Monday, January 30, 2006

Network Security Paramount to Large Corporate Entities

Standards-based VoIP and IP telephony software applications are becoming the reality of modern business communications. However, network security is paramount for all corporate entities with the prevalence of secure data traveling over a variety of communications mediums.

Tracking call data is a necessary and important part of a business enterprise’s operations and efficiency, and by choosing a secure call accounting system, sensitive information like corporate assets, trade secrets and other proprietary data, won’t fall into the wrong hands.

It’s important that a serious call accounting software application provide security in the following areas: Operating System Security, Program Security and Data Security. Each of the three zones should operate with independent settings that can be set to a business’ specific needs. An administrator should be able to limit the operations available to a specific user and can place restrictions on call data records that a user can view or edit.

Additionally, a call accounting system that has the ability to limit users to their respective areas (divisions, departments, cost centers, etc…) via user IDs provides multi-user access and affords managers the ability to run reports that can aid with>telecom expense management. The overall result is a high-efficiency call accounting system that can be configured for any number of network users, and has the highest security encryption rate.

Sunday, January 29, 2006

Wireless Network Security

Why Use Security?
If someone is able to wireless connect to your network from the road, near by parking lot, or adjacent house here are some things to consider. If they use your Internet connection for illegal activity, YOU are liable, not them. Also, once they are on your network, they may be able to open, delete, or change every file on your computers. There is also the possibility that the unauthorized user could spread viruses without them even realizing it.

So What Should I Do?
There are many ways to secure your connection. We are focusing on wireless security, so we will make a simple adjustment to your router. The simplest way to secure your connection is by using WEP (Wireless Encryption Protocol). Before I go any further, many hackers can find ways around this protection. It is not the best choice for large businesses (over 100 employees), but for home and small business users, this will work just fine.

Step 1 (Configure router):
Depending on your router, the specifics of this step will differ. You need to log into your router. This is done by opening your Internet Browser (Internet Explorer, FireFox, Safari, etc.) and putting the IP Address of the router in the address bar (the address bar is where you type web sites such as google.com). This IP address will either be 192.168.0.1 or 192.168.1.1; if you are unsure try both. Once you type the correct one in (and press 'Enter'), a pop-up will ask you for your user name and password. If you have never changed your password, then a default was set for you by the manufacturer. This is not the same user name and password as your computer or Internet Service Provider. If you do not know your default password, find it by clicking here.
Once logged in, look for the wireless section. This is often a button or tab found on the main page. For DLink routers there will be a button on the left menu. Now look for wireless security. For DLink routers it will be on this page. You should see a drop-down-menu. Select WEP (you may also see other choices such as WAP). Depending on your router, you will see some or all of these options. Set them as follows:


Authentication: Open
WEP Encryption: 64bit
Key Type: Hex
Key1: PICK A 10 DIGIT NUMBER


The above 'Key' is your wireless network password. Anyone that uses your wireless connection will need to know it. Normally, you are only required to put it in your computer once and then it will remember it.

Step 2 (Computer Setup):
Now go to your wireless computer and try to connect to the network, it will ask you for the key. Enter it just as you did in the router.

Step 3 (Advanced Security):
If you would like more security then you can change some of the other options in the router. For example, instead of 64bit choose 128bit. Or instead of HEX choose ASCII. All routers are different and offer different levels of security. Basically, going to 128bit requires a longer password so it is harder for others to guess and going to ASCII requires a password with letters, not just numbers, so there are more possible passwords. You can change this around as much as you like and I do suggest changing to either 128bit or ASCII.

Wednesday, January 25, 2006

Computer & Network Security: Two Anti Virus Strategies

Rootkits and advanced spyware have fundamentally changed the playing field says Mike Danseglio, Program Manager in the Security Solutions group at Microsoft, according to Fox News’ “Microsoft Official: Malware Recovery Not Always Possible” by Ryan Naraine, reporting from InfoSec World on April 5th, 2006. “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," states Mr. Danseglio.

He cites a recent instance where an unnamed branch of the U.S. government struggled to design an automated process to wipe and rebuild 2,000 infected client machines. "In that case, it was so severe that trying to recover was meaningless.” While training costs can be high, they pale in comparison to the mounting expenses incurred by detecting damage, recovering lost work and rebuilding compromised systems--let alone “nuking” and starting all over again from scratch.

Rootkits, for example, use kernel hooks which often make them undetectable. Because of this, they are able to hide malware programs, making them the weapon of choice to compromise computer systems. Mr. Danseglio adds that IT administrators may never even know if the entire rootkit has been successfully removed. The cleanup process is "just way too hard."

"We've seen the self-healing malware that actually detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself," he said. "Detection is difficult, and remediation is often impossible," Danseglio declared. "If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know," he explained. "Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background.

Fortunately, however, the alternative, training, is easier than it ever was, thanks to new online technologies such distance learning. The important point to remember is that, with today’s viruses. all employees--not just IT people--must be trained.

Wednesday, January 18, 2006

Home Network Security Revealed

Some home computer users have become experts without knowing it. Just a short time ago terms such as "wireless" and "router" were only known by computer professionals and experts. Not so any more. These days switches, hubs, Ethernet cards, firewalls, routers, and other buzzwords related to networking have become common in many homes.

Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.

The one thing that home users are lacking is education is how to secure themselves from hackers.

However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...

A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.

PORTS FOR ROUTERS

The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.

A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.

If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.

But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.

You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.

You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.

And most of the time, that will be all....

If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.

The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.

WIRELESS NETWORKS

There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.

What you need to do is lock down the wireless network. You can learn how to do this by reading the manual and then configuring your passwords as well as any other security features that are included.

You don't need to devote your life to becoming a security or network expert just so that you keep your resources safe. However, when you're connected to the Internet through a router there is more risk than if you were connected through dial-up or as a single user.

Take some time today to learn what you can about network security so that you don't spend that time after your network is broken into.

Friday, January 13, 2006

Wireless Network Security

Have you ever wondered how you can protect your home from intruders? There are various wireless network security gadgets installed in homes. But how safe really are you when at home? Here are six steps to ensure security in your home using wireless network security gadgets.

First, you should change the system’s identification. Security devices come with a default system ID called the Service Set Identifier. Hackers will find it easy to learn the default identifier of each manufacturer, so it is safer for you to change it. Use something unfamiliar. Avoid using your name or other codes that are easily identified.

Second, you should disable the identifier broadcasting. You need not announce that you have wireless connection since this will be enticing to hackers. Check your manual to learn how to disable broadcasting.

Third, it is important to enable encryption. The Wired Equivalent Privacy and the Wi-Fi Protected Access have the ability to encrypt data so that only the intended recipient can read it.

Fourth, you must restrict unnecessary traffic. A lot of wireless routers have their own built-in firewalls. Read the manual of the hardware and find out how to reconfigure your router so that only your approved incoming and outgoing traffic can be allowed.

Fifth, change the default password of the administrator. Since this password can easily be obtained and many people do not go to trouble of changing it, the system falls prey to a lot of hackers. Be sure to change the password to something that cannot easily be guessed.

Lastly, patch and protect your personal computers. You must have a personal firewall and anti-virus software installed on your computers. Be sure to always keep them up to date. Also, keep updates of famous security vulnerabilities.

Monday, January 09, 2006

Network Security Software

Networking is all about sharing programs and is highly important in a company's computer system. Before, networks were secure because they were closed-in systems. But nowadays, hackers can easily access these networks due to broader availability and inexpensive broadband connections, such as DSL and cable. That is why companies should have network security software.

Network security software is used to protect sensitive data and information on your company's system. It also works wonders in securing your system, and ensures that it functions effectively and at maximum capacity. Some types of network security software are network security software scanners, network monitoring software and network-wide software used for monitoring an event log.

The network security software scanner is used to check your computer system for possible security vulnerabilities by scanning the entire network for missing security areas, service packs, open shares, open ports and user accounts that are unused. When this software detects all this information, you can lock down your computer system against intruders and hackers.

Another type of network security software is network-monitoring software. This is used to monitor your server and the entire computer system for failures, and to allow administrators to fix and identify these failures before the computer users report them. If there is a failure, the user can be alerted via email, SMS or pager. After this, the software reboots the machine, restarts a service or automatically runs a script.

Lastly, the software used for monitoring an event log is used to detect intrusion on the event log and management. What this software does is analyzes and archives the event logs of all machines in the computer system, at the same time sending alerts of attacks, critical events and other issues on security.

All these are necessary to secure your company's computer system. But keep in mind that one of the most important features that your network security software should have is ease of use. So, you must take time and carefully select the software that you will use in managing your network and keeping it secured.

Wednesday, January 04, 2006

Wireless Network Security

With a wireless network, however, you have a radio signal that permeates the very air around us. Because of the broadcast nature of WLANs, it is far easier to access this sort of network, especially when the signal is usually powerful enough to emanate outside of a building and so potentially provide network access to those outside.

Another benefit of a cabled network is that the transfer of data between computers remains within the wires themselves. Contrast this with a Wireless network, in which the data is now easier to intercept and/or corrupt.

As a result you need to secure your wireless network in the following ways:

* Request user authentication to prevent unauthorized access to your network.
* Use data privacy to protect the integrity and privacy of the data being transmitted.


How do you secure your Wireless network?

1. Change the SSID When you configure your WAP change the default SSID (Service Set IDentifier). Don’t pick something that easily identifies you, like your name, street address, etc. Instead pick something complicated that is difficult to guess and is made up of a mixture of letters and numbers e.g. m6jvUm9mHuQfA4h5tgCH

2. Disable SSID broadcasting In addition, make sure your WAP isn’t configured to broadcast your SSID. Although this is not a secure method of protecting your network, it does mean your WLAN is not so openly available to intrusion.

3. Configure WPA or WPA2 To authorize access to your Wireless network you should choose a security setting of WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or better yet WPA2-PSK if available.

Although Windows XP supports both of these security methods, you still need a wireless adapter that supports WPA as well.

NOTE: WEP (Wired Equivalent Privacy) is the earlier attempt to secure wireless connections and it is not secure enough. If this is all your WPA has to offer then you should either upgrade the firmware on it, if this will then give you WPA, or purchase a newer device.

You also need to choose a password for WPA-PSK. Like your SSID, this too needs to be complicated and so not easy to guess.

4. Restrict access based on MAC authentication Your wireless network adapter has a physical address called a MAC (Media Access Control) address. You can take advantage of this by configuring your WAP to only allow access to those MAC addresses you want to give access to your network and so restrict which computers can get connected. Although a MAC address can still be spoofed, this is yet another obstacle to deter the casual hacker.

5. Change the administrator account/password Your WAP will come with a standard administrator account and password. So anyone who has bought the same device will know what these are. Change the password to one that isn’t easy to guess and if possible change the name of the administrator account as well.