Rootkits and advanced spyware have fundamentally changed the playing field says Mike Danseglio, Program Manager in the Security Solutions group at Microsoft, according to Fox News’ “Microsoft Official: Malware Recovery Not Always Possible” by Ryan Naraine, reporting from InfoSec World on April 5th, 2006. “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit," states Mr. Danseglio.
He cites a recent instance where an unnamed branch of the U.S. government struggled to design an automated process to wipe and rebuild 2,000 infected client machines. "In that case, it was so severe that trying to recover was meaningless.” While training costs can be high, they pale in comparison to the mounting expenses incurred by detecting damage, recovering lost work and rebuilding compromised systems--let alone “nuking” and starting all over again from scratch.
Rootkits, for example, use kernel hooks which often make them undetectable. Because of this, they are able to hide malware programs, making them the weapon of choice to compromise computer systems. Mr. Danseglio adds that IT administrators may never even know if the entire rootkit has been successfully removed. The cleanup process is "just way too hard."
"We've seen the self-healing malware that actually detects that you're trying to get rid of it. You remove it, and the next time you look in that directory, it's sitting there. It can simply reinstall itself," he said. "Detection is difficult, and remediation is often impossible," Danseglio declared. "If it doesn't crash your system or cause your system to freeze, how do you know it's there? The answer is you just don't know," he explained. "Lots of times, you never see the infection occur in real time, and you don't see the malware lingering or running in the background.
Fortunately, however, the alternative, training, is easier than it ever was, thanks to new online technologies such distance learning. The important point to remember is that, with today’s viruses. all employees--not just IT people--must be trained.
Friday, February 09, 2007
Wireless Network Security
Why Use Security?
If someone is able to wireless connect to your network from the road, near by parking lot, or adjacent house here are some things to consider. If they use your Internet connection for illegal activity, YOU are liable, not them. Also, once they are on your network, they may be able to open, delete, or change every file on your computers. There is also the possibility that the unauthorized user could spread viruses without them even realizing it.
So What Should I Do?
There are many ways to secure your connection. We are focusing on wireless security, so we will make a simple adjustment to your router. The simplest way to secure your connection is by using WEP (Wireless Encryption Protocol). Before I go any further, many hackers can find ways around this protection. It is not the best choice for large businesses (over 100 employees), but for home and small business users, this will work just fine.
Step 1 (Configure router):
Depending on your router, the specifics of this step will differ. You need to log into your router. This is done by opening your Internet Browser (Internet Explorer, FireFox, Safari, etc.) and putting the IP Address of the router in the address bar (the address bar is where you type web sites such as google.com). This IP address will either be 192.168.0.1 or 192.168.1.1; if you are unsure try both. Once you type the correct one in (and press 'Enter'), a pop-up will ask you for your user name and password. If you have never changed your password, then a default was set for you by the manufacturer. This is not the same user name and password as your computer or Internet Service Provider. If you do not know your default password, find it by clicking here.
Once logged in, look for the wireless section. This is often a button or tab found on the main page. For DLink routers there will be a button on the left menu. Now look for wireless security. For DLink routers it will be on this page. You should see a drop-down-menu. Select WEP (you may also see other choices such as WAP). Depending on your router, you will see some or all of these options. Set them as follows:
Authentication: Open
WEP Encryption: 64bit
Key Type: Hex
Key1: PICK A 10 DIGIT NUMBER
The above 'Key' is your wireless network password. Anyone that uses your wireless connection will need to know it. Normally, you are only required to put it in your computer once and then it will remember it.
Step 2 (Computer Setup):
Now go to your wireless computer and try to connect to the network, it will ask you for the key. Enter it just as you did in the router.
Step 3 (Advanced Security):
If you would like more security then you can change some of the other options in the router. For example, instead of 64bit choose 128bit. Or instead of HEX choose ASCII. All routers are different and offer different levels of security. Basically, going to 128bit requires a longer password so it is harder for others to guess and going to ASCII requires a password with letters, not just numbers, so there are more possible passwords. You can change this around as much as you like and I do suggest changing to either 128bit or ASCII.
If someone is able to wireless connect to your network from the road, near by parking lot, or adjacent house here are some things to consider. If they use your Internet connection for illegal activity, YOU are liable, not them. Also, once they are on your network, they may be able to open, delete, or change every file on your computers. There is also the possibility that the unauthorized user could spread viruses without them even realizing it.
So What Should I Do?
There are many ways to secure your connection. We are focusing on wireless security, so we will make a simple adjustment to your router. The simplest way to secure your connection is by using WEP (Wireless Encryption Protocol). Before I go any further, many hackers can find ways around this protection. It is not the best choice for large businesses (over 100 employees), but for home and small business users, this will work just fine.
Step 1 (Configure router):
Depending on your router, the specifics of this step will differ. You need to log into your router. This is done by opening your Internet Browser (Internet Explorer, FireFox, Safari, etc.) and putting the IP Address of the router in the address bar (the address bar is where you type web sites such as google.com). This IP address will either be 192.168.0.1 or 192.168.1.1; if you are unsure try both. Once you type the correct one in (and press 'Enter'), a pop-up will ask you for your user name and password. If you have never changed your password, then a default was set for you by the manufacturer. This is not the same user name and password as your computer or Internet Service Provider. If you do not know your default password, find it by clicking here.
Once logged in, look for the wireless section. This is often a button or tab found on the main page. For DLink routers there will be a button on the left menu. Now look for wireless security. For DLink routers it will be on this page. You should see a drop-down-menu. Select WEP (you may also see other choices such as WAP). Depending on your router, you will see some or all of these options. Set them as follows:
Authentication: Open
WEP Encryption: 64bit
Key Type: Hex
Key1: PICK A 10 DIGIT NUMBER
The above 'Key' is your wireless network password. Anyone that uses your wireless connection will need to know it. Normally, you are only required to put it in your computer once and then it will remember it.
Step 2 (Computer Setup):
Now go to your wireless computer and try to connect to the network, it will ask you for the key. Enter it just as you did in the router.
Step 3 (Advanced Security):
If you would like more security then you can change some of the other options in the router. For example, instead of 64bit choose 128bit. Or instead of HEX choose ASCII. All routers are different and offer different levels of security. Basically, going to 128bit requires a longer password so it is harder for others to guess and going to ASCII requires a password with letters, not just numbers, so there are more possible passwords. You can change this around as much as you like and I do suggest changing to either 128bit or ASCII.
Home Network Security Revealed
Some home computer users have become experts without knowing it. Just a short time ago terms such as "wireless" and "router" were only known by computer professionals and experts. Not so any more. These days switches, hubs, Ethernet cards, firewalls, routers, and other buzzwords related to networking have become common in many homes.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
Vendors have created new sources of income for themselves by making the installation of network devices cost efficient and easy. This is great value to home PC users by allowing more than one home computer to share resources with others without having to move the files physically or having to move the connections on printers. The entire family can now use one network to connect to the Internet, many times without having to drag wires all around the house.
The one thing that home users are lacking is education is how to secure themselves from hackers.
However, there is no need to panic. Settings that come from the vendor are very good. Now, here's a bit of guidance...
A common acronym for computer experts is "RTFM". You can just ignore the middle letter for now. The first letter stands for "read", the T for "the" and the last letter stands for "Manual". Doing this will give you information about standard settings that are useful about configuration. Don't forget to reread it.
PORTS FOR ROUTERS
The first thing that you should do is change your password. You should also rename the account for the administrator. This is because the next person who bought the same computer model as you did has the same information and might not be as trustworthy as you would like to think.
A standard port of HTTP is Port 80. This port is needed if you plan on browsing the Internet. A port is number for the network that is used by software to keep track of Internet traffic. You'll need to have this port open for IP addresses and any ranges that are going out of your computer. By doing this only those computers you know can generate any Internet traffic on your home network.
If you get your IP address in an automatic fashion the above tip will won't be useful for you. For example, most use DHCP. However, there are other service providers who will let you buy one static IP address for the router. It's this address that should have access going out to the Internet.
But just why should you care about traffic that is going out? For the simple reason that you might infect other computers. This is why you need to practice networking that is safe so that you don't spread any viruses. If you have Internet access that is wireless you won't always know who is on your same network. And even if you're not at home anyone can sneak in through your network.
You'll need to have Port 80 open for all traffic coming in from the Internet. Or you might want to track only those websites that have an IP address. This might be impossible though.
You need to open up Port 25 for outgoing mail if you're going to be using an email client that is a desktop application rather then being browser based. As well, you'll have to open up port 110 for incoming mail.
And most of the time, that will be all....
If you're using a client that is a desktop FTP or manual (both of which should be avoided if you can due to poor security) you'll need other ports. Most of the time these port numbers are easy to find. Try to limit their use. The general rule for network security is that you should keep as many ports as you can closed and only use those that you really need to use.
The above may sound a bit like the settings in a firewall. This is because firewalls and routers have some of the same functions. A firewall will allow or prevent Internet traffic while a router will direct it.
WIRELESS NETWORKS
There's a bit more that you have to do if you have a wireless network. Default settings will sometimes let anyone in range of the network have access. This means that not only someone in your household will be on the Internet, the neighbour across the street will as well. And this includes the hacker.
Network Security Software
Networking is all about sharing programs and is highly important in a company's computer system. Before, networks were secure because they were closed-in systems. But nowadays, hackers can easily access these networks due to broader availability and inexpensive broadband connections, such as DSL and cable. That is why companies should have network security software.
Network security software is used to protect sensitive data and information on your company's system. It also works wonders in securing your system, and ensures that it functions effectively and at maximum capacity. Some types of network security software are network security software scanners, network monitoring software and network-wide software used for monitoring an event log.
The network security software scanner is used to check your computer system for possible security vulnerabilities by scanning the entire network for missing security areas, service packs, open shares, open ports and user accounts that are unused. When this software detects all this information, you can lock down your computer system against intruders and hackers.
Another type of network security software is network-monitoring software. This is used to monitor your server and the entire computer system for failures, and to allow administrators to fix and identify these failures before the computer users report them. If there is a failure, the user can be alerted via email, SMS or pager. After this, the software reboots the machine, restarts a service or automatically runs a script.
Lastly, the software used for monitoring an event log is used to detect intrusion on the event log and management. What this software does is analyzes and archives the event logs of all machines in the computer system, at the same time sending alerts of attacks, critical events and other issues on security.
All these are necessary to secure your company's computer system. But keep in mind that one of the most important features that your network security software should have is ease of use. So, you must take time and carefully select the software that you will use in managing your network and keeping it secured.
Network security software is used to protect sensitive data and information on your company's system. It also works wonders in securing your system, and ensures that it functions effectively and at maximum capacity. Some types of network security software are network security software scanners, network monitoring software and network-wide software used for monitoring an event log.
The network security software scanner is used to check your computer system for possible security vulnerabilities by scanning the entire network for missing security areas, service packs, open shares, open ports and user accounts that are unused. When this software detects all this information, you can lock down your computer system against intruders and hackers.
Another type of network security software is network-monitoring software. This is used to monitor your server and the entire computer system for failures, and to allow administrators to fix and identify these failures before the computer users report them. If there is a failure, the user can be alerted via email, SMS or pager. After this, the software reboots the machine, restarts a service or automatically runs a script.
Lastly, the software used for monitoring an event log is used to detect intrusion on the event log and management. What this software does is analyzes and archives the event logs of all machines in the computer system, at the same time sending alerts of attacks, critical events and other issues on security.
All these are necessary to secure your company's computer system. But keep in mind that one of the most important features that your network security software should have is ease of use. So, you must take time and carefully select the software that you will use in managing your network and keeping it secured.
Wireless Network Security
Although it is relatively easy for SOHO (Small Office/Home Office) and home users to set up their own Wireless networks, the default settings on a WAP (Wireless Access Point) usually come with no security configured.
As a result, if you leave these settings as they are, then this WLAN (Wireless Local Area Network) you are creating can leave you open to hackers who want to compromise your computer and/or steal information from it.
As a result it is essential that you take the necessary steps to secure your Wireless network.
Why do you need wireless security?
In a traditional wired network you need to have physical access to the network. You either need access to a cable that is already connected to the LAN, or be able to attach a cable to say a patch panel or switch port that will create a new physical connection for you.
With a wireless network, however, you have a radio signal that permeates the very air around us. Because of the broadcast nature of WLANs, it is far easier to access this sort of network, especially when the signal is usually powerful enough to emanate outside of a building and so potentially provide network access to those outside.
Another benefit of a cabled network is that the transfer of data between computers remains within the wires themselves. Contrast this with a Wireless network, in which the data is now easier to intercept and/or corrupt.
As a result you need to secure your wireless network in the following ways:
* Request user authentication to prevent unauthorized access to your network.
* Use data privacy to protect the integrity and privacy of the data being transmitted.
How do you secure your Wireless network?
1. Change the SSID When you configure your WAP change the default SSID (Service Set IDentifier). Don’t pick something that easily identifies you, like your name, street address, etc. Instead pick something complicated that is difficult to guess and is made up of a mixture of letters and numbers e.g. m6jvUm9mHuQfA4h5tgCH
2. Disable SSID broadcasting In addition, make sure your WAP isn’t configured to broadcast your SSID. Although this is not a secure method of protecting your network, it does mean your WLAN is not so openly available to intrusion.
3. Configure WPA or WPA2 To authorize access to your Wireless network you should choose a security setting of WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or better yet WPA2-PSK if available.
Although Windows XP supports both of these security methods, you still need a wireless adapter that supports WPA as well.
NOTE: WEP (Wired Equivalent Privacy) is the earlier attempt to secure wireless connections and it is not secure enough. If this is all your WPA has to offer then you should either upgrade the firmware on it, if this will then give you WPA, or purchase a newer device.
You also need to choose a password for WPA-PSK. Like your SSID, this too needs to be complicated and so not easy to guess.
4. Restrict access based on MAC authentication Your wireless network adapter has a physical address called a MAC (Media Access Control) address. You can take advantage of this by configuring your WAP to only allow access to those MAC addresses you want to give access to your network and so restrict which computers can get connected. Although a MAC address can still be spoofed, this is yet another obstacle to deter the casual hacker.
5. Change the administrator account/password Your WAP will come with a standard administrator account and password. So anyone who has bought the same device will know what these are. Change the password to one that isn’t easy to guess and if possible change the name of the administrator account as well.
Summary
A Wireless network is a great way to get Internet access without having to lay down cabling, but out of the box these are completely insecure.
With the threat of hackers, viruses and spyware unlikely to go away you must secure your Wireless network if you want to keep your computer and the data on it safe.
As a result, if you leave these settings as they are, then this WLAN (Wireless Local Area Network) you are creating can leave you open to hackers who want to compromise your computer and/or steal information from it.
As a result it is essential that you take the necessary steps to secure your Wireless network.
Why do you need wireless security?
In a traditional wired network you need to have physical access to the network. You either need access to a cable that is already connected to the LAN, or be able to attach a cable to say a patch panel or switch port that will create a new physical connection for you.
With a wireless network, however, you have a radio signal that permeates the very air around us. Because of the broadcast nature of WLANs, it is far easier to access this sort of network, especially when the signal is usually powerful enough to emanate outside of a building and so potentially provide network access to those outside.
Another benefit of a cabled network is that the transfer of data between computers remains within the wires themselves. Contrast this with a Wireless network, in which the data is now easier to intercept and/or corrupt.
As a result you need to secure your wireless network in the following ways:
* Request user authentication to prevent unauthorized access to your network.
* Use data privacy to protect the integrity and privacy of the data being transmitted.
How do you secure your Wireless network?
1. Change the SSID When you configure your WAP change the default SSID (Service Set IDentifier). Don’t pick something that easily identifies you, like your name, street address, etc. Instead pick something complicated that is difficult to guess and is made up of a mixture of letters and numbers e.g. m6jvUm9mHuQfA4h5tgCH
2. Disable SSID broadcasting In addition, make sure your WAP isn’t configured to broadcast your SSID. Although this is not a secure method of protecting your network, it does mean your WLAN is not so openly available to intrusion.
3. Configure WPA or WPA2 To authorize access to your Wireless network you should choose a security setting of WPA-PSK (Wi-Fi Protected Access Pre-Shared Key) or better yet WPA2-PSK if available.
Although Windows XP supports both of these security methods, you still need a wireless adapter that supports WPA as well.
NOTE: WEP (Wired Equivalent Privacy) is the earlier attempt to secure wireless connections and it is not secure enough. If this is all your WPA has to offer then you should either upgrade the firmware on it, if this will then give you WPA, or purchase a newer device.
You also need to choose a password for WPA-PSK. Like your SSID, this too needs to be complicated and so not easy to guess.
4. Restrict access based on MAC authentication Your wireless network adapter has a physical address called a MAC (Media Access Control) address. You can take advantage of this by configuring your WAP to only allow access to those MAC addresses you want to give access to your network and so restrict which computers can get connected. Although a MAC address can still be spoofed, this is yet another obstacle to deter the casual hacker.
5. Change the administrator account/password Your WAP will come with a standard administrator account and password. So anyone who has bought the same device will know what these are. Change the password to one that isn’t easy to guess and if possible change the name of the administrator account as well.
Summary
A Wireless network is a great way to get Internet access without having to lay down cabling, but out of the box these are completely insecure.
With the threat of hackers, viruses and spyware unlikely to go away you must secure your Wireless network if you want to keep your computer and the data on it safe.
CCNA Certification Exam Training: Passwords, Cisco Routers, And Network Security
CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain quite a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
Press RETURN to get started.
R1>
To get into enable mode, by default all I have to do is type "enable".
R1>enable
R1#
See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.
R1(config)#enable password dolphins
Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.
R1>enable
Password:
R1#
I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.
The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:
hostname R1
!
enable password dolphins
We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.
enable password 7 110D1609071A020217
Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.
R1(config)#enable secret saints
After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:
enable password dolphins
enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/
If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:
R1>enable
Password:
Password:
When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":
R1>enable
Password:
Password:
R1#
When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!
If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:
R1 con0 is now available
Press RETURN to get started.
R1>
To get into enable mode, by default all I have to do is type "enable".
R1>enable
R1#
See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.
R1(config)#enable password dolphins
Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.
R1>enable
Password:
R1#
I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.
The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:
hostname R1
!
enable password dolphins
We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.
enable password 7 110D1609071A020217
Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.
R1(config)#enable secret saints
After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:
enable password dolphins
enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/
If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:
R1>enable
Password:
Password:
When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":
R1>enable
Password:
Password:
R1#
When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!
Network Security
Security is an essential part of maintaining any network and is the primary focus for a network administrator. While most people think that the main focus of a network administrator is to ensure that users can access data and other resources needed to perform their job functions, they don’t realize the work and attention needed to make certain all data is secure.
End users are happy as long as they get the data they need and don’t have to jump through hoops to get to it. Account names and requiring passwords only serve to keep honest people honest. There are many ways to compromise an account’s security and any decent hacker usually knows more tricks of the trade than the network administrator. The use of authentication services and/or Biometrics can improve security, but only to a certain degree.
If you’re responsible for a small operation, network security cannot be compromised. Hackers don’t discriminate; they’re looking for sensitive corporate or financial data that they can exploit. Customer and clients don’t discriminate; they’re entitled to the same service and reliability that they would get from a large corporation.
When it comes to protecting your network, there is no room for compromise. You must block any and all threats flowing around the Internet. Especially look for viruses and other forms of malware that can compromise your network and end-user systems, which could lead to data loss and expensive downtime. Spam clogs up inboxes and e-mail servers that cost businesses billions of dollars each year. Spyware and network intrusions are designed and targeted to steal valuable information from specific companies which can impact revenue and a company’s reputation. Plishing attacks exploit user habits to steal personal information.
Everyday security threats are being modified and refined, as hackers new conduits such as instant messaging, peer-to-peer connections, and wireless networks to deliver their attacks. In my opinion, the biggest headache for small businesses is the misuse of the Internet by employees. If a user visits an inappropriate site, sends or receives inappropriate content, or worse, violates confidentiality and leaks client information or company secrets, legal liability action is sure to follow. End user education needs to be top priority for all network administrators.
Insiders aren’t the most common security problem, but they can be among the most damaging to a company’s reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security professionals. If an employee is terminated, it’s crucial that all system access be revoked immediately. About half of all insider attacks take place between the time an IT employee is dismissed and their user privileges are taken away. I was in a situation where a co-worker was dismissed because of poor work performance. The IT manager arranged for all user privileges to be terminated immediately after the employee was informed of his termination. He was allowed to remove personal items from his office and computer, but was supervised the entire time. There was a tremendous amount of planning involved to coordinate this, but it work effectively.
When it comes to current employees, IT managers must keep an eye out for insubordination, anger over perceived mistreatment, or resistance to sharing responsibility or training colleagues, which are all signs someone may be capable of system sabotage or data theft. IT managers must be watchful any time someone with access to sensitive systems has a falling out with his or her bosses.
Defending against insiders isn’t easy, but knowing what to look for and understanding who you’re up against certainly helps. Managers must not only monitor system access, but also let employees know their system changes can be tracked. Employers should be wary of people unwilling to share their knowledge about systems or uncomfortable with the fact that their activities accessing systems or data can be tracked.
There are six basic security rules for Windows systems that can apply for all systems. If a network administrator follows the basic principles that will be discussed here, they can feel confident that their systems are protected.
First, the manager should be segment the network into areas of trust and provide specific controls at border areas. A basic firewall can filter access to services, and a more advanced system can inspect traffic and can detect that it is harmful. Things as simple as blocking access to TCP port 1433 and TCP port 1434 at the border firewall, allowing Internet access only to those SQL systems that must be accessed from the Internet, and patching the SQL systems could prevent viruses or worms from infecting a network.
Systems are sometimes left unpatched because there are so many to patch. Focusing efforts on the most vulnerable points will most likely achieve adequate coverage. You can find a list of the most frequently probed ports used by Windows systems at www.sans.org/y2k/ports.htm. Not all of the ports listed are used by Windows but you can make sure they are filtered at the firewall. You can also set a standard to block all ports and then unblock only the ports needed. Another good practice is to determine the open ports to ensure that they are legitimately needed.
Second, moderate the effect of spoofed ports and increasing use of port 80 by new services. The most common open port is of course port 80, so attacks directed at a web server will not be stopped by a common firewall. If a needed port is blocked, applications such as instant messaging, and streaming media will automatically use the open port. Trojans can be designed to listen on any port and can be specially designed to look like web traffic. Preventing overuse and misuse can be accomplished by using an application-layer firewall, ensure that a port is open only for specific servers, and configure systems at the host level with port filtering or IPSec blocking policies that can be set to block known troublesome ports.
Third, everyone agrees that the number one thing that you can do to improve security on a network is to keep patches current. Over ninety percent of systems that have been attacked could have been prevented if known vulnerabilities had been diminished via patches and configuration. Patching plans can be developed and used with enormous benefits. Some ways to mitigate patches are: manually, by downloading the patch, testing and applying it to a system, visiting the Windows Update Site to review the available patches, then deciding to accept or reject any proffered changes. Automatic updates can be configured to periodically connect to Microsoft for inspection and downloading of updates. Software Update Service is a free server application that when configured the system will periodically download patches from Microsoft. Microsoft Systems Management Server with update is purchased separately from Windows operating system and provides multiple management services. And, third-party patching products are available that can provide similar services.
Strengthening authentication processes can also help to secure your network. Authentication can be increased by enforcing a strong password policy. Use some other form of authentication along with this. Use technology and physical security to protect password databases and authentication material. Also you must understand that Windows authentication systems vary, and backward compatibility means less secure authentication may be used even by the most recent version of the operating system. One very important issue is to recognize that your network is only as secure as the least secure part.
Fourth, limit the number of administrators and limiting their privileges can help to secure a network. Don’t automatically give admin rights to the local PC unless there are applications that require it to run needed processes. In most cases administrative rights can be substituted with just elevated or privileged rights. Users with admin rights should be educated about not using that account to read email or surf the Internet. Instead, they should be given an ordinary account for those purposes.
Fifth, protecting systems against known attacks by means of system configurations is not a simple process. It requires knowing about past attacks and current vulnerabilities, and having an extensive knowledge of operating systems. To benefit from your configuration settings, you should not install IIS except to create an intranet or Internet web server. Don’t configure non-file servers to use File and Printer Sharing. Set strong permissions on Windows shares. (Use shares sparingly) Don’t allow anonymous access into your systems. You should also disable any Windows services, such as Telnet, Alerter, and Clipbook, (doe’s anyone use these?) Indexing services, Messenger, and Remote registry, that is not necessary.
Last, but not least I can’t stress enough the importance of developing and enforcing security policies by ways of accountability, technology and user training. The best knowledge anyone can have on security can not protect your systems if it not used. Security policies should be enforced by more than technology and fully supported by management People make security work. People support the development of culture of security, and people follow the rules because they understand them and because they are aware of the consequences. Train your users, let them know the rules, and hold them accountable.
The best laid plans will not stand if you can’t afford the resources or the support of implementing them. A crucial problem a network administrator faces is the cost of security. Security control mechanisms have expenses associated with their purchases. Deployment, maintenance, and implementing these systems in a redundant manner can increase costs significantly. When deciding on redundancy and security controls, it is helpful to create a number of scenarios in which a security breach or and outage occurs to determine the corporation’s cost for each occurrence. This should help management determine the value to the corporation of an assortment of security control mechanisms. (3) End users are that part, so anything done to strengthen it can have a huge effect on the baseline security of your systems.
End users are happy as long as they get the data they need and don’t have to jump through hoops to get to it. Account names and requiring passwords only serve to keep honest people honest. There are many ways to compromise an account’s security and any decent hacker usually knows more tricks of the trade than the network administrator. The use of authentication services and/or Biometrics can improve security, but only to a certain degree.
If you’re responsible for a small operation, network security cannot be compromised. Hackers don’t discriminate; they’re looking for sensitive corporate or financial data that they can exploit. Customer and clients don’t discriminate; they’re entitled to the same service and reliability that they would get from a large corporation.
When it comes to protecting your network, there is no room for compromise. You must block any and all threats flowing around the Internet. Especially look for viruses and other forms of malware that can compromise your network and end-user systems, which could lead to data loss and expensive downtime. Spam clogs up inboxes and e-mail servers that cost businesses billions of dollars each year. Spyware and network intrusions are designed and targeted to steal valuable information from specific companies which can impact revenue and a company’s reputation. Plishing attacks exploit user habits to steal personal information.
Everyday security threats are being modified and refined, as hackers new conduits such as instant messaging, peer-to-peer connections, and wireless networks to deliver their attacks. In my opinion, the biggest headache for small businesses is the misuse of the Internet by employees. If a user visits an inappropriate site, sends or receives inappropriate content, or worse, violates confidentiality and leaks client information or company secrets, legal liability action is sure to follow. End user education needs to be top priority for all network administrators.
Insiders aren’t the most common security problem, but they can be among the most damaging to a company’s reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security professionals. If an employee is terminated, it’s crucial that all system access be revoked immediately. About half of all insider attacks take place between the time an IT employee is dismissed and their user privileges are taken away. I was in a situation where a co-worker was dismissed because of poor work performance. The IT manager arranged for all user privileges to be terminated immediately after the employee was informed of his termination. He was allowed to remove personal items from his office and computer, but was supervised the entire time. There was a tremendous amount of planning involved to coordinate this, but it work effectively.
When it comes to current employees, IT managers must keep an eye out for insubordination, anger over perceived mistreatment, or resistance to sharing responsibility or training colleagues, which are all signs someone may be capable of system sabotage or data theft. IT managers must be watchful any time someone with access to sensitive systems has a falling out with his or her bosses.
Defending against insiders isn’t easy, but knowing what to look for and understanding who you’re up against certainly helps. Managers must not only monitor system access, but also let employees know their system changes can be tracked. Employers should be wary of people unwilling to share their knowledge about systems or uncomfortable with the fact that their activities accessing systems or data can be tracked.
There are six basic security rules for Windows systems that can apply for all systems. If a network administrator follows the basic principles that will be discussed here, they can feel confident that their systems are protected.
First, the manager should be segment the network into areas of trust and provide specific controls at border areas. A basic firewall can filter access to services, and a more advanced system can inspect traffic and can detect that it is harmful. Things as simple as blocking access to TCP port 1433 and TCP port 1434 at the border firewall, allowing Internet access only to those SQL systems that must be accessed from the Internet, and patching the SQL systems could prevent viruses or worms from infecting a network.
Systems are sometimes left unpatched because there are so many to patch. Focusing efforts on the most vulnerable points will most likely achieve adequate coverage. You can find a list of the most frequently probed ports used by Windows systems at www.sans.org/y2k/ports.htm. Not all of the ports listed are used by Windows but you can make sure they are filtered at the firewall. You can also set a standard to block all ports and then unblock only the ports needed. Another good practice is to determine the open ports to ensure that they are legitimately needed.
Second, moderate the effect of spoofed ports and increasing use of port 80 by new services. The most common open port is of course port 80, so attacks directed at a web server will not be stopped by a common firewall. If a needed port is blocked, applications such as instant messaging, and streaming media will automatically use the open port. Trojans can be designed to listen on any port and can be specially designed to look like web traffic. Preventing overuse and misuse can be accomplished by using an application-layer firewall, ensure that a port is open only for specific servers, and configure systems at the host level with port filtering or IPSec blocking policies that can be set to block known troublesome ports.
Third, everyone agrees that the number one thing that you can do to improve security on a network is to keep patches current. Over ninety percent of systems that have been attacked could have been prevented if known vulnerabilities had been diminished via patches and configuration. Patching plans can be developed and used with enormous benefits. Some ways to mitigate patches are: manually, by downloading the patch, testing and applying it to a system, visiting the Windows Update Site to review the available patches, then deciding to accept or reject any proffered changes. Automatic updates can be configured to periodically connect to Microsoft for inspection and downloading of updates. Software Update Service is a free server application that when configured the system will periodically download patches from Microsoft. Microsoft Systems Management Server with update is purchased separately from Windows operating system and provides multiple management services. And, third-party patching products are available that can provide similar services.
Strengthening authentication processes can also help to secure your network. Authentication can be increased by enforcing a strong password policy. Use some other form of authentication along with this. Use technology and physical security to protect password databases and authentication material. Also you must understand that Windows authentication systems vary, and backward compatibility means less secure authentication may be used even by the most recent version of the operating system. One very important issue is to recognize that your network is only as secure as the least secure part.
Fourth, limit the number of administrators and limiting their privileges can help to secure a network. Don’t automatically give admin rights to the local PC unless there are applications that require it to run needed processes. In most cases administrative rights can be substituted with just elevated or privileged rights. Users with admin rights should be educated about not using that account to read email or surf the Internet. Instead, they should be given an ordinary account for those purposes.
Fifth, protecting systems against known attacks by means of system configurations is not a simple process. It requires knowing about past attacks and current vulnerabilities, and having an extensive knowledge of operating systems. To benefit from your configuration settings, you should not install IIS except to create an intranet or Internet web server. Don’t configure non-file servers to use File and Printer Sharing. Set strong permissions on Windows shares. (Use shares sparingly) Don’t allow anonymous access into your systems. You should also disable any Windows services, such as Telnet, Alerter, and Clipbook, (doe’s anyone use these?) Indexing services, Messenger, and Remote registry, that is not necessary.
Last, but not least I can’t stress enough the importance of developing and enforcing security policies by ways of accountability, technology and user training. The best knowledge anyone can have on security can not protect your systems if it not used. Security policies should be enforced by more than technology and fully supported by management People make security work. People support the development of culture of security, and people follow the rules because they understand them and because they are aware of the consequences. Train your users, let them know the rules, and hold them accountable.
The best laid plans will not stand if you can’t afford the resources or the support of implementing them. A crucial problem a network administrator faces is the cost of security. Security control mechanisms have expenses associated with their purchases. Deployment, maintenance, and implementing these systems in a redundant manner can increase costs significantly. When deciding on redundancy and security controls, it is helpful to create a number of scenarios in which a security breach or and outage occurs to determine the corporation’s cost for each occurrence. This should help management determine the value to the corporation of an assortment of security control mechanisms. (3) End users are that part, so anything done to strengthen it can have a huge effect on the baseline security of your systems.
IT Network Security - The New World's Lock & Key
It's another Monday morning at the office, you've just turned on your computer and logged in - all of a sudden you start to notice that your "Home Page" is changed, your computer is very slow and finally the internet connection is extremely slow.... Your IT Network has just been Hacked!
Security in the workplace has been an issue for years yet something commonly thought of as "internal security" such as cameras and locked doors. Today the world has grown and evolved into a computer driven technology, providing innovative e-criminals the opportunity to take advantage of this situation and they are benefiting by your lack of network security knowledge and use of older technology. Now more than ever, there are important types of security needs such as Firewalls, Network Lockdowns, Key Fobs, Passwords and so on, that are needed to secure a companies sensitive records, financial information and their basic lifeline to keep them in business.
Some businesses don't know what they're exposing themselves to, but with an "opened port" on a firewall or router leading to their database or "hole" in the network, the world is able to look at your sensitive material without you even knowing until it's too late.
Last month a new company signed on with Libra IT for simple "network support" because they felt their old IT provider was not giving them the patience they feel they deserved. When our engineer did a network audit we noticed that the tape backup's have not been successful in over 2 months! With that alone a red flag should have gone up. More problems were found... much more! Every port on the firewall was open allowing anyone into the server which nullified the purpose of the firewall entirely.
And to add misery to suffering... Half the staff knew the Administrator Password!!! (Simple passwords are not enough... did you know that the most common password used today is "password" and the second most common is "admin"? Many users have half a dozen passwords to remember which is why the most common password is ‘password.' The usual solution is to write it down. But how secure is that?) This oversight allowed anyone into the system to change, delete or add anything they wanted... what if one of these people became a "disgruntled employee" later down the line? Finally we stumbled upon another serious issue that could have been disastrous... After the previous IT person was "dismissed" they were trying to hack into the system using "old employees passwords" (which worked) and decided to try and delete files as well as "hide" mistakes he made. Luckily we tracked everything they did by backing the system up successfully in case anything like this happened!
Makes you wish we could go back to the old days when we had a safe with paperwork in it or a filing cabinet with a lock on it that held our businesses most prized possessions. Today, this information is resting in your servers, networked to the staff and then to the internet for fast and easy day to day operations bringing business to what we once called "The future of doing business". With this new system that has treated us well in the past decade or so, we have neglected to see what other possibilities are growing out there such as network hacking, malicious script sent through email in the form of humour from a trusted source, which destroys our data or even worse, a complete breakdown of our network and loss of all information.
Another item I wanted to touch upon was something I stumbled upon last month when a new client came on board and asked simply if we could upgrade their server. The company in this situation changed their IT Firm service to us because they felt like they were not getting the service they needed and wanted more experienced engineering in their technical arena.
When this high security Financial company signed on we had no idea what we were about to stumble on! If you look at some URL's you will notice most of them start with an http:. But then you come across the "secure connections" used by companies like financial or legal institutions which look like this http: where the "S" is to signify that it's a secure site and no one can get in unless authorized with log in and password. What this financial company didn't know was that their "secure site" was in no way shape or form secure! Here's how the previous IT firm did it... To cut corners, their previous IT Firm decided to send all "secure traffic URL" to one web-server housing the main page under the URL https: but then translated this to simple http: to retrieve the requested "financial data" for the client from another server (being the data storage server). The traffic is then sent back to the first server which once again translated the http: to https: to again make it look secure! The information was finally sent to the client unbeknownst to them that their personal financial data has no security whatsoever. This was immediately rectified and security was finally restored but with a lesson... when you have security implemented into your network, get certificates of authentication for your records or you may find that you too are exposed to the world of hackers and prying eyes.
Security in the workplace has been an issue for years yet something commonly thought of as "internal security" such as cameras and locked doors. Today the world has grown and evolved into a computer driven technology, providing innovative e-criminals the opportunity to take advantage of this situation and they are benefiting by your lack of network security knowledge and use of older technology. Now more than ever, there are important types of security needs such as Firewalls, Network Lockdowns, Key Fobs, Passwords and so on, that are needed to secure a companies sensitive records, financial information and their basic lifeline to keep them in business.
Some businesses don't know what they're exposing themselves to, but with an "opened port" on a firewall or router leading to their database or "hole" in the network, the world is able to look at your sensitive material without you even knowing until it's too late.
Last month a new company signed on with Libra IT for simple "network support" because they felt their old IT provider was not giving them the patience they feel they deserved. When our engineer did a network audit we noticed that the tape backup's have not been successful in over 2 months! With that alone a red flag should have gone up. More problems were found... much more! Every port on the firewall was open allowing anyone into the server which nullified the purpose of the firewall entirely.
And to add misery to suffering... Half the staff knew the Administrator Password!!! (Simple passwords are not enough... did you know that the most common password used today is "password" and the second most common is "admin"? Many users have half a dozen passwords to remember which is why the most common password is ‘password.' The usual solution is to write it down. But how secure is that?) This oversight allowed anyone into the system to change, delete or add anything they wanted... what if one of these people became a "disgruntled employee" later down the line? Finally we stumbled upon another serious issue that could have been disastrous... After the previous IT person was "dismissed" they were trying to hack into the system using "old employees passwords" (which worked) and decided to try and delete files as well as "hide" mistakes he made. Luckily we tracked everything they did by backing the system up successfully in case anything like this happened!
Makes you wish we could go back to the old days when we had a safe with paperwork in it or a filing cabinet with a lock on it that held our businesses most prized possessions. Today, this information is resting in your servers, networked to the staff and then to the internet for fast and easy day to day operations bringing business to what we once called "The future of doing business". With this new system that has treated us well in the past decade or so, we have neglected to see what other possibilities are growing out there such as network hacking, malicious script sent through email in the form of humour from a trusted source, which destroys our data or even worse, a complete breakdown of our network and loss of all information.
Another item I wanted to touch upon was something I stumbled upon last month when a new client came on board and asked simply if we could upgrade their server. The company in this situation changed their IT Firm service to us because they felt like they were not getting the service they needed and wanted more experienced engineering in their technical arena.
When this high security Financial company signed on we had no idea what we were about to stumble on! If you look at some URL's you will notice most of them start with an http:. But then you come across the "secure connections" used by companies like financial or legal institutions which look like this http: where the "S" is to signify that it's a secure site and no one can get in unless authorized with log in and password. What this financial company didn't know was that their "secure site" was in no way shape or form secure! Here's how the previous IT firm did it... To cut corners, their previous IT Firm decided to send all "secure traffic URL" to one web-server housing the main page under the URL https: but then translated this to simple http: to retrieve the requested "financial data" for the client from another server (being the data storage server). The traffic is then sent back to the first server which once again translated the http: to https: to again make it look secure! The information was finally sent to the client unbeknownst to them that their personal financial data has no security whatsoever. This was immediately rectified and security was finally restored but with a lesson... when you have security implemented into your network, get certificates of authentication for your records or you may find that you too are exposed to the world of hackers and prying eyes.
Why Most Wireless Network Security Advice Doesn't Really Work
Just about every day I read articles about wireless networks and what should be done to make them safer. Mostly I get a couple of lines in and then read no further. This is because the advice in a lot of these articles is a waste of time. Don't worry though because there's stuff you can do that's a lot less hassle and will work a whole lot better.
I'll get onto what you should do, but first of all I'm going to repeat what you'll probably read elsewhere and tell you why it doesn't help:
THINGS THAT DON'T REALLY WORK
Turning off SSID broadcast: This is often misleadingly referred to as "SSID hiding", but there's no such thing. It turns off SSID beaconing on your Wireless Access Point or wireless router, but there are other mechanisms that also broadcast the SSID over the wireless network and so you're disabling only 1 of many. Turning off SSID broadcast makes your network a lot less user friendly and won't do anything meaningful for network security.
MAC filtering: Frequently mentioned as a security mechanism and it can be used to keep leaching neighbours from using your broadband, but then encryption is a better way to achieve that and more. The problem with MAC filtering is that it can be hard to set up and maintain and the MAC address of your wireless card can be seen in the header of all wireless packets to and from your PC by anyone with a "sniffer" (a bit of traffic capturing software you can get for free on the Internet). It's then pretty easy to spoof the MAC address and gain access. It's really not worth the trouble to configure it.
Disable DHCP: Another big waste of time. DHCP allows the automatic assignment of IP addresses and other configurations. Many articles advise disabling DHCP and configuring static IP addresses to "increase security". It'll take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Just as with turning off SSID broadcast you're making your life harder for no gain. Anyone who tells you that this is a way to secure your wireless network doesn't know what they're talking about.
SO WHAT DOES WORK?
The good news is there are some simple things you can do that will improve the security of your wireless network. Here are three simple steps to improved wireless security:
Step 1 - Password protect your router
If you have a wireless or broadband router then it should allow you to access its config via a Web browser. To access your router’s setup, open a browser and enter the routers setup URL. The URL will be specified in the manual that came with the router.
The manual will also specify the default login details for your router. The problem here is that this means everyone knows what the default is so you need to change it. Once logged in it's usually pretty easy to find the link in the config to change the password.
If for any reason you don't have the manual for your router then you can search on the Internet using the term “default login for x”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.
Step 2 - Disable router access from the Internet
If your router has the option then disable access to the router's configuration from the Internet. This will mean that you can still log in to the router to change the configuration from your internal network, but nobody from the Internet will be able to log in.
Step 3 - Add strong encryption
You need to encrypt your wireless network...really. Read that sentence again if you like, it's really important. Beyond that it's pretty important to use WPA encryption rather than WEP. WEP is better than no encryption at all, but it can be cracked in only a few minutes and the tools to do this are readily available.
I'll get onto what you should do, but first of all I'm going to repeat what you'll probably read elsewhere and tell you why it doesn't help:
THINGS THAT DON'T REALLY WORK
Turning off SSID broadcast: This is often misleadingly referred to as "SSID hiding", but there's no such thing. It turns off SSID beaconing on your Wireless Access Point or wireless router, but there are other mechanisms that also broadcast the SSID over the wireless network and so you're disabling only 1 of many. Turning off SSID broadcast makes your network a lot less user friendly and won't do anything meaningful for network security.
MAC filtering: Frequently mentioned as a security mechanism and it can be used to keep leaching neighbours from using your broadband, but then encryption is a better way to achieve that and more. The problem with MAC filtering is that it can be hard to set up and maintain and the MAC address of your wireless card can be seen in the header of all wireless packets to and from your PC by anyone with a "sniffer" (a bit of traffic capturing software you can get for free on the Internet). It's then pretty easy to spoof the MAC address and gain access. It's really not worth the trouble to configure it.
Disable DHCP: Another big waste of time. DHCP allows the automatic assignment of IP addresses and other configurations. Many articles advise disabling DHCP and configuring static IP addresses to "increase security". It'll take a hacker about 10 seconds to figure out the IP scheme of any network and simply assign their own IP address. Just as with turning off SSID broadcast you're making your life harder for no gain. Anyone who tells you that this is a way to secure your wireless network doesn't know what they're talking about.
SO WHAT DOES WORK?
The good news is there are some simple things you can do that will improve the security of your wireless network. Here are three simple steps to improved wireless security:
Step 1 - Password protect your router
If you have a wireless or broadband router then it should allow you to access its config via a Web browser. To access your router’s setup, open a browser and enter the routers setup URL. The URL will be specified in the manual that came with the router.
The manual will also specify the default login details for your router. The problem here is that this means everyone knows what the default is so you need to change it. Once logged in it's usually pretty easy to find the link in the config to change the password.
If for any reason you don't have the manual for your router then you can search on the Internet using the term “default login for x”. Don’t be surprised to find quite a number of pages listing default login parameters for many different routers, even uncommon ones.
Step 2 - Disable router access from the Internet
If your router has the option then disable access to the router's configuration from the Internet. This will mean that you can still log in to the router to change the configuration from your internal network, but nobody from the Internet will be able to log in.
Step 3 - Add strong encryption
You need to encrypt your wireless network...really. Read that sentence again if you like, it's really important. Beyond that it's pretty important to use WPA encryption rather than WEP. WEP is better than no encryption at all, but it can be cracked in only a few minutes and the tools to do this are readily available.
Subscribe to:
Posts (Atom)