| |
| |
|
Security Information |
|
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking
Airport Menace: The Wireless Peeping Tom It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior. The Dangers Of Ad-Hoc Wireless Networking Links However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of. A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas. I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes. To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack! After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often. Who Else Has Your Client List The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less. Strength And Posture Does Reduce Your Risks When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether. Conclusion 1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system; 2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful; 3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network; 4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site. Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it? About The Author
MORE RESOURCES: Unable to open RSS Feed $XMLfilename with error HTTP ERROR: 404, exiting |
|
|
|
RELATED ARTICLES
Top 10 tips for Safe Internet Shopping Over £5 billion pounds was spent on online shopping in 2004. The Internet was the fastest growing retail sector last year, attracting one in four shoppers. Are You Surfing Safe? Ok, you've got a computer, and you get online. You surf your favorite sites, Sports, Shopping, Cowchip Tossing Blogs, and so on. Phishing-Based Scams: A Couple of New Ones Phishing in its "classic" variant is relatively well-known. Actually, 43. Online Shopping: 10 Tips For Safe Online Shopping Have you ever bought a product or service from the internet?Yes? Me too. You're not alone?Some of the reasons why most people are shopping online are: they can buy anything at anytime because Internet shopping is available 24 hours, all the time. Viruses and Worms: The Problems and Their Solutions History and BackgroundThe virus was one of the first ever threats to computer security. It brought a whole new fear upon computer users. Avoid Internet Theft, Fraud and Phishing Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Virus and Adware - Fix them Both! We all get the odd virus now and then, but sometimes that one virus could cause so many problems. In this article I shall be going though just some of the problems that these virus software programs can do, and how to fix them. Online Shoppers, Beware of a New Scam Beware of a New Scam Aimed at Bargain-HuntersTrying to buy something cheap is absolutely natural--and online crooks set traps for unwitting bargain-hunters. On April 6 Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. Protecting Your Children On The Internet If you are a parent, as am I, I think we can agree there is little else more important than keeping our children safe and protected. It's difficult enough keeping them safe from the unscrupulous people we read about in the news, but dealing with children and the Internet takes it to a completely new level. Its War I Tell You! There are ways to insure security though. You can get the Windows Update CD from Microsoft and install that before you get online, You can also get most Antivirus Definitions downloaded and save them to disk, then install those before you go online, (of course you have to be using that Product in the first place), and you can get Anti-Spyware on a disk and do the same. Identity Theft - Beware of Phishing Attacks! "Dear Bank of the West customer", the message begins. I've just received an e-mail message, purportedly from the security department at the Bank of the West. Backup and Save your business! There you are busily typing away on your PC or yourLaptop, and all of a sudden the strangest thing happens.The screen goes black, extinquished like a candle in thewind. New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue In 1997, I decided after 15 years as a practicing CPA that it was time to put down my pencil and explore a new venture on the exciting new internet which, while perhaps not exactly in its infancy at that point, was still at least a pimply faced teenaged medium still unexplored by most accountants.I founded CPAsites. Phishing, Fraudulent, and Malicious Websites Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. Dont Allow Hackers to Take Out Money from Your Bank Account If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'. Dialing Up a Scam: Avoiding the Auto-Dialer Virus For many, the daily walk to the mailbox evokes mixed feelings: The glee that your favorite monthly magazine - or a friend's hand-written letter (quite a surprise in the e-mail age) may be waiting is countered by anxiety of how many bills the postman left you.Now, imagine coming across your phone bill, thicker and heavier than normal. Personal Firewalls for Home Users What is a Firewall?The term "firewall" illustrates a system that protects a network and the machines on them from various types of attack. Firewalls are geared towards keeping the server up all the time and protecting the entire network. Internet Identity Theft - How You Can Shield Yourself With the advent of the World Wide Web, a whole new breed of criminals have surfaced, posing threats to more than just our material assets, but also to our very identities. Although there are a number of effective methods for protecting yourself from internet identity theft, not everyone takes the necessary steps to initiate such a plan. Social Engineering - The Real E-Terrorism? One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. A Personal Experience with Identity Theft Some months ago, before there was much publicity regarding phishing and identity theft, I became a victim.My first inkling that I'd been scammed came from a telephone call from my bank asking if I had been to Italy or Roumania.
|
| home | site map | contact us |