important to search for interference from other sources. (See our review of the Airview Spectrum Analyzer)
Channel information (Chart from Wikipedia)
Here’s another look at a wireless survey showing vertical lines and signal strength. (James M. KML survey)
When you are networking computers, wireless access points, printers and other nodes in multiple rooms, try to avoid daisy-chaining switches or using small 4-8 port switches when you are in a hurry. Replace any hubs on your network as soon as you can.
With a hub, collisions can be >20% and utilization can stand at >50%. By replacing a hub alone, you can reduce collisions to 5% on switches in rooms and <1% in the server room. Switches help to isolate traffic, relieve congestion, separate collision domains (reduce collisions), segment and restart distance/repeater rules.
Daisy Chaining Switches -what not to do
Real world scenarios may require you to temporarily daisy chain switches. If you do, test the network and run additional backbones or replace core switches to accommodate more nodes as soon as you can. (remember, replace any hubs in your network)
One of many solutions is to run independent lines to the core switch
Basic tips on optimization of your network –
This is the very basics behind network switch infrastructure. Managing switches and using the IEEE standards above along with optimizing your network and managing the network infrastructure is important.
Excellent articles on Networking Infrastructure
Everyone needs to keep the integrity of their database and tables optimized.
Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority. (Host/DNS resolution)
The tweak works by increasing the priority of four processes.
LocalPriority = 4 (DWORD, the default is 499, change to 4)
HostPriority = 5 (DWORD, the default is 500, change to 5)
DnsPriority = 6 (DWORD, the default is 2000, change to 6)
NetbtPriority = 7 (DWORD, the default is 2001, change to 7)
You can use this script at a command prompt (as Admin) or in PowerShell (as Admin)-
reg add HKLM\System\CurrentControlSet\Services\TcpIp\ServiceProvider /v “LocalPriority” /t REG_DWORD /D 4 /F
reg add HKLM\System\CurrentControlSet\Services\TcpIp\ServiceProvider /v “HostsPriority” /t REG_DWORD /D 5 /F
reg add HKLM\System\CurrentControlSet\Services\TcpIp\ServiceProvider /v “DnsPriority” /t REG_DWORD /D 6 /F
reg add HKLM\System\CurrentControlSet\Services\TcpIp\ServiceProvider /v “NetBtPriority” /t REG_DWORD /D 7 /F
taskkill /f /im explorer.exe
Need to speed your internet up or tweak your network out? Here’s some things to take into consideration. Something called Silly Window Syndrome can occur if a server or workstation that has a shared files has high latency.
You see, when there is no synchronization between the workstation and a server (or ws to ws) regarding the capacity of the flow of data being sent or the packet size, Silly Window Syndrome can occur.
Here’s where Nagle’s algorithm is used if the Silly Window Syndrome occurs from the sender. You can make sure it is enabled by running the script below from a command line (as administrator). Nagle will send the first segment even if it is tiny. Then it’ll wait for the acknowledgement (known as an ACK) is received or a MSS is accumulated. (MSS – maximum sized segment)
You see, Nagle’s algorithm works by improving TCP efficiency. This algorithm reduces the number of small packets being sent over a network.
So what if the delays are caused by the receiver? David D Clark’s solution can be and is used. Clark’s solution closes the window until another segment of MSS can be received or if the buffer becomes half empty.
Now there something else – Delayed ACK tries to send more data over a segment if it can. Here’s the problem. the interaction of Delayed ACK with Nagle’s algorithm can create 200+ ms delays.
How do I?
Run this from a command line as an administrator to turn off Nagle’s algorithm
REG ADD HKey_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ /v TcpAckFrequency /t REG_DWORD /d 0 /f
REG ADD HKey_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ /v TCPNoDelay /t REG_DWORD /d 0 /f
taskkill /f /im explorer.exe
Run this from a command line as an administrator to turn on Nagle’s algorithm
REG ADD HKey_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ /v TcpAckFrequency /t REG_DWORD /d 1 /f
REG ADD HKey_Local_Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ /v TCPNoDelay /t REG_DWORD /d 1 /f
taskkill /f /im explorer.exe
There’s several other things you can do for latency –
Remember always optimize your network before you throw hardware at the problem.
Also, don’t worry, Karn’s algorithm will be working when computers are talking. It basically measures time from point A and B and if there is a delay, it’ll say ‘hello’ again to try and get a response.
If you have an application you need to access that uses TCP across the network, you may be able to speed it up by enabling TcpAckFrequency and/or TcpNoDelay in the registry. –
Open regedit and then find-
Make sure you find the correct interface for your active network connection.One way is to look at the IP Addresses listed until you find the correct interface.
On the right window, create a DWORD32 for-
Always make sure you measure your network speed before you make changes to set a baseline. Measure the speed after you make changes. How do you measure it? Put the following software on the workstation and server. Totusoft’s Lanspeed
With Windows, you can now view the GPU and how it performs on your computer. With computers that have integrated cards (video), you may not see graphs in the performance monitor or on the Process Tab even after following these steps.
Here’s how to see your GPU if it doesn’t appear.
The GPU will appear as a column on the processes tab and as a graph under the performance tab.
If your computer doesn’t support driver model WDDM 2.0, your driver is not compatible. How can you find out? Run dxdiag.exe at the run line and look for the Driver Model.
Is the internet and all of the alerts you are getting from social media and email distracting you? Hit the snooze on your Wi-Fi –
Most people don’t know the number of settings you have over Windows 10. With Version 1709, you have complete control and a ton of settings that makes Windows 10 a premiere operating system. The settings area alone when used with the control panel makes Windows 10 one of the most customizable operating systems available.
Network and Internet
Time and Language
Ease of Access
Extensive set of privacy settings allowing total control of your privacy while using Windows
Update and Security
Any information such as IP address, email and other settings are experimental and use in internal labs. No information found herein refers to actual account of other information.
Now that you have Windows 10 exactly how you want it, you need to preserve an image of your computer. You can do this across your network which will take some time. You can also save the image locally on DVDs or an external hard drive.
First, go to the Control Panel and click on Backup and Restore (Windows 7).
Next click on Create a system image
You can create an image on a secondary hard drive or an external hard drive. In this scenario, we are going to select a network location. On the network computer we have setup a user and shared the folder with the user.
(Above) – In this scenario, our UNC path is \\server\image\
You must have a separate folder for each image you wish to backup.
Once you start the backup, it will take some time depending on your network speed.
On the computer hosting the image, you will find the Windows Image Backup. Save these files and update accordingly. In the event your computer crashes, you should also have a Windows System Repair Disc to restore the backup.
Need to manage your computers or servers while on the go? Here’s one thing you can do. Go to the Google Play Store and download TightVNC Viewer. You will have to load TightVNC Server on the computers you want to control.
Open TightVNC viewer shortcut on your Android.
Add the computer you want to control and add port 5900 to the end of the IP address.
Enter your Authentication (Password)
Double Click on the computer you have added to connect and enter the password.
There are several features that allow you to better control your computer with your phone.
Want to export your drivers so that you have them later?
Want to keep a driver that you have installed on your computer?
You can import it using the pnputil command. Let’s say we have a driver that we have downloaded.
Below is my driver (showing file extensions and hidden files in folder options).
I can now do one of two things.
Remember, try not to use a setup.exe for drivers. The reasoning is the drivers often come with monitoring utilities and bloat that can interfere with Windows performance.
Don’t use driver update utilities (third party). Laptops and desktop users (brand name). Your drivers are most likely out of date on the manufacturer site. Use the device manager, HWInfo64, Speecy or some other utility to find out what your drivers are. Visit the hardware manufacturer website.
Installing a driver properly without a setup.exe file. Navigate to the device manager and select your device.
Double click on the device and select the driver tab. Click on Update Driver.
Click on Browse.
Click on Let Me Pick.
Click Have Disk and then Browse to the folder.
Select open and follow the prompts. If necessary, use the Rollback if a driver performs worse.
SyMenu allows you to download utilities from NirSoft, SysInternals and more. Download the program from here and check the programs you want.
Once you download the programs, you can use SyMenu to run the many programs (over 1200) from a flashdrive. To exit the program, you will need to scroll to the bottom and select exit.
In order to start in an elevated mode (Administrator), use the Symenu.Admin.exe. You will see a small icon adjacent to running programs and the time on the right side of the taskbar. Double click to run SyMenu.
Note: Some files may identify as viruses or malware. These are false positives because of what they do. Make exceptions for these programs.
Want to truly measure your computer’s native performance? Use Winsat formal to see how the video, CPU and HDD/SSD performs.
Open a elevated command prompt and type Winsat formal
Want to measure just the disk? Type the following and substitute the C: with the drive’s letter.
winsat disk -seq -write -drive c:
winsat disk –ran –read –drive d: