The whole aspect of security of wireless networks has become very important ever since terror e-mails were sent to media by alleged terrorists. Terrorists used unsecured wireless networks to hack into an individual's Wi-Fi network and sent e-mails just before bombs went off in Ahmedabad and New Delhi.
It is in this environment protecting your unsecured Wi-Fi network becomes very important lest somebody misuses the same.
Here are 10 simple ways in which you can secure your wireless network :
| ||
1. Change default administrator usernames and passwords :
Most routers or access points come enabled with a default set of username / password combinations. These combinations are well documented and available online for hackers to use. If a hacker can access your device's administrative pages they can modify the configuration and control all aspects of your device. These username / password combinations can be changed from the administrative panel and should be set to something difficult to guess. Keep a password which is difficult to guess and not easy to crack. A good password is 8 characters long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers and preferably contains special characters like. | ||
2. Turn on encryption :
All wireless devices support some form of encryption. Encryption technology scrambles messages sent over the air and ensures that they cannot be intercepted by hackers. Several encryption technologies exist for wireless communication today. WPA is the strongest commonly available encryption technology for home devices. While WEP can also be used cracking WEP is just a matter of few minutes. We would advice corporates to go for WPA with EAP Authentication, TKIP / RC4 Encryption or WPA 2 with EAP Authentication, AES-CCMP encryption for better security. | ||
3. Change the default SSID :
Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set for all routers. For example, the SSID for Netgear devices is normally 'NETGEAR'. The default SSID can be changed from the administrative panel and should be set to something unique. | ||
| 4. Enable MAC Address filtering : Each wireless device possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses for all devices that connect to them. Wireless routers offer the option to key in the MAC addresses of your home equipment so as to restrict the network to only allow connections from those devices. It ensures that rogue users cannot connect to the wireless router without using advanced MAC spoofing techniques. | ||
| 5. Disable SSID Broadcast : The wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where wireless clients may roam in and out of range. For the home user, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most wireless access points allow the SSID Broadcast feature to be disabled by the network administrator. Your SSID name can be manually entered into your devices to prevent the need for SSID Broadcasts to be enabled. | ||
6. Do not auto-connect to open wireless networks :
Connecting to an open wireless network such as a free wireless hotspot or your neighbour's router exposes your computer to security risks and attacks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying the user. This setting should not be enabled except in temporary situations. | ||
| 7. Assign static IP addresses to devices : Most home wireless devices use dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead and then configure each connected device to match. Using a private IP address range (like 10.0.0.x) prevents computers from being reached directly from the Internet. | ||
| 8. Enable firewalls on each computer and router : Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router. | ||
| 9. Position the router or access point safely : Wireless signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wireless signals often reach through neighboring houses and into streets. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the centre of the home rather than near windows to minimise leakage. Many routers allow you to reduce the range of your router from the administrative panel to prevent the signal leakage. | ||
| 10. Turn off network during extended periods of non-use : The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods of downtime. http://www.nag.co.in/securitytips.html |
Wednesday 18 July 2012
Securing your wireless network
What’s good password ?
| - Use different passwords for different Web sites. Maintain separate passwords for e-mail, work and other important Web sites and routine web- surfing. - Use difficult-to-guess password by taking the first alphabet from each word of a phrase. What is a good password? It is a password which is at least 8 characters long, not easily guessable, contains mixture of uppercase and lowercase letters as well as numbers, and preferably contains special characters like $, *, %, !, * etc. Some examples of a good password are: &(^.3235*cRack&.^). - Always use alphanumeric passwords with special characters and try to adopt phrasing technique to construct passwords which are easy to remember, hard to guess and impossible to crack. Create a unique acronym. Never use a dictionary based password like guest, home etc. It takes little time for a good cracker to crack the password. |
| Soure link- http://www.nag.co.in/securitytips.html |
Online shopping security
While purchasing online, look for signs that these are secure (SSL secured sites or 128 bit encryption) like shopping.rediff.com. At the point when you are providing your payment information, a golden-coloured lock appears (for SSL secured sites) on the right hand side corner of the browser or the beginning of the Web site address should change from http to https, indicating that the information is being encrypted ie turned into code that can only be read by the seller.
- Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes.
- Carefully use credit-cards and online banking for online shopping. Check your credit card and bank statements at regular intervals. Notify the bank immediately if there are unauthorised charges or debits. Avoid using credit card details and online banking on public computers and in cyber cafes. It is very unsafe because most of them are infected with viruses, trojans and key loggers.
- Some banks have launched their services like Net Safe to create temporary credit cards with a limited value to transact online. Paypal is also a secure way to do the transactions .This way, in the worst case scenario you can minimise the impact.
soure link-http://www.nag.co.in/securitytips.html
- Your browser may also signal that the information is secure with a symbol, such as a broken key that becomes whole or a padlock that closes.
- Carefully use credit-cards and online banking for online shopping. Check your credit card and bank statements at regular intervals. Notify the bank immediately if there are unauthorised charges or debits. Avoid using credit card details and online banking on public computers and in cyber cafes. It is very unsafe because most of them are infected with viruses, trojans and key loggers.
- Some banks have launched their services like Net Safe to create temporary credit cards with a limited value to transact online. Paypal is also a secure way to do the transactions .This way, in the worst case scenario you can minimise the impact.
soure link-http://www.nag.co.in/securitytips.html
How to protect your computer from internet hackers
You do it every day. Log into your computer, send e-mails, open attachments, shop online, transfer money using your bank's secure payment gateway, chat, and upload personal information on social networking and job Web sites. Here's a thought: what if someone was watching everything you were doing?
Just like someone who hacked into Ken Haywood's Wi-Fi connection was and sent threat mail just a few minutes before the first of many bombs went up in Ahmedababd. Given the lax security that users as well as internet service providers have cyber criminals are always on the watch out for vulnerable people whose computers could be at risks.
There's a worryingly large possibility that someone could be keeping a close watch on all your online activities. From any corner of the world, someone could get inside your computer every day, and could have access to one of the most important resources of the information age: Your Personal Data.
Personal Data can be abused to make online purchases, carry out attacks against all those on your contact list and an innumerable list of things that can harm your everyday life. Welcome to the age of hackers (these are people who try to gain access to your computer using various hacking tools and misuse your personal data) and spies lurking on the vast Internet highway.
If that got you worked up, breathe. There are many ways in which you can defend yourself against hackers -- even though when it comes to security, nothing can give you 100 per cent guarantee. A host of new tools and exploits are developed every single day, so updating the knowledgebase to counter them must be a regular process.
source link-http://www.nag.co.in/securitytips.html
Just like someone who hacked into Ken Haywood's Wi-Fi connection was and sent threat mail just a few minutes before the first of many bombs went up in Ahmedababd. Given the lax security that users as well as internet service providers have cyber criminals are always on the watch out for vulnerable people whose computers could be at risks.
There's a worryingly large possibility that someone could be keeping a close watch on all your online activities. From any corner of the world, someone could get inside your computer every day, and could have access to one of the most important resources of the information age: Your Personal Data.
Personal Data can be abused to make online purchases, carry out attacks against all those on your contact list and an innumerable list of things that can harm your everyday life. Welcome to the age of hackers (these are people who try to gain access to your computer using various hacking tools and misuse your personal data) and spies lurking on the vast Internet highway.
If that got you worked up, breathe. There are many ways in which you can defend yourself against hackers -- even though when it comes to security, nothing can give you 100 per cent guarantee. A host of new tools and exploits are developed every single day, so updating the knowledgebase to counter them must be a regular process.
source link-http://www.nag.co.in/securitytips.html
General computer security
Install the latest Antivirus Software on all your computers and never disable them. Popular antivirus softwares include Kaspersky, Bit Defender, Nod32, Antivir, Grisoft AVG and Quickheal. Also install a personal firewall and an anti-spyware solution. Popular firewalls include Antivir, Grisoft AVG, Quickheal, 3Com and Sonicwall.
Update antivirus/ anti-spyware/ firewall at least every 15 days. Carry out a complete system scan with your anti-virus at least once a week, or better, auto-schedule it to run every Friday.
There are a few free online antivirus scanners available at Trend-Micro, Kaspersky and F-Secure.
HSC Guides - Ethical Hacker2
[TCP Flag Types]
Flag Purpose
SYN Synchronize and Initial Sequence Number (ISN)
ACK Acknowledgement of packets received
FIN Final data flag used during the 4-step shutdown of a session
RST Reset bit used to close an abnormal connection
PSH Push data bit used to signal that data in the packet should be pushed to the beginning of the queue. Usually indicates an urgent message.
URG Urgent data bit used to signify that urgent control characters are present in this packet that should have priority.
ACK Acknowledgement of packets received
FIN Final data flag used during the 4-step shutdown of a session
RST Reset bit used to close an abnormal connection
PSH Push data bit used to signal that data in the packet should be pushed to the beginning of the queue. Usually indicates an urgent message.
URG Urgent data bit used to signify that urgent control characters are present in this packet that should have priority.
At the conclusion of communication, TCP terminates the session by using a 4-step shutdown. Those four steps proceed as follows:
1. The client sends the server a packet with the FIN/ACK flags set.
2. The server sends a packet ACK flag set to acknowledge the clients packet.
3. The server then generates another packet with the FIN/ACK flags set to inform the client that it also is ready to conclude the session.
4. The client sends the server a packet with the ACK flag set to conclude the session.
2. The server sends a packet ACK flag set to acknowledge the clients packet.
3. The server then generates another packet with the FIN/ACK flags set to inform the client that it also is ready to conclude the session.
4. The client sends the server a packet with the ACK flag set to conclude the session.
HSC Guides - Ethical Hacker
This article is taken from CEH Ethical Hacker Exam Prep: Understanding Footprinting and Scanning by Michael Gregg]
Footprinting and Scanning is the first basis of hacking. Information gathering has many phases like profiling your target. Whois, ARIN can reveal public information of a domain that can be leveraged further. Traceroute and mail tracking can be used to target specific IP and later for spoofing. Nslookup can reveal specific users and zone transfers can compromise DNS security. Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified.
Without a sound methodology for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most arduous task of trying to determine the security posture of an entity; however, it is one of the most important.
Footprinting must be performed accurately and in a controlled fashion. This is the reconnaissance step before anything is done. Tools like Nmap will be deployed to scan the target and get any available information possible. Information warfare is not without its battle plans or surveillance techniques. In this context, a strategic map used in a battle would be a close analogy to a footprint.
Note that through this course, we use the term 'organization' to represent a target system. This includes discussion pertaining to a single system as well. Footprinting therefore, needs to be carried out precisely and in an organized manner. The information unveiled at various network levels can include details of domain name, network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, access control mechanisms and related lists, phone numbers, contact addresses, authentication mechanisms and system enumeration. This listing may include more information depending on how various security aspects are addressed by the organization.
Subscribe to:
Posts (Atom)