Techization

Securing wireless networks has been a headache for broadband users for years now.  I wanted to write a short blog on how the average home user or small business can secure their wireless network and keep moochers and even more malicious users at bay.

Your Not Secure Out Of The Gate

Most users think just having a router is an automatic shield after listening to various media stories praise routers for their firewall abilities.  This is not the case.  Most routers you purchase at your local electronics store (Best Buy, Wal-Mart etc.) is not secure when you first plug it in. Routers are normally pre-configured to be open wireless access points.  This means anyone within its range will be able to use your connection, no questions asked.  This is done to make setup easy and compatible with most operating systems.  The only problem is it leaves your network open to attack.

The very first thing you’ll want to is login to your router’s administration panel.  This is done by typing in a 192.168.x.x address into your browsers address bar.  The actual number varies by router manufacturer, look in your user guide or online to find the local IP address for your router.  Linksys for example is 192.168.1.1.  The manufacturer sets very easy non-secure passwords.  These are easily found online as well as in your user guide and if left unchanged will make your network exceptionally vulnerable.  You’ll want to change the password to your router right away.  Make sure it is a secure password of at least six characters and preferably with upper and lowercase letters and numbers.

Bad Advice From GeekSquad

Local sales associates at places like Best Buy are often clueless on network security and sometimes offer up misleading advice.  Here are some steps that aren’t harmful, but mostly just a waste of time because they don’t secure your network.

• Turning off your SSID broadcast. - The SSID (Service Set Identifier) is an identifier broadcast by a wireless router.  You might know this as your network name.  Most routers default SSID broadcast is the manufacturers name (linksys, netgear etc.)  Turning this off does nothing to protect your network.  With the proper software, a malicious user could easily spot your networks presence even with the SSID off.  It is a false sense of security.   Changing the network name won’t make you more secure either, though I would recommend doing it.  Just make sure you SSID isn’t identifiable making it easy for outside users to know where the network is located (i.e. last name, home address are all no no’s)
• Turning DHCP Off - This in theory is a good idea but really doesn’t make you more secure.  It is easy to detect the method in which ip addresses are being assigned and make a request matching that method.
• Filtering MAC Addresses – Filtering MAC addresses is a good practice to get into, but for most households and businesses it causes more headache than what it’s worth.  For homes with many devices on the network like game systems, multiple computers and cell phones, filtering MAC addresses simply isn’t practical.  That being said, a malicious user with easily attainable monitoring software can replicate a MAC address and still penetrate your network.  This method has some value for keeping the average user off the network but will crumble with ease against advanced computer users.

What You Should Do

The easiest thing you can do to secure your network is protect your wireless access point with encryption.  There are two different kinds of encryption you can use.  One is known as Wired Equivalent Privacy or WEP. This encryption is better than nothing but it does have a huge problem.

Beginning in 2001, several serious weaknesses were identified by cryptanalysts with the result that today a WEP connection can be cracked with readily available software found online within minutes. — Source:  Wikipedia

WEP can be easily cracked within minutes therefore it should not be your first choice, though it is better than having no encryption at all.  It will keep your pesky neighbors with no computer skills from using your bandwidth, but even the most novice 13 year-old could brute force their way into your network.  You want something with a little more ‘umph’.

You will want to use Wifi Protected Access, otherwise known as WPA,  for your wireless encryption.  WPA was designed after flaws were discovered in WEP that led to its demise.  Recently, researchers have found a way to crack WPA-TKIP connections, though it is still tougher than cracking WEP.  Since this has happened, you’ll want to make sure your using WPA-AES encryption to remain secure.  AES stands for Advanced Encryption Standard and the encryption contains three block ciphers.  It has been adopted by the U.S. government as their standard for encrypting sensitive networks and has yet to be cracked.

WPA2 is an even newer advance in WiFi network security.  If you have an older router or a computer older than 3 years old you may have compatibility issues.  For less headaches and still secure network, stick with WPA-AES unless you have all ‘newer’ hardware.

Conclusion

The simplest thing you can do to protect your wireless network is still encrypting it.  There is no need to cause yourself more trouble by turning off DHCP or hiding the SSID identifier. It will only give you headaches and nightmares down the road.  Most need for securing your WiFi comes from nosey neighbors or passer-by’s looking to score free Internet.  They don’t want to steal your credit card info or read your e-mails bur just score free interwebs. However, there are individuals who go around looking for easy targets to steal sensitive information from.

A 20 year-old Chicago hacker by the name Marcel Carter was arrested for hacking into the Chicago Transit Authority’s radio system repeatedly for more than a year.  Don’t get overly scared by mainstream media’s portrayl of this kid as a dangerous genius who spent hours nightly hacking into CTA ’super-servers’.

Carter either stole or found a CTA two-way radio that was already pre-programmed with the frequencies and codes that allowed him to harass transit employees for over a year.  This scenario however is much easier than you may want to imagine.

Many two-way radio systems in this country are built on old legacy technologies.  The security that is imposed on these radio systems is so easy to break a half skilled 14 year-old could execute the act of jamming the system.  Many of the systems in use today are still analog and use what’s known as CTCSS PL tones to keep unwanted jammers and others off the system.  The problem with this is PL (Private Line) tone systems is that they were not designed to keep systems secure.  PL tones rather lessen interference on large radio towers that are home to the high-powered radio systems.  With all that RF in such a small area, interference is commonplace.  PL Tones are a pre-defined set of tones that are encoded with a RF transmission to allow access to a repeater (radio system).  PL tone lists are by no means secret, there are only 42 CTCSS PL tones.  Today’s radio equipment can easily scan a transmission and find what PL tone is being used on that system in less than 60 seconds.  Once the PL tone is found on the system output frequency (the one you listen to). it’s just a matter finding the input frequency which again takes merely minutes to an hour at most.  Most of these radio system inputs & outputs are publicized on the Internet on scanner enthusiast websites.

The equipment needed to transmit on public safety frequencies or ones used by the CTA is relatively inexpensive and very easy to obtain.  Have $300-$400 burning  a hole in your pocket?  You could purchase perfectly legal amateur radio transceivers and do a simple modification or surf eBay for the proper equipment.  Either way you do it, it is very easy and quite cheap.

Once the radio system can be accessed, a person could begin to jam the frequencies hindering communications in an emergency and even impersonate public safety officers or dispatchers.

So why doesn’t jamming happen more often?  Well it does happen more than you think.  The city which I grew up in (Wausau, WI) is in the largest county in the state.  The radio systems here are large and span a very wide area.  Jamming is a nuisance that is a monthly problem for public safety dispatchers.  It is nearly 100% impossible to trace as long as the jammer/hacker isn’t stupid in his methods.  The main tool for tracing radio signals is often triangulation whether it’s from radio towers around the county to actually putting radio techs in the field moving around and honing in on the signal being transmitted from the jammer.

Police and fire systems are easy to break into and interfere with.  Most people don’t do it because it could endanger lives and would bring the attention of law enforcement quite quickly.  The story of Marcel Carter should be a wake-up call to our government.  It is time to drop old legacy analog systems and upgrade this countries network infrastructure.   The new digital systems aren’t 110% unbreakable but are incredibly tougher to get into.  A jammer/hacker would really really want to get in for a malicious reason to spend the time and money on equipment needed.  The Obama administration has dedicated billions of dollars to upgrading network infrastructure and I hope it is put to good use wiping out these old systems and old problems like Marcel can cause.

With all the violence and government censorship taking place in Iran, international journalists from the United States and elsewhere are having lots of trouble.  Iran doesn’t want any information getting to the outside world about the extent of the revolution and violence taking place. 

“Following a massive opposition rally Monday, authorities restricted journalists — including Iranians working for foreign media — from reporting on the streets. They could effectively only work from their offices, conducting telephone interviews and monitoring official sources such as state TV.” – Associated Free Press

Some journalists having been forced to leave because the Iranian government would not renew their Visa which they received to cover the election. 

Iran has also begun censoring communication online as well.  They are throttling bandwidth within their country and blocking popular communication platforms like Facebook, Twitter, Flickr and YouTube to name a few.   All of these efforts by Iran to censor information have been rather futile.  Social media and tech savvy geeks in Iran and around the world have shown that trying to completely shut down communication is tough to do.  The only way to really crush communication would be to pull the plug on critical network infrastructure and backbones, however that would leave government entities out of luck as well.  Corporate media who cannot have large six-figure cameras on the street have turned to citizen journalist tools to tell the story from the front lines. 

I watched a reporter on CNN who was walking near a rally in which Iranians were being beaten record his story on a cell phone while walking down the street, he nervously looked around while talking knowing at any time they could become a target of Iranian police.  Truthfully, this could have been anyone using a simple cell phone to record a video describing what they were witnessing.  The only difference being this reporter had the backing of a major news network.  The Iranian election has shown that you don’t need that support to get your message out to thousands.

Pictures (like this) spread on TwitPic(a website for sharing photos on Twitter) of a rally with an estimated 100,000 protesters collected over 60,000 views in less than 24 hours.  This YouTube video shows unarmed Iranian’s being shot at by Basiji forces in the streets of Tehran. These are the kind of images Iran wants to keep under wraps as they try and down play the size of protests.   Iran has now stated as of Wednesday evening that those who engage in ‘incitement’ by using Twitter and other blocked websites to communicate to other countries could face execution.  Yes, I said execution.

Iran will continue to try and keep things up wraps, but tech geeks world wide who are aiding and embedding Iranian protesters in online ‘bunkers’ by offering proxies and encrypted VPN’s will continue to prevail.  The real question is where is all this heading?  #IranElection continues to stay atop Twitter trends though trends showing it may be leveling off with 27,000 tweets using the #IranElection hashtag on June 15th, 2009 and just 19,000 tweets on June 17th.

It is not often I get a real good laugh at something I read on the Internet.  The following list is an exception however.  This information was posted on a site called Adequacy.org, proclaiming itself as ‘news for grown-ups’.  Did you ever want a surefire guide to tell if your son was a ‘l337 hax0r’?  Well this is not it by any means.

2. Has your son asked you to change ISPs?

Most American families use trusted and responsible Internet Service Providers, such as AOL. These providers have a strict “No Hacking” policy, and take careful measures to ensure that your Internet experience is enjoyable, educational and above all legal. If your child is becoming a hacker, one of his first steps will be to request a change to a more hacker friendly provider.

I would advise all parents to refuse this request. One of the reasons your son is interested in switching providers is to get away from AOL’s child safety filter. This filter is vital to any parent who wants his son to enjoy the internet without the endangering him through exposure to “adult” content. It is best to stick with the protection AOL provides, rather than using a home-based solution. If your son is becoming a hacker, he will be able to circumvent any home-based measures with surprising ease, using information gleaned from various hacker sites.

We all know so many Internet users choose AOL right?  I would have really loved a definition of what a hacker friendly ISP is as well.  According to this guide that your son or daughter could easily circumvent home-based protection and filtering, it’s best to stick with AOL for their filtering.  This is a joke right? (Sadly, no)

2.  Are you finding programs on your computer that you don’t remember installing?

Your son will probably try to install some hacker software. He may attempt to conceal the presence of the software in some way, but you can usually find any new programs by reading through the programs listed under “Install/Remove Programs” in your control panel. Popular hacker software includes “Comet Cursor”, “Bonzi Buddy” and “Flash”.

The best option is to confront your son with the evidence, and force him to remove the offending programs. He will probably try to install the software again, but you will be able to tell that this is happening, if your machine offers to “download” one of the hacker applications. If this happens, it is time to give your son a stern talking to, and possibly consider punishing him with a grounding.

I didn’t know Adobe Flash was a ‘hax0r’ application.  I guess I’m getting too old!  But don’t forget about that grounding.

3.  Has your son radically changed his appearance?

If your son has undergone a sudden change in his style of dress, you may have a hacker on your hands. Hackers tend to dress in bright, day-glo colors. They may wear baggy pants, bright colored shirts and spiky hair dyed in bright colors to match their clothes. They may take to carrying “glow-sticks” and some wear pacifiers around their necks. (I have no idea why they do this) There are many such hackers in schools today, and your son may have started to associate with them. If you notice that your son’s group of friends includes people dressed like this, it is time to think about a severe curfew, to protect him from dangerous influences.

If you began restricting this kind of dress code, you could lock up half your child’s school.  Glow sticks might be more indicative of a raver than a hacker, but we likely have the movie ‘Hackers’ to thank for this one.

Content provided by Adequacy.org

This information was written satirically to all the posts you read by parents online asking if their child is a hacker.  Most of these queries by parents are often fueled by 60 Minutes stories or CNN investigations into the ‘underground’ hacker culture of the Internet.  These stories are typically extremely exaggerated.  Oh wait, you disagree with that statement.  60 Minutes story on Conficker a few weeks ago is a perfect example.

“They call their weapons viruses and worms – they’re creepy, crawly toxic software that contaminate our computers without our ever knowing it. You can be infected by simply visiting your favorite Web site, or just by leaving your computer on, overnight while you’re asleep. “  – Lesley Stahl – 60 Minutes-March 29th, 2009

Wow, makes you want to turn your computer off right?

Just know your kids folks, just know your kids.

National security officials have announced the U.S. electricity grid was recently compromised by foreign hackers.  Current and former national security officials stated the spies left behind software that could be used to disrupt the electric grid in the United States. 

Security analyst’s said the attacks stem from Russia and China, both are trying to map our power grid infrastructure and its inner-workings.  Government officials stress no immediate threat can be seen. 

The software the hackers left behind were meant to be stealthy and hidden, ready to be turned on for malicious reasons in time of attack, but was luckily found by U.S. Intelligence and Security agencies. 

The Kansas City Star is reporting that In 1997, Kansas City Power & Light saw about 10,000 such “events” each month. Now it’s 10 to 20 every second.

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”

Officials said water, sewage and other infrastructure systems also were at risk.

“Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair recently told lawmakers. “A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure.”

A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Security experts from the U.S. government have stated the attacks are so sophisticated, they are likely perpetrated by China and Russia. 

Conficker, Ghost spy network, PowerPoint attacks and now the U.S. electricity grid.  Are these breaches overblown media stories meant to instill fear and pump sales of security software?  It seems like there are more and more stories about the latest worm or breach of security of epic proportions.

I believe there is definitely a risk of any box that is connected to the Internet, no matter how many software or hardware defenses you have on it.  Nothing is perfect, no security unreachable.  If we have learned anything from Kevin Mitnick, it’s that the hardware is not the weakest link.  The weakest link of any network is almost always the users who manage it orhave access to it.  Social engineering is a real threat and the only defense against it is training every single person who has access to your secured network.  I wish more details were available on how these networks were penetrated, but we will likely never know. 

Even with all the training in the world, no one is perfect.  All the security in the world, none of which is perfect.  Therefore, any network is not 100% secure.

The Conficker worm has been getting lots of press lately, otherwise known as ‘Downadup’.  It has been one of the largest most publicized infections since the Melissa virus.  Security experts can’t seem to agree on the motive for the malware and what it is capable of.  There is one thing they can agree on, something will happen on April 1st, 2009.  Security expert engineers who have been examining the worm think the worm will connect to hosts looking for an updated variant that will bury itself even deeper into infected machines.  

Up to this point, Conficker has been focusing on multiplying and spreading while blocking access to anti-virus and spyware applications that could repair the infection.  

On April 1st, your not going to see any fireworks online.  Government websites won’t crash and your computer will not choke up a BSOD on you.  Why?

•  Hackers who create this kind of malware don’t want you to know your infected.  They want to idle in the background and use your system and its resources without you knowing for their own gain like forwarding spam, Ddos attacks and other malicious activity
• Though they have been getting great press, they don’t want it and won’t let it ‘all hang out’ on April Fools day

Tools For Removal  

• McAfee Stinger
• ESet EConfickerRemover
• Symantec W32.Downadup Removal Tool
• F-Secure F-Downadup, FSMRT, more tools
• BitDefender single PC and network removal tools
• Kaspersky KKiller
• Trend Micro

Researchers from two major universities have uncovered what they believe is a worldwide cyber spy ring proliferated by the Chinese government.  Researchers from the University of Toronto found that very complex and powerful rootkit malware was installed on machines worldwide from embassies, international organizations and other government officials.

The Christian Science Monitor is reporting…

Thirty percent of the targeted computers could be considered “high-value” targets. No US government computers were compromised; however, the cyber spies broke into a NATO computer for half a day.

Researchers were called in to investigate by the Dalai Lama when it was believed that Tibetan e-mail communications were being intercepted.  What was initially a very focused investigation quickly blew up into a major worldwide discovery.

It is important to report, because all evidence points towards China, doesn’t mean it is orchestrated by them.   Dan Colarusso writes, “The investigation, which doesn’t point at the Chinese government specifically.”

“This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.” said Ronald J. Deibert, a member of the research group and an associate professor of political science at the University of Toronto.

Don’t get worried about a ‘mega-uber-dooper secret un-stoppable malware infection’.  This isn’t a complex attack by any means.  It is social engineering at its best.  Social engineering was made famous by hacker Kevin Mitnick.

Forensics by Deibert and his team found that the attack originally started on a message board.  A monk had been engaging in a normal conversation where a hacker targeted him based on his e-mail address domain.  A hacker sent him an infected PDF and Word document to start the attack.  The hacker then began intercepting his communications and began targeting upper echelon targets on his e-mail contact list.  His attack continued scaling up until major ‘high value’ targets were infected.

It is true that your network is only secure as your weakest link, and no your router or OS is not your weakest link.  Your weakest link is likely the people who have access to the network already and divulge information much too easily.  It is still important to defend from random attacks simply based on holes and vulnerabilities, but just as important if not more to educate users of your network on good practices to stop social engineering attacks.