Wireless transmissions are inherently unsafe, as they allow wireless hackers (wardrivers) to access your data from a nearby parking lot. As most readers also know, the IEEE 802.11 standard includes basic protection, known as the Wired Equivalent Privacy (WEP) protocol. This protocol defines a set of instructions and rules by which wireless data can be transmitted over airwaves with added security.
The WEP protocol standardizes the production of hardware and software that use the IEEE 802.11 protocol. To secure data, WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. RC4 is a secure algorithm and should remain so for several years to come. However, in the case of WEP, it is the specific wireless implementation of the RC4 algorithm, not the algorithm itself, that is at fault.
The following section will show in detail how WEP is cracked. On a busy corporate network, a wardriver can capture enough data to break your WEP encryption in about two to six hours. Breaking a home user's encryption might take longer (up to two to four weeks), since the flux of data is often much lower. Nevertheless, we recommend that you use WEP when possible, not just as a minor security barrier, but also because it serves as a gentle warning (akin to a login banner disclaimer on a network) that your network is private, rather than shared with the entire community. Also, some products (such as Windows XP) automatically associate with the strongest wireless signal by default. Using WEP prevents your neighbors from inadvertently sucking up your bandwidth, or from unknowingly browsing the Web using your home IP address!
Monday, June 16, 2008
Wednesday, June 04, 2008
Understand and participate in forensics.
In physical crimes, such as robbery and murder, special investigative teams are trained in the science of collecting and analyzing crime-scene data. These teams include on-scene personnel as well as forensic scientists in labs. Computer forensics is no different in its practice. In fact, many people are shocked to find that computer attack forensics is more concerned with law and evidence gathering, handling, and preservation than with computers. Most companies today don't prepare or understand the forensics process until after an attack has occurred. It is our goal in this section to show you what is required and how to prepare before an attack occurs.
First things first—computer crime is increasing and our ability to cope with the complexity of the networks and software applications that are being created is decreasing. Now, this is most certainly a generalization, but it holds true for many of the clients and companies we see every year. Another truth is that given enough time, energy, and incentive, just about any network can be hacked. If you can accept these basic truths, the time you spend planning and training in areas such as computer forensics will seem less like a waste of time and more like an investment.
Computer forensics is about collecting and analyzing data so it can be used and presented in court. Without proper forensic techniques, you are likely to destroy valuable data or render it inadmissible because it was improperly obtained, collected, or stored. Without evidence, you can't prosecute offenders, properly terminate employees for inappropriate behavior, or seek damages when corporate espionage hits home.
First things first—computer crime is increasing and our ability to cope with the complexity of the networks and software applications that are being created is decreasing. Now, this is most certainly a generalization, but it holds true for many of the clients and companies we see every year. Another truth is that given enough time, energy, and incentive, just about any network can be hacked. If you can accept these basic truths, the time you spend planning and training in areas such as computer forensics will seem less like a waste of time and more like an investment.
Computer forensics is about collecting and analyzing data so it can be used and presented in court. Without proper forensic techniques, you are likely to destroy valuable data or render it inadmissible because it was improperly obtained, collected, or stored. Without evidence, you can't prosecute offenders, properly terminate employees for inappropriate behavior, or seek damages when corporate espionage hits home.
DMZ : Demilitarized Zone
DMZ : Demilitarized Zone :
Also called the free-trade zone or the neutral zone, this is an area in your network that allows a limited and controlled amount of access from the public Internet. The DMZ often hosts the corporation's Web and File Transfer Protocol (FTP) sites, email, external Domain Name Service (DNS), and the like. This network segment usually lies between the internal corporate network and the public Internet.
Also called the free-trade zone or the neutral zone, this is an area in your network that allows a limited and controlled amount of access from the public Internet. The DMZ often hosts the corporation's Web and File Transfer Protocol (FTP) sites, email, external Domain Name Service (DNS), and the like. This network segment usually lies between the internal corporate network and the public Internet.
Wednesday, May 07, 2008
What does antivirus software do?
There are a variety of antivirus software packages that operate in many different ways, depending on how the vendor chose to implement their software. What they have in common, though, is that they all look for patterns in the files or memory of your computer that indicate the possible presence of a known virus. Antivirus packages know what to look for through the use of virus profiles (sometimes called "signatures") provided by the vendor.
New viruses are discovered daily. The effectiveness of antivirus software is dependent on having the latest virus profiles installed on your computer so that it can look for recently discovered viruses. It is important to keep these profiles up to date.
More information about viruses and antivirus software can be found on the CERT Computer Virus Resource page
http://www.cert.org/other_sources/viruses.html
New viruses are discovered daily. The effectiveness of antivirus software is dependent on having the latest virus profiles installed on your computer so that it can look for recently discovered viruses. It is important to keep these profiles up to date.
More information about viruses and antivirus software can be found on the CERT Computer Virus Resource page
http://www.cert.org/other_sources/viruses.html
What is NAT?
Network Address Translation (NAT) provides a way to hide the IP addresses of a private network from the Internet while still allowing computers on that network to access the Internet. NAT can be used in many different ways, but one method frequently used by home users is called "masquerading".
Using NAT masquerading, one or more devices on a LAN can be made to appear as a single IP address to the outside Internet. This allows for multiple computers in a home network to use a single cable modem or DSL connection without requiring the ISP to provide more than one IP address to the user. Using this method, the ISP-assigned IP address can be either static or dynamic. Most network firewalls support NAT masquerading.
Using NAT masquerading, one or more devices on a LAN can be made to appear as a single IP address to the outside Internet. This allows for multiple computers in a home network to use a single cable modem or DSL connection without requiring the ISP to provide more than one IP address to the user. Using this method, the ISP-assigned IP address can be either static or dynamic. Most network firewalls support NAT masquerading.
Wednesday, February 27, 2008
CAPTCHA! Gmail bot detector system cracked
The Gmail CAPTCHA has been cracked—albeit not easily—raising new concerns about spammers' ability to abuse Google's e-mail services. Websense Security Labs pointed out the security breach late last week, noting that spammers have a lot to gain by being able to use bots to automatically sign up for new accounts.
Google's free e-mail services and a highly-desirable gmail.com domain—one that is unlikely to be blacklisted by anybody's spam filters—are just two of the features that induced spammers to crack the CAPTCHA and have bots do all the work. On the upside, it apparently wasn't easy—Websense says that it required two bot hosts to crack instead of just the one that recently cracked Windows Live Mail's CAPTCHA (Websense believes that the same group was involved with both). It also believes that the two hosts are required because the first host may fail at cracking the code the first time around (and possibly time out), but the second host may also be required to check the work of the first. Additionally, only one in every five CAPTCHA-breaking requests on Gmail succeeded. Still, a 20 percent success rate is relatively high when you consider that spambots are trying to register hundreds (or thousands) of e-mail addresses at a time.
The CAPTCHA test—Completely Automated Public Turing test to tell Computers and Humans Apart—is one we're all familiar with. When signing up for new services, we are often asked to decipher a series of letters and numbers embedded in an image that is supposed to be difficult for computers to read. But, while the CAPTCHA has worked well in the past, hackers are getting better at programming computers with the ability to read them.
Read More
Google's free e-mail services and a highly-desirable gmail.com domain—one that is unlikely to be blacklisted by anybody's spam filters—are just two of the features that induced spammers to crack the CAPTCHA and have bots do all the work. On the upside, it apparently wasn't easy—Websense says that it required two bot hosts to crack instead of just the one that recently cracked Windows Live Mail's CAPTCHA (Websense believes that the same group was involved with both). It also believes that the two hosts are required because the first host may fail at cracking the code the first time around (and possibly time out), but the second host may also be required to check the work of the first. Additionally, only one in every five CAPTCHA-breaking requests on Gmail succeeded. Still, a 20 percent success rate is relatively high when you consider that spambots are trying to register hundreds (or thousands) of e-mail addresses at a time.
The CAPTCHA test—Completely Automated Public Turing test to tell Computers and Humans Apart—is one we're all familiar with. When signing up for new services, we are often asked to decipher a series of letters and numbers embedded in an image that is supposed to be difficult for computers to read. But, while the CAPTCHA has worked well in the past, hackers are getting better at programming computers with the ability to read them.
Read More
Tuesday, February 26, 2008
Securing Wireless Networks
How do wireless networks work?
As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area.
Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.
What security threats are associated with wireless networks?
Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.
What can you do to minimize the risks to your wireless network?
As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area.
Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.
What security threats are associated with wireless networks?
Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.
What can you do to minimize the risks to your wireless network?
Change default passwords - Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device (see Choosing and Protecting Passwords for more information).- Restrict access - Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.
- Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data .
- Protect your SSID - To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.
- Install a firewall - While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer
Subscribe to:
Posts (Atom)