Thursday, April 30, 2009

Wireless Network Security

10 Tips for Wireless Home Network Security

Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The recommendations below summarize the steps you should take to improve the security of your home wireless network.

1. Change Default Administrator Passwords (and Usernames)

At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

2. Turn on (Compatible) WPA / WEP Encryption

All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.

3. Change the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.

4. Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.

5. Disable SSID Broadcast

In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

6. Do Not Auto-Connect to Open Wi-Fi Networks

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.

7. Assign Static IP Addresses to Devices

Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

8. Enable Firewalls On Each Computer and the Router

Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.

9. Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.

10. Turn Off the Network During Extended Periods of Non-Use

The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.

If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.
 Read More...

Posted by qiendesign at 9:28 PM 0 comments  

Labels: ,

about mailbomb

E-mail Bomb - In Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack.

Methods of email bombing
There are two methods of perpetrating an e-mail bomb
1. mass mailing
2. list linking


Mass mailing
Mass mailing consists of sending numerous duplicate mails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters.

Email-bombing using mass mailing is also commonly performed as a DDoS attack by employing the use of "zombie" botnets; hierarchical networks of computers compromised by malware and under the attacker's control.

Similar to their use in spamming, the attacker instructs the botnet to send out millions or even billions of e-mails, but unlike normal botnet spamming, the e-mails are all addressed to only one or a few addresses the attacker wishes to flood.
This form of email bombing is similar in purpose to other DDoS flooding attacks.
As the targets are frequently the dedicated hosts handling website and e-mail accounts of a business, this type of attack can be just as devastating to both services of the host.

This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each zombie computer sending a different message or employing stealth techniques to defeat spam filters.

List linking

List linking means signing a particular email address up to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. In order to prevent this type of bombing, most email subscription services send a confirmation email to a person's inbox when that email is used to register for a subscription. Read More...

Posted by qiendesign at 9:18 PM 0 comments  

Labels:

SPAM

Some tips about SPAM for yahoo mail.

Do not make yourself an easy target for spam.

Spam can be very dizzy head. But with protection against spam from Yahoo! Mail (and a little common sense), you can keep your email box remains free from the garbage with the email. Here are some tips to remember:

Protect your email address
Treat your email address as well as your phone number - something that does not give you offhand. Do not publish in a public place such as a message board or chat room. If you must provide your email address, use AddressGuard Yahoo! Mail (available for Yahoo Mail) to make addresses.

Do not open or respond to messages that are not desired
With that you open the email as spam, by accident you can inform the sender that your email address is active. Spammers often hide things in the message to verify that someone is open, and then sell the addresses to others. And also, please do not forward the spam chain to others.

Never click on links in spam messages
By clicking the link in the body of messages sent by spammers, you verify that your address is active. You also take the risk out of yourself on the phishing scams that are used by people who can not be trusted.
 Read More...

Posted by qiendesign at 9:10 PM 0 comments  

Labels: ,

Worm

Worms are computer applications that can reproduce itself. Worm uses network to send a copy to other nodes (computer terminals in the network) and can do so without user intervention at all. Unlike a virus, worm does not need to smuggle himself there is no application. Worm almost be cause damage to the network, although only the bandwidth that is, where the virus almost always destroy or alter files on the target computer.

Name and history

Naming worm comes from The Shockwave Rider ', a science fiction novel published in 1975 by John Brunner. Researchers John F Shock and Jon A Hupp of wilhen PARC chose the name in the paper published in 1982; The Worm Programs, Comm ACM, 25 (3) :172-180, 1982), and then used widely.

Implementation of the worm was first applied by two researchers at Zerox PARC in 1978. Shoch and Hupp make worm to identify a processor idle (does not work) on the network and give the task in the processor, the load share the execution process, increasing the 'CPU cycle use efficiency' in the network. Worm has a limitation that programed therein, so that will not spread to the wider are of the specified.


Payload

Many worms have only made the distribution function, and does not try to change the system passed. However, since the Morris Worm and Mydoom appears, network traffic and unwanted effects can cause other serious. A 'payload' is the term used to mention the code carried by the worm and are designed to damage the system that passed - the code that may remove the file system (eksample ExploreZip worms), do the encryption in cryptoviral extortion attack, or send documents via email. Payload that is commonly used is code which inserted the worm to install a 'backdoor' on a computer that makes the infected that computer can be a 'zombie' and freely accessible by the worm - Sobig and Mydoom worm is an example of creating a zombie computer. Network computer of zombie botnet and is also often used by spammers to send junk email or hide the address of their website. Therefore, spammers often suspected as a fund of worm, and not infrequently worm maker also sell list of the infected computer's IP. Others are trying to get money from companies with the threat of DoS attacks (Denial of Service).

Backdoor can also be exploited by other malware, including worms. For example is Doomjuice, which spread through the backdoor opened by Mydoom, and at least one malware used rootkit and backdoor installed by the application of DRM owned Sony / BMG who have their music on CD until the end of 2005.

Worm with the good goal

Starting from the first research on the worm at Xerox PARC laboratory, have shown some effort to create useful worms. Nachi worm variants as an example, try to download and install a patch from the Microsoft website to fix the weaknesses in the system that place the host - with a weakness to exploit enter to the system, and then fix the patch. In practice, although this step has been made not dangerous, but this worm using the network traffic, making a re-boot machine at the time of patching, and work without users knowing.

The majority of security experts assume worms as malware, regardless of payload, or the destination.

Prevention

Worm spreads to exploit operating system weaknesses. All vendors trying to provide security updates regularly, and if a patch / update is installed on a machine, then the tendency of the spread of worms on this machine can denied. If the vendor knows the weakness in the system and not removing the update, not possible 'zero day exploit' (exploit on the same day the vendor announced a weakness (bug)). But that's rare.

Users need to be careful when opening e-mail that is not known, and it is recommended not to run a file or program that is sent as an attachment, or visiting web pages that are included in the mail. But, since the case iloveyou work, and increased growth and efficiency of phishing attacks, is still quite likely to deceive user also increased.

Application of anti-virus and anti-spyware is quite useful for dispel worm attacks, but should always be updated with the pattern of virus / worm new one every few days. Use a firewall is also recommended. Based on the experience of the author, the firewall is quite useful 'fortify' computer worm attack close to the worm or reject the intrusion. Read More...

Posted by qiendesign at 8:36 PM 0 comments  

Labels:

Secure Socket Layer

SSL is one of the methods of encryption in data communication made by the Netscape Communication Corporation. As described in the SSL Protocol, Internet Draft (The SSL Protocol, Version 3.0 by ALAN PAUL O. Freier, and C. KOCHER, you can open in http://home.netscape.com/eng/ssl3/ssl-toc.html.

SSL is a protocol layer. In each layer, data consists of a long description and content. SSL is sent to retrieve the data, solved into blocks that regularly, then compressed, if necessary, apply the MAC, encrypted, and the results are sent. At the destination, the data encrypted, verification, compressed, and ordered back. The results are sent to the client on top of it. (free translation).

SSL encrypted only data that is sent via http. How SSL can be described as running the following:

  • When the connection starts running, the client and server to create and exchange a secret key, used to encrypt the data to be communicated. Although the session between the client and server diintip other parties, but the data looks difficult to read because it is encrypted.
  • SSL support public key cryptography, so the server can perform the authentication method that is known as RSA public and Digital Signature Standard (DSS).
  • SSL can verify the integrity of the session is running by using the digest algorithm such as MD5 and SHA. This is a session avoid piracy.

Read More...

Posted by qiendesign at 7:36 PM 0 comments  

Labels:

Tuesday, April 28, 2009

Firewall

A firewall is a security system that acts as a protective boundary between a network and the outside world. Internet Connection Firewall (ICF) is firewall software that is used to set restrictions on what information is communicated from your home or small office network to and from the Internet to your network.

If your network uses Internet Connection Sharing (ICS) to provide Internet access to multiple computers, ICF should be enabled on the shared Internet connection. However, ICS and ICF can be enabled separately. You should enable ICF on the Internet connection of any computer that is connected directly to the Internet. To check to see if ICF is enabled or to enable the firewall, see Enable or disable Internet Connection Firewall.

ICF also protects a single computer connected to the Internet. If you have a single computer connected to the Internet with a cable modem, a DSL modem, or a dial-up modem, ICF protects your Internet connection. You should not enable ICF on VPN connections because it will interfere with the operation of file sharing and other VPN functions.

How Internet Connection Firewall (ICF) works ?
ICF is considered a "stateful" firewall. A stateful firewall is one that monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles. To prevent unsolicited traffic from the public side of the connection from entering the private side, ICF keeps a table of all communications that have originated from the ICF computer. In the case of a single computer, ICF tracks traffic originated from the computer. When used in conjunction with ICS, ICF tracks all traffic originated from the ICF/ICS computer and all traffic originated from private network computers. All inbound traffic from the Internet is compared against the entries in the table. Inbound Internet traffic is only allowed to reach the computers in your network when there is a matching entry in the table that shows that the communication exchange began from within your computer or private network.

Communications that originate from a source outside ICF computer, such as the Internet, are dropped by the firewall unless an entry in the Services tab is made to allow passage. Rather than sending you notifications about activity, ICF silently discards unsolicited communications, stopping common hacking attempts such as port scanning. Such notifications could be sent frequently enough to become a distraction. Instead, ICF can create a security log to view the activity that is tracked by the firewall.

Services can be configured to allow unsolicited traffic from the Internet to be forwarded by the ICF computer to the private network. For example, if you are hosting an HTTP Web server service, and have enabled the HTTP service on your ICF computer, unsolicited HTTP traffic will be forwarded by the ICF computer to the HTTP Web server. A set of operational information, known as a service definition, is required by ICF to allow the unsolicited Internet traffic to be forwarded to the Web server on your private network. Read More...

Posted by qiendesign at 10:54 PM 0 comments  

Labels:

Creating strong passwords

Computer security includes the use of strong passwords for your network logon and the Administrator account on your computer.

For a password to be strong, it should:

  1. Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are seven or 14 characters long.
    Contain characters from each of the following three groups:
    • Letters (uppercase and lowercase)Examples : A, B, C... (and a, b, c...)
    • Numerals Examples : 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    • Symbols (all characters not defined as letters or numerals) Examples : ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /

  2. Have at least one symbol character in the second through sixth positions.
  3. Be significantly different from prior passwords.
  4. Not contain your name or user name.
  5. Not be a common word or name.


Passwords can be the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful than ever. Network passwords that once took weeks to crack can now be cracked in hours.

Password cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation that tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password.

Windows passwords can be up to 127 characters long. However, if you are using Windows XP on a network that also has computers using Windows 95 or Windows 98, consider using passwords not longer than 14 characters. Windows 95 and Windows 98 support passwords of up to 14 characters. If your password is longer, you may not be able to log on to your network from those computers. Read More...

Posted by qiendesign at 10:27 PM 0 comments  

Labels:

Secure Your Computer

If you want to protect data on your computer, you should secure individual files and folders and take steps to secure the physical computer itself. If the computer contains sensitive information, keep it in a safe location.

Other ways to secure your computer include locking it whenever you are away from your desk and setting up a password-protected screen saver. By pressing CTRL+ALT+DEL and clicking Lock Computer, you can prevent unauthorized users from gaining access to your computer. Only you and members of the Administrators group on your computer can unlock it. (You unlock it by pressing CTRL+ALT+DEL, typing your password, and then clicking OK.) You can also set up a screen saver so that whenever the computer is idle for more than a specified length of time, the screen saver starts and the computer automatically locks. Read More...

Posted by qiendesign at 10:18 PM 0 comments  

Labels:

Virtual Private Network (VPN) Connections

With the Point-to-Point Tunneling Protocol (PPTP)or Layer Two Tunneling Protocol (L2TP), which are automatically installed on your computer, you can securely access resources on a network by connecting to a remote access server through the Internet or other network. The use of both private and public networks to create a network connection is called a virtual private network (VPN). The following list describes the advantages of using VPN connections.

Cost advantages
The Internet is used as a connection instead of a long distance telephone number or 1-800 service. Because an ISP maintains communications hardware such as modems and ISDN adapters, your network requires less hardware to purchase and manage.

Outsourcing dial-up networks
You can make a local call to the telephone company or Internet service provider (ISP), which then connects you to a remote access server and your corporate network. It is the telephone company or ISP that manages the modems and telephone lines required for dial-up access. Because the ISP supports complex communications hardware configurations, a network administrator is free to centrally manage user accounts at the remote access server.

Enhanced security
The connection over the Internet is encrypted and secure. New authentication and encryption protocols are enforced by the remote access server. Sensitive data is hidden from Internet users, but made securely accessible to appropriate users through a VPN.

Network protocol support
Because the most common network protocols (including TCP/IP and IPX) are supported, you can remotely run any application dependent upon these particular network protocols. The IPX/SPX protocol is not available on Windows XP 64-Bit Edition.

IP address security
Because the VPN is encrypted, the addresses you specify are protected, and the Internet only sees the external IP address. For organizations with nonconforming internal IP addresses, the repercussions of this are substantial, as no administrative costs are associated with having to change IP addresses for remote access via the Internet.


There are two ways to create a VPN connection: By dialing an ISP, or by connecting directly to the Internet, as shown in the following examples.



In the first example, the VPN connection first makes a call to an ISP. After the connection is established, the connection then makes another call to the remote access server that establishes the PPTP or L2TP tunnel. After authentication, you can access the corporate network, as shown in the following illustration.



In the second example, a user who is already connected to the Internet uses a VPN connection to dial the number for the remote access server. Examples of this type of user include a person whose computer is connected to a local area network, a cable modem user, or a subscriber of a service such as ADSL, where IP connectivity is established immediately after the user's computer is turned on. The PPTP or L2TP driver makes a tunnel through the Internet and connects to the PPTP-enabled or L2TP-enabled remote access server. After authentication, the user can access the corporate network, achieving the same functionality as the preceding example. Read More...

Posted by qiendesign at 9:42 PM 0 comments  

Labels:

Monday, April 27, 2009

Types of Attacking

These are some types of attacking:

Scanning.

Scanning is the method how to get information as much as possible from IP / Network of the victim. Usually "scanning" automatically remember running "scanning" in the "multiple-host" very time consuming. "Hackers" often gather information from the results "scanning" this. By collecting the information necessary so "hackers" can be set up to do the attack. Nmap is a network scanner that is used by many professionals in the field of network security, although there is a special tool made for the purpose of hacking, but not yet can overcome the popularity nmap.

Nessus is also a network scanner, but it also will report if there is a chink security on the target diperiksanya. Hackers usually use Nessus to collection information prior to actually launch the attack. Fortunately scanner leave some "trace" a unique system that allows the administrator for the system to know that they are scanning so they can immediately read the latest articles related to the log information.

Password cracking.

Brute-force is a technique where will try to all possible keywords (password) to be able to guess to be able to access into a system. Disassemble keywords with this technique is very slow, but efficient, all keywords can be provided to guess the time available. To reverse "hash" in the keyword that is a thing impossible, but there are some ways to disassemble the keyword although success depends on the level strong from the weak selection of keywords by the user. If someone can take the data "hash" which stores the keyword and how the rather efficient is to be used with method using "dictionary attack" that can be done by John The Ripper utility. There are still several other ways, such as "hash look-up table" but very sequester "resources" and time.

Rootkit.

Rootkit is a tool to remove the impression, when infiltration was done. Rootkit usually include some of the tools used by the system is modified so that can cover the trail. For example, modify the "PS" at the unix or linux so it can not be see the background process that runs Read More...

Posted by qiendesign at 10:58 PM 0 comments  

Labels:

Hacking: Hackers and Victims

Hacker categorized into several different categories depending on the type of their activities. Most hackers are the "script-kiddies" who exploit or use the usual program available on the Internet to reinforce their action. If their goal is to commercial interests or the interests of the military, so the betting be higher and usually they will choose their victims carefully.

Reason behind hacking own manifold. Script kiddies usually do "scanning" some IP blocks to search for possible host of "Vulnerable" (can be attacked) and try to exploit some of the daemons that are found. One hacker group usually try the program or script that they develop to see if the results of their work success. But somehow, someone can become a "black-hat" or "white-hat" depends on the philosophy, values and ethical motivations of their own.

"White-hat" means that if a "hacker" was successful in business and as a successful example into a system that is not her responsibility, then he will notify to the system administrator about the security there is a chink in the system and how to close the rift and how security is to strengthen the host (host hardening). Basically, the goal is to research. "White-hat" is usually the "security professional" and hired to do the "system penetration" or provide network security consultancy.

"Black-hat" is a person who is called "white-hat" as a "cracker" (breaker). Purpose
the "cracker" is not always good, they usually enter into a system to steal information or prepare the system to conduct attacks against another system, "DDoS" as an example. "Black-hat" usually leaves a backdoor on the system successfully infiltrated.

There is also a type of "gray-hat" or the person who does not destroy but often infiltrate into the another system without the system administrator to notify the system when there is a chink security, they are not too harmful but also the type who does not want too. Read More...

Posted by qiendesign at 10:43 PM 0 comments  

Labels:

what is computer network security?

Own computer network security is often seen as the result of several factors. This Factor varies depending on the material basis, but normally at least some of the things below included:

  • Confidentiality
    There are several types of information that is available in a computer network. Each data certainly have different user groups that are different and the data can be grouped so that some restrictions to the use of data must be determined. In general, the data that there is within a company are confidential and may not be known by third parties with the aim to protect confidential company and the company's strategy. Backdoor, for example, violates the because of company policy that does not provide access into the desired network computer companies.

    Confidentiality can be improved and in some cases data encryption or using a VPN. Access control is a commonly used to restrict access into a computer network. An easy way but to be able to restrict access is to using a combination of a username-and-password for the user and the Authentication provide access to the user (users) that have been identified. Some work in the environment computer network security, this is separated and discussed in the context of Authentication.

  • Integrity
    Computer network that can also be relied upon based on the fact that the available data what should have been. Computer network would not want to be protected from attack that can change in the port of transmits. Man-in-the-Middle is the type of attacks that could alter the integrity of the data which attacker can pirate "session" or manipulate the data sent. In a computer network is secure, the participants of a "transaction" data must be sure that people involved in the communication data can be reliable and trustworthy. Security from a data communication is needed on a level that is not data change during the process of sending and receiving of communication data at the time. This need not always
    means that the "traffic" in need encryption, but also not closed the possibility of "Man-in-the-Middle "can occur.

  • Availability
    The availability of data or services can be easily monitored by the user from a service. Where is the unavailability of a service can be a hindrance to go for a company and can even impact worse, namely termination production process. So that for all network activity, the availability of data is very important to a system that can continue to run correctly.

Classical security is not important enough to include all aspects of computer network security at the time now. These things can be combined in some cases by more
important that you can create a computer network security can be improved with more
the case under this include:
  • Non-repudiation
  • Authenticity
  • Possession
  • Utility

Non-repudiation.
Every action is done in a secure system that has been monitored (logged), this is means the use of tools to undertake the system working should. "Log" also can not be separated from the security "system" that is the case an infiltration or attack others will help the process of investigation. "Log" and record time, for example, an important part of the evidence in court if caught and cracker brought to justice. For this reason the "non-repudiation" regarded as an important factor in the competence security network.

Authenticity
This aspects associated with method to declare that the information truly authentic, the person who provides information or access is exactly the person is, or contact the server that we are truly the original server. Read More...

Posted by qiendesign at 9:54 PM 0 comments  

Labels:

Subscribe to: Posts (Atom)