Tuesday, February 28, 2006

Home Wireless Network Security Issues

Running a business from home has its advantages, including no commute, a more accommodating work schedule, fresh coffee and home-cooked meals at any time you want.

But running a business from home using a home wireless local area network (WLAN) with your computer may lead to thievery of confidential information and hacker or virus penetration unless proper actions are taken. As WLANs send information back and forth over radio waves, someone with the right type of receiver in your immediate area could be picking up the transmission, thus acquiring access to your computer.

Here is a list of things that you should consider as a result of implementing a home wireless network setup used your business:

Viruses could be loaded onto your laptop which could be transferred to the company's network when you go back to work.

Up to 75 per cent of home wireless network WLAN users do not have standard security features installed, and 20 per cent are left completely open as default configurations and are not secured, but are made for the users to have their network up and running ASAP.

It is recommended that home wireless network router/access point system setups be always done though a wired client.

Always change the default administrative password on your home wireless network router/access points to a secured password.

Enable at least 128-bit WEP encryption on both card and access point. Change your WEP keys periodically. If equipment does not support at least 128-bit WEP encryption, consider replacing it. Although there are security issues with WEP, it represents minimum level of security, and it should be enabled.

Change the default SSID on your router/access point to a hard to guess name. Setup your computer device to connect to this SSID by default.

Setup router/access points so as to not broadcast the SSID. The same SSID needs to be setup on the client side manually. This feature may not be available on all equipment.

Setup your home wireless network router to block anonymous internet requests or pings.

On each computer having a wireless network card, network connection properties should be configured to allow connection to Access Point Networks Only. Computer to computer (peer to peer) connections should not be allowed.

Enable MAC filtering. Deny connection to wireless network for unspecified MAC addresses. MAC or physical addresses are accessible through your computer device wireless network connection setup and they are physically written on network cards. When adding new wireless cards / computer to the network, their MAC addresses should be registered with the router /access point.

Your home wireless network router should have firewall features enabled and demilitarized zone (DMZ) feature disabled. Periodically test your hardware and personal firewalls using Shields Up test available at http://www.grc.com. All computers should have a properly configured personal firewall in addition to a hardware firewall.

Update router/access point firmware when new versions become available.

Locate router/access points away from strangers so they cannot reset the router/access point to default settings. Also, locate router/access points in the middle of the building rather than near windows to limit signal coverage outside the building.

You should know that nothing is 100%. While none of the actions suggested above will provide full 100% protection, countermeasures do exist that will help. The good collection of suggested preventative actions contained herein can help you deter an intruder trying to access your home wireless network. This deterrant then makes other insecure networks easier targets for the intruder to persue.

Wednesday, February 22, 2006

Network Security Journal Guide

The term ‘Virus’ has not just created havoc in life of living beings but also in the world of computers. Though the two kinds of viruses are completely different from each other yet both can prove extremely fatal.

Virus in computers can be defined as a program or a piece of code that is loaded onto your computer without your knowing it and it runs against your wishes. The computer viruses are manmade and can easily replicate themselves. A simple virus can duplicate itself time and again and it is quite easy to produce. Even a simple virus can swallow the entire memory of your system and stop it’s working while a slightly more dangerous or strong virus can transmit it across networks and bypass the security systems. Viruses can be transmitted as attachments to an e-mail note or in a download file, or be present on a diskette or CD. Some viruses cast their effect as soon as their code is executed; other viruses lie inactive until circumstances cause their code to be executed by the computer.

But gone are the days when viruses and diseases caused by them were left untreated. Just as people have developed cures to protect themselves, they have also invented something to safeguard their computer against the devastating threat of virus. The device that is meant to detect virus is called anti-virus.

An anti-virus program can be defined as a utility that searches a hard disk for any known or potential viruses and eliminates any that are found. Anti-virus software comprises of computer programs that attempt to identify, obstruct and eradicate computer viruses and other harmful software.

Every anti-virus software functions according to two techniques with a special focus on the first one –

(1) Examining i.e. scanning files to check familiar viruses that match the definitions in a virus dictionary.

(2) Identifying any malfunctioning software that indicates infection. Such analysis includes data captures, port monitoring and other methods.

While examining any file, the anti-virus software refers to a dictionary of known viruses that are already identified by the authors of the anti-virus software. The moment the code of a virus matches with the virus detected in the dictionary, the anti-virus software at first tries to repair the software by removing the virus itself from the file. If the virus is not removed at this stage then the software quarantines the file in a way that file remains inaccessible to other programs and the virus ceases to harm the system any more. Finally if the virus still continues to exist, the software deletes the infected file.

In order to function correctly and in a right manner the virus dictionary approach needs regular updates that involves downloads of updated virus dictionary entries. The anti-virus software that works in accordance to a dictionary typically scrutinizes files and spontaneously detects a virus when the operating system of the computer creates, opens, and closes or e-mails them. However a System Administrator can program the anti-virus software to examine or scan all the files on the user’s hard disk on a routine basis.

Sunday, February 19, 2006

Network Security – The Real Vulnerabilities

Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.

Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.

Saturday, February 04, 2006

Emails And Network Security

With the number of small, home-based businesses at present, computers and the internet are fast establishing themselves as essential tools for business management. But the active use of computers in business as means of banking and other financial transactions has attracted unscrupulous individuals. These individuals come up with programs and viruses that are threats to network security in hopes of intercepting important files from home computers. The Computer Emergency Response Team (CERT) at Carnegie Mellon University says that there are several ways how internet criminals threaten network security through emails. These methods seem harmless and are virtually undetectable until it is too late.

These threats include: email spoofing and email viruses. All these are classified as intentional computer misuses but are unwittingly spread by people who are not aware of their possible effects on network security. CERT explains that the writers of the viruses and malicious programs usually exploit the ignorance of most computer users to spread their viruses.

Email spoofing happens when emails display sources other than the original source. The virus writer or the original source manipulates the virus program to make it appear that the source written on the "From" box is the actual sender of the message. Most cases involve "messages" from network system administrators asking the users to modify and send them new passwords or other important information. Others report receiving strange emails from banks or telephone companies. The recipient opens the email, thinking that it is an urgent reminder. The virus then starts spreading in the computer system. The usual function of viruses like this is to weaken network security in order for the virus writer to infiltrate the system.

Viruses can also infiltrate systems by email attachments. This happens when a virus writer programs a virus and sends it to people disguised as a harmless email or attachment. The criminal usually attaches a funny picture or story in the email to entice recipients to open it. The recipient, thinking that the message is harmless and funny, sends it to other people. The virus spreads and disables network security with minimum effort from the writer. Email viruses usually come as attachments with hidden or concealed file extensions. Most victims open attachments thinking that these are harmless text documents or images taking note only of the ".txt" or ".jpg" in the filename. CERT advises that the first file extensions are not important in an attachment or file. The important attachment is the last because it indicates how the attachment functions. Extensions like ".exe" or ".vbs" means that the attachment will run as a program once the recipient opens it.

There are no foolproof ways on how to prevent the spread of malicious programs and viruses. To maintain network security, CERT recommends ignoring strange emails even if these are sent by an authority. Verify the messages' origin by calling the agency that "sent" them. For best protection, CERT advises email users to avoid downloading and saving attachments in their computers unless they have verified its source. Installing firewalls and other anti-virus software also strengthens network security.