With 40-bit
encryption, there are billions of possible keys. With 128-bit
encryption, there are 300 billion trillion times as many keys as with 40-bit
encryption security
AQ4U is an independent
associate of great companies on the web. When you click on their
banners you arrive on their servers. They work hard to maintain your trust
through secure commerce. They uses the best encryption and secure servers
to protect you against the loss, misuse and alteration of the information
they store so that credit card transactions are safely encrypted and personal
information is protected.
Internet security is one
of the hottest topics on the web today! All business owners who hope to
offer e-commerce on their web sites, must make sure their customer's information
is secure - from credit card numbers to personal data. With VeriSign's
Site Trust Services (security certificates), we allow you to offer your
customers the power to secure and e-commerce-enable their web site, allowing
them to offer the most trustworthy Web experience possible - critical for
their business success!
FREE "Securing Your Web Site" Guide
To
what degree can SSL security protect me?
SSL Secure
Sockets Layer uses authentication
and encryption technology developed by RSA Data Security Inc. For example,
Netscape Navigator's export implementation of SSL (U.S. government approved)
uses a medium-grade, 40-bit key size for the RC4 stream encryption algorithm.
The encryption established between you and a server remains valid over
multiple connections, yet the effort expended to defeat the encryption
of one message cannot be leveraged to defeat the next message.
Most browsers support 40-bit
SSL sessions, and the latest browsers, including Netscape Communicator
4.0, enable users to encrypt transactions in 128-bit sessions - trillions
of times stronger than 40-bit sessions.
With 40-bit encryption,
there are billions of possible keys to decipher the coded information,
and only one of them works. Someone intercepting the information would
have to find the right key - a nearly impossible task.
A
message encrypted with 40-bit RC4 takes on average 64 MIPS-years to break
(a 64-MIPS computer needs a year of dedicated processor time to
break the message's encryption).
The high-grade, 128-bit U.S.
domestic version provides protection exponentially more vast. The effort
required to break any given exchange of information is a formidable deterrent.
Server authentication uses RSA public key cryptography in conjunction with
ISO X.509 digital certificates.
With
128-bit encryption, there are 300 billion trillion times as many keys as
with 40-bit encryption.It is virtually impossible for an unauthorized
party to find the right key, even if they are equipped with the best
computers.
Ordering online Can Be One Of The Safest
Ways To Use Your Credit Card!
Placing orders using a
credit card over the Internet especially on forms which use a Secure
Server & Secure Forms, which encrypt all your personal and billing
information- is probably one of the safest ways you can use your credit
card. Why? Because using the Internet to order by credit card never
exposes your number through discarded credit card receipts or carbons copy,
your credit card never leaves your possession (like it does in restaurant
and hotels so you're in control of who has access to your credit card number),
and the transmission can't be picked up by monitors and scanners,
as it can with cordless and cellular phone calls.
See a movie to see why shopping
online is more safe. Amazing :)
The explosive growth of the Internet
has meant that thousands of people are today experiencing the joys of being
online for the first time. With growth there always comes pain. Be it your
growing pains as a child or the growth and development of this part of
our culture called the Internet.
Firstly we need to quickly explain
what the Internet is and where it came from. The Internet is the offspring
of a military project called Arpanet. Arpanet was designed to provide reliable
communication during global nuclear war. A vast network of interconnected
computers was set up all over the world to allow the various branches of
US and NATO forces to communicate with each other.
Nuclear war never came (thankfully)
and the world was left with a massive network of computers all connected
together with nothing to do. Colleges and universities started to use these
computers for sharing research internationally. From there it grew and
spread outside colleges to local homes and businesses. The World Wide Web
was born and its father was a guy called Tim Berners Lee.
When you're connected to the Internet
you're sharing a vast network with hundreds of millions of other users.
This shared network provides resources that 15 years ago were never thought
possible. Unfortunately when something is shared its open to abuse. On
the Internet this abuse comes from hackers and virus creators. Their sole
intent is to cause chaos and/or harm to your computer system and millions
of other computer systems all over the world.
How do you combat this? You need
an Internet security system. This might sound complicated but your Internet
security system will be quite straigtforward being comprised of just 2
- 3 Internet security products. We'll look at each of these products in
more detail now:
AntiVirus Software
The first and most critical element
of your Internet security system is antivirus software. If you don't have
up-to-date antivirus software on your PC you're asking for trouble. 300
new viruses appear each month and if you're not constantly protecting your
system against this threat your computer will become infected with at least
one virus - it's only a matter of time.
Antivirus software scans your PC
for signatures of a virus. A virus signature is the unique part of that
virus. It can be a a file name, how the virus behaves or the size of the
virus file itself. Good antivirus software will find viruses that haven't
yet infected your PC and eliminate the ones that have.
Antivirus software can only protect
your computer from viruses trying to infect it via email, CD-Rom, floppy
disk, Word documents or other types of computer files. Antivirus software
alone will not keep your computer 100% safe. You also need to use firewall
software.
Firewall Software
The use of firewall software by home
computer users is a relatively new occurence. All Internet connections
are a two way process. Data must be sent and received by your computer.
This data is sent through something called ports. These are not physical
things rather aspects of the way your computer communicates online.
Firewall software watches these ports
to make sure that only safe communication is happening between your computer
and other computers online. If it sees something dangerous happening it
blocks that port on your computer to make sure your computer stays safe
from the person who is trying to hack into your system.
An easier way to understand a firewall
would be to picture your computer as an apartment complex. At the front
door of this complex there is a security guard. Every person who enters
the complex must pass this security guard. If the security guard recognizes
the person entering as a resident he allows them to pass without saying
anything. If, however, the person entering the complex is unknown to him
then he will stop that person and ask for identification. If they have
no business being at the apartment complex he escorts them from the building.
If you are not currently using firewall
software your computer will get hacked into - that's a guarantee.
PopUp Blocker
You can get a good popup blocker
at no cost. An easy way to do this is to install either the Google or Yahoo
toolbar. Both of these come with popup blockers built in. Popups are not
necessarily dangerous but are a nuisance and using either of these toolbars
will make your life that bit easier.
A simple rule for practicing online
security is: "If in doubt then don't". If you don't recognize the file,
the email address, the website or if your gut feeling says "no" then don't
click that button. About The Author http://www.affiliate-advocate.com
is run by Niall Roche. The site offers reviews of affiliate marketing ebooks
and software as well as advice and tips for new and existing affiliate
marketers. Courtesy of
http://www.ArticleCity.com/
- -
Internet
Security Threats: Who Can Read Your Email? by: Mark Brooks
Before being able to choose a secure
Internet communication system, you need to understand the threats to your
security.
Since the beginning of the Internet
there has been a naive assumption on the part of most email users that
the only people who are reading their email are the people they are sending
it to. After all, with billions of emails and gigabytes of data moving
over the Internet every day, who would be able to find their single email
in such a flood of data?
Wake-up and smell the coffee! Our
entire economy is now information based, and the majority of that mission
critical information is now flowing through the Internet in some form,
from emails and email attachments, to corporate FTP transmissions and instant
messages.
Human beings, especially those strange
creatures with a criminal mind, look for every possible advantage in a
dog eat dog world, even if that advantage includes prying into other peoples'
mail or even assuming your identity. The privacy of your Internet communications
has now become the front line in a struggle for the soul of the Internet.
The New Generation Packet Sniffers:
At the beginning of 2001, most computer
security professionals began to become aware of an alarming new threat
to Internet security, the proliferation of cheap, easy to use packet sniffer
software. Anyone with this new software, a high school education, and network
access can easily eavesdrop on email messages and FTP transmissions.
Software packages such as Caspa 3.0
or PassDetect - Ace Password Sniffer automate the task of eavesdropping
to the point were if you send an email messages over the Internet with
the phrase "Credit Card", it's almost a certainty that someone, somewhere
will capture it, attachments and all.
(Caspa 3.0 - from ColaSoft Corporation,
located in Chengdu, China http://www.colasoft.com
,PassDetect - a product whose advertised purpose is to sniff passwords
sent in email, over HTTP, or over FTP from EffeTech Corporation, http://www.effetech.com
)
A good example of this new class
of software is called MSN Sniffer, also from Effetech, and it highlights
the "party line" openness of today's LAN and Internet environments. Just
like old telephone party lines, MSN sniffer lets you listen-in on other
people's conversations, just like picking up another phone on a party line.
On their web site, Effetech advertises
MSN Sniffer as:
"a handy network utility to capture
MSN chat on a network. It records MSN conversations automatically. All
intercepted messages can be saved as HTML files for later processing and
analyzing. It is very easy to make it to work. Just run the MSN Sniffer
on any computer on your network, and start to capture. It will record any
conversation from any PC on the network."
Just as the Internet has been flooded
by a deluge of spam messages after the introduction of cheap, easy-to-use
spam generation software, the same effect is now taking place with sniffer
software. The major difference is that, unlike spam, Internet eavesdropping
is totally invisible, and ten times as deadly. How much of the identity
theft being reported today is a direct result of Internet eavesdropping?
Its hard to tell, but with the every growing dependency by individuals
and corporations on Internet communications, opportunities to "capture"
your sensitive data abound.
Most FTP transmission are unencrypted!
As of November 2003, the majority
of corporate FTP transmissions are still unencrypted (unencrypted is geek
speak for "in the clear" ) and almost all email communications take place
"in the clear". Many email and FTP transmissions travel over 30 or more
"hops" to make its way from the sender and receiver. Each one of these
hops is a separate network, often owned by a different Internet Service
Provider (ISP).
Any Idiot in the Middle
Even a well run corporation must
still primarily rely on trusting its employees, contractors and suppliers
to respect the privacy of the data flowing over its networks. With the
new sniffer technology, all it takes is one "idiot in the middle", and
your security is compromised. It could be the admin assistant sitting in
the cubical next to you, or a network assistant working for one of the
many ISPs your data will travel over, but somewhere, someone is listening.
Maybe all he is looking for is his next stock trading idea, or maybe he
wants to take over your eBay account so he can sell a nonexistent laptop
to some unsuspecting "sucker" using your good name. its all happening right
now, at some of the most respected companies in the world.
Access to your network doesn't have
to come from a malicious or curious employee-many Internet worms, Trojans
and viruses are designed to open up security holes on a PC so that other
software can be installed. Once a hacker has access to one computer in
your network, or one computer on your ISP's network, he can then use a
sniffer to analyze all the traffic on the network.
So I'll password-protect my files,
right?
You're getting warmer, but this still
isn't going to do the trick. It's a good way to stop packet sniffers from
searching for key words in a file, but unfortunately it is not as secure
as you might think. If you ever forget a Zip, Word or Excel password, don't
worry, just download the password tool from Last Bit Software www.PasswordTools.com,
it works very well. There are many other packages out on the Internet but
Last Bit's tool is the most robust and easy to use, if a bit slower that
some others.
So what can I do about it?
OK, so now that you understand the
threat, what can you do about it?
Stop using the Internet? - More than
a few professionals are returning to phone calls and faxes for all their
important communications.
Complain to your IT department? -
If you have an IT department in your company this is a good place to start.
But did the spam mail stop when you complained about it to your LAN administrator?
Unfortunately he is almost as helpless as you are.
Encrypt your communications with
PKI, etc. - For email this is a bit drastic, and can be very expensive,
especially since you will need to install a key on each PC and coordinate
this with the receivers of your email messages, your IT organization, etc.
Use FileCourier - This is by far
the easiest and most cost effective way to protect your email attachments,
or replace FTP transmissions. It takes out the "idiot in the middle" with
a very clever solution.
The FileCourier approach to Security
I believe that FileCourier is the
easiest out-of-the box secure communication system available.
FileCourier approaches Internet data
transfer security in a unique way. Until FileCourier was first released
in December of 2002, all secure email and file transmission systems relied
on encrypting the data during the tried and true method of "upload, store,
and forward". When you send an email, it and any documents attached to
it are first transmitted to one or more intermediate servers. These mail
server store the documents and then attempt to forward it to the receivers
email server. To secure the transmission of the email requires either the
servers to use extra encryption software technology, or forces the individual
sender and receivers to install encryption software and their associated
keys, or both. Not only is this a costly and time consuming exercise but
it also often fails to protect the data over the complete path of the transmission.
What do you do if the receiver is in another company and doesn't have any
encryption software installed? What if his company is using a difference
encryption standard? Ignoring the complexity of existing secure email and
FTP systems their biggest failings continue to be the "idiot in the middle".
From a nosey email or FTP server administrator, to a hungry co-worker,
to an incompetent who lets a hacker have free reign of their server, if
your sensitive documents are stored on a server maintained by someone else
then that person, or his company, can view your documents.
The FileCourier approach is creative,
yet simple. FileCourier utilizes existing email and instant messaging systems
in the same way you use an envelope to send a letter thru the US postal
service, as a wrapper for the real content. We assume that EVERYONE can
read what is in the email, so we don't send your documents in the email
at all. In fact your documents never leave your PC, until the receiver
of the email requests it.
How it works:
FileCourier lets you ticket the file
you want to email, and then instead of sending the file in the email, sends
a "FileTicket" instead. The file is only transmitted to the receiver of
the email when he opens the FileTicket and is "authenticated". After the
receiver is authenticated the file is transmitted through an SSL (secure
socket layer) tunnel directly from the sender's PC to the receiver's PC
through our secure relay servers. SSL is the same security used by banks
and is impossible for packet sniffers to penetrate. With FileCourier each
packet is encrypted using a 1024 bit key and is delivered to your receiver
through his browser. FileCourier lets your communications go un-detected
by any sniffer, and removes the "idiot in the middle" threat by never storing
the data on an intermediate server. More over, FileCourier is the easiest
way to secure your sensitive data transmission in both an Internet and
corporate LAN environment.
Take Action Now!
Internet communications security
is one of the most important privacy issues we face today. It might feel
a bit paranoid for a law-abiding citizen to encrypt his email communications
and computer document transmissions, but would you send a customers contract
thru normal mail without an envelope? How would you feel if your employer
sent your next pay stub to you on the back of a postcard? Use FileCourier,
just like you would use a envelope for regular mail. Download the no obligation
free trial today at www.filecourier.com and send 50MB of data securely
for free!
About The Author Mark Brooks is a software architect,
internet entrepreneur and founder of CanDo Networks Corporation. CanDo
Networks Corporation makes easy-to-use software for communicating large
amounts of data securely and privately over the Internet. Its flagship
product, FileCourier (www.filecourier.com),
is used by thousands of legal, medical, and computer professionals to securely
deliver files over the internet, to anyone, anywhere
mark@candonet.com Courtesy of http://www.ArticleCity.com/
The
security risks and ways to decrease vulnerabilities in a 802.11b wireless
environment by: Richard Johnson
Introduction
This document explains topics relating
to wireless networks. The main topics discussed include, what type of vulnerabilities
exist today in 802.11 networks and ways that you can help prevent these
vulnerabilities from happening. Wireless networks have not been around
for many years. Federal Express has been using a type of wireless networks,
common to the 802.11 networks used today, but the general public has recently
just started to use wireless networking technology. Because of weak security
that exists in wireless networks, companies such as Best Buy have decided
to postpone the roll-out of wireless technology. The United States Government
has done likewise and is suspending the use of wireless until a more universal,
secure solution is available.
Background
What is Wireless?
Wireless LANs or Wi-Fi is a technology
used to connect computers and devices together. Wireless LANs give persons
more mobility and flexibility by allowing workers to stay connected to
the Internet and to the network as they roam from one coverage area to
another. This increases efficiency by allowing data to be entered and accessed
on site.
Besides being very simple to install,
WLANs are easy to understand and use. With few exceptions, everything to
do with wired LANs applies to wireless LANs. They function like, and are
commonly connected to, wired Ethernet networks.
The Wireless Ethernet Compatibility
Alliance [WECA] is the industry organization that certifies 802.11 products
that are deemed to meet a base standard of interoperability. The first
family of products to be certified by WECA is that based on the 802.11b
standard. This set of products is what we will be studying. Also more standards
exist such as 802.11a and 802.11g.
The original 802.11 standard was
published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz,
using either FHSS or DSSS. Since that time many task groups have been formed
to create supplements and enhancements to the original 802.11 standard.
The 802.11b TG created a supplement
to the original 802.11 standard, called 802.11b, which has become the industry
standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps
at 2.4 Ghz. 802.11b will eventually be replaced by standards which have
better QoS features, and better security.
Network Topology
There are two main topologies in
wireless networks which can be configured:
Peer-to-peer (ad hoc mode) – This
configuration is identical to its wired counterpart, except without the
wires. Two or more devices can talk to each other without an AP.
Client/Server (infrastructure networking)
– This configuration is identical to its wired counterpart, except without
the wires. This is the most common wireless network used today, and what
most of the concepts in this paper apply to.
Benefits of Wireless LANs
WLANs can be used to replace wired LANs,
or as an extension of a wired infrastructure. It costs far less to deploy
a wireless LAN than to deploy a wired one. A major cost of installing and
modifying a wired network is the expense to run network and power cables,
all in accordance with local building codes. Example of additional applications
where the decision to deploy WLANs include:
Additions or moves of computers.
Installation of temporary networks
Installation of hard-to-wire locations
Wireless LANs give you more mobility
and flexibility by allowing you to stay connected to the Internet and to
the network as you roam.
Cons of Wireless LANs
Wireless LANs are a relatively new
technology which has only been around since 1999. With any new technology,
standards are always improving, but in the beginning are unreliable and
insecure. Wired networks send traffic over a dedicated line that is physically
private; WLANs send their traffic over shared space, airwaves. This introduces
interference from other traffic and the need for additional security. Besides
interference from other wireless LAN devices, the 2.4 GHz is also used
by cordless phones and microwaves.
Security Issues of WLANs
War-driving
War-driving is a process in which
an individual uses a wireless device such as a laptop or PDA to drive around
looking for wireless networks. Some people do this as a hobby and map out
different wireless networks which they find. Other people, who can be considered
hackers, will look for wireless networks and then break into the networks.
If a wireless is not secure, it can be fairly easy to break into the network
and obtain confidential information. Even with security, hackers can break
the security and hack. One of the most prevalent tools used on PDAs and
Microsoft windows devices is, Network Stumbler, which can be downloaded
at http://www.netstumbler.com.
Equipped with the software and device, a person can map out wireless access
points if a GPS unit is attached. Adding an antenna to the wireless card
increases the capabilities of Wi-Fi. More information can be found at:
http://www.wardriving.info
and http://www.wardriving.com
to name a few.
War-chalking
War-chalking is a method of marking
wireless networks by using chalk most commonly. War-driving is usually
the method used to search for networks, and then the person will mark the
network with chalk that gives information about the network. Some of the
information would include, what the network name is, whether the network
has security, and possibly the contact information of who owns the network.
If your wireless network is War-chalked and you don't realize it, your
network can be used and/or broken into faster, because of information shown
about your network.
Eavesdropping & Espionage
Because wireless communication is
broadcast over radio waves, eavesdroppers who just listen over the airwaves
can easily pick up unencrypted messages. These intruders put businesses
at risk of exposing sensitive information to corporate espionage. Wireless
LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright
2002
Internal Vulnerabilities
Within an organization network security
can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure
Network Configuration, and Accidental Associations to name a few.
Rouge Access Points – An employee
of an organization might hook up an access point without the permission
or even knowledge of IT. This is simple to do, all a person has to do is
plug an Access point or wireless router into an existing live LAN jack
and they are on the network. One statistic in 2001 by Gartner said that,
“at least 20 percent of enterprises already have rouge access points.”
Another type of attack would be if, someone from outside the organization,
enters into the workplace and adds an Access Point by means of Social Engineering.
Insecure Network Configurations-
Many companies think that if they are using a firewall or a technology
such as VPN, they are automatically secure. This is not necessarily true
because all security holes, big and small, can be exploited. Also if devices
and technologies, such as VPNs, firewalls or routers, are mis-configured,
the network can be compromised.
Accidental Associations – This can
happen if a wireless network is setup using the same SSID as your network
and within range of your wireless device. You may accidentally associate
with their network without your knowledge. Connecting to another wireless
LAN can divulge passwords or sensitive document to anyone on the neighboring
network. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net
Copyright 2002
Social Engineering – Social Engineering
is one of the most effective and scariest types of attacks that can be
done. This type of attack really scares me and can be done for many other
purposes besides compromising security in wireless networks. A scenario:
Someone dressed up as a support person from Cisco enters the workplace.
The secretary sees his fake credentials and lets him get pass the front
desk. The impersonator walks from cubicle to cubicle, collecting user names
and passwords as he/she goes. After finding a hidden corner, which seems
to be lightly traveled, he plugs an insecure Access Point into the network.
At the same time he configures the Access Point to not broadcast its SSID
and modifies a few other settings to make it hard for the IT department
to find this Rouge Access Point. He then leaves without ever being questioned
by anyone because it looks like he just fits in. Now, all he has to do
is be within 300 feet from the access point, (more if he added an antenna),
and now has access to all kinds of secure documents and data. This can
be a devastating blow to any corporation and could eventually lead to bankruptcy
if the secrets of the company were revealed to competitors.
Bruce Schneier came to my classroom
and said the following about Social Engineering, “Someone is just trying
to do their job, and be nice. Someone takes advantage of that by targeting
this human nature. Social Engineering is unsolvable.”
Securing Wireless Networks
According to Bruce Schneier and others
such as Kevin Mitnick, you can never have a totally secure computing environment.
What is often suggested is to try and control the damage which can be done
if security is breached. One can try many different tools on the market
which can help prevent security breaches.
WEP – WEP supports both 64 and 128-bit
keys. Both are vulnerable, however, because the initialization vector is
only 24-bits long in each case. Its RC4 algorithm, which is used securely
in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml
Wireless Insecurities By Dale Gardner. Different tools exist to break WEP
keys, including AirSnort, which can be found at www.airsnort.net. Although
this method is not a secure solution, it can be used to help slowdown an
attacker if other means are not possible financially or otherwise.
VPN and IPSec- IPSec VPNs let companies
connect remote offices or wireless connections using the public Internet
rather than expensive leased lines or a managed data service. Encryption
and authentication systems protect the data as it crosses the public network,
so companies don't have to sacrifice data privacy and integrity for lower
costs. A lot of VPN's exist on the market today. An important note about
VPNs is, interoperability does not really exist, and whatever you use for
your server has to be the same brand as your clients most of the time.
Some VPNs include:
Borderware
BroadConnex Networks
CheckPoint
Cisco
Computer Associates
DMZ – Adding this to your network enables
you to put your wireless network on an untrusted segment of your network.
Firewalls – Firewalls are all over
the place. Firewalls range from hardware to software versions. By adding
a firewall between the wireless network and wired network helps prevent
hackers from accessing your wired network. This paper doesn't go into specifics
about different firewalls and how to set them up, but there are many. Some
of the firewalls include:
ZoneAlarm (an inexpensive based software
firewall) Zonelabs.com
Symantec has many different firewalls
depending what you require.
PKI - Public-key infrastructure (PKI)
is the combination of software, encryption technologies, and services that
enables enterprises to protect the security of their communications and
business transactions on the Internet. What is PKI?
Site Surveys – Site Surveys involve
using a software package and a wireless device to probe your network for
Access Points and security risks.
Proactive Approaches
Since wireless technology is insecure,
companies or anyone can take a proactive approach to try and identify hackers
trying to gain access via wireless networks.
Honeypots – are fake networks setup
to try and lure in hackers. This enables administrators to find out more
about what type of techniques hackers are using to gain access. One product
is Mantrap created by Symantec.
“ManTrap has the unique ability to
detect both host- and network-based attacks, providing hybrid detection
in a single solution. No matter how an internal or external attacker tries
to compromise the system, Symantec ManTrap's decoy sensors will deliver
holistic detection and response and provide detailed information through
its system of data collection modules.”
Intrusion Detection – Intrusion Detection
is software that monitors traffic on the network. It sounds out a warning
if a hacker it trying to access the network. One such free product is Snort.
“Before we proceed, there are a few
basic concepts you should understand about Snort. There are three main
modes in which Snort can be configured: sniffer, packet logger, and network
intrusion detection system. Sniffer mode simply reads the packets off of
the network and displays them for you in a continuous stream on the console.
Packet logger mode logs the packets to the disk. Network intrusion detection
mode is the most complex and configurable configuration, allowing Snort
to analyze network traffic for matches against a user defined rule set
and perform several actions based upon what it sees.” http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1
Network Monitoring- Network Monitoring
would be products such as snort that monitor the flow of traffic over the
network.
Quick tips and tricks
When setting up wireless networks and
access points there are a few quick steps that can be taken to immediately
secure the network, even though it does not make it secure. Some of these
ways include:
Change your default SSID: each router
or access point comes with a default SSID. By changing this it can take
longer for an attacker to know what type of device he is trying to hack.
Change the default password – generic
default passwords are assigned to access points and routers. Sometimes
the password is admin. By changing this password, the attacker cannot modify
settings on your router as easily.
Disable broadcasting SSID: By default
AP's broadcast their SSIDs, if you shutoff this setting it is harder for
outsiders to find your AP.
Enable MAC filtering: WARNING: this
can only work in smaller environments where a centralized access list does
not need to be maintained. You can enable only specific wireless cards
to access the AP by only enabling those MAC addresses.
Turn off shares: If security is important,
scanning for shares and turning off the shares on the network can help.
Also encrypting sensitive data can prevent hackers from accessing the data.
Put your wireless access points in a
hard to find and reach spot.
Keep your drivers on all wireless equipment
updated. This helps patch existing security vulnerabilities.
Read current press releases about
emerging wireless news.
