Intro to Wireless Security

Change the System ID: Devices come with a default system ID called the SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier). It is easy for a hacker to find out what the default identifier is for each manufacturer of wireless equipment so you need to change this to something else. Use something unique- not your name or something easily guessed. Disable Identifier Broadcasting: Announcing that you have a wireless connection to the world is an invitation for hackers. You already know you have one so you don’t need to broadcast it. Check the manual for your hardware and figure out how to disable broadcasting. Enable Encryption: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) encrypt your data so that only the intended recipient is supposed to be able to read it. WEP has many holes and is easily cracked. 128-bit keys impact performance slightly without a significant increase in security so 40-bit (or 64-bit on some equipment) encryption is just as well. As with all security measures there are ways around it, but by using encryption you will keep the casual hackers out of your systems. If possible, you should use WPA encryption (most older equipment can be upgraded to be WPA compatible). WPA fixes the security flaws in WEP but it is still subject to DOS (denial-of-service) attacks. Restrict Unnecessary Traffic: Many wired and wireless routers have built-in firewalls. They are not the most technically advanced firewalls, but they help create one more line of defense. Read the manual for your hardware and learn how to configure your router to only allow incoming or outgoing traffic that you have approved. Change the Default Administrator Password: This is just good practice for ALL hardware and software. The default passwords are easily obtained and because so many people don’t bother to take the simple step of changing them they are usually what hackers try first. Make sure you change the default password on your wireless router / access point to something that is not easily guessed like your last name. Patch and Protect Your PC’s: As a last line of defense you should have personal firewall software such as Zone Alarm Pro and anti-virus software installed on your computer. As important as installing the anti-virus software, you must keep it up to date. New viruses are discovered daily and anti-virus software vendors generally release updates at least once a week. You also must keep up to date with patches for known security vulnerabilities. For Microsoft operating systems you can use Windows Update to try and help keep you current with patches. if(zSbL

View the original article here

Hide Your Wireless Network

High-speed broadband connections don't just grow on trees. We all like getting our money's worth when it comes to our Internet connection so we often extend its reach by adding a wireless router or a wireless access point. Once we start broadcasting wireless access, our signal can potentially be picked up outside of our home by our neighbors. If we haven't secured our connection then they might be able to connect and use our Internet access.

Enter: The Wireless Internet Leech. These people live right around you or might just be passing thru so they can do a "drive-by-leeching". They have no problem connecting to your wireless network and killing your bandwidth while you pay the bill. They don't think twice about connecting to any open wireless access point they happen to find.

There are websites devoted to finding open wireless access points. Some leeches even spray graffiti or use chalk near an open wireless access point to mark or Warchalk the site so others will know where they can get free wireless access. Warchalkers use codes and symbols to indicate the SSID name, bandwidth available, encryption used, etc.

How do you prevent your neighbors and others from leeching off of your wireless internet connection?

1. Turn on WPA2 encryption on your wireless router

If you haven't already done so, consult your wireless router's manual and enable WPA2 encryption on your wireless router. You may already have encryption turned on, but you may be using the outdated and vulnerable WEP encryption. WEP is easily hacked by even the most novice hacker in less than a minute or two by using free tools found on the Internet. Turn on WPA2 encryption and set a strong password for your network.

2. Change your wireless network's name (SSID)

Your SSID is the name that you give your wireless network. You should always change this name from its manufacturer set default which is usually the brand name of the router (i.e. Linksys, Netgear, D-link, etc). Changing the name helps to prevent hackers and leeches from finding specific vulnerabilities associated with your brand of router. If hackers know the brand name, then they could find an exploit to use against it (if one exists). The brand name also helps them determine what the default admin password for the router might be (if you haven't changed it).

Make the SSID something random and try to make it as long as you are comfortable with. The longer the SSID the better as it helps prevent hackers from using Rainbow Table-based attacks to try and crack your wireless encryption.

3. Turn off the "allow admin via wireless" feature of your wireless router

As an extra precaution against hackers, turn off the "allow admin via wireless" feature on your router. This will help to prevent a wireless hacker from gaining control of your wireless router. Turning this feature off tells your router to only permit router administration from a computer that is directly connected via an Ethernet cable. This means that they would pretty much have to be in your house in order to access the admin console of your router.

Your neighbors will likely be a little mad at you for turning off their free Internet gravy train. They may sneer at you and let their dog use the bathroom in your yard from now on. At least now that they are no longer getting a free ride, maybe you will have enough bandwidth to stream an HD movie without it stuttering and getting all "blocky" for a change.

View the original article here

Rogue Wireless Clients

You pay a pretty penny for that super fast internet connection, but you aren't seeing anywhere close to the speeds promised by your Internet service provider. It could be any number of problems. One thing that will suck the life out of your bandwidth are wireless freeloaders. They will hop on to any wireless network connection they can find and use your bandwidth to their heart's content.

How can you tell if someone is connected to your wireless network without your permission?

1. Log on to the administrative interface on your wireless router / wireless access point

In order to view the current active wireless connections using your wireless access point you will need to log in to the administrative console of your wireless router. Check your router manufacturer's user guide for detailed instructions.

2. Click on the wireless configuration / status page from your router's admin console

While all routers are different, usually the list of active wireless clients is provided on either the 'wireless configuration' page or the 'wireless status' page on most wireless routers. Look for a list of wireless clients.

You should see a table with two columns. One column will show the Media Access Control (MAC) address which is a unique identifier assigned to the network interface of whatever device is connected to your network. The other column should contain the IP addresses that were assigned to the devices by your router.

If you have DHCP enabled on your router then your router will automatically assign an IP address to any client that is authenticated (whether they hacked their way in or not). Only after the router gives the client an IP is the client able to connect to resources on your network and reach the internet.

3. Count your wireless devices

Do you only have a laptop and a smartphone that use your wireless access point yet you see 20 different clients listed in the wireless clients table? If the numbers aren't adding up, then you may have some rogue wireless clients or you may just have some devices that you forgot had wireless connections such as your XBOX or your Wi-Fi enabled camcorder.

4. Look up the MAC addresses of any suspicious devices to see what they are

So you've counted up all your wireless devices and there are two more than you think you are supposed to have. It's time to lookup the MAC addresses to see who made the device so you can learn what it might be. Visit a MAC Vendor lookup site such as MACVendorLookup.com and enter the MAC address of the suspicious device. The site will tell you who the manufacturer of the device-in-question is. If it says "Dell Inc." and you don't own any Dell computers then, chances are, someone is hijacking your connection and freeloading off your Wi-Fi.

5. Lock out the wireless freeloaders

If someone is using your wireless network without your permission then one of two things has happened, you've either turned off security completely and are allowing anyone to connect to your access point or someone has cracked your wireless encryption or cracked / guessed your wireless password.

The best way to get rid of unauthorized wireless users is to first ensure that you are using the latest wireless encryption mechanism (currently WPA2). Once you are using the latest and greatest security then you should change your wireless network's name to something other than the default because hackers have tools that make cracking the password of a known network name a fairly simple task.

After you've chosen a good network name that is not on the list of the Top 1000 Most Common SSIDs then you should create a strong wireless network password (also known as a Pre Shared Key). Performing these steps should get rid of all the freeloaders who are using your network.

Don't forget that you'll have to give out your new wireless network name and password to all your legitimate / authorized users so they can rejoin your network after you've purged all the leeches.

View the original article here

Wireless Security FAQ Complex

The wireless router has becoming such as common household appliance that most people forget its even there. These devices have become so easy to setup that many of us don't bother to even change the default settings or configure the wireless security features.

Leaving your wireless router unsecured can not only leave your network open to attack, it can also subject your network to leeching neighbors who will eat away the precious bandwidth that you pay your hard earned money for.

Securing your Wireless Router can be tricky. Here are some frequently asked questions and answers to help you choose and lock down a wireless router or access point:

1. Is my Wireless Network Safe if my Wireless Router has WEP Security Turned on?

Answer: No. While Wired Equivalent Privacy (WEP) was an excellent wireless encryption standard a few years ago, it does not provide the same level of protection as newer standards such as Wi-Fi Protected Access (WPA). WEP has been cracked and can be easily circumvented by hackers using tools that are freely available on the Internet.

2. What Security Features Should I Look for When Buying a Wireless Router?

Answer: Make sure any wireless router or access point you buy supports the latest wireless encryption standards such as WPA/WPA2. Other features to look for include: Built-in firewall Media Access Control (MAC) address filtering capability Remote administration lockout feature The ability to disable Service Set Identifier (SSID) broadcasting Access time limit control Parental control Restricted “guest” network zoning 3. How do I keep Neighbors From Leeching off of my Wireless Internet Connection?

Answer: The best way to keep people from freeloading off of your wireless connection is to: Enable WPA2 encryption on your wireless router or access point and set a strong password that is not easily guessed Change the SSID (wireless network name) to something other than the default value set by the manufacturer Turn off the “Broadcast SSID” feature of your router or access point so that only those who know what the network’s name is can access it 4. How Can I Keep my Kids From Using Wi-Fi on Their iPod/DS to Access the Internet?

Answer: Kids will be kids. They are very tech-savvy and will do everything they can to circumvent any security barriers you put up. Here are a few actions you can take to make it as difficult as possible for them: Use WPA2 encryption on your router with a strong password and don’t give them the password Change your wireless router’s default administration password Disable your wireless router’s remote administration feature Locate the wireless router in your bedroom or a locked closet to prevent them from pressing the factory settings reset button Enable the parental control features of their game device or iPod Enable MAC address filtering on your wireless router and exclude the MAC address of their device(s) from those allowed access Enable the access time restrictions feature of your wireless router and limit Internet access to daytime hours only 5. Is it legal to use my neighbor’s wireless hotspot if he left it unsecured?

Answer: Is it legal for you to go in your neighbor’s house if he left the door unlocked? No, it is not legal. The same applies to his wireless access point.

View the original article here

Top 100 Security Tools

In 2000, Fyodor, creator of the NMap Scanner, conducted a survey of the readers of the nmap-hackers mailing list and compiled the Top 50 Security Tools.

Three years later, Fyodor again conducted the survey, and expanded the list to include the Top 75 Security Tools. Another three years have gone by and another survey has been done. With 3,243 readers responding, Fyodor has compiled the Top 100 Security Tools from his 2006 survey and they are now posted on the Insecure.org web site.

There are a total of 42 new tools on the list. That means that 42 out of 100 tools on the Top 100 Security Tools list did not appear on the 2003 Top 75. Thirteen of the new tools even made the top 50. Had the list been maintained at the Top 75, the length of the list in 2003, 27 of the tools (almost half) would be new to the list.

For the complete, detailed listing of all 100 tools, complete with links to download them, you should visit the Top 100 Security Tools listing on Insecure.org. I will summarize here the top 10, as well as providing a list of the new tools on the list. Nessus (vulnerability scanners) Wireshark (packet sniffers- previously known as Ethereal) Snort (IDS - intrusion detection system) Netcat (Netcat) Metasploit Framework (vulnerability exploitation tools) HPing2 (packet crafting tools) Kismet (wireless tools or packet sniffers) TCPDump {packet sniffers) Cain and Abel (password crackers or packet sniffers) John The Ripper (password crackers) Metasploit Framework Paros Proxy Aircrack Sysinternals Scapy BackTrack P0f Google WebScarab WebInspect Core Impact IDA Pro Rainbow Crack AngryIP Scanner RKHunter Ike-scan KisMAC OSSEC HIDS Tor Knoppix chrootkit Yersinia Nagios X-scan Socat QualysGuard ClamAV BurpSuite Unicornscan BASE Argus Wikto SGuil IP Filter Canvas VMware OpenVPN OllyDbg Helix Acunetix Web Vulnerability Scanner TrueCrypt Watchfire AppScan

View the original article here

Protected Mode

With Windows Vista, Microsoft includes the latest version of Internet Explorer, IE7. However, on Windows Vista IE7 has some new security options which help make surfing the Web even safer, namely Protected Mode.

Protected Mode is a security measure which relies on Windows Vista's new WIC (Windows Integrity Control) security to control how objects interact with each other. By default, when Protected Mode is enabled, every process and file associated with Internet Explorer is assigned a Low integrity level.

By comparison, standard users are granted a Medium integrity level and any object (file, process, etc.) that is not specifically granted a different integrity level is considered Medium by default. WIC will not let an object act on, or interact with an object of a higher integrity level than itself, so malicious processes and files from the Internet that try to infect or compromise the computer system will be rejected. Low can not overwrite or interact with Medium, so Internet Explorer loses.

There are, of course, instances where you want or need a web site to write to or work with your system. When you encounter a site like this, you might be inclined to just disable Protected Mode, even just for a little while. This is not advisable however because it leaves your whole system wide open to attack.

Like previous versions of Internet Explorer, IE7 has Security Zones which you can use to segregate web sites into different levels of trust. If you need certain processes or applets to work on a specific site and they won't work in Protected Mode, rather than turning off Protected Mode you should add the site in question to the Trusted zone, which has Protected Mode disabled by default.

View the original article here

Free Vulnerability Scanners

Nessus
The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. For more details you can see the Profile: Nessus Vulnerability Scanner or the article Nessus Vulnerability Scanner: Missing Bells & Whistles?

MBSA (Microsoft Baseline Security Analyzer)
In response to the avalanche of criticism Microsoft has received regarding the security of their products, Microsoft created a free tool to analyze your security configuration. Read a review of this free tool. For more details about this tool you can see Product Review: Microsoft Baseline Security Analyzer.

HFNetChk
HFNetChk is a command-line tool that enables an administrator to check the patch status of all the machines in a network from a central location.

GFi LANguard Network Security Scanner
GFI LANguard S.E.L.M. archives and analyses the event logs of all network machines and alerts you in real time to security issues, attacks and other critical events.

Tripwire
Tripwire software is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc.

NeWT
This easy-to-use windows network vulnerability scanner installs on any Windows 2000 or Windows XP computer. Multiple scanners can be managed by the Lightning Console. "NeWT" can scan any system on a local Class C network while "NeWT Pro" can be used to scan any host. "NeWT" is available as a complimentary download to the public while "NeWT Pro" is a commercially supported product from Tenable.

View the original article here