Know How... 107 (Transcript)


Download and watch the episode here:
Know How... 107

Net Casts you love, from people you trust. This is Twit! Bandwidth for Know How is brought to you by cachefly.com

This episode of Know How is brought to you by iFixit. You can fix it and iFixit makes it easy. With free step-by-step repair guides, high quality replacement parts, and all the tools you will ever need. For $10 off your purchase of $50 or more go to ifixit.com/twit and enter the code know how at check out.

And by Nature Box. What a great tasting healthy snacks delivered right to your door. Forget the vending machine and get in shape with healthy delicious treats like honey Dijon pretzels. To get 50% off your first box go to naturebox.com/twit.

On this episode of Know How we are going deeper into bad USB. We are going to show you how to keep downloading your videos from YouTube even though Google doesn’t want you to do that anymore. And project lunchbox gets on its wheels and we bring you some enterprise plus security for your home.

Father Robert Ballecer: Welcome to Know How. It’s that twit show where we built, bend, break and upgrade. I’m Father Robert Ballecer.

Bryan Burnett: And I'm Bryan Burnett.

Fr. Robert: For the next 30 minutes we are going to be bringing you some of the projects that we've been working on, and actually we’ve got a really cool product that we want to bring into the show just so that you can geek out in your own geek time.

Bryan: Definitely. But before we do that we should probably talk about something that we did last week.

Fr. Robert: Yeah, so people were asking us about that bad USB exploit. It is super scary because it is talking about the ability to reprogram any USB device. To act like any other USB device.

Bryan: And there is no way to know.

Fr. Robert: Right there is no way to know. There is no transparency whatsoever. If you have a USB device that gets compromised the only way to find out what it is doing is to ask the controller. And if the controller is the thing that is compromised it is not going to tell you the truth. That in a nutshell is bad USB.

Bryan: So the question was, can this happen to SD cards too?

Fr. Robert: So in the interview that I had with the researchers who found this, Karsten Knoll and Jacob, they said that if you want to do data transfer safely why not use an SD card instead? And some of the know what all’s picked up on. And they said wait a minute. We heard about a half of SD cards not too long ago. Shouldn't that mean you can do the same thing with SD cards that you do with the USB drive?

Bryan: What is the conclusion?

Fr. Robert: The conclusion is not so much.

Bryan: It is flash memory. There is not a USB controller inside of it.

Fr. Robert: There is not a USB controller that there is a programmable controller. And so there were a few researchers who showed a hack of using the controller inside of an SD card. Remember this is any SD card. Micro SD, Nano SD, etc. They are all Electronically the same. Which is why you can take a microSD card and put it into a converter and plug that into an SD slot. They are all the same.

Bryan: That is what makes them so easy to use.

Fr. Robert: That is what makes them so easy to use. But the controller inside these things is incredibly lightweight.

Bryan: Well, I kind of expect that because how long have SD cards been around. And they are supposed to be universal to be able to plug-and-play. What do you do?

Fr. Robert: It is also because they are single purpose devices. When we release the SD card no one ever said we should probably make the controller robust enough so that we can do a bunch of different things. A controller in an SD card is supposed to do one thing and that is to allow you access to the memory on the card.

Bryan: As quickly as possible.

Fr. Robert: As quickly as possible. As quickly as the memory will allow. Which means that even if you do have the controller on an SD card, which is non-trivial by the way, it wasn’t designed to be updated for anything. You need some specialized equipment, you need to know what you were doing. You can do a whole lot. You could do some re-directions for example you could have all the information on the SD card pumped to a nether spot. Where you can retrieve it later on. But you can’t make it mimic something else. For example there is no way of you plugging an SD card into the card reader of your laptop and your laptop thinking, oh that looks like a printer. Which is what happens with bad USB.

Bryan: With the other one it could be a keyboard. It could be a mouse.

Fr. Robert: It could be another storage device. Or it could be a network adapter that will push things off into a tunnel VPN off-site. That is the nightmare. Let me show you really quickly what we are talking about here. This is an SD card right here. This is a standard 32 GB SD card. Look at this. These are all USB flash drives. But, here on each one of these have all the same controller. These are all vulnerable to the bad USB device. Remember what we said, which is on this side you’ve got the controller and on this side you’ve got the actual flash memory chip. This is where all the storage takes place.

Bryan: I think on one of these that I gave you it is actually…

Fr. Robert: This is the one I actually want to show off. Look at this. We've got the controller on this side but on this side that is actually an SD card. That isn’t micro SD card that they’ve mounted on the back of a USB device. Which tells you, that you need that. You need the power of that controller in order to read that memory.

Bryan: These are all just USBs that I got from you and Shannon when you went to CES. they are all 2 GB and I took them apart just to see what they look like inside. It was kind of funny that it was a microSD card inside.

Fr. Robert: You can actually pull that SD card off the back of that and plug it into something and it will work just fine.

Bryan: I thought about that. It looks like it is stuck in there pretty good.

Fr. Robert: So ultimately when you think about bad USB you have to think about not just that you can own the controller. Because you can own the controller on a lot of things. You have to be able to own the controller that A) has enough power to do something else and B) was designed to fill multiple roles. And that is only with a USB. Not with the SD.

Bryan: What if these were getting owned at the manufacturers level.

Fr. Robert: I don’t want to talk about that. It is scary. Actually we talked about that on Twiet.

Bryan: You had a Kingston representative on there?

Fr. Robert: We had a Kingston representative and they were saying that one of the things that they actually do that none of the other manufacturers do is they maintain control of all the raw materials until they receive the drives. It is one of these things where they think this is enterprise grade. We can tell you with certainty we have seen all these pieces, there are no middleman in the middle attacks. Of course unless someone intercepts them in route. But most manufacturers use the same assembly line. And if there was a bad actor on that assembly line reprogramming the controllers we would never know.

Bryan: It is definitely scary. I guess it is kind of like security through obscurity. Just knowing that is possible and there is not too much you can do about it.

Fr. Robert: There is nothing you can do.

Bryan: Can you de-solder these?

Fr. Robert: The researchers who found this exploit, the way they found it was they had to de-solder the memory and then in a specialized reader to find out what was on it. Because that is where the exploit gets stored. As long is that controller is there the controller will not let you have access.

Bryan: And who is going to do that?

Fr. Robert: Nobody. Now you could on this one. This cool one with the SD card, you could pull that off. And you could read that and that would show you the code that is being used. That might be a Know How.

Bryan: Make that a project?

Fr. Robert: I think we should. So next time we are going to show you how to do with a bunch of German researchers couldn’t. No not really. Now, Brian. One of the things that we had been doing a lot is we have been disassembling things.

Bryan: I love taking things apart. Putting them back together is usually a little bit more difficult.

Fr. Robert: But it is optional. Who needs all that extra stuff? If it still works? What we have been using to do our disassembling it to find out how things work is we have been using the iFixit toolkit. In fact we got out on the desk right now. We have been using it to remove the casings from these USB drives. But that is just one way that you can use the iFixit tool kit. it really is the best friend of anyone who needs to get in and out of the year that they want access to. Now, iFixit is a company that offers you free online repair manuals for pretty much everything. They have more than 10,000 repair guides for everything from electronics on your smart phone or your tablet to your games console, to your home appliances, to your clothing, even your bike. They also have foolproof instructions to fix all your stuff. If you have ever shattered your iPhone screen or in Shannon’s case the Nexus screen you need to repair something like the red ring of death, or you need to swap the batteries on your galaxy S3. You need the right tools to do it. And iFixit has got you covered. Now this is the protect toolkit. We have shown this off on Know How a lot because this is our go to set for everything we need to do with electronics. It has 70 tools to assist you with any mod, malfunction, or misfortune that comes your way. This toolkit is the gold standard for electronics work. From garage hackers to the CIA and FBI, but more importantly they are unique tools that you just need. This kit includes a 54 bit driver kit. That is this thing right here. This is fantastic because if you ever try to take apart electronics you know the frustration of not having quite the right fit. And when you use not quite the right bit that is when you strip things, that is when you break things, that is when your project goes south. This kit has Phillips bit, cantaloupe bit, torques and torque security bits. Try wing bits, which are popular for video game caught consoles. And triangle bits which are used for McDonald’s toys. In other words anything you want to hat, you can hack it with this kit. They also include ESD safe precision tweezers that for delicate manipulation like for example whenever we are planning with these we are supposed to be using tweezers instead of our fingers. They also include things like this antistatic ESD wrist strap to make sure that you don’t nodischarge device that you are trying to fix. They've got nylon sponges, metals sponges, plastic opening tools for prying and scraping. And, it is lightweight and compact and it rolls up so that you can take it with you when you need to have it on the go. It is only $64.95 and it is backed by a lifetime warranty. Home DIYers and fixers alike use this protect tool kit for doorknobs, eyeglasses, cabinet doors, sink fixtures and more. If you are looking for an addition to your toolkit try this out. Go to ifixit.com and see if maybe this is what you need to take your DIY and make your spirit to the next level. Now here is what we want you to do. With iFixit you can fix it yourself. Visit iFixit.com/twit for more than 10,000 Free step-by-step guides. iFixit also sells every part and tool that you will need. Enter the code know-how at checkout and you will save $10 off any purchase of $50 or more. That is ifixit.com/twit. And we thank iFixit for their support of Know How.

Bryan: I got this as a gift for someone and I just never gave it to them. I just kept it.

 Fr. Robert: I actually have one in my house that I got as a gift for my father. But I never gave it to him. It’s really good too. We have been playing with project lunch box for the last couple of weeks. We've been showing you how the motors work, how the circles work, how the transmitter and receiver works. On the last episode we got it to a rolling chassis. But now we need to give you the final integration. Here is step five of Project lunchbox.

Fr. Robert: The last time we saw project lunch box we had just finished assembling the rolling chassis. Complete with steering, shocks, and transmission. Now we need to complete final integration. The last step before our lunch box is drivable. Let’s start by clipping and installing the mounts for the lunchbox body. These are the posts that will allow the shell to be secure to the chassis. Clip the four mounting posts and installed them on the corners of the chassis. Now let's install the power switch for the internal electronics. There is a small slot on the left side of the chassis into which the switch can be mounted. I suggest installing the switch with the on position towards the rear of the vehicle so that ground to Paris cannot accidentally turn off your lunchbox. The TVLO2S is a dual-mode electronics speed controller that supports both brushed and brushless motors. However since it defaults to brushless local sensing and the motor in the kit is a brushed cam we can only use two of the power leads and they do not use the remote sensing cable. The first thing we need to do is switch the mode on the ESC to match our set up. Holding down the setup button turn on the power and wait until the LDT flips to read then release the setup button. The LED will flash red, then green, then read, been green again. Press the setup button when it flips to green and it should rapidly flash screen. Your ESC has now been set to brushed mode. It is time to get mounting. There is a piece of dual sided tape in the kit that you can attach to the bottom of the remote control receiver and the electronic speed controller. Mount the receiver on the pedestal just in front of the rising detail then install the ESC on the tell itself. Making sure to keep the power leads near their respective outlets. Read the blue and yellow power leads from the ESC through the tail towards the transmission assembly. Then connect the yellow and green limits from the motor to the yellow and blue leads in the ESC respectively. Now connect the steering servo to Channel one in the ESC to channel 2 on the receiver. In addition to receiving throttle commands from channel 2, the ESC will supply power to the receiver through the same cable. Negating the need for a separate battery pack. We are going to be crashing the lunchbox a lot. And we need a way to protect the vulnerable steering assembly. The kit includes a bumper that screws on the front of the vehicle to give us that protection. Now let's install the antenna whip. The whip will keep the antenna from dragging behind the lunchbox or getting tangled in the drive wheels. Read the wire down through the chassis then back up to the antenna mounting hole. You're going to need to thread the antenna wire through the antenna rod, I suggest using some of the kits lube to ease the process. Once it is through the rod, snub the rod into the antenna mounting coal and pull the remaining slack to the top of the rod. Preparing the body is a simple matter of screwing in the sunroofs, windshield, bumpers and side boards. Once the body is complete, lower it over the chassis guiding the antenna rod through the body and lineup the mounting holes over the mounting posts. Your lunchbox is now ready to run.

 Fr. Robert: I noticed it is really filthy now. Thank you for doing that to project lunchbox.

Bryan: Oh yeah, my pleasure. Sometimes you’ve really got to put in the hours.

Fr. Robert: It even got filthy on the inside. That is a special kind of…

Bryan: Is still smells a little bit too.

Fr. Robert: What were you writing the street?

Bryan: Sand, dirt, tar weed. A lot of stuff. But it did really good. It was awesome.

Fr. Robert: That is why we got this one. It is a lot of fun to drive. It is not the easiest thing to drive, it is not the fastest thing to drive but it is robust. You can roll this thing over a couple of times, take it up and down a hill and it is kind of bouncy.

Bryan: Yeah, I went with some friends camping and the battery lasted a couple days. We played with it about 20 minutes at a time.

Fr. Robert: You didn’t take a second battery?

Bryan: No. Just the one. It is cool when you see it on the San two. It is kicking up.

Fr. Robert: It does bring out that inner six-year-old. This is what I wish I could do with my real car!

Bryan: Even watching the video we started making engine noises and things.

Fr. Robert: That is all part of the fun. Now this is not it. We are not done with Project lunchbox. We have put it into stock configuration. The only thing that we have added so far has been the ball bearings. Because those are a pain to get to after you have actually assembled it. But there is a lot of aftermarket modifications that we are going to make to this.

Bryan: Oil filled shocks?

Fr. Robert: Oil filled shocks. Because it bounces around way too much. It is really hard to control.

Bryan: That is the thing that as I was driving it through sand it was really uneven so every bomb you were trying to turn and it would kind of hit something and then divert from the line that you were trying to follow.

Fr. Robert: And the other thing is that it tends to be a bit unstable in the back. It makes it nosedive. So there are a couple of mods that we can do to the transmission and the casing itself to give it a bit more stability so that you don’t end up nosing the lunchbox into the ground again and again.

Bryan: It did do a few flips out there.

Fr. Robert: Now we are also going to hand this over to your brother and he is supposed to turn this really trashed horribly messed up shell into something nice. People in the chat room Are you saying you should put a red racing stripe on it.

Bryan: Yeah. That would give it more horsepower something right?

Fr. Robert: I also noticed that the antenna is a lot shorter than it used to be.

Bryan: Okay, so we might have to come up with some sort of modification for that because when you flip the lunchbox as much as we did, it just snapped the antenna right where it sets with the case. It is bound to happen. That is why we have two of them.

Fr. Robert: This is why we got two of them. Now this was a lot of fun and we are going to continue with Project lunchbox. We are going to show you some of the things that you can do either to your lunchbox or any RC model. Again one of the reasons why we do this is because everything that you assemble on a remote control model like this does have an analog in the real world. If you want to know how transmissions work, if you want to know how ball bearings work, if you want to know how steering linkages work, this is a really good way to get started.

Bryan: Very cool.

Fr. Robert: Speaking of getting started, you know how I start the day?

Bryan: Snacks?

Fr. Robert: Snacks. Kind of sad but it’s true.

Bryan: Me too.

Fr. Robert: I’m going to be serious about this for a while here. I obviously have some body issues. For health wise I would like to drop a couple of pounds. But one of the things that many people try to lose weight is that they make a mistake early on and say I’m just not going to eat. Which for so many different reasons doesn’t really work. It doesn’t work on a physiological level and it doesn’t work on a mental level because then you start thinking I was really good today I didn’t snack at all I am going to eat seven hamburgers. But what we found is that the people who are in the know tell us that snacking is okay. Snacking is good. You’ve just got to make sure that you snack on the right stuff.

Bryan: When I wake up in the morning all I want is a cup of coffee and maybe just a little snack. I don’t usually either big breakfast and I need to snack through the day because I am type I diabetic and my blood sugar goes down. But I don’t want something really heavy.

Fr. Robert: If you go to the back room where we have the snacks for the Twit Army. There are nerds, skittles and all the sugar bombs that will give you a quick boost of energy that they are so bad for you. We also used to have a pantry full of Nature Box. And I say used to because we ate them all. They are really, really good. That is the second sponsor of this episode of Know How. It is Nature Box. When you are looking for something good to snack on you got to stop and by the Nature Box. What is Nature Box? Nature Box is the easy way to get healthy snacks to your door it in every week. What makes it healthy? There is no high fructose corn syrup, it is zero trans-fat and there is nothing artificial. Nature Box is Great tasting snacks right to your door with free shipping anywhere in the United States. So here’s how it works. You go to their website and you click on the continue button. You choose between three subscription options. Then you place your order. Once you are a member of nature box you can select which snacks you would like in your monthly box. You can select by dietary needs like vegan, soy free, gluten intolerance, lactose free, nut free and non-GMO. That is actually really important. You need to have the non-sugary snacks. But what I like is that you get to choose between flavors. I didn’t know this.

Bryan: Sweet, savory, spicy.

Fr. Robert: Exactly, Sweet, savory and spicy. That makes the difference. Sometimes I am in the mood for something sweet, but more often than not I kind of like that savory. My favorite are the Santa Fe corn sticks. I can’t get enough of those.

Bryan: I know. I wish I knew what they tasted like because you keep taking them. this is my breakfast right now. A cup of coffee and the whole wheat blueberry fig bars.

Fr. Robert: No matter what you are craving you are going to find something to put in your Nature Box. That is what I like. It is that constant upgrading of their offerings. That is what makes Nature Box so nature box. so the next time you get cranky and hungry or cranky hippo and hungry don’t forget. now with these snacks you get something that is guilt free, you get something that is good for you, something like smoky pumpkin seeds or lemon pistachios, or dried Pears. And over 100 more healthy choices. So here’s what we want you to do. We want you to go to Nature Box, we want you to pry one out of Brian’s hands and get 50% off your first box. Just go to naturebox.com/twit. Stay full, stay strong and go to naturebox.com/twit and we thank Nature Box for their support of Know How.

Bryan: And the packaging is really good too.

Fr. Robert: He likes the Nature Box because he likes to…

Bryan: I look forward to it. I get to eat and I get to throw things. What do we have next?

Fr. Robert: Okay, so we wanted to do a little something something for people who want to download YouTube videos.

Bryan: Right. Because we had a way of doing it not that long ago.

Fr. Robert: Yes. It was YouTube center for chrome. It was a fantastic solution. Basically once you installed that it would give you an actual button in the YouTube window that would allow you to download the video, download the audio, to get rid of ads. It was a really cool little feature. But Google didn’t like it so the first thing they did was they made it so that every time you shut down crawl and restarted it would say there is an unauthorized extension in here. I am going to disable it for your own safety. And we got a lot of feedback about that. There was a workaround. You A copy of the extension on your desktop and so every time you started up chrome futures dropped it back in.

Bryan:. I guess that works. But it is a pain.

Fr. Robert: It was annoying. Well now it just doesn’t work at all. So they changed chrome just enough so the extension just won’t even load anymore. It doesn’t have matter how many times you try to fake it you are not going to get the download.

Bryan: But where there is a will there is a Firefox browser.

Fr. Robert: So what we are going to do is we want to show you happy you can use the exact same plug-in in Firefox instead of chrome. This is just what Firefox looks like. Again, just like we did with chrome you are going to go to a get up for the YouTube center. This is what it looks like. Notice that we had been getting this. We have been getting chrome and this isn’t really going to work anymore. In fact, if you look at this on the Chrome webstore page, they finally in order to get this, which if you lose the download option then why would be you use it? But the firefox extension is still untouched. So if you go ahead and click the firefox extension, it is going to download one. This is how you install it. it is super, super complicated. Pay close attention. This is tough. So check this out. Here is where the download went right? It is a 15 step process. And it starts with this. We have to go to here, we have to go to add-ons, we have to go to these extensions, and then we have to take this and drop it in there.

Bryan: Did you just drop it?

Fr. Robert: That is hard. It is super super hard. But it works! Now if you go to YouTube… I now have my download thing back and I can download in multiple resolutions. I can download audio only and I can also stream. We have a guest in the studio who wanted to know if this allows for streaming. And it does. Streaming is just downloading. So this will let you download to your mobile device so that you can just listen to the audio version in your car.

Bryan: That is a beautiful thing padre.

Fr. Robert: Beautiful thing. And because Firefox is not owned by Google they are not going to disable this.

Bryan: It is such a weird thing. You know the guys that Google probably feel the same way we do and the only reason I use the YouTube downloader is for our own videos when I need to edit things out or make clips out of it.

Fr. Robert: One of the things that I use it for is when I am going on a trip. And sometimes I do want stupid cat videos that I can upload.

Bryan: Or if you are going on vacation And you know there is a set of videos that you want to watch. It is nice to have the option to download it so you don’t have to use your mobile data.

Fr. Robert: Now this does require you to install Firefox on your computer. I am sorry if you really don’t want yet another browser. But, it is okay. I still prefer chrome for most things and it kind of frustrates me because hey Google you are not going to stop people from downloading YouTube videos so why are you crippling your browser.

Bryan: Probably just trying to save face.

Fr. Robert: Okay. Let’s get away from that.

Bryan: Start your own Padre browser. Do whatever you want.

Fr. Robert: I might look disapproving at you but I’m not can stop you. Do you like the little picture?

Bryan: You shouldn't be doing that.

Fr. Robert: From Jurassic Park. All right, this next segment is a little something special. Every once in a while I find a product and this one I found at DefCon and it came from a friend of one of my other shows. This man has been a guest on this week in enterprise tech many times. They have started a new company called Itus Network. And they are creating a small box that goes between your router and your broadband provider. And it gives you enterprise class security. Another going to be a lot of people who say what does that mean? And that is why last week we had a chat with him.

Fr. Robert: Every once in a while a product will come to my attention that is that proper combination of the maker spirit and good old-fashioned corporate know-how. That is the case with the iGuardian. This little box that goes between your broadband provider and your home router to give you enterprise class security for a home router price. Now to explain what this I guardian does, I brought on Daniel Ayoub from Itus Network to talk about a brand-new product they are kickstarting. Daniel, first of all thank you for coming back. I have had you on one of my other shows, This Week In Enterprise Tech. You used to work for Sonic Wall, which is one of the vow den masters of security and now you’ve started a new company with its own kick starter. Can you tell me a little about this.

Daniel Ayoub: Sure. So we are really trying to take a lot of the business-class security that you find in the commercial firewalls that cost several hundred to thousands of dollars. And provide that in a very easy to use form factor that is affordable to be able to market it for families.

Fr. Robert: What does that mean? Because I hear that all the time. I hear inner price class security in a box and it is only this expensive. But what does that mean? What are the enterprise features that you wouldn’t normally get in a high-end router that you might buy from Fry's or Best Buy?

Daniel: Absolutely. This thing that you are going to find here is that it is and actually end line intrusion prevention system. Not only are we processing the packets and letting them in and out, we are actually looking at the data payloads and inspecting the contents of every pack coming into the system. If there is a pattern of known attacks for an exploit or vulnerability that is being exploited, we are able to identify that and block that malicious code from reaching its intended target. If we see a system on the trusted network that is infected we can identify the outgoing command and control traffic to a malware server or to a known Trojan bot net or something like that. We can actually sever and block those connections as well.

Fr. Robert: So not only are you protecting the computers from malicious attacks outside but you are keeping infected computers on the inside from hitting computers on the outside. Which would kill off a bot net.

Daniel: Absolutely. And it will also prevent your personally data from leaving your home network.

Fr. Robert: Isn’t that what my WRT54G with open source software would have done 10 years ago? What is different?

Daniel: The commercial routers that you were talking about, consumer off-the-shelf type routers that you buy from a big box store like Best Buy or Fry’s, those are basically all utilizing state full packet inspections and firewalls. That is the same type of technology that we have used for about 25 years now. It probably came onto the scene in the late 90s were the late 80s to early 90s. Something that is a pretty mature technology but again it is really just looking at, is this connection allowed to come backend? It is not actually inspecting the contents of the data coming through that connection. So if there were, for example, your Linsys router if you were to click on a malicious link - say you’ve got a phishing email where you got targeted in some way and you were to click on a link that you weren’t supposed to, your Link-sys router isn’t going to have a problem letting that malicious content into the network. It is not actually inspecting the traffic to know that this is an attack. It just knows that you requested this data, so it is going to allow it backend.

Fr. Robert: But in order to do what you’re suggesting it means that you are doing some sort of signature defense right? You are actually looking at the type of traffic and you are looking for specific patterns that would denote an attack. That means you have to update the signatures. Is there some sort of signature update program for this?

Daniel: Absolutely. So the kick starter in addition is aggregating the community in open source GPL tools, convert them to a drop, serve it up as a download so that our backers are able to pull that down on a daily or weekly basis on an automated fashion. So the box will update itself in that respect. If you are an advanced user and you want to subscribe to a third-party service such as Emerging Threats or Source Fire VRT you have the ability to also hide your own custom rules or your third-party subscription to it as well.

Fr. Robert: This is a DYI show, a Maker show so they are going to want to know what actually goes in here. what kind of hardware goes into a consumer level enterprise security products?

Daniel: So, we are actually using the same type of security processors that you would find in a large enterprise firewall. So somebody like the Palo Alto networks or Juniper are using the same type of security processors that we are. The difference is that they are using a 24 core or 48 core and we are using a dual core version. Now that type of CPU is special for this type of application. It is a dual core mix CPU that is able to also have an integrated application acceleration processor. So it can actually do layer 7 inspection, regular matching, PCR matching, at a very very fast rate to offload the CPU so that you can do inline IPS inspection. Now in terms of what is under the hood in this. The hardware is the Cavium Octeon CPU but the software that we are utilizing is 100% open source. So we are using open WRT as the base operating system and then Snort is the in-line intrusion prevention system. The production version that we are making for the kick starter, that compute power that you find in nap platform compared to some of the commercial firewalls that are out there are providing about 2X the compute power at about 1/10 of the price. So it is a very, very powerful platform in the sense that coupled with the open source it really makes it almost endless the possibilities of what you can do.

Fr. Robert: You mentioned the price which means now I have to mention the price.

Daniel: So, the kick starter edition that we have online for $149 for the targeted price. The MSRP will be $179. The nice thing about this also is that we are providing lifetime access to the community and open source rules that are available to you online. So if somebody wanted to go and build their own box and use the open source community rules that is something they can do. You will typically spend $300, $400 or $500 just on the appropriate components to build the computer and then you are going to spend your entire weekend configuring it and hoping that it works the way that it is supposed to. We have really simplified that and try to provide a platform that is very powerful, very flexible but still affordable so that the nerd, the hackers and the tweakers that want to play with it it is open for you to be able to do that.

Fr. Robert: I don’t think we call ourselves tweakers.

Daniel: Okay, let’s say the hobbyists or the hunters that Want to be able to play with it and get at the underlying operating system, configure it as they see fit. It is completely open for them to be able to do that. But also making it easy enough that someone like my mom can literally just plug it in between her modem and her router and have an adequate baseline.

Fr. Robert: I like that. So the basic level of plug it in and get protection but also if you’ve got the steels you can have fun and kind of poke around with it. Daniel thank you so very much. Where can they find this? If they want to contribute to the kick starter and get you on your feet and get this thing built, where do they go?

Daniel: Sure. In order for us to be able to bring this to market at an affordable price we need to pre-sell at least 8000 circuit boards. That is so that we can get the price under $149 to be able to sell it at an affordable rate. So we have it on kick starter today, we are about a third of the way towards our goal. If you go to itusnetwork.com/kickstarter it will redirect you to the page. Also if you go to itusnetwork.com and click on the banner on the home page it will take you to the kick starter page.

Fr. Robert: Thank you so very much.

Daniel: Thank you for having me.

Fr. Robert: Daniel Ayoub of Itus Networks. If you want some enterprise security in your home, check out the little white box.

Fr. Robert: No Bart in the chatroom has a really good question. He wants to know what if your modem and your router are one and the same? We covered this before. I hate when they do that and it is so difficult for you to find a provider that will give you just the modem. Why?

Bryan: Because they want the control.

Fr. Robert: Now there are some providers, and actually go to our Google plus page because some of our users pointed out the different ISPs that give you the option of a bridge mode. There is a certain port that you can plug-in or a certain feature that you can access and it will kind of turn off the router. Kind of. What you don’t want to do is that you don’t really want to go from your router/modem to a nether router. You want to make sure that you can actually use this device on your network. But what I love about this is that it is open source so you know exactly what is running on it. I am a big proponent of open source. There is no security through obscurity. All the tools that run on this box, I can run on my laptop right now. It is running Linux, it is running Snort. and it is using definitions for signatures that you can readily access. The difference is I was trying to put together a machine that would do something like this because some of the know it all’s wanted a router that would do this sort of function.

Bryan: Because we have talked about the packets… and the difference between a switch and a hub and stuff like that. But I like this because it seems like a natural progression of security. Without having to upgrade your router, you can have some of the security that you wouldn’t be able to get without spending a ton of money.

Fr. Robert: Exactly. And that is the thing. There are going to be people who say why not just build a PF router. That would work. But that would cost 2 to 3 times more than this. And you would have to upkeep it. This is a dumb box. This goes in line, it updates its own definitions and if you get the kick starter version it means you get a life time access to all those definitions. And if you have ever used in enterprise product that is the part that is expensive. The continual licensing. This is, by the product have access to the community and you are done. You brought up a question.

Bryan: We need to start monitoring the traffic going out of our networks a little bit more. And would this be a way of detecting the bad USB?

Fr. Robert: I thought about it and yes. Because one of the things that we talked about last week we talked about bad USB is that since you can’t see the memory, you have no visibility…

Bryan: The only way you can find out if something like this is happening is monitoring your traffic.

Fr. Robert: Exactly. Behavior. And that is what this works on. He was trying to explain this in the video, which is the router that you’ve got it does really well in state full packet inspections. Which basically means I am going to block out all the ports unless your computer requests access on that port. If your computer is owned, it is going to request access on that port and the router will just say okay sure. This doesn’t do that. This actually does de-packet inspection. It looks at layer 7 and it says what are you doing and what are you asking for? It is going to go no, no. This looks like bot traffic. Or this looks like a dump of system memory. I’m not letting this through. So, if you want to I think Itus’s slogan is, “To secure your internet of things”. If you want something to secure your Internet of things, this is a very good option.

Bryan: It’s a cool idea. Did you back it?

Fr. Robert: I did. I have one. Well, I backed it and I asked the guys that Itus, could you please help me? know, the one they brought in was a prototype. So there was a 3-D printed case on prototype board but Brian Chee who is my cohost on Twiet, he’s got a prototype as well and right now he is blasting it with all the tools he uses to test his enterprise gear.

Bryan: We should get Rafael Mudge one too.

Fr. Robert: now that was a lot of material that we had for this episode.

Bryan: But don’t worry. We have shown notes. Very detailed show notes that you can find at twit.tv/kh, that is where all our episodes live. You can subscribe, download, and like we were saying you can go through the show notes because in these episodes we cover a lot of stuff. And we don't want you to get lost so we provide links for you, whatever you need.

Fr. Robert: It is a manifest of everything. For example with the lunchbox built we are going to show you where we bought it, we are going to show you what mods we are going to make to it, we are going to show you where you can find the kick starter for Itus, we are going to show you what steps we used and what links we used to do the YouTube Center for Firefox. So if you ever wanted to do something that we have done on this show, we have probably given you step-by-step instructions to do it.

Bryan: We are just trying to help fill that knowledge hole. But if you are looking for more ways to have social interaction you can go to our Google plus page. I don’t think the link is working…

 Fr. Robert: The shorter doesn’t work so go to Google plus and just look for the knowhow group. With 7000+ members strong, the best thing about the know how Army is that even if Bryan or I aren’t answering your questions there is probably going to be someone in there who can. It is a great place if you are a DIYer or a Maker to get started. There are no stupid questions. There are only stupid graphics.

Bryan: And we have plenty of those. But you can also find projects and post your own stuff there too. And probably the best way to get a hold of us is on twitter.

Fr. Robert: Because if you send us an email we are just going to forward it to Jeffrey.

Bryan: Jeff loves email.

Fr. Robert: You can find me @PadreSJ.

Bryan: And I am @Cranky_Hippo.

Fr. Robert: Follow us, talk to us on Twitter. It is a really good way to get input into the show. If you want to see something in a future episode or if you are upset with something talk to us on twitter. We love to talk to our fans. We love to talk to our audience.

Bryan: You can see what we are up to on a day-to-day basis. Like building a know-how layer.

Fr. Robert: Right under our feet. That ceiling is what we are standing on right now. We’ve carved off an area of the basement that is going to become the Know How layer. The Know How Layer.

Bryan: And Alex is the director so he is keeping an eye on everything.

Fr. Robert: The best thing about this is that the basement is filled with boxes so we are making a wall.

Bryan: It’ll be like the bat cave. You’re giving away all the secrets thought.

Fr. Robert: The Know How Cave. Also, thanks to our TD. @anelf3. Alex Gumple who works his butt off every week. It is nice to have a real TD. You can find him at @anelf3. Make sure to follow him and tell him what you want to see us do. Until next time, I’m Father Robert Ballecer.

Bryan: And I’m Bryan Burnett.

Fr. Robert: And now that you know….

Bryan: Go do it!